tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Tweak the log levels used by OpenIddict

pull/1260/head
Kévin Chalet 5 years ago
parent
7b58f758fe
commit
422d8979ad
17 changed files with 134 additions and 134 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs
  2. 4
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
  3. 4
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Session.cs
  4. 16
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs
  5. 4
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
  6. 4
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Session.cs
  7. 16
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs
  8. 70
      src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs
  9. 20
      src/OpenIddict.Server/OpenIddictServerHandlers.Device.cs
  10. 2
      src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
  11. 54
      src/OpenIddict.Server/OpenIddictServerHandlers.Exchange.cs
  12. 20
      src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
  13. 22
      src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs
  14. 6
      src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs
  15. 2
      src/OpenIddict.Server/OpenIddictServerHandlers.Userinfo.cs
  16. 10
      src/OpenIddict.Server/OpenIddictServerHandlers.cs
  17. 10
      src/OpenIddict.Validation/OpenIddictValidationHandlers.cs

4
src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs
View File

@ -1277,7 +1277,7 @@ namespace OpenIddict.Core
if (!await ValidateClientSecretAsync(secret, value, cancellationToken))
{
Logger.LogWarning(SR.GetResourceString(SR.ID6161), await GetClientIdAsync(application, cancellationToken));
Logger.LogInformation(SR.GetResourceString(SR.ID6161), await GetClientIdAsync(application, cancellationToken));
return false;
}
@ -1318,7 +1318,7 @@ namespace OpenIddict.Core
}
}
Logger.LogWarning(SR.GetResourceString(SR.ID6162), address, await GetClientIdAsync(application, cancellationToken));
Logger.LogInformation(SR.GetResourceString(SR.ID6162), address, await GetClientIdAsync(application, cancellationToken));
return false;
}

4
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
View File

@ -110,7 +110,7 @@ namespace OpenIddict.Server.AspNetCore
var token = await _cache.GetStringAsync(Cache.AuthorizationRequest + context.Request.RequestId);
if (token is null || !context.Options.JsonWebTokenHandler.CanReadToken(token))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6146), Parameters.RequestId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6146), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -128,7 +128,7 @@ namespace OpenIddict.Server.AspNetCore
var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters);
if (!result.IsValid)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6146), Parameters.RequestId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6146), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,

4
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Session.cs
View File

@ -108,7 +108,7 @@ namespace OpenIddict.Server.AspNetCore
var token = await _cache.GetStringAsync(Cache.LogoutRequest + context.Request.RequestId);
if (token is null || !context.Options.JsonWebTokenHandler.CanReadToken(token))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6150), Parameters.RequestId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6150), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -126,7 +126,7 @@ namespace OpenIddict.Server.AspNetCore
var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters);
if (!result.IsValid)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6150), Parameters.RequestId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6150), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,

16
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs
View File

@ -423,7 +423,7 @@ namespace OpenIddict.Server.AspNetCore
else
{
context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -480,7 +480,7 @@ namespace OpenIddict.Server.AspNetCore
// See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization
if (string.IsNullOrEmpty(request.ContentType))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6138), HeaderNames.ContentType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6138), HeaderNames.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -493,7 +493,7 @@ namespace OpenIddict.Server.AspNetCore
// May have media/type; charset=utf-8, allow partial match.
if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6139), HeaderNames.ContentType, request.ContentType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6139), HeaderNames.ContentType, request.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -508,7 +508,7 @@ namespace OpenIddict.Server.AspNetCore
else
{
context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -558,7 +558,7 @@ namespace OpenIddict.Server.AspNetCore
// See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization
if (string.IsNullOrEmpty(request.ContentType))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6138), HeaderNames.ContentType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6138), HeaderNames.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -571,7 +571,7 @@ namespace OpenIddict.Server.AspNetCore
// May have media/type; charset=utf-8, allow partial match.
if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6139), HeaderNames.ContentType, request.ContentType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6139), HeaderNames.ContentType, request.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -586,7 +586,7 @@ namespace OpenIddict.Server.AspNetCore
else
{
context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -645,7 +645,7 @@ namespace OpenIddict.Server.AspNetCore
if (!string.IsNullOrEmpty(context.Transaction.Request.ClientAssertion) ||
!string.IsNullOrEmpty(context.Transaction.Request.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6140));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6140));
context.Reject(
error: Errors.InvalidRequest,

