From 422d8979adb8cdebc6c8c8e14faa1d736208271e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Sun, 25 Apr 2021 17:18:47 +0200 Subject: [PATCH] Tweak the log levels used by OpenIddict --- .../Managers/OpenIddictApplicationManager.cs | 4 +- ...ServerAspNetCoreHandlers.Authentication.cs | 4 +- ...nIddictServerAspNetCoreHandlers.Session.cs | 4 +- .../OpenIddictServerAspNetCoreHandlers.cs | 16 ++--- ...IddictServerOwinHandlers.Authentication.cs | 4 +- .../OpenIddictServerOwinHandlers.Session.cs | 4 +- .../OpenIddictServerOwinHandlers.cs | 16 ++--- ...OpenIddictServerHandlers.Authentication.cs | 70 +++++++++---------- .../OpenIddictServerHandlers.Device.cs | 20 +++--- .../OpenIddictServerHandlers.Discovery.cs | 2 +- .../OpenIddictServerHandlers.Exchange.cs | 54 +++++++------- .../OpenIddictServerHandlers.Introspection.cs | 20 +++--- .../OpenIddictServerHandlers.Revocation.cs | 22 +++--- .../OpenIddictServerHandlers.Session.cs | 6 +- .../OpenIddictServerHandlers.Userinfo.cs | 2 +- .../OpenIddictServerHandlers.cs | 10 +-- .../OpenIddictValidationHandlers.cs | 10 +-- 17 files changed, 134 insertions(+), 134 deletions(-) diff --git a/src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs b/src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs index b9e15875..f167718f 100644 --- a/src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs +++ b/src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs @@ -1277,7 +1277,7 @@ namespace OpenIddict.Core if (!await ValidateClientSecretAsync(secret, value, cancellationToken)) { - Logger.LogWarning(SR.GetResourceString(SR.ID6161), await GetClientIdAsync(application, cancellationToken)); + Logger.LogInformation(SR.GetResourceString(SR.ID6161), await GetClientIdAsync(application, cancellationToken)); return false; } @@ -1318,7 +1318,7 @@ namespace OpenIddict.Core } } - Logger.LogWarning(SR.GetResourceString(SR.ID6162), address, await GetClientIdAsync(application, cancellationToken)); + Logger.LogInformation(SR.GetResourceString(SR.ID6162), address, await GetClientIdAsync(application, cancellationToken)); return false; } diff --git a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs index 994589f8..9e3d12b9 100644 --- a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs +++ b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs @@ -110,7 +110,7 @@ namespace OpenIddict.Server.AspNetCore var token = await _cache.GetStringAsync(Cache.AuthorizationRequest + context.Request.RequestId); if (token is null || !context.Options.JsonWebTokenHandler.CanReadToken(token)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6146), Parameters.RequestId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6146), Parameters.RequestId); context.Reject( error: Errors.InvalidRequest, @@ -128,7 +128,7 @@ namespace OpenIddict.Server.AspNetCore var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters); if (!result.IsValid) { - context.Logger.LogError(SR.GetResourceString(SR.ID6146), Parameters.RequestId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6146), Parameters.RequestId); context.Reject( error: Errors.InvalidRequest, diff --git a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Session.cs b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Session.cs index 98f340e8..93418f69 100644 --- a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Session.cs +++ b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Session.cs @@ -108,7 +108,7 @@ namespace OpenIddict.Server.AspNetCore var token = await _cache.GetStringAsync(Cache.LogoutRequest + context.Request.RequestId); if (token is null || !context.Options.JsonWebTokenHandler.CanReadToken(token)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6150), Parameters.RequestId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6150), Parameters.RequestId); context.Reject( error: Errors.InvalidRequest, @@ -126,7 +126,7 @@ namespace OpenIddict.Server.AspNetCore var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters); if (!result.IsValid) { - context.Logger.LogError(SR.GetResourceString(SR.ID6150), Parameters.RequestId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6150), Parameters.RequestId); context.Reject( error: Errors.InvalidRequest, diff --git a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs index 9e40072b..8256af60 100644 --- a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs +++ b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs @@ -423,7 +423,7 @@ namespace OpenIddict.Server.AspNetCore else { - context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method); context.Reject( error: Errors.InvalidRequest, @@ -480,7 +480,7 @@ namespace OpenIddict.Server.AspNetCore // See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization if (string.IsNullOrEmpty(request.ContentType)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6138), HeaderNames.ContentType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6138), HeaderNames.ContentType); context.Reject( error: Errors.InvalidRequest, @@ -493,7 +493,7 @@ namespace OpenIddict.Server.AspNetCore // May have media/type; charset=utf-8, allow partial match. if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6139), HeaderNames.ContentType, request.ContentType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6139), HeaderNames.ContentType, request.ContentType); context.Reject( error: Errors.InvalidRequest, @@ -508,7 +508,7 @@ namespace OpenIddict.Server.AspNetCore else { - context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method); context.Reject( error: Errors.InvalidRequest, @@ -558,7 +558,7 @@ namespace OpenIddict.Server.AspNetCore // See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization if (string.IsNullOrEmpty(request.ContentType)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6138), HeaderNames.ContentType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6138), HeaderNames.ContentType); context.Reject( error: Errors.InvalidRequest, @@ -571,7 +571,7 @@ namespace OpenIddict.Server.AspNetCore // May have media/type; charset=utf-8, allow partial match. if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6139), HeaderNames.ContentType, request.ContentType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6139), HeaderNames.ContentType, request.ContentType); context.Reject( error: Errors.InvalidRequest, @@ -586,7 +586,7 @@ namespace OpenIddict.Server.AspNetCore else { - context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method); context.Reject( error: Errors.InvalidRequest, @@ -645,7 +645,7 @@ namespace OpenIddict.Server.AspNetCore if (!string.IsNullOrEmpty(context.Transaction.Request.ClientAssertion) || !string.IsNullOrEmpty(context.Transaction.Request.