diff --git a/eng/Versions.props b/eng/Versions.props
index 718f9766..5f7f6efa 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -36,7 +36,7 @@
2019.1.3
12.0.2
1.0.2
- 5.5.1-preview-60930170140
+ 5.5.1-preview-61001030225
1.5.0
4.0.0
2.9.0
diff --git a/samples/Mvc.Client/appsettings.Development.json b/samples/Mvc.Client/appsettings.Development.json
new file mode 100644
index 00000000..1ca99ed9
--- /dev/null
+++ b/samples/Mvc.Client/appsettings.Development.json
@@ -0,0 +1,9 @@
+{
+ "Logging": {
+ "LogLevel": {
+ "Default": "Trace",
+ "System": "Information",
+ "Microsoft": "Information"
+ }
+ }
+}
diff --git a/samples/Mvc.Client/appsettings.json b/samples/Mvc.Client/appsettings.json
new file mode 100644
index 00000000..8983e0fc
--- /dev/null
+++ b/samples/Mvc.Client/appsettings.json
@@ -0,0 +1,9 @@
+{
+ "Logging": {
+ "LogLevel": {
+ "Default": "Information",
+ "Microsoft": "Warning",
+ "Microsoft.Hosting.Lifetime": "Information"
+ }
+ }
+}
diff --git a/samples/Mvc.Server/appsettings.Development.json b/samples/Mvc.Server/appsettings.Development.json
new file mode 100644
index 00000000..1ca99ed9
--- /dev/null
+++ b/samples/Mvc.Server/appsettings.Development.json
@@ -0,0 +1,9 @@
+{
+ "Logging": {
+ "LogLevel": {
+ "Default": "Trace",
+ "System": "Information",
+ "Microsoft": "Information"
+ }
+ }
+}
diff --git a/samples/Mvc.Server/appsettings.json b/samples/Mvc.Server/appsettings.json
index a4d0b394..9b2e6911 100644
--- a/samples/Mvc.Server/appsettings.json
+++ b/samples/Mvc.Server/appsettings.json
@@ -1,5 +1,13 @@
{
"ConnectionStrings": {
"DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=aspnet5-openiddict-sample-12340be6-0442-4622-b782-a7412bb7d045;Trusted_Connection=True;MultipleActiveResultSets=true"
+ },
+
+ "Logging": {
+ "LogLevel": {
+ "Default": "Information",
+ "Microsoft": "Warning",
+ "Microsoft.Hosting.Lifetime": "Information"
+ }
}
}
diff --git a/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.cs b/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.cs
index 9b19ec14..e9fe275b 100644
--- a/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.cs
+++ b/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.cs
@@ -171,6 +171,9 @@ namespace OpenIddict.Server.DataProtection
.SetInternalTokenId(await _tokenManager.GetIdAsync(token))
.SetClaim(Claims.Private.TokenUsage, await _tokenManager.GetTypeAsync(token));
+ context.Logger.LogTrace("The reference DP token '{Token}' was successfully validated and the following " +
+ "claims could be extracted: {Claims}.", payload, context.Principal.Claims);
+
ClaimsPrincipal ValidateToken(string token, string type)
{
// Create a Data Protection protector using the provider registered in the options.