4
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
View File

@ -109,7 +109,7 @@ namespace OpenIddict.Server.Owin
var token = await _cache.GetStringAsync(Cache.AuthorizationRequest + context.Request.RequestId);
if (token is null || !context.Options.JsonWebTokenHandler.CanReadToken(token))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6146), Parameters.RequestId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6146), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -127,7 +127,7 @@ namespace OpenIddict.Server.Owin
var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters);
if (!result.IsValid)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6146), Parameters.RequestId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6146), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,

4
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Session.cs
View File

@ -107,7 +107,7 @@ namespace OpenIddict.Server.Owin
var token = await _cache.GetStringAsync(Cache.LogoutRequest + context.Request.RequestId);
if (token is null || !context.Options.JsonWebTokenHandler.CanReadToken(token))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6150), Parameters.RequestId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6150), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -125,7 +125,7 @@ namespace OpenIddict.Server.Owin
var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters);
if (!result.IsValid)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6150), Parameters.RequestId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6150), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,

16
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs
View File

@ -361,7 +361,7 @@ namespace OpenIddict.Server.Owin
else
{
context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -418,7 +418,7 @@ namespace OpenIddict.Server.Owin
// See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization
if (string.IsNullOrEmpty(request.ContentType))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6138), Headers.ContentType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6138), Headers.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -431,7 +431,7 @@ namespace OpenIddict.Server.Owin
// May have media/type; charset=utf-8, allow partial match.
if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6139), Headers.ContentType, request.ContentType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6139), Headers.ContentType, request.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -446,7 +446,7 @@ namespace OpenIddict.Server.Owin
else
{
context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -496,7 +496,7 @@ namespace OpenIddict.Server.Owin
// See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization
if (string.IsNullOrEmpty(request.ContentType))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6138), Headers.ContentType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6138), Headers.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -509,7 +509,7 @@ namespace OpenIddict.Server.Owin
// May have media/type; charset=utf-8, allow partial match.
if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6139), Headers.ContentType, request.ContentType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6139), Headers.ContentType, request.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -524,7 +524,7 @@ namespace OpenIddict.Server.Owin
else
{
context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -583,7 +583,7 @@ namespace OpenIddict.Server.Owin
if (!string.IsNullOrEmpty(context.Transaction.Request.ClientAssertion) ||
!string.IsNullOrEmpty(context.Transaction.Request.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6140));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6140));
context.Reject(
error: Errors.InvalidRequest,

