tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Move all the assertions and log messages to OpenIddictResources

pull/1032/head
Kévin Chalet 6 years ago
parent
59fe639013
commit
66f6d80298
33 changed files with 881 additions and 522 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      src/OpenIddict.Abstractions/Primitives/OpenIddictExtensions.cs
  2. 592
      src/OpenIddict.Abstractions/Resources/OpenIddictResources.resx
  3. 15
      src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs
  4. 9
      src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
  5. 40
      src/OpenIddict.Core/Managers/OpenIddictTokenManager.cs
  6. 30
      src/OpenIddict.Core/OpenIddictCoreExtensions.cs
  7. 7
      src/OpenIddict.EntityFramework/OpenIddictEntityFrameworkBuilder.cs
  8. 18
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
  9. 9
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Session.cs
  10. 37
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs
  11. 40
      src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.cs
  12. 18
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
  13. 9
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Session.cs
  14. 37
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs
  15. 6
      src/OpenIddict.Server/OpenIddictServerConfiguration.cs
  16. 15
      src/OpenIddict.Server/OpenIddictServerDispatcher.cs
  17. 93
      src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs
  18. 31
      src/OpenIddict.Server/OpenIddictServerHandlers.Device.cs
  19. 41
      src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
  20. 76
      src/OpenIddict.Server/OpenIddictServerHandlers.Exchange.cs
  21. 38
      src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
  22. 42
      src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs
  23. 13
      src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs
  24. 6
      src/OpenIddict.Server/OpenIddictServerHandlers.Userinfo.cs
  25. 83
      src/OpenIddict.Server/OpenIddictServerHandlers.cs
  26. 4
      src/OpenIddict.Validation.AspNetCore/OpenIddictValidationAspNetCoreHandlers.cs
  27. 5
      src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs
  28. 4
      src/OpenIddict.Validation.Owin/OpenIddictValidationOwinHandlers.cs
  29. 15
      src/OpenIddict.Validation/OpenIddictValidationDispatcher.cs
  30. 20
      src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
  31. 30
      test/OpenIddict.Core.Tests/OpenIddictCoreExtensionsTests.cs
  32. 2
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Authentication.cs
  33. 2
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Exchange.cs

16
src/OpenIddict.Abstractions/Primitives/OpenIddictExtensions.cs
View File

@ -1670,8 +1670,8 @@ namespace OpenIddict.Abstractions
private static IEnumerable<string> GetValues(string source, char[] separators)
{
Debug.Assert(!string.IsNullOrEmpty(source), "The source string shouldn't be null or empty.");
Debug.Assert(separators?.Length != 0, "The separators collection shouldn't be null or empty.");
Debug.Assert(!string.IsNullOrEmpty(source), SR.GetResourceString(SR.ID5000));
Debug.Assert(separators?.Length != 0, SR.GetResourceString(SR.ID5001));
foreach (var element in new StringTokenizer(source, separators))
{
@ -1694,8 +1694,8 @@ namespace OpenIddict.Abstractions
return false;
}
Debug.Assert(!string.IsNullOrEmpty(value), "The value string shouldn't be null or empty.");
Debug.Assert(separators?.Length != 0, "The separators collection shouldn't be null or empty.");
Debug.Assert(!string.IsNullOrEmpty(value), SR.GetResourceString(SR.ID5002));
Debug.Assert(separators?.Length != 0, SR.GetResourceString(SR.ID5001));
foreach (var element in new StringTokenizer(source, separators))
{
@ -1716,7 +1716,7 @@ namespace OpenIddict.Abstractions
private static StringSegment TrimStart(StringSegment segment, char[] separators)
{
Debug.Assert(separators?.Length != 0, "The separators collection shouldn't be null or empty.");
Debug.Assert(separators?.Length != 0, SR.GetResourceString(SR.ID5001));
var index = segment.Offset;
@ -1735,7 +1735,7 @@ namespace OpenIddict.Abstractions
private static StringSegment TrimEnd(StringSegment segment, char[] separators)
{
Debug.Assert(separators?.Length != 0, "The separators collection shouldn't be null or empty.");
Debug.Assert(separators?.Length != 0, SR.GetResourceString(SR.ID5001));
var index = segment.Offset + segment.Length - 1;
@ -1754,14 +1754,14 @@ namespace OpenIddict.Abstractions
private static StringSegment Trim(StringSegment segment, char[] separators)
{
Debug.Assert(separators?.Length != 0, "The separators collection shouldn't be null or empty.");
Debug.Assert(separators?.Length != 0, SR.GetResourceString(SR.ID5001));
return TrimEnd(TrimStart(segment, separators), separators);
}
private static bool IsSeparator(char character, char[] separators)
{
Debug.Assert(separators?.Length != 0, "The separators collection shouldn't be null or empty.");
Debug.Assert(separators?.Length != 0, SR.GetResourceString(SR.ID5001));
for (var index = 0; index < separators.Length; index++)
{