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6140)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6140)); context.Reject( error: Errors.InvalidRequest, diff --git a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs index b2987c35..9d231e33 100644 --- a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs +++ b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs @@ -109,7 +109,7 @@ namespace OpenIddict.Server.Owin var token = await _cache.GetStringAsync(Cache.AuthorizationRequest + context.Request.RequestId); if (token is null || !context.Options.JsonWebTokenHandler.CanReadToken(token)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6146), Parameters.RequestId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6146), Parameters.RequestId); context.Reject( error: Errors.InvalidRequest, @@ -127,7 +127,7 @@ namespace OpenIddict.Server.Owin var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters); if (!result.IsValid) { - context.Logger.LogError(SR.GetResourceString(SR.ID6146), Parameters.RequestId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6146), Parameters.RequestId); context.Reject( error: Errors.InvalidRequest, diff --git a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Session.cs b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Session.cs index 3b346758..9d350181 100644 --- a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Session.cs +++ b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Session.cs @@ -107,7 +107,7 @@ namespace OpenIddict.Server.Owin var token = await _cache.GetStringAsync(Cache.LogoutRequest + context.Request.RequestId); if (token is null || !context.Options.JsonWebTokenHandler.CanReadToken(token)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6150), Parameters.RequestId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6150), Parameters.RequestId); context.Reject( error: Errors.InvalidRequest, @@ -125,7 +125,7 @@ namespace OpenIddict.Server.Owin var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters); if (!result.IsValid) { - context.Logger.LogError(SR.GetResourceString(SR.ID6150), Parameters.RequestId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6150), Parameters.RequestId); context.Reject( error: Errors.InvalidRequest, diff --git a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs index 54f07242..d18e3d3d 100644 --- a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs +++ b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs @@ -361,7 +361,7 @@ namespace OpenIddict.Server.Owin else { - context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method); context.Reject( error: Errors.InvalidRequest, @@ -418,7 +418,7 @@ namespace OpenIddict.Server.Owin // See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization if (string.IsNullOrEmpty(request.ContentType)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6138), Headers.ContentType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6138), Headers.ContentType); context.Reject( error: Errors.InvalidRequest, @@ -431,7 +431,7 @@ namespace OpenIddict.Server.Owin // May have media/type; charset=utf-8, allow partial match. if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6139), Headers.ContentType, request.ContentType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6139), Headers.ContentType, request.ContentType); context.Reject( error: Errors.InvalidRequest, @@ -446,7 +446,7 @@ namespace OpenIddict.Server.Owin else { - context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method); context.Reject( error: Errors.InvalidRequest, @@ -496,7 +496,7 @@ namespace OpenIddict.Server.Owin // See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization if (string.IsNullOrEmpty(request.ContentType)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6138), Headers.ContentType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6138), Headers.ContentType); context.Reject( error: Errors.InvalidRequest, @@ -509,7 +509,7 @@ namespace OpenIddict.Server.Owin // May have media/type; charset=utf-8, allow partial match. if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6139), Headers.ContentType, request.ContentType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6139), Headers.ContentType, request.ContentType); context.Reject( error: Errors.InvalidRequest, @@ -524,7 +524,7 @@ namespace OpenIddict.Server.Owin else { - context.Logger.LogError(SR.GetResourceString(SR.ID6137), request.Method); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6137), request.Method); context.Reject( error: Errors.InvalidRequest, @@ -583,7 +583,7 @@ namespace OpenIddict.Server.Owin if (!string.IsNullOrEmpty(context.Transaction.Request.ClientAssertion) || !string.IsNullOrEmpty(context.Transaction.Request.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6140)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6140)); context.Reject( error: Errors.InvalidRequest, diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs index fda3e1d3..ff339473 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs @@ -358,7 +358,7 @@ namespace OpenIddict.Server // Reject requests using the unsupported request parameter. if (!string.IsNullOrEmpty(context.Request.Request)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6032), Parameters.Request); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6032), Parameters.Request); context.Reject( error: Errors.RequestNotSupported, @@ -398,7 +398,7 @@ namespace OpenIddict.Server // Reject requests using the unsupported request_uri parameter. if (!string.IsNullOrEmpty(context.Request.RequestUri)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6032), Parameters.RequestUri); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6032), Parameters.RequestUri); context.Reject( error: Errors.RequestUriNotSupported, @@ -439,7 +439,7 @@ namespace OpenIddict.Server // See http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest. if (string.IsNullOrEmpty(context.ClientId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.ClientId); context.Reject( error: Errors.InvalidRequest, @@ -485,7 +485,7 @@ namespace OpenIddict.Server { if (context.Request.HasScope(Scopes.OpenId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.RedirectUri); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.RedirectUri); context.Reject( error: Errors.InvalidRequest, @@ -508,7 +508,7 @@ namespace OpenIddict.Server // See https://github.com/dotnet/corefx/issues/22098 for more