diff --git a/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionFormatter.cs b/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionFormatter.cs index b4e618ae..c267bbab 100644 --- a/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionFormatter.cs +++ b/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionFormatter.cs @@ -6,6 +6,7 @@ using System.Collections.Immutable; using System.ComponentModel; +using System.Globalization; using System.Security.Claims; using System.Text; using System.Text.Encodings.Web; @@ -31,6 +32,8 @@ public sealed class OpenIddictClientDataProtectionFormatter : IOpenIddictClientD // can be reused, well-known properties are manually mapped to their claims equivalents. return principal + .SetClaim(Claims.Private.StateTokenLifetime, GetIntegerProperty(properties, Properties.StateTokenLifetime)) + .SetClaims(Claims.Private.Audience, GetJsonProperty(properties, Properties.Audiences)) .SetClaims(Claims.Private.Presenter, GetJsonProperty(properties, Properties.Presenters)) .SetClaims(Claims.Private.Resource, GetJsonProperty(properties, Properties.Resources)) @@ -38,13 +41,12 @@ public sealed class OpenIddictClientDataProtectionFormatter : IOpenIddictClientD .SetClaim(Claims.Private.HostProperties, GetJsonProperty(properties, Properties.HostProperties)) - .SetClaim(Claims.Private.CodeVerifier, GetProperty(properties, Properties.CodeVerifier)) - .SetClaim(Claims.Private.CreationDate, GetProperty(properties, Properties.Issued)) - .SetClaim(Claims.Private.ExpirationDate, GetProperty(properties, Properties.Expires)) - .SetClaim(Claims.Private.Nonce, GetProperty(properties, Properties.Nonce)) - .SetClaim(Claims.Private.RedirectUri, GetProperty(properties, Properties.OriginalRedirectUri)) - .SetClaim(Claims.Private.StateTokenLifetime, GetProperty(properties, Properties.StateTokenLifetime)) - .SetClaim(Claims.Private.TokenId, GetProperty(properties, Properties.InternalTokenId)); + .SetClaim(Claims.Private.CodeVerifier, GetStringProperty(properties, Properties.CodeVerifier)) + .SetClaim(Claims.Private.CreationDate, GetStringProperty(properties, Properties.Issued)) + .SetClaim(Claims.Private.ExpirationDate, GetStringProperty(properties, Properties.Expires)) + .SetClaim(Claims.Private.Nonce, GetStringProperty(properties, Properties.Nonce)) + .SetClaim(Claims.Private.RedirectUri, GetStringProperty(properties, Properties.OriginalRedirectUri)) + .SetClaim(Claims.Private.TokenId, GetStringProperty(properties, Properties.InternalTokenId)); static (ClaimsPrincipal principal, IReadOnlyDictionary properties) Read(BinaryReader reader) { @@ -159,8 +161,9 @@ public sealed class OpenIddictClientDataProtectionFormatter : IOpenIddictClientD return value; } - static string? GetProperty(IReadOnlyDictionary properties, string name) - => properties.TryGetValue(name, out var value) ? value : null; + static long? GetIntegerProperty(IReadOnlyDictionary properties, string name) + => properties.TryGetValue(name, out var value) && long.TryParse(value, + NumberStyles.Integer, CultureInfo.InvariantCulture, out long result) ? result : null; static JsonElement GetJsonProperty(IReadOnlyDictionary properties, string name) { @@ -172,6 +175,9 @@ public sealed class OpenIddictClientDataProtectionFormatter : IOpenIddictClientD return default; } + + static string? GetStringProperty(IReadOnlyDictionary properties, string name) + => properties.TryGetValue(name, out var value) ? value : null; } public void WriteToken(BinaryWriter writer, ClaimsPrincipal principal) diff --git a/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionFormatter.cs b/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionFormatter.cs index dffa7d12..0505fb7e 100644 --- a/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionFormatter.cs +++ b/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionFormatter.cs @@ -6,6 +6,7 @@ using System.Collections.Immutable; using System.ComponentModel; +using System.Globalization; using