Fix the ASP.NET Core Data Protection formatters to use the correct value type for the token lifetime claims

2 years ago · 253b1b56b6
3 changed files with 45 additions and 44 deletions
--- a/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionFormatter.cs
+++ b/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionFormatter.cs
@ -6,6 +6,7 @@
 using System.Collections.Immutable;
 using System.ComponentModel;
 using System.Globalization;
 using System.Security.Claims;
 using System.Text;
 using System.Text.Encodings.Web;
@ -31,6 +32,8 @@ public sealed class OpenIddictClientDataProtectionFormatter : IOpenIddictClientD
        // can be reused, well-known properties are manually mapped to their claims equivalents.
        return principal
            .SetClaim(Claims.Private.StateTokenLifetime, GetIntegerProperty(properties, Properties.StateTokenLifetime))
            .SetClaims(Claims.Private.Audience,  GetJsonProperty(properties, Properties.Audiences))
            .SetClaims(Claims.Private.Presenter, GetJsonProperty(properties, Properties.Presenters))
            .SetClaims(Claims.Private.Resource,  GetJsonProperty(properties, Properties.Resources))
@ -38,13 +41,12 @@ public sealed class OpenIddictClientDataProtectionFormatter : IOpenIddictClientD
            .SetClaim(Claims.Private.HostProperties, GetJsonProperty(properties, Properties.HostProperties))
-            .SetClaim(Claims.Private.CodeVerifier,       GetProperty(properties, Properties.CodeVerifier))
+            .SetClaim(Claims.Private.CodeVerifier,   GetStringProperty(properties, Properties.CodeVerifier))
-            .SetClaim(Claims.Private.CreationDate,       GetProperty(properties, Properties.Issued))
+            .SetClaim(Claims.Private.CreationDate,   GetStringProperty(properties, Properties.Issued))
-            .SetClaim(Claims.Private.ExpirationDate,     GetProperty(properties, Properties.Expires))
+            .SetClaim(Claims.Private.ExpirationDate, GetStringProperty(properties, Properties.Expires))
-            .SetClaim(Claims.Private.Nonce,              GetProperty(properties, Properties.Nonce))
+            .SetClaim(Claims.Private.Nonce,          GetStringProperty(properties, Properties.Nonce))
-            .SetClaim(Claims.Private.RedirectUri,        GetProperty(properties, Properties.OriginalRedirectUri))
+            .SetClaim(Claims.Private.RedirectUri,    GetStringProperty(properties, Properties.OriginalRedirectUri))
-            .SetClaim(Claims.Private.StateTokenLifetime, GetProperty(properties, Properties.StateTokenLifetime))
+            .SetClaim(Claims.Private.TokenId,        GetStringProperty(properties, Properties.InternalTokenId));
            .SetClaim(Claims.Private.TokenId,            GetProperty(properties, Properties.InternalTokenId));
        static (ClaimsPrincipal principal, IReadOnlyDictionary<string, string> properties) Read(BinaryReader reader)
        {
@ -159,8 +161,9 @@ public sealed class OpenIddictClientDataProtectionFormatter : IOpenIddictClientD
            return value;
        }
-        static string? GetProperty(IReadOnlyDictionary<string, string> properties, string name)
+        static long? GetIntegerProperty(IReadOnlyDictionary<string, string> properties, string name)
-            => properties.TryGetValue(name, out var value) ? value : null;
+            => properties.TryGetValue(name, out var value) && long.TryParse(value,
            NumberStyles.Integer, CultureInfo.InvariantCulture, out long result) ? result : null;
        static JsonElement GetJsonProperty(IReadOnlyDictionary<string, string> properties, string name)
        {
@ -172,6 +175,9 @@ public sealed class OpenIddictClientDataProtectionFormatter : IOpenIddictClientD
            return default;
        }
        static string? GetStringProperty(IReadOnlyDictionary<string, string> properties, string name)
            => properties.TryGetValue(name, out var value) ? value : null;
    }
    public void WriteToken(BinaryWriter writer, ClaimsPrincipal principal)
--- a/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionFormatter.cs
+++ b/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionFormatter.cs
@ -6,6 +6,7 @@
 using System.Collections.Immutable;
 using System.ComponentModel;
 using System.Globalization;
 using System.Security.Claims;
 using System.Text;
 using System.Text.Encodings.Web;
@ -31,6 +32,13 @@ public sealed class OpenIddictServerDataProtectionFormatter : IOpenIddictServerD
        // can be reused, well-known properties are manually mapped to their claims equivalents.
