tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update GenerateTokenContext to expose SecurityTokenDescriptor and adopt the new URI-style token type identifiers in the client, core, server and validation stacks

pull/2299/head
Kévin Chalet 10 months ago
parent
cf504fba56
commit
fab284f5d5
43 changed files with 1020 additions and 805 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 35
      src/OpenIddict.Abstractions/OpenIddictConstants.cs
  2. 16
      src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionHandlers.Protection.cs
  3. 4
      src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Exchange.cs
  4. 7
      src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
  5. 19
      src/OpenIddict.Client/OpenIddictClientEvents.Protection.cs
  6. 2
      src/OpenIddict.Client/OpenIddictClientHandlerFilters.cs
  7. 35
      src/OpenIddict.Client/OpenIddictClientHandlers.Introspection.cs
  8. 150
      src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs
  9. 58
      src/OpenIddict.Client/OpenIddictClientHandlers.cs
  10. 6
      src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
  11. 25
      src/OpenIddict.Core/Managers/OpenIddictTokenManager.cs
  12. 159
      src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs
  13. 19
      src/OpenIddict.Server/OpenIddictServerEvents.Protection.cs
  14. 2
      src/OpenIddict.Server/OpenIddictServerHandlerFilters.cs
  15. 27
      src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
  16. 330
      src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs
  17. 8
      src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs
  18. 70
      src/OpenIddict.Server/OpenIddictServerHandlers.cs
  19. 4
      src/OpenIddict.Server/OpenIddictServerOptions.cs
  20. 10
      src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs
  21. 5
      src/OpenIddict.Validation.Owin/OpenIddictValidationOwinConstants.cs
  22. 3
      src/OpenIddict.Validation.Owin/OpenIddictValidationOwinHandler.cs
  23. 19
      src/OpenIddict.Validation/OpenIddictValidationEvents.Protection.cs
  24. 2
      src/OpenIddict.Validation/OpenIddictValidationHandlerFilters.cs
  25. 35
      src/OpenIddict.Validation/OpenIddictValidationHandlers.Introspection.cs
  26. 137
      src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs
  27. 14
      src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
  28. 4
      src/OpenIddict.Validation/OpenIddictValidationOptions.cs
  29. 24
      test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictExtensionsTests.cs
  30. 8
      test/OpenIddict.Server.AspNetCore.IntegrationTests/OpenIddictServerAspNetCoreIntegrationTests.cs
  31. 20
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Authentication.cs
  32. 4
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Device.cs
  33. 212
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Exchange.cs
  34. 106
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Introspection.cs
  35. 42
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Protection.cs
  36. 38
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Revocation.cs
  37. 20
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Session.cs
  38. 28
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Userinfo.cs
  39. 90
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.cs
  40. 8
      test/OpenIddict.Server.Owin.IntegrationTests/OpenIddictServerOwinIntegrationTests.cs
  41. 8
      test/OpenIddict.Validation.AspNetCore.IntegrationTests/OpenIddictValidationAspNetCoreIntegrationTests.cs
  42. 4
      test/OpenIddict.Validation.IntegrationTests/OpenIddictValidationIntegrationTests.cs
  43. 8
      test/OpenIddict.Validation.Owin.IntegrationTests/OpenIddictValidationOwinIntegrationTests.cs

35
src/OpenIddict.Abstractions/OpenIddictConstants.cs
View File

@ -572,36 +572,45 @@ public static class OpenIddictConstants
public static class TokenFormats public static class TokenFormats
{ {
public const string Jwt = "urn:ietf:params:oauth:token-type:jwt";
public const string Saml1 = "urn:ietf:params:oauth:token-type:saml1";
public const string Saml2 = "urn:ietf:params:oauth:token-type:saml2";
public static class Private public static class Private
{ {
public const string DataProtection = "urn:openiddict:params:oauth:token-type:dp"; public const string DataProtection = "urn:openiddict:params:oauth:token-format:data_protection";
public const string JsonWebToken = "urn:openiddict:params:oauth:token-format:jwt";
public const string Saml1 = "urn:openiddict:params:oauth:token-format:saml1";
public const string Saml2 = "urn:openiddict:params:oauth:token-format:saml2";
} }
} }
public static class TokenTypeHints public static class TokenTypeHints
{ {
public const string AccessToken = "access_token"; public const string AccessToken = "access_token";
public const string AuthorizationCode = "authorization_code";
public const string ClientAssertion = "client_assertion";
public const string DeviceCode = "device_code";
public const string IdToken = "id_token";
public const string RefreshToken = "refresh_token"; public const string RefreshToken = "refresh_token";
public const string StateToken = "state_token"; }
public const string UserInfoToken = "userinfo_token";
public const string UserCode = "user_code"; public static class TokenTypeIdentifiers
{
public const string AccessToken = "urn:ietf:params:oauth:token-type:access_token";
public const string GenericJsonWebToken = "urn:ietf:params:oauth:token-type:jwt";
public const string GenericSaml1Assertion = "urn:ietf:params:oauth:token-type:saml1";
public const string GenericSaml2Assertion = "urn:ietf:params:oauth:token-type:saml2";
public const string IdentityToken = "urn:ietf:params:oauth:token-type:id_token";
public const string RefreshToken = "urn:ietf:params:oauth:token-type:refresh_token";
public static class Private public static class Private
{ {
public const string RequestToken = "request_token"; public const string AuthorizationCode = "urn:openiddict:params:oauth:token-type:authorization_code";
public const string ClientAssertion = "urn:openiddict:params:oauth:token-type:client_assertion";
public const string DeviceCode = "urn:openiddict:params:oauth:token-type:device_code";
public const string RequestToken = "urn:openiddict:params:oauth:token-type:request_token";
public const string StateToken = "urn:openiddict:params:oauth:token-type:state_token";
public const string UserCode = "urn:openiddict:params:oauth:token-type:user_code";
public const string UserInfoToken = "urn:openiddict:params:oauth:token-type:userinfo_token";
} }
} }
public static class TokenTypes public static class TokenTypes
{ {
public const string Bearer = "Bearer"; public const string Bearer = "Bearer";
public const string NotApplicable = "N_A";
} }
} }

16
src/OpenIddict.Client.DataProtection/OpenIddictClientDataProtectionHandlers.Protection.cs
View File

@ -92,10 +92,10 @@ public static partial class OpenIddictClientDataProtectionHandlers
var principal = context.ValidTokenTypes.Count switch var principal = context.ValidTokenTypes.Count switch
{ {
// If no valid token type was set, all supported token types are allowed. // If no valid token type was set, all supported token types are allowed.
0 => ValidateToken(TokenTypeHints.StateToken), 0 => ValidateToken(TokenTypeIdentifiers.Private.StateToken),
_ when context.ValidTokenTypes.Contains(TokenTypeHints.StateToken) _ when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.StateToken)
=> ValidateToken(TokenTypeHints.StateToken), => ValidateToken(TokenTypeIdentifiers.Private.StateToken),
// The token type is not supported by the Data Protection integration (e.g client assertions). // The token type is not supported by the Data Protection integration (e.g client assertions).
_ => null _ => null
@ -125,9 +125,9 @@ public static partial class OpenIddictClientDataProtectionHandlers
var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector( var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector(
(type, context.IsReferenceToken) switch (type, context.IsReferenceToken) switch
{ {
(TokenTypeHints.StateToken, true) (TokenTypeIdentifiers.Private.StateToken, true)
=> [Handlers.Client, Formats.StateToken, Features.ReferenceTokens, Schemes.Server], => [Handlers.Client, Formats.StateToken, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.StateToken, false) (TokenTypeIdentifiers.Private.StateToken, false)
=> [Handlers.Client, Formats.StateToken, Schemes.Server], => [Handlers.Client, Formats.StateToken, Schemes.Server],
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) _ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003))
@ -190,7 +190,7 @@ public static partial class OpenIddictClientDataProtectionHandlers
context.TokenFormat = context.TokenType switch context.TokenFormat = context.TokenType switch
{ {
TokenTypeHints.StateToken when !_options.CurrentValue.PreferDefaultStateTokenFormat TokenTypeIdentifiers.Private.StateToken when !_options.CurrentValue.PreferDefaultStateTokenFormat
=> TokenFormats.Private.DataProtection, => TokenFormats.Private.DataProtection,
_ => context.TokenFormat // Don't override the format if the token type is not supported. _ => context.TokenFormat // Don't override the format if the token type is not supported.
@ -241,9 +241,9 @@ public static partial class OpenIddictClientDataProtectionHandlers
var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector( var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector(
(context.TokenType, context.IsReferenceToken) switch (context.TokenType, context.IsReferenceToken) switch
{ {
(TokenTypeHints.StateToken, true) (TokenTypeIdentifiers.Private.StateToken, true)
=> [Handlers.Client, Formats.StateToken, Features.ReferenceTokens, Schemes.Server], => [Handlers.Client, Formats.StateToken, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.StateToken, false) (TokenTypeIdentifiers.Private.StateToken, false)
=> [Handlers.Client, Formats.StateToken, Schemes.Server], => [Handlers.Client, Formats.StateToken, Schemes.Server],
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) _ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003))

4
src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Exchange.cs
View File

@ -363,8 +363,8 @@ public static partial class OpenIddictClientWebIntegrationHandlers
// Note: Alibaba Cloud and Exact Online returns a non-standard "expires_in" // Note: Alibaba Cloud and Exact Online returns a non-standard "expires_in"
// parameter formatted as a string instead of a numeric type. // parameter formatted as a string instead of a numeric type.
if (context.Registration.ProviderType is ProviderTypes.AlibabaCloud or ProviderTypes.ExactOnline && if (context.Registration.ProviderType is ProviderTypes.AlibabaCloud or ProviderTypes.ExactOnline &&
long.TryParse((string?) context.Response[Parameters.ExpiresIn], long.TryParse((string?) context.Response[Parameters.ExpiresIn],
NumberStyles.Integer, CultureInfo.InvariantCulture, out long value)) NumberStyles.Integer, CultureInfo.InvariantCulture, out long value))
{ {
context.Response.ExpiresIn = value; context.Response.ExpiresIn = value;
} }

7
src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
View File

@ -1878,9 +1878,10 @@ public static partial class OpenIddictClientWebIntegrationHandlers
// By default, Alibaba Cloud doesn't return a refresh token for native applications but allows sending an // By default, Alibaba Cloud doesn't return a refresh token for native applications but allows sending an
// "access_type" parameter to retrieve one (but it is only returned during the first authorization dance). // "access_type" parameter to retrieve one (but it is only returned during the first authorization dance).
// The documentation also indicates the "prompt" parameter is supported but not required, //
// which can be set to "admin_consent" to force the display of the authorization page // The documentation also indicates the "prompt" parameter is supported but not required
if (context.Registration.ProviderType is ProviderTypes.AlibabaCloud) // and can be set to "admin_consent" to force the display of the authorization page.
else if (context.Registration.ProviderType is ProviderTypes.AlibabaCloud)
{ {
var settings = context.Registration.GetAlibabaCloudSettings(); var settings = context.Registration.GetAlibabaCloudSettings();

19
src/OpenIddict.Client/OpenIddictClientEvents.Protection.cs
View File

@ -53,19 +53,32 @@ public static partial class OpenIddictClientEvents
public bool PersistTokenPayload { get; set; } public bool PersistTokenPayload { get; set; }
/// <summary> /// <summary>
/// Gets or sets the security principal used to create the token. /// Gets or sets the security principal that will be derived to create the token.
/// </summary> /// </summary>
public ClaimsPrincipal Principal { get; set; } = default!; public ClaimsPrincipal Principal { get; set; } = default!;
/// <summary> /// <summary>
/// Gets or sets the encryption credentials used to encrypt the token. /// Gets or sets the encryption credentials used to encrypt the token.
/// </summary> /// </summary>
public EncryptingCredentials? EncryptionCredentials { get; set; } public EncryptingCredentials? EncryptionCredentials
{
get => SecurityTokenDescriptor.EncryptingCredentials;
set => SecurityTokenDescriptor.EncryptingCredentials = value;
}
/// <summary> /// <summary>
/// Gets or sets the signing credentials used to sign the token. /// Gets or sets the signing credentials used to sign the token.
/// </summary> /// </summary>
public SigningCredentials? SigningCredentials { get; set; } public SigningCredentials? SigningCredentials
{
get => SecurityTokenDescriptor.SigningCredentials;
set => SecurityTokenDescriptor.SigningCredentials = value;
}
/// <summary>
/// Gets the security token descriptor used to create the token.
/// </summary>
public SecurityTokenDescriptor SecurityTokenDescriptor { get; } = new();
/// <summary> /// <summary>
/// Gets or sets the security token handler used to serialize the security principal. /// Gets or sets the security token handler used to serialize the security principal.

