|
|
|
@ -8,7 +8,6 @@ using System; |
|
|
|
using System.Collections.Immutable; |
|
|
|
using System.ComponentModel; |
|
|
|
using System.IO; |
|
|
|
using System.Security.Claims; |
|
|
|
using System.Threading.Tasks; |
|
|
|
using JetBrains.Annotations; |
|
|
|
using Microsoft.AspNetCore.DataProtection; |
|
|
|
@ -79,8 +78,6 @@ namespace OpenIddict.Validation.DataProtection |
|
|
|
_options.CurrentValue.DataProtectionProvider.CreateProtector( |
|
|
|
Purposes.Handlers.Server, Purposes.Formats.AccessToken, Purposes.Schemes.Server); |
|
|
|
|
|
|
|
ClaimsPrincipal principal = null; |
|
|
|
|
|
|
|
try |
|
|
|
{ |
|
|
|
using var buffer = new MemoryStream(protector.Unprotect(Base64UrlEncoder.DecodeBytes(context.Token))); |
|
|
|
@ -88,7 +85,7 @@ namespace OpenIddict.Validation.DataProtection |
|
|
|
|
|
|
|
// Note: since the data format relies on a data protector using different "purposes" strings
|
|
|
|
// per token type, the token processed at this stage is guaranteed to be of the expected type.
|
|
|
|
principal = _options.CurrentValue.Formatter.ReadToken(reader)?.SetTokenType(TokenTypeHints.AccessToken); |
|
|
|
context.Principal = _options.CurrentValue.Formatter.ReadToken(reader)?.SetTokenType(TokenTypeHints.AccessToken); |
|
|
|
} |
|
|
|
|
|
|
|
catch (Exception exception) |
|
|
|
@ -97,7 +94,7 @@ namespace OpenIddict.Validation.DataProtection |
|
|
|
} |
|
|
|
|
|
|
|
// If the token cannot be validated, don't return an error to allow another handle to validate it.
|
|
|
|
if (principal == null) |
|
|
|
if (context.Principal == null) |
|
|
|
{ |
|
|
|
return default; |
|
|
|
} |
|
|
|
|
Kévin Chalet
6 years ago