592
src/OpenIddict.Abstractions/Resources/OpenIddictResources.resx
View File

@ -1066,6 +1066,30 @@ To configure the OpenIddict MongoDB stores to use a specific database, use 'serv
<data name="ID1270" xml:space="preserve">
<value>The type of the JWT token doesn't match the expected type.</value>
</data>
<data name="ID1271" xml:space="preserve">
<value>The configuration response was not correctly applied.
To apply configuration responses, create a class implementing 'IOpenIddictServerHandler&lt;ApplyConfigurationResponseContext&gt;' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'.</value>
</data>
<data name="ID1272" xml:space="preserve">
<value>No default application entity type was configured in the OpenIddict core options, which generally indicates that no application store was registered in the DI container.
To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.</value>
</data>
<data name="ID1273" xml:space="preserve">
<value>No default authorization entity type was configured in the OpenIddict core options, which generally indicates that no authorization store was registered in the DI container.
To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.</value>
</data>
<data name="ID1274" xml:space="preserve">
<value>No default scope entity type was configured in the OpenIddict core options, which generally indicates that no scope store was registered in the DI container.
To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.</value>
</data>
<data name="ID1275" xml:space="preserve">
<value>No default token entity type was configured in the OpenIddict core options, which generally indicates that no token store was registered in the DI container.
To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.</value>
</data>
<data name="ID1276" xml:space="preserve">
<value>The Entity Framework 6.x stores cannot be used with generic types.
Consider creating non-generic classes derived from the default entities for the application, authorization, scope and token entities.</value>
</data>
<data name="ID3000" xml:space="preserve">
<value>The security token is missing.</value>
</data>
@ -1216,9 +1240,6 @@ To configure the OpenIddict MongoDB stores to use a specific database, use 'serv
<data name="ID3049" xml:space="preserve">
<value>The client application is not allowed to use the hybrid flow.</value>
</data>
<data name="ID3050" xml:space="preserve">
<value>The client application is not allowed to use the 'offline_access' scope.</value>
</data>
<data name="ID3051" xml:space="preserve">
<value>This client application is not allowed to use the specified scope.</value>
</data>
@ -1429,4 +1450,569 @@ To configure the OpenIddict MongoDB stores to use a specific database, use 'serv
<data name="ID3120" xml:space="preserve">
<value>Callback URLs must be valid absolute URLs.</value>
</data>
<data name="ID5000" xml:space="preserve">
<value>The source string shouldn't be null or empty.</value>
</data>
<data name="ID5001" xml:space="preserve">
<value>The separators collection shouldn't be null or empty.</value>
</data>
<data name="ID5002" xml:space="preserve">
<value>The value string shouldn't be null or empty.</value>
</data>
<data name="ID5003" xml:space="preserve">
<value>RSA.ExportParameters() shouldn't return invalid values.</value>
</data>
<data name="ID5004" xml:space="preserve">
<value>ECDsa.ExportParameters() shouldn't return invalid values.</value>
</data>
<data name="ID5005" xml:space="preserve">
<value>ECDsa.ExportParameters() shouldn't return an unnamed curve.</value>
</data>
<data name="ID7000" xml:space="preserve">
<value>An error occurred while validating the token '{Token}'.</value>
</data>
<data name="ID7001" xml:space="preserve">
<value>The token '{Token}' was successfully validated and the following claims could be extracted: {Claims}.</value>
</data>
<data name="ID7002" xml:space="preserve">
<value>The token '{Identifier}' has already been redeemed.</value>
</data>
<data name="ID7003" xml:space="preserve">
<value>The token '{Identifier}' is not active yet.</value>
</data>
<data name="ID7004" xml:space="preserve">
<value>The token '{Identifier}' was marked as rejected.</value>
</data>
<data name="ID7005" xml:space="preserve">
<value>The token '{Identifier}' was no longer valid.</value>
</data>
<data name="ID7006" xml:space="preserve">
<value>The authorization '{Identifier}' was no longer valid.</value>
</data>
<data name="ID7007" xml:space="preserve">
<value>An ad hoc authorization was automatically created and associated with an unknown application: {Identifier}.</value>
</data>
<data name="ID7008" xml:space="preserve">
<value>An ad hoc authorization was automatically created and associated with the '{ClientId}' application: {Identifier}.</value>
</data>
<data name="ID7009" xml:space="preserve">
<value>'{Claim}' was excluded from the access token claims.</value>
</data>
<data name="ID7010" xml:space="preserve">
<value>The access token scopes will be limited to the scopes requested by the client application: {Scopes}.</value>
</data>
<data name="ID7011" xml:space="preserve">
<value>'{Claim}' was excluded from the identity token claims.</value>
</data>
<data name="ID7012" xml:space="preserve">
<value>The token entry for access token '{Identifier}' was successfully created.</value>
</data>
<data name="ID7013" xml:space="preserve">
<value>The access token '{Identifier}' was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
</data>
<data name="ID7014" xml:space="preserve">
<value>The token entry for access token '{Identifier}' was successfully converted to a reference token with the identifier '{ReferenceId}'.</value>
</data>
<data name="ID7015" xml:space="preserve">
<value>The token entry for authorization code '{Identifier}' was successfully created.</value>
</data>
<data name="ID7016" xml:space="preserve">
<value>The authorization code '{Identifier}' was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
</data>
<data name="ID7017" xml:space="preserve">
<value>The token entry for authorization code '{Identifier}' was successfully converted to a reference token with the identifier '{ReferenceId}'.</value>
</data>
<data name="ID7018" xml:space="preserve">
<value>The token entry for device code '{Identifier}' was successfully created.</value>
</data>
<data name="ID7019" xml:space="preserve">
<value>The device code '{Identifier}' was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
</data>
<data name="ID7020" xml:space="preserve">
<value>The token entry for device code '{Identifier}' was successfully converted to a reference token with the identifier '{ReferenceId}'.</value>
</data>
<data name="ID7021" xml:space="preserve">
<value>The reference token entry for device code '{Identifier}' was successfully updated'.</value>
</data>
<data name="ID7022" xml:space="preserve">
<value>The token entry for refresh token '{Identifier}' was successfully created.</value>
</data>
<data name="ID7023" xml:space="preserve">
<value>The refresh token '{Identifier}' was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
</data>
<data name="ID7024" xml:space="preserve">
<value>The token entry for refresh token '{Identifier}' was successfully converted to a reference token with the identifier '{ReferenceId}'.</value>
</data>
<data name="ID7025" xml:space="preserve">
<value>The token entry for user code '{Identifier}' was successfully created.</value>
</data>
<data name="ID7026" xml:space="preserve">
<value>The user code '{Identifier}' was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
</data>
<data name="ID7027" xml:space="preserve">
<value>The token entry for user code '{Identifier}' was successfully converted to a reference token with the identifier '{ReferenceId}'.</value>
</data>
<data name="ID7028" xml:space="preserve">
<value>The token entry for identity token '{Identifier}' was successfully created.</value>
</data>
<data name="ID7029" xml:space="preserve">
<value>The identity token '{Identifier}' was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
</data>
<data name="ID7030" xml:space="preserve">
<value>The authorization request was successfully extracted: {Request}.</value>
</data>
<data name="ID7031" xml:space="preserve">
<value>The authorization request was successfully validated.</value>
</data>
<data name="ID7032" xml:space="preserve">
<value>The authorization request was rejected because it contained an unsupported parameter: {Parameter}.</value>
</data>
<data name="ID7033" xml:space="preserve">
<value>The authorization request was rejected because the mandatory '{Parameter}' parameter was missing.</value>
</data>
<data name="ID7034" xml:space="preserve">
<value>The authorization request was rejected because the '{Parameter}' parameter wasn't a valid absolute URL: {RedirectUri}.</value>
</data>
<data name="ID7035" xml:space="preserve">
<value>The authorization request was rejected because the '{Parameter}' contained a URL fragment: {RedirectUri}.</value>
</data>
<data name="ID7036" xml:space="preserve">
<value>The authorization request was rejected because the '{ResponseType}' response type is not supported.</value>
</data>
<data name="ID7037" xml:space="preserve">
<value>The authorization request was rejected because the 'response_type'/'response_mode' combination was invalid: {ResponseType} ; {ResponseMode}.</value>
</data>
<data name="ID7038" xml:space="preserve">
<value>The authorization request was rejected because the '{ResponseMode}' response mode is not supported.</value>
</data>
<data name="ID7039" xml:space="preserve">
<value>The authorization request was rejected because the '{Scope}' scope was missing.</value>
</data>
<data name="ID7040" xml:space="preserve">
<value>The authorization request was rejected because an invalid prompt parameter was specified.</value>
</data>
<data name="ID7041" xml:space="preserve">
<value>The authorization request was rejected because the specified code challenge method was not supported.</value>
</data>
<data name="ID7042" xml:space="preserve">
<value>The authorization request was rejected because the response type was not compatible with 'code_challenge'/'code_challenge_method'.</value>
</data>
<data name="ID7043" xml:space="preserve">
<value>The authorization request was rejected because the specified response type was not compatible with PKCE.</value>
</data>
<data name="ID7044" xml:space="preserve">
<value>The authorization request was rejected because the client application was not found: '{ClientId}'.</value>
</data>
<data name="ID7045" xml:space="preserve">
<value>The authorization request was rejected because the confidential application '{ClientId}' was not allowed to retrieve an access token from the authorization endpoint.</value>
</data>
<data name="ID7046" xml:space="preserve">
<value>The authorization request was rejected because the redirect_uri was invalid: '{RedirectUri}'.</value>
</data>
<data name="ID7047" xml:space="preserve">
<value>The authentication request was rejected because invalid scopes were specified: {Scopes}.</value>
</data>
<data name="ID7048" xml:space="preserve">
<value>The authorization request was rejected because the application '{ClientId}' was not allowed to use the authorization endpoint.</value>
</data>
<data name="ID7049" xml:space="preserve">
<value>The authorization request was rejected because the application '{ClientId}' was not allowed to use the authorization code flow.</value>
</data>
<data name="ID7050" xml:space="preserve">
<value>The authorization request was rejected because the application '{ClientId}' was not allowed to use the implicit flow.</value>
</data>
<data name="ID7051" xml:space="preserve">
<value>The authorization request was rejected because the application '{ClientId}' was not allowed to use the hybrid flow.</value>
</data>
<data name="ID7052" xml:space="preserve">
<value>The authorization request was rejected because the application '{ClientId}' was not allowed to use the '{Scope}' scope.</value>
</data>
<data name="ID7053" xml:space="preserve">
<value>The request address matched a server endpoint: {Endpoint}.</value>
</data>
<data name="ID7054" xml:space="preserve">
<value>The device request was successfully extracted: {Request}.</value>
</data>
<data name="ID7055" xml:space="preserve">
<value>The device request was successfully validated.</value>
</data>
<data name="ID7056" xml:space="preserve">
<value>The device request was rejected because the mandatory '{Parameter}' parameter was missing.</value>
</data>
<data name="ID7057" xml:space="preserve">
<value>The device request was rejected because invalid scopes were specified: {Scopes}.</value>
</data>
<data name="ID7058" xml:space="preserve">
<value>The device request was rejected because the client application was not found: '{ClientId}'.</value>
</data>
<data name="ID7059" xml:space="preserve">
<value>The device request was rejected because the public application '{ClientId}' was not allowed to send a client secret.</value>
</data>
<data name="ID7060" xml:space="preserve">
<value>The device request was rejected because the confidential or hybrid application '{ClientId}' didn't specify a client secret.</value>
</data>
<data name="ID7061" xml:space="preserve">
<value>The device request was rejected because the confidential or hybrid application '{ClientId}' didn't specify valid client credentials.</value>
</data>
<data name="ID7062" xml:space="preserve">
<value>The device request was rejected because the application '{ClientId}' was not allowed to use the device endpoint.</value>
</data>
<data name="ID7063" xml:space="preserve">
<value>The device request was rejected because the application '{ClientId}' was not allowed to use the scope {Scope}.</value>
</data>
<data name="ID7064" xml:space="preserve">
<value>The verification request was successfully extracted: {Request}.</value>
</data>
<data name="ID7065" xml:space="preserve">
<value>The verification request was successfully validated.</value>
</data>
<data name="ID7066" xml:space="preserve">
<value>The configuration request was successfully extracted: {Request}.</value>
</data>
<data name="ID7067" xml:space="preserve">
<value>The configuration request was successfully validated.</value>
</data>
<data name="ID7068" xml:space="preserve">
<value>The cryptography request was successfully extracted: {Request}.</value>
</data>
<data name="ID7069" xml:space="preserve">
<value>The cryptography request was successfully validated.</value>
</data>
<data name="ID7070" xml:space="preserve">
<value>A JSON Web Key was excluded from the key set because it didn't contain the mandatory '{Parameter}' parameter.</value>
</data>
<data name="ID7071" xml:space="preserve">
<value>An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA and ECDSA asymmetric security keys can be exposed via the JWKS endpoint.</value>
</data>
<data name="ID7072" xml:space="preserve">
<value>An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA asymmetric security keys can be exposed via the JWKS endpoint.</value>
</data>
<data name="ID7073" xml:space="preserve">
<value>A signing key of type '{Type}' was ignored because its RSA public parameters couldn't be extracted.</value>
</data>
<data name="ID7074" xml:space="preserve">
<value>A signing key of type '{Type}' was ignored because its EC public parameters couldn't be extracted.</value>
</data>
<data name="ID7075" xml:space="preserve">
<value>The token request was successfully extracted: {Request}.</value>
</data>
<data name="ID7076" xml:space="preserve">
<value>The token request was successfully validated.</value>
</data>
<data name="ID7077" xml:space="preserve">
<value>The token request was rejected because the mandatory '{Parameter}' parameter was missing.</value>
</data>
<data name="ID7078" xml:space="preserve">
<value>The token request was rejected because the '{GrantType}' grant type is not supported.</value>
</data>
<data name="ID7079" xml:space="preserve">
<value>The token request was rejected because the resource owner credentials were missing.</value>
</data>
<data name="ID7080" xml:space="preserve">
<value>The token request was rejected because invalid scopes were specified: {Scopes}.</value>
</data>
<data name="ID7081" xml:space="preserve">
<value>The token request was rejected because the client application was not found: '{ClientId}'.</value>
</data>
<data name="ID7082" xml:space="preserve">
<value>The token request was rejected because the public client application '{ClientId}' was not allowed to use the client credentials grant.</value>
</data>
<data name="ID7083" xml:space="preserve">
<value>The token request was rejected because the public application '{ClientId}' was not allowed to send a client secret.</value>
</data>
<data name="ID7084" xml:space="preserve">
<value>The token request was rejected because the confidential or hybrid application '{ClientId}' didn't specify a client secret.</value>
</data>
<data name="ID7085" xml:space="preserve">
<value>The token request was rejected because the confidential or hybrid application '{ClientId}' didn't specify valid client credentials.</value>
</data>
<data name="ID7086" xml:space="preserve">
<value>The token request was rejected because the application '{ClientId}' was not allowed to use the token endpoint.</value>
</data>
<data name="ID7087" xml:space="preserve">
<value>The token request was rejected because the application '{ClientId}' was not allowed to use the specified grant type: {GrantType}.</value>
</data>
<data name="ID7088" xml:space="preserve">
<value>The token request was rejected because the application '{ClientId}' was not allowed to request the '{Scope}' scope.</value>
</data>
<data name="ID7089" xml:space="preserve">
<value>The token request was rejected because the application '{ClientId}' was not allowed to use the scope {Scope}.</value>
</data>
<data name="ID7090" xml:space="preserve">
<value>The token request was rejected because the client identifier of the application was not available and could not be compared to the presenters list stored in the authorization code, the device code or the refresh token.</value>
</data>
<data name="ID7091" xml:space="preserve">
<value>The token request was rejected because the authorization code, the device code or the refresh token was issued to a different client application.</value>
</data>
<data name="ID7092" xml:space="preserve">
<value>The token request was rejected because the '{Parameter}' parameter didn't correspond to the expected value.</value>
</data>
<data name="ID7093" xml:space="preserve">
<value>The token request was rejected because a '{0}' parameter was presented with an authorization code to which no code challenge was attached when processing the initial authorization request.</value>
</data>
<data name="ID7094" xml:space="preserve">
<value>The token request was rejected because the '{Parameter}' parameter was not allowed.</value>
</data>
<data name="ID7095" xml:space="preserve">
<value>The token request was rejected because the '{Parameter}' parameter was not valid.</value>
</data>
<data name="ID7096" xml:space="preserve">
<value>The introspection request was successfully extracted: {Request}.</value>
</data>
<data name="ID7097" xml:space="preserve">
<value>The introspection request was successfully validated.</value>
</data>
<data name="ID7098" xml:space="preserve">
<value>The introspection request was rejected because the mandatory '{Parameter}' parameter was missing.</value>
</data>
<data name="ID7099" xml:space="preserve">
<value>The introspection request was rejected because the client application was not found: '{ClientId}'.</value>
</data>
<data name="ID7100" xml:space="preserve">
<value>The introspection request was rejected because the public application '{ClientId}' was not allowed to send a client secret.</value>
</data>
<data name="ID7101" xml:space="preserve">
<value>The introspection request was rejected because the confidential or hybrid application '{ClientId}' didn't specify a client secret.</value>
</data>
<data name="ID7102" xml:space="preserve">
<value>The introspection request was rejected because the confidential or hybrid application '{ClientId}' didn't specify valid client credentials.</value>
</data>
<data name="ID7103" xml:space="preserve">
<value>The introspection request was rejected because the application '{ClientId}' was not allowed to use the introspection endpoint.</value>
</data>
<data name="ID7104" xml:space="preserve">
<value>The introspection request was rejected because the received token was of an unsupported type.</value>
</data>
<data name="ID7105" xml:space="preserve">
<value>The introspection request was rejected because the authorization code was issued to a different client.</value>
</data>
<data name="ID7106" xml:space="preserve">
<value>The introspection request was rejected because the access token was issued to a different client or for another resource server.</value>
</data>
<data name="ID7107" xml:space="preserve">
<value>The introspection request was rejected because the identity token was issued to a different client.</value>
</data>
<data name="ID7108" xml:space="preserve">
<value>The introspection request was rejected because the refresh token was issued to a different client.</value>
</data>
<data name="ID7109" xml:space="preserve">
<value>The revocation request was successfully extracted: {Request}.</value>
</data>
<data name="ID7110" xml:space="preserve">
<value>The revocation request was successfully validated.</value>
</data>
<data name="ID7111" xml:space="preserve">
<value>The revocation request was rejected because the mandatory '{Parameter}' parameter was missing.</value>
</data>
<data name="ID7112" xml:space="preserve">
<value>The revocation request was rejected because the client application was not found: '{ClientId}'.</value>
</data>
<data name="ID7113" xml:space="preserve">
<value>The revocation request was rejected because the public application '{ClientId}' was not allowed to send a client secret.</value>
</data>
<data name="ID7114" xml:space="preserve">
<value>The revocation request was rejected because the confidential or hybrid application '{ClientId}' didn't specify a client secret.</value>
</data>
<data name="ID7115" xml:space="preserve">
<value>The revocation request was rejected because the confidential or hybrid application '{ClientId}' didn't specify valid client credentials.</value>
</data>
<data name="ID7116" xml:space="preserve">
<value>The revocation request was rejected because the application '{ClientId}' was not allowed to use the revocation endpoint.</value>
</data>
<data name="ID7117" xml:space="preserve">
<value>The revocation request was rejected because the received token was of an unsupported type.</value>
</data>
<data name="ID7118" xml:space="preserve">
<value>The revocation request was rejected because the authorization code was issued to a different client.</value>
</data>
<data name="ID7119" xml:space="preserve">
<value>The revocation request was rejected because the access token was issued to a different client or for another resource server.</value>
</data>
<data name="ID7120" xml:space="preserve">
<value>The revocation request was rejected because the identity token was issued to a different client.</value>
</data>
<data name="ID7121" xml:space="preserve">
<value>The revocation request was rejected because the refresh token was issued to a different client.</value>
</data>
<data name="ID7122" xml:space="preserve">
<value>The revocation request was rejected because the token had no internal identifier.</value>
</data>
<data name="ID7123" xml:space="preserve">
<value>The token '{Identifier}' was not revoked because it couldn't be found.</value>
</data>
<data name="ID7124" xml:space="preserve">
<value>The logout request was successfully extracted: {Request}.</value>
</data>
<data name="ID7125" xml:space="preserve">
<value>The logout request was successfully validated.</value>
</data>
<data name="ID7126" xml:space="preserve">
<value>The logout request was rejected because the '{Parameter}' parameter wasn't a valid absolute URL: {PostLogoutRedirectUri}.</value>
</data>
<data name="ID7127" xml:space="preserve">
<value>The logout request was rejected because the '{Parameter}' contained a URL fragment: {PostLogoutRedirectUri}.</value>
</data>
<data name="ID7128" xml:space="preserve">
<value>The logout request was rejected because the specified post_logout_redirect_uri was invalid: {PostLogoutRedirectUri}.</value>
</data>
<data name="ID7129" xml:space="preserve">
<value>The userinfo request was successfully extracted: {Request}.</value>
</data>
<data name="ID7130" xml:space="preserve">
<value>The userinfo request was successfully validated.</value>
</data>
<data name="ID7131" xml:space="preserve">
<value>The userinfo request was rejected because the mandatory '{Parameter}' parameter was missing.</value>
</data>
<data name="ID7132" xml:space="preserve">
<value>An exception was thrown by {HandlerName} while handling the {EventName} event.</value>
</data>
<data name="ID7133" xml:space="preserve">
<value>The event {EventName} was successfully processed by {HandlerName}.</value>
</data>
<data name="ID7134" xml:space="preserve">
<value>The event {EventName} was marked as handled by {HandlerName}.</value>
</data>
<data name="ID7135" xml:space="preserve">
<value>The event {EventName} was marked as skipped by {HandlerName}.</value>
</data>
<data name="ID7136" xml:space="preserve">
<value>The event {EventName} was marked as rejected by {HandlerName}.</value>
</data>
<data name="ID7137" xml:space="preserve">
<value>The request was rejected because an invalid HTTP method was specified: {Method}.</value>
</data>
<data name="ID7138" xml:space="preserve">
<value>The request was rejected because the mandatory '{Header}' header was missing.</value>
</data>
<data name="ID7139" xml:space="preserve">
<value>The request was rejected because an invalid '{Header}' header was specified: {Value}.</value>
</data>
<data name="ID7140" xml:space="preserve">
<value>The request was rejected because multiple client credentials were specified.</value>
</data>
<data name="ID7141" xml:space="preserve">
<value>The response was successfully returned as a challenge response: {Response}.</value>
</data>
<data name="ID7142" xml:space="preserve">
<value>The response was successfully returned as a JSON document: {Response}.</value>
</data>
<data name="ID7143" xml:space="preserve">
<value>The response was successfully returned as a plain-text document: {Response}.</value>
</data>
<data name="ID7144" xml:space="preserve">
<value>The response was successfully returned as a 302 response.</value>
</data>
<data name="ID7145" xml:space="preserve">
<value>The response was successfully returned as an empty 200 response.</value>
</data>
<data name="ID7146" xml:space="preserve">
<value>The authorization request was rejected because an unknown or invalid '{Parameter}' was specified.</value>
</data>
<data name="ID7147" xml:space="preserve">
<value>The authorization response was successfully returned to '{RedirectUri}' using the form post response mode: {Response}.</value>
</data>
<data name="ID7148" xml:space="preserve">
<value>The authorization response was successfully returned to '{RedirectUri}' using the query response mode: {Response}.</value>
</data>
<data name="ID7149" xml:space="preserve">
<value>The authorization response was successfully returned to '{RedirectUri}' using the fragment response mode: {Response}.</value>
</data>
<data name="ID7150" xml:space="preserve">
<value>The logout request was rejected because an unknown or invalid '{Parameter}' was specified.</value>
</data>
<data name="ID7151" xml:space="preserve">
<value>The logout response was successfully returned to '{PostLogoutRedirectUri}': {Response}.</value>
</data>
<data name="ID7152" xml:space="preserve">
<value>The ASP.NET Core Data Protection token '{Token}' was successfully validated and the following claims could be extracted: {Claims}.</value>
</data>
<data name="ID7153" xml:space="preserve">
<value>An exception occured while deserializing the token '{Token}'.</value>
</data>
<data name="ID7154" xml:space="preserve">
<value>The token '{Token}' was successfully introspected and the following claims could be extracted: {Claims}.</value>
</data>
<data name="ID7155" xml:space="preserve">
<value>An error occurred while introspecting the token.</value>
</data>
<data name="ID7156" xml:space="preserve">
<value>The authentication demand was rejected because the token was expired.</value>
</data>
<data name="ID7157" xml:space="preserve">
<value>The authentication demand was rejected because the token had no audience attached.</value>
</data>
<data name="ID7158" xml:space="preserve">
<value>The authentication demand was rejected because the token had no valid audience.</value>
</data>
<data name="ID7159" xml:space="preserve">
<value>Client authentication cannot be enforced for public applications.</value>
</data>
<data name="ID7160" xml:space="preserve">
<value>Client authentication failed for {Client} because no client secret was associated with the application.</value>
</data>
<data name="ID7161" xml:space="preserve">
<value>Client authentication failed for {Client}.</value>
</data>
<data name="ID7162" xml:space="preserve">
<value>Client validation failed because '{RedirectUri}' was not a valid redirect_uri for {Client}.</value>
</data>
<data name="ID7163" xml:space="preserve">
<value>An error occurred while trying to verify a client secret.
This may indicate that the hashed entry is corrupted or malformed.</value>
</data>
<data name="ID7164" xml:space="preserve">
<value>The authorization '{Identifier}' was successfully revoked.</value>
</data>
<data name="ID7165" xml:space="preserve">
<value>A concurrency exception occurred while trying to revoke the authorization '{Identifier}'.</value>
</data>
<data name="ID7166" xml:space="preserve">
<value>An exception occurred while trying to revoke the authorization '{Identifier}'.</value>
</data>
<data name="ID7167" xml:space="preserve">
<value>The expiration date of the refresh token '{Identifier}' was successfully updated: {Date}.</value>
</data>
<data name="ID7168" xml:space="preserve">
<value>The expiration date of the refresh token '{Identifier}' was successfully removed.</value>
</data>
<data name="ID7169" xml:space="preserve">
<value>A concurrency exception occurred while trying to update the expiration date of the token '{Identifier}'.</value>
</data>
<data name="ID7170" xml:space="preserve">
<value>An exception occurred while trying to update the expiration date of the token '{Identifier}'.</value>
</data>
<data name="ID7171" xml:space="preserve">
<value>The token '{Identifier}' was successfully marked as redeemed.</value>
</data>
<data name="ID7172" xml:space="preserve">
<value>A concurrency exception occurred while trying to redeem the token '{Identifier}'.</value>
</data>
<data name="ID7173" xml:space="preserve">
<value>An exception occurred while trying to redeem the token '{Identifier}'.</value>
</data>
<data name="ID7174" xml:space="preserve">
<value>The token '{Identifier}' was successfully marked as rejected.</value>
</data>
<data name="ID7175" xml:space="preserve">
<value>A concurrency exception occurred while trying to reject the token '{Identifier}'.</value>
</data>
<data name="ID7176" xml:space="preserve">
<value>An exception occurred while trying to reject the token '{Identifier}'.</value>
</data>
<data name="ID7177" xml:space="preserve">
<value>The token '{Identifier}' was successfully revoked.</value>
</data>
<data name="ID7178" xml:space="preserve">
<value>A concurrency exception occurred while trying to revoke the token '{Identifier}'.</value>
</data>
<data name="ID7179" xml:space="preserve">
<value>An exception occurred while trying to revoke the token '{Identifier}'.</value>
</data>
</root>