2
src/OpenIddict.Client/OpenIddictClientHandlerFilters.cs
View File

@ -316,7 +316,7 @@ public static class OpenIddictClientHandlerFilters
throw new ArgumentNullException(nameof(context)); throw new ArgumentNullException(nameof(context));
} }
return new(context.TokenFormat is TokenFormats.Jwt); return new(context.TokenFormat is TokenFormats.Private.JsonWebToken);
} }
} }

35
src/OpenIddict.Client/OpenIddictClientHandlers.Introspection.cs
View File

@ -339,24 +339,27 @@ public static partial class OpenIddictClientHandlers
// In this handler, the "token_usage" is verified to ensure it corresponds to a supported // In this handler, the "token_usage" is verified to ensure it corresponds to a supported
// value so that the component that triggered the introspection request can determine // value so that the component that triggered the introspection request can determine
// whether the returned token has an acceptable type depending on the context. // whether the returned token has an acceptable type depending on the context.
var usage = (string?) context.Response[Claims.TokenUsage]; switch ((string?) context.Response[Claims.TokenUsage])
if (string.IsNullOrEmpty(usage))
{ {
return default; case null or { Length: 0 }: return default;
}
// Note: by default, OpenIddict only allows access/refresh tokens to be
// Note: by default, OpenIddict only allows access/refresh tokens to be // introspected but additional types can be added using the events model.
// introspected but additional types can be added using the events model. case "access_token":
if (usage is not (TokenTypeHints.AccessToken or TokenTypeHints.AuthorizationCode or case "authorization_code":
TokenTypeHints.DeviceCode or TokenTypeHints.IdToken or case "device_code":
TokenTypeHints.RefreshToken or TokenTypeHints.UserCode)) case "id_token":
{ case "refresh_token":
context.Reject( case "user_code":
error: Errors.ServerError, break;
description: SR.GetResourceString(SR.ID2118),
uri: SR.FormatID8000(SR.ID2118)); default:
context.Reject(
error: Errors.ServerError,
description: SR.GetResourceString(SR.ID2118),
uri: SR.FormatID8000(SR.ID2118));
return default; return default;
} }
return default; return default;

150
src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs
View File

@ -39,6 +39,8 @@ public static partial class OpenIddictClientHandlers
*/ */
AttachSecurityCredentials.Descriptor, AttachSecurityCredentials.Descriptor,
CreateTokenEntry.Descriptor, CreateTokenEntry.Descriptor,
AttachTokenSubject.Descriptor,
AttachTokenMetadata.Descriptor,
GenerateIdentityModelToken.Descriptor, GenerateIdentityModelToken.Descriptor,
AttachTokenPayload.Descriptor AttachTokenPayload.Descriptor
]; ];
@ -76,7 +78,7 @@ public static partial class OpenIddictClientHandlers
// //
// See https://datatracker.ietf.org/doc/html/draft-bradley-oauth-jwt-encoded-state-09#section-4.3 // See https://datatracker.ietf.org/doc/html/draft-bradley-oauth-jwt-encoded-state-09#section-4.3
// for more information. // for more information.
if (context.ValidTokenTypes.Count > 1 && context.ValidTokenTypes.Contains(TokenTypeHints.StateToken)) if (context.ValidTokenTypes.Count > 1 && context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.StateToken))
{ {
throw new InvalidOperationException(SR.GetResourceString(SR.ID0308)); throw new InvalidOperationException(SR.GetResourceString(SR.ID0308));
} }
@ -84,7 +86,7 @@ public static partial class OpenIddictClientHandlers
var parameters = context.ValidTokenTypes.Count switch var parameters = context.ValidTokenTypes.Count switch
{ {
// When only state tokens are considered valid, use the token validation parameters of the client. // When only state tokens are considered valid, use the token validation parameters of the client.
1 when context.ValidTokenTypes.Contains(TokenTypeHints.StateToken) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.StateToken)
=> GetClientTokenValidationParameters(), => GetClientTokenValidationParameters(),
// Otherwise, use the token validation parameters of the authorization server. // Otherwise, use the token validation parameters of the authorization server.
@ -265,7 +267,7 @@ public static partial class OpenIddictClientHandlers
// Note: reference tokens are only used for state tokens. // Note: reference tokens are only used for state tokens.
if (context.ValidTokenTypes.Count is not 1 || if (context.ValidTokenTypes.Count is not 1 ||
!context.ValidTokenTypes.Contains(TokenTypeHints.StateToken)) !context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.StateToken))
{ {
return; return;
} }
@ -344,7 +346,7 @@ public static partial class OpenIddictClientHandlers
} }
// If a specific token format is expected, return immediately if it doesn't match the expected value. // If a specific token format is expected, return immediately if it doesn't match the expected value.
if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Jwt) if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.JsonWebToken)
{ {
return; return;
} }
@ -437,7 +439,7 @@ public static partial class OpenIddictClientHandlers
}); });
} }
if (context.ValidTokenTypes.Contains(TokenTypeHints.StateToken)) if (context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.StateToken))
{ {
// Attach the principal extracted from the token to the parent event context and store // Attach the principal extracted from the token to the parent event context and store
// the token type (resolved from "typ" or "token_usage") as a special private claim. // the token type (resolved from "typ" or "token_usage") as a special private claim.
@ -445,9 +447,9 @@ public static partial class OpenIddictClientHandlers
{ {
null or { Length: 0 } => throw new InvalidOperationException(SR.GetResourceString(SR.ID0025)), null or { Length: 0 } => throw new InvalidOperationException(SR.GetResourceString(SR.ID0025)),
JsonWebTokenTypes.Private.StateToken => TokenTypeHints.StateToken, JsonWebTokenTypes.Private.StateToken => TokenTypeIdentifiers.Private.StateToken,
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) string value => value
}); });
} }
@ -496,7 +498,7 @@ public static partial class OpenIddictClientHandlers
} }
// Note: only map the private claims from fully trusted tokens. // Note: only map the private claims from fully trusted tokens.
if (context.Principal is null || !context.Principal.HasTokenType(TokenTypeHints.StateToken)) if (context.Principal is null || !context.Principal.HasTokenType(TokenTypeIdentifiers.Private.StateToken))
{ {
return default; return default;
} }
@ -567,7 +569,7 @@ public static partial class OpenIddictClientHandlers
// Note: token entries are only used for state tokens. // Note: token entries are only used for state tokens.
if (context.ValidTokenTypes.Count is not 1 || if (context.ValidTokenTypes.Count is not 1 ||
!context.ValidTokenTypes.Contains(TokenTypeHints.StateToken)) !context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.StateToken))
{ {
return; return;
} }
@ -743,13 +745,13 @@ public static partial class OpenIddictClientHandlers
error: Errors.InvalidToken, error: Errors.InvalidToken,
description: context.Principal.GetTokenType() switch description: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.StateToken => SR.GetResourceString(SR.ID2139), TokenTypeIdentifiers.Private.StateToken => SR.GetResourceString(SR.ID2139),
_ => SR.GetResourceString(SR.ID2013) _ => SR.GetResourceString(SR.ID2013)
}, },
uri: context.Principal.GetTokenType() switch uri: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.StateToken => SR.FormatID8000(SR.ID2139), TokenTypeIdentifiers.Private.StateToken => SR.FormatID8000(SR.ID2139),
_ => SR.FormatID8000(SR.ID2013) _ => SR.FormatID8000(SR.ID2013)
}); });
@ -800,7 +802,7 @@ public static partial class OpenIddictClientHandlers
{ {
// For client assertions, use the encryption credentials // For client assertions, use the encryption credentials
// configured for the client registration, if available. // configured for the client registration, if available.
TokenTypeHints.ClientAssertion TokenTypeIdentifiers.Private.ClientAssertion
=> context.Registration.EncryptionCredentials.FirstOrDefault(), => context.Registration.EncryptionCredentials.FirstOrDefault(),
// For other types of tokens, use the global encryption credentials. // For other types of tokens, use the global encryption credentials.
@ -810,7 +812,7 @@ public static partial class OpenIddictClientHandlers
context.SigningCredentials = context.TokenType switch context.SigningCredentials = context.TokenType switch
{ {
// For client assertions, use the signing credentials configured for the client registration. // For client assertions, use the signing credentials configured for the client registration.
TokenTypeHints.ClientAssertion TokenTypeIdentifiers.Private.ClientAssertion
=> context.Registration.SigningCredentials.First(), => context.Registration.SigningCredentials.First(),
// For other types of tokens, use the global signing credentials. // For other types of tokens, use the global signing credentials.
@ -880,17 +882,16 @@ public static partial class OpenIddictClientHandlers
} }
/// <summary> /// <summary>
/// Contains the logic responsible for generating a token using IdentityModel. /// Contains the logic responsible for attaching the subject to the security token descriptor.
/// </summary> /// </summary>
public sealed class GenerateIdentityModelToken : IOpenIddictClientHandler<GenerateTokenContext> public sealed class AttachTokenSubject : IOpenIddictClientHandler<GenerateTokenContext>
{ {
/// <summary> /// <summary>
/// Gets the default descriptor definition assigned to this handler. /// Gets the default descriptor definition assigned to this handler.
/// </summary> /// </summary>
public static OpenIddictClientHandlerDescriptor Descriptor { get; } public static OpenIddictClientHandlerDescriptor Descriptor { get; }
= OpenIddictClientHandlerDescriptor.CreateBuilder<GenerateTokenContext>() = OpenIddictClientHandlerDescriptor.CreateBuilder<GenerateTokenContext>()
.AddFilter<RequireJsonWebTokenFormat>() .UseSingletonHandler<AttachTokenSubject>()
.UseSingletonHandler<GenerateIdentityModelToken>()
.SetOrder(CreateTokenEntry.Descriptor.Order + 1_000) .SetOrder(CreateTokenEntry.Descriptor.Order + 1_000)
.SetType(OpenIddictClientHandlerType.BuiltIn) .SetType(OpenIddictClientHandlerType.BuiltIn)
.Build(); .Build();
@ -903,36 +904,62 @@ public static partial class OpenIddictClientHandlers
throw new ArgumentNullException(nameof(context)); throw new ArgumentNullException(nameof(context));
} }
// If a token was already attached by another handler, don't overwrite it. if (context.Principal is not { Identity: ClaimsIdentity } principal)
if (!string.IsNullOrEmpty(context.Token))
{
return default;
}
if (context.Principal is not { Identity: ClaimsIdentity })
{ {
throw new InvalidOperationException(SR.GetResourceString(SR.ID0022)); throw new InvalidOperationException(SR.GetResourceString(SR.ID0022));
} }
// Clone the principal and exclude the private claims mapped to standard JWT claims. // Clone the principal and exclude the private claims mapped to standard JWT claims.
var principal = context.Principal.Clone(claim => claim.Type switch principal = context.Principal.Clone(claim => claim.Type switch
{ {
Claims.Private.CreationDate or Claims.Private.ExpirationDate or Claims.Private.CreationDate or Claims.Private.ExpirationDate or
Claims.Private.Issuer or Claims.Private.TokenType => false, Claims.Private.Issuer or Claims.Private.TokenType => false,
Claims.Private.Audience when context.TokenType is Claims.Private.Audience when context.TokenType is
TokenTypeHints.ClientAssertion or TokenTypeHints.StateToken => false, TokenTypeIdentifiers.Private.ClientAssertion or
TokenTypeIdentifiers.Private.StateToken => false,
_ => true _ => true
}); });
Debug.Assert(principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006)); Debug.Assert(principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
var claims = new Dictionary<string, object>(StringComparer.Ordinal); context.SecurityTokenDescriptor.Subject = (ClaimsIdentity) principal.Identity;
return default;
}
}
/// <summary>
/// Contains the logic responsible for attaching metadata claims to the security token descriptor, if necessary.
/// </summary>
public sealed class AttachTokenMetadata : IOpenIddictClientHandler<GenerateTokenContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictClientHandlerDescriptor Descriptor { get; }
= OpenIddictClientHandlerDescriptor.CreateBuilder<GenerateTokenContext>()
.UseSingletonHandler<AttachTokenMetadata>()
.SetOrder(AttachTokenSubject.Descriptor.Order + 1_000)
.SetType(OpenIddictClientHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(GenerateTokenContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
var claims = context.SecurityTokenDescriptor.Claims is not null ?
new Dictionary<string, object>(context.SecurityTokenDescriptor.Claims, StringComparer.Ordinal) :
new Dictionary<string, object>(StringComparer.Ordinal);
// For client assertions, set the public audience claims // For client assertions, set the public audience claims
// using the private audience claims from the security principal. // using the private audience claims from the security principal.
if (context.TokenType is TokenTypeHints.ClientAssertion) if (context.TokenType is TokenTypeIdentifiers.Private.ClientAssertion)
{ {
var audiences = context.Principal.GetAudiences(); var audiences = context.Principal.GetAudiences();
if (audiences.Any()) if (audiences.Any())
@ -945,32 +972,61 @@ public static partial class OpenIddictClientHandlers
} }
} }
var descriptor = new SecurityTokenDescriptor context.SecurityTokenDescriptor.Claims = claims;
context.SecurityTokenDescriptor.Expires = context.Principal.GetExpirationDate()?.UtcDateTime;
context.SecurityTokenDescriptor.IssuedAt = context.Principal.GetCreationDate()?.UtcDateTime;
context.SecurityTokenDescriptor.Issuer = context.Principal.GetClaim(Claims.Private.Issuer);
context.SecurityTokenDescriptor.TokenType = context.TokenType switch
{ {
Claims = claims, null or { Length: 0 } => throw new InvalidOperationException(SR.GetResourceString(SR.ID0025)),
EncryptingCredentials = context.EncryptionCredentials,
Expires = context.Principal.GetExpirationDate()?.UtcDateTime,
IssuedAt = context.Principal.GetCreationDate()?.UtcDateTime,
Issuer = context.Principal.GetClaim(Claims.Private.Issuer),
SigningCredentials = context.SigningCredentials,
Subject = (ClaimsIdentity) principal.Identity,
TokenType = context.TokenType switch
{
null or { Length: 0 } => throw new InvalidOperationException(SR.GetResourceString(SR.ID0025)),
// For client assertions, use the generic "JWT" type. // For client assertions, use the generic "JWT" type.
TokenTypeHints.ClientAssertion => JsonWebTokenTypes.Jwt, TokenTypeIdentifiers.Private.ClientAssertion => JsonWebTokenTypes.Jwt,
// For state tokens, use its private representation. // For state tokens, use its private representation.
TokenTypeHints.StateToken => JsonWebTokenTypes.Private.StateToken, TokenTypeIdentifiers.Private.StateToken => JsonWebTokenTypes.Private.StateToken,
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) string value => value
}
}; };
context.Token = context.SecurityTokenHandler.CreateToken(descriptor); return default;
}
}
/// <summary>
/// Contains the logic responsible for generating a token using IdentityModel.
/// </summary>
public sealed class GenerateIdentityModelToken : IOpenIddictClientHandler<GenerateTokenContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictClientHandlerDescriptor Descriptor { get; }
= OpenIddictClientHandlerDescriptor.CreateBuilder<GenerateTokenContext>()
.AddFilter<RequireJsonWebTokenFormat>()
.UseSingletonHandler<GenerateIdentityModelToken>()
.SetOrder(AttachTokenMetadata.Descriptor.Order + 1_000)
.SetType(OpenIddictClientHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(GenerateTokenContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
// If a token was already attached by another handler, don't overwrite it.
if (!string.IsNullOrEmpty(context.Token))
{
return default;
}
context.Token = context.SecurityTokenHandler.CreateToken(context.SecurityTokenDescriptor);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6013), context.TokenType, context.Token, principal.Claims); context.Logger.LogTrace(SR.GetResourceString(SR.ID6013), context.TokenType,
context.Token, context.SecurityTokenDescriptor.Subject?.Claims ?? []);
return default; return default;
} }

