tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Reintroduce token generation/validation log traces

pull/827/head
Kévin Chalet 6 years ago
parent
2c5e9c6a69
commit
b80244cf92
9 changed files with 216 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      eng/Versions.props
  2. 9
      samples/Mvc.Client/appsettings.Development.json
  3. 9
      samples/Mvc.Client/appsettings.json
  4. 9
      samples/Mvc.Server/appsettings.Development.json
  5. 8
      samples/Mvc.Server/appsettings.json
  6. 55
      src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.cs
  7. 134
      src/OpenIddict.Server/OpenIddictServerHandlers.cs
  8. 10
      src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs
  9. 10
      src/OpenIddict.Validation/OpenIddictValidationHandlers.cs

2
eng/Versions.props
View File

@ -36,7 +36,7 @@
<JetBrainsVersion>2019.1.3</JetBrainsVersion>
<JsonNetVersion>12.0.2</JsonNetVersion>
<JsonNetBsonVersion>1.0.2</JsonNetBsonVersion>
<IdentityModelVersion>5.5.1-preview-60930170140</IdentityModelVersion>
<IdentityModelVersion>5.5.1-preview-61001030225</IdentityModelVersion>
<ImmutableCollectionsVersion>1.5.0</ImmutableCollectionsVersion>
<LinqAsyncVersion>4.0.0</LinqAsyncVersion>
<MongoDbVersion>2.9.0</MongoDbVersion>

9
samples/Mvc.Client/appsettings.Development.json
View File

@ -0,0 +1,9 @@
{
"Logging": {
"LogLevel": {
"Default": "Trace",
"System": "Information",
"Microsoft": "Information"
}
}
}

9
samples/Mvc.Client/appsettings.json
View File

@ -0,0 +1,9 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
}
}

9
samples/Mvc.Server/appsettings.Development.json
View File

@ -0,0 +1,9 @@
{
"Logging": {
"LogLevel": {
"Default": "Trace",
"System": "Information",
"Microsoft": "Information"
}
}
}

8
samples/Mvc.Server/appsettings.json
View File

@ -1,5 +1,13 @@
{
"ConnectionStrings": {
"DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=aspnet5-openiddict-sample-12340be6-0442-4622-b782-a7412bb7d045;Trusted_Connection=True;MultipleActiveResultSets=true"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
}
}

