From 2f3004a66b8c333271588e1e1c1cd0d9ee7ef602 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Tue, 24 Nov 2020 18:16:12 +0100
Subject: [PATCH] Update ValidateIdentityModelToken to support additional
 exceptions

---
 .../OpenIddictServerHandlers.cs               | 25 +++++++++++++------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.cs
index 53f1e462..36eaed3e 100644
--- a/src/OpenIddict.Server/OpenIddictServerHandlers.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.cs
@@ -449,18 +449,27 @@ namespace OpenIddict.Server
                             OpenIddictServerEndpointType.Token => Errors.InvalidGrant,
                             _                                  => Errors.InvalidToken
                         },
-                        description: (result.Exception, context.EndpointType) switch
+                        description: result.Exception switch
                         {
-                            (SecurityTokenInvalidTypeException, OpenIddictServerEndpointType.Token)
-                                when context.Request.IsAuthorizationCodeGrantType() => SR.GetResourceString(SR.ID2005),
+                            SecurityTokenInvalidTypeException => context.EndpointType switch
+                            {
+                                OpenIddictServerEndpointType.Token when context.Request.IsAuthorizationCodeGrantType()
+                                    => SR.GetResourceString(SR.ID2005),
+
+                                OpenIddictServerEndpointType.Token when context.Request.IsDeviceCodeGrantType()
+                                    => SR.GetResourceString(SR.ID2006),
+
+                                OpenIddictServerEndpointType.Token when context.Request.IsRefreshTokenGrantType()
+                                    => SR.GetResourceString(SR.ID2007),
 
-                            (SecurityTokenInvalidTypeException, OpenIddictServerEndpointType.Token)
-                                when context.Request.IsDeviceCodeGrantType() => SR.GetResourceString(SR.ID2006),
+                                OpenIddictServerEndpointType.Userinfo => SR.GetResourceString(SR.ID2008),
 
-                            (SecurityTokenInvalidTypeException, OpenIddictServerEndpointType.Token)
-                                when context.Request.IsRefreshTokenGrantType() => SR.GetResourceString(SR.ID2007),
+                                _ => SR.GetResourceString(SR.ID2089)
+                            },
 
-                            (SecurityTokenInvalidTypeException, OpenIddictServerEndpointType.Userinfo) => SR.GetResourceString(SR.ID2008),
+                            SecurityTokenInvalidIssuerException        => SR.GetResourceString(SR.ID2088),
+                            SecurityTokenSignatureKeyNotFoundException => SR.GetResourceString(SR.ID2090),
+                            SecurityTokenInvalidSignatureException     => SR.GetResourceString(SR.ID2091),
 
                             _ => SR.GetResourceString(SR.ID2004)
                         });