15
src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs
View File

@ -1248,7 +1248,7 @@ namespace OpenIddict.Core
if (await HasClientTypeAsync(application, ClientTypes.Public, cancellationToken))
{
Logger.LogWarning("Client authentication cannot be enforced for public applications.");
Logger.LogWarning(SR.GetResourceString(SR.ID7159));
return false;
}
@ -1256,17 +1256,14 @@ namespace OpenIddict.Core
var value = await Store.GetClientSecretAsync(application, cancellationToken);
if (string.IsNullOrEmpty(value))
{
Logger.LogError("Client authentication failed for {Client} because " +
"no client secret was associated with the application.",
await GetClientIdAsync(application, cancellationToken));
Logger.LogError(SR.GetResourceString(SR.ID7160), await GetClientIdAsync(application, cancellationToken));
return false;
}
if (!await ValidateClientSecretAsync(secret, value, cancellationToken))
{
Logger.LogWarning("Client authentication failed for {Client}.",
await GetClientIdAsync(application, cancellationToken));
Logger.LogWarning(SR.GetResourceString(SR.ID7161), await GetClientIdAsync(application, cancellationToken));
return false;
}
@ -1307,8 +1304,7 @@ namespace OpenIddict.Core
}
}
Logger.LogWarning("Client validation failed because '{RedirectUri}' was not a valid redirect_uri " +
"for {Client}.", address, await GetClientIdAsync(application, cancellationToken));
Logger.LogWarning(SR.GetResourceString(SR.ID7162), address, await GetClientIdAsync(application, cancellationToken));
return false;
}
@ -1421,8 +1417,7 @@ namespace OpenIddict.Core
catch (Exception exception)
{
Logger.LogWarning(exception, "An error occurred while trying to verify a client secret. " +
"This may indicate that the hashed entry is corrupted or malformed.");
Logger.LogWarning(exception, SR.GetResourceString(SR.ID7163));
return new ValueTask<bool>(false);
}

9
src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
View File

@ -1015,24 +1015,21 @@ namespace OpenIddict.Core
{
await UpdateAsync(authorization, cancellationToken);
Logger.LogInformation("The authorization '{Identifier}' was successfully revoked.",
await Store.GetIdAsync(authorization, cancellationToken));
Logger.LogInformation(SR.GetResourceString(SR.ID7164), await Store.GetIdAsync(authorization, cancellationToken));
return true;
}
catch (ConcurrencyException exception)
{
Logger.LogDebug(exception, "A concurrency exception occurred while trying to revoke the authorization '{Identifier}'.",
await Store.GetIdAsync(authorization, cancellationToken));
Logger.LogDebug(exception, SR.GetResourceString(SR.ID7165), await Store.GetIdAsync(authorization, cancellationToken));
return false;
}
catch (Exception exception)
{
Logger.LogWarning(exception, "An exception occurred while trying to revoke the authorization '{Identifier}'.",
await Store.GetIdAsync(authorization, cancellationToken));
Logger.LogWarning(exception, SR.GetResourceString(SR.ID7166), await Store.GetIdAsync(authorization, cancellationToken));
return false;
}

40
src/OpenIddict.Core/Managers/OpenIddictTokenManager.cs
View File

@ -1065,13 +1065,12 @@ namespace OpenIddict.Core
if (date != null)
{
Logger.LogInformation("The expiration date of the refresh token '{Identifier}' was successfully updated: {Date}.",
await Store.GetIdAsync(token, cancellationToken), date);
Logger.LogInformation(SR.GetResourceString(SR.ID7167), await Store.GetIdAsync(token, cancellationToken), date);
}
else
{
Logger.LogInformation("The expiration date of the refresh token '{Identifier}' was successfully removed.",
Logger.LogInformation(SR.GetResourceString(SR.ID7168),
await Store.GetIdAsync(token, cancellationToken));
}
@ -1080,18 +1079,14 @@ namespace OpenIddict.Core
catch (ConcurrencyException exception)
{
Logger.LogDebug(exception, "A concurrency exception occurred while trying to update the " +
"expiration date of the token '{Identifier}'.",
await Store.GetIdAsync(token, cancellationToken));
Logger.LogDebug(exception, SR.GetResourceString(SR.ID7169), await Store.GetIdAsync(token, cancellationToken));
return false;
}
catch (Exception exception)
{
Logger.LogWarning(exception, "An exception occurred while trying to update the " +
"expiration date of the token '{Identifier}'.",
await Store.GetIdAsync(token, cancellationToken));
Logger.LogWarning(exception, SR.GetResourceString(SR.ID7170), await Store.GetIdAsync(token, cancellationToken));
return false;
}
@ -1122,24 +1117,21 @@ namespace OpenIddict.Core
{
await UpdateAsync(token, cancellationToken);
Logger.LogInformation("The token '{Identifier}' was successfully marked as redeemed.",
await Store.GetIdAsync(token, cancellationToken));
Logger.LogInformation(SR.GetResourceString(SR.ID7171), await Store.GetIdAsync(token, cancellationToken));
return true;
}
catch (ConcurrencyException exception)
{
Logger.LogDebug(exception, "A concurrency exception occurred while trying to redeem the token '{Identifier}'.",
await Store.GetIdAsync(token, cancellationToken));
Logger.LogDebug(exception, SR.GetResourceString(SR.ID7172), await Store.GetIdAsync(token, cancellationToken));
return false;
}
catch (Exception exception)
{
Logger.LogWarning(exception, "An exception occurred while trying to redeem the token '{Identifier}'.",
await Store.GetIdAsync(token, cancellationToken));
Logger.LogWarning(exception, SR.GetResourceString(SR.ID7173), await Store.GetIdAsync(token, cancellationToken));
return false;
}
@ -1170,24 +1162,21 @@ namespace OpenIddict.Core
{
await UpdateAsync(token, cancellationToken);
Logger.LogInformation("The token '{Identifier}' was successfully marked as rejected.",
await Store.GetIdAsync(token, cancellationToken));
Logger.LogInformation(SR.GetResourceString(SR.ID7174), await Store.GetIdAsync(token, cancellationToken));
return true;
}
catch (ConcurrencyException exception)
{
Logger.LogDebug(exception, "A concurrency exception occurred while trying to reject the token '{Identifier}'.",
await Store.GetIdAsync(token, cancellationToken));
Logger.LogDebug(exception, SR.GetResourceString(SR.ID7175), await Store.GetIdAsync(token, cancellationToken));
return false;
}
catch (Exception exception)
{
Logger.LogWarning(exception, "An exception occurred while trying to reject the token '{Identifier}'.",
await Store.GetIdAsync(token, cancellationToken));
Logger.LogWarning(exception, SR.GetResourceString(SR.ID7176), await Store.GetIdAsync(token, cancellationToken));
return false;
}
@ -1218,24 +1207,21 @@ namespace OpenIddict.Core
{
await UpdateAsync(token, cancellationToken);
Logger.LogInformation("The token '{Identifier}' was successfully revoked.",
await Store.GetIdAsync(token, cancellationToken));
Logger.LogInformation(SR.GetResourceString(SR.ID7177), await Store.GetIdAsync(token, cancellationToken));
return true;
}
catch (ConcurrencyException exception)
{
Logger.LogDebug(exception, "A concurrency exception occurred while trying to revoke the token '{Identifier}'.",
await Store.GetIdAsync(token, cancellationToken));
Logger.LogDebug(exception, SR.GetResourceString(SR.ID7178), await Store.GetIdAsync(token, cancellationToken));
return false;
}
catch (Exception exception)
{
Logger.LogWarning(exception, "An exception occurred while trying to revoke the token '{Identifier}'.",
await Store.GetIdAsync(token, cancellationToken));
Logger.LogWarning(exception, SR.GetResourceString(SR.ID7179), await Store.GetIdAsync(token, cancellationToken));
return false;
}

30
src/OpenIddict.Core/OpenIddictCoreExtensions.cs
View File

@ -5,7 +5,6 @@
*/
using System;
using System.Text;
using JetBrains.Annotations;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Localization;
@ -13,6 +12,7 @@ using Microsoft.Extensions.Logging.Abstractions;
using OpenIddict.Abstractions;
using OpenIddict.Abstractions.Resources;
using OpenIddict.Core;
using SR = OpenIddict.Abstractions.Resources.OpenIddictResources;
namespace Microsoft.Extensions.DependencyInjection
{
@ -61,12 +61,7 @@ namespace Microsoft.Extensions.DependencyInjection
var options = provider.GetRequiredService<IOptionsMonitor<OpenIddictCoreOptions>>().CurrentValue;
if (options.DefaultApplicationType == null)
{
throw new InvalidOperationException(new StringBuilder()
.Append("No default application entity type was configured in the OpenIddict core options, ")
.AppendLine("which generally indicates that no application store was registered in the DI container.")
.Append("To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' ")
.Append("package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.")
.ToString());
throw new InvalidOperationException(SR.GetResourceString(SR.ID1272));
}
return (IOpenIddictApplicationManager) provider.GetRequiredService(
@ -78,12 +73,7 @@ namespace Microsoft.Extensions.DependencyInjection
var options = provider.GetRequiredService<IOptionsMonitor<OpenIddictCoreOptions>>().CurrentValue;
if (options.DefaultAuthorizationType == null)
{
throw new InvalidOperationException(new StringBuilder()
.Append("No default authorization entity type was configured in the OpenIddict core options, ")
.AppendLine("which generally indicates that no authorization store was registered in the DI container.")
.Append("To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' ")
.Append("package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.")
.ToString());
throw new InvalidOperationException(SR.GetResourceString(SR.ID1273));
}
return (IOpenIddictAuthorizationManager) provider.GetRequiredService(
@ -95,12 +85,7 @@ namespace Microsoft.Extensions.DependencyInjection
var options = provider.GetRequiredService<IOptionsMonitor<OpenIddictCoreOptions>>().CurrentValue;
if (options.DefaultScopeType == null)
{
throw new InvalidOperationException(new StringBuilder()
.Append("No default scope entity type was configured in the OpenIddict core options, ")
.AppendLine("which generally indicates that no scope store was registered in the DI container.")
.Append("To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' ")
.Append("package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.")
.ToString());
throw new InvalidOperationException(SR.GetResourceString(SR.ID1274));
}
return (IOpenIddictScopeManager) provider.GetRequiredService(
@ -112,12 +97,7 @@ namespace Microsoft.Extensions.DependencyInjection
var options = provider.GetRequiredService<IOptionsMonitor<OpenIddictCoreOptions>>().CurrentValue;
if (options.DefaultTokenType == null)
{
throw new InvalidOperationException(new StringBuilder()
.Append("No default token entity type was configured in the OpenIddict core options, ")
.AppendLine("which generally indicates that no token store was registered in the DI container.")
.Append("To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' ")
.Append("package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.")
.ToString());
throw new InvalidOperationException(SR.GetResourceString(SR.ID1275));
}
return (IOpenIddictTokenManager) provider.GetRequiredService(

7
src/OpenIddict.EntityFramework/OpenIddictEntityFrameworkBuilder.cs
View File

@ -7,7 +7,6 @@
using System;
using System.ComponentModel;
using System.Data.Entity;
using System.Text;
using JetBrains.Annotations;
using Microsoft.Extensions.DependencyInjection.Extensions;
using OpenIddict.Core;
@ -71,11 +70,7 @@ namespace Microsoft.Extensions.DependencyInjection
if (typeof(TApplication).IsGenericType || typeof(TAuthorization).IsGenericType ||
typeof(TScope).IsGenericType || typeof(TToken).IsGenericType)
{
throw new InvalidOperationException(new StringBuilder()
.AppendLine("The Entity Framework 6.x stores cannot be used with generic types.")
.Append("Consider creating non-generic classes derived from the default entities ")
.Append("for the application, authorization, scope and token entities.")
.ToString());
throw new InvalidOperationException(SR.GetResourceString(SR.ID1276));
}
Services.Configure<OpenIddictCoreOptions>(options =>

18
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
View File

@ -114,8 +114,7 @@ namespace OpenIddict.Server.AspNetCore
var token = await _cache.GetStringAsync(Cache.AuthorizationRequest + context.Request.RequestId);
if (token == null || !context.Options.JsonWebTokenHandler.CanReadToken(token))
{
context.Logger.LogError("The authorization request was rejected because an unknown " +
"or invalid request_id parameter was specified.");
context.Logger.LogError(SR.GetResourceString(SR.ID7146), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -132,8 +131,7 @@ namespace OpenIddict.Server.AspNetCore
var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters);
if (!result.IsValid)
{
context.Logger.LogError("The authorization request was rejected because an unknown " +
"or invalid request_id parameter was specified.");
context.Logger.LogError(SR.GetResourceString(SR.ID7146), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -381,9 +379,7 @@ namespace OpenIddict.Server.AspNetCore
return;
}
context.Logger.LogInformation("The authorization response was successfully returned to " +
"'{RedirectUri}' using the form post response mode: {Response}.",
context.RedirectUri, context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7147), context.RedirectUri, context.Response);
using (var buffer = new MemoryStream())
using (var writer = new StreamWriter(buffer))
@ -478,9 +474,7 @@ namespace OpenIddict.Server.AspNetCore
return default;
}
context.Logger.LogInformation("The authorization response was successfully returned to " +
"'{RedirectUri}' using the query response mode: {Response}.",
context.RedirectUri, context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7148), context.RedirectUri, context.Response);
var location = context.RedirectUri;
@ -549,9 +543,7 @@ namespace OpenIddict.Server.AspNetCore
return default;
}
context.Logger.LogInformation("The authorization response was successfully returned to " +
"'{RedirectUri}' using the fragment response mode: {Response}.",
context.RedirectUri, context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7149), context.RedirectUri, context.Response);
var builder = new StringBuilder(context.RedirectUri);

9
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Session.cs
View File

@ -111,8 +111,7 @@ namespace OpenIddict.Server.AspNetCore
var token = await _cache.GetStringAsync(Cache.LogoutRequest + context.Request.RequestId);
if (token == null || !context.Options.JsonWebTokenHandler.CanReadToken(token))
{
context.Logger.LogError("The logout request was rejected because an unknown " +
"or invalid request_id parameter was specified.");
context.Logger.LogError(SR.GetResourceString(SR.ID7150), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -129,8 +128,7 @@ namespace OpenIddict.Server.AspNetCore
var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters);
if (!result.IsValid)
{
context.Logger.LogError("The logout request was rejected because an unknown " +
"or invalid request_id parameter was specified.");
context.Logger.LogError(SR.GetResourceString(SR.ID7150), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -372,8 +370,7 @@ namespace OpenIddict.Server.AspNetCore
return default;
}
context.Logger.LogInformation("The logout response was successfully returned to '{PostLogoutRedirectUri}': {Response}.",
context.PostLogoutRedirectUri, response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7151), context.PostLogoutRedirectUri, response);
var location = context.PostLogoutRedirectUri;