55
src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.cs
View File

@ -171,6 +171,9 @@ namespace OpenIddict.Server.DataProtection
.SetInternalTokenId(await _tokenManager.GetIdAsync(token))
.SetClaim(Claims.Private.TokenUsage, await _tokenManager.GetTypeAsync(token));
context.Logger.LogTrace("The reference DP token '{Token}' was successfully validated and the following " +
"claims could be extracted: {Claims}.", payload, context.Principal.Claims);
ClaimsPrincipal ValidateToken(string token, string type)
{
// Create a Data Protection protector using the provider registered in the options.
@ -199,7 +202,7 @@ namespace OpenIddict.Server.DataProtection
catch (Exception exception)
{
context.Logger.LogTrace(exception, "An exception occured while deserializing a token.");
context.Logger.LogTrace(exception, "An exception occured while deserializing the token '{Token}'.", token);
return null;
}
@ -325,6 +328,9 @@ namespace OpenIddict.Server.DataProtection
context.Principal = principal;
context.Logger.LogTrace("The self-contained DP token '{Token}' was successfully validated and the following " +
"claims could be extracted: {Claims}.", token, context.Principal.Claims);
return default;
ClaimsPrincipal ValidateToken(string token, string type)
@ -354,7 +360,7 @@ namespace OpenIddict.Server.DataProtection
catch (Exception exception)
{
context.Logger.LogTrace(exception, "An exception occured while deserializing a token.");
context.Logger.LogTrace(exception, "An exception occured while deserializing the token '{Token}'.", token);
return null;
}
@ -445,7 +451,6 @@ namespace OpenIddict.Server.DataProtection
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.AccessTokenPrincipal.GetInternalAuthorizationId(),
@ -471,9 +476,15 @@ namespace OpenIddict.Server.DataProtection
descriptor.ApplicationId = await _applicationManager.GetIdAsync(application);
}
await _tokenManager.CreateAsync(descriptor);
var token = await _tokenManager.CreateAsync(descriptor);
context.Response.AccessToken = descriptor.ReferenceId;
context.Logger.LogTrace("The reference access token '{Identifier}' was successfully created with the " +
"reference identifier '{ReferenceId}' and the following DP payload: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
descriptor.Payload, context.AccessTokenPrincipal.Claims);
}
}
@ -560,7 +571,6 @@ namespace OpenIddict.Server.DataProtection
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.AuthorizationCodePrincipal.GetInternalAuthorizationId(),
@ -586,9 +596,15 @@ namespace OpenIddict.Server.DataProtection
descriptor.ApplicationId = await _applicationManager.GetIdAsync(application);
}
await _tokenManager.CreateAsync(descriptor);
var token = await _tokenManager.CreateAsync(descriptor);
context.Response.Code = descriptor.ReferenceId;
context.Logger.LogTrace("The reference authorization code '{Identifier}' was successfully created with the " +
"reference identifier '{ReferenceId}' and the following DP payload: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
descriptor.Payload, context.AuthorizationCodePrincipal.Claims);
}
}
@ -675,7 +691,6 @@ namespace OpenIddict.Server.DataProtection
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.RefreshTokenPrincipal.GetInternalAuthorizationId(),
@ -701,9 +716,15 @@ namespace OpenIddict.Server.DataProtection
descriptor.ApplicationId = await _applicationManager.GetIdAsync(application);
}
await _tokenManager.CreateAsync(descriptor);
var token = await _tokenManager.CreateAsync(descriptor);
context.Response.RefreshToken = descriptor.ReferenceId;
context.Logger.LogTrace("The reference refresh token '{Identifier}' was successfully created with the " +
"reference identifier '{ReferenceId}' and the following DP payload: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
descriptor.Payload, context.RefreshTokenPrincipal.Claims);
}
}
@ -763,6 +784,12 @@ namespace OpenIddict.Server.DataProtection
context.Response.AccessToken = Base64UrlEncoder.Encode(protector.Protect(buffer.ToArray()));
context.Logger.LogTrace("The access token '{Identifier}' was successfully created and the " +
"following DP payload was attached to the OpenID Connect response: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.AccessTokenPrincipal.GetClaim(Claims.JwtId),
context.Response.AccessToken, context.AccessTokenPrincipal.Claims);
return default;
}
}
@ -823,6 +850,12 @@ namespace OpenIddict.Server.DataProtection
context.Response.Code = Base64UrlEncoder.Encode(protector.Protect(buffer.ToArray()));
context.Logger.LogTrace("The authorization code '{Identifier}' was successfully created and the " +
"following JWT payload was attached to the OpenID Connect response: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.AccessTokenPrincipal.GetClaim(Claims.JwtId),
context.Response.Code, context.AuthorizationCodePrincipal.Claims);
return default;
}
}
@ -883,6 +916,12 @@ namespace OpenIddict.Server.DataProtection
context.Response.RefreshToken = Base64UrlEncoder.Encode(protector.Protect(buffer.ToArray()));
context.Logger.LogTrace("The refresh token '{Identifier}' was successfully created and the " +
"following JWT payload was attached to the OpenID Connect response: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.AccessTokenPrincipal.GetClaim(Claims.JwtId),
context.Response.RefreshToken, context.RefreshTokenPrincipal.Claims);
return default;
}
}

