diff --git a/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs b/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs index 6d226292..f2a021f5 100644 --- a/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs +++ b/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs @@ -8,7 +8,6 @@ using System; using System.Collections.Immutable; using System.ComponentModel; using System.IO; -using System.Security.Claims; using System.Threading.Tasks; using JetBrains.Annotations; using Microsoft.AspNetCore.DataProtection; @@ -79,8 +78,6 @@ namespace OpenIddict.Validation.DataProtection _options.CurrentValue.DataProtectionProvider.CreateProtector( Purposes.Handlers.Server, Purposes.Formats.AccessToken, Purposes.Schemes.Server); - ClaimsPrincipal principal = null; - try { using var buffer = new MemoryStream(protector.Unprotect(Base64UrlEncoder.DecodeBytes(context.Token))); @@ -88,7 +85,7 @@ namespace OpenIddict.Validation.DataProtection // Note: since the data format relies on a data protector using different "purposes" strings // per token type, the token processed at this stage is guaranteed to be of the expected type. - principal = _options.CurrentValue.Formatter.ReadToken(reader)?.SetTokenType(TokenTypeHints.AccessToken); + context.Principal = _options.CurrentValue.Formatter.ReadToken(reader)?.SetTokenType(TokenTypeHints.AccessToken); } catch (Exception exception) @@ -97,7 +94,7 @@ namespace OpenIddict.Validation.DataProtection } // If the token cannot be validated, don't return an error to allow another handle to validate it. - if (principal == null) + if (context.Principal == null) { return default; }