tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Automatically abort interactive challenge demands when no client identifier could be resolved

pull/1900/head
Kévin Chalet 2 years ago
parent
8f9c641dd6
commit
4cd4c09509
2 changed files with 18 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      src/OpenIddict.Abstractions/OpenIddictResources.resx
  2. 16
      src/OpenIddict.Client/OpenIddictClientHandlers.cs

3
src/OpenIddict.Abstractions/OpenIddictResources.resx
View File

@ -1564,6 +1564,9 @@ To apply post-logout redirection responses, create a class implementing 'IOpenId
<data name="ID0417" xml:space="preserve">
<value>The authentication properties must not contain an '.issuer', '.provider_name' or '.registration_id' property when using a forwarded authentication scheme/type.</value>
</data>
<data name="ID0418" xml:space="preserve">
<value>A client identifier must be specified in the client registration or web provider options when using 'response_type=none', the authorization code/hybrid/implicit flows or the device authorization flow.</value>
</data>
<data name="ID2000" xml:space="preserve">
<value>The security token is missing.</value>
</data>

16
src/OpenIddict.Client/OpenIddictClientHandlers.cs
View File

@ -4640,7 +4640,21 @@ public static partial class OpenIddictClientHandlers
throw new ArgumentNullException(nameof(context));
}
context.ClientId ??= context.Registration.ClientId;
context.ClientId ??= context.Registration.ClientId switch
{
{ Length: > 0 } value => value,
// Note: the client identifier is required for the authorization code/hybrid/implicit and device flows.
// If no client identifier was attached to the registration, abort the challenge demand immediately.
_ when context.GrantType is GrantTypes.AuthorizationCode or GrantTypes.DeviceCode or GrantTypes.Implicit
=> throw new InvalidOperationException(SR.GetResourceString(SR.ID0418)),
// Note: the client identifier is also required for the special response_type=none flow.
_ when context.GrantType is null && context.ResponseType is ResponseTypes.None
=> throw new InvalidOperationException(SR.GetResourceString(SR.ID0418)),
_ => null
};
return default;
}

Write Preview
Loading…
Cancel
Save