diff --git a/src/OpenIddict.Abstractions/OpenIddictConstants.cs b/src/OpenIddict.Abstractions/OpenIddictConstants.cs index 0d7deddb..519ad819 100644 --- a/src/OpenIddict.Abstractions/OpenIddictConstants.cs +++ b/src/OpenIddict.Abstractions/OpenIddictConstants.cs @@ -87,10 +87,10 @@ namespace OpenIddict.Abstractions { public const string Application = ".application"; public const string AuthenticationTicket = ".authentication_ticket"; - public const string AuthorizationId = ".authorization_id"; + public const string InternalAuthorizationId = ".internal_authorization_id"; + public const string InternalTokenId = ".internal_token_id"; public const string ReferenceToken = ".reference_token"; public const string Token = ".token"; - public const string TokenId = ".token_id"; } public static class PropertyTypes diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs index 7c4ce3e5..a969d6eb 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs @@ -340,7 +340,7 @@ namespace OpenIddict.Server if (!options.DisableTokenStorage) { // Extract the token identifier from the authentication ticket. - var identifier = context.Ticket.GetTokenId(); + var identifier = context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId); Debug.Assert(!string.IsNullOrEmpty(identifier), "The authentication ticket should contain a token identifier."); // Retrieve the authorization code/refresh token from the request properties. @@ -396,7 +396,7 @@ namespace OpenIddict.Server if (!options.DisableAuthorizationStorage) { // Extract the authorization identifier from the authentication ticket. - var identifier = context.Ticket.GetProperty(OpenIddictConstants.Properties.AuthorizationId); + var identifier = context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalAuthorizationId); if (!string.IsNullOrEmpty(identifier)) { var authorization = await _authorizationManager.FindByIdAsync(identifier); diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs index 62680912..4b6287cc 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs @@ -73,7 +73,7 @@ namespace OpenIddict.Server // Attach the unique identifier of the ad hoc authorization to the authentication ticket // so that it is attached to all the derived tokens, allowing batched revocations support. - ticket.SetProperty(OpenIddictConstants.Properties.AuthorizationId, identifier); + ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, identifier); } } @@ -110,7 +110,7 @@ namespace OpenIddict.Server var descriptor = new OpenIddictTokenDescriptor { - AuthorizationId = ticket.GetProperty(OpenIddictConstants.Properties.AuthorizationId), + AuthorizationId = ticket.GetProperty(OpenIddictConstants.Properties.InternalAuthorizationId), CreationDate = ticket.Properties.IssuedUtc, ExpirationDate = ticket.Properties.ExpiresUtc, Principal = ticket.Principal, @@ -133,8 +133,8 @@ namespace OpenIddict.Server type == OpenIdConnectConstants.TokenUsages.RefreshToken)) { ticket.Properties.IssuedUtc = ticket.Properties.ExpiresUtc = null; - ticket.RemoveProperty(OpenIddictConstants.Properties.AuthorizationId) - .RemoveProperty(OpenIdConnectConstants.Properties.TokenId); + ticket.RemoveProperty(OpenIddictConstants.Properties.InternalAuthorizationId) + .RemoveProperty(OpenIddictConstants.Properties.InternalTokenId); } // If reference tokens are enabled, create a new entry for @@ -189,16 +189,13 @@ namespace OpenIddict.Server throw new InvalidOperationException("The unique key associated with a refresh token cannot be null or empty."); } - // Restore the token identifier using the unique - // identifier attached with the database entry. - ticket.SetTokenId(identifier); - // Dynamically set the creation and expiration dates. ticket.Properties.IssuedUtc = descriptor.CreationDate; ticket.Properties.ExpiresUtc = descriptor.ExpirationDate; - // Restore the authorization identifier using the identifier attached with the database entry. - ticket.SetProperty(OpenIddictConstants.Properties.AuthorizationId, descriptor.AuthorizationId); + // Restore the token/authorization identifiers using the identifiers attached with the database entry. + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, identifier) + .SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, descriptor.AuthorizationId); if (!string.IsNullOrEmpty(result)) { @@ -302,7 +299,7 @@ namespace OpenIddict.Server return null; } - identifier = ticket.GetTokenId(); + identifier = ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId); if (string.IsNullOrEmpty(identifier)) { _logger.LogWarning("The identifier associated with the received token cannot be retrieved. " + @@ -333,7 +330,7 @@ namespace OpenIddict.Server if (token == null) { - _logger.LogInformation("The token '{Identifier}' cannot be found in the database.", ticket.GetTokenId()); + _logger.LogInformation("The token '{Identifier}' cannot be found in the database.", identifier); return null; } @@ -344,21 +341,18 @@ namespace OpenIddict.Server return null; } - // Restore the token identifier using the unique - // identifier attached with the database entry. - ticket.SetTokenId(identifier); - // Dynamically set the creation