@@ -199,7 +202,7 @@ namespace OpenIddict.Server.DataProtection
catch (Exception exception)
{
- context.Logger.LogTrace(exception, "An exception occured while deserializing a token.");
+ context.Logger.LogTrace(exception, "An exception occured while deserializing the token '{Token}'.", token);
return null;
}
@@ -325,6 +328,9 @@ namespace OpenIddict.Server.DataProtection
context.Principal = principal;
+ context.Logger.LogTrace("The self-contained DP token '{Token}' was successfully validated and the following " +
+ "claims could be extracted: {Claims}.", token, context.Principal.Claims);
+
return default;
ClaimsPrincipal ValidateToken(string token, string type)
@@ -354,7 +360,7 @@ namespace OpenIddict.Server.DataProtection
catch (Exception exception)
{
- context.Logger.LogTrace(exception, "An exception occured while deserializing a token.");
+ context.Logger.LogTrace(exception, "An exception occured while deserializing the token '{Token}'.", token);
return null;
}
@@ -445,7 +451,6 @@ namespace OpenIddict.Server.DataProtection
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
-
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.AccessTokenPrincipal.GetInternalAuthorizationId(),
@@ -471,9 +476,15 @@ namespace OpenIddict.Server.DataProtection
descriptor.ApplicationId = await _applicationManager.GetIdAsync(application);
}
- await _tokenManager.CreateAsync(descriptor);
+ var token = await _tokenManager.CreateAsync(descriptor);
context.Response.AccessToken = descriptor.ReferenceId;
+
+ context.Logger.LogTrace("The reference access token '{Identifier}' was successfully created with the " +
+ "reference identifier '{ReferenceId}' and the following DP payload: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
+ descriptor.Payload, context.AccessTokenPrincipal.Claims);
}
}
@@ -560,7 +571,6 @@ namespace OpenIddict.Server.DataProtection
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
-
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.AuthorizationCodePrincipal.GetInternalAuthorizationId(),
@@ -586,9 +596,15 @@ namespace OpenIddict.Server.DataProtection
descriptor.ApplicationId = await _applicationManager.GetIdAsync(application);
}
- await _tokenManager.CreateAsync(descriptor);
+ var token = await _tokenManager.CreateAsync(descriptor);
context.Response.Code = descriptor.ReferenceId;
+
+ context.Logger.LogTrace("The reference authorization code '{Identifier}' was successfully created with the " +
+ "reference identifier '{ReferenceId}' and the following DP payload: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
+ descriptor.Payload, context.AuthorizationCodePrincipal.Claims);
}
}
@@ -675,7 +691,6 @@ namespace OpenIddict.Server.DataProtection
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
-
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.RefreshTokenPrincipal.GetInternalAuthorizationId(),
@@ -701,9 +716,15 @@ namespace OpenIddict.Server.DataProtection
descriptor.ApplicationId = await _applicationManager.GetIdAsync(application);
}
- await _tokenManager.CreateAsync(descriptor);
+ var token = await _tokenManager.CreateAsync(descriptor);
context.Response.RefreshToken = descriptor.ReferenceId;
+
+ context.Logger.LogTrace("The reference refresh token '{Identifier}' was successfully created with the " +
+ "reference identifier '{ReferenceId}' and the following DP payload: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
+ descriptor.Payload, context.RefreshTokenPrincipal.Claims);
}
}
@@ -763,6 +784,12 @@ namespace OpenIddict.Server.DataProtection
context.Response.AccessToken = Base64UrlEncoder.Encode(protector.Protect(buffer.ToArray()));
+ context.Logger.LogTrace("The access token '{Identifier}' was successfully created and the " +
+ "following DP payload was attached to the OpenID Connect response: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ context.AccessTokenPrincipal.GetClaim(Claims.JwtId),
+ context.Response.AccessToken, context.AccessTokenPrincipal.Claims);
+
return default;
}
}
@@ -823,6 +850,12 @@ namespace OpenIddict.Server.DataProtection
context.Response.Code = Base64UrlEncoder.Encode(protector.Protect(buffer.ToArray()));
+ context.Logger.LogTrace("The authorization code '{Identifier}' was successfully created and the " +
+ "following JWT payload was attached to the OpenID Connect response: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ context.AccessTokenPrincipal.GetClaim(Claims.JwtId),
+ context.Response.Code, context.AuthorizationCodePrincipal.Claims);
+
return default;
}
}
@@ -883,6 +916,12 @@ namespace OpenIddict.Server.DataProtection
context.Response.RefreshToken = Base64UrlEncoder.Encode(protector.Protect(buffer.ToArray()));
+ context.Logger.LogTrace("The refresh token '{Identifier}' was successfully created and the " +
+ "following JWT payload was attached to the OpenID Connect response: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ context.AccessTokenPrincipal.GetClaim(Claims.JwtId),
+ context.Response.RefreshToken, context.RefreshTokenPrincipal.Claims);
+
return default;
}
}
diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.cs
index 79746325..b672fa07 100644
--- a/src/OpenIddict.Server/OpenIddictServerHandlers.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.cs
@@ -267,6 +267,9 @@ namespace OpenIddict.Server
.SetInternalTokenId(await _tokenManager.GetIdAsync(token))
.SetClaim(Claims.Private.TokenUsage, await _tokenManager.GetTypeAsync(token));
+ context.Logger.LogTrace("The reference JWT token '{Token}' was successfully validated and the following " +
+ "claims could be extracted: {Claims}.", payload, context.Principal.Claims);
+
async ValueTask ValidateTokenAsync(string token, string type)
{
var parameters = context.Options.TokenValidationParameters.Clone();
@@ -294,7 +297,13 @@ namespace OpenIddict.Server
_ => Array.Empty()
};
- return await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(token, parameters);
+ var result = await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(token, parameters);
+ if (!result.IsValid)
+ {
+ context.Logger.LogTrace(result.Exception, "An error occurred while validating the token '{Token}'.", token);
+ }
+
+ return result;
}
async ValueTask ValidateAnyTokenAsync(string token)
@@ -444,6 +453,9 @@ namespace OpenIddict.Server
// Attach the principal extracted from the token to the parent event context.