134
src/OpenIddict.Server/OpenIddictServerHandlers.cs
View File

@ -267,6 +267,9 @@ namespace OpenIddict.Server
.SetInternalTokenId(await _tokenManager.GetIdAsync(token))
.SetClaim(Claims.Private.TokenUsage, await _tokenManager.GetTypeAsync(token));
context.Logger.LogTrace("The reference JWT token '{Token}' was successfully validated and the following " +
"claims could be extracted: {Claims}.", payload, context.Principal.Claims);
async ValueTask<TokenValidationResult> ValidateTokenAsync(string token, string type)
{
var parameters = context.Options.TokenValidationParameters.Clone();
@ -294,7 +297,13 @@ namespace OpenIddict.Server
_ => Array.Empty<SecurityKey>()
};
return await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(token, parameters);
var result = await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(token, parameters);
if (!result.IsValid)
{
context.Logger.LogTrace(result.Exception, "An error occurred while validating the token '{Token}'.", token);
}
return result;
}
async ValueTask<TokenValidationResult> ValidateAnyTokenAsync(string token)
@ -444,6 +453,9 @@ namespace OpenIddict.Server
// Attach the principal extracted from the token to the parent event context.
context.Principal = new ClaimsPrincipal(result.ClaimsIdentity);
context.Logger.LogTrace("The self-contained JWT token '{Token}' was successfully validated and the following " +
"claims could be extracted: {Claims}.", token, context.Principal.Claims);
async ValueTask<TokenValidationResult> ValidateTokenAsync(string token, string type)
{
var parameters = context.Options.TokenValidationParameters.Clone();
@ -475,7 +487,13 @@ namespace OpenIddict.Server
_ => Array.Empty<SecurityKey>()
};
return await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(token, parameters);
var result = await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(token, parameters);
if (!result.IsValid)
{
context.Logger.LogTrace(result.Exception, "An error occurred while validating the token '{Token}'.", token);
}
return result;
}
async ValueTask<TokenValidationResult> ValidateAnyTokenAsync(string token)
@ -1411,6 +1429,15 @@ namespace OpenIddict.Server
return false;
}
// Never include the creation and expiration dates that are automatically
// inherited from the parent token are not reused for the new token.
if (string.Equals(claim.Type, Claims.ExpiresAt, StringComparison.OrdinalIgnoreCase) ||
string.Equals(claim.Type, Claims.IssuedAt, StringComparison.OrdinalIgnoreCase) ||
string.Equals(claim.Type, Claims.NotBefore, StringComparison.OrdinalIgnoreCase))
{
return false;
}
// Always exclude private claims, whose values must generally be kept secret.
if (claim.Type.StartsWith(Claims.Prefixes.Private, StringComparison.OrdinalIgnoreCase))
{
@ -1519,6 +1546,15 @@ namespace OpenIddict.Server
return false;
}
// Never include the creation and expiration dates that are automatically
// inherited from the parent token are not reused for the new token.
if (string.Equals(claim.Type, Claims.ExpiresAt, StringComparison.OrdinalIgnoreCase) ||
string.Equals(claim.Type, Claims.IssuedAt, StringComparison.OrdinalIgnoreCase) ||
string.Equals(claim.Type, Claims.NotBefore, StringComparison.OrdinalIgnoreCase))
{
return false;
}
// Other claims are always included in the authorization code, even private claims.
return true;
});
@ -1606,6 +1642,15 @@ namespace OpenIddict.Server
return false;
}
// Never include the creation and expiration dates that are automatically
// inherited from the parent token are not reused for the new token.
if (string.Equals(claim.Type, Claims.ExpiresAt, StringComparison.OrdinalIgnoreCase) ||
string.Equals(claim.Type, Claims.IssuedAt, StringComparison.OrdinalIgnoreCase) ||
string.Equals(claim.Type, Claims.NotBefore, StringComparison.OrdinalIgnoreCase))
{
return false;
}
// Other claims are always included in the refresh token, even private claims.
return true;
});
@ -1690,6 +1735,15 @@ namespace OpenIddict.Server
return false;
}
// Never include the creation and expiration dates that are automatically
// inherited from the parent token are not reused for the new token.
if (string.Equals(claim.Type, Claims.ExpiresAt, StringComparison.OrdinalIgnoreCase) ||
string.Equals(claim.Type, Claims.IssuedAt, StringComparison.OrdinalIgnoreCase) ||
string.Equals(claim.Type, Claims.NotBefore, StringComparison.OrdinalIgnoreCase))
{
return false;
}
// Always exclude private claims by default, whose values must generally be kept secret.
if (claim.Type.StartsWith(Claims.Prefixes.Private, StringComparison.OrdinalIgnoreCase))
{
@ -2056,15 +2110,13 @@ namespace OpenIddict.Server
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
var identifier = Base64UrlEncoder.Encode(data);
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.AccessTokenPrincipal.GetInternalAuthorizationId(),
CreationDate = context.AccessTokenPrincipal.GetCreationDate(),
ExpirationDate = context.AccessTokenPrincipal.GetExpirationDate(),
Principal = context.AccessTokenPrincipal,
ReferenceId = identifier,
ReferenceId = Base64UrlEncoder.Encode(data),
Status = Statuses.Valid,
Subject = context.AccessTokenPrincipal.GetClaim(Claims.Subject),
Type = TokenUsages.AccessToken
@ -2094,9 +2146,15 @@ namespace OpenIddict.Server
Subject = (ClaimsIdentity) context.AccessTokenPrincipal.Identity
});
await _tokenManager.CreateAsync(descriptor);
var token = await _tokenManager.CreateAsync(descriptor);
context.Response.AccessToken = descriptor.ReferenceId;
context.Response.AccessToken = identifier;
context.Logger.LogTrace("The reference access token '{Identifier}' was successfully created with the " +
"reference identifier '{ReferenceId}' and the following JWT payload: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
descriptor.Payload, context.AccessTokenPrincipal.Claims);