System.Security.Claims; using System.Text; using System.Text.Encodings.Web; @@ -31,6 +32,13 @@ public sealed class OpenIddictServerDataProtectionFormatter : IOpenIddictServerD // can be reused, well-known properties are manually mapped to their claims equivalents. return principal + .SetClaim(Claims.Private.AccessTokenLifetime, GetIntegerProperty(properties, Properties.AccessTokenLifetime)) + .SetClaim(Claims.Private.AuthorizationCodeLifetime, GetIntegerProperty(properties, Properties.AuthorizationCodeLifetime)) + .SetClaim(Claims.Private.DeviceCodeLifetime, GetIntegerProperty(properties, Properties.DeviceCodeLifetime)) + .SetClaim(Claims.Private.IdentityTokenLifetime, GetIntegerProperty(properties, Properties.IdentityTokenLifetime)) + .SetClaim(Claims.Private.RefreshTokenLifetime, GetIntegerProperty(properties, Properties.RefreshTokenLifetime)) + .SetClaim(Claims.Private.UserCodeLifetime, GetIntegerProperty(properties, Properties.UserCodeLifetime)) + .SetClaims(Claims.Private.Audience, GetJsonProperty(properties, Properties.Audiences)) .SetClaims(Claims.Private.Presenter, GetJsonProperty(properties, Properties.Presenters)) .SetClaims(Claims.Private.Resource, GetJsonProperty(properties, Properties.Resources)) @@ -38,21 +46,15 @@ public sealed class OpenIddictServerDataProtectionFormatter : IOpenIddictServerD .SetClaim(Claims.Private.HostProperties, GetJsonProperty(properties, Properties.HostProperties)) - .SetClaim(Claims.Private.AccessTokenLifetime, GetProperty(properties, Properties.AccessTokenLifetime)) - .SetClaim(Claims.Private.AuthorizationCodeLifetime, GetProperty(properties, Properties.AuthorizationCodeLifetime)) - .SetClaim(Claims.Private.AuthorizationId, GetProperty(properties, Properties.InternalAuthorizationId)) - .SetClaim(Claims.Private.CodeChallenge, GetProperty(properties, Properties.CodeChallenge)) - .SetClaim(Claims.Private.CodeChallengeMethod, GetProperty(properties, Properties.CodeChallengeMethod)) - .SetClaim(Claims.Private.CreationDate, GetProperty(properties, Properties.Issued)) - .SetClaim(Claims.Private.DeviceCodeId, GetProperty(properties, Properties.DeviceCodeId)) - .SetClaim(Claims.Private.DeviceCodeLifetime, GetProperty(properties, Properties.DeviceCodeLifetime)) - .SetClaim(Claims.Private.IdentityTokenLifetime, GetProperty(properties, Properties.IdentityTokenLifetime)) - .SetClaim(Claims.Private.ExpirationDate, GetProperty(properties, Properties.Expires)) - .SetClaim(Claims.Private.Nonce, GetProperty(properties, Properties.Nonce)) - .SetClaim(Claims.Private.RedirectUri, GetProperty(properties, Properties.OriginalRedirectUri)) - .SetClaim(Claims.Private.RefreshTokenLifetime, GetProperty(properties, Properties.RefreshTokenLifetime)) - .SetClaim(Claims.Private.TokenId, GetProperty(properties, Properties.InternalTokenId)) - .SetClaim(Claims.Private.UserCodeLifetime, GetProperty(properties, Properties.UserCodeLifetime)); + .SetClaim(Claims.Private.AuthorizationId, GetStringProperty(properties, Properties.InternalAuthorizationId)) + .SetClaim(Claims.Private.CodeChallenge, GetStringProperty(properties, Properties.CodeChallenge)) + .SetClaim(Claims.Private.CodeChallengeMethod, GetStringProperty(properties, Properties.CodeChallengeMethod)) + .SetClaim(Claims.Private.CreationDate, GetStringProperty(properties, Properties.Issued)) + .SetClaim(Claims.Private.DeviceCodeId, GetStringProperty(properties, Properties.DeviceCodeId)) + .SetClaim(Claims.Private.ExpirationDate, GetStringProperty(properties, Properties.Expires)) + .SetClaim(Claims.Private.Nonce, GetStringProperty(properties, Properties.Nonce)) + .SetClaim(Claims.Private.RedirectUri, GetStringProperty(properties, Properties.OriginalRedirectUri)) + .SetClaim(Claims.Private.TokenId, GetStringProperty(properties, Properties.InternalTokenId)); static (ClaimsPrincipal principal, IReadOnlyDictionary properties) Read(BinaryReader reader) { @@ -167,8 +169,9 @@ public sealed class OpenIddictServerDataProtectionFormatter : IOpenIddictServerD