37
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs
View File

@ -119,6 +119,11 @@ namespace OpenIddict.Server.AspNetCore
Matches(request, context.Options.VerificationEndpointUris) ? OpenIddictServerEndpointType.Verification :
OpenIddictServerEndpointType.Unknown;
if (context.EndpointType != OpenIddictServerEndpointType.Unknown)
{
context.Logger.LogInformation(SR.GetResourceString(SR.ID7053), context.EndpointType);
}
return default;
static bool Matches(HttpRequest request, IReadOnlyList<Uri> addresses)
@ -449,8 +454,7 @@ namespace OpenIddict.Server.AspNetCore
else
{
context.Logger.LogError("The request was rejected because an invalid " +
"HTTP method was specified: {Method}.", request.Method);
context.Logger.LogError(SR.GetResourceString(SR.ID7137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -512,7 +516,7 @@ namespace OpenIddict.Server.AspNetCore
// See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization
if (string.IsNullOrEmpty(request.ContentType))
{
context.Logger.LogError("The request was rejected because the mandatory 'Content-Type' header was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7138), HeaderNames.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -524,8 +528,7 @@ namespace OpenIddict.Server.AspNetCore
// May have media/type; charset=utf-8, allow partial match.
if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase))
{
context.Logger.LogError("The request was rejected because an invalid 'Content-Type' " +
"header was specified: {ContentType}.", request.ContentType);
context.Logger.LogError(SR.GetResourceString(SR.ID7139), HeaderNames.ContentType, request.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -539,8 +542,7 @@ namespace OpenIddict.Server.AspNetCore
else
{
context.Logger.LogError("The request was rejected because an invalid " +
"HTTP method was specified: {Method}.", request.Method);
context.Logger.LogError(SR.GetResourceString(SR.ID7137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -595,7 +597,7 @@ namespace OpenIddict.Server.AspNetCore
// See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization
if (string.IsNullOrEmpty(request.ContentType))
{
context.Logger.LogError("The request was rejected because the mandatory 'Content-Type' header was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7138), HeaderNames.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -607,8 +609,7 @@ namespace OpenIddict.Server.AspNetCore
// May have media/type; charset=utf-8, allow partial match.
if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase))
{
context.Logger.LogError("The request was rejected because an invalid 'Content-Type' " +
"header was specified: {ContentType}.", request.ContentType);
context.Logger.LogError(SR.GetResourceString(SR.ID7139), HeaderNames.ContentType, request.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -622,8 +623,7 @@ namespace OpenIddict.Server.AspNetCore
else
{
context.Logger.LogError("The request was rejected because an invalid " +
"HTTP method was specified: {Method}.", request.Method);
context.Logger.LogError(SR.GetResourceString(SR.ID7137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -684,7 +684,7 @@ namespace OpenIddict.Server.AspNetCore
// See https://tools.ietf.org/html/rfc6749#section-2.3 for more information.
if (!string.IsNullOrEmpty(context.Request.ClientAssertion) || !string.IsNullOrEmpty(context.Request.ClientSecret))
{
context.Logger.LogError("The request was rejected because multiple client credentials were specified.");
context.Logger.LogError(SR.GetResourceString(SR.ID7140));
context.Reject(
error: Errors.InvalidRequest,
@ -1109,7 +1109,7 @@ namespace OpenIddict.Server.AspNetCore
return default;
}
context.Logger.LogInformation("The response was successfully returned as a challenge response: {Response}.", context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7141), context.Response);
context.HandleRequest();
return default;
@ -1155,7 +1155,7 @@ namespace OpenIddict.Server.AspNetCore
throw new InvalidOperationException(SR.GetResourceString(SR.ID1113));
}
context.Logger.LogInformation("The response was successfully returned as a JSON document: {Response}.", context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7142), context.Response);
using var stream = new MemoryStream();
await JsonSerializer.SerializeAsync(stream, context.Response, new JsonSerializerOptions
@ -1341,8 +1341,7 @@ namespace OpenIddict.Server.AspNetCore
// Don't return the state originally sent by the client application.
context.Response.State = null;
context.Logger.LogInformation("The authorization response was successfully returned " +
"as a plain-text document: {Response}.", context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7143), context.Response);
using var stream = new MemoryStream();
using var writer = new StreamWriter(stream);
@ -1420,7 +1419,7 @@ namespace OpenIddict.Server.AspNetCore
{
response.Redirect(properties.RedirectUri);
context.Logger.LogInformation("The response was successfully returned as a 302 response.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7144));
context.HandleRequest();
}
@ -1460,7 +1459,7 @@ namespace OpenIddict.Server.AspNetCore
throw new ArgumentNullException(nameof(context));
}
context.Logger.LogInformation("The response was successfully returned as an empty 200 response.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7145));
context.HandleRequest();
return default;

40
src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.cs
View File

@ -116,8 +116,7 @@ namespace OpenIddict.Server.DataProtection
context.Principal = principal;
context.Logger.LogTrace("The DP token '{Token}' was successfully validated and the following claims " +
"could be extracted: {Claims}.", context.Token, context.Principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7152), context.Token, context.Principal.Claims);
return default;
@ -162,7 +161,7 @@ namespace OpenIddict.Server.DataProtection
catch (Exception exception)
{
context.Logger.LogTrace(exception, "An exception occured while deserializing the token '{Token}'.", token);
context.Logger.LogTrace(exception, SR.GetResourceString(SR.ID7153), token);
return null;
}
@ -226,10 +225,9 @@ namespace OpenIddict.Server.DataProtection
context.Response.AccessToken = Base64UrlEncoder.Encode(protector.Protect(buffer.ToArray()));
context.Logger.LogTrace("The access token '{Identifier}' was successfully created: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.AccessTokenPrincipal.GetClaim(Claims.JwtId),
context.Response.AccessToken, context.AccessTokenPrincipal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7013),
context.AccessTokenPrincipal.GetClaim(Claims.JwtId),
context.Response.AccessToken, context.AccessTokenPrincipal.Claims);
return default;
}
@ -291,10 +289,9 @@ namespace OpenIddict.Server.DataProtection
context.Response.Code = Base64UrlEncoder.Encode(protector.Protect(buffer.ToArray()));
context.Logger.LogTrace("The authorization code '{Identifier}' was successfully created: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.AuthorizationCodePrincipal.GetClaim(Claims.JwtId),
context.Response.Code, context.AuthorizationCodePrincipal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7016),
context.AuthorizationCodePrincipal.GetClaim(Claims.JwtId),
context.Response.Code, context.AuthorizationCodePrincipal.Claims);
return default;
}
@ -356,10 +353,9 @@ namespace OpenIddict.Server.DataProtection
context.Response.DeviceCode = Base64UrlEncoder.Encode(protector.Protect(buffer.ToArray()));
context.Logger.LogTrace("The device code '{Identifier}' was successfully created: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.DeviceCodePrincipal.GetClaim(Claims.JwtId),
context.Response.DeviceCode, context.DeviceCodePrincipal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7019),
context.DeviceCodePrincipal.GetClaim(Claims.JwtId),
context.Response.DeviceCode, context.DeviceCodePrincipal.Claims);
return default;
}
@ -421,10 +417,9 @@ namespace OpenIddict.Server.DataProtection
context.Response.RefreshToken = Base64UrlEncoder.Encode(protector.Protect(buffer.ToArray()));
context.Logger.LogTrace("The refresh token '{Identifier}' was successfully created: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.RefreshTokenPrincipal.GetClaim(Claims.JwtId),
context.Response.RefreshToken, context.RefreshTokenPrincipal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7023),
context.RefreshTokenPrincipal.GetClaim(Claims.JwtId),
context.Response.RefreshToken, context.RefreshTokenPrincipal.Claims);
return default;
}
@ -486,10 +481,9 @@ namespace OpenIddict.Server.DataProtection
context.Response.UserCode = Base64UrlEncoder.Encode(protector.Protect(buffer.ToArray()));
context.Logger.LogTrace("The user code '{Identifier}' was successfully created: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.UserCodePrincipal.GetClaim(Claims.JwtId),
context.Response.UserCode, context.UserCodePrincipal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7026),
context.UserCodePrincipal.GetClaim(Claims.JwtId),
context.Response.UserCode, context.UserCodePrincipal.Claims);
return default;
}

18
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
View File

@ -113,8 +113,7 @@ namespace OpenIddict.Server.Owin
var token = await _cache.GetStringAsync(Cache.AuthorizationRequest + context.Request.RequestId);
if (token == null || !context.Options.JsonWebTokenHandler.CanReadToken(token))
{
context.Logger.LogError("The authorization request was rejected because an unknown " +
"or invalid request_id parameter was specified.");
context.Logger.LogError(SR.GetResourceString(SR.ID7146), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -131,8 +130,7 @@ namespace OpenIddict.Server.Owin
var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters);
if (!result.IsValid)
{
context.Logger.LogError("The authorization request was rejected because an unknown " +
"or invalid request_id parameter was specified.");
context.Logger.LogError(SR.GetResourceString(SR.ID7146), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -375,9 +373,7 @@ namespace OpenIddict.Server.Owin
return;
}
context.Logger.LogInformation("The authorization response was successfully returned to " +
"'{RedirectUri}' using the form post response mode: {Response}.",
context.RedirectUri, context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7147), context.RedirectUri, context.Response);
using (var buffer = new MemoryStream())
using (var writer = new StreamWriter(buffer))
@ -473,9 +469,7 @@ namespace OpenIddict.Server.Owin
return default;
}
context.Logger.LogInformation("The authorization response was successfully returned to " +
"'{RedirectUri}' using the query response mode: {Response}.",
context.RedirectUri, context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7148), context.RedirectUri, context.Response);
var location = context.RedirectUri;
@ -544,9 +538,7 @@ namespace OpenIddict.Server.Owin
return default;
}
context.Logger.LogInformation("The authorization response was successfully returned to " +
"'{RedirectUri}' using the fragment response mode: {Response}.",
context.RedirectUri, context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7149), context.RedirectUri, context.Response);
var builder = new StringBuilder(context.RedirectUri);

9
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Session.cs
View File

@ -110,8 +110,7 @@ namespace OpenIddict.Server.Owin
var token = await _cache.GetStringAsync(Cache.LogoutRequest + context.Request.RequestId);
if (token == null || !context.Options.JsonWebTokenHandler.CanReadToken(token))
{
context.Logger.LogError("The logout request was rejected because an unknown " +
"or invalid request_id parameter was specified.");
context.Logger.LogError(SR.GetResourceString(SR.ID7150), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -128,8 +127,7 @@ namespace OpenIddict.Server.Owin
var result = context.Options.JsonWebTokenHandler.ValidateToken(token, parameters);
if (!result.IsValid)
{
context.Logger.LogError("The logout request was rejected because an unknown " +
"or invalid request_id parameter was specified.");
context.Logger.LogError(SR.GetResourceString(SR.ID7150), Parameters.RequestId);
context.Reject(
error: Errors.InvalidRequest,
@ -366,8 +364,7 @@ namespace OpenIddict.Server.Owin
return default;
}
context.Logger.LogInformation("The logout response was successfully returned to '{PostLogoutRedirectUri}': {Response}.",
context.PostLogoutRedirectUri, response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7151), context.PostLogoutRedirectUri, response);
var location = context.PostLogoutRedirectUri;

37
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs
View File

@ -107,6 +107,11 @@ namespace OpenIddict.Server.Owin
Matches(request, context.Options.VerificationEndpointUris) ? OpenIddictServerEndpointType.Verification :
OpenIddictServerEndpointType.Unknown;
if (context.EndpointType != OpenIddictServerEndpointType.Unknown)
{
context.Logger.LogInformation(SR.GetResourceString(SR.ID7053), context.EndpointType);
}
return default;
static bool Matches(IOwinRequest request, IReadOnlyList<Uri> addresses)
@ -382,8 +387,7 @@ namespace OpenIddict.Server.Owin
else
{
context.Logger.LogError("The request was rejected because an invalid " +
"HTTP method was specified: {Method}.", request.Method);
context.Logger.LogError(SR.GetResourceString(SR.ID7137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -445,7 +449,7 @@ namespace OpenIddict.Server.Owin
// See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization
if (string.IsNullOrEmpty(request.ContentType))
{
context.Logger.LogError("The request was rejected because the mandatory 'Content-Type' header was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7138), "Content-Type");
context.Reject(
error: Errors.InvalidRequest,
@ -457,8 +461,7 @@ namespace OpenIddict.Server.Owin
// May have media/type; charset=utf-8, allow partial match.
if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase))
{
context.Logger.LogError("The request was rejected because an invalid 'Content-Type' " +
"header was specified: {ContentType}.", request.ContentType);
context.Logger.LogError(SR.GetResourceString(SR.ID7139), "Content-Type", request.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -472,8 +475,7 @@ namespace OpenIddict.Server.Owin
else
{
context.Logger.LogError("The request was rejected because an invalid " +
"HTTP method was specified: {Method}.", request.Method);
context.Logger.LogError(SR.GetResourceString(SR.ID7137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -528,7 +530,7 @@ namespace OpenIddict.Server.Owin
// See http://openid.net/specs/openid-connect-core-1_0.html#FormSerialization
if (string.IsNullOrEmpty(request.ContentType))
{
context.Logger.LogError("The request was rejected because the mandatory 'Content-Type' header was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7138), "Content-Type");
context.Reject(
error: Errors.InvalidRequest,
@ -540,8 +542,7 @@ namespace OpenIddict.Server.Owin
// May have media/type; charset=utf-8, allow partial match.
if (!request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase))
{
context.Logger.LogError("The request was rejected because an invalid 'Content-Type' " +
"header was specified: {ContentType}.", request.ContentType);
context.Logger.LogError(SR.GetResourceString(SR.ID7139), "Content-Type", request.ContentType);
context.Reject(
error: Errors.InvalidRequest,
@ -555,8 +556,7 @@ namespace OpenIddict.Server.Owin
else
{
context.Logger.LogError("The request was rejected because an invalid " +
"HTTP method was specified: {Method}.", request.Method);
context.Logger.LogError(SR.GetResourceString(SR.ID7137), request.Method);
context.Reject(
error: Errors.InvalidRequest,
@ -617,7 +617,7 @@ namespace OpenIddict.Server.Owin
// See https://tools.ietf.org/html/rfc6749#section-2.3 for more information.
if (!string.IsNullOrEmpty(context.Request.ClientAssertion) || !string.IsNullOrEmpty(context.Request.ClientSecret))
{
context.Logger.LogError("The request was rejected because multiple client credentials were specified.");
context.Logger.LogError(SR.GetResourceString(SR.ID7140));
context.Reject(
error: Errors.InvalidRequest,
@ -1042,7 +1042,7 @@ namespace OpenIddict.Server.Owin
return default;
}
context.Logger.LogInformation("The response was successfully returned as a challenge response: {Response}.", context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7141), context.Response);
context.HandleRequest();
return default;
@ -1088,7 +1088,7 @@ namespace OpenIddict.Server.Owin
throw new InvalidOperationException(SR.GetResourceString(SR.ID1119));
}
context.Logger.LogInformation("The response was successfully returned as a JSON document: {Response}.", context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7142), context.Response);
using var stream = new MemoryStream();
await JsonSerializer.SerializeAsync(stream, context.Response, new JsonSerializerOptions
@ -1213,8 +1213,7 @@ namespace OpenIddict.Server.Owin
// Don't return the state originally sent by the client application.
context.Response.State = null;
context.Logger.LogInformation("The authorization response was successfully returned " +
"as a plain-text document: {Response}.", context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7143), context.Response);
using var stream = new MemoryStream();
using var writer = new StreamWriter(stream);
@ -1292,7 +1291,7 @@ namespace OpenIddict.Server.Owin
{
response.Redirect(properties.RedirectUri);
context.Logger.LogInformation("The response was successfully returned as a 302 response.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7144));
context.HandleRequest();
}
@ -1332,7 +1331,7 @@ namespace OpenIddict.Server.Owin
throw new ArgumentNullException(nameof(context));
}
context.Logger.LogInformation("The response was successfully returned as an empty 200 response.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7145));
context.HandleRequest();
return default;

6
src/OpenIddict.Server/OpenIddictServerConfiguration.cs
View File

@ -320,8 +320,7 @@ namespace OpenIddict.Server
{
parameters = rsaSecurityKey.Rsa.ExportParameters(includePrivateParameters: false);
Debug.Assert(parameters.Modulus != null,
"A null modulus shouldn't be returned by RSA.ExportParameters().");
Debug.Assert(parameters.Modulus != null, SR.GetResourceString(SR.ID5003));
}
// Only use the 40 first chars of the base64url-encoded modulus.
@ -335,8 +334,7 @@ namespace OpenIddict.Server
// Extract the ECDSA parameters from the signing credentials.
var parameters = ecsdaSecurityKey.ECDsa.ExportParameters(includePrivateParameters: false);
Debug.Assert(parameters.Q.X != null,
"Invalid coordinates shouldn't be returned by ECDsa.ExportParameters().");
Debug.Assert(parameters.Q.X != null, SR.GetResourceString(SR.ID5004));
// Only use the 40 first chars of the base64url-encoded X coordinate.
var identifier = Base64UrlEncoder.Encode(parameters.Q.X);

15
src/OpenIddict.Server/OpenIddictServerDispatcher.cs
View File

@ -50,16 +50,14 @@ namespace OpenIddict.Server
catch (Exception exception) when (_logger.IsEnabled(LogLevel.Debug))
{
_logger.LogDebug(exception, "An exception was thrown by {FullName} while handling the {Event} event.",
handler.GetType().FullName, typeof(TContext).FullName);
_logger.LogDebug(exception, SR.GetResourceString(SR.ID7132), handler.GetType().FullName, typeof(TContext).FullName);
throw;
}
if (_logger.IsEnabled(LogLevel.Debug))
{
_logger.LogDebug("The event {Event} was successfully processed by {FullName}.",
typeof(TContext).FullName, handler.GetType().FullName);
_logger.LogDebug(SR.GetResourceString(SR.ID7133), typeof(TContext).FullName, handler.GetType().FullName);
}
switch (context)
@ -67,24 +65,21 @@ namespace OpenIddict.Server
case BaseRequestContext notification when notification.IsRequestHandled:
if (_logger.IsEnabled(LogLevel.Debug))
{
_logger.LogDebug("The event {Event} was marked as handled by {FullName}.",
typeof(TContext).FullName, handler.GetType().FullName);
_logger.LogDebug(SR.GetResourceString(SR.ID7134), typeof(TContext).FullName, handler.GetType().FullName);
}
return;
case BaseRequestContext notification when notification.IsRequestSkipped:
if (_logger.IsEnabled(LogLevel.Debug))
{
_logger.LogDebug("The event {Event} was marked as skipped by {FullName}.",
typeof(TContext).FullName, handler.GetType().FullName);
_logger.LogDebug(SR.GetResourceString(SR.ID7135), typeof(TContext).FullName, handler.GetType().FullName);
}
return;
case BaseValidatingContext notification when notification.IsRejected:
if (_logger.IsEnabled(LogLevel.Debug))
{
_logger.LogDebug("The event {Event} was marked as rejected by {FullName}.",
typeof(TContext).FullName, handler.GetType().FullName);
_logger.LogDebug(SR.GetResourceString(SR.ID7136), typeof(TContext).FullName, handler.GetType().FullName);
}
return;

