From dc04b1706c1658375e5eaef18b3abd9f30729c16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Mon, 16 Jun 2025 20:26:40 +0200 Subject: [PATCH] Fix the OpenIddict server Data Protection integration to use a correct token type hints lookup --- .../OpenIddictClientDataProtectionHandlers.Protection.cs | 2 +- src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs | 2 +- .../OpenIddictServerDataProtectionHandlers.Protection.cs | 5 +++-- src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs | 2 +- .../OpenIddictValidationDataProtectionHandlers.Protection.cs | 2 +- .../OpenIddictValidationHandlers.Protection.cs | 2 +- 6 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionHandlers.Protection.cs b/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionHandlers.Protection.cs index ece548af..c005b9ca 100644 --- a/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionHandlers.Protection.cs +++ b/src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionHandlers.Protection.cs @@ -65,7 +65,7 @@ public static partial class OpenIddictClientDataProtectionHandlers } // If a specific token format is expected, return immediately if it doesn't match the expected value. - if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.DataProtection) + if (context.TokenFormat is not null and not TokenFormats.Private.DataProtection) { return default; } diff --git a/src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs b/src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs index af1705b6..8e09ad69 100644 --- a/src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs +++ b/src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs @@ -349,7 +349,7 @@ public static partial class OpenIddictClientHandlers } // If a specific token format is expected, return immediately if it doesn't match the expected value. - if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.JsonWebToken) + if (context.TokenFormat is not null and not TokenFormats.Private.JsonWebToken) { return; } diff --git a/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs b/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs index 78bcc5dd..9f72ad39 100644 --- a/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs +++ b/src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs @@ -65,7 +65,7 @@ public static partial class OpenIddictServerDataProtectionHandlers } // If a specific token format is expected, return immediately if it doesn't match the expected value. - if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.DataProtection) + if (context.TokenFormat is not null and not TokenFormats.Private.DataProtection) { return default; } @@ -144,7 +144,8 @@ public static partial class OpenIddictServerDataProtectionHandlers _ => context.ValidTokenTypes.OrderBy(type => type switch { // If the token type hint corresponds to one of the valid types, test it first. - string value when value == context.TokenTypeHint => 0, + TokenTypeIdentifiers.AccessToken when context.TokenTypeHint is TokenTypeHints.AccessToken => 0, + TokenTypeIdentifiers.RefreshToken when context.TokenTypeHint is TokenTypeHints.RefreshToken => 0, TokenTypeIdentifiers.AccessToken => 1, TokenTypeIdentifiers.RefreshToken => 2, diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs index 2f9845b1..0eeb3a6f 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs @@ -455,7 +455,7 @@ public static partial class OpenIddictServerHandlers } // If a specific token format is expected, return immediately if it doesn't match the expected value. - if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.JsonWebToken) + if (context.TokenFormat is not null and not TokenFormats.Private.JsonWebToken) { return; } diff --git a/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs b/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs index 77651eb6..a5138876 100644 --- a/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs +++ b/src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs @@ -59,7 +59,7 @@ public static partial class OpenIddictValidationDataProtectionHandlers } // If a specific token format is expected, return immediately if it doesn't match the expected value. - if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.DataProtection) + if (context.TokenFormat is not null and not TokenFormats.Private.DataProtection) { return default; } diff --git a/src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs b/src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs index 57cca2a1..612f3d21 100644 --- a/src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs +++ b/src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs @@ -291,7 +291,7 @@ public static partial class OpenIddictValidationHandlers } // If a specific token format is expected, return immediately if it doesn't match the expected value. - if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.JsonWebToken) + if (context.TokenFormat is not null and not TokenFormats.Private.JsonWebToken) { return; }