58
src/OpenIddict.Client/OpenIddictClientHandlers.cs
View File

@ -684,7 +684,7 @@ public static partial class OpenIddictClientHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.StateToken, Token = context.StateToken,
ValidTokenTypes = { TokenTypeHints.StateToken } ValidTokenTypes = { TokenTypeIdentifiers.Private.StateToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -1626,7 +1626,7 @@ public static partial class OpenIddictClientHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.FrontchannelIdentityToken, Token = context.FrontchannelIdentityToken,
ValidTokenTypes = { TokenTypeHints.IdToken } ValidTokenTypes = { TokenTypeIdentifiers.IdentityToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -2146,7 +2146,7 @@ public static partial class OpenIddictClientHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.FrontchannelAccessToken, Token = context.FrontchannelAccessToken,
ValidTokenTypes = { TokenTypeHints.AccessToken } ValidTokenTypes = { TokenTypeIdentifiers.AccessToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -2220,7 +2220,7 @@ public static partial class OpenIddictClientHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.AuthorizationCode, Token = context.AuthorizationCode,
ValidTokenTypes = { TokenTypeHints.AuthorizationCode } ValidTokenTypes = { TokenTypeIdentifiers.Private.AuthorizationCode }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -2455,7 +2455,7 @@ public static partial class OpenIddictClientHandlers
GrantTypes.Implicit => GrantTypes.AuthorizationCode, GrantTypes.Implicit => GrantTypes.AuthorizationCode,
// For other values, don't do any mapping. // For other values, don't do any mapping.
string type => type string value => value
}; };
if (context.Scopes.Count > 0 && if (context.Scopes.Count > 0 &&
@ -2657,8 +2657,8 @@ public static partial class OpenIddictClientHandlers
IsReferenceToken = false, IsReferenceToken = false,
PersistTokenPayload = false, PersistTokenPayload = false,
Principal = context.ClientAssertionPrincipal!, Principal = context.ClientAssertionPrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.ClientAssertion TokenType = TokenTypeIdentifiers.Private.ClientAssertion
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -2687,8 +2687,8 @@ public static partial class OpenIddictClientHandlers
context.ClientAssertion = notification.Token; context.ClientAssertion = notification.Token;
context.ClientAssertionType = notification.TokenFormat switch context.ClientAssertionType = notification.TokenFormat switch
{ {
TokenFormats.Jwt => ClientAssertionTypes.JwtBearer, TokenFormats.Private.JsonWebToken => ClientAssertionTypes.JwtBearer,
TokenFormats.Saml2 => ClientAssertionTypes.Saml2Bearer, TokenFormats.Private.Saml2 => ClientAssertionTypes.Saml2Bearer,
_ => null _ => null
}; };
@ -3062,7 +3062,7 @@ public static partial class OpenIddictClientHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.BackchannelIdentityToken, Token = context.BackchannelIdentityToken,
ValidTokenTypes = { TokenTypeHints.IdToken } ValidTokenTypes = { TokenTypeIdentifiers.IdentityToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -3546,7 +3546,7 @@ public static partial class OpenIddictClientHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.BackchannelAccessToken, Token = context.BackchannelAccessToken,
ValidTokenTypes = { TokenTypeHints.AccessToken } ValidTokenTypes = { TokenTypeIdentifiers.AccessToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -3620,7 +3620,7 @@ public static partial class OpenIddictClientHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.RefreshToken, Token = context.RefreshToken,
ValidTokenTypes = { TokenTypeHints.RefreshToken } ValidTokenTypes = { TokenTypeIdentifiers.RefreshToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -4047,7 +4047,7 @@ public static partial class OpenIddictClientHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.UserInfoToken, Token = context.UserInfoToken,
ValidTokenTypes = { TokenTypeHints.UserInfoToken } ValidTokenTypes = { TokenTypeIdentifiers.Private.UserInfoToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -5433,8 +5433,8 @@ public static partial class OpenIddictClientHandlers
IsReferenceToken = !context.Options.DisableTokenStorage, IsReferenceToken = !context.Options.DisableTokenStorage,
PersistTokenPayload = !context.Options.DisableTokenStorage, PersistTokenPayload = !context.Options.DisableTokenStorage,
Principal = context.StateTokenPrincipal!, Principal = context.StateTokenPrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.StateToken TokenType = TokenTypeIdentifiers.Private.StateToken
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -6078,8 +6078,8 @@ public static partial class OpenIddictClientHandlers
IsReferenceToken = false, IsReferenceToken = false,
PersistTokenPayload = false, PersistTokenPayload = false,
Principal = context.ClientAssertionPrincipal!, Principal = context.ClientAssertionPrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.ClientAssertion TokenType = TokenTypeIdentifiers.Private.ClientAssertion
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -6108,8 +6108,8 @@ public static partial class OpenIddictClientHandlers
context.ClientAssertion = notification.Token; context.ClientAssertion = notification.Token;
context.ClientAssertionType = notification.TokenFormat switch context.ClientAssertionType = notification.TokenFormat switch
{ {
TokenFormats.Jwt => ClientAssertionTypes.JwtBearer, TokenFormats.Private.JsonWebToken => ClientAssertionTypes.JwtBearer,
TokenFormats.Saml2 => ClientAssertionTypes.Saml2Bearer, TokenFormats.Private.Saml2 => ClientAssertionTypes.Saml2Bearer,
_ => null _ => null
}; };
@ -7145,8 +7145,8 @@ public static partial class OpenIddictClientHandlers
IsReferenceToken = false, IsReferenceToken = false,
PersistTokenPayload = false, PersistTokenPayload = false,
Principal = context.ClientAssertionPrincipal!, Principal = context.ClientAssertionPrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.ClientAssertion TokenType = TokenTypeIdentifiers.Private.ClientAssertion
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -7175,8 +7175,8 @@ public static partial class OpenIddictClientHandlers
context.ClientAssertion = notification.Token; context.ClientAssertion = notification.Token;
context.ClientAssertionType = notification.TokenFormat switch context.ClientAssertionType = notification.TokenFormat switch
{ {
TokenFormats.Jwt => ClientAssertionTypes.JwtBearer, TokenFormats.Private.JsonWebToken => ClientAssertionTypes.JwtBearer,
TokenFormats.Saml2 => ClientAssertionTypes.Saml2Bearer, TokenFormats.Private.Saml2 => ClientAssertionTypes.Saml2Bearer,
_ => null _ => null
}; };
@ -7816,8 +7816,8 @@ public static partial class OpenIddictClientHandlers
IsReferenceToken = false, IsReferenceToken = false,
PersistTokenPayload = false, PersistTokenPayload = false,
Principal = context.ClientAssertionPrincipal!, Principal = context.ClientAssertionPrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.ClientAssertion TokenType = TokenTypeIdentifiers.Private.ClientAssertion
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -7846,8 +7846,8 @@ public static partial class OpenIddictClientHandlers
context.ClientAssertion = notification.Token; context.ClientAssertion = notification.Token;
context.ClientAssertionType = notification.TokenFormat switch context.ClientAssertionType = notification.TokenFormat switch
{ {
TokenFormats.Jwt => ClientAssertionTypes.JwtBearer, TokenFormats.Private.JsonWebToken => ClientAssertionTypes.JwtBearer,
TokenFormats.Saml2 => ClientAssertionTypes.Saml2Bearer, TokenFormats.Private.Saml2 => ClientAssertionTypes.Saml2Bearer,
_ => null _ => null
}; };
@ -8489,8 +8489,8 @@ public static partial class OpenIddictClientHandlers
IsReferenceToken = !context.Options.DisableTokenStorage, IsReferenceToken = !context.Options.DisableTokenStorage,
PersistTokenPayload = !context.Options.DisableTokenStorage, PersistTokenPayload = !context.Options.DisableTokenStorage,
Principal = context.StateTokenPrincipal!, Principal = context.StateTokenPrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.StateToken TokenType = TokenTypeIdentifiers.Private.StateToken
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);

6
src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
View File

@ -661,7 +661,7 @@ public class OpenIddictAuthorizationManager<TAuthorization> : IOpenIddictAuthori
throw new ArgumentNullException(nameof(authorization)); throw new ArgumentNullException(nameof(authorization));
} }
return (await Store.GetScopesAsync(authorization, cancellationToken)) return (await GetScopesAsync(authorization, cancellationToken))
.ToHashSet(StringComparer.Ordinal) .ToHashSet(StringComparer.Ordinal)
.IsSupersetOf(scopes); .IsSupersetOf(scopes);
} }
@ -686,7 +686,7 @@ public class OpenIddictAuthorizationManager<TAuthorization> : IOpenIddictAuthori
throw new ArgumentException(SR.GetResourceString(SR.ID0199), nameof(status)); throw new ArgumentException(SR.GetResourceString(SR.ID0199), nameof(status));
} }
return string.Equals(await Store.GetStatusAsync(authorization, cancellationToken), status, StringComparison.OrdinalIgnoreCase); return string.Equals(await GetStatusAsync(authorization, cancellationToken), status, StringComparison.OrdinalIgnoreCase);
} }
/// <summary> /// <summary>
@ -709,7 +709,7 @@ public class OpenIddictAuthorizationManager<TAuthorization> : IOpenIddictAuthori
throw new ArgumentException(SR.GetResourceString(SR.ID0200), nameof(type)); throw new ArgumentException(SR.GetResourceString(SR.ID0200), nameof(type));
} }
return string.Equals(await Store.GetTypeAsync(authorization, cancellationToken), type, StringComparison.OrdinalIgnoreCase); return string.Equals(await GetTypeAsync(authorization, cancellationToken), type, StringComparison.OrdinalIgnoreCase);
} }
/// <summary> /// <summary>