70
src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs
View File

@ -358,7 +358,7 @@ namespace OpenIddict.Server
// Reject requests using the unsupported request parameter.
if (!string.IsNullOrEmpty(context.Request.Request))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6032), Parameters.Request);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6032), Parameters.Request);
context.Reject(
error: Errors.RequestNotSupported,
@ -398,7 +398,7 @@ namespace OpenIddict.Server
// Reject requests using the unsupported request_uri parameter.
if (!string.IsNullOrEmpty(context.Request.RequestUri))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6032), Parameters.RequestUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6032), Parameters.RequestUri);
context.Reject(
error: Errors.RequestUriNotSupported,
@ -439,7 +439,7 @@ namespace OpenIddict.Server
// See http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.
if (string.IsNullOrEmpty(context.ClientId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.ClientId);
context.Reject(
error: Errors.InvalidRequest,
@ -485,7 +485,7 @@ namespace OpenIddict.Server
{
if (context.Request.HasScope(Scopes.OpenId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -508,7 +508,7 @@ namespace OpenIddict.Server
// See https://github.com/dotnet/corefx/issues/22098 for more information.
if (!Uri.TryCreate(context.RedirectUri, UriKind.Absolute, out Uri? uri) || !uri.IsWellFormedOriginalString())
{
context.Logger.LogError(SR.GetResourceString(SR.ID6034), Parameters.RedirectUri, context.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6034), Parameters.RedirectUri, context.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -523,7 +523,7 @@ namespace OpenIddict.Server
// and http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
if (!string.IsNullOrEmpty(uri.Fragment))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6035), Parameters.RedirectUri, context.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6035), Parameters.RedirectUri, context.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -563,7 +563,7 @@ namespace OpenIddict.Server
// Reject requests missing the mandatory response_type parameter.
if (string.IsNullOrEmpty(context.Request.ResponseType))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.ResponseType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.ResponseType);
context.Reject(
error: Errors.InvalidRequest,
@ -576,7 +576,7 @@ namespace OpenIddict.Server
// Reject code flow requests if the server is not configured to allow the authorization code grant type.
if (context.Request.IsAuthorizationCodeFlow() && !context.Options.GrantTypes.Contains(GrantTypes.AuthorizationCode))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6036), context.Request.ResponseType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6036), context.Request.ResponseType);
context.Reject(
error: Errors.UnsupportedResponseType,
@ -589,7 +589,7 @@ namespace OpenIddict.Server
// Reject implicit flow requests if the server is not configured to allow the implicit grant type.
if (context.Request.IsImplicitFlow() && !context.Options.GrantTypes.Contains(GrantTypes.Implicit))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6036), context.Request.ResponseType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6036), context.Request.ResponseType);
context.Reject(
error: Errors.UnsupportedResponseType,
@ -603,7 +603,7 @@ namespace OpenIddict.Server
if (context.Request.IsHybridFlow() && (!context.Options.GrantTypes.Contains(GrantTypes.AuthorizationCode) ||
!context.Options.GrantTypes.Contains(GrantTypes.Implicit)))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6036), context.Request.ResponseType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6036), context.Request.ResponseType);
context.Reject(
error: Errors.UnsupportedResponseType,
@ -618,7 +618,7 @@ namespace OpenIddict.Server
if (!context.Options.ResponseTypes.Any(type =>
types.SetEquals(type.Split(Separators.Space, StringSplitOptions.RemoveEmptyEntries))))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6036), context.Request.ResponseType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6036), context.Request.ResponseType);
context.Reject(
error: Errors.UnsupportedResponseType,
@ -661,7 +661,7 @@ namespace OpenIddict.Server
if (context.Request.IsQueryResponseMode() && (context.Request.HasResponseType(ResponseTypes.IdToken) ||
context.Request.HasResponseType(ResponseTypes.Token)))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6037), context.Request.ResponseType, context.Request.ResponseMode);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6037), context.Request.ResponseType, context.Request.ResponseMode);
context.Reject(
error: Errors.InvalidRequest,
@ -675,7 +675,7 @@ namespace OpenIddict.Server
// if the default response_mode inferred from the response_type was explicitly disabled in the options.
if (!ValidateResponseMode(context.Request, context.Options))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6038), context.Request.ResponseMode);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6038), context.Request.ResponseMode);
context.Reject(
error: Errors.InvalidRequest,
@ -740,7 +740,7 @@ namespace OpenIddict.Server
// Reject authorization requests containing the id_token response_type if no openid scope has been received.
if (context.Request.HasResponseType(ResponseTypes.IdToken) && !context.Request.HasScope(Scopes.OpenId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6039), Scopes.OpenId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6039), Scopes.OpenId);
context.Reject(
error: Errors.InvalidRequest,
@ -800,7 +800,7 @@ namespace OpenIddict.Server
if (context.Request.IsImplicitFlow() || context.Request.IsHybridFlow())
{
context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.Nonce);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.Nonce);
context.Reject(
error: Errors.InvalidRequest,
@ -842,7 +842,7 @@ namespace OpenIddict.Server
context.Request.HasPrompt(Prompts.Login) ||
context.Request.HasPrompt(Prompts.SelectAccount)))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6040));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6040));
context.Reject(
error: Errors.InvalidRequest,
@ -885,7 +885,7 @@ namespace OpenIddict.Server
context.Request.HasResponseType(ResponseTypes.Code) &&