93
src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs
View File

@ -128,7 +128,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException(SR.GetResourceString(SR.ID1026));
}
context.Logger.LogInformation("The authorization request was successfully extracted: {Request}.", notification.Request);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7030), notification.Request);
}
}
@ -200,7 +200,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException(SR.GetResourceString(SR.ID1027));
}
context.Logger.LogInformation("The authorization request was successfully validated.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7031));
}
}
@ -385,8 +385,7 @@ namespace OpenIddict.Server
// Reject requests using the unsupported request parameter.
if (!string.IsNullOrEmpty(context.Request.Request))
{
context.Logger.LogError("The authorization request was rejected because it contained " +
"an unsupported parameter: {Parameter}.", Parameters.Request);
context.Logger.LogError(SR.GetResourceString(SR.ID7032), Parameters.Request);
context.Reject(
error: Errors.RequestNotSupported,
@ -431,8 +430,7 @@ namespace OpenIddict.Server
// Reject requests using the unsupported request_uri parameter.
if (!string.IsNullOrEmpty(context.Request.RequestUri))
{
context.Logger.LogError("The authorization request was rejected because it contained " +
"an unsupported parameter: {Parameter}.", Parameters.RequestUri);
context.Logger.LogError(SR.GetResourceString(SR.ID7032), Parameters.RequestUri);
context.Reject(
error: Errors.RequestUriNotSupported,
@ -478,8 +476,7 @@ namespace OpenIddict.Server
// See http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.
if (string.IsNullOrEmpty(context.ClientId))
{
context.Logger.LogError("The authorization request was rejected because " +
"the mandatory 'client_id' parameter was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7033), Parameters.ClientId);
context.Reject(
error: Errors.InvalidRequest,
@ -530,8 +527,7 @@ namespace OpenIddict.Server
{
if (context.Request.HasScope(Scopes.OpenId))
{
context.Logger.LogError("The authorization request was rejected because " +
"the mandatory 'redirect_uri' parameter was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7033), Parameters.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -553,8 +549,7 @@ namespace OpenIddict.Server
// See https://github.com/dotnet/corefx/issues/22098 for more information.
if (!Uri.TryCreate(context.RedirectUri, UriKind.Absolute, out Uri uri) || !uri.IsWellFormedOriginalString())
{
context.Logger.LogError("The authorization request was rejected because the 'redirect_uri' parameter " +
"didn't correspond to a valid absolute URL: {RedirectUri}.", context.RedirectUri);
context.Logger.LogError(SR.GetResourceString(SR.ID7034), Parameters.RedirectUri, context.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -568,8 +563,7 @@ namespace OpenIddict.Server
// and http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
if (!string.IsNullOrEmpty(uri.Fragment))
{
context.Logger.LogError("The authorization request was rejected because the 'redirect_uri' " +
"contained a URL fragment: {RedirectUri}.", context.RedirectUri);
context.Logger.LogError(SR.GetResourceString(SR.ID7035), Parameters.RedirectUri, context.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -614,8 +608,7 @@ namespace OpenIddict.Server
// Reject requests missing the mandatory response_type parameter.
if (string.IsNullOrEmpty(context.Request.ResponseType))
{
context.Logger.LogError("The authorization request was rejected because " +
"the mandatory 'response_type' parameter was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7033), Parameters.ResponseType);
context.Reject(
error: Errors.InvalidRequest,
@ -629,8 +622,7 @@ namespace OpenIddict.Server
if (!context.Options.ResponseTypes.Any(type =>
types.SetEquals(type.Split(Separators.Space, StringSplitOptions.RemoveEmptyEntries))))
{
context.Logger.LogError("The authorization request was rejected because the '{ResponseType}' " +
"response type is not supported.", context.Request.ResponseType);
context.Logger.LogError(SR.GetResourceString(SR.ID7036), context.Request.ResponseType);
context.Reject(
error: Errors.UnsupportedResponseType,
@ -678,9 +670,7 @@ namespace OpenIddict.Server
if (context.Request.IsQueryResponseMode() && (context.Request.HasResponseType(ResponseTypes.IdToken) ||
context.Request.HasResponseType(ResponseTypes.Token)))
{
context.Logger.LogError("The authorization request was rejected because the 'response_type'/'response_mode' " +
"combination was invalid: {ResponseType} ; {ResponseMode}.",
context.Request.ResponseType, context.Request.ResponseMode);
context.Logger.LogError(SR.GetResourceString(SR.ID7037), context.Request.ResponseType, context.Request.ResponseMode);
context.Reject(
error: Errors.InvalidRequest,
@ -693,8 +683,7 @@ namespace OpenIddict.Server
// if the default response_mode inferred from the response_type was explicitly disabled in the options.
if (!ValidateResponseMode(context.Request, context.Options))
{
context.Logger.LogError("The authorization request was rejected because the '{ResponseMode}' " +
"response mode is not supported.", context.Request.ResponseMode);
context.Logger.LogError(SR.GetResourceString(SR.ID7038), context.Request.ResponseMode);
context.Reject(
error: Errors.InvalidRequest,
@ -764,7 +753,7 @@ namespace OpenIddict.Server
// Reject authorization requests containing the id_token response_type if no openid scope has been received.
if (context.Request.HasResponseType(ResponseTypes.IdToken) && !context.Request.HasScope(Scopes.OpenId))
{
context.Logger.LogError("The authorization request was rejected because the 'openid' scope was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7039), Scopes.OpenId);
context.Reject(
error: Errors.InvalidRequest,
@ -828,7 +817,7 @@ namespace OpenIddict.Server
if (context.Request.IsImplicitFlow() || context.Request.IsHybridFlow())
{
context.Logger.LogError("The authorization request was rejected because the mandatory 'nonce' parameter was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7033), Parameters.Nonce);
context.Reject(
error: Errors.InvalidRequest,
@ -875,7 +864,7 @@ namespace OpenIddict.Server
context.Request.HasPrompt(Prompts.Login) ||
context.Request.HasPrompt(Prompts.SelectAccount)))
{
context.Logger.LogError("The authorization request was rejected because an invalid prompt parameter was specified.");
context.Logger.LogError(SR.GetResourceString(SR.ID7040));
context.Reject(
error: Errors.InvalidRequest,
@ -926,7 +915,7 @@ namespace OpenIddict.Server
// Ensure a code_challenge was specified if a code_challenge_method was used.
if (string.IsNullOrEmpty(context.Request.CodeChallenge))
{
context.Logger.LogError("The authorization request was rejected because the code_challenge was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7033), Parameters.CodeChallenge);
context.Reject(
error: Errors.InvalidRequest,
@ -940,8 +929,7 @@ namespace OpenIddict.Server
if (string.IsNullOrEmpty(context.Request.CodeChallengeMethod) &&
!context.Options.CodeChallengeMethods.Contains(CodeChallengeMethods.Plain))
{
context.Logger.LogError("The authorization request was rejected because the " +
"required 'code_challenge_method' parameter was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7033), Parameters.CodeChallengeMethod);
context.Reject(
error: Errors.InvalidRequest,
@ -954,8 +942,7 @@ namespace OpenIddict.Server
if (!string.IsNullOrEmpty(context.Request.CodeChallengeMethod) &&
!context.Options.CodeChallengeMethods.Contains(context.Request.CodeChallengeMethod))
{
context.Logger.LogError("The authorization request was rejected because " +
"the specified code challenge method was not supported.");
context.Logger.LogError(SR.GetResourceString(SR.ID7041));
context.Reject(
error: Errors.InvalidRequest,
@ -967,8 +954,7 @@ namespace OpenIddict.Server
// When code_challenge or code_challenge_method is specified, ensure the response_type includes "code".
if (!context.Request.HasResponseType(ResponseTypes.Code))
{
context.Logger.LogError("The authorization request was rejected because the response type " +
"was not compatible with 'code_challenge'/'code_challenge_method'.");
context.Logger.LogError(SR.GetResourceString(SR.ID7042));
context.Reject(
error: Errors.InvalidRequest,
@ -981,8 +967,7 @@ namespace OpenIddict.Server
// Reject authorization requests that contain response_type=token when a code_challenge is specified.
if (context.Request.HasResponseType(ResponseTypes.Token))
{
context.Logger.LogError("The authorization request was rejected because the " +
"specified response type was not compatible with PKCE.");
context.Logger.LogError(SR.GetResourceString(SR.ID7043));
context.Reject(
error: Errors.InvalidRequest,
@ -1036,8 +1021,7 @@ namespace OpenIddict.Server
var application = await _applicationManager.FindByClientIdAsync(context.ClientId);
if (application == null)
{
context.Logger.LogError("The authorization request was rejected because the client " +
"application was not found: '{ClientId}'.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7044), context.ClientId);
context.Reject(
error: Errors.InvalidRequest,
@ -1100,8 +1084,7 @@ namespace OpenIddict.Server
if (context.Request.HasResponseType(ResponseTypes.Token) &&
await _applicationManager.HasClientTypeAsync(application, ClientTypes.Confidential))
{
context.Logger.LogError("The authorization request was rejected because the confidential application '{ClientId}' " +
"was not allowed to retrieve an access token from the authorization endpoint.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7045), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1163,8 +1146,7 @@ namespace OpenIddict.Server
var addresses = await _applicationManager.GetRedirectUrisAsync(application);
if (addresses.Length != 1)
{
context.Logger.LogError("The authorization request was rejected because " +
"the mandatory 'redirect_uri' parameter was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7033), Parameters.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -1181,8 +1163,7 @@ namespace OpenIddict.Server
// Otherwise, ensure that the specified redirect_uri is valid and is associated with the client application.
if (!await _applicationManager.ValidateRedirectUriAsync(application, context.RedirectUri))
{
context.Logger.LogError("The authorization request was rejected because the redirect_uri " +
"was invalid: '{RedirectUri}'.", context.RedirectUri);
context.Logger.LogError(SR.GetResourceString(SR.ID7046), context.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -1247,8 +1228,7 @@ namespace OpenIddict.Server
// If at least one scope was not recognized, return an error.
if (scopes.Count != 0)
{
context.Logger.LogError("The authentication request was rejected because " +
"invalid scopes were specified: {Scopes}.", scopes);
context.Logger.LogError(SR.GetResourceString(SR.ID7047), scopes);
context.Reject(
error: Errors.InvalidScope,
@ -1307,8 +1287,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the authorization endpoint.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Authorization))
{
context.Logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to use the authorization endpoint.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7048), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1368,8 +1347,7 @@ namespace OpenIddict.Server
if (context.Request.IsAuthorizationCodeFlow() &&
!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.AuthorizationCode))
{
context.Logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to use the authorization code flow.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7049), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1382,8 +1360,7 @@ namespace OpenIddict.Server
if (context.Request.IsImplicitFlow() &&
!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.Implicit))
{
context.Logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to use the implicit flow.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7050), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1397,8 +1374,7 @@ namespace OpenIddict.Server
(!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.AuthorizationCode) ||
!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.Implicit)))
{
context.Logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to use the hybrid flow.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7051), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1412,12 +1388,11 @@ namespace OpenIddict.Server
if (context.Request.HasScope(Scopes.OfflineAccess) &&
!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.RefreshToken))
{
context.Logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to request the 'offline_access' scope.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7052), context.ClientId, Scopes.OfflineAccess);
context.Reject(
error: Errors.InvalidRequest,
description: context.Localizer[SR.ID3050]);
description: context.Localizer[SR.ID3065, Scopes.OfflineAccess]);
return;
}
@ -1481,8 +1456,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the iterated scope.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.Scope + scope))
{
context.Logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to use the scope {Scope}.", context.ClientId, scope);
context.Logger.LogError(SR.GetResourceString(SR.ID7052), context.ClientId, scope);
context.Reject(
error: Errors.InvalidRequest,
@ -1548,8 +1522,7 @@ namespace OpenIddict.Server
if (await _applicationManager.HasRequirementAsync(application, Requirements.Features.ProofKeyForCodeExchange))
{
context.Logger.LogError("The authorization request was rejected because the " +
"required 'code_challenge' parameter was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7033), Parameters.CodeChallenge);
context.Reject(
error: Errors.InvalidRequest,

31
src/OpenIddict.Server/OpenIddictServerHandlers.Device.cs
View File

@ -126,7 +126,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException(SR.GetResourceString(SR.ID1030));
}
context.Logger.LogInformation("The device request was successfully extracted: {Request}.", notification.Request);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7054), notification.Request);
}
}
@ -189,7 +189,7 @@ namespace OpenIddict.Server
return;
}
context.Logger.LogInformation("The device request was successfully validated.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7055));
}
}
@ -379,7 +379,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc8628#section-3.1 for more information.
if (string.IsNullOrEmpty(context.ClientId))
{
context.Logger.LogError("The device request was rejected because the mandatory 'client_id' was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7056));
context.Reject(
error: Errors.InvalidClient,
@ -446,8 +446,7 @@ namespace OpenIddict.Server
// If at least one scope was not recognized, return an error.
if (scopes.Count != 0)
{
context.Logger.LogError("The device request was rejected because " +
"invalid scopes were specified: {Scopes}.", scopes);
context.Logger.LogError(SR.GetResourceString(SR.ID7057), scopes);
context.Reject(
error: Errors.InvalidScope,
@ -502,8 +501,7 @@ namespace OpenIddict.Server
var application = await _applicationManager.FindByClientIdAsync(context.ClientId);
if (application == null)
{
context.Logger.LogError("The device request was rejected because the client " +
"application was not found: '{ClientId}'.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7058), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -565,8 +563,7 @@ namespace OpenIddict.Server
// Reject device requests containing a client_secret when the client is a public application.
if (!string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError("The device request was rejected because the public application '{ClientId}' " +
"was not allowed to send a client secret.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7059), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -581,8 +578,7 @@ namespace OpenIddict.Server
// Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks.
if (string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError("The device request was rejected because the confidential or hybrid application " +
"'{ClientId}' didn't specify a client secret.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7060), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -642,8 +638,7 @@ namespace OpenIddict.Server
if (!await _applicationManager.HasClientTypeAsync(application, ClientTypes.Public) &&
!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret))
{
context.Logger.LogError("The device request was rejected because the confidential or hybrid application " +
"'{ClientId}' didn't specify valid client credentials.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7061), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -704,8 +699,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the device endpoint.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Device))
{
context.Logger.LogError("The device request was rejected because the application '{ClientId}' " +
"was not allowed to use the device endpoint.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7062), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -775,8 +769,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the iterated scope.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.Scope + scope))
{
context.Logger.LogError("The device request was rejected because the application '{ClientId}' " +
"was not allowed to use the scope {Scope}.", context.ClientId, scope);
context.Logger.LogError(SR.GetResourceString(SR.ID7063), context.ClientId, scope);
context.Reject(
error: Errors.InvalidRequest,
@ -852,7 +845,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException(SR.GetResourceString(SR.ID1033));
}
context.Logger.LogInformation("The verification request was successfully extracted: {Request}.", notification.Request);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7064), notification.Request);
}
}
@ -915,7 +908,7 @@ namespace OpenIddict.Server
return;
}
context.Logger.LogInformation("The verification request was successfully validated.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7065));
}
}