}
}
@ -2167,15 +2225,13 @@ namespace OpenIddict.Server
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
var identifier = Base64UrlEncoder.Encode(data);
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.AuthorizationCodePrincipal.GetInternalAuthorizationId(),
CreationDate = context.AuthorizationCodePrincipal.GetCreationDate(),
ExpirationDate = context.AuthorizationCodePrincipal.GetExpirationDate(),
Principal = context.AuthorizationCodePrincipal,
ReferenceId = identifier,
ReferenceId = Base64UrlEncoder.Encode(data),
Status = Statuses.Valid,
Subject = context.AuthorizationCodePrincipal.GetClaim(Claims.Subject),
Type = TokenUsages.AuthorizationCode
@ -2205,9 +2261,15 @@ namespace OpenIddict.Server
Subject = (ClaimsIdentity) context.AuthorizationCodePrincipal.Identity
});
await _tokenManager.CreateAsync(descriptor);
var token = await _tokenManager.CreateAsync(descriptor);
context.Response.Code = descriptor.ReferenceId;
context.Response.Code = identifier;
context.Logger.LogTrace("The reference authorization code '{Identifier}' was successfully created with the " +
"reference identifier '{ReferenceId}' and the following payload: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
descriptor.Payload, context.AuthorizationCodePrincipal.Claims);
}
}
@ -2278,15 +2340,13 @@ namespace OpenIddict.Server
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
var identifier = Base64UrlEncoder.Encode(data);
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.RefreshTokenPrincipal.GetInternalAuthorizationId(),
CreationDate = context.RefreshTokenPrincipal.GetCreationDate(),
ExpirationDate = context.RefreshTokenPrincipal.GetExpirationDate(),
Principal = context.RefreshTokenPrincipal,
ReferenceId = identifier,
ReferenceId = Base64UrlEncoder.Encode(data),
Status = Statuses.Valid,
Subject = context.RefreshTokenPrincipal.GetClaim(Claims.Subject),
Type = TokenUsages.RefreshToken
@ -2315,9 +2375,15 @@ namespace OpenIddict.Server
Subject = (ClaimsIdentity) context.RefreshTokenPrincipal.Identity
});
await _tokenManager.CreateAsync(descriptor);
var token = await _tokenManager.CreateAsync(descriptor);
context.Response.RefreshToken = descriptor.ReferenceId;
context.Response.RefreshToken = identifier;
context.Logger.LogTrace("The reference refresh token '{Identifier}' was successfully created with the " +
"reference identifier '{ReferenceId}' and the following payload: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
descriptor.Payload, context.RefreshTokenPrincipal.Claims);
}
}
@ -2403,9 +2469,12 @@ namespace OpenIddict.Server
}
var token = await _tokenManager.CreateAsync(descriptor);
var identifier = await _tokenManager.GetIdAsync(token);
// Set the internal token identifier so that it can be added to the serialized code.
context.AuthorizationCodePrincipal.SetInternalTokenId(await _tokenManager.GetIdAsync(token));
context.AuthorizationCodePrincipal.SetInternalTokenId(identifier);
context.Logger.LogTrace("The entry for authorization code '{Identifier}' was successfully created.", identifier);
}
}
@ -2491,9 +2560,12 @@ namespace OpenIddict.Server
}
var token = await _tokenManager.CreateAsync(descriptor);
var identifier = await _tokenManager.GetIdAsync(token);
// Set the internal token identifier so that it can be added to the serialized token.
context.RefreshTokenPrincipal.SetInternalTokenId(await _tokenManager.GetIdAsync(token));
context.RefreshTokenPrincipal.SetInternalTokenId(identifier);
context.Logger.LogTrace("The entry for refresh token '{Identifier}' was successfully created.", identifier);
}
}
@ -2545,6 +2617,12 @@ namespace OpenIddict.Server
credentials.Key is SymmetricSecurityKey) ?? context.Options.SigningCredentials.First(),
Subject = (ClaimsIdentity) context.AccessTokenPrincipal.Identity
});
context.Logger.LogTrace("The access token '{Identifier}' was successfully created and the " +
"following JWT payload was attached to the OpenID Connect response: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.AccessTokenPrincipal.GetClaim(Claims.JwtId),
context.Response.AccessToken, context.AccessTokenPrincipal.Claims);
}
}
@ -2596,6 +2674,12 @@ namespace OpenIddict.Server
credentials.Key is SymmetricSecurityKey) ?? context.Options.SigningCredentials.First(),
Subject = (ClaimsIdentity) context.AuthorizationCodePrincipal.Identity
});
context.Logger.LogTrace("The authorization code '{Identifier}' was successfully created and the " +
"following JWT payload was attached to the OpenID Connect response: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.AuthorizationCodePrincipal.GetClaim(Claims.JwtId),
context.Response.Code, context.AuthorizationCodePrincipal.Claims);
}
}
@ -2646,6 +2730,12 @@ namespace OpenIddict.Server
credentials.Key is SymmetricSecurityKey) ?? context.Options.SigningCredentials.First(),
Subject = (ClaimsIdentity) context.RefreshTokenPrincipal.Identity
});
context.Logger.LogTrace("The refresh token '{Identifier}' was successfully created and the " +
"following JWT payload was attached to the OpenID Connect response: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.RefreshTokenPrincipal.GetClaim(Claims.JwtId),
context.Response.RefreshToken, context.RefreshTokenPrincipal.Claims);
}
}
@ -2826,6 +2916,12 @@ namespace OpenIddict.Server
credentials.Key is AsymmetricSecurityKey),
Subject = (ClaimsIdentity) context.IdentityTokenPrincipal.Identity
});
context.Logger.LogTrace("The identity token '{Identifier}' was successfully created and the " +
"following JWT payload was attached to the OpenID Connect response: {Payload}. " +
"The principal used to create the token contained the following claims: {Claims}.",
context.IdentityTokenPrincipal.GetClaim(Claims.JwtId),
context.Response.IdToken, context.IdentityTokenPrincipal.Claims);
}
}