string.IsNullOrEmpty(context.Request.CodeChallenge))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge);
context.Reject(
error: Errors.InvalidRequest,
@ -906,7 +906,7 @@ namespace OpenIddict.Server
// Ensure a code_challenge was specified if a code_challenge_method was used.
if (string.IsNullOrEmpty(context.Request.CodeChallenge))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge);
context.Reject(
error: Errors.InvalidRequest,
@ -921,7 +921,7 @@ namespace OpenIddict.Server
if (string.IsNullOrEmpty(context.Request.CodeChallengeMethod) &&
!context.Options.CodeChallengeMethods.Contains(CodeChallengeMethods.Plain))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.CodeChallengeMethod);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.CodeChallengeMethod);
context.Reject(
error: Errors.InvalidRequest,
@ -935,7 +935,7 @@ namespace OpenIddict.Server
if (!string.IsNullOrEmpty(context.Request.CodeChallengeMethod) &&
!context.Options.CodeChallengeMethods.Contains(context.Request.CodeChallengeMethod))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6041));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6041));
context.Reject(
error: Errors.InvalidRequest,
@ -948,7 +948,7 @@ namespace OpenIddict.Server
// When code_challenge or code_challenge_method is specified, ensure the response_type includes "code".
if (!context.Request.HasResponseType(ResponseTypes.Code))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6042));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6042));
context.Reject(
error: Errors.InvalidRequest,
@ -961,7 +961,7 @@ namespace OpenIddict.Server
// Reject authorization requests that contain response_type=token when a code_challenge is specified.
if (context.Request.HasResponseType(ResponseTypes.Token))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6043));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6043));
context.Reject(
error: Errors.InvalidRequest,
@ -1012,7 +1012,7 @@ namespace OpenIddict.Server
var application = await _applicationManager.FindByClientIdAsync(context.ClientId);
if (application is null)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6044), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6044), context.ClientId);
context.Reject(
error: Errors.InvalidRequest,
@ -1079,7 +1079,7 @@ namespace OpenIddict.Server
if (await _applicationManager.HasClientTypeAsync(application, ClientTypes.Confidential))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6045), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6045), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1138,7 +1138,7 @@ namespace OpenIddict.Server
var addresses = await _applicationManager.GetRedirectUrisAsync(application);
if (addresses.Length != 1)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -1156,7 +1156,7 @@ namespace OpenIddict.Server
// Otherwise, ensure that the specified redirect_uri is valid and is associated with the client application.
if (!await _applicationManager.ValidateRedirectUriAsync(application, context.RedirectUri))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6046), context.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6046), context.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -1235,7 +1235,7 @@ namespace OpenIddict.Server
// If at least one scope was not recognized, return an error.
if (scopes.Count != 0)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6047), scopes);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6047), scopes);
context.Reject(
error: Errors.InvalidScope,
@ -1291,7 +1291,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the authorization endpoint.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Authorization))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6048), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6048), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1348,7 +1348,7 @@ namespace OpenIddict.Server
if (context.Request.IsAuthorizationCodeFlow() &&
!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.AuthorizationCode))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6049), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6049), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1362,7 +1362,7 @@ namespace OpenIddict.Server
if (context.Request.IsImplicitFlow() &&
!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.Implicit))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6050), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6050), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1377,7 +1377,7 @@ namespace OpenIddict.Server
(!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.AuthorizationCode) ||
!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.Implicit)))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6051), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6051), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1392,7 +1392,7 @@ namespace OpenIddict.Server
if (context.Request.HasScope(Scopes.OfflineAccess) &&
!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.RefreshToken))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6052), context.ClientId, Scopes.OfflineAccess);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6052), context.ClientId, Scopes.OfflineAccess);
context.Reject(
error: Errors.InvalidRequest,
@ -1448,7 +1448,7 @@ namespace OpenIddict.Server
// Reject requests that specify a response_type for which no permission was granted.
if (!await HasPermissionAsync(context.Request.GetResponseTypes()))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6177), context.ClientId, context.Request.ResponseType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6177), context.ClientId, context.Request.ResponseType);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1540,7 +1540,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the iterated scope.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.Scope + scope))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6052), context.ClientId, scope);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6052), context.ClientId, scope);
context.Reject(
error: Errors.InvalidRequest,
@ -1603,7 +1603,7 @@ namespace OpenIddict.Server
if (await _applicationManager.HasRequirementAsync(application, Requirements.Features.ProofKeyForCodeExchange))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge);
context.Reject(
error: Errors.InvalidRequest,