41
src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
View File

@ -11,7 +11,6 @@ using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;
using JetBrains.Annotations;
@ -132,7 +131,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException(SR.GetResourceString(SR.ID1036));
}
context.Logger.LogInformation("The configuration request was successfully extracted: {Request}.", notification.Request);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7066), notification.Request);
}
}
@ -195,7 +194,7 @@ namespace OpenIddict.Server
return;
}
context.Logger.LogInformation("The configuration request was successfully validated.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7067));
}
}
@ -341,11 +340,7 @@ namespace OpenIddict.Server
return;
}
throw new InvalidOperationException(new StringBuilder()
.Append("The configuration response was not correctly applied. To apply configuration responses, ")
.Append("create a class implementing 'IOpenIddictServerHandler<ApplyConfigurationResponseContext>' ")
.AppendLine("and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'.")
.ToString());
throw new InvalidOperationException(SR.GetResourceString(SR.ID1271));
}
}
@ -919,7 +914,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException(SR.GetResourceString(SR.ID1037));
}
context.Logger.LogInformation("The cryptography request was successfully extracted: {Request}.", notification.Request);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7068), notification.Request);
}
}
@ -982,7 +977,7 @@ namespace OpenIddict.Server
return;
}
context.Logger.LogInformation("The cryptography request was successfully validated.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7069));
}
}
@ -1056,8 +1051,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc7517#section-4.1
if (string.IsNullOrEmpty(key.Kty))
{
context.Logger.LogError("A JSON Web Key was excluded from the key set because " +
"it didn't contain the mandatory 'kid' parameter.");
context.Logger.LogError(SR.GetResourceString(SR.ID7070), JsonWebKeyParameterNames.Kty);
continue;
}
@ -1213,9 +1207,7 @@ namespace OpenIddict.Server
!credentials.Key.IsSupportedAlgorithm(SecurityAlgorithms.EcdsaSha384) &&
!credentials.Key.IsSupportedAlgorithm(SecurityAlgorithms.EcdsaSha512))
{
context.Logger.LogInformation("An unsupported signing key of type '{Type}' was ignored and excluded " +
"from the key set. Only RSA and ECDSA asymmetric security keys can be " +
"exposed via the JWKS endpoint.", credentials.Key.GetType().Name);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7071), credentials.Key.GetType().Name);
continue;
}
@ -1223,9 +1215,7 @@ namespace OpenIddict.Server
if (!credentials.Key.IsSupportedAlgorithm(SecurityAlgorithms.RsaSha256) &&
!credentials.Key.IsSupportedAlgorithm(SecurityAlgorithms.RsaSsaPssSha256))
{
context.Logger.LogInformation("An unsupported signing key of type '{Type}' was ignored and excluded " +
"from the key set. Only RSA asymmetric security keys can be exposed " +
"via the JWKS endpoint.", credentials.Key.GetType().Name);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7072), credentials.Key.GetType().Name);
continue;
}
@ -1290,15 +1280,13 @@ namespace OpenIddict.Server
if (parameters == null)
{
context.Logger.LogWarning("A signing key of type '{Type}' was ignored because its RSA public " +
"parameters couldn't be extracted.", credentials.Key.GetType().Name);
context.Logger.LogWarning(SR.GetResourceString(SR.ID7073), credentials.Key.GetType().Name);
continue;
}
Debug.Assert(parameters.Value.Exponent != null &&
parameters.Value.Modulus != null,
"RSA.ExportParameters() shouldn't return a null exponent/modulus.");
parameters.Value.Modulus != null, SR.GetResourceString(SR.ID5003));
key.Kty = JsonWebAlgorithmsKeyTypes.RSA;
@ -1326,18 +1314,15 @@ namespace OpenIddict.Server
if (parameters == null)
{
context.Logger.LogWarning("A signing key of type '{Type}' was ignored because its EC public " +
"parameters couldn't be extracted.", credentials.Key.GetType().Name);
context.Logger.LogWarning(SR.GetResourceString(SR.ID7074), credentials.Key.GetType().Name);
continue;
}
Debug.Assert(parameters.Value.Q.X != null &&
parameters.Value.Q.Y != null,
"ECDsa.ExportParameters() shouldn't return null coordinates.");
parameters.Value.Q.Y != null, SR.GetResourceString(SR.ID5004));
Debug.Assert(parameters.Value.Curve.IsNamed,
"ECDsa.ExportParameters() shouldn't return an unnamed curve.");
Debug.Assert(parameters.Value.Curve.IsNamed, SR.GetResourceString(SR.ID5005));
key.Kty = JsonWebAlgorithmsKeyTypes.EllipticCurve;
key.Crv = IsCurve(parameters.Value, ECCurve.NamedCurves.nistP256) ? JsonWebKeyECTypes.P256 :

76
src/OpenIddict.Server/OpenIddictServerHandlers.Exchange.cs
View File

@ -134,7 +134,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException(SR.GetResourceString(SR.ID1039));
}
context.Logger.LogInformation("The token request was successfully extracted: {Request}.", notification.Request);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7075), notification.Request);
}
}
@ -201,7 +201,7 @@ namespace OpenIddict.Server
return;
}
context.Logger.LogInformation("The token request was successfully validated.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7076));
}
}
@ -386,7 +386,7 @@ namespace OpenIddict.Server
// Reject token requests missing the mandatory grant_type parameter.
if (string.IsNullOrEmpty(context.Request.GrantType))
{
context.Logger.LogError("The token request was rejected because the grant type was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7077), Parameters.GrantType);
context.Reject(
error: Errors.InvalidRequest,
@ -398,8 +398,7 @@ namespace OpenIddict.Server
// Reject token requests that don't specify a supported grant type.
if (!context.Options.GrantTypes.Contains(context.Request.GrantType))
{
context.Logger.LogError("The token request was rejected because the '{GrantType}' " +
"grant type is not supported.", context.Request.GrantType);
context.Logger.LogError(SR.GetResourceString(SR.ID7078), context.Request.GrantType);
context.Reject(
error: Errors.UnsupportedGrantType,
@ -464,7 +463,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc6749#section-4.1.3 for more information.
if (!context.Options.AcceptAnonymousClients || context.Request.IsAuthorizationCodeGrantType())
{
context.Logger.LogError("The token request was rejected because the mandatory 'client_id' was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7077), Parameters.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -511,7 +510,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc6749#section-4.1.3 for more information.
if (context.Request.IsAuthorizationCodeGrantType() && string.IsNullOrEmpty(context.Request.Code))
{
context.Logger.LogError("The token request was rejected because the authorization code was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7077), Parameters.Code);
context.Reject(
error: Errors.InvalidRequest,
@ -649,7 +648,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc6749#section-6 for more information.
if (context.Request.IsRefreshTokenGrantType() && string.IsNullOrEmpty(context.Request.RefreshToken))
{
context.Logger.LogError("The token request was rejected because the refresh token was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7077), Parameters.RefreshToken);
context.Reject(
error: Errors.InvalidRequest,
@ -697,7 +696,7 @@ namespace OpenIddict.Server
if (context.Request.IsPasswordGrantType() && (string.IsNullOrEmpty(context.Request.Username) ||
string.IsNullOrEmpty(context.Request.Password)))
{
context.Logger.LogError("The token request was rejected because the resource owner credentials were missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7079));
context.Reject(
error: Errors.InvalidRequest,
@ -764,8 +763,7 @@ namespace OpenIddict.Server
// If at least one scope was not recognized, return an error.
if (scopes.Count != 0)
{
context.Logger.LogError("The token request was rejected because " +
"invalid scopes were specified: {Scopes}.", scopes);
context.Logger.LogError(SR.GetResourceString(SR.ID7080), scopes);
context.Reject(
error: Errors.InvalidScope,
@ -820,8 +818,7 @@ namespace OpenIddict.Server
var application = await _applicationManager.FindByClientIdAsync(context.ClientId);
if (application == null)
{
context.Logger.LogError("The token request was rejected because the client " +
"application was not found: '{ClientId}'.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7081), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -883,8 +880,7 @@ namespace OpenIddict.Server
// Public applications are not allowed to use the client credentials grant.
if (context.Request.IsClientCredentialsGrantType())
{
context.Logger.LogError("The token request was rejected because the public client application '{ClientId}' " +
"was not allowed to use the client credentials grant.", context.Request.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7082), context.Request.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -896,8 +892,7 @@ namespace OpenIddict.Server
// Reject token requests containing a client_secret when the client is a public application.
if (!string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError("The token request was rejected because the public application '{ClientId}' " +
"was not allowed to send a client secret.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7083), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -912,8 +907,7 @@ namespace OpenIddict.Server
// Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks.
if (string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError("The token request was rejected because the confidential or hybrid application " +
"'{ClientId}' didn't specify a client secret.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7084), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -973,8 +967,7 @@ namespace OpenIddict.Server
if (!await _applicationManager.HasClientTypeAsync(application, ClientTypes.Public) &&
!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret))
{
context.Logger.LogError("The token request was rejected because the confidential or hybrid application " +
"'{ClientId}' didn't specify valid client credentials.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7085), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -1035,8 +1028,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the token endpoint.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Token))
{
context.Logger.LogError("The token request was rejected because the application '{ClientId}' " +
"was not allowed to use the token endpoint.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7086), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1097,8 +1089,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the specified grant type.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.GrantType + context.Request.GrantType))
{
context.Logger.LogError("The token request was rejected because the application '{ClientId}' was not allowed to " +
"use the specified grant type: {GrantType}.", context.ClientId, context.Request.GrantType);
context.Logger.LogError(SR.GetResourceString(SR.ID7087), context.ClientId, context.Request.GrantType);
context.Reject(
error: Errors.UnauthorizedClient,
@ -1112,8 +1103,7 @@ namespace OpenIddict.Server
if (context.Request.HasScope(Scopes.OfflineAccess) &&
!await _applicationManager.HasPermissionAsync(application, Permissions.GrantTypes.RefreshToken))
{
context.Logger.LogError("The token request was rejected because the application '{ClientId}' " +
"was not allowed to request the 'offline_access' scope.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7088), context.ClientId, Scopes.OfflineAccess);
context.Reject(
error: Errors.InvalidRequest,
@ -1183,8 +1173,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the iterated scope.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Prefixes.Scope + scope))
{
context.Logger.LogError("The token request was rejected because the application '{ClientId}' " +
"was not allowed to use the scope {Scope}.", context.ClientId, scope);
context.Logger.LogError(SR.GetResourceString(SR.ID7089), context.ClientId, scope);
context.Reject(
error: Errors.InvalidRequest,
@ -1256,8 +1245,7 @@ namespace OpenIddict.Server
if (await _applicationManager.HasRequirementAsync(application, Requirements.Features.ProofKeyForCodeExchange))
{
context.Logger.LogError("The token request was rejected because the " +
"required 'code_verifier' parameter was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7077), Parameters.CodeVerifier);
context.Reject(
error: Errors.InvalidRequest,
@ -1402,9 +1390,7 @@ namespace OpenIddict.Server
// reject the request if the client_id of the caller cannot be retrieved or inferred.
if (string.IsNullOrEmpty(context.ClientId))
{
context.Logger.LogError("The token request was rejected because the client identifier of the application " +
"was not available and could not be compared to the presenters list stored " +
"in the authorization code, the device code or the refresh token.");
context.Logger.LogError(SR.GetResourceString(SR.ID7090));
context.Reject(
error: Errors.InvalidGrant,
@ -1421,8 +1407,7 @@ namespace OpenIddict.Server
// and http://openid.net/specs/openid-connect-core-1_0.html#RefreshingAccessToken.
if (!presenters.Contains(context.ClientId))
{
context.Logger.LogError("The token request was rejected because the authorization code, the device code " +
"or the refresh token was issued to a different client application.");
context.Logger.LogError(SR.GetResourceString(SR.ID7091));
context.Reject(
error: Errors.InvalidGrant,
@ -1486,8 +1471,7 @@ namespace OpenIddict.Server
if (string.IsNullOrEmpty(context.Request.RedirectUri))
{
context.Logger.LogError("The token request was rejected because the mandatory 'redirect_uri' " +
"parameter was missing from the grant_type=authorization_code request.");
context.Logger.LogError(SR.GetResourceString(SR.ID7077), Parameters.RedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -1498,8 +1482,7 @@ namespace OpenIddict.Server
if (!string.Equals(address, context.Request.RedirectUri, StringComparison.Ordinal))
{
context.Logger.LogError("The token request was rejected because the 'redirect_uri' " +
"parameter didn't correspond to the expected value.");
context.Logger.LogError(SR.GetResourceString(SR.ID7092), Parameters.RedirectUri);
context.Reject(
error: Errors.InvalidGrant,
@ -1559,9 +1542,7 @@ namespace OpenIddict.Server
// when code_challenge private claim was attached to the authorization code.
if (!string.IsNullOrEmpty(context.Request.CodeVerifier))
{
context.Logger.LogError("The token request was rejected because a 'code_verifier' parameter " +
"was presented with an authorization code to which no code challenge " +
"was attached when processing the initial authorization request.");
context.Logger.LogError(SR.GetResourceString(SR.ID7093), Parameters.CodeVerifier);
context.Reject(
error: Errors.InvalidRequest,
@ -1576,8 +1557,7 @@ namespace OpenIddict.Server
// Get the code verifier from the token request. If it cannot be found, return an invalid_grant error.
if (string.IsNullOrEmpty(context.Request.CodeVerifier))
{
context.Logger.LogError("The token request was rejected because the required 'code_verifier' " +
"parameter was missing from the grant_type=authorization_code request.");
context.Logger.LogError(SR.GetResourceString(SR.ID7077), Parameters.CodeVerifier);
context.Reject(
error: Errors.InvalidRequest,
@ -1621,7 +1601,7 @@ namespace OpenIddict.Server
if (!Arrays.ConstantTimeAreEqual(data, Encoding.ASCII.GetBytes(challenge)))
#endif
{
context.Logger.LogError("The token request was rejected because the 'code_verifier' was invalid.");
context.Logger.LogError(SR.GetResourceString(SR.ID7092), Parameters.CodeVerifier);
context.Reject(
error: Errors.InvalidGrant,
@ -1673,7 +1653,7 @@ namespace OpenIddict.Server
var scopes = new HashSet<string>(context.Principal.GetScopes(), StringComparer.Ordinal);
if (scopes.Count == 0)
{
context.Logger.LogError("The token request was rejected because the 'scope' parameter was not allowed.");
context.Logger.LogError(SR.GetResourceString(SR.ID7094), Parameters.Scope);
context.Reject(
error: Errors.InvalidGrant,
@ -1688,7 +1668,7 @@ namespace OpenIddict.Server
// See https://tools.ietf.org/html/rfc6749#section-6 for more information.
else if (!scopes.IsSupersetOf(context.Request.GetScopes()))
{
context.Logger.LogError("The token request was rejected because the 'scope' parameter was not valid.");
context.Logger.LogError(SR.GetResourceString(SR.ID7095), Parameters.Scope);
context.Reject(
error: Errors.InvalidGrant,