context.Principal = new ClaimsPrincipal(result.ClaimsIdentity);
+ context.Logger.LogTrace("The self-contained JWT token '{Token}' was successfully validated and the following " +
+ "claims could be extracted: {Claims}.", token, context.Principal.Claims);
+
async ValueTask ValidateTokenAsync(string token, string type)
{
var parameters = context.Options.TokenValidationParameters.Clone();
@@ -475,7 +487,13 @@ namespace OpenIddict.Server
_ => Array.Empty()
};
- return await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(token, parameters);
+ var result = await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(token, parameters);
+ if (!result.IsValid)
+ {
+ context.Logger.LogTrace(result.Exception, "An error occurred while validating the token '{Token}'.", token);
+ }
+
+ return result;
}
async ValueTask ValidateAnyTokenAsync(string token)
@@ -1411,6 +1429,15 @@ namespace OpenIddict.Server
return false;
}
+ // Never include the creation and expiration dates that are automatically
+ // inherited from the parent token are not reused for the new token.
+ if (string.Equals(claim.Type, Claims.ExpiresAt, StringComparison.OrdinalIgnoreCase) ||
+ string.Equals(claim.Type, Claims.IssuedAt, StringComparison.OrdinalIgnoreCase) ||
+ string.Equals(claim.Type, Claims.NotBefore, StringComparison.OrdinalIgnoreCase))
+ {
+ return false;
+ }
+
// Always exclude private claims, whose values must generally be kept secret.
if (claim.Type.StartsWith(Claims.Prefixes.Private, StringComparison.OrdinalIgnoreCase))
{
@@ -1519,6 +1546,15 @@ namespace OpenIddict.Server
return false;
}
+ // Never include the creation and expiration dates that are automatically
+ // inherited from the parent token are not reused for the new token.
+ if (string.Equals(claim.Type, Claims.ExpiresAt, StringComparison.OrdinalIgnoreCase) ||
+ string.Equals(claim.Type, Claims.IssuedAt, StringComparison.OrdinalIgnoreCase) ||
+ string.Equals(claim.Type, Claims.NotBefore, StringComparison.OrdinalIgnoreCase))
+ {
+ return false;
+ }
+
// Other claims are always included in the authorization code, even private claims.
return true;
});
@@ -1606,6 +1642,15 @@ namespace OpenIddict.Server
return false;
}
+ // Never include the creation and expiration dates that are automatically
+ // inherited from the parent token are not reused for the new token.
+ if (string.Equals(claim.Type, Claims.ExpiresAt, StringComparison.OrdinalIgnoreCase) ||
+ string.Equals(claim.Type, Claims.IssuedAt, StringComparison.OrdinalIgnoreCase) ||
+ string.Equals(claim.Type, Claims.NotBefore, StringComparison.OrdinalIgnoreCase))
+ {
+ return false;
+ }
+
// Other claims are always included in the refresh token, even private claims.
return true;
});
@@ -1690,6 +1735,15 @@ namespace OpenIddict.Server
return false;
}
+ // Never include the creation and expiration dates that are automatically
+ // inherited from the parent token are not reused for the new token.