information. if (!Uri.TryCreate(context.RedirectUri, UriKind.Absolute, out Uri? uri) || !uri.IsWellFormedOriginalString()) { - context.Logger.LogError(SR.GetResourceString(SR.ID6034), Parameters.RedirectUri, context.RedirectUri); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6034), Parameters.RedirectUri, context.RedirectUri); context.Reject( error: Errors.InvalidRequest, @@ -523,7 +523,7 @@ namespace OpenIddict.Server // and http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest if (!string.IsNullOrEmpty(uri.Fragment)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6035), Parameters.RedirectUri, context.RedirectUri); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6035), Parameters.RedirectUri, context.RedirectUri); context.Reject( error: Errors.InvalidRequest, @@ -563,7 +563,7 @@ namespace OpenIddict.Server // Reject requests missing the mandatory response_type parameter. if (string.IsNullOrEmpty(context.Request.ResponseType)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.ResponseType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.ResponseType); context.Reject( error: Errors.InvalidRequest, @@ -576,7 +576,7 @@ namespace OpenIddict.Server // Reject code flow requests if the server is not configured to allow the authorization code grant type. if (context.Request.IsAuthorizationCodeFlow() && !context.Options.GrantTypes.Contains(GrantTypes.AuthorizationCode)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6036), context.Request.ResponseType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6036), context.Request.ResponseType); context.Reject( error: Errors.UnsupportedResponseType, @@ -589,7 +589,7 @@ namespace OpenIddict.Server // Reject implicit flow requests if the server is not configured to allow the implicit grant type. if (context.Request.IsImplicitFlow() && !context.Options.GrantTypes.Contains(GrantTypes.Implicit)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6036), context.Request.ResponseType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6036), context.Request.ResponseType); context.Reject( error: Errors.UnsupportedResponseType, @@ -603,7 +603,7 @@ namespace OpenIddict.Server if (context.Request.IsHybridFlow() && (!context.Options.GrantTypes.Contains(GrantTypes.AuthorizationCode) || !context.Options.GrantTypes.Contains(GrantTypes.Implicit))) { - context.Logger.LogError(SR.GetResourceString(SR.ID6036), context.Request.ResponseType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6036), context.Request.ResponseType); context.Reject( error: Errors.UnsupportedResponseType, @@ -618,7 +618,7 @@ namespace OpenIddict.Server if (!context.Options.ResponseTypes.Any(type => types.SetEquals(type.Split(Separators.Space, StringSplitOptions.RemoveEmptyEntries)))) { - context.Logger.LogError(SR.GetResourceString(SR.ID6036), context.Request.ResponseType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6036), context.Request.ResponseType); context.Reject( error: Errors.UnsupportedResponseType, @@ -661,7 +661,7 @@ namespace OpenIddict.Server if (context.Request.IsQueryResponseMode() && (context.Request.HasResponseType(ResponseTypes.IdToken) || context.Request.HasResponseType(ResponseTypes.Token))) { - context.Logger.LogError(SR.GetResourceString(SR.ID6037), context.Request.ResponseType, context.Request.ResponseMode); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6037), context.Request.ResponseType, context.Request.ResponseMode); context.Reject( error: Errors.InvalidRequest, @@ -675,7 +675,7 @@ namespace OpenIddict.Server // if the default response_mode inferred from the response_type was explicitly disabled in the options. if (!ValidateResponseMode(context.Request, context.Options)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6038), context.Request.ResponseMode); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6038), context.Request.ResponseMode); context.Reject( error: Errors.InvalidRequest, @@ -740,7 +740,7 @@ namespace OpenIddict.Server // Reject authorization requests containing the id_token response_type if no openid scope has been received. if (context.Request.HasResponseType(ResponseTypes.IdToken) && !context.Request.HasScope(Scopes.OpenId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6039), Scopes.OpenId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6039), Scopes.OpenId); context.Reject( error: Errors.InvalidRequest, @@ -800,7 +800,7 @@ namespace OpenIddict.Server if (context.Request.IsImplicitFlow() || context.Request.IsHybridFlow()) { - context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.Nonce); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.Nonce); context.Reject( error: Errors.InvalidRequest, @@ -842,7 +842,7 @@ namespace OpenIddict.Server context.Request.HasPrompt(Prompts.Login) || context.Request.HasPrompt(Prompts.SelectAccount))) { - context.Logger.LogError(SR.GetResourceString(SR.ID6040)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6040)); context.Reject( error: Errors.InvalidRequest, @@ -885,7 +885,7 @@ namespace OpenIddict.Server context.Request.HasResponseType(ResponseTypes.Code) && string.IsNullOrEmpty(context.Request.CodeChallenge)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge); context.Reject( error: Errors.InvalidRequest, @@ -906,7 +906,7 @@ namespace OpenIddict.Server // Ensure a code_challenge was specified if a code_challenge_method was used. if (string.IsNullOrEmpty(context.Request.CodeChallenge)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge); context.Reject( error: Errors.InvalidRequest, @@ -921,7 +921,7 @@ namespace OpenIddict.Server if (string.IsNullOrEmpty(context.Request.CodeChallengeMethod) && !context.Options.CodeChallengeMethods.Contains(CodeChallengeMethods.Plain)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.CodeChallengeMethod); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.CodeChallengeMethod); context.Reject( error: Errors.InvalidRequest, @@ -935,7 +935,7 @@ namespace OpenIddict.Server if (!string.IsNullOrEmpty(context.Request.CodeChallengeMethod) && !context.Options.CodeChallengeMethods.Contains(context.Request.CodeChallengeMethod)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6041)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6041)); context.Reject( error: Errors.InvalidRequest, @@ -948,7 +948,7 @@ namespace OpenIddict.Server // When code_challenge or code_challenge_method is specified, ensure the response_type includes "code". if (!context.Request.HasResponseType(ResponseTypes.Code)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6042)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6042)); context.Reject( error: Errors.InvalidRequest, @@ -961,7 +961,7 @@ namespace OpenIddict.Server // Reject authorization requests that contain response_type=token when a code_challenge is specified. if (context.Request.HasResponseType(ResponseTypes.Token)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6043)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6043)); context.Reject( error: Errors.InvalidRequest, @@ -1012,7 +1012,7 @@ namespace OpenIddict.Server var application = await _applicationManager.FindByClientIdAsync(context.ClientId); if (application is null) { - context.Logger.LogError(SR.GetResourceString(SR.ID6044), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6044), context.ClientId); context.Reject( error: Errors.InvalidRequest, @@ -1079,7 +1079,7 @@ namespace OpenIddict.Server if (await _applicationManager.HasClientTypeAsync(application, ClientTypes.Confidential)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6045), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6045), context.ClientId); context.Reject( error: Errors.UnauthorizedClient, @@ -1138,7 +1138,7 @@ namespace OpenIddict.Server var addresses = await _applicationManager.GetRedirectUrisAsync(application); if (addresses.Length != 1) { - context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.RedirectUri); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.RedirectUri); context.Reject( error: Errors.InvalidRequest, @@ -1156,7 +1156,7 @@ namespace OpenIddict.Server // Otherwise, ensure that the specified redirect_uri is valid and is associated with the client application. if (!await _applicationManager.ValidateRedirectUriAsync(application, context.RedirectUri)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6046), context.RedirectUri); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6046), context.RedirectUri); context.Reject( error: Errors.InvalidRequest, @@ -1235,7 +1235,7 @@ namespace OpenIddict.Server // If at least one scope was not recognized, return an error. if (scopes.Count != 0) { - context.Logger.LogError(SR.GetResourceString(SR.ID6047), scopes); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6047), scopes); context.Reject( error: Errors.InvalidScope, @@ -1291,7 +1291,7 @@ namespace OpenIddict.Server // Reject the request if the application is not allowed to use the authorization endpoint. if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Authorization)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6048), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6048), context.ClientId); context.Reject( error: Errors.UnauthorizedClient, @@ -1348,7 +1348,7 @@ namespace OpenIddict.Server if (context.Request.IsAuthorizationCodeFlow() && !await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.AuthorizationCode)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6049), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6049), context.ClientId); context.Reject( error: Errors.UnauthorizedClient, @@ -1362,7 +1362,7 @@ namespace OpenIddict.Server if (context.Request.IsImplicitFlow() && !await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.Implicit)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6050), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6050), context.ClientId); context.Reject( error: Errors.UnauthorizedClient, @@ -1377,7 +1377,7 @@ namespace OpenIddict.Server (!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.AuthorizationCode) || !await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.Implicit))) { - context.Logger.LogError(SR.GetResourceString(SR.ID6051), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6051), context.ClientId); context.Reject( error: Errors.UnauthorizedClient, @@ -1392,7 +1392,7 @@ namespace OpenIddict.Server if (context.Request.HasScope(Scopes.OfflineAccess) && !await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.RefreshToken)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6052), context.ClientId, Scopes.OfflineAccess); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6052), context.ClientId, Scopes.OfflineAccess); context.Reject( error: Errors.InvalidRequest, @@ -1448,7 +1448,7 @@ namespace OpenIddict.Server // Reject requests that specify a response_type for which no permission was granted. if (!await HasPermissionAsync(context.Request.GetResponseTypes())) { - context.Logger.LogError(SR.GetResourceString(SR.ID6177), context.ClientId, context.Request.ResponseType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6177), context.ClientId, context.Request.ResponseType); context.Reject( error: Errors.UnauthorizedClient, @@ -1540,7 +1540,7 @@ namespace OpenIddict.Server // Reject the request if the application is not allowed to use the iterated scope. if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.Scope + scope)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6052), context.ClientId, scope); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6052), context.ClientId, scope); context.Reject( error: Errors.InvalidRequest, @@ -1603,7 +1603,7 @@ namespace OpenIddict.Server if (await _applicationManager.HasRequirementAsync(application, Requirements.Features.ProofKeyForCodeExchange)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.CodeChallenge); context.Reject( error: Errors.InvalidRequest, diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Device.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Device.cs index e8c47ea4..a9b91fd4 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Device.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Device.cs @@ -353,7 +353,7 @@ namespace OpenIddict.Server // See https://tools.ietf.org/html/rfc8628#section-3.1 for more information. if (string.IsNullOrEmpty(context.ClientId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6056)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6056)); context.Reject( error: Errors.InvalidClient, @@ -472,7 +472,7 @@ namespace OpenIddict.Server // If at least one scope was not recognized, return an error. if (scopes.Count != 0) { - context.Logger.LogError(SR.GetResourceString(SR.ID6057), scopes); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6057), scopes); context.Reject( error: Errors.InvalidScope, @@ -524,7 +524,7 @@ namespace OpenIddict.Server var application = await _applicationManager.FindByClientIdAsync(context.ClientId); if (application is null) { - context.Logger.LogError(SR.GetResourceString(SR.ID6058), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6058), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -583,7 +583,7 @@ namespace OpenIddict.Server // Reject device requests containing a client_secret when the client is a public application. if (!string.IsNullOrEmpty(context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6059), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6059), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -599,7 +599,7 @@ namespace OpenIddict.Server // Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks. if (string.IsNullOrEmpty(context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6060), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6060), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -662,7 +662,7 @@ namespace OpenIddict.Server if (!