38
src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
View File

@ -127,7 +127,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException(SR.GetResourceString(SR.ID1045));
}
context.Logger.LogInformation("The introspection request was successfully extracted: {Request}.", notification.Request);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7096), notification.Request);
}
}
@ -194,7 +194,7 @@ namespace OpenIddict.Server
return;
}
context.Logger.LogInformation("The introspection request was successfully validated.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7097));
}
}
@ -393,7 +393,7 @@ namespace OpenIddict.Server
// Reject introspection requests missing the mandatory token parameter.
if (string.IsNullOrEmpty(context.Request.Token))
{
context.Logger.LogError("The introspection request was rejected because the token was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7098), Parameters.Token);
context.Reject(
error: Errors.InvalidRequest,
@ -438,7 +438,7 @@ namespace OpenIddict.Server
// At this stage, reject the introspection request unless the client identification requirement was disabled.
if (!context.Options.AcceptAnonymousClients && string.IsNullOrEmpty(context.ClientId))
{
context.Logger.LogError("The introspection request was rejected because the mandatory 'client_id' was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7098), Parameters.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -495,8 +495,7 @@ namespace OpenIddict.Server
var application = await _applicationManager.FindByClientIdAsync(context.ClientId);
if (application == null)
{
context.Logger.LogError("The introspection request was rejected because the client " +
"application was not found: '{ClientId}'.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7099), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -558,8 +557,7 @@ namespace OpenIddict.Server
// Reject introspection requests containing a client_secret when the client is a public application.
if (!string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError("The introspection request was rejected because the public application '{ClientId}' " +
"was not allowed to send a client secret.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7100), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -574,8 +572,7 @@ namespace OpenIddict.Server
// Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks.
if (string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError("The introspection request was rejected because the confidential or hybrid application " +
"'{ClientId}' didn't specify a client secret.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7101), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -635,8 +632,7 @@ namespace OpenIddict.Server
if (!await _applicationManager.HasClientTypeAsync(application, ClientTypes.Public) &&
!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret))
{
context.Logger.LogError("The introspection request was rejected because the confidential or hybrid application " +
"'{ClientId}' didn't specify valid client credentials.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7102), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -697,8 +693,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the introspection endpoint.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Introspection))
{
context.Logger.LogError("The introspection request was rejected because the application '{ClientId}' " +
"was not allowed to use the introspection endpoint.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7103), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -806,8 +801,7 @@ namespace OpenIddict.Server
!context.Principal.HasTokenType(TokenTypeHints.IdToken) &&
!context.Principal.HasTokenType(TokenTypeHints.RefreshToken))
{
context.Logger.LogError("The introspection request was rejected because " +
"the received token was of an unsupported type.");
context.Logger.LogError(SR.GetResourceString(SR.ID7104));
context.Reject(
error: Errors.UnsupportedTokenType,
@ -865,8 +859,7 @@ namespace OpenIddict.Server
if (!context.Principal.HasPresenter(context.ClientId))
{
context.Logger.LogError("The introspection request was rejected because the " +
"authorization code was issued to a different client.");
context.Logger.LogError(SR.GetResourceString(SR.ID7105));
context.Reject(
error: Errors.InvalidToken,
@ -886,8 +879,7 @@ namespace OpenIddict.Server
context.Principal.HasAudience() && !context.Principal.HasAudience(context.ClientId) &&
context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId))
{
context.Logger.LogError("The introspection request was rejected because the access token " +
"was issued to a different client or for another resource server.");
context.Logger.LogError(SR.GetResourceString(SR.ID7106));
context.Reject(
error: Errors.InvalidToken,
@ -903,8 +895,7 @@ namespace OpenIddict.Server
if (context.Principal.HasTokenType(TokenTypeHints.IdToken) &&
context.Principal.HasAudience() && !context.Principal.HasAudience(context.ClientId))
{
context.Logger.LogError("The introspection request was rejected because the " +
"identity token was issued to a different client.");
context.Logger.LogError(SR.GetResourceString(SR.ID7107));
context.Reject(
error: Errors.InvalidToken,
@ -920,8 +911,7 @@ namespace OpenIddict.Server
if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) &&
context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId))
{
context.Logger.LogError("The introspection request was rejected because the " +
"refresh token was issued to a different client.");
context.Logger.LogError(SR.GetResourceString(SR.ID7108));
context.Reject(
error: Errors.InvalidToken,

42
src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs
View File

@ -119,7 +119,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException(SR.GetResourceString(SR.ID1047));
}
context.Logger.LogInformation("The revocation request was successfully extracted: {Request}.", notification.Request);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7109), notification.Request);
}
}
@ -186,7 +186,7 @@ namespace OpenIddict.Server
return;
}
context.Logger.LogInformation("The revocation request was successfully validated.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7110));
}
}
@ -339,7 +339,7 @@ namespace OpenIddict.Server
// Reject revocation requests missing the mandatory token parameter.
if (string.IsNullOrEmpty(context.Request.Token))
{
context.Logger.LogError("The revocation request was rejected because the token was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7111), Parameters.Token);
context.Reject(
error: Errors.InvalidRequest,
@ -384,7 +384,7 @@ namespace OpenIddict.Server
// At this stage, reject the revocation request unless the client identification requirement was disabled.
if (!context.Options.AcceptAnonymousClients && string.IsNullOrEmpty(context.ClientId))
{
context.Logger.LogError("The revocation request was rejected because the mandatory 'client_id' was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7111), Parameters.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -441,8 +441,7 @@ namespace OpenIddict.Server
var application = await _applicationManager.FindByClientIdAsync(context.ClientId);
if (application == null)
{
context.Logger.LogError("The revocation request was rejected because the client " +
"application was not found: '{ClientId}'.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7112), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -504,8 +503,7 @@ namespace OpenIddict.Server
// Reject revocation requests containing a client_secret when the client is a public application.
if (!string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError("The revocation request was rejected because the public application '{ClientId}' " +
"was not allowed to send a client secret.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7113), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -520,8 +518,7 @@ namespace OpenIddict.Server
// Confidential and hybrid applications MUST authenticate to protect them from impersonation attacks.
if (string.IsNullOrEmpty(context.ClientSecret))
{
context.Logger.LogError("The revocation request was rejected because the confidential or hybrid application " +
"'{ClientId}' didn't specify a client secret.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7114), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -581,8 +578,7 @@ namespace OpenIddict.Server
if (!await _applicationManager.HasClientTypeAsync(application, ClientTypes.Public) &&
!await _applicationManager.ValidateClientSecretAsync(application, context.ClientSecret))
{
context.Logger.LogError("The revocation request was rejected because the confidential or hybrid application " +
"'{ClientId}' didn't specify valid client credentials.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7115), context.ClientId);
context.Reject(
error: Errors.InvalidClient,
@ -643,8 +639,7 @@ namespace OpenIddict.Server
// Reject the request if the application is not allowed to use the revocation endpoint.
if (!await _applicationManager.HasPermissionAsync(application, Permissions.Endpoints.Revocation))
{
context.Logger.LogError("The revocation request was rejected because the application '{ClientId}' " +
"was not allowed to use the revocation endpoint.", context.ClientId);
context.Logger.LogError(SR.GetResourceString(SR.ID7116), context.ClientId);
context.Reject(
error: Errors.UnauthorizedClient,
@ -751,8 +746,7 @@ namespace OpenIddict.Server
!context.Principal.HasTokenType(TokenTypeHints.AuthorizationCode) &&
!context.Principal.HasTokenType(TokenTypeHints.RefreshToken))
{
context.Logger.LogError("The revocation request was rejected because " +
"the received token was of an unsupported type.");
context.Logger.LogError(SR.GetResourceString(SR.ID7117));
context.Reject(
error: Errors.UnsupportedTokenType,
@ -810,8 +804,7 @@ namespace OpenIddict.Server
if (!context.Principal.HasPresenter(context.ClientId))
{
context.Logger.LogError("The revocation request was rejected because the " +
"authorization code was issued to a different client.");
context.Logger.LogError(SR.GetResourceString(SR.ID7118));
context.Reject(
error: Errors.InvalidToken,
@ -831,8 +824,7 @@ namespace OpenIddict.Server
context.Principal.HasAudience() && !context.Principal.HasAudience(context.ClientId) &&
context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId))
{
context.Logger.LogError("The revocation request was rejected because the access token " +
"was issued to a different client or for another resource server.");
context.Logger.LogError(SR.GetResourceString(SR.ID7119));
context.Reject(
error: Errors.InvalidToken,
@ -848,8 +840,7 @@ namespace OpenIddict.Server
if (context.Principal.HasTokenType(TokenTypeHints.IdToken) &&
context.Principal.HasAudience() && !context.Principal.HasAudience(context.ClientId))
{
context.Logger.LogError("The revocation request was rejected because the " +
"identity token was issued to a different client.");
context.Logger.LogError(SR.GetResourceString(SR.ID7120));
context.Reject(
error: Errors.InvalidToken,
@ -865,8 +856,7 @@ namespace OpenIddict.Server
if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) &&
context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId))
{
context.Logger.LogError("The revocation request was rejected because the " +
"refresh token was issued to a different client.");
context.Logger.LogError(SR.GetResourceString(SR.ID7121));
context.Reject(
error: Errors.InvalidToken,
@ -961,7 +951,7 @@ namespace OpenIddict.Server
var identifier = context.Principal.GetTokenId();
if (string.IsNullOrEmpty(identifier))
{
context.Logger.LogError("The revocation request was rejected because the token had no internal identifier.");
context.Logger.LogError(SR.GetResourceString(SR.ID7122));
context.Reject(
error: Errors.UnsupportedTokenType,
@ -973,7 +963,7 @@ namespace OpenIddict.Server
var token = await _tokenManager.FindByIdAsync(identifier);
if (token == null)
{
context.Logger.LogInformation("The token '{Identifier}' was not revoked because it couldn't be found.", identifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7123), identifier);
context.Reject(
error: Errors.InvalidToken,

13
src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs
View File

@ -108,7 +108,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException(SR.GetResourceString(SR.ID1049));
}
context.Logger.LogInformation("The logout request was successfully extracted: {Request}.", notification.Request);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7124), notification.Request);
}
}
@ -175,7 +175,7 @@ namespace OpenIddict.Server
return;
}
context.Logger.LogInformation("The logout request was successfully validated.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7125));
}
}
@ -364,8 +364,7 @@ namespace OpenIddict.Server
// If an optional post_logout_redirect_uri was provided, validate it.
if (!Uri.TryCreate(context.PostLogoutRedirectUri, UriKind.Absolute, out Uri uri) || !uri.IsWellFormedOriginalString())
{
context.Logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " +
"was not a valid absolute URL: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);
context.Logger.LogError(SR.GetResourceString(SR.ID7126), Parameters.PostLogoutRedirectUri, context.PostLogoutRedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -376,8 +375,7 @@ namespace OpenIddict.Server
if (!string.IsNullOrEmpty(uri.Fragment))
{
context.Logger.LogError("The logout request was rejected because the 'post_logout_redirect_uri' contained " +
"a URL fragment: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);
context.Logger.LogError(SR.GetResourceString(SR.ID7127), Parameters.PostLogoutRedirectUri, context.PostLogoutRedirectUri);
context.Reject(
error: Errors.InvalidRequest,
@ -431,8 +429,7 @@ namespace OpenIddict.Server
if (!await ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri))
{
context.Logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " +
"was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);
context.Logger.LogError(SR.GetResourceString(SR.ID7128), context.PostLogoutRedirectUri);
context.Reject(
error: Errors.InvalidRequest,

6
src/OpenIddict.Server/OpenIddictServerHandlers.Userinfo.cs
View File

@ -110,7 +110,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException(SR.GetResourceString(SR.ID1052));
}
context.Logger.LogInformation("The userinfo request was successfully extracted: {Request}.", notification.Request);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7129), notification.Request);
}
}
@ -177,7 +177,7 @@ namespace OpenIddict.Server
return;
}
context.Logger.LogInformation("The userinfo request was successfully validated.");
context.Logger.LogInformation(SR.GetResourceString(SR.ID7130));
}
}
@ -364,7 +364,7 @@ namespace OpenIddict.Server
if (string.IsNullOrEmpty(context.Request.AccessToken))
{
context.Logger.LogError("The userinfo request was rejected because the access token was missing.");
context.Logger.LogError(SR.GetResourceString(SR.ID7131), Parameters.AccessToken);
context.Reject(
error: Errors.MissingToken,

83
src/OpenIddict.Server/OpenIddictServerHandlers.cs
View File

@ -468,7 +468,7 @@ namespace OpenIddict.Server
var result = context.Options.JsonWebTokenHandler.ValidateToken(context.Token, parameters);
if (!result.IsValid)
{
context.Logger.LogTrace(result.Exception, "An error occurred while validating the token '{Token}'.", context.Token);
context.Logger.LogTrace(result.Exception, SR.GetResourceString(SR.ID7000), context.Token);
context.Reject(
error: context.EndpointType switch
@ -530,8 +530,7 @@ namespace OpenIddict.Server
context.Principal.SetDestinations(destinations);
}
context.Logger.LogTrace("The token '{Token}' was successfully validated and the following claims " +
"could be extracted: {Claims}.", context.Token, context.Principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7001), context.Token, context.Principal.Claims);
return default;
}
@ -923,7 +922,7 @@ namespace OpenIddict.Server
// Then, try to revoke the authorization and the associated token entries.
await TryRevokeAuthorizationChainAsync(context.Principal.GetAuthorizationId());
context.Logger.LogError("The token '{Identifier}' has already been redeemed.", identifier);
context.Logger.LogError(SR.GetResourceString(SR.ID7002), identifier);
context.Reject(
error: context.EndpointType switch
@ -951,7 +950,7 @@ namespace OpenIddict.Server
// If the device code is not marked as valid yet, return an authorization_pending error.
if (await _tokenManager.HasStatusAsync(token, Statuses.Inactive))
{
context.Logger.LogError("The token '{Identifier}' is not active yet.", identifier);
context.Logger.LogError(SR.GetResourceString(SR.ID7003), identifier);
context.Reject(
error: Errors.AuthorizationPending,
@ -963,7 +962,7 @@ namespace OpenIddict.Server
// If the device code is marked as rejected, return an authorization_pending error.
if (await _tokenManager.HasStatusAsync(token, Statuses.Rejected))
{
context.Logger.LogError("The token '{Identifier}' was marked as rejected.", identifier);
context.Logger.LogError(SR.GetResourceString(SR.ID7004), identifier);
context.Reject(
error: Errors.AccessDenied,
@ -976,7 +975,7 @@ namespace OpenIddict.Server
if (!await _tokenManager.HasStatusAsync(token, Statuses.Valid))
{
context.Logger.LogError("The token '{Identifier}' was no longer valid.", identifier);
context.Logger.LogError(SR.GetResourceString(SR.ID7005), identifier);
context.Reject(
error: context.EndpointType switch
@ -1078,7 +1077,7 @@ namespace OpenIddict.Server
var authorization = await _authorizationManager.FindByIdAsync(identifier);
if (authorization == null || !await _authorizationManager.HasStatusAsync(authorization, Statuses.Valid))
{
context.Logger.LogError("The authorization '{Identifier}' was no longer valid.", identifier);
context.Logger.LogError(SR.GetResourceString(SR.ID7006), identifier);
context.Reject(
error: context.EndpointType switch
@ -1856,15 +1855,12 @@ namespace OpenIddict.Server
if (string.IsNullOrEmpty(context.Request.ClientId))
{
context.Logger.LogInformation("An ad hoc authorization was automatically created and " +
"associated with an unknown application: {Identifier}.", identifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7007), identifier);
}
else
{
context.Logger.LogInformation("An ad hoc authorization was automatically created and " +
"associated with the '{ClientId}' application: {Identifier}.",
context.Request.ClientId, identifier);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7008), context.Request.ClientId, identifier);
}
// Attach the unique identifier of the ad hoc authorization to the authentication principal
@ -1949,7 +1945,7 @@ namespace OpenIddict.Server
// contain "access_token" are not included in the access token.
if (!claim.HasDestination(Destinations.AccessToken))
{
context.Logger.LogDebug("'{Claim}' was excluded from the access token claims.", claim.Type);
context.Logger.LogDebug(SR.GetResourceString(SR.ID7009), claim.Type);
return false;
}
@ -1987,8 +1983,7 @@ namespace OpenIddict.Server
var scopes = context.Request.GetScopes();
principal.SetScopes(scopes.Intersect(context.Principal.GetScopes()));
context.Logger.LogDebug("The access token scopes will be limited to the scopes " +
"requested by the client application: {Scopes}.", scopes);
context.Logger.LogDebug(SR.GetResourceString(SR.ID7010), scopes);
}
context.AccessTokenPrincipal = principal;
@ -2327,7 +2322,7 @@ namespace OpenIddict.Server
// contain "id_token" are not included in the identity token.
if (!claim.HasDestination(Destinations.IdentityToken))
{
context.Logger.LogDebug("'{Claim}' was excluded from the identity token claims.", claim.Type);
context.Logger.LogDebug(SR.GetResourceString(SR.ID7011), claim.Type);
return false;
}
@ -2778,7 +2773,7 @@ namespace OpenIddict.Server
// Attach the token identifier to the principal so that it can be stored in the token.
principal.SetTokenId(identifier);
context.Logger.LogTrace("The token entry for access token '{Identifier}' was successfully created.", identifier);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7012), identifier);
}
}
@ -2884,9 +2879,7 @@ namespace OpenIddict.Server
context.Response.AccessToken = token;
context.Logger.LogTrace("The access token '{Identifier}' was successfully created: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
principal.GetClaim(Claims.JwtId), token, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7013), principal.GetClaim(Claims.JwtId), token, principal.Claims);
return default;
}
@ -2977,8 +2970,7 @@ namespace OpenIddict.Server
context.Response.AccessToken = descriptor.ReferenceId;
context.Logger.LogTrace("The token entry for access token '{Identifier}' was successfully converted to a " +
"reference token with the identifier '{ReferenceId}'.", identifier, descriptor.ReferenceId);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7014), identifier, descriptor.ReferenceId);
}
}
@ -3068,7 +3060,7 @@ namespace OpenIddict.Server
// Attach the token identifier to the principal so that it can be stored in the token.
principal.SetTokenId(identifier);
context.Logger.LogTrace("The token entry for authorization code '{Identifier}' was successfully created.", identifier);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7015), identifier);
}
}
@ -3155,9 +3147,7 @@ namespace OpenIddict.Server
context.Response.Code = token;
context.Logger.LogTrace("The authorization code '{Identifier}' was successfully created: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
principal.GetClaim(Claims.JwtId), token, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7016), principal.GetClaim(Claims.JwtId), token, principal.Claims);
return default;
}
@ -3247,8 +3237,7 @@ namespace OpenIddict.Server
context.Response.Code = descriptor.ReferenceId;
context.Logger.LogTrace("The token entry for authorization code '{Identifier}' was successfully converted to a " +
"reference token with the identifier '{ReferenceId}'.", identifier, descriptor.ReferenceId);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7017), identifier, descriptor.ReferenceId);
}
}
@ -3343,7 +3332,7 @@ namespace OpenIddict.Server
// Attach the token identifier to the principal so that it can be stored in the token.
principal.SetTokenId(identifier);
context.Logger.LogTrace("The token entry for device code '{Identifier}' was successfully created.", identifier);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7018), identifier);
}
}
@ -3430,9 +3419,7 @@ namespace OpenIddict.Server
context.Response.DeviceCode = token;
context.Logger.LogTrace("The device code '{Identifier}' was successfully created: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
principal.GetClaim(Claims.JwtId), token, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7019), principal.GetClaim(Claims.JwtId), token, principal.Claims);
return default;
}
@ -3528,8 +3515,7 @@ namespace OpenIddict.Server
context.Response.DeviceCode = descriptor.ReferenceId;
context.Logger.LogTrace("The token entry for device code '{Identifier}' was successfully converted to a " +
"reference token with the identifier '{ReferenceId}'.", identifier, descriptor.ReferenceId);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7020), identifier, descriptor.ReferenceId);
}
}
@ -3619,8 +3605,7 @@ namespace OpenIddict.Server
// Don't return the prepared device code directly from the verification endpoint.
context.Response.DeviceCode = null;
context.Logger.LogTrace("The reference token entry for device code '{Identifier}' was successfully updated'.",
await _tokenManager.GetIdAsync(token));
context.Logger.LogTrace(SR.GetResourceString(SR.ID7021), await _tokenManager.GetIdAsync(token));
}
}
@ -3710,7 +3695,7 @@ namespace OpenIddict.Server
// Attach the token identifier to the principal so that it can be stored in the token.
principal.SetTokenId(identifier);
context.Logger.LogTrace("The token entry for refresh token '{Identifier}' was successfully created.", identifier);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7022), identifier);
}
}
@ -3797,9 +3782,7 @@ namespace OpenIddict.Server
context.Response.RefreshToken = token;
context.Logger.LogTrace("The refresh token '{Identifier}' was successfully created: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
principal.GetClaim(Claims.JwtId), token, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7023), principal.GetClaim(Claims.JwtId), token, principal.Claims);
return default;
}
@ -3890,8 +3873,7 @@ namespace OpenIddict.Server
context.Response.RefreshToken = descriptor.ReferenceId;
context.Logger.LogTrace("The token entry for refresh token '{Identifier}' was successfully converted to a " +
"reference token with the identifier '{ReferenceId}'.", identifier, descriptor.ReferenceId);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7024), identifier, descriptor.ReferenceId);
}
}
@ -4028,7 +4010,7 @@ namespace OpenIddict.Server
// Attach the token identifier to the principal so that it can be stored in the token.
principal.SetTokenId(identifier);
context.Logger.LogTrace("The token entry for user code '{Identifier}' was successfully created.", identifier);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7025), identifier);
}
}
@ -4105,9 +4087,7 @@ namespace OpenIddict.Server
context.Response.UserCode = token;
context.Logger.LogTrace("The user code '{Identifier}' was successfully created: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
principal.GetClaim(Claims.JwtId), token, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7026), principal.GetClaim(Claims.JwtId), token, principal.Claims);
return default;
}
@ -4210,8 +4190,7 @@ namespace OpenIddict.Server
context.Response.UserCode = descriptor.ReferenceId;
context.Logger.LogTrace("The token entry for user code '{Identifier}' was successfully converted to a " +
"reference token with the identifier '{ReferenceId}'.", identifier, descriptor.ReferenceId);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7027), identifier, descriptor.ReferenceId);
}
}
@ -4434,7 +4413,7 @@ namespace OpenIddict.Server
// Attach the token identifier to the principal so that it can be stored in the token.
principal.SetTokenId(identifier);
context.Logger.LogTrace("The token entry for identity token '{Identifier}' was successfully created.", identifier);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7028), identifier);
}
}
@ -4526,9 +4505,7 @@ namespace OpenIddict.Server
context.Response.IdToken = token;
context.Logger.LogTrace("The identity token '{Identifier}' was successfully created: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
principal.GetClaim(Claims.JwtId), token, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7029), principal.GetClaim(Claims.JwtId), token, principal.Claims);
return default;
}

