From 5045461b933d3170cd4f43619fcf51e7614d97a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Mon, 27 Jun 2022 01:32:44 +0200
Subject: [PATCH] Update handlers that ensure tokens are not missing to use a
 higher order

---
 .../OpenIddictClientHandlers.cs                  | 16 ++++++++++++----
 .../OpenIddictServerHandlers.cs                  |  4 +++-
 .../OpenIddictValidationHandlers.cs              |  4 +++-
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/src/OpenIddict.Client/OpenIddictClientHandlers.cs b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
index c4351614..ea239074 100644
--- a/src/OpenIddict.Client/OpenIddictClientHandlers.cs
+++ b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
@@ -278,7 +278,9 @@ public static partial class OpenIddictClientHandlers
         public static OpenIddictClientHandlerDescriptor Descriptor { get; }
             = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessAuthenticationContext>()
                 .UseSingletonHandler<ValidateRequiredStateToken>()
-                .SetOrder(ResolveValidatedStateToken.Descriptor.Order + 1_000)
+                // Note: this handler is registered with a high gap to allow handlers
+                // that do token extraction to be executed before this handler runs.
+                .SetOrder(ResolveValidatedStateToken.Descriptor.Order + 50_000)
                 .SetType(OpenIddictClientHandlerType.BuiltIn)
                 .Build();
 
@@ -795,7 +797,9 @@ public static partial class OpenIddictClientHandlers
         public static OpenIddictClientHandlerDescriptor Descriptor { get; }
             = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessAuthenticationContext>()
                 .UseSingletonHandler<ValidateRequiredFrontchannelTokens>()
-                .SetOrder(ResolveValidatedFrontchannelTokens.Descriptor.Order + 1_000)
+                // Note: this handler is registered with a high gap to allow handlers
+                // that do token extraction to be executed before this handler runs.
+                .SetOrder(ResolveValidatedFrontchannelTokens.Descriptor.Order + 50_000)
                 .SetType(OpenIddictClientHandlerType.BuiltIn)
                 .Build();
 
@@ -2083,7 +2087,9 @@ public static partial class OpenIddictClientHandlers
             = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessAuthenticationContext>()
                 .AddFilter<RequireTokenRequest>()
                 .UseSingletonHandler<ValidateRequiredBackchannelTokens>()
-                .SetOrder(ResolveValidatedBackchannelTokens.Descriptor.Order + 1_000)
+                // Note: this handler is registered with a high gap to allow handlers
+                // that do token extraction to be executed before this handler runs.
+                .SetOrder(ResolveValidatedBackchannelTokens.Descriptor.Order + 50_000)
                 .SetType(OpenIddictClientHandlerType.BuiltIn)
                 .Build();
 
@@ -2947,7 +2953,9 @@ public static partial class OpenIddictClientHandlers
         public static OpenIddictClientHandlerDescriptor Descriptor { get; }
             = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessAuthenticationContext>()
                 .UseSingletonHandler<ValidateRequiredUserinfoToken>()
-                .SetOrder(EvaluateValidatedUserinfoToken.Descriptor.Order + 1_000)
+                // Note: this handler is registered with a high gap to allow handlers
+                // that do token extraction to be executed before this handler runs.
+                .SetOrder(EvaluateValidatedUserinfoToken.Descriptor.Order + 50_000)
                 .SetType(OpenIddictClientHandlerType.BuiltIn)
                 .Build();
 
diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.cs
index e770b4eb..1f45060f 100644
--- a/src/OpenIddict.Server/OpenIddictServerHandlers.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.cs
@@ -338,7 +338,9 @@ public static partial class OpenIddictServerHandlers
         public static OpenIddictServerHandlerDescriptor Descriptor { get; }
             = OpenIddictServerHandlerDescriptor.CreateBuilder<ProcessAuthenticationContext>()
                 .UseSingletonHandler<EvaluateValidatedTokens>()
-                .SetOrder(EvaluateValidatedTokens.Descriptor.Order + 1_000)
+                // Note: this handler is registered with a high gap to allow handlers
+                // that do token extraction to be executed before this handler runs.
+                .SetOrder(EvaluateValidatedTokens.Descriptor.Order + 50_000)
                 .SetType(OpenIddictServerHandlerType.BuiltIn)
                 .Build();
 
diff --git a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
index d959443b..b33b6d9b 100644
--- a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
+++ b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
@@ -121,7 +121,9 @@ public static partial class OpenIddictValidationHandlers
         public static OpenIddictValidationHandlerDescriptor Descriptor { get; }
             = OpenIddictValidationHandlerDescriptor.CreateBuilder<ProcessAuthenticationContext>()
                 .UseSingletonHandler<ValidateRequiredTokens>()
-                .SetOrder(EvaluateValidatedTokens.Descriptor.Order + 1_000)
+                // Note: this handler is registered with a high gap to allow handlers
+                // that do token extraction to be executed before this handler runs.
+                .SetOrder(EvaluateValidatedTokens.Descriptor.Order + 50_000)
                 .SetType(OpenIddictValidationHandlerType.BuiltIn)
                 .Build();