return value; } - static string? GetProperty(IReadOnlyDictionary properties, string name) - => properties.TryGetValue(name, out var value) ? value : null; + static long? GetIntegerProperty(IReadOnlyDictionary properties, string name) + => properties.TryGetValue(name, out var value) && long.TryParse(value, + NumberStyles.Integer, CultureInfo.InvariantCulture, out long result) ? result : null; static JsonElement GetJsonProperty(IReadOnlyDictionary properties, string name) { @@ -180,6 +183,9 @@ public sealed class OpenIddictServerDataProtectionFormatter : IOpenIddictServerD return default; } + + static string? GetStringProperty(IReadOnlyDictionary properties, string name) + => properties.TryGetValue(name, out var value) ? value : null; } public void WriteToken(BinaryWriter writer, ClaimsPrincipal principal) diff --git a/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionFormatter.cs b/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionFormatter.cs index be6974e7..2a24d29b 100644 --- a/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionFormatter.cs +++ b/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionFormatter.cs @@ -35,21 +35,10 @@ public sealed class OpenIddictValidationDataProtectionFormatter : IOpenIddictVal .SetClaim(Claims.Private.HostProperties, GetJsonProperty(properties, Properties.HostProperties)) - .SetClaim(Claims.Private.AccessTokenLifetime, GetProperty(properties, Properties.AccessTokenLifetime)) - .SetClaim(Claims.Private.AuthorizationCodeLifetime, GetProperty(properties, Properties.AuthorizationCodeLifetime)) - .SetClaim(Claims.Private.AuthorizationId, GetProperty(properties, Properties.InternalAuthorizationId)) - .SetClaim(Claims.Private.CodeChallenge, GetProperty(properties, Properties.CodeChallenge)) - .SetClaim(Claims.Private.CodeChallengeMethod, GetProperty(properties, Properties.CodeChallengeMethod)) - .SetClaim(Claims.Private.CreationDate, GetProperty(properties, Properties.Issued)) - .SetClaim(Claims.Private.DeviceCodeId, GetProperty(properties, Properties.DeviceCodeId)) - .SetClaim(Claims.Private.DeviceCodeLifetime, GetProperty(properties, Properties.DeviceCodeLifetime)) - .SetClaim(Claims.Private.IdentityTokenLifetime, GetProperty(properties, Properties.IdentityTokenLifetime)) - .SetClaim(Claims.Private.ExpirationDate, GetProperty(properties, Properties.Expires)) - .SetClaim(Claims.Private.Nonce, GetProperty(properties, Properties.Nonce)) - .SetClaim(Claims.Private.RedirectUri, GetProperty(properties, Properties.OriginalRedirectUri)) - .SetClaim(Claims.Private.RefreshTokenLifetime, GetProperty(properties, Properties.RefreshTokenLifetime)) - .SetClaim(Claims.Private.TokenId, GetProperty(properties, Properties.InternalTokenId)) - .SetClaim(Claims.Private.UserCodeLifetime, GetProperty(properties, Properties.UserCodeLifetime)); + .SetClaim(Claims.Private.AuthorizationId, GetStringProperty(properties, Properties.InternalAuthorizationId)) + .SetClaim(Claims.Private.CreationDate, GetStringProperty(properties, Properties.Issued)) + .SetClaim(Claims.Private.ExpirationDate, GetStringProperty(properties, Properties.Expires)) + .SetClaim(Claims.Private.TokenId, GetStringProperty(properties, Properties.InternalTokenId)); static (ClaimsPrincipal principal, IReadOnlyDictionary properties) Read(BinaryReader reader) { @@ -164,9 +153,6 @@ public sealed class OpenIddictValidationDataProtectionFormatter : IOpenIddictVal return value; } - static string? GetProperty(IReadOnlyDictionary properties, string name) - => properties.TryGetValue(name, out var value) ? value : null; - static JsonElement GetJsonProperty(IReadOnlyDictionary properties, string name) { if (properties.TryGetValue(name, out var value)) @@ -177,5 +163,8 @@ public sealed class OpenIddictValidationDataProtectionFormatter : IOpenIddictVal return default; } + + static string? GetStringProperty(IReadOnlyDictionary properties, string name) + => properties.TryGetValue(name, out var value) ? value : null; } }