tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update OpenIddictValidationService to propagate the error details during introspection

pull/965/head
Kévin Chalet 6 years ago
parent
b4b01f8250
commit
4e006968f3
2 changed files with 91 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      src/OpenIddict.Validation/OpenIddictValidationHandlers.Introspection.cs
  2. 76
      src/OpenIddict.Validation/OpenIddictValidationService.cs

26
src/OpenIddict.Validation/OpenIddictValidationHandlers.Introspection.cs
View File

@ -27,7 +27,7 @@ namespace OpenIddict.Validation
* Introspection response handling:
*/
AttachCredentials.Descriptor,
AttachAccessToken.Descriptor,
AttachToken.Descriptor,
/*
* Introspection response handling:
@ -75,16 +75,16 @@ namespace OpenIddict.Validation
}
/// <summary>
/// Contains the logic responsible of attaching the access token to the introspection request.
/// Contains the logic responsible of attaching the token to the introspection request.
/// </summary>
public class AttachAccessToken : IOpenIddictValidationHandler<PrepareIntrospectionRequestContext>
public class AttachToken : IOpenIddictValidationHandler<PrepareIntrospectionRequestContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictValidationHandlerDescriptor Descriptor { get; }
= OpenIddictValidationHandlerDescriptor.CreateBuilder<PrepareIntrospectionRequestContext>()
.UseSingletonHandler<AttachAccessToken>()
.UseSingletonHandler<AttachToken>()
.SetOrder(AttachCredentials.Descriptor.Order + 100_000)
.Build();
@ -372,15 +372,19 @@ namespace OpenIddict.Validation
// OpenIddict-based authorization servers always return the actual token type using
// the special "token_usage" claim, that helps resource servers determine whether the
// introspected token is an access token and thus prevent token substitution attacks.
var usage = (string) context.Response[Claims.TokenUsage];
if (!string.IsNullOrEmpty(usage) && !string.Equals(usage, context.TokenType, StringComparison.OrdinalIgnoreCase))
// introspected token is of the expected type and prevent token substitution attacks.
if (!string.IsNullOrEmpty(context.TokenType))
{
context.Reject(
error: Errors.InvalidToken,
description: "The introspected token is not an access token.");
var usage = (string) context.Response[Claims.TokenUsage];
if (!string.IsNullOrEmpty(usage) &&
!string.Equals(usage, context.TokenType, StringComparison.OrdinalIgnoreCase))
{
context.Reject(
error: Errors.InvalidToken,
description: "The type of the introspection token doesn't match the expected type.");
return default;
return default;
}
}
return default;

76
src/OpenIddict.Validation/OpenIddictValidationService.cs
View File

@ -90,7 +90,9 @@ namespace OpenIddict.Validation
var message = new StringBuilder()
.AppendLine("An error occurred while preparing the configuration request.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
@ -115,7 +117,9 @@ namespace OpenIddict.Validation
var message = new StringBuilder()
.AppendLine("An error occurred while sending the configuration request.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
@ -140,7 +144,9 @@ namespace OpenIddict.Validation
var message = new StringBuilder()
.AppendLine("An error occurred while extracting the configuration response.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
@ -166,7 +172,9 @@ namespace OpenIddict.Validation
var message = new StringBuilder()
.AppendLine("An error occurred while handling the configuration response.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
@ -254,7 +262,9 @@ namespace OpenIddict.Validation
var message = new StringBuilder()
.AppendLine("An error occurred while preparing the cryptography request.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
@ -279,7 +289,9 @@ namespace OpenIddict.Validation
var message = new StringBuilder()
.AppendLine("An error occurred while sending the cryptography request.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
@ -304,7 +316,9 @@ namespace OpenIddict.Validation
var message = new StringBuilder()
.AppendLine("An error occurred while extracting the cryptography response.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
@ -330,7 +344,9 @@ namespace OpenIddict.Validation
var message = new StringBuilder()
.AppendLine("An error occurred while handling the cryptography response.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
@ -433,6 +449,21 @@ namespace OpenIddict.Validation
await provider.DispatchAsync(context);
if (context.IsRejected)
{
var message = new StringBuilder()
.AppendLine("An error occurred while preparing the introspection request.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
throw new OpenIddictExceptions.GenericException(message,
context.Error, context.ErrorDescription, context.ErrorUri);
}
return context.Request;
}
@ -445,6 +476,21 @@ namespace OpenIddict.Validation
await provider.DispatchAsync(context);
if (context.IsRejected)
{
var message = new StringBuilder()
.AppendLine("An error occurred while sending the introspection request.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
throw new OpenIddictExceptions.GenericException(message,
context.Error, context.ErrorDescription, context.ErrorUri);
}
return context.Request;
}
@ -457,6 +503,21 @@ namespace OpenIddict.Validation
await provider.DispatchAsync(context);
if (context.IsRejected)
{
var message = new StringBuilder()
.AppendLine("An error occurred while extracting the introspection response.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
throw new OpenIddictExceptions.GenericException(message,
context.Error, context.ErrorDescription, context.ErrorUri);
}
return context.Response;
}
@ -472,6 +533,21 @@ namespace OpenIddict.Validation
await provider.DispatchAsync(context);
if (context.IsRejected)
{
var message = new StringBuilder()
.AppendLine("An error occurred while handling the introspection response.")
.AppendFormat("Error: {0}", context.Error ?? "(not available)")
.AppendLine()
.AppendFormat("Error description: {0}", context.ErrorDescription ?? "(not available)")
.AppendLine()
.AppendFormat("Error URI: {0}", context.ErrorUri ?? "(not available)")
.ToString();
throw new OpenIddictExceptions.GenericException(message,
context.Error, context.ErrorDescription, context.ErrorUri);
}
return context.Principal;
}
}

Write Preview
Loading…
Cancel
Save