        return principal
            .SetClaim(Claims.Private.AccessTokenLifetime,       GetIntegerProperty(properties, Properties.AccessTokenLifetime))
            .SetClaim(Claims.Private.AuthorizationCodeLifetime, GetIntegerProperty(properties, Properties.AuthorizationCodeLifetime))
            .SetClaim(Claims.Private.DeviceCodeLifetime,        GetIntegerProperty(properties, Properties.DeviceCodeLifetime))
            .SetClaim(Claims.Private.IdentityTokenLifetime,     GetIntegerProperty(properties, Properties.IdentityTokenLifetime))
            .SetClaim(Claims.Private.RefreshTokenLifetime,      GetIntegerProperty(properties, Properties.RefreshTokenLifetime))
            .SetClaim(Claims.Private.UserCodeLifetime,          GetIntegerProperty(properties, Properties.UserCodeLifetime))
            .SetClaims(Claims.Private.Audience,  GetJsonProperty(properties, Properties.Audiences))
            .SetClaims(Claims.Private.Presenter, GetJsonProperty(properties, Properties.Presenters))
            .SetClaims(Claims.Private.Resource,  GetJsonProperty(properties, Properties.Resources))
@ -38,21 +46,15 @@ public sealed class OpenIddictServerDataProtectionFormatter : IOpenIddictServerD
            .SetClaim(Claims.Private.HostProperties, GetJsonProperty(properties, Properties.HostProperties))
-            .SetClaim(Claims.Private.AccessTokenLifetime,       GetProperty(properties, Properties.AccessTokenLifetime))
+            .SetClaim(Claims.Private.AuthorizationId,     GetStringProperty(properties, Properties.InternalAuthorizationId))
-            .SetClaim(Claims.Private.AuthorizationCodeLifetime, GetProperty(properties, Properties.AuthorizationCodeLifetime))
+            .SetClaim(Claims.Private.CodeChallenge,       GetStringProperty(properties, Properties.CodeChallenge))
-            .SetClaim(Claims.Private.AuthorizationId,           GetProperty(properties, Properties.InternalAuthorizationId))
+            .SetClaim(Claims.Private.CodeChallengeMethod, GetStringProperty(properties, Properties.CodeChallengeMethod))
-            .SetClaim(Claims.Private.CodeChallenge,             GetProperty(properties, Properties.CodeChallenge))
+            .SetClaim(Claims.Private.CreationDate,        GetStringProperty(properties, Properties.Issued))
-            .SetClaim(Claims.Private.CodeChallengeMethod,       GetProperty(properties, Properties.CodeChallengeMethod))
+            .SetClaim(Claims.Private.DeviceCodeId,        GetStringProperty(properties, Properties.DeviceCodeId))
-            .SetClaim(Claims.Private.CreationDate,              GetProperty(properties, Properties.Issued))
+            .SetClaim(Claims.Private.ExpirationDate,      GetStringProperty(properties, Properties.Expires))
-            .SetClaim(Claims.Private.DeviceCodeId,              GetProperty(properties, Properties.DeviceCodeId))
+            .SetClaim(Claims.Private.Nonce,               GetStringProperty(properties, Properties.Nonce))
-            .SetClaim(Claims.Private.DeviceCodeLifetime,        GetProperty(properties, Properties.DeviceCodeLifetime))
+            .SetClaim(Claims.Private.RedirectUri,         GetStringProperty(properties, Properties.OriginalRedirectUri))
-            .SetClaim(Claims.Private.IdentityTokenLifetime,     GetProperty(properties, Properties.IdentityTokenLifetime))
+            .SetClaim(Claims.Private.TokenId,             GetStringProperty(properties, Properties.InternalTokenId));
            .SetClaim(Claims.Private.ExpirationDate,            GetProperty(properties, Properties.Expires))
            .SetClaim(Claims.Private.Nonce,                     GetProperty(properties, Properties.Nonce))
            .SetClaim(Claims.Private.RedirectUri,               GetProperty(properties, Properties.OriginalRedirectUri))
            .SetClaim(Claims.Private.RefreshTokenLifetime,      GetProperty(properties, Properties.RefreshTokenLifetime))
            .SetClaim(Claims.Private.TokenId,                   GetProperty(properties, Properties.InternalTokenId))
            .SetClaim(Claims.Private.UserCodeLifetime,          GetProperty(properties, Properties.UserCodeLifetime));
        static (ClaimsPrincipal principal, IReadOnlyDictionary<string, string> properties) Read(BinaryReader reader)
        {
@ -167,8 +169,9 @@ public sealed class OpenIddictServerDataProtectionFormatter : IOpenIddictServerD
            return value;
        }