25
src/OpenIddict.Core/Managers/OpenIddictTokenManager.cs
View File

@ -719,14 +719,29 @@ public class OpenIddictTokenManager<TToken> : IOpenIddictTokenManager where TTok
/// A <see cref="ValueTask{TResult}"/> that can be used to monitor the asynchronous operation, /// A <see cref="ValueTask{TResult}"/> that can be used to monitor the asynchronous operation,
/// whose result returns the token type associated with the specified token. /// whose result returns the token type associated with the specified token.
/// </returns> /// </returns>
public virtual ValueTask<string?> GetTypeAsync(TToken token, CancellationToken cancellationToken = default) public virtual async ValueTask<string?> GetTypeAsync(TToken token, CancellationToken cancellationToken = default)
{ {
if (token is null) if (token is null)
{ {
throw new ArgumentNullException(nameof(token)); throw new ArgumentNullException(nameof(token));
} }
return Store.GetTypeAsync(token, cancellationToken); return await Store.GetTypeAsync(token, cancellationToken) switch
{
null or { Length: 0 } => null,
"access_token" => TokenTypeIdentifiers.AccessToken,
"authorization_code" => TokenTypeIdentifiers.Private.AuthorizationCode,
"client_assertion" => TokenTypeIdentifiers.Private.ClientAssertion,
"device_code" => TokenTypeIdentifiers.Private.DeviceCode,
"id_token" => TokenTypeIdentifiers.IdentityToken,
"refresh_token" => TokenTypeIdentifiers.RefreshToken,
"state_token" => TokenTypeIdentifiers.Private.StateToken,
"user_code" => TokenTypeIdentifiers.Private.UserCode,
"userinfo_token" => TokenTypeIdentifiers.Private.UserInfoToken,
string value => value
};
} }
/// <summary> /// <summary>
@ -748,7 +763,7 @@ public class OpenIddictTokenManager<TToken> : IOpenIddictTokenManager where TTok
throw new ArgumentException(SR.GetResourceString(SR.ID0199), nameof(status)); throw new ArgumentException(SR.GetResourceString(SR.ID0199), nameof(status));
} }
return string.Equals(await Store.GetStatusAsync(token, cancellationToken), status, StringComparison.OrdinalIgnoreCase); return string.Equals(await GetStatusAsync(token, cancellationToken), status, StringComparison.OrdinalIgnoreCase);
} }
/// <summary> /// <summary>
@ -770,7 +785,7 @@ public class OpenIddictTokenManager<TToken> : IOpenIddictTokenManager where TTok
throw new ArgumentException(SR.GetResourceString(SR.ID0200), nameof(type)); throw new ArgumentException(SR.GetResourceString(SR.ID0200), nameof(type));
} }
return string.Equals(await Store.GetTypeAsync(token, cancellationToken), type, StringComparison.OrdinalIgnoreCase); return string.Equals(await GetTypeAsync(token, cancellationToken), type, StringComparison.OrdinalIgnoreCase);
} }
/// <summary> /// <summary>
@ -787,7 +802,7 @@ public class OpenIddictTokenManager<TToken> : IOpenIddictTokenManager where TTok
throw new ArgumentNullException(nameof(token)); throw new ArgumentNullException(nameof(token));
} }
var type = await Store.GetTypeAsync(token, cancellationToken); var type = await GetTypeAsync(token, cancellationToken);
if (string.IsNullOrEmpty(type)) if (string.IsNullOrEmpty(type))
{ {
return false; return false;

159
src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs
View File

@ -109,65 +109,32 @@ public static partial class OpenIddictServerDataProtectionHandlers
// In this case, common types (e.g access/refresh tokens) are checked first. // In this case, common types (e.g access/refresh tokens) are checked first.
0 => context.TokenTypeHint switch 0 => context.TokenTypeHint switch
{ {
TokenTypeHints.AuthorizationCode =>
ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(TokenTypeHints.UserCode) ??
ValidateToken(TokenTypeHints.Private.RequestToken),
TokenTypeHints.DeviceCode =>
ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(TokenTypeHints.UserCode) ??
ValidateToken(TokenTypeHints.Private.RequestToken),
TokenTypeHints.RefreshToken => TokenTypeHints.RefreshToken =>
ValidateToken(TokenTypeHints.RefreshToken) ?? ValidateToken(TokenTypeIdentifiers.RefreshToken) ??
ValidateToken(TokenTypeHints.AccessToken) ?? ValidateToken(TokenTypeIdentifiers.AccessToken) ??
ValidateToken(TokenTypeHints.AuthorizationCode) ?? ValidateToken(TokenTypeIdentifiers.Private.AuthorizationCode) ??
ValidateToken(TokenTypeHints.DeviceCode) ?? ValidateToken(TokenTypeIdentifiers.Private.DeviceCode) ??
ValidateToken(TokenTypeHints.UserCode) ?? ValidateToken(TokenTypeIdentifiers.Private.UserCode) ??
ValidateToken(TokenTypeHints.Private.RequestToken), ValidateToken(TokenTypeIdentifiers.Private.RequestToken),
TokenTypeHints.UserCode => TokenTypeHints.AccessToken or _ =>
ValidateToken(TokenTypeHints.UserCode) ?? ValidateToken(TokenTypeIdentifiers.AccessToken) ??
ValidateToken(TokenTypeHints.AccessToken) ?? ValidateToken(TokenTypeIdentifiers.RefreshToken) ??
ValidateToken(TokenTypeHints.RefreshToken) ?? ValidateToken(TokenTypeIdentifiers.Private.AuthorizationCode) ??
ValidateToken(TokenTypeHints.AuthorizationCode) ?? ValidateToken(TokenTypeIdentifiers.Private.DeviceCode) ??
ValidateToken(TokenTypeHints.DeviceCode) ?? ValidateToken(TokenTypeIdentifiers.Private.UserCode) ??
ValidateToken(TokenTypeHints.Private.RequestToken), ValidateToken(TokenTypeIdentifiers.Private.RequestToken),
TokenTypeHints.Private.RequestToken =>
ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(TokenTypeHints.UserCode) ??
ValidateToken(TokenTypeHints.Private.RequestToken),
_ =>
ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(TokenTypeHints.UserCode) ??
ValidateToken(TokenTypeHints.Private.RequestToken),
}, },
// If a single valid token type was set, ignore the specified token type hint. // If a single valid token type was set, ignore the specified token type hint.
1 => context.ValidTokenTypes.ElementAt(0) switch 1 => context.ValidTokenTypes.ElementAt(0) switch
{ {
TokenTypeHints.AccessToken => ValidateToken(TokenTypeHints.AccessToken), TokenTypeIdentifiers.AccessToken => ValidateToken(TokenTypeIdentifiers.AccessToken),
TokenTypeHints.RefreshToken => ValidateToken(TokenTypeHints.RefreshToken), TokenTypeIdentifiers.RefreshToken => ValidateToken(TokenTypeIdentifiers.RefreshToken),
TokenTypeHints.AuthorizationCode => ValidateToken(TokenTypeHints.AuthorizationCode), TokenTypeIdentifiers.Private.AuthorizationCode => ValidateToken(TokenTypeIdentifiers.Private.AuthorizationCode),
TokenTypeHints.DeviceCode => ValidateToken(TokenTypeHints.DeviceCode), TokenTypeIdentifiers.Private.DeviceCode => ValidateToken(TokenTypeIdentifiers.Private.DeviceCode),
TokenTypeHints.UserCode => ValidateToken(TokenTypeHints.UserCode), TokenTypeIdentifiers.Private.RequestToken => ValidateToken(TokenTypeIdentifiers.Private.RequestToken),
TokenTypeIdentifiers.Private.UserCode => ValidateToken(TokenTypeIdentifiers.Private.UserCode),
TokenTypeHints.Private.RequestToken => ValidateToken(TokenTypeHints.Private.RequestToken),
_ => null // The token type is not supported by the Data Protection integration (e.g identity tokens). _ => null // The token type is not supported by the Data Protection integration (e.g identity tokens).
}, },
@ -179,25 +146,23 @@ public static partial class OpenIddictServerDataProtectionHandlers
// If the token type hint corresponds to one of the valid types, test it first. // If the token type hint corresponds to one of the valid types, test it first.
string value when value == context.TokenTypeHint => 0, string value when value == context.TokenTypeHint => 0,
TokenTypeHints.AccessToken => 1, TokenTypeIdentifiers.AccessToken => 1,
TokenTypeHints.RefreshToken => 2, TokenTypeIdentifiers.RefreshToken => 2,
TokenTypeHints.AuthorizationCode => 3, TokenTypeIdentifiers.Private.AuthorizationCode => 3,
TokenTypeHints.DeviceCode => 4, TokenTypeIdentifiers.Private.DeviceCode => 4,
TokenTypeHints.UserCode => 5, TokenTypeIdentifiers.Private.UserCode => 5,
TokenTypeIdentifiers.Private.RequestToken => 6,
TokenTypeHints.Private.RequestToken => 6,
_ => int.MaxValue _ => int.MaxValue
}) })
.Select(type => type switch .Select(type => type switch
{ {
TokenTypeHints.AccessToken => ValidateToken(TokenTypeHints.AccessToken), TokenTypeIdentifiers.AccessToken => ValidateToken(TokenTypeIdentifiers.AccessToken),
TokenTypeHints.RefreshToken => ValidateToken(TokenTypeHints.RefreshToken), TokenTypeIdentifiers.RefreshToken => ValidateToken(TokenTypeIdentifiers.RefreshToken),
TokenTypeHints.AuthorizationCode => ValidateToken(TokenTypeHints.AuthorizationCode), TokenTypeIdentifiers.Private.AuthorizationCode => ValidateToken(TokenTypeIdentifiers.Private.AuthorizationCode),
TokenTypeHints.DeviceCode => ValidateToken(TokenTypeHints.DeviceCode), TokenTypeIdentifiers.Private.DeviceCode => ValidateToken(TokenTypeIdentifiers.Private.DeviceCode),
TokenTypeHints.UserCode => ValidateToken(TokenTypeHints.UserCode), TokenTypeIdentifiers.Private.UserCode => ValidateToken(TokenTypeIdentifiers.Private.UserCode),
TokenTypeIdentifiers.Private.RequestToken => ValidateToken(TokenTypeIdentifiers.Private.RequestToken),
TokenTypeHints.Private.RequestToken => ValidateToken(TokenTypeHints.Private.RequestToken),
_ => null // The token type is not supported by the Data Protection integration (e.g identity tokens). _ => null // The token type is not supported by the Data Protection integration (e.g identity tokens).
}) })
@ -229,34 +194,34 @@ public static partial class OpenIddictServerDataProtectionHandlers
var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector( var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector(
(type, context.IsReferenceToken) switch (type, context.IsReferenceToken) switch
{ {
(TokenTypeHints.AccessToken, true) (TokenTypeIdentifiers.AccessToken, true)
=> [Handlers.Server, Formats.AccessToken, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.AccessToken, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.AccessToken, false) (TokenTypeIdentifiers.AccessToken, false)
=> [Handlers.Server, Formats.AccessToken, Schemes.Server], => [Handlers.Server, Formats.AccessToken, Schemes.Server],
(TokenTypeHints.AuthorizationCode, true) (TokenTypeIdentifiers.Private.AuthorizationCode, true)
=> [Handlers.Server, Formats.AuthorizationCode, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.AuthorizationCode, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.AuthorizationCode, false) (TokenTypeIdentifiers.Private.AuthorizationCode, false)
=> [Handlers.Server, Formats.AuthorizationCode, Schemes.Server], => [Handlers.Server, Formats.AuthorizationCode, Schemes.Server],
(TokenTypeHints.DeviceCode, true) (TokenTypeIdentifiers.Private.DeviceCode, true)
=> [Handlers.Server, Formats.DeviceCode, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.DeviceCode, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.DeviceCode, false) (TokenTypeIdentifiers.Private.DeviceCode, false)
=> [Handlers.Server, Formats.DeviceCode, Schemes.Server], => [Handlers.Server, Formats.DeviceCode, Schemes.Server],
(TokenTypeHints.RefreshToken, true) (TokenTypeIdentifiers.RefreshToken, true)
=> [Handlers.Server, Formats.RefreshToken, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.RefreshToken, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.RefreshToken, false) (TokenTypeIdentifiers.RefreshToken, false)
=> [Handlers.Server, Formats.RefreshToken, Schemes.Server], => [Handlers.Server, Formats.RefreshToken, Schemes.Server],
(TokenTypeHints.UserCode, true) (TokenTypeIdentifiers.Private.UserCode, true)
=> [Handlers.Server, Formats.UserCode, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.UserCode, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.UserCode, false) (TokenTypeIdentifiers.Private.UserCode, false)
=> [Handlers.Server, Formats.UserCode, Schemes.Server], => [Handlers.Server, Formats.UserCode, Schemes.Server],
(TokenTypeHints.Private.RequestToken, true) (TokenTypeIdentifiers.Private.RequestToken, true)
=> [Handlers.Server, Formats.RequestToken, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.RequestToken, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.Private.RequestToken, false) (TokenTypeIdentifiers.Private.RequestToken, false)
=> [Handlers.Server, Formats.RequestToken, Schemes.Server], => [Handlers.Server, Formats.RequestToken, Schemes.Server],
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) _ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003))
@ -319,22 +284,22 @@ public static partial class OpenIddictServerDataProtectionHandlers
context.TokenFormat = context.TokenType switch context.TokenFormat = context.TokenType switch
{ {
TokenTypeHints.AccessToken when !_options.CurrentValue.PreferDefaultAccessTokenFormat TokenTypeIdentifiers.AccessToken when !_options.CurrentValue.PreferDefaultAccessTokenFormat
=> TokenFormats.Private.DataProtection, => TokenFormats.Private.DataProtection,
TokenTypeHints.AuthorizationCode when !_options.CurrentValue.PreferDefaultAuthorizationCodeFormat TokenTypeIdentifiers.Private.AuthorizationCode when !_options.CurrentValue.PreferDefaultAuthorizationCodeFormat
=> TokenFormats.Private.DataProtection, => TokenFormats.Private.DataProtection,
TokenTypeHints.DeviceCode when !_options.CurrentValue.PreferDefaultDeviceCodeFormat TokenTypeIdentifiers.Private.DeviceCode when !_options.CurrentValue.PreferDefaultDeviceCodeFormat
=> TokenFormats.Private.DataProtection, => TokenFormats.Private.DataProtection,
TokenTypeHints.RefreshToken when !_options.CurrentValue.PreferDefaultRefreshTokenFormat TokenTypeIdentifiers.RefreshToken when !_options.CurrentValue.PreferDefaultRefreshTokenFormat
=> TokenFormats.Private.DataProtection, => TokenFormats.Private.DataProtection,
TokenTypeHints.UserCode when !_options.CurrentValue.PreferDefaultUserCodeFormat TokenTypeIdentifiers.Private.UserCode when !_options.CurrentValue.PreferDefaultUserCodeFormat
=> TokenFormats.Private.DataProtection, => TokenFormats.Private.DataProtection,
TokenTypeHints.Private.RequestToken when !_options.CurrentValue.PreferDefaultRequestTokenFormat TokenTypeIdentifiers.Private.RequestToken when !_options.CurrentValue.PreferDefaultRequestTokenFormat
=> TokenFormats.Private.DataProtection, => TokenFormats.Private.DataProtection,
_ => context.TokenFormat // Don't override the format if the token type is not supported. _ => context.TokenFormat // Don't override the format if the token type is not supported.
@ -385,34 +350,34 @@ public static partial class OpenIddictServerDataProtectionHandlers
var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector( var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector(
(context.TokenType, context.IsReferenceToken) switch (context.TokenType, context.IsReferenceToken) switch
{ {
(TokenTypeHints.AccessToken, true) (TokenTypeIdentifiers.AccessToken, true)
=> [Handlers.Server, Formats.AccessToken, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.AccessToken, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.AccessToken, false) (TokenTypeIdentifiers.AccessToken, false)
=> [Handlers.Server, Formats.AccessToken, Schemes.Server], => [Handlers.Server, Formats.AccessToken, Schemes.Server],
(TokenTypeHints.AuthorizationCode, true) (TokenTypeIdentifiers.Private.AuthorizationCode, true)
=> [Handlers.Server, Formats.AuthorizationCode, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.AuthorizationCode, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.AuthorizationCode, false) (TokenTypeIdentifiers.Private.AuthorizationCode, false)
=> [Handlers.Server, Formats.AuthorizationCode, Schemes.Server], => [Handlers.Server, Formats.AuthorizationCode, Schemes.Server],
(TokenTypeHints.DeviceCode, true) (TokenTypeIdentifiers.Private.DeviceCode, true)
=> [Handlers.Server, Formats.DeviceCode, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.DeviceCode, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.DeviceCode, false) (TokenTypeIdentifiers.Private.DeviceCode, false)
=> [Handlers.Server, Formats.DeviceCode, Schemes.Server], => [Handlers.Server, Formats.DeviceCode, Schemes.Server],
(TokenTypeHints.RefreshToken, true) (TokenTypeIdentifiers.RefreshToken, true)
=> [Handlers.Server, Formats.RefreshToken, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.RefreshToken, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.RefreshToken, false) (TokenTypeIdentifiers.RefreshToken, false)
=> [Handlers.Server, Formats.RefreshToken, Schemes.Server], => [Handlers.Server, Formats.RefreshToken, Schemes.Server],
(TokenTypeHints.UserCode, true) (TokenTypeIdentifiers.Private.UserCode, true)
=> [Handlers.Server, Formats.UserCode, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.UserCode, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.UserCode, false) (TokenTypeIdentifiers.Private.UserCode, false)
=> [Handlers.Server, Formats.UserCode, Schemes.Server], => [Handlers.Server, Formats.UserCode, Schemes.Server],
(TokenTypeHints.Private.RequestToken, true) (TokenTypeIdentifiers.Private.RequestToken, true)
=> [Handlers.Server, Formats.RequestToken, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.RequestToken, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.Private.RequestToken, false) (TokenTypeIdentifiers.Private.RequestToken, false)
=> [Handlers.Server, Formats.RequestToken, Schemes.Server], => [Handlers.Server, Formats.RequestToken, Schemes.Server],
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) _ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003))