+ if (string.Equals(claim.Type, Claims.ExpiresAt, StringComparison.OrdinalIgnoreCase) ||
+ string.Equals(claim.Type, Claims.IssuedAt, StringComparison.OrdinalIgnoreCase) ||
+ string.Equals(claim.Type, Claims.NotBefore, StringComparison.OrdinalIgnoreCase))
+ {
+ return false;
+ }
+
// Always exclude private claims by default, whose values must generally be kept secret.
if (claim.Type.StartsWith(Claims.Prefixes.Private, StringComparison.OrdinalIgnoreCase))
{
@@ -2056,15 +2110,13 @@ namespace OpenIddict.Server
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
- var identifier = Base64UrlEncoder.Encode(data);
-
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.AccessTokenPrincipal.GetInternalAuthorizationId(),
CreationDate = context.AccessTokenPrincipal.GetCreationDate(),
ExpirationDate = context.AccessTokenPrincipal.GetExpirationDate(),
Principal = context.AccessTokenPrincipal,
- ReferenceId = identifier,
+ ReferenceId = Base64UrlEncoder.Encode(data),
Status = Statuses.Valid,
Subject = context.AccessTokenPrincipal.GetClaim(Claims.Subject),
Type = TokenUsages.AccessToken
@@ -2094,9 +2146,15 @@ namespace OpenIddict.Server
Subject = (ClaimsIdentity) context.AccessTokenPrincipal.Identity
});
- await _tokenManager.CreateAsync(descriptor);
+ var token = await _tokenManager.CreateAsync(descriptor);
+
+ context.Response.AccessToken = descriptor.ReferenceId;
- context.Response.AccessToken = identifier;
+ context.Logger.LogTrace("The reference access token '{Identifier}' was successfully created with the " +
+ "reference identifier '{ReferenceId}' and the following JWT payload: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
+ descriptor.Payload, context.AccessTokenPrincipal.Claims);
}
}
@@ -2167,15 +2225,13 @@ namespace OpenIddict.Server
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
- var identifier = Base64UrlEncoder.Encode(data);
-
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.AuthorizationCodePrincipal.GetInternalAuthorizationId(),
CreationDate = context.AuthorizationCodePrincipal.GetCreationDate(),
ExpirationDate = context.AuthorizationCodePrincipal.GetExpirationDate(),
Principal = context.AuthorizationCodePrincipal,
- ReferenceId = identifier,
+ ReferenceId = Base64UrlEncoder.Encode(data),
Status = Statuses.Valid,
Subject = context.AuthorizationCodePrincipal.GetClaim(Claims.Subject),
Type = TokenUsages.AuthorizationCode
@@ -2205,9 +2261,15 @@ namespace OpenIddict.Server
Subject = (ClaimsIdentity) context.AuthorizationCodePrincipal.Identity
});
- await _tokenManager.CreateAsync(descriptor);
+ var token = await _tokenManager.CreateAsync(descriptor);
+
+ context.Response.Code = descriptor.ReferenceId;
- context.Response.Code = identifier;
+ context.Logger.LogTrace("The reference authorization code '{Identifier}' was successfully created with the " +
+ "reference identifier '{ReferenceId}' and the following payload: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
+ descriptor.Payload, context.AuthorizationCodePrincipal.Claims);
}
}
@@ -2278,15 +2340,13 @@ namespace OpenIddict.Server
using var generator = RandomNumberGenerator.Create();
generator.GetBytes(data);
#endif
- var identifier = Base64UrlEncoder.Encode(data);
-
var descriptor = new OpenIddictTokenDescriptor
{
AuthorizationId = context.RefreshTokenPrincipal.GetInternalAuthorizationId(),
CreationDate = context.RefreshTokenPrincipal.GetCreationDate(),
ExpirationDate = context.RefreshTokenPrincipal.GetExpirationDate(),
Principal = context.RefreshTokenPrincipal,
- ReferenceId = identifier,
+ ReferenceId = Base64UrlEncoder.Encode(data),
Status = Statuses.Valid,
Subject = context.RefreshTokenPrincipal.GetClaim(Claims.Subject),
Type = TokenUsages.RefreshToken
@@ -2315,9 +2375,15 @@ namespace OpenIddict.Server
Subject = (ClaimsIdentity) context.RefreshTokenPrincipal.Identity
});
- await _tokenManager.CreateAsync(descriptor);
+ var token = await _tokenManager.CreateAsync(descriptor);
+
+ context.Response.RefreshToken = descriptor.ReferenceId;
- context.Response.RefreshToken = identifier;
+ context.Logger.LogTrace("The reference refresh token '{Identifier}' was successfully created with the " +
