Stop using the ClaimsIdentity constructor accepting a single string parameter and use explicit claim types

2 years ago · b386b7844c
2 changed files with 19 additions and 4 deletions
--- a/src/OpenIddict.Client/OpenIddictClientHandlers.cs
+++ b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
@ -2423,7 +2423,11 @@ public static partial class OpenIddictClientHandlers
            Debug.Assert(context.Registration.Issuer is { IsAbsoluteUri: true }, SR.GetResourceString(SR.ID4013));

            // Create a new principal that will be used to store the client assertion claims.
-            var principal = new ClaimsPrincipal(new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType));
+            var principal = new ClaimsPrincipal(new ClaimsIdentity(
+                authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+                nameType: Claims.Name,
+                roleType: Claims.Role));
+
            principal.SetCreationDate(DateTimeOffset.UtcNow);

            var lifetime = context.Options.ClientAssertionLifetime;
@ -4019,7 +4023,10 @@ public static partial class OpenIddictClientHandlers
                        context.Registration.TokenValidationParameters.AuthenticationType,
                        context.Registration.TokenValidationParameters.NameClaimType,
                        context.Registration.TokenValidationParameters.RoleClaimType) :
-                    new ClaimsIdentity(context.Registration.TokenValidationParameters.AuthenticationType);
+                    new ClaimsIdentity(
+                        context.Registration.TokenValidationParameters.AuthenticationType,
+                        nameType: ClaimTypes.Name,
+                        roleType: ClaimTypes.Role);

                foreach (var principal in principals)
                {
@ -5479,7 +5486,11 @@ public static partial class OpenIddictClientHandlers
            Debug.Assert(context.Registration.Issuer is { IsAbsoluteUri: true }, SR.GetResourceString(SR.ID4013));

            // Create a new principal that will be used to store the client assertion claims.
-            var principal = new ClaimsPrincipal(new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType));
+            var principal = new ClaimsPrincipal(new ClaimsIdentity(
+                authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+                nameType: Claims.Name,
+                roleType: Claims.Role));
+
            principal.SetCreationDate(DateTimeOffset.UtcNow);

            var lifetime = context.Options.ClientAssertionLifetime;
--- a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
+++ b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
@ -350,7 +350,11 @@ public static partial class OpenIddictValidationHandlers
            Debug.Assert(context.Configuration.Issuer is { IsAbsoluteUri: true }, SR.GetResourceString(SR.ID4013));

            // Create a new principal that will be used to store the client assertion claims.
-            var principal = new ClaimsPrincipal(new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType));
+            var principal = new ClaimsPrincipal(new ClaimsIdentity(
+                authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+                nameType: Claims.Name,
+                roleType: Claims.Role));
+
            principal.SetCreationDate(DateTimeOffset.UtcNow);

            var lifetime = context.Options.ClientAssertionLifetime;