19
src/OpenIddict.Server/OpenIddictServerEvents.Protection.cs
View File

@ -59,19 +59,32 @@ public static partial class OpenIddictServerEvents
public bool PersistTokenPayload { get; set; } public bool PersistTokenPayload { get; set; }
/// <summary> /// <summary>
/// Gets or sets the security principal used to create the token. /// Gets or sets the security principal that will be derived to create the token.
/// </summary> /// </summary>
public ClaimsPrincipal Principal { get; set; } = default!; public ClaimsPrincipal Principal { get; set; } = default!;
/// <summary> /// <summary>
/// Gets or sets the encryption credentials used to encrypt the token. /// Gets or sets the encryption credentials used to encrypt the token.
/// </summary> /// </summary>
public EncryptingCredentials? EncryptionCredentials { get; set; } public EncryptingCredentials? EncryptionCredentials
{
get => SecurityTokenDescriptor.EncryptingCredentials;
set => SecurityTokenDescriptor.EncryptingCredentials = value;
}
/// <summary> /// <summary>
/// Gets or sets the signing credentials used to sign the token. /// Gets or sets the signing credentials used to sign the token.
/// </summary> /// </summary>
public SigningCredentials? SigningCredentials { get; set; } public SigningCredentials? SigningCredentials
{
get => SecurityTokenDescriptor.SigningCredentials;
set => SecurityTokenDescriptor.SigningCredentials = value;
}
/// <summary>
/// Gets the security token descriptor used to create the token.
/// </summary>
public SecurityTokenDescriptor SecurityTokenDescriptor { get; } = new();
/// <summary> /// <summary>
/// Gets or sets the security token handler used to serialize the security principal. /// Gets or sets the security token handler used to serialize the security principal.

2
src/OpenIddict.Server/OpenIddictServerHandlerFilters.cs
View File

@ -449,7 +449,7 @@ public static class OpenIddictServerHandlerFilters
throw new ArgumentNullException(nameof(context)); throw new ArgumentNullException(nameof(context));
} }
return new(context.TokenFormat is TokenFormats.Jwt); return new(context.TokenFormat is TokenFormats.Private.JsonWebToken);
} }
} }

27
src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
View File

@ -589,8 +589,8 @@ public static partial class OpenIddictServerHandlers
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006)); Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
if (!context.Principal.HasTokenType(TokenTypeHints.AccessToken) && if (!context.Principal.HasTokenType(TokenTypeIdentifiers.AccessToken) &&
!context.Principal.HasTokenType(TokenTypeHints.RefreshToken)) !context.Principal.HasTokenType(TokenTypeIdentifiers.RefreshToken))
{ {
context.Logger.LogInformation(SR.GetResourceString(SR.ID6104)); context.Logger.LogInformation(SR.GetResourceString(SR.ID6104));
@ -641,8 +641,8 @@ public static partial class OpenIddictServerHandlers
// (i.e the party the token was issued to) or as an audience (i.e a resource server/API). // (i.e the party the token was issued to) or as an audience (i.e a resource server/API).
// If the access token doesn't contain any explicit presenter/audience, the token is assumed // If the access token doesn't contain any explicit presenter/audience, the token is assumed
// to be not specific to any resource server/client application and the check is bypassed. // to be not specific to any resource server/client application and the check is bypassed.
if (context.Principal.HasTokenType(TokenTypeHints.AccessToken) && if (context.Principal.HasTokenType(TokenTypeIdentifiers.AccessToken) &&
context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) && context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) &&
context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{ {
context.Logger.LogWarning(SR.GetResourceString(SR.ID6106)); context.Logger.LogWarning(SR.GetResourceString(SR.ID6106));
@ -659,7 +659,7 @@ public static partial class OpenIddictServerHandlers
// listed as a presenter (i.e the party the token was issued to). // listed as a presenter (i.e the party the token was issued to).
// If the refresh token doesn't contain any explicit presenter, the token is // If the refresh token doesn't contain any explicit presenter, the token is
// assumed to be not specific to any client application and the check is bypassed. // assumed to be not specific to any client application and the check is bypassed.
if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) && if (context.Principal.HasTokenType(TokenTypeIdentifiers.RefreshToken) &&
context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{ {
context.Logger.LogWarning(SR.GetResourceString(SR.ID6108)); context.Logger.LogWarning(SR.GetResourceString(SR.ID6108));
@ -740,9 +740,20 @@ public static partial class OpenIddictServerHandlers
context.Issuer = context.Options.Issuer ?? context.BaseUri; context.Issuer = context.Options.Issuer ?? context.BaseUri;
context.TokenId = context.Principal.GetClaim(Claims.JwtId); context.TokenId = context.Principal.GetClaim(Claims.JwtId);
context.TokenUsage = context.Principal.GetTokenType();
context.Subject = context.Principal.GetClaim(Claims.Subject); context.Subject = context.Principal.GetClaim(Claims.Subject);
context.TokenUsage = context.Principal.GetTokenType() switch
{
TokenTypeIdentifiers.AccessToken => "access_token",
TokenTypeIdentifiers.Private.AuthorizationCode => "authorization_code",
TokenTypeIdentifiers.Private.DeviceCode => "device_code",
TokenTypeIdentifiers.IdentityToken => "id_token",
TokenTypeIdentifiers.RefreshToken => "refresh_token",
TokenTypeIdentifiers.Private.UserCode => "user_code",
_ => null
};
context.IssuedAt = context.NotBefore = context.Principal.GetCreationDate(); context.IssuedAt = context.NotBefore = context.Principal.GetCreationDate();
context.ExpiresAt = context.Principal.GetExpirationDate(); context.ExpiresAt = context.Principal.GetExpirationDate();
@ -754,7 +765,7 @@ public static partial class OpenIddictServerHandlers
// Note: only set "token_type" when the received token is an access token. // Note: only set "token_type" when the received token is an access token.
// See https://tools.ietf.org/html/rfc7662#section-2.2 // See https://tools.ietf.org/html/rfc7662#section-2.2
// and https://tools.ietf.org/html/rfc6749#section-5.1 for more information. // and https://tools.ietf.org/html/rfc6749#section-5.1 for more information.
if (context.Principal.HasTokenType(TokenTypeHints.AccessToken)) if (context.Principal.HasTokenType(TokenTypeIdentifiers.AccessToken))
{ {
context.TokenType = TokenTypes.Bearer; context.TokenType = TokenTypes.Bearer;
} }
@ -800,7 +811,7 @@ public static partial class OpenIddictServerHandlers
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006)); Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
// Don't return application-specific claims if the token is not an access token. // Don't return application-specific claims if the token is not an access token.
if (!context.Principal.HasTokenType(TokenTypeHints.AccessToken)) if (!context.Principal.HasTokenType(TokenTypeIdentifiers.AccessToken))
{ {
return; return;
} }