4
src/OpenIddict.Validation.AspNetCore/OpenIddictValidationAspNetCoreHandlers.cs
View File

@ -626,7 +626,7 @@ namespace OpenIddict.Validation.AspNetCore
return default;
}
context.Logger.LogInformation("The response was successfully returned as a challenge response: {Response}.", context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7141), context.Response);
context.HandleRequest();
return default;
@ -672,7 +672,7 @@ namespace OpenIddict.Validation.AspNetCore
throw new InvalidOperationException(SR.GetResourceString(SR.ID1113));
}
context.Logger.LogInformation("The response was successfully returned as a JSON document: {Response}.", context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7142), context.Response);
using var stream = new MemoryStream();
await JsonSerializer.SerializeAsync(stream, context.Response, new JsonSerializerOptions

5
src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs
View File

@ -106,7 +106,7 @@ namespace OpenIddict.Validation.DataProtection
catch (Exception exception)
{
context.Logger.LogTrace(exception, "An exception occured while deserializing the token '{Token}'.", context.Token);
context.Logger.LogTrace(exception, SR.GetResourceString(SR.ID7153), context.Token);
}
if (context.Principal == null)
@ -118,8 +118,7 @@ namespace OpenIddict.Validation.DataProtection
return default;
}
context.Logger.LogTrace("The DP token '{Token}' was successfully validated and the following claims " +
"could be extracted: {Claims}.", context.Token, context.Principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7152), context.Token, context.Principal.Claims);
return default;
}

4
src/OpenIddict.Validation.Owin/OpenIddictValidationOwinHandlers.cs
View File

@ -633,7 +633,7 @@ namespace OpenIddict.Validation.Owin
return default;
}
context.Logger.LogInformation("The response was successfully returned as a challenge response: {Response}.", context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7141), context.Response);
context.HandleRequest();
return default;
@ -679,7 +679,7 @@ namespace OpenIddict.Validation.Owin
throw new InvalidOperationException(SR.GetResourceString(SR.ID1119));
}
context.Logger.LogInformation("The response was successfully returned as a JSON document: {Response}.", context.Response);
context.Logger.LogInformation(SR.GetResourceString(SR.ID7142), context.Response);
using var stream = new MemoryStream();
await JsonSerializer.SerializeAsync(stream, context.Response, new JsonSerializerOptions

15
src/OpenIddict.Validation/OpenIddictValidationDispatcher.cs
View File

@ -50,16 +50,14 @@ namespace OpenIddict.Validation
catch (Exception exception) when (_logger.IsEnabled(LogLevel.Debug))
{
_logger.LogDebug(exception, "An exception was thrown by {FullName} while handling the {Event} event.",
handler.GetType().FullName, typeof(TContext).FullName);
_logger.LogDebug(exception, SR.GetResourceString(SR.ID7132), handler.GetType().FullName, typeof(TContext).FullName);
throw;
}
if (_logger.IsEnabled(LogLevel.Debug))
{
_logger.LogDebug("The event {Event} was successfully processed by {FullName}.",
typeof(TContext).FullName, handler.GetType().FullName);
_logger.LogDebug(SR.GetResourceString(SR.ID7133), typeof(TContext).FullName, handler.GetType().FullName);
}
switch (context)
@ -67,24 +65,21 @@ namespace OpenIddict.Validation
case BaseRequestContext notification when notification.IsRequestHandled:
if (_logger.IsEnabled(LogLevel.Debug))
{
_logger.LogDebug("The event {Event} was marked as handled by {FullName}.",
typeof(TContext).FullName, handler.GetType().FullName);
_logger.LogDebug(SR.GetResourceString(SR.ID7134), typeof(TContext).FullName, handler.GetType().FullName);
}
return;
case BaseRequestContext notification when notification.IsRequestSkipped:
if (_logger.IsEnabled(LogLevel.Debug))
{
_logger.LogDebug("The event {Event} was marked as skipped by {FullName}.",
typeof(TContext).FullName, handler.GetType().FullName);
_logger.LogDebug(SR.GetResourceString(SR.ID7135), typeof(TContext).FullName, handler.GetType().FullName);
}
return;
case BaseValidatingContext notification when notification.IsRejected:
if (_logger.IsEnabled(LogLevel.Debug))
{
_logger.LogDebug("The event {Event} was marked as rejected by {FullName}.",
typeof(TContext).FullName, handler.GetType().FullName);
_logger.LogDebug(SR.GetResourceString(SR.ID7136), typeof(TContext).FullName, handler.GetType().FullName);
}
return;

20
src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
View File

@ -253,7 +253,7 @@ namespace OpenIddict.Validation
context.Options.ConfigurationManager.RequestRefresh();
}
context.Logger.LogTrace(result.Exception, "An error occurred while validating the token '{Token}'.", context.Token);
context.Logger.LogTrace(result.Exception, SR.GetResourceString(SR.ID7000), context.Token);
context.Reject(
error: Errors.InvalidToken,
@ -284,8 +284,7 @@ namespace OpenIddict.Validation
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID1002))
});
context.Logger.LogTrace("The self-contained JWT token '{Token}' was successfully validated and the following " +
"claims could be extracted: {Claims}.", context.Token, context.Principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7001), context.Token, context.Principal.Claims);
}
}
@ -355,13 +354,12 @@ namespace OpenIddict.Validation
// If no token type can be inferred, the token is assumed to be an access token.
context.Principal = principal.SetTokenType(context.TokenType ?? TokenTypeHints.AccessToken);
context.Logger.LogTrace("The token '{Token}' was successfully introspected and the following claims " +
"could be extracted: {Claims}.", context.Token, context.Principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID7154), context.Token, context.Principal.Claims);
}
catch (Exception exception)
{
context.Logger.LogDebug(exception, "An error occurred while introspecting the access token.");
context.Logger.LogDebug(exception, SR.GetResourceString(SR.ID7155));
context.Reject(
error: Errors.InvalidToken,
@ -682,7 +680,7 @@ namespace OpenIddict.Validation
var date = context.Principal.GetExpirationDate();
if (date.HasValue && date.Value < DateTimeOffset.UtcNow)
{
context.Logger.LogError("The authentication demand was rejected because the token was expired.");
context.Logger.LogError(SR.GetResourceString(SR.ID7156));
context.Reject(
error: Errors.InvalidToken,
@ -736,7 +734,7 @@ namespace OpenIddict.Validation
var audiences = context.Principal.GetAudiences();
if (audiences.IsDefaultOrEmpty)
{
context.Logger.LogError("The authentication demand was rejected because the token had no audience attached.");
context.Logger.LogError(SR.GetResourceString(SR.ID7157));
context.Reject(
error: Errors.InvalidToken,
@ -748,7 +746,7 @@ namespace OpenIddict.Validation
// If the access token doesn't include any registered audience, return an error.
if (!audiences.Intersect(context.Options.Audiences, StringComparer.Ordinal).Any())
{
context.Logger.LogError("The authentication demand was rejected because the token had no valid audience.");
context.Logger.LogError(SR.GetResourceString(SR.ID7158));
context.Reject(
error: Errors.InvalidToken,
@ -803,7 +801,7 @@ namespace OpenIddict.Validation
var token = await _tokenManager.FindByIdAsync(identifier);
if (token == null || !await _tokenManager.HasStatusAsync(token, Statuses.Valid))
{
context.Logger.LogError("The token '{Identifier}' was no longer valid.", identifier);
context.Logger.LogError(SR.GetResourceString(SR.ID7005), identifier);
context.Reject(
error: Errors.InvalidToken,
@ -863,7 +861,7 @@ namespace OpenIddict.Validation
var authorization = await _authorizationManager.FindByIdAsync(identifier);
if (authorization == null || !await _authorizationManager.HasStatusAsync(authorization, Statuses.Valid))
{
context.Logger.LogError("The authorization '{Identifier}' was no longer valid.", identifier);
context.Logger.LogError(SR.GetResourceString(SR.ID7006), identifier);
context.Reject(
error: Errors.InvalidToken,

30
test/OpenIddict.Core.Tests/OpenIddictCoreExtensionsTests.cs
View File

@ -5,13 +5,13 @@
*/
using System;
using System.Text;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Moq;
using OpenIddict.Abstractions;
using Xunit;
using SR = OpenIddict.Abstractions.Resources.OpenIddictResources;
namespace OpenIddict.Core.Tests
{
@ -143,12 +143,7 @@ namespace OpenIddict.Core.Tests
return provider.GetRequiredService<IOpenIddictApplicationManager>();
});
Assert.Equal(new StringBuilder()
.Append("No default application entity type was configured in the OpenIddict core options, ")
.AppendLine("which generally indicates that no application store was registered in the DI container.")
.Append("To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' ")
.Append("package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.")
.ToString(), exception.Message);
Assert.Equal(SR.GetResourceString(SR.ID1272), exception.Message);
}
[Fact]
@ -169,12 +164,7 @@ namespace OpenIddict.Core.Tests
return provider.GetRequiredService<IOpenIddictAuthorizationManager>();
});
Assert.Equal(new StringBuilder()
.Append("No default authorization entity type was configured in the OpenIddict core options, ")
.AppendLine("which generally indicates that no authorization store was registered in the DI container.")
.Append("To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' ")
.Append("package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.")
.ToString(), exception.Message);
Assert.Equal(SR.GetResourceString(SR.ID1273), exception.Message);
}
[Fact]
@ -195,12 +185,7 @@ namespace OpenIddict.Core.Tests
return provider.GetRequiredService<IOpenIddictScopeManager>();
});
Assert.Equal(new StringBuilder()
.Append("No default scope entity type was configured in the OpenIddict core options, ")
.AppendLine("which generally indicates that no scope store was registered in the DI container.")
.Append("To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' ")
.Append("package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.")
.ToString(), exception.Message);
Assert.Equal(SR.GetResourceString(SR.ID1274), exception.Message);
}
[Fact]
@ -221,12 +206,7 @@ namespace OpenIddict.Core.Tests
return provider.GetRequiredService<IOpenIddictTokenManager>();
});
Assert.Equal(new StringBuilder()
.Append("No default token entity type was configured in the OpenIddict core options, ")
.AppendLine("which generally indicates that no token store was registered in the DI container.")
.Append("To register the Entity Framework Core stores, reference the 'OpenIddict.EntityFrameworkCore' ")
.Append("package and call 'services.AddOpenIddict().AddCore().UseEntityFrameworkCore()'.")
.ToString(), exception.Message);
Assert.Equal(SR.GetResourceString(SR.ID1275), exception.Message);
}
[Fact]

2
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Authentication.cs
View File

@ -1248,7 +1248,7 @@ namespace OpenIddict.Server.FunctionalTests
// Assert
Assert.Equal(Errors.InvalidRequest, response.Error);
Assert.Equal(SR.GetResourceString(SR.ID3050), response.ErrorDescription);
Assert.Equal(SR.FormatID3065(Scopes.OfflineAccess), response.ErrorDescription);
Mock.Get(manager).Verify(manager => manager.HasPermissionAsync(application,
Permissions.GrantTypes.RefreshToken, It.IsAny<CancellationToken>()), Times.Once());

2
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Exchange.cs
View File

@ -1611,7 +1611,7 @@ namespace OpenIddict.Server.FunctionalTests
// Assert
Assert.Equal(Errors.InvalidRequest, response.Error);
Assert.Equal(SR.GetResourceString(SR.ID3050), response.ErrorDescription);
Assert.Equal(SR.FormatID3065(Scopes.OfflineAccess), response.ErrorDescription);
Mock.Get(manager).Verify(manager => manager.HasPermissionAsync(application,
Permissions.GrantTypes.RefreshToken, It.IsAny<CancellationToken>()), Times.Once());

Write Preview
Loading…
Cancel
Save