+ "reference identifier '{ReferenceId}' and the following payload: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ await _tokenManager.GetIdAsync(token), descriptor.ReferenceId,
+ descriptor.Payload, context.RefreshTokenPrincipal.Claims);
}
}
@@ -2403,9 +2469,12 @@ namespace OpenIddict.Server
}
var token = await _tokenManager.CreateAsync(descriptor);
+ var identifier = await _tokenManager.GetIdAsync(token);
// Set the internal token identifier so that it can be added to the serialized code.
- context.AuthorizationCodePrincipal.SetInternalTokenId(await _tokenManager.GetIdAsync(token));
+ context.AuthorizationCodePrincipal.SetInternalTokenId(identifier);
+
+ context.Logger.LogTrace("The entry for authorization code '{Identifier}' was successfully created.", identifier);
}
}
@@ -2491,9 +2560,12 @@ namespace OpenIddict.Server
}
var token = await _tokenManager.CreateAsync(descriptor);
+ var identifier = await _tokenManager.GetIdAsync(token);
// Set the internal token identifier so that it can be added to the serialized token.
- context.RefreshTokenPrincipal.SetInternalTokenId(await _tokenManager.GetIdAsync(token));
+ context.RefreshTokenPrincipal.SetInternalTokenId(identifier);
+
+ context.Logger.LogTrace("The entry for refresh token '{Identifier}' was successfully created.", identifier);
}
}
@@ -2545,6 +2617,12 @@ namespace OpenIddict.Server
credentials.Key is SymmetricSecurityKey) ?? context.Options.SigningCredentials.First(),
Subject = (ClaimsIdentity) context.AccessTokenPrincipal.Identity
});
+
+ context.Logger.LogTrace("The access token '{Identifier}' was successfully created and the " +
+ "following JWT payload was attached to the OpenID Connect response: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ context.AccessTokenPrincipal.GetClaim(Claims.JwtId),
+ context.Response.AccessToken, context.AccessTokenPrincipal.Claims);
}
}
@@ -2596,6 +2674,12 @@ namespace OpenIddict.Server
credentials.Key is SymmetricSecurityKey) ?? context.Options.SigningCredentials.First(),
Subject = (ClaimsIdentity) context.AuthorizationCodePrincipal.Identity
});
+
+ context.Logger.LogTrace("The authorization code '{Identifier}' was successfully created and the " +
+ "following JWT payload was attached to the OpenID Connect response: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ context.AuthorizationCodePrincipal.GetClaim(Claims.JwtId),
+ context.Response.Code, context.AuthorizationCodePrincipal.Claims);
}
}
@@ -2646,6 +2730,12 @@ namespace OpenIddict.Server
credentials.Key is SymmetricSecurityKey) ?? context.Options.SigningCredentials.First(),
Subject = (ClaimsIdentity) context.RefreshTokenPrincipal.Identity
});
+
+ context.Logger.LogTrace("The refresh token '{Identifier}' was successfully created and the " +
+ "following JWT payload was attached to the OpenID Connect response: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ context.RefreshTokenPrincipal.GetClaim(Claims.JwtId),
+ context.Response.RefreshToken, context.RefreshTokenPrincipal.Claims);
}
}
@@ -2826,6 +2916,12 @@ namespace OpenIddict.Server
credentials.Key is AsymmetricSecurityKey),
Subject = (ClaimsIdentity) context.IdentityTokenPrincipal.Identity
});
+
+ context.Logger.LogTrace("The identity token '{Identifier}' was successfully created and the " +
+ "following JWT payload was attached to the OpenID Connect response: {Payload}. " +
+ "The principal used to create the token contained the following claims: {Claims}.",
+ context.IdentityTokenPrincipal.GetClaim(Claims.JwtId),
+ context.Response.IdToken, context.IdentityTokenPrincipal.Claims);
}
}
diff --git a/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs b/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs
index 3391d672..fe2a234b 100644
--- a/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs
+++ b/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.cs
@@ -126,7 +126,7 @@ namespace OpenIddict.Validation.DataProtection
catch (Exception exception)
{
- context.Logger.LogTrace(exception, "An exception occured while deserializing a token.");
+ context.Logger.LogTrace(exception, "An exception occured while deserializing the token '{Token}'.", payload);
}
// If the token cannot be validated, don't return an error to allow another handle to validate it.
@@ -143,6 +143,9 @@ namespace OpenIddict.Validation.DataProtection
.SetInternalAuthorizationId(await _tokenManager.GetAuthorizationIdAsync(token))
.SetInternalTokenId(await _tokenManager.GetIdAsync(token))
.SetClaim(Claims.Private.TokenUsage, await _tokenManager.GetTypeAsync(token));
+
+ context.Logger.LogTrace("The reference DP token '{Token}' was successfully validated and the following " +
+ "claims could be extracted: {Claims}.", payload, context.Principal.Claims);
}
}
@@ -212,7 +215,7 @@ namespace OpenIddict.Validation.DataProtection
catch (Exception exception)
{
- context.Logger.LogTrace(exception, "An exception occured while deserializing a token.");
+ context.Logger.LogTrace(exception, "An exception occured while deserializing the token '{Token}'.", token);
}
// If the token cannot be validated, don't return an error to allow another handle to validate it.
@@ -225,6 +228,9 @@ namespace OpenIddict.Validation.DataProtection
// per token type, the token processed at this stage is guaranteed to be of the expected type.
context.Principal = principal.SetClaim(Claims.Private.TokenUsage, TokenUsages.AccessToken);
+ context.Logger.LogTrace("The self-contained DP token '{Token}' was successfully validated and the following " +
+ "claims could be extracted: {Claims}.", token, context.Principal.Claims);
+
return default;
}
}
diff --git a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
index 5d943aa0..c59b604a 100644
--- a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
+++ b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
@@ -169,6 +169,8 @@ namespace OpenIddict.Validation
var result = await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(payload, parameters);
if (result.ClaimsIdentity == null)
{
+ context.Logger.LogTrace(result.Exception, "An error occurred while validating the token '{Token}'.", payload);
+
return;
}
@@ -180,6 +182,9 @@ namespace OpenIddict.Validation
.SetInternalAuthorizationId(await _tokenManager.GetAuthorizationIdAsync(token))
.SetInternalTokenId(await _tokenManager.GetIdAsync(token))
.SetClaim(Claims.Private.TokenUsage, await _tokenManager.GetTypeAsync(token));
+
+ context.Logger.LogTrace("The reference JWT token '{Token}' was successfully validated and the following " +
+ "claims could be extracted: {Claims}.", payload, context.Principal.Claims);
}
}
@@ -240,11 +245,16 @@ namespace OpenIddict.Validation
var result = await context.Options.JsonWebTokenHandler.ValidateTokenStringAsync(context.Request.AccessToken, parameters);
if (result.ClaimsIdentity == null)
{
+ context.Logger.LogTrace(result.Exception, "An error occurred while validating the token '{Token}'.", context.Request.AccessToken);
+
return;
}
// Attach the principal extracted from the token to the parent event context.
context.Principal = new ClaimsPrincipal(result.ClaimsIdentity);
+
+ context.Logger.LogTrace("The self-contained JWT token '{Token}' was successfully validated and the following " +
+ "claims could be extracted: {Claims}.", context.Request.AccessToken, context.Principal.Claims);
}
}