20
src/OpenIddict.Server/OpenIddictServerHandlers.Device.cs
View File

@ -353,7 +353,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc8628#section-3.1 for more information.
if (string.IsNullOrEmpty(context.ClientId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6056));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6056));
context.Reject(
error: Errors.InvalidClient,
@ -472,7 +472,7 @@ namespace OpenIddict.Server
// If at least one scope was not recognized, return an error.
if (scopes.Count != 0)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6057), scopes);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6057), scopes);
context.Reject(
error: Errors.InvalidScope,
@ -524,7 +524,7 @@ namespace OpenIddict.Server
var application = await _applicationManager.FindByClientIdAsync(context.ClientId);
if (application is null)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6058), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6058), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -583,7 +583,7 @@ namespace OpenIddict.Server
// Reject device requests containing a client_secret when the client is a public application.
if (!string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6059), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6059), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -599,7 +599,7 @@ namespace OpenIddict.Server
// Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks.
if (string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6060), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6060), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -662,7 +662,7 @@ namespace OpenIddict.Server
if (!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6061), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6061), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -720,7 +720,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the device endpoint.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Device))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6062), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6062), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -776,7 +776,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the device code grant.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.DeviceCode))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6118), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6118), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -791,7 +791,7 @@ namespace OpenIddict.Server
if (context.Request.HasScope(Scopes.OfflineAccess) &&
!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.RefreshToken))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6120), context.ClientId, Scopes.OfflineAccess);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6120), context.ClientId, Scopes.OfflineAccess);
context.Reject(
error: Errors.InvalidRequest,
@ -858,7 +858,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the iterated scope.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.Scope + scope))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6063), context.ClientId, scope);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6063), context.ClientId, scope);
context.Reject(
error: Errors.InvalidRequest,

2
src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
View File

@ -942,7 +942,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc7517#section-4.1
if (string.IsNullOrEmpty(key.Kty))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6070), JsonWebKeyParameterNames.Kty);
context.Logger.LogWarning(SR.GetResourceString(SR.ID6070), JsonWebKeyParameterNames.Kty);
continue;
}