-        static string? GetProperty(IReadOnlyDictionary<string, string> properties, string name)
+        static long? GetIntegerProperty(IReadOnlyDictionary<string, string> properties, string name)
-            => properties.TryGetValue(name, out var value) ? value : null;
+            => properties.TryGetValue(name, out var value) && long.TryParse(value,
            NumberStyles.Integer, CultureInfo.InvariantCulture, out long result) ? result : null;
        static JsonElement GetJsonProperty(IReadOnlyDictionary<string, string> properties, string name)
        {
@ -180,6 +183,9 @@ public sealed class OpenIddictServerDataProtectionFormatter : IOpenIddictServerD
            return default;
        }
        static string? GetStringProperty(IReadOnlyDictionary<string, string> properties, string name)
            => properties.TryGetValue(name, out var value) ? value : null;
    }
    public void WriteToken(BinaryWriter writer, ClaimsPrincipal principal)
--- a/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionFormatter.cs
+++ b/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionFormatter.cs
@ -35,21 +35,10 @@ public sealed class OpenIddictValidationDataProtectionFormatter : IOpenIddictVal
            .SetClaim(Claims.Private.HostProperties, GetJsonProperty(properties, Properties.HostProperties))
-            .SetClaim(Claims.Private.AccessTokenLifetime,       GetProperty(properties, Properties.AccessTokenLifetime))
+            .SetClaim(Claims.Private.AuthorizationId, GetStringProperty(properties, Properties.InternalAuthorizationId))
-            .SetClaim(Claims.Private.AuthorizationCodeLifetime, GetProperty(properties, Properties.AuthorizationCodeLifetime))
+            .SetClaim(Claims.Private.CreationDate,    GetStringProperty(properties, Properties.Issued))
-            .SetClaim(Claims.Private.AuthorizationId,           GetProperty(properties, Properties.InternalAuthorizationId))
+            .SetClaim(Claims.Private.ExpirationDate,  GetStringProperty(properties, Properties.Expires))
-            .SetClaim(Claims.Private.CodeChallenge,             GetProperty(properties, Properties.CodeChallenge))
+            .SetClaim(Claims.Private.TokenId,         GetStringProperty(properties, Properties.InternalTokenId));
            .SetClaim(Claims.Private.CodeChallengeMethod,       GetProperty(properties, Properties.CodeChallengeMethod))
            .SetClaim(Claims.Private.CreationDate,              GetProperty(properties, Properties.Issued))
            .SetClaim(Claims.Private.DeviceCodeId,              GetProperty(properties, Properties.DeviceCodeId))
            .SetClaim(Claims.Private.DeviceCodeLifetime,        GetProperty(properties, Properties.DeviceCodeLifetime))
            .SetClaim(Claims.Private.IdentityTokenLifetime,     GetProperty(properties, Properties.IdentityTokenLifetime))
            .SetClaim(Claims.Private.ExpirationDate,            GetProperty(properties, Properties.Expires))
            .SetClaim(Claims.Private.Nonce,                     GetProperty(properties, Properties.Nonce))
            .SetClaim(Claims.Private.RedirectUri,               GetProperty(properties, Properties.OriginalRedirectUri))
            .SetClaim(Claims.Private.RefreshTokenLifetime,      GetProperty(properties, Properties.RefreshTokenLifetime))
            .SetClaim(Claims.Private.TokenId,                   GetProperty(properties, Properties.InternalTokenId))
            .SetClaim(Claims.Private.UserCodeLifetime,          GetProperty(properties, Properties.UserCodeLifetime));
        static (ClaimsPrincipal principal, IReadOnlyDictionary<string, string> properties) Read(BinaryReader reader)
        {
@ -164,9 +153,6 @@ public sealed class OpenIddictValidationDataProtectionFormatter : IOpenIddictVal
            return value;
        }
        static string? GetProperty(IReadOnlyDictionary<string, string> properties, string name)
            => properties.TryGetValue(name, out var value) ? value : null;
        static JsonElement GetJsonProperty(IReadOnlyDictionary<string, string> properties, string name)
        {
            if (properties.TryGetValue(name, out var value))
@ -177,5 +163,8 @@ public sealed class OpenIddictValidationDataProtectionFormatter : IOpenIddictVal
            return default;
        }
        static string? GetStringProperty(IReadOnlyDictionary<string, string> properties, string name)
            => properties.TryGetValue(name, out var value) ? value : null;
    }
 }