diff --git a/src/OpenIddict/OpenIddictProvider.Serialization.cs b/src/OpenIddict/OpenIddictProvider.Serialization.cs index 53a69a21..b45cbad1 100644 --- a/src/OpenIddict/OpenIddictProvider.Serialization.cs +++ b/src/OpenIddict/OpenIddictProvider.Serialization.cs @@ -32,20 +32,21 @@ namespace OpenIddict return; } - var ticket = await ReceiveTokenAsync( + context.Ticket = await ReceiveTokenAsync( context.AccessToken, options, context.HttpContext, context.Request, context.DataFormat); - // If a valid ticket was returned by ReceiveTokenAsync(), - // force the OpenID Connect server middleware to use it. - if (ticket != null) + // Prevent the OpenID Connect server middleware from using + // its default logic to deserialize the reference token. + if (context.Ticket != null) { - context.Ticket = ticket; context.HandleResponse(); } - // Otherwise, let the OpenID Connect server middleware - // deserialize the token using its default internal logic. + else + { + context.SkipToNextMiddleware(); + } } public override async Task DeserializeAuthorizationCode([NotNull] DeserializeAuthorizationCodeContext context) @@ -56,20 +57,21 @@ namespace OpenIddict return; } - var ticket = await ReceiveTokenAsync( + context.Ticket = await ReceiveTokenAsync( context.AuthorizationCode, options, context.HttpContext, context.Request, context.DataFormat); - // If a valid ticket was returned by ReceiveTokenAsync(), - // force the OpenID Connect server middleware to use it. - if (ticket != null) + // Prevent the OpenID Connect server middleware from using + // its default logic to deserialize the reference token. + if (context.Ticket != null) { - context.Ticket = ticket; context.HandleResponse(); } - // Otherwise, let the OpenID Connect server middleware - // deserialize the token using its default internal logic. + else + { + context.SkipToNextMiddleware(); + } } public override async Task DeserializeRefreshToken([NotNull] DeserializeRefreshTokenContext context) @@ -80,20 +82,21 @@ namespace OpenIddict return; } - var ticket = await ReceiveTokenAsync( + context.Ticket = await ReceiveTokenAsync( context.RefreshToken, options, context.HttpContext, context.Request, context.DataFormat); - // If a valid ticket was returned by ReceiveTokenAsync(), - // force the OpenID Connect server middleware to use it. - if (ticket != null) + // Prevent the OpenID Connect server middleware from using + // its default logic to deserialize the reference token. + if (context.Ticket != null) { - context.Ticket = ticket; context.HandleResponse(); } - // Otherwise, let the OpenID Connect server middleware - // deserialize the token using its default internal logic. + else + { + context.SkipToNextMiddleware(); + } } public override async Task SerializeAccessToken([NotNull] SerializeAccessTokenContext context) diff --git a/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs b/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs index 2d1097eb..dcc6374f 100644 --- a/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs +++ b/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs @@ -348,22 +348,9 @@ namespace OpenIddict.Tests var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); - var ticket = new AuthenticationTicket( - new ClaimsPrincipal(identity), - new AuthenticationProperties(), - OpenIdConnectServerDefaults.AuthenticationScheme); - - ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); - ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken); - - var format = new Mock>(); - - format.Setup(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA")) - .Returns(ticket); - var manager = CreateTokenManager(instance => { - instance.Setup(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny())) + instance.Setup(mock => mock.FindByHashAsync("coYFMTIt6jDp2O41qaUfV+XGhPsils3Z3YfmUvudrVw=", It.IsAny())) .ReturnsAsync(value: null); }); @@ -385,8 +372,6 @@ namespace OpenIddict.Tests builder.Services.AddSingleton(manager); - builder.Configure(options => options.AccessTokenFormat = format.Object); - builder.UseReferenceTokens(); }); @@ -397,14 +382,15 @@ namespace OpenIddict.Tests { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", - Token = "2YotnFZFEjr1zCsicMWpAA" + Token = "QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI" }); // Assert Assert.Single(response.GetParameters()); Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); - Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); + + Mock.Get(manager).Verify(mock => mock.FindByHashAsync("coYFMTIt6jDp2O41qaUfV+XGhPsils3Z3YfmUvudrVw=", It.IsAny()), Times.Exactly(3)); } [Fact] @@ -431,6 +417,15 @@ namespace OpenIddict.Tests var manager = CreateTokenManager(instance => { + instance.Setup(mock => mock.FindByHashAsync("coYFMTIt6jDp2O41qaUfV+XGhPsils3Z3YfmUvudrVw=", It.IsAny())) + .ReturnsAsync(token); + + instance.Setup(mock => mock.GetIdAsync(token, It.IsAny())) + .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); + + instance.Setup(mock => mock.GetCiphertextAsync(token, It.IsAny())) + .ReturnsAsync("2YotnFZFEjr1zCsicMWpAA"); + instance.Setup(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny())) .ReturnsAsync(token); @@ -468,13 +463,14 @@ namespace OpenIddict.Tests { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", - Token = "2YotnFZFEjr1zCsicMWpAA" + Token = "QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI" }); // Assert Assert.Single(response.GetParameters()); Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Mock.Get(manager).Verify(mock => mock.FindByHashAsync("coYFMTIt6jDp2O41qaUfV+XGhPsils3Z3YfmUvudrVw=", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.IsValidAsync(token, It.IsAny()), Times.Once()); }