10
src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs
View File

@ -126,7 +126,7 @@ namespace OpenIddict.Validation.DataProtection
catch (Exception exception)
{
context.Logger.LogTrace(exception, "An exception occured while deserializing a token.");
context.Logger.LogTrace(exception, "An exception occured while deserializing the token '{Token}'.", payload);
}
// If the token cannot be validated, don't return an error to allow another handle to validate it.
@ -143,6 +143,9 @@ namespace OpenIddict.Validation.DataProtection
.SetInternalAuthorizationId(await _tokenManager.GetAuthorizationIdAsync(token))
.SetInternalTokenId(await _tokenManager.GetIdAsync(token))
.SetClaim(Claims.Private.TokenUsage, await _tokenManager.GetTypeAsync(token));
context.Logger.LogTrace("The reference DP token '{Token}' was successfully validated and the following " +
"claims could be extracted: {Claims}.", payload, context.Principal.Claims);
}
}
@ -212,7 +215,7 @@ namespace OpenIddict.Validation.DataProtection
catch (Exception exception)
{
context.Logger.LogTrace(exception, "An exception occured while deserializing a token.");
context.Logger.LogTrace(exception, "An exception occured while deserializing the token '{Token}'.", token);
}
// If the token cannot be validated, don't return an error to allow another handle to validate it.
@ -225,6 +228,9 @@ namespace OpenIddict.Validation.DataProtection
// per token type, the token processed at this stage is guaranteed to be of the expected type.
context.Principal = principal.SetClaim(Claims.Private.TokenUsage, TokenUsages.AccessToken);
context.Logger.LogTrace("The self-contained DP token '{Token}' was successfully validated and the following " +
"claims could be extracted: {Claims}.", token, context.Principal.Claims);
return default;
}
}

10
src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
View File

@ -169,6 +169,8 @@ namespace OpenIddict.Validation
var result = await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(payload, parameters);
if (result.ClaimsIdentity == null)
{
context.Logger.LogTrace(result.Exception, "An error occurred while validating the token '{Token}'.", payload);
return;
}
@ -180,6 +182,9 @@ namespace OpenIddict.Validation
.SetInternalAuthorizationId(await _tokenManager.GetAuthorizationIdAsync(token))
.SetInternalTokenId(await _tokenManager.GetIdAsync(token))
.SetClaim(Claims.Private.TokenUsage, await _tokenManager.GetTypeAsync(token));
context.Logger.LogTrace("The reference JWT token '{Token}' was successfully validated and the following " +
"claims could be extracted: {Claims}.", payload, context.Principal.Claims);
}
}
@ -240,11 +245,16 @@ namespace OpenIddict.Validation
var result = await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(context.Request.AccessToken, parameters);
if (result.ClaimsIdentity == null)
{
context.Logger.LogTrace(result.Exception, "An error occurred while validating the token '{Token}'.", context.Request.AccessToken);
return;
}
// Attach the principal extracted from the token to the parent event context.
context.Principal = new ClaimsPrincipal(result.ClaimsIdentity);
context.Logger.LogTrace("The self-contained JWT token '{Token}' was successfully validated and the following " +
"claims could be extracted: {Claims}.", context.Request.AccessToken, context.Principal.Claims);
}
}

Write Preview
Loading…
Cancel
Save