From b386b7844c643818b9664378ca20ff884b4f5c6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Tue, 23 Jan 2024 14:27:47 +0100 Subject: [PATCH] Stop using the ClaimsIdentity constructor accepting a single string parameter and use explicit claim types --- .../OpenIddictClientHandlers.cs | 17 ++++++++++++++--- .../OpenIddictValidationHandlers.cs | 6 +++++- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/src/OpenIddict.Client/OpenIddictClientHandlers.cs b/src/OpenIddict.Client/OpenIddictClientHandlers.cs index 2ffd34d0..596480e7 100644 --- a/src/OpenIddict.Client/OpenIddictClientHandlers.cs +++ b/src/OpenIddict.Client/OpenIddictClientHandlers.cs @@ -2423,7 +2423,11 @@ public static partial class OpenIddictClientHandlers Debug.Assert(context.Registration.Issuer is { IsAbsoluteUri: true }, SR.GetResourceString(SR.ID4013)); // Create a new principal that will be used to store the client assertion claims. - var principal = new ClaimsPrincipal(new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType)); + var principal = new ClaimsPrincipal(new ClaimsIdentity( + authenticationType: TokenValidationParameters.DefaultAuthenticationType, + nameType: Claims.Name, + roleType: Claims.Role)); + principal.SetCreationDate(DateTimeOffset.UtcNow); var lifetime = context.Options.ClientAssertionLifetime; @@ -4019,7 +4023,10 @@ public static partial class OpenIddictClientHandlers context.Registration.TokenValidationParameters.AuthenticationType, context.Registration.TokenValidationParameters.NameClaimType, context.Registration.TokenValidationParameters.RoleClaimType) : - new ClaimsIdentity(context.Registration.TokenValidationParameters.AuthenticationType); + new ClaimsIdentity( + context.Registration.TokenValidationParameters.AuthenticationType, + nameType: ClaimTypes.Name, + roleType: ClaimTypes.Role); foreach (var principal in principals) { @@ -5479,7 +5486,11 @@ public static partial class OpenIddictClientHandlers Debug.Assert(context.Registration.Issuer is { IsAbsoluteUri: true }, SR.GetResourceString(SR.ID4013)); // Create a new principal that will be used to store the client assertion claims. - var principal = new ClaimsPrincipal(new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType)); + var principal = new ClaimsPrincipal(new ClaimsIdentity( + authenticationType: TokenValidationParameters.DefaultAuthenticationType, + nameType: Claims.Name, + roleType: Claims.Role)); + principal.SetCreationDate(DateTimeOffset.UtcNow); var lifetime = context.Options.ClientAssertionLifetime; diff --git a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs index 3730ec2a..cd3f33ef 100644 --- a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs +++ b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs @@ -350,7 +350,11 @@ public static partial class OpenIddictValidationHandlers Debug.Assert(context.Configuration.Issuer is { IsAbsoluteUri: true }, SR.GetResourceString(SR.ID4013)); // Create a new principal that will be used to store the client assertion claims. - var principal = new ClaimsPrincipal(new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType)); + var principal = new ClaimsPrincipal(new ClaimsIdentity( + authenticationType: TokenValidationParameters.DefaultAuthenticationType, + nameType: Claims.Name, + roleType: Claims.Role)); + principal.SetCreationDate(DateTimeOffset.UtcNow); var lifetime = context.Options.ClientAssertionLifetime;