330
src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs
View File

@ -43,6 +43,8 @@ public static partial class OpenIddictServerHandlers
*/ */
AttachSecurityCredentials.Descriptor, AttachSecurityCredentials.Descriptor,
CreateTokenEntry.Descriptor, CreateTokenEntry.Descriptor,
AttachTokenSubject.Descriptor,
AttachTokenMetadata.Descriptor,
GenerateIdentityModelToken.Descriptor, GenerateIdentityModelToken.Descriptor,
AttachTokenPayload.Descriptor AttachTokenPayload.Descriptor
]; ];
@ -92,7 +94,7 @@ public static partial class OpenIddictServerHandlers
// if multiple token types are considered valid and contain tokens issued by the // if multiple token types are considered valid and contain tokens issued by the
// authorization server and tokens issued by the client (e.g client assertions). // authorization server and tokens issued by the client (e.g client assertions).
if (context.ValidTokenTypes.Count > 1 && if (context.ValidTokenTypes.Count > 1 &&
context.ValidTokenTypes.Contains(TokenTypeHints.ClientAssertion)) context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.ClientAssertion))
{ {
throw new InvalidOperationException(SR.GetResourceString(SR.ID0308)); throw new InvalidOperationException(SR.GetResourceString(SR.ID0308));
} }
@ -101,7 +103,7 @@ public static partial class OpenIddictServerHandlers
{ {
// When only client assertions are considered valid, create dynamic token validation // When only client assertions are considered valid, create dynamic token validation
// parameters using the encryption keys/signing keys attached to the specific client. // parameters using the encryption keys/signing keys attached to the specific client.
1 when context.ValidTokenTypes.Contains(TokenTypeHints.ClientAssertion) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.ClientAssertion)
=> GetClientTokenValidationParameters(), => GetClientTokenValidationParameters(),
// Otherwise, use the token validation parameters of the authorization server. // Otherwise, use the token validation parameters of the authorization server.
@ -191,36 +193,35 @@ public static partial class OpenIddictServerHandlers
_ => context.ValidTokenTypes.SelectMany<string, string>(type => type switch _ => context.ValidTokenTypes.SelectMany<string, string>(type => type switch
{ {
// For access tokens, both "at+jwt" and "application/at+jwt" are valid. // For access tokens, both "at+jwt" and "application/at+jwt" are valid.
TokenTypeHints.AccessToken => TokenTypeIdentifiers.AccessToken =>
[ [
JsonWebTokenTypes.AccessToken, JsonWebTokenTypes.AccessToken,
JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.AccessToken JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.AccessToken
], ],
// For identity tokens, both "JWT" and "application/jwt" are valid. // For identity tokens, both "JWT" and "application/jwt" are valid.
TokenTypeHints.IdToken => TokenTypeIdentifiers.IdentityToken =>
[ [
JsonWebTokenTypes.Jwt, JsonWebTokenTypes.Jwt,
JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.Jwt JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.Jwt
], ],
// For authorization codes, only the short "oi_auc+jwt" form is valid. // For authorization codes, only the short "oi_auc+jwt" form is valid.
TokenTypeHints.AuthorizationCode => [JsonWebTokenTypes.Private.AuthorizationCode], TokenTypeIdentifiers.Private.AuthorizationCode => [JsonWebTokenTypes.Private.AuthorizationCode],
// For device codes, only the short "oi_dvc+jwt" form is valid. // For device codes, only the short "oi_dvc+jwt" form is valid.
TokenTypeHints.DeviceCode => [JsonWebTokenTypes.Private.DeviceCode], TokenTypeIdentifiers.Private.DeviceCode => [JsonWebTokenTypes.Private.DeviceCode],
// For refresh tokens, only the short "oi_reft+jwt" form is valid. // For refresh tokens, only the short "oi_reft+jwt" form is valid.
TokenTypeHints.RefreshToken => [JsonWebTokenTypes.Private.RefreshToken], TokenTypeIdentifiers.RefreshToken => [JsonWebTokenTypes.Private.RefreshToken],
// For user codes, only the short "oi_usrc+jwt" form is valid. // For user codes, only the short "oi_usrc+jwt" form is valid.
TokenTypeHints.UserCode => [JsonWebTokenTypes.Private.UserCode], TokenTypeIdentifiers.Private.UserCode => [JsonWebTokenTypes.Private.UserCode],
// For user codes, only the short "oi_pshaurt+jwt" form is valid. // For user codes, only the short "oi_pshaurt+jwt" form is valid.
TokenTypeHints.Private.RequestToken TokenTypeIdentifiers.Private.RequestToken => [JsonWebTokenTypes.Private.RequestToken],
=> [JsonWebTokenTypes.Private.RequestToken],
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) _ => [type]
}) })
}; };
@ -316,7 +317,7 @@ public static partial class OpenIddictServerHandlers
// Note: reference tokens are never used for client assertions. // Note: reference tokens are never used for client assertions.
if (context.ValidTokenTypes.Count is 1 && if (context.ValidTokenTypes.Count is 1 &&
context.ValidTokenTypes.Contains(TokenTypeHints.ClientAssertion)) context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.ClientAssertion))
{ {
return; return;
} }
@ -345,29 +346,29 @@ public static partial class OpenIddictServerHandlers
context.Reject( context.Reject(
error: context.ValidTokenTypes.Count switch error: context.ValidTokenTypes.Count switch
{ {
1 when context.ValidTokenTypes.Contains(TokenTypeHints.ClientAssertion) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.ClientAssertion)
=> Errors.InvalidClient, => Errors.InvalidClient,
_ => Errors.InvalidToken _ => Errors.InvalidToken
}, },
description: context.ValidTokenTypes.Count switch description: context.ValidTokenTypes.Count switch
{ {
1 when context.ValidTokenTypes.Contains(TokenTypeHints.AuthorizationCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.AuthorizationCode)
=> SR.GetResourceString(SR.ID2001), => SR.GetResourceString(SR.ID2001),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.DeviceCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.DeviceCode)
=> SR.GetResourceString(SR.ID2002), => SR.GetResourceString(SR.ID2002),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.RefreshToken) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.RefreshToken)
=> SR.GetResourceString(SR.ID2003), => SR.GetResourceString(SR.ID2003),
_ => SR.GetResourceString(SR.ID2004) _ => SR.GetResourceString(SR.ID2004)
}, },
uri: context.ValidTokenTypes.Count switch uri: context.ValidTokenTypes.Count switch
{ {
1 when context.ValidTokenTypes.Contains(TokenTypeHints.AuthorizationCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.AuthorizationCode)
=> SR.FormatID8000(SR.ID2001), => SR.FormatID8000(SR.ID2001),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.DeviceCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.DeviceCode)
=> SR.FormatID8000(SR.ID2002), => SR.FormatID8000(SR.ID2002),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.RefreshToken) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.RefreshToken)
=> SR.FormatID8000(SR.ID2003), => SR.FormatID8000(SR.ID2003),
_ => SR.FormatID8000(SR.ID2004), _ => SR.FormatID8000(SR.ID2004),
@ -421,7 +422,7 @@ public static partial class OpenIddictServerHandlers
} }
// If a specific token format is expected, return immediately if it doesn't match the expected value. // If a specific token format is expected, return immediately if it doesn't match the expected value.
if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Jwt) if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.JsonWebToken)
{ {
return; return;
} }
@ -456,7 +457,7 @@ public static partial class OpenIddictServerHandlers
context.Reject( context.Reject(
error: context.ValidTokenTypes.Count switch error: context.ValidTokenTypes.Count switch
{ {
1 when context.ValidTokenTypes.Contains(TokenTypeHints.ClientAssertion) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.ClientAssertion)
=> Errors.InvalidClient, => Errors.InvalidClient,
_ => Errors.InvalidToken _ => Errors.InvalidToken
@ -465,16 +466,16 @@ public static partial class OpenIddictServerHandlers
{ {
SecurityTokenInvalidTypeException => context.ValidTokenTypes.Count switch SecurityTokenInvalidTypeException => context.ValidTokenTypes.Count switch
{ {
1 when context.ValidTokenTypes.Contains(TokenTypeHints.AuthorizationCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.AuthorizationCode)
=> SR.GetResourceString(SR.ID2005), => SR.GetResourceString(SR.ID2005),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.DeviceCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.DeviceCode)
=> SR.GetResourceString(SR.ID2006), => SR.GetResourceString(SR.ID2006),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.RefreshToken) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.RefreshToken)
=> SR.GetResourceString(SR.ID2007), => SR.GetResourceString(SR.ID2007),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.AccessToken) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.AccessToken)
=> SR.GetResourceString(SR.ID2008), => SR.GetResourceString(SR.ID2008),
_ => SR.GetResourceString(SR.ID2089) _ => SR.GetResourceString(SR.ID2089)
@ -490,16 +491,16 @@ public static partial class OpenIddictServerHandlers
{ {
SecurityTokenInvalidTypeException => context.ValidTokenTypes.Count switch SecurityTokenInvalidTypeException => context.ValidTokenTypes.Count switch
{ {
1 when context.ValidTokenTypes.Contains(TokenTypeHints.AuthorizationCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.AuthorizationCode)
=> SR.FormatID8000(SR.ID2005), => SR.FormatID8000(SR.ID2005),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.DeviceCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.DeviceCode)
=> SR.FormatID8000(SR.ID2006), => SR.FormatID8000(SR.ID2006),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.RefreshToken) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.RefreshToken)
=> SR.FormatID8000(SR.ID2007), => SR.FormatID8000(SR.ID2007),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.AccessToken) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.AccessToken)
=> SR.FormatID8000(SR.ID2008), => SR.FormatID8000(SR.ID2008),
_ => SR.FormatID8000(SR.ID2089) _ => SR.FormatID8000(SR.ID2089)
@ -530,27 +531,26 @@ public static partial class OpenIddictServerHandlers
// or a generic value like "JWT". Since the type defined by the client cannot be used as-is, // or a generic value like "JWT". Since the type defined by the client cannot be used as-is,
// validation is bypassed and tokens used as client assertions are assumed to be client assertions. // validation is bypassed and tokens used as client assertions are assumed to be client assertions.
_ when context.ValidTokenTypes.Count is 1 && _ when context.ValidTokenTypes.Count is 1 &&
context.ValidTokenTypes.Contains(TokenTypeHints.ClientAssertion) context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.ClientAssertion)
=> TokenTypeHints.ClientAssertion, => TokenTypeIdentifiers.Private.ClientAssertion,
null or { Length: 0 } => throw new InvalidOperationException(SR.GetResourceString(SR.ID0025)), null or { Length: 0 } => throw new InvalidOperationException(SR.GetResourceString(SR.ID0025)),
// Both at+jwt and application/at+jwt are supported for access tokens. // Both at+jwt and application/at+jwt are supported for access tokens.
JsonWebTokenTypes.AccessToken or JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.AccessToken JsonWebTokenTypes.AccessToken or JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.AccessToken
=> TokenTypeHints.AccessToken, => TokenTypeIdentifiers.AccessToken,
// Both JWT and application/JWT are supported for identity tokens. // Both JWT and application/JWT are supported for identity tokens.
JsonWebTokenTypes.Jwt or JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.Jwt JsonWebTokenTypes.Jwt or JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.Jwt
=> TokenTypeHints.IdToken, => TokenTypeIdentifiers.IdentityToken,
JsonWebTokenTypes.Private.AuthorizationCode => TokenTypeHints.AuthorizationCode, JsonWebTokenTypes.Private.AuthorizationCode => TokenTypeIdentifiers.Private.AuthorizationCode,
JsonWebTokenTypes.Private.DeviceCode => TokenTypeHints.DeviceCode, JsonWebTokenTypes.Private.DeviceCode => TokenTypeIdentifiers.Private.DeviceCode,
JsonWebTokenTypes.Private.RefreshToken => TokenTypeHints.RefreshToken, JsonWebTokenTypes.Private.RefreshToken => TokenTypeIdentifiers.RefreshToken,
JsonWebTokenTypes.Private.UserCode => TokenTypeHints.UserCode, JsonWebTokenTypes.Private.RequestToken => TokenTypeIdentifiers.Private.RequestToken,
JsonWebTokenTypes.Private.UserCode => TokenTypeIdentifiers.Private.UserCode,
JsonWebTokenTypes.Private.RequestToken => TokenTypeHints.Private.RequestToken, string value => value
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003))
}); });
// Restore the claim destinations from the special oi_cl_dstn claim (represented as a dictionary/JSON object). // Restore the claim destinations from the special oi_cl_dstn claim (represented as a dictionary/JSON object).
@ -761,7 +761,7 @@ public static partial class OpenIddictServerHandlers
// Note: token entries are never used for client assertions. // Note: token entries are never used for client assertions.
if (context.ValidTokenTypes.Count is 1 && if (context.ValidTokenTypes.Count is 1 &&
context.ValidTokenTypes.Contains(TokenTypeHints.ClientAssertion)) context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.ClientAssertion))
{ {
return; return;
} }
@ -784,17 +784,17 @@ public static partial class OpenIddictServerHandlers
error: Errors.InvalidToken, error: Errors.InvalidToken,
description: context.Principal.GetTokenType() switch description: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.GetResourceString(SR.ID2001), TokenTypeIdentifiers.Private.AuthorizationCode => SR.GetResourceString(SR.ID2001),
TokenTypeHints.DeviceCode => SR.GetResourceString(SR.ID2002), TokenTypeIdentifiers.Private.DeviceCode => SR.GetResourceString(SR.ID2002),
TokenTypeHints.RefreshToken => SR.GetResourceString(SR.ID2003), TokenTypeIdentifiers.RefreshToken => SR.GetResourceString(SR.ID2003),
_ => SR.GetResourceString(SR.ID2004) _ => SR.GetResourceString(SR.ID2004)
}, },
uri: context.Principal.GetTokenType() switch uri: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.FormatID8000(SR.ID2001), TokenTypeIdentifiers.Private.AuthorizationCode => SR.FormatID8000(SR.ID2001),
TokenTypeHints.DeviceCode => SR.FormatID8000(SR.ID2002), TokenTypeIdentifiers.Private.DeviceCode => SR.FormatID8000(SR.ID2002),
TokenTypeHints.RefreshToken => SR.FormatID8000(SR.ID2003), TokenTypeIdentifiers.RefreshToken => SR.FormatID8000(SR.ID2003),
_ => SR.FormatID8000(SR.ID2004) _ => SR.FormatID8000(SR.ID2004)
}); });
@ -840,33 +840,33 @@ public static partial class OpenIddictServerHandlers
context.Reject( context.Reject(
error: context.ValidTokenTypes.Count switch error: context.ValidTokenTypes.Count switch
{ {
1 when context.ValidTokenTypes.Contains(TokenTypeHints.ClientAssertion) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.ClientAssertion)
=> Errors.InvalidClient, => Errors.InvalidClient,
_ => Errors.InvalidToken _ => Errors.InvalidToken
}, },
description: context.ValidTokenTypes.Count switch description: context.ValidTokenTypes.Count switch
{ {
1 when context.ValidTokenTypes.Contains(TokenTypeHints.AuthorizationCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.AuthorizationCode)
=> SR.GetResourceString(SR.ID2001), => SR.GetResourceString(SR.ID2001),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.DeviceCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.DeviceCode)
=> SR.GetResourceString(SR.ID2002), => SR.GetResourceString(SR.ID2002),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.RefreshToken) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.RefreshToken)
=> SR.GetResourceString(SR.ID2003), => SR.GetResourceString(SR.ID2003),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.IdToken) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.IdentityToken)
=> SR.GetResourceString(SR.ID2009), => SR.GetResourceString(SR.ID2009),
_ => SR.GetResourceString(SR.ID2004) _ => SR.GetResourceString(SR.ID2004)
}, },
uri: context.ValidTokenTypes.Count switch uri: context.ValidTokenTypes.Count switch
{ {
1 when context.ValidTokenTypes.Contains(TokenTypeHints.AuthorizationCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.AuthorizationCode)
=> SR.FormatID8000(SR.ID2001), => SR.FormatID8000(SR.ID2001),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.DeviceCode) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.DeviceCode)
=> SR.FormatID8000(SR.ID2002), => SR.FormatID8000(SR.ID2002),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.RefreshToken) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.RefreshToken)
=> SR.FormatID8000(SR.ID2003), => SR.FormatID8000(SR.ID2003),
1 when context.ValidTokenTypes.Contains(TokenTypeHints.IdToken) 1 when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.IdentityToken)
=> SR.FormatID8000(SR.ID2009), => SR.FormatID8000(SR.ID2009),
_ => SR.FormatID8000(SR.ID2004) _ => SR.FormatID8000(SR.ID2004)
@ -927,23 +927,23 @@ public static partial class OpenIddictServerHandlers
context.Reject( context.Reject(
error: context.Principal.GetTokenType() switch error: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.ClientAssertion => Errors.InvalidClient, TokenTypeIdentifiers.Private.ClientAssertion => Errors.InvalidClient,
TokenTypeHints.DeviceCode => Errors.ExpiredToken, TokenTypeIdentifiers.Private.DeviceCode => Errors.ExpiredToken,
_ => Errors.InvalidToken _ => Errors.InvalidToken
}, },
description: context.Principal.GetTokenType() switch description: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.GetResourceString(SR.ID2016), TokenTypeIdentifiers.Private.AuthorizationCode => SR.GetResourceString(SR.ID2016),
TokenTypeHints.DeviceCode => SR.GetResourceString(SR.ID2017), TokenTypeIdentifiers.Private.DeviceCode => SR.GetResourceString(SR.ID2017),
TokenTypeHints.RefreshToken => SR.GetResourceString(SR.ID2018), TokenTypeIdentifiers.RefreshToken => SR.GetResourceString(SR.ID2018),
_ => SR.GetResourceString(SR.ID2019) _ => SR.GetResourceString(SR.ID2019)
}, },
uri: context.Principal.GetTokenType() switch uri: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.FormatID8000(SR.ID2016), TokenTypeIdentifiers.Private.AuthorizationCode => SR.FormatID8000(SR.ID2016),
TokenTypeHints.DeviceCode => SR.FormatID8000(SR.ID2017), TokenTypeIdentifiers.Private.DeviceCode => SR.FormatID8000(SR.ID2017),
TokenTypeHints.RefreshToken => SR.FormatID8000(SR.ID2018), TokenTypeIdentifiers.RefreshToken => SR.FormatID8000(SR.ID2018),
_ => SR.FormatID8000(SR.ID2019) _ => SR.FormatID8000(SR.ID2019)
}); });
@ -1003,7 +1003,7 @@ public static partial class OpenIddictServerHandlers
// See https://tools.ietf.org/html/rfc6749#section-10.5 for more information. // See https://tools.ietf.org/html/rfc6749#section-10.5 for more information.