and expiration dates. ticket.Properties.IssuedUtc = await _tokenManager.GetCreationDateAsync(token); ticket.Properties.ExpiresUtc = await _tokenManager.GetExpirationDateAsync(token); - // Restore the authorization identifier using the identifier attached with the database entry. - ticket.SetProperty(OpenIddictConstants.Properties.AuthorizationId, + // Restore the token/authorization identifiers using the identifiers attached with the database entry. + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, identifier); + ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, await _tokenManager.GetAuthorizationIdAsync(token)); _logger.LogTrace("The token '{Identifier}' was successfully decrypted and " + "retrieved from the database: {Claims} ; {Properties}.", - ticket.GetTokenId(), ticket.Principal.Claims, ticket.Properties.Items); + identifier, ticket.Principal.Claims, ticket.Properties.Items); return ticket; } @@ -368,7 +362,7 @@ namespace OpenIddict.Server // Note: if the authorization identifier or the authorization itself // cannot be found, return true as the authorization doesn't need // to be revoked if it doesn't exist or is already invalid. - var identifier = ticket.GetProperty(OpenIddictConstants.Properties.AuthorizationId); + var identifier = ticket.GetProperty(OpenIddictConstants.Properties.InternalAuthorizationId); if (string.IsNullOrEmpty(identifier)) { return true; @@ -442,7 +436,7 @@ namespace OpenIddict.Server private async Task TryRevokeTokensAsync([NotNull] AuthenticationTicket ticket) { // Note: if the authorization identifier is null, return true as no tokens need to be revoked. - var identifier = ticket.GetProperty(OpenIddictConstants.Properties.AuthorizationId); + var identifier = ticket.GetProperty(OpenIddictConstants.Properties.InternalAuthorizationId); if (string.IsNullOrEmpty(identifier)) { return true; @@ -453,7 +447,8 @@ namespace OpenIddict.Server foreach (var token in await _tokenManager.FindByAuthorizationIdAsync(identifier)) { // Don't change the status of the token used in the token request. - if (string.Equals(ticket.GetTokenId(), await _tokenManager.GetIdAsync(token), StringComparison.Ordinal)) + if (string.Equals(ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId), + await _tokenManager.GetIdAsync(token), StringComparison.Ordinal)) { continue; } @@ -498,7 +493,7 @@ namespace OpenIddict.Server private async Task TryExtendTokenAsync( [NotNull] object token, [NotNull] AuthenticationTicket ticket, [NotNull] OpenIddictServerOptions options) { - var identifier = ticket.GetTokenId(); + var identifier = ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId); Debug.Assert(!string.IsNullOrEmpty(identifier), "The token identifier shouldn't be null or empty."); try diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs index ee3fde91..819a9ef7 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs @@ -107,7 +107,7 @@ namespace OpenIddict.Server Debug.Assert(context.Ticket != null, "The authentication ticket shouldn't be null."); Debug.Assert(!string.IsNullOrEmpty(context.Request.ClientId), "The client_id parameter shouldn't be null."); - var identifier = context.Ticket.GetTokenId(); + var identifier = context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId); Debug.Assert(!string.IsNullOrEmpty(identifier), "The authentication ticket should contain a token identifier."); if (!context.Ticket.IsAccessToken()) @@ -146,10 +146,10 @@ namespace OpenIddict.Server // If an authorization was attached to the access token, ensure it is still valid. if (!options.DisableAuthorizationStorage && - context.Ticket.HasProperty(OpenIddictConstants.Properties.AuthorizationId)) + context.Ticket.HasProperty(OpenIddictConstants.Properties.InternalAuthorizationId)) { var authorization = await _authorizationManager.FindByIdAsync( - context.Ticket.GetProperty(OpenIddictConstants.Properties.AuthorizationId)); + context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalAuthorizationId)); if (authorization == null || !await _authorizationManager.IsValidAsync(authorization)) { diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs index e7881fd3..e9da671a 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs @@ -198,7 +198,7 @@ namespace OpenIddict.Server } // Extract the token identifier from the authentication ticket. - var identifier = context.Ticket.GetTokenId(); + var identifier = context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId); Debug.Assert(!string.IsNullOrEmpty(identifier), "The authentication ticket should contain a token identifier."); // Retrieve the token from the request properties. If it's already marked as revoked, directly return a 200 response. diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs index 0a3ae921..64e97db4 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs @@ -100,7 +100,7 @@ namespace OpenIddict.Server // This scenario is deliberately not supported in OpenIddict and all the tickets // must be linked. To ensure the properties are flowed from the authorization code // or the refresh token to the new ticket, they are manually restored if necessary. - if (!context.Ticket.Properties.HasProperty(OpenIdConnectConstants.Properties.TokenId)) + if (!context.Ticket.Properties.HasProperty(OpenIddictConstants.Properties.InternalTokenId)) { // Retrieve the original authentication ticket from the request properties. var ticket = context.Request.GetProperty( @@ -142,7 +142,8 @@ namespace OpenIddict.Server // If token revocation was explicitly disabled, none of the following security routines apply. if (!options.DisableTokenStorage) { - var token = context.Request.GetProperty($"{OpenIddictConstants.Properties.Token}:{context.Ticket.GetTokenId()}"); + var token = context.Request.GetProperty(OpenIddictConstants.Properties.Token + ":" + + context.Ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId)); Debug.Assert(token != null, "The token shouldn't be null."); // If rolling tokens are enabled or if the request is a grant_type=authorization_code request, @@ -192,7 +193,7 @@ namespace OpenIddict.Server // create an ad hoc authorization if an authorization code or a refresh token // is going to be returned to the client application as part of the response. if (!options.DisableAuthorizationStorage && - !context.Ticket.HasProperty(OpenIddictConstants.Properties.AuthorizationId) && + !context.Ticket.HasProperty(OpenIddictConstants.Properties.InternalAuthorizationId) && (context.IncludeAuthorizationCode || context.IncludeRefreshToken)) { await CreateAuthorizationAsync(context.Ticket, options, context.Request); diff --git a/src/OpenIddict.Validation/Internal/OpenIddictValidationProvider.cs b/src/OpenIddict.Validation/Internal/OpenIddictValidationProvider.cs index ccfa8172..e4db2baa 100644 --- a/src/OpenIddict.Validation/Internal/OpenIddictValidationProvider.cs +++ b/src/OpenIddict.Validation/Internal/OpenIddictValidationProvider.cs @@ -82,8 +82,8 @@ namespace OpenIddict.Validation ticket.Properties.ExpiresUtc = await manager.GetExpirationDateAsync(token); // Restore the token and authorization identifiers attached with the database entry. - ticket.Properties.SetProperty(OpenIddictConstants.Properties.TokenId, await manager.GetIdAsync(token)); - ticket.Properties.SetProperty(OpenIddictConstants.Properties.AuthorizationId, + ticket.Properties.SetProperty(OpenIddictConstants.Properties.InternalTokenId, await manager.GetIdAsync(token)); + ticket.Properties.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, await manager.GetAuthorizationIdAsync(token)); context.Principal = ticket.Principal; diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs index 897b196c..da877f77 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs @@ -715,7 +715,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); var format = new Mock>(); @@ -767,7 +767,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); var format = new Mock>(); @@ -818,7 +818,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); var format = new Mock>(); @@ -877,7 +877,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); var format = new Mock>(); @@ -935,7 +935,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); var format = new Mock>(); @@ -1003,7 +1003,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); var format = new Mock>(); @@ -1070,9 +1070,9 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); - ticket.SetProperty(OpenIddictConstants.Properties.AuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); var format = new Mock>(); @@ -1153,9 +1153,9 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetProperty(OpenIddictConstants.Properties.AuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); var format = new Mock>(); @@ -1235,9 +1235,9 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); - ticket.SetProperty(OpenIddictConstants.Properties.AuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); var format = new Mock>(); @@ -1330,9 +1330,9 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetProperty(OpenIddictConstants.Properties.AuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); var format = new Mock>(); @@ -1424,7 +1424,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); var format = new Mock>(); @@ -1496,7 +1496,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); var format = new Mock>(); @@ -1566,7 +1566,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); var format = new Mock>(); @@ -1647,7 +1647,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); var format = new Mock>(); @@ -1730,7 +1730,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); var format = new Mock>(); @@ -1810,7 +1810,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); var format = new Mock>(); @@ -1895,9 +1895,9 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetProperty(OpenIddictConstants.Properties.AuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); var format = new Mock>(); @@ -1973,9 +1973,9 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetProperty(OpenIddictConstants.Properties.AuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); var format = new Mock>(); @@ -2065,7 +2065,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); switch (flow) { diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs index 177928aa..7d73bc08 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs @@ -212,7 +212,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(type); var format = new Mock>(); @@ -266,7 +266,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken); var format = new Mock>(); @@ -321,7 +321,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetAudiences("Contoso"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken); var format = new Mock>(); @@ -428,7 +428,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetAudiences("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken); var format = new Mock>(); @@ -519,7 +519,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetAudiences("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken); var format = new Mock>(); @@ -609,7 +609,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetAudiences("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken); var format = new Mock>(); @@ -705,7 +705,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetAudiences("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken); var format = new Mock>(); diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs index 74c35fb7..38389b65 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs @@ -312,7 +312,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken); var format = new Mock>(); @@ -393,7 +393,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); var format = new Mock>(); @@ -437,7 +437,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); var format = new Mock>(); @@ -486,7 +486,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); var format = new Mock>(); diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs index 42350622..d8a86654 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs @@ -84,7 +84,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetAudiences("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken); var format = new Mock>(); @@ -334,7 +334,8 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetAudiences("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetTokenId("070AAEDE-38BF-41BE-870C-4E5A73E54566"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); var format = new Mock>(); @@ -409,7 +410,7 @@ namespace OpenIddict.Server.Tests // Assert Assert.True((bool) response[OpenIdConnectConstants.Claims.Active]); - Assert.Equal("3E228451-1555-46F7-A471-951EFBA23A56", response[OpenIdConnectConstants.Claims.JwtId]); + Assert.Equal("070AAEDE-38BF-41BE-870C-4E5A73E54566", response[OpenIdConnectConstants.Claims.JwtId]); Assert.Equal(1483228800, (long) response[OpenIdConnectConstants.Claims.IssuedAt]); Assert.Equal(1484006400, (long) response[OpenIdConnectConstants.Claims.ExpiresAt]); @@ -481,7 +482,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); var format = new Mock>(); @@ -931,7 +932,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); var format = new Mock>(); @@ -1063,7 +1064,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); var format = new Mock>(); @@ -1391,7 +1392,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); var format = new Mock>(); @@ -1974,7 +1975,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); var format = new Mock>(); diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs index b4c5bb03..4e432688 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs @@ -154,7 +154,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); ticket.SetProperty("custom_property_in_original_ticket", "original_value"); @@ -226,7 +226,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); @@ -299,7 +299,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); @@ -362,7 +362,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); @@ -421,7 +421,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); var format = new Mock>(); @@ -490,7 +490,7 @@ namespace OpenIddict.Server.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); var format = new Mock>(); @@ -564,7 +564,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); @@ -630,7 +630,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); @@ -700,7 +700,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); @@ -758,7 +758,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); @@ -852,10 +852,10 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); - ticket.SetProperty(OpenIddictConstants.Properties.AuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); var format = new Mock>(); @@ -937,7 +937,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); @@ -1005,7 +1005,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); @@ -1072,7 +1072,7 @@ namespace OpenIddict.Server.Tests new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); - ticket.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); @@ -1514,7 +1514,7 @@ namespace OpenIddict.Server.Tests if (request.HasParameter("attach-authorization")) { - ticket.SetProperty(OpenIddictConstants.Properties.AuthorizationId, "1AF06AB2-A0FC-4E3D-86AF-E04DA8C7BE70"); + ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "1AF06AB2-A0FC-4E3D-86AF-E04DA8C7BE70"); } if (request.HasParameter("attach-public-parameters"))