54
src/OpenIddict.Server/OpenIddictServerHandlers.Exchange.cs
View File

@ -360,7 +360,7 @@ namespace OpenIddict.Server
// Reject token requests missing the mandatory grant_type parameter.
if (string.IsNullOrEmpty(context.Request.GrantType))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.GrantType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.GrantType);
context.Reject(
error: Errors.InvalidRequest,
@ -373,7 +373,7 @@ namespace OpenIddict.Server
// Reject token requests that don't specify a supported grant type.
if (!context.Options.GrantTypes.Contains(context.Request.GrantType))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6078), context.Request.GrantType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6078), context.Request.GrantType);
context.Reject(
error: Errors.UnsupportedGrantType,
@ -434,7 +434,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc6749#section-4.1.3 for more information.
if (!context.Options.AcceptAnonymousClients || context.Request.IsAuthorizationCodeGrantType())
{
context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -476,7 +476,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc6749#section-4.1.3 for more information.
if (context.Request.IsAuthorizationCodeGrantType() && string.IsNullOrEmpty(context.Request.Code))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.Code);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.Code);
context.Reject(
error: Errors.InvalidRequest,
@ -599,7 +599,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc6749#section-6 for more information.
if (context.Request.IsRefreshTokenGrantType() && string.IsNullOrEmpty(context.Request.RefreshToken))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.RefreshToken);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.RefreshToken);
context.Reject(
error: Errors.InvalidRequest,
@ -642,7 +642,7 @@ namespace OpenIddict.Server
if (context.Request.IsPasswordGrantType() && (string.IsNullOrEmpty(context.Request.Username) ||
string.IsNullOrEmpty(context.Request.Password)))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6079));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6079));
context.Reject(
error: Errors.InvalidRequest,
@ -690,7 +690,7 @@ namespace OpenIddict.Server
// If OpenIddict was configured to require PKCE, this can be potentially avoided by making an early check here.
if (context.Options.RequireProofKeyForCodeExchange && string.IsNullOrEmpty(context.Request.CodeVerifier))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.CodeVerifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.CodeVerifier);
context.Reject(
error: Errors.InvalidRequest,
@ -771,7 +771,7 @@ namespace OpenIddict.Server
// If at least one scope was not recognized, return an error.
if (scopes.Count != 0)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6080), scopes);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6080), scopes);
context.Reject(
error: Errors.InvalidScope,
@ -823,7 +823,7 @@ namespace OpenIddict.Server
var application = await _applicationManager.FindByClientIdAsync(context.ClientId);
if (application is null)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6081), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6081), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -882,7 +882,7 @@ namespace OpenIddict.Server
// Public applications are not allowed to use the client credentials grant.
if (context.Request.IsClientCredentialsGrantType())
{
context.Logger.LogError(SR.GetResourceString(SR.ID6082), context.Request.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6082), context.Request.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -895,7 +895,7 @@ namespace OpenIddict.Server
// Reject token requests containing a client_secret when the client is a public application.
if (!string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6083), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6083), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -911,7 +911,7 @@ namespace OpenIddict.Server
// Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks.
if (string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6084), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6084), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -974,7 +974,7 @@ namespace OpenIddict.Server
if (!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6085), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6085), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -1032,7 +1032,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the token endpoint.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Token))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6086), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6086), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1090,7 +1090,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the specified grant type.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.GrantType + context.Request.GrantType))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6087), context.ClientId, context.Request.GrantType);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6087), context.ClientId, context.Request.GrantType);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1105,7 +1105,7 @@ namespace OpenIddict.Server
if (context.Request.HasScope(Scopes.OfflineAccess) &&
!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.RefreshToken))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6088), context.ClientId, Scopes.OfflineAccess);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6088), context.ClientId, Scopes.OfflineAccess);
context.Reject(
error: Errors.InvalidRequest,
@ -1172,7 +1172,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the iterated scope.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.Scope + scope))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6089), context.ClientId, scope);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6089), context.ClientId, scope);
context.Reject(
error: Errors.InvalidRequest,
@ -1241,7 +1241,7 @@ namespace OpenIddict.Server
if (await _applicationManager.HasRequirementAsync(application, Requirements.Features.ProofKeyForCodeExchange))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.CodeVerifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.CodeVerifier);
context.Reject(
error: Errors.InvalidRequest,
@ -1377,7 +1377,7 @@ namespace OpenIddict.Server
// reject the request if the client_id of the caller cannot be retrieved or inferred.
if (string.IsNullOrEmpty(context.ClientId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6090));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6090));
context.Reject(
error: Errors.InvalidGrant,
@ -1397,7 +1397,7 @@ namespace OpenIddict.Server
// and http://openid.net/specs/openid-connect-core-1_0.html#RefreshingAccessToken.
if (!presenters.Contains(context.ClientId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6091));
context.Logger.LogWarning(SR.GetResourceString(SR.ID6091));
context.Reject(
error: Errors.InvalidGrant,
@ -1460,7 +1460,7 @@ namespace OpenIddict.Server
if (string.IsNullOrEmpty(context.Request.RedirectUri))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -1472,7 +1472,7 @@ namespace OpenIddict.Server
if (!string.Equals(address, context.Request.RedirectUri, StringComparison.Ordinal))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6092), Parameters.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6092), Parameters.RedirectUri);
context.Reject(
error: Errors.InvalidGrant,
@ -1529,7 +1529,7 @@ namespace OpenIddict.Server
// when code_challenge private claim was attached to the authorization code.
if (!string.IsNullOrEmpty(context.Request.CodeVerifier))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6093), Parameters.CodeVerifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6093), Parameters.CodeVerifier);
context.Reject(
error: Errors.InvalidRequest,
@ -1545,7 +1545,7 @@ namespace OpenIddict.Server
// Get the code verifier from the token request. If it cannot be found, return an invalid_grant error.
if (string.IsNullOrEmpty(context.Request.CodeVerifier))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.CodeVerifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.CodeVerifier);
context.Reject(
error: Errors.InvalidRequest,
@ -1590,7 +1590,7 @@ namespace OpenIddict.Server
if (!Arrays.ConstantTimeAreEqual(data, Encoding.ASCII.GetBytes(challenge)))
#endif
{
context.Logger.LogError(SR.GetResourceString(SR.ID6092), Parameters.CodeVerifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6092), Parameters.CodeVerifier);
context.Reject(
error: Errors.InvalidGrant,
@ -1646,7 +1646,7 @@ namespace OpenIddict.Server
var scopes = new HashSet<string>(context.Principal.GetScopes(), StringComparer.Ordinal);
if (scopes.Count == 0)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6094), Parameters.Scope);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6094), Parameters.Scope);
context.Reject(
error: Errors.InvalidGrant,
@ -1662,7 +1662,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc6749#section-6 for more information.
else if (!scopes.IsSupersetOf(context.Request.GetScopes()))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6095), Parameters.Scope);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6095), Parameters.Scope);
context.Reject(
error: Errors.InvalidGrant,