if (await _tokenManager.HasStatusAsync(token, Statuses.Redeemed)) if (await _tokenManager.HasStatusAsync(token, Statuses.Redeemed))
{ {
if (!context.Principal.HasTokenType(TokenTypeHints.RefreshToken) || !await IsReusableAsync(token)) if (!context.Principal.HasTokenType(TokenTypeIdentifiers.RefreshToken) || !await IsReusableAsync(token))
{ {
if (!string.IsNullOrEmpty(context.AuthorizationId)) if (!string.IsNullOrEmpty(context.AuthorizationId))
{ {
@ -1030,23 +1030,23 @@ public static partial class OpenIddictServerHandlers
context.Reject( context.Reject(
error: context.Principal.GetTokenType() switch error: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.ClientAssertion => Errors.InvalidClient, TokenTypeIdentifiers.Private.ClientAssertion => Errors.InvalidClient,
_ => Errors.InvalidToken _ => Errors.InvalidToken
}, },
description: context.Principal.GetTokenType() switch description: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.GetResourceString(SR.ID2010), TokenTypeIdentifiers.Private.AuthorizationCode => SR.GetResourceString(SR.ID2010),
TokenTypeHints.DeviceCode => SR.GetResourceString(SR.ID2011), TokenTypeIdentifiers.Private.DeviceCode => SR.GetResourceString(SR.ID2011),
TokenTypeHints.RefreshToken => SR.GetResourceString(SR.ID2012), TokenTypeIdentifiers.RefreshToken => SR.GetResourceString(SR.ID2012),
_ => SR.GetResourceString(SR.ID2013) _ => SR.GetResourceString(SR.ID2013)
}, },
uri: context.Principal.GetTokenType() switch uri: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.FormatID8000(SR.ID2010), TokenTypeIdentifiers.Private.AuthorizationCode => SR.FormatID8000(SR.ID2010),
TokenTypeHints.DeviceCode => SR.FormatID8000(SR.ID2011), TokenTypeIdentifiers.Private.DeviceCode => SR.FormatID8000(SR.ID2011),
TokenTypeHints.RefreshToken => SR.FormatID8000(SR.ID2012), TokenTypeIdentifiers.RefreshToken => SR.FormatID8000(SR.ID2012),
_ => SR.FormatID8000(SR.ID2013) _ => SR.FormatID8000(SR.ID2013)
}); });
@ -1090,23 +1090,23 @@ public static partial class OpenIddictServerHandlers
context.Reject( context.Reject(
error: context.Principal.GetTokenType() switch error: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.ClientAssertion => Errors.InvalidClient, TokenTypeIdentifiers.Private.ClientAssertion => Errors.InvalidClient,
_ => Errors.InvalidToken _ => Errors.InvalidToken
}, },
description: context.Principal.GetTokenType() switch description: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.GetResourceString(SR.ID2016), TokenTypeIdentifiers.Private.AuthorizationCode => SR.GetResourceString(SR.ID2016),
TokenTypeHints.DeviceCode => SR.GetResourceString(SR.ID2017), TokenTypeIdentifiers.Private.DeviceCode => SR.GetResourceString(SR.ID2017),
TokenTypeHints.RefreshToken => SR.GetResourceString(SR.ID2018), TokenTypeIdentifiers.RefreshToken => SR.GetResourceString(SR.ID2018),
_ => SR.GetResourceString(SR.ID2019) _ => SR.GetResourceString(SR.ID2019)
}, },
uri: context.Principal.GetTokenType() switch uri: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.FormatID8000(SR.ID2016), TokenTypeIdentifiers.Private.AuthorizationCode => SR.FormatID8000(SR.ID2016),
TokenTypeHints.DeviceCode => SR.FormatID8000(SR.ID2017), TokenTypeIdentifiers.Private.DeviceCode => SR.FormatID8000(SR.ID2017),
TokenTypeHints.RefreshToken => SR.FormatID8000(SR.ID2018), TokenTypeIdentifiers.RefreshToken => SR.FormatID8000(SR.ID2018),
_ => SR.FormatID8000(SR.ID2019) _ => SR.FormatID8000(SR.ID2019)
}); });
@ -1180,23 +1180,23 @@ public static partial class OpenIddictServerHandlers
context.Reject( context.Reject(
error: context.Principal.GetTokenType() switch error: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.ClientAssertion => Errors.InvalidClient, TokenTypeIdentifiers.Private.ClientAssertion => Errors.InvalidClient,
_ => Errors.InvalidToken _ => Errors.InvalidToken
}, },
description: context.Principal.GetTokenType() switch description: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.GetResourceString(SR.ID2020), TokenTypeIdentifiers.Private.AuthorizationCode => SR.GetResourceString(SR.ID2020),
TokenTypeHints.DeviceCode => SR.GetResourceString(SR.ID2021), TokenTypeIdentifiers.Private.DeviceCode => SR.GetResourceString(SR.ID2021),
TokenTypeHints.RefreshToken => SR.GetResourceString(SR.ID2022), TokenTypeIdentifiers.RefreshToken => SR.GetResourceString(SR.ID2022),
_ => SR.GetResourceString(SR.ID2023) _ => SR.GetResourceString(SR.ID2023)
}, },
uri: context.Principal.GetTokenType() switch uri: context.Principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.FormatID8000(SR.ID2020), TokenTypeIdentifiers.Private.AuthorizationCode => SR.FormatID8000(SR.ID2020),
TokenTypeHints.DeviceCode => SR.FormatID8000(SR.ID2021), TokenTypeIdentifiers.Private.DeviceCode => SR.FormatID8000(SR.ID2021),
TokenTypeHints.RefreshToken => SR.FormatID8000(SR.ID2022), TokenTypeIdentifiers.RefreshToken => SR.FormatID8000(SR.ID2022),
_ => SR.FormatID8000(SR.ID2023) _ => SR.FormatID8000(SR.ID2023)
}); });
@ -1234,8 +1234,8 @@ public static partial class OpenIddictServerHandlers
context.EncryptionCredentials = context.TokenType switch context.EncryptionCredentials = context.TokenType switch
{ {
// Note: unlike other tokens, encryption can be disabled for access tokens. // Note: unlike other tokens, encryption can be disabled for access tokens.
TokenTypeHints.AccessToken when context.Options.DisableAccessTokenEncryption => null, TokenTypeIdentifiers.AccessToken when context.Options.DisableAccessTokenEncryption => null,
TokenTypeHints.IdToken => null, TokenTypeIdentifiers.IdentityToken => null,
_ => context.Options.EncryptionCredentials.First() _ => context.Options.EncryptionCredentials.First()
}; };
@ -1244,7 +1244,7 @@ public static partial class OpenIddictServerHandlers
{ {
// Note: unlike other tokens, identity tokens can only be signed using an asymmetric key // Note: unlike other tokens, identity tokens can only be signed using an asymmetric key
// as they are meant to be validated by clients using the public keys exposed by the server. // as they are meant to be validated by clients using the public keys exposed by the server.
TokenTypeHints.IdToken => context.Options.SigningCredentials.First(credentials => TokenTypeIdentifiers.IdentityToken => context.Options.SigningCredentials.First(static credentials =>
credentials.Key is AsymmetricSecurityKey), credentials.Key is AsymmetricSecurityKey),
_ => context.Options.SigningCredentials.First() _ => context.Options.SigningCredentials.First()
@ -1309,7 +1309,7 @@ public static partial class OpenIddictServerHandlers
// approves the authorization demand, the UpdateReferenceDeviceCodeEntry handler // approves the authorization demand, the UpdateReferenceDeviceCodeEntry handler
// changes the status to "active" and attaches a new payload with the claims // changes the status to "active" and attaches a new payload with the claims
// corresponding the user, which allows the client to redeem the device code. // corresponding the user, which allows the client to redeem the device code.
TokenTypeHints.DeviceCode => Statuses.Inactive, TokenTypeIdentifiers.Private.DeviceCode => Statuses.Inactive,
// For all other tokens, "valid" is the default status. // For all other tokens, "valid" is the default status.
_ => Statuses.Valid _ => Statuses.Valid
@ -1318,7 +1318,7 @@ public static partial class OpenIddictServerHandlers
descriptor.Subject = context.TokenType switch descriptor.Subject = context.TokenType switch
{ {
// Device and user codes are not bound to a user, until authorization is granted. // Device and user codes are not bound to a user, until authorization is granted.
TokenTypeHints.DeviceCode or TokenTypeHints.UserCode => null, TokenTypeIdentifiers.Private.DeviceCode or TokenTypeIdentifiers.Private.UserCode => null,
// For all other tokens, the subject is resolved from the principal. // For all other tokens, the subject is resolved from the principal.
_ => context.Principal.GetClaim(Claims.Subject) _ => context.Principal.GetClaim(Claims.Subject)
@ -1346,17 +1346,16 @@ public static partial class OpenIddictServerHandlers
} }
/// <summary> /// <summary>
/// Contains the logic responsible for generating a token using IdentityModel. /// Contains the logic responsible for attaching the subject to the security token descriptor.
/// </summary> /// </summary>
public sealed class GenerateIdentityModelToken : IOpenIddictServerHandler<GenerateTokenContext> public sealed class AttachTokenSubject : IOpenIddictServerHandler<GenerateTokenContext>
{ {
/// <summary> /// <summary>
/// Gets the default descriptor definition assigned to this handler. /// Gets the default descriptor definition assigned to this handler.
/// </summary> /// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; } public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<GenerateTokenContext>() = OpenIddictServerHandlerDescriptor.CreateBuilder<GenerateTokenContext>()
.AddFilter<RequireJsonWebTokenFormat>() .UseSingletonHandler<AttachTokenSubject>()
.UseSingletonHandler<GenerateIdentityModelToken>()
.SetOrder(CreateTokenEntry.Descriptor.Order + 1_000) .SetOrder(CreateTokenEntry.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn) .SetType(OpenIddictServerHandlerType.BuiltIn)
.Build(); .Build();
@ -1369,40 +1368,65 @@ public static partial class OpenIddictServerHandlers
throw new ArgumentNullException(nameof(context)); throw new ArgumentNullException(nameof(context));
} }
// If a token was already attached by another handler, don't overwrite it. if (context.Principal is not { Identity: ClaimsIdentity } principal)
if (!string.IsNullOrEmpty(context.Token))
{
return default;
}
if (context.Principal is not { Identity: ClaimsIdentity })
{ {
throw new InvalidOperationException(SR.GetResourceString(SR.ID0022)); throw new InvalidOperationException(SR.GetResourceString(SR.ID0022));
} }
// Clone the principal and exclude the private claims mapped to standard JWT claims. // Clone the principal and exclude the private claims mapped to standard JWT claims.
var principal = context.Principal.Clone(claim => claim.Type switch principal = context.Principal.Clone(claim => claim.Type switch
{ {
Claims.Private.CreationDate or Claims.Private.ExpirationDate or Claims.Private.CreationDate or Claims.Private.ExpirationDate or
Claims.Private.Issuer or Claims.Private.TokenType => false, Claims.Private.Issuer or Claims.Private.TokenType => false,
Claims.Private.Audience Claims.Private.Audience
when context.TokenType is TokenTypeHints.AccessToken or TokenTypeHints.IdToken => false, when context.TokenType is TokenTypeIdentifiers.AccessToken or TokenTypeIdentifiers.IdentityToken => false,
Claims.Private.Scope when context.TokenType is TokenTypeHints.AccessToken => false, Claims.Private.Scope when context.TokenType is TokenTypeIdentifiers.AccessToken => false,
Claims.AuthenticationMethodReference when context.TokenType is TokenTypeHints.IdToken => false, Claims.AuthenticationMethodReference when context.TokenType is TokenTypeIdentifiers.IdentityToken => false,
_ => true _ => true
}); });
Debug.Assert(principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006)); Debug.Assert(principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
var claims = new Dictionary<string, object>(StringComparer.Ordinal); context.SecurityTokenDescriptor.Subject = (ClaimsIdentity) principal.Identity;
return default;
}
}
/// <summary>
/// Contains the logic responsible for attaching metadata claims to the security token descriptor, if necessary.
/// </summary>
public sealed class AttachTokenMetadata : IOpenIddictServerHandler<GenerateTokenContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<GenerateTokenContext>()
.UseSingletonHandler<AttachTokenMetadata>()
.SetOrder(AttachTokenSubject.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(GenerateTokenContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
var claims = context.SecurityTokenDescriptor.Claims is not null ?
new Dictionary<string, object>(context.SecurityTokenDescriptor.Claims, StringComparer.Ordinal) :
new Dictionary<string, object>(StringComparer.Ordinal);
// For access and identity tokens, set the public audience claims // For access and identity tokens, set the public audience claims
// using the private audience claims from the security principal. // using the private audience claims from the security principal.
if (context.TokenType is TokenTypeHints.AccessToken or TokenTypeHints.IdToken) if (context.TokenType is TokenTypeIdentifiers.AccessToken or TokenTypeIdentifiers.IdentityToken)
{ {
var audiences = context.Principal.GetAudiences(); var audiences = context.Principal.GetAudiences();
if (audiences.Any()) if (audiences.Any())
@ -1419,7 +1443,7 @@ public static partial class OpenIddictServerHandlers
// claim representing a JSON array, even if a single authentication method reference is // claim representing a JSON array, even if a single authentication method reference is
// present in the collection. To ensure an array is always returned, the "amr" claim is // present in the collection. To ensure an array is always returned, the "amr" claim is
// filtered out from the clone principal and manually added as a "string[]" claim value. // filtered out from the clone principal and manually added as a "string[]" claim value.
if (context.TokenType is TokenTypeHints.IdToken) if (context.TokenType is TokenTypeIdentifiers.IdentityToken)
{ {
var methods = context.Principal.GetClaims(Claims.AuthenticationMethodReference); var methods = context.Principal.GetClaims(Claims.AuthenticationMethodReference);
if (methods.Any()) if (methods.Any())
@ -1442,7 +1466,7 @@ public static partial class OpenIddictServerHandlers
// string to respect the usual representation of the standard scope claim. // string to respect the usual representation of the standard scope claim.
// //
// See https://datatracker.ietf.org/doc/html/rfc9068 for more information. // See https://datatracker.ietf.org/doc/html/rfc9068 for more information.
if (context.TokenType is TokenTypeHints.AccessToken) if (context.TokenType is TokenTypeIdentifiers.AccessToken)
{ {
var scopes = context.Principal.GetScopes(); var scopes = context.Principal.GetScopes();
if (scopes.Any()) if (scopes.Any())
@ -1455,46 +1479,74 @@ public static partial class OpenIddictServerHandlers
// For authorization/device/user codes and refresh tokens, // For authorization/device/user codes and refresh tokens,
// attach claims destinations to the JWT claims collection. // attach claims destinations to the JWT claims collection.
if (context.TokenType is TokenTypeHints.AuthorizationCode or TokenTypeHints.DeviceCode or if (context.TokenType is TokenTypeIdentifiers.Private.AuthorizationCode or TokenTypeIdentifiers.Private.DeviceCode or
TokenTypeHints.RefreshToken or TokenTypeHints.UserCode or TokenTypeIdentifiers.RefreshToken or TokenTypeIdentifiers.Private.UserCode or
TokenTypeHints.Private.RequestToken) TokenTypeIdentifiers.Private.RequestToken)
{ {
var destinations = principal.GetDestinations(); var destinations = context.Principal.GetDestinations();
if (destinations.Count is not 0) if (destinations.Count is not 0)
{ {
claims.Add(Claims.Private.ClaimDestinationsMap, destinations); claims.Add(Claims.Private.ClaimDestinationsMap, destinations);
} }
} }
var descriptor = new SecurityTokenDescriptor context.SecurityTokenDescriptor.Claims = claims;
context.SecurityTokenDescriptor.Expires = context.Principal.GetExpirationDate()?.UtcDateTime;
context.SecurityTokenDescriptor.IssuedAt = context.Principal.GetCreationDate()?.UtcDateTime;
context.SecurityTokenDescriptor.Issuer = context.Principal.GetClaim(Claims.Private.Issuer);
context.SecurityTokenDescriptor.TokenType = context.TokenType switch
{ {
Claims = claims, null or { Length: 0 } => throw new InvalidOperationException(SR.GetResourceString(SR.ID0025)),
EncryptingCredentials = context.EncryptionCredentials,
Expires = context.Principal.GetExpirationDate()?.UtcDateTime,
IssuedAt = context.Principal.GetCreationDate()?.UtcDateTime,
Issuer = context.Principal.GetClaim(Claims.Private.Issuer),
SigningCredentials = context.SigningCredentials,
Subject = (ClaimsIdentity) principal.Identity,
TokenType = context.TokenType switch
{
null or { Length: 0 } => throw new InvalidOperationException(SR.GetResourceString(SR.ID0025)),
TokenTypeHints.AccessToken => JsonWebTokenTypes.AccessToken,
TokenTypeHints.IdToken => JsonWebTokenTypes.Jwt,
TokenTypeHints.AuthorizationCode => JsonWebTokenTypes.Private.AuthorizationCode,
TokenTypeHints.DeviceCode => JsonWebTokenTypes.Private.DeviceCode,
TokenTypeHints.RefreshToken => JsonWebTokenTypes.Private.RefreshToken,
TokenTypeHints.UserCode => JsonWebTokenTypes.Private.UserCode,
TokenTypeHints.Private.RequestToken => JsonWebTokenTypes.Private.RequestToken, TokenTypeIdentifiers.AccessToken => JsonWebTokenTypes.AccessToken,
TokenTypeIdentifiers.Private.AuthorizationCode => JsonWebTokenTypes.Private.AuthorizationCode,
TokenTypeIdentifiers.Private.DeviceCode => JsonWebTokenTypes.Private.DeviceCode,
TokenTypeIdentifiers.IdentityToken => JsonWebTokenTypes.Jwt,
TokenTypeIdentifiers.RefreshToken => JsonWebTokenTypes.Private.RefreshToken,
TokenTypeIdentifiers.Private.RequestToken => JsonWebTokenTypes.Private.RequestToken,
TokenTypeIdentifiers.Private.UserCode => JsonWebTokenTypes.Private.UserCode,
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) string value => value
}
}; };
context.Token = context.SecurityTokenHandler.CreateToken(descriptor); return default;
}
}
/// <summary>
/// Contains the logic responsible for generating a token using IdentityModel.
/// </summary>
public sealed class GenerateIdentityModelToken : IOpenIddictServerHandler<GenerateTokenContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<GenerateTokenContext>()
.AddFilter<RequireJsonWebTokenFormat>()
.UseSingletonHandler<GenerateIdentityModelToken>()
.SetOrder(AttachTokenMetadata.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(GenerateTokenContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
// If a token was already attached by another handler, don't overwrite it.
if (!string.IsNullOrEmpty(context.Token))
{
return default;
}
context.Token = context.SecurityTokenHandler.CreateToken(context.SecurityTokenDescriptor);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6013), context.TokenType, context.Token, principal.Claims); context.Logger.LogTrace(SR.GetResourceString(SR.ID6013), context.TokenType,
context.Token, context.SecurityTokenDescriptor.Subject?.Claims ?? []);
return default; return default;
} }
@ -1552,7 +1604,7 @@ public static partial class OpenIddictServerHandlers
if (context.IsReferenceToken) if (context.IsReferenceToken)
{ {
if (context.TokenType is TokenTypeHints.UserCode && if (context.TokenType is TokenTypeIdentifiers.Private.UserCode &&
context.Options is { UserCodeCharset.Count: > 0, UserCodeLength: > 0 }) context.Options is { UserCodeCharset.Count: > 0, UserCodeLength: > 0 })
{ {
do do