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6061), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6061), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -720,7 +720,7 @@ namespace OpenIddict.Server // Reject the request if the application is not allowed to use the device endpoint. if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Device)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6062), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6062), context.ClientId); context.Reject( error: Errors.UnauthorizedClient, @@ -776,7 +776,7 @@ namespace OpenIddict.Server // Reject the request if the application is not allowed to use the device code grant. if (!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.DeviceCode)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6118), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6118), context.ClientId); context.Reject( error: Errors.UnauthorizedClient, @@ -791,7 +791,7 @@ namespace OpenIddict.Server if (context.Request.HasScope(Scopes.OfflineAccess) && !await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.RefreshToken)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6120), context.ClientId, Scopes.OfflineAccess); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6120), context.ClientId, Scopes.OfflineAccess); context.Reject( error: Errors.InvalidRequest, @@ -858,7 +858,7 @@ namespace OpenIddict.Server // Reject the request if the application is not allowed to use the iterated scope. if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.Scope + scope)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6063), context.ClientId, scope); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6063), context.ClientId, scope); context.Reject( error: Errors.InvalidRequest, diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs index 11d84241..836e3ceb 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs @@ -942,7 +942,7 @@ namespace OpenIddict.Server // See https://tools.ietf.org/html/rfc7517#section-4.1 if (string.IsNullOrEmpty(key.Kty)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6070), JsonWebKeyParameterNames.Kty); + context.Logger.LogWarning(SR.GetResourceString(SR.ID6070), JsonWebKeyParameterNames.Kty); continue; } diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Exchange.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Exchange.cs index 937c51ad..2ff73e61 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Exchange.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Exchange.cs @@ -360,7 +360,7 @@ namespace OpenIddict.Server // Reject token requests missing the mandatory grant_type parameter. if (string.IsNullOrEmpty(context.Request.GrantType)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.GrantType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.GrantType); context.Reject( error: Errors.InvalidRequest, @@ -373,7 +373,7 @@ namespace OpenIddict.Server // Reject token requests that don't specify a supported grant type. if (!context.Options.GrantTypes.Contains(context.Request.GrantType)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6078), context.Request.GrantType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6078), context.Request.GrantType); context.Reject( error: Errors.UnsupportedGrantType, @@ -434,7 +434,7 @@ namespace OpenIddict.Server // See https://tools.ietf.org/html/rfc6749#section-4.1.3 for more information. if (!context.Options.AcceptAnonymousClients || context.Request.IsAuthorizationCodeGrantType()) { - context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.ClientId); context.Reject( error: Errors.InvalidClient, @@ -476,7 +476,7 @@ namespace OpenIddict.Server // See https://tools.ietf.org/html/rfc6749#section-4.1.3 for more information. if (context.Request.IsAuthorizationCodeGrantType() && string.IsNullOrEmpty(context.Request.Code)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.Code); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.Code); context.Reject( error: Errors.InvalidRequest, @@ -599,7 +599,7 @@ namespace OpenIddict.Server // See https://tools.ietf.org/html/rfc6749#section-6 for more information. if (context.Request.IsRefreshTokenGrantType() && string.IsNullOrEmpty(context.Request.RefreshToken)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.RefreshToken); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.RefreshToken); context.Reject( error: Errors.InvalidRequest, @@ -642,7 +642,7 @@ namespace OpenIddict.Server if (context.Request.IsPasswordGrantType() && (string.IsNullOrEmpty(context.Request.Username) || string.IsNullOrEmpty(context.Request.Password))) { - context.Logger.LogError(SR.GetResourceString(SR.ID6079)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6079)); context.Reject( error: Errors.InvalidRequest, @@ -690,7 +690,7 @@ namespace OpenIddict.Server // If OpenIddict was configured to require PKCE, this can be potentially avoided by making an early check here. if (context.Options.RequireProofKeyForCodeExchange && string.IsNullOrEmpty(context.Request.CodeVerifier)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6033), Parameters.CodeVerifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6033), Parameters.CodeVerifier); context.Reject( error: Errors.InvalidRequest, @@ -771,7 +771,7 @@ namespace OpenIddict.Server // If at least one scope was not recognized, return an error. if (scopes.Count != 0) { - context.Logger.LogError(SR.GetResourceString(SR.ID6080), scopes); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6080), scopes); context.Reject( error: Errors.InvalidScope, @@ -823,7 +823,7 @@ namespace OpenIddict.Server var application = await _applicationManager.FindByClientIdAsync(context.ClientId); if (application is null) { - context.Logger.LogError(SR.GetResourceString(SR.ID6081), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6081), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -882,7 +882,7 @@ namespace OpenIddict.Server // Public applications are not allowed to use the client credentials grant. if (context.Request.IsClientCredentialsGrantType()) { - context.Logger.LogError(SR.GetResourceString(SR.ID6082), context.Request.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6082), context.Request.ClientId); context.Reject( error: Errors.UnauthorizedClient, @@ -895,7 +895,7 @@ namespace OpenIddict.Server // Reject token requests containing a client_secret when the client is a public application. if (!string.IsNullOrEmpty(context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6083), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6083), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -911,7 +911,7 @@ namespace OpenIddict.Server // Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks. if (string.IsNullOrEmpty(context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6084), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6084), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -974,7 +974,7 @@ namespace OpenIddict.Server if (!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6085), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6085), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -1032,7 +1032,7 @@ namespace OpenIddict.Server // Reject the request if the application is not allowed to use the token endpoint. if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Token)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6086), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6086), context.ClientId); context.Reject( error: Errors.UnauthorizedClient, @@ -1090,7 +1090,7 @@ namespace OpenIddict.Server // Reject the request if the application is not allowed to use the specified grant type. if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.GrantType + context.Request.GrantType)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6087), context.ClientId, context.Request.GrantType); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6087), context.ClientId, context.Request.GrantType); context.Reject( error: Errors.UnauthorizedClient, @@ -1105,7 +1105,7 @@ namespace OpenIddict.Server if (context.Request.HasScope(Scopes.OfflineAccess) && !await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.RefreshToken)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6088), context.ClientId, Scopes.OfflineAccess); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6088), context.ClientId, Scopes.OfflineAccess); context.Reject( error: Errors.InvalidRequest, @@ -1172,7 +1172,7 @@ namespace OpenIddict.Server // Reject the request if the application is not allowed to use the iterated scope. if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.Scope + scope)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6089), context.ClientId, scope); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6089), context.ClientId, scope); context.Reject( error: Errors.InvalidRequest, @@ -1241,7 +1241,7 @@ namespace OpenIddict.Server if (await _applicationManager.HasRequirementAsync(application, Requirements.Features.ProofKeyForCodeExchange)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.CodeVerifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.CodeVerifier); context.Reject( error: Errors.InvalidRequest, @@ -1377,7 +1377,7 @@ namespace OpenIddict.Server // reject the request if the client_id of the caller cannot be retrieved or inferred. if (string.IsNullOrEmpty(context.ClientId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6090)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6090)); context.Reject( error: Errors.InvalidGrant, @@ -1397,7 +1397,7 @@ namespace OpenIddict.Server // and http://openid.net/specs/openid-connect-core-1_0.html#RefreshingAccessToken. if (!presenters.Contains(context.ClientId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6091)); + context.Logger.LogWarning(SR.GetResourceString(SR.ID6091)); context.Reject( error: Errors.InvalidGrant, @@ -1460,7 +1460,7 @@ namespace OpenIddict.Server if (string.IsNullOrEmpty(context.Request.RedirectUri)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.RedirectUri); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.RedirectUri); context.Reject( error: Errors.InvalidRequest, @@ -1472,7 +1472,7 @@ namespace OpenIddict.Server if (!string.Equals(address, context.Request.RedirectUri, StringComparison.Ordinal)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6092), Parameters.RedirectUri); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6092), Parameters.RedirectUri); context.Reject( error: Errors.InvalidGrant, @@ -1529,7 +1529,7 @@ namespace OpenIddict.Server // when code_challenge private claim was attached to the authorization code. if (!string.IsNullOrEmpty(context.Request.CodeVerifier)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6093), Parameters.CodeVerifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6093), Parameters.CodeVerifier); context.Reject( error: Errors.InvalidRequest, @@ -1545,7 +1545,7 @@ namespace OpenIddict.Server // Get the code verifier from the token request. If it cannot be found, return an invalid_grant error. if (string.IsNullOrEmpty(context.Request.CodeVerifier)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6077), Parameters.CodeVerifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6077), Parameters.CodeVerifier); context.Reject( error: Errors.InvalidRequest, @@ -1590,7 +1590,7 @@ namespace OpenIddict.Server if (!Arrays.ConstantTimeAreEqual(data, Encoding.ASCII.GetBytes(challenge))) #endif { - context.Logger.LogError(SR.GetResourceString(SR.ID6092), Parameters.CodeVerifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6092), Parameters.CodeVerifier); context.Reject( error: Errors.InvalidGrant, @@ -1646,7 +1646,7 @@ namespace OpenIddict.Server var scopes = new HashSet(context.Principal.GetScopes(), StringComparer.Ordinal); if (scopes.Count == 0) { - context.Logger.LogError(SR.GetResourceString(SR.ID6094), Parameters.Scope); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6094), Parameters.Scope); context.Reject( error: Errors.InvalidGrant, @@ -1662,7 +1662,7 @@ namespace OpenIddict.Server // See https://tools.ietf.org/html/rfc6749#section-6 for more information. else if (!scopes.IsSupersetOf(context.Request.GetScopes())) { - context.Logger.LogError(SR.GetResourceString(SR.ID6095), Parameters.Scope); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6095), Parameters.Scope); context.Reject( error: Errors.InvalidGrant, diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs index db0312a9..f9504d30 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs @@ -367,7 +367,7 @@ namespace OpenIddict.Server // Reject introspection requests missing the mandatory token parameter. if (string.IsNullOrEmpty(context.Request.Token)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6098), Parameters.Token); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6098), Parameters.Token); context.Reject( error: Errors.InvalidRequest, @@ -407,7 +407,7 @@ namespace OpenIddict.Server // At this stage, reject the introspection request unless the client identification requirement was disabled. if (!context.Options.AcceptAnonymousClients && string.IsNullOrEmpty(context.ClientId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6098), Parameters.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6098), Parameters.ClientId); context.Reject( error: Errors.InvalidClient, @@ -461,7 +461,7 @@ namespace OpenIddict.Server var application = await _applicationManager.FindByClientIdAsync(context.ClientId); if (application is null) { - context.Logger.LogError(SR.GetResourceString(SR.ID6099), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6099), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -520,7 +520,7 @@ namespace OpenIddict.Server // Reject introspection requests containing a client_secret when the client is a public application. if (!string.IsNullOrEmpty(context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6100), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6100), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -536,7 +536,7 @@ namespace OpenIddict.Server // Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks. if (string.IsNullOrEmpty(context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6101), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6101), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -599,7 +599,7 @@ namespace OpenIddict.Server if (!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6102), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6102), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -657,7 +657,7 @@ namespace OpenIddict.Server // Reject the request if the application is not allowed to use the introspection endpoint. if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Introspection)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6103), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6103), context.ClientId); context.Reject( error: Errors.UnauthorizedClient, @@ -754,7 +754,7 @@ namespace OpenIddict.Server if (!context.Principal.HasTokenType(TokenTypeHints.AccessToken) && !context.Principal.HasTokenType(TokenTypeHints.RefreshToken)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6104)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6104)); context.Reject( error: Errors.UnsupportedTokenType, @@ -807,7 +807,7 @@ namespace OpenIddict.Server context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) && context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6106)); + context.Logger.LogWarning(SR.GetResourceString(SR.ID6106)); context.Reject( error: Errors.InvalidToken, @@ -824,7 +824,7 @@ namespace OpenIddict.Server if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) && context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6108)); + context.Logger.LogWarning(SR.GetResourceString(SR.ID6108)); context.Reject( error: Errors.InvalidToken, diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs index 895e3361..366b0ddb 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs @@ -310,7 +310,7 @@ namespace OpenIddict.Server // Reject revocation requests missing the mandatory token parameter. if (string.IsNullOrEmpty(context.Request.Token)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6111), Parameters.Token); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6111), Parameters.Token); context.Reject( error: Errors.InvalidRequest, @@ -350,7 +350,7 @@ namespace OpenIddict.Server // At this stage, reject the revocation request unless the client identification requirement was disabled. if (!context.Options.AcceptAnonymousClients && string.IsNullOrEmpty(context.ClientId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6111), Parameters.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6111), Parameters.ClientId); context.Reject( error: Errors.InvalidClient, @@ -404,7 +404,7 @@ namespace OpenIddict.Server var application = await _applicationManager.FindByClientIdAsync(context.ClientId); if (application is null) { - context.Logger.LogError(SR.GetResourceString(SR.ID6112), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6112), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -463,7 +463,7 @@ namespace OpenIddict.Server // Reject revocation requests containing a client_secret when the client is a public application. if (!string.IsNullOrEmpty(context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6113), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6113), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -479,7 +479,7 @@ namespace OpenIddict.Server // Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks. if (string.IsNullOrEmpty(context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6114), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6114), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -542,7 +542,7 @@ namespace OpenIddict.Server if (!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6115), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6115), context.ClientId); context.Reject( error: Errors.InvalidClient, @@ -600,7 +600,7 @@ namespace OpenIddict.Server // Reject the request if the application is not allowed to use the revocation endpoint. if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Revocation)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6116), context.ClientId); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6116), context.ClientId); context.Reject( error: Errors.UnauthorizedClient, @@ -697,7 +697,7 @@ namespace OpenIddict.Server if (!context.Principal.HasTokenType(TokenTypeHints.AccessToken) && !context.Principal.HasTokenType(TokenTypeHints.RefreshToken)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6117)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6117)); context.Reject( error: Errors.UnsupportedTokenType, @@ -750,7 +750,7 @@ namespace OpenIddict.Server context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) && context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6119)); + context.Logger.LogWarning(SR.GetResourceString(SR.ID6119)); context.Reject( error: Errors.InvalidToken, @@ -767,7 +767,7 @@ namespace OpenIddict.Server if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) && context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6121)); + context.Logger.LogWarning(SR.GetResourceString(SR.ID6121)); context.Reject( error: Errors.InvalidToken, @@ -853,7 +853,7 @@ namespace OpenIddict.Server var identifier = context.Principal.GetTokenId(); if (string.IsNullOrEmpty(identifier)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6122)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6122)); context.Reject( error: Errors.UnsupportedTokenType, diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs index 4c90992d..307e4b08 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs @@ -334,7 +334,7 @@ namespace OpenIddict.Server // If an optional post_logout_redirect_uri was provided, validate it. if (!Uri.TryCreate(context.PostLogoutRedirectUri, UriKind.Absolute, out Uri? uri) || !uri.IsWellFormedOriginalString()) { - context.Logger.LogError(SR.GetResourceString(SR.ID6126), Parameters.PostLogoutRedirectUri, context.PostLogoutRedirectUri); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6126), Parameters.PostLogoutRedirectUri, context.PostLogoutRedirectUri); context.Reject( error: Errors.InvalidRequest, @@ -346,7 +346,7 @@ namespace OpenIddict.Server if (!string.IsNullOrEmpty(uri.Fragment)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6127), Parameters.PostLogoutRedirectUri, context.PostLogoutRedirectUri); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6127), Parameters.PostLogoutRedirectUri, context.PostLogoutRedirectUri); context.Reject( error: Errors.InvalidRequest, @@ -397,7 +397,7 @@ namespace OpenIddict.Server if (!await ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6128), context.PostLogoutRedirectUri); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6128), context.PostLogoutRedirectUri); context.Reject( error: Errors.InvalidRequest, diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Userinfo.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Userinfo.cs index a882e764..e97b547f 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Userinfo.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Userinfo.cs @@ -335,7 +335,7 @@ namespace OpenIddict.Server if (string.IsNullOrEmpty(context.Request.AccessToken)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6131), Parameters.AccessToken); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6131), Parameters.AccessToken); context.Reject( error: Errors.MissingToken, diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.cs index ec665724..1e2238ad 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.cs @@ -942,7 +942,7 @@ namespace OpenIddict.Server { if (!context.Request.IsRefreshTokenGrantType() || !await IsReusableAsync(token)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6002), identifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6002), identifier); context.Reject( error: context.EndpointType switch @@ -988,7 +988,7 @@ namespace OpenIddict.Server // If the device code is not marked as valid yet, return an authorization_pending error. if (await _tokenManager.HasStatusAsync(token, Statuses.Inactive)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6003), identifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6003), identifier); context.Reject( error: Errors.AuthorizationPending, @@ -1001,7 +1001,7 @@ namespace OpenIddict.Server // If the device code is marked as rejected, return an access_denied error. if (await _tokenManager.HasStatusAsync(token, Statuses.Rejected)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6004), identifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6004), identifier); context.Reject( error: Errors.AccessDenied, @@ -1015,7 +1015,7 @@ namespace OpenIddict.Server if (!await _tokenManager.HasStatusAsync(token, Statuses.Valid)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6005), identifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6005), identifier); context.Reject( error: context.EndpointType switch @@ -1135,7 +1135,7 @@ namespace OpenIddict.Server var authorization = await _authorizationManager.FindByIdAsync(identifier); if (authorization is null || !await _authorizationManager.HasStatusAsync(authorization, Statuses.Valid)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6006), identifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6006), identifier); context.Reject( error: context.EndpointType switch diff --git a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs index 085a777a..94ec28ea 100644 --- a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs +++ b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs @@ -660,7 +660,7 @@ namespace OpenIddict.Validation var date = context.Principal.GetExpirationDate(); if (date.HasValue && date.Value < DateTimeOffset.UtcNow) { - context.Logger.LogError(SR.GetResourceString(SR.ID6156)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6156)); context.Reject( error: Errors.InvalidToken, @@ -711,7 +711,7 @@ namespace OpenIddict.Validation var audiences = context.Principal.GetAudiences(); if (audiences.IsDefaultOrEmpty) { - context.Logger.LogError(SR.GetResourceString(SR.ID6157)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6157)); context.Reject( error: Errors.InvalidToken, @@ -724,7 +724,7 @@ namespace OpenIddict.Validation // If the access token doesn't include any registered audience, return an error. if (!audiences.Intersect(context.Options.Audiences, StringComparer.Ordinal).Any()) { - context.Logger.LogError(SR.GetResourceString(SR.ID6158)); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6158)); context.Reject( error: Errors.InvalidToken, @@ -783,7 +783,7 @@ namespace OpenIddict.Validation var token = await _tokenManager.FindByIdAsync(identifier); if (token is null || !await _tokenManager.HasStatusAsync(token, Statuses.Valid)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6005), identifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6005), identifier); context.Reject( error: Errors.InvalidToken, @@ -847,7 +847,7 @@ namespace OpenIddict.Validation var authorization = await _authorizationManager.FindByIdAsync(identifier); if (authorization is null || !await _authorizationManager.HasStatusAsync(authorization, Statuses.Valid)) { - context.Logger.LogError(SR.GetResourceString(SR.ID6006), identifier); + context.Logger.LogInformation(SR.GetResourceString(SR.ID6006), identifier); context.Reject( error: Errors.InvalidToken,