20
src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
View File

@ -367,7 +367,7 @@ namespace OpenIddict.Server
// Reject introspection requests missing the mandatory token parameter.
if (string.IsNullOrEmpty(context.Request.Token))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6098), Parameters.Token);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6098), Parameters.Token);
context.Reject(
error: Errors.InvalidRequest,
@ -407,7 +407,7 @@ namespace OpenIddict.Server
// At this stage, reject the introspection request unless the client identification requirement was disabled.
if (!context.Options.AcceptAnonymousClients && string.IsNullOrEmpty(context.ClientId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6098), Parameters.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6098), Parameters.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -461,7 +461,7 @@ namespace OpenIddict.Server
var application = await _applicationManager.FindByClientIdAsync(context.ClientId);
if (application is null)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6099), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6099), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -520,7 +520,7 @@ namespace OpenIddict.Server
// Reject introspection requests containing a client_secret when the client is a public application.
if (!string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6100), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6100), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -536,7 +536,7 @@ namespace OpenIddict.Server
// Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks.
if (string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6101), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6101), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -599,7 +599,7 @@ namespace OpenIddict.Server
if (!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6102), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6102), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -657,7 +657,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the introspection endpoint.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Introspection))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6103), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6103), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -754,7 +754,7 @@ namespace OpenIddict.Server
if (!context.Principal.HasTokenType(TokenTypeHints.AccessToken) &&
!context.Principal.HasTokenType(TokenTypeHints.RefreshToken))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6104));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6104));
context.Reject(
error: Errors.UnsupportedTokenType,
@ -807,7 +807,7 @@ namespace OpenIddict.Server
context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) &&
context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6106));
context.Logger.LogWarning(SR.GetResourceString(SR.ID6106));
context.Reject(
error: Errors.InvalidToken,
@ -824,7 +824,7 @@ namespace OpenIddict.Server
if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) &&
context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6108));
context.Logger.LogWarning(SR.GetResourceString(SR.ID6108));
context.Reject(
error: Errors.InvalidToken,

22
src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs
View File

@ -310,7 +310,7 @@ namespace OpenIddict.Server
// Reject revocation requests missing the mandatory token parameter.
if (string.IsNullOrEmpty(context.Request.Token))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6111), Parameters.Token);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6111), Parameters.Token);
context.Reject(
error: Errors.InvalidRequest,
@ -350,7 +350,7 @@ namespace OpenIddict.Server
// At this stage, reject the revocation request unless the client identification requirement was disabled.
if (!context.Options.AcceptAnonymousClients && string.IsNullOrEmpty(context.ClientId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6111), Parameters.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6111), Parameters.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -404,7 +404,7 @@ namespace OpenIddict.Server
var application = await _applicationManager.FindByClientIdAsync(context.ClientId);
if (application is null)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6112), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6112), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -463,7 +463,7 @@ namespace OpenIddict.Server
// Reject revocation requests containing a client_secret when the client is a public application.
if (!string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6113), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6113), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -479,7 +479,7 @@ namespace OpenIddict.Server
// Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks.
if (string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6114), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6114), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -542,7 +542,7 @@ namespace OpenIddict.Server
if (!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6115), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6115), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -600,7 +600,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the revocation endpoint.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Revocation))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6116), context.ClientId);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6116), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -697,7 +697,7 @@ namespace OpenIddict.Server
if (!context.Principal.HasTokenType(TokenTypeHints.AccessToken) &&
!context.Principal.HasTokenType(TokenTypeHints.RefreshToken))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6117));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6117));
context.Reject(
error: Errors.UnsupportedTokenType,
@ -750,7 +750,7 @@ namespace OpenIddict.Server
context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) &&
context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6119));
context.Logger.LogWarning(SR.GetResourceString(SR.ID6119));
context.Reject(
error: Errors.InvalidToken,
@ -767,7 +767,7 @@ namespace OpenIddict.Server
if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) &&
context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6121));
context.Logger.LogWarning(SR.GetResourceString(SR.ID6121));
context.Reject(
error: Errors.InvalidToken,
@ -853,7 +853,7 @@ namespace OpenIddict.Server
var identifier = context.Principal.GetTokenId();
if (string.IsNullOrEmpty(identifier))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6122));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6122));
context.Reject(
error: Errors.UnsupportedTokenType,