8
src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs
View File

@ -536,8 +536,8 @@ public static partial class OpenIddictServerHandlers
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006)); Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
if (!context.Principal.HasTokenType(TokenTypeHints.AccessToken) && if (!context.Principal.HasTokenType(TokenTypeIdentifiers.AccessToken) &&
!context.Principal.HasTokenType(TokenTypeHints.RefreshToken)) !context.Principal.HasTokenType(TokenTypeIdentifiers.RefreshToken))
{ {
context.Logger.LogInformation(SR.GetResourceString(SR.ID6117)); context.Logger.LogInformation(SR.GetResourceString(SR.ID6117));
@ -588,7 +588,7 @@ public static partial class OpenIddictServerHandlers
// (i.e the party the token was issued to) or as an audience (i.e a resource server/API). // (i.e the party the token was issued to) or as an audience (i.e a resource server/API).
// If the access token doesn't contain any explicit presenter/audience, the token is assumed // If the access token doesn't contain any explicit presenter/audience, the token is assumed
// to be not specific to any resource server/client application and the check is bypassed. // to be not specific to any resource server/client application and the check is bypassed.
if (context.Principal.HasTokenType(TokenTypeHints.AccessToken) && if (context.Principal.HasTokenType(TokenTypeIdentifiers.AccessToken) &&
context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) && context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) &&
context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{ {
@ -606,7 +606,7 @@ public static partial class OpenIddictServerHandlers
// listed as a presenter (i.e the party the token was issued to). // listed as a presenter (i.e the party the token was issued to).
// If the refresh token doesn't contain any explicit presenter, the token is // If the refresh token doesn't contain any explicit presenter, the token is
// assumed to be not specific to any client application and the check is bypassed. // assumed to be not specific to any client application and the check is bypassed.
if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) && if (context.Principal.HasTokenType(TokenTypeIdentifiers.RefreshToken) &&
context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{ {
context.Logger.LogWarning(SR.GetResourceString(SR.ID6121)); context.Logger.LogWarning(SR.GetResourceString(SR.ID6121));

70
src/OpenIddict.Server/OpenIddictServerHandlers.cs
View File

@ -604,10 +604,10 @@ public static partial class OpenIddictServerHandlers
Token = context.ClientAssertion, Token = context.ClientAssertion,
TokenFormat = context.ClientAssertionType switch TokenFormat = context.ClientAssertionType switch
{ {
ClientAssertionTypes.JwtBearer => TokenFormats.Jwt, ClientAssertionTypes.JwtBearer => TokenFormats.Private.JsonWebToken,
_ => null _ => null
}, },
ValidTokenTypes = { TokenTypeHints.ClientAssertion } ValidTokenTypes = { TokenTypeIdentifiers.Private.ClientAssertion }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -1320,7 +1320,7 @@ public static partial class OpenIddictServerHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.RequestToken, Token = context.RequestToken,
ValidTokenTypes = { TokenTypeHints.Private.RequestToken } ValidTokenTypes = { TokenTypeIdentifiers.Private.RequestToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -1444,7 +1444,7 @@ public static partