Fix the OpenIddict server Data Protection integration to use a correct token type hints lookup

8 months ago · dc04b1706c
6 changed files with 8 additions and 7 deletions
--- a/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionHandlers.Protection.cs
+++ b/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionHandlers.Protection.cs
@ -65,7 +65,7 @@ public static partial class OpenIddictClientDataProtectionHandlers
                }

                // If a specific token format is expected, return immediately if it doesn't match the expected value.
-                if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.DataProtection)
+                if (context.TokenFormat is not null and not TokenFormats.Private.DataProtection)
                {
                    return default;
                }
--- a/src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs
+++ b/src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs
@ -349,7 +349,7 @@ public static partial class OpenIddictClientHandlers
                }

                // If a specific token format is expected, return immediately if it doesn't match the expected value.
-                if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.JsonWebToken)
+                if (context.TokenFormat is not null and not TokenFormats.Private.JsonWebToken)
                {
                    return;
                }
--- a/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs
+++ b/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs
@ -65,7 +65,7 @@ public static partial class OpenIddictServerDataProtectionHandlers
                }

                // If a specific token format is expected, return immediately if it doesn't match the expected value.
-                if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.DataProtection)
+                if (context.TokenFormat is not null and not TokenFormats.Private.DataProtection)
                {
                    return default;
                }
@ -144,7 +144,8 @@ public static partial class OpenIddictServerDataProtectionHandlers
                    _ => context.ValidTokenTypes.OrderBy(type => type switch
                    {
                        // If the token type hint corresponds to one of the valid types, test it first.
-                        string value when value == context.TokenTypeHint => 0,
+                        TokenTypeIdentifiers.AccessToken  when context.TokenTypeHint is TokenTypeHints.AccessToken  => 0,
+                        TokenTypeIdentifiers.RefreshToken when context.TokenTypeHint is TokenTypeHints.RefreshToken => 0,

                        TokenTypeIdentifiers.AccessToken               => 1,
                        TokenTypeIdentifiers.RefreshToken              => 2,
--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs
@ -455,7 +455,7 @@ public static partial class OpenIddictServerHandlers
                }

                // If a specific token format is expected, return immediately if it doesn't match the expected value.
-                if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.JsonWebToken)
+                if (context.TokenFormat is not null and not TokenFormats.Private.JsonWebToken)
                {
                    return;
                }
--- a/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs
+++ b/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs
@ -59,7 +59,7 @@ public static partial class OpenIddictValidationDataProtectionHandlers
                }

                // If a specific token format is expected, return immediately if it doesn't match the expected value.
-                if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.DataProtection)
+                if (context.TokenFormat is not null and not TokenFormats.Private.DataProtection)
                {
                    return default;
                }
--- a/src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs
+++ b/src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs
@ -291,7 +291,7 @@ public static partial class OpenIddictValidationHandlers
                }

                // If a specific token format is expected, return immediately if it doesn't match the expected value.
-                if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.JsonWebToken)
+                if (context.TokenFormat is not null and not TokenFormats.Private.JsonWebToken)
                {
                    return;
                }