6
src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs
View File

@ -334,7 +334,7 @@ namespace OpenIddict.Server
// If an optional post_logout_redirect_uri was provided, validate it.
if (!Uri.TryCreate(context.PostLogoutRedirectUri, UriKind.Absolute, out Uri? uri) || !uri.IsWellFormedOriginalString())
{
context.Logger.LogError(SR.GetResourceString(SR.ID6126), Parameters.PostLogoutRedirectUri, context.PostLogoutRedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6126), Parameters.PostLogoutRedirectUri, context.PostLogoutRedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -346,7 +346,7 @@ namespace OpenIddict.Server
if (!string.IsNullOrEmpty(uri.Fragment))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6127), Parameters.PostLogoutRedirectUri, context.PostLogoutRedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6127), Parameters.PostLogoutRedirectUri, context.PostLogoutRedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -397,7 +397,7 @@ namespace OpenIddict.Server
if (!await ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6128), context.PostLogoutRedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6128), context.PostLogoutRedirectUri);
context.Reject(
error: Errors.InvalidRequest,

2
src/OpenIddict.Server/OpenIddictServerHandlers.Userinfo.cs
View File

@ -335,7 +335,7 @@ namespace OpenIddict.Server
if (string.IsNullOrEmpty(context.Request.AccessToken))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6131), Parameters.AccessToken);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6131), Parameters.AccessToken);
context.Reject(
error: Errors.MissingToken,

10
src/OpenIddict.Server/OpenIddictServerHandlers.cs
View File

@ -942,7 +942,7 @@ namespace OpenIddict.Server
{
if (!context.Request.IsRefreshTokenGrantType() || !await IsReusableAsync(token))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6002), identifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6002), identifier);
context.Reject(
error: context.EndpointType switch
@ -988,7 +988,7 @@ namespace OpenIddict.Server
// If the device code is not marked as valid yet, return an authorization_pending error.
if (await _tokenManager.HasStatusAsync(token, Statuses.Inactive))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6003), identifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6003), identifier);
context.Reject(
error: Errors.AuthorizationPending,
@ -1001,7 +1001,7 @@ namespace OpenIddict.Server
// If the device code is marked as rejected, return an access_denied error.
if (await _tokenManager.HasStatusAsync(token, Statuses.Rejected))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6004), identifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6004), identifier);
context.Reject(
error: Errors.AccessDenied,
@ -1015,7 +1015,7 @@ namespace OpenIddict.Server
if (!await _tokenManager.HasStatusAsync(token, Statuses.Valid))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6005), identifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6005), identifier);
context.Reject(
error: context.EndpointType switch
@ -1135,7 +1135,7 @@ namespace OpenIddict.Server
var authorization = await _authorizationManager.FindByIdAsync(identifier);
if (authorization is null || !await _authorizationManager.HasStatusAsync(authorization, Statuses.Valid))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6006), identifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6006), identifier);
context.Reject(
error: context.EndpointType switch

10
src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
View File

@ -660,7 +660,7 @@ namespace OpenIddict.Validation
var date = context.Principal.GetExpirationDate();
if (date.HasValue && date.Value < DateTimeOffset.UtcNow)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6156));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6156));
context.Reject(
error: Errors.InvalidToken,
@ -711,7 +711,7 @@ namespace OpenIddict.Validation
var audiences = context.Principal.GetAudiences();
if (audiences.IsDefaultOrEmpty)
{
context.Logger.LogError(SR.GetResourceString(SR.ID6157));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6157));
context.Reject(
error: Errors.InvalidToken,
@ -724,7 +724,7 @@ namespace OpenIddict.Validation
// If the access token doesn't include any registered audience, return an error.
if (!audiences.Intersect(context.Options.Audiences, StringComparer.Ordinal).Any())
{
context.Logger.LogError(SR.GetResourceString(SR.ID6158));
context.Logger.LogInformation(SR.GetResourceString(SR.ID6158));
context.Reject(
error: Errors.InvalidToken,
@ -783,7 +783,7 @@ namespace OpenIddict.Validation
var token = await _tokenManager.FindByIdAsync(identifier);
if (token is null || !await _tokenManager.HasStatusAsync(token, Statuses.Valid))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6005), identifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6005), identifier);
context.Reject(
error: Errors.InvalidToken,
@ -847,7 +847,7 @@ namespace OpenIddict.Validation
var authorization = await _authorizationManager.FindByIdAsync(identifier);
if (authorization is null || !await _authorizationManager.HasStatusAsync(authorization, Statuses.Valid))
{
context.Logger.LogError(SR.GetResourceString(SR.ID6006), identifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6006), identifier);
context.Reject(
error: Errors.InvalidToken,

Write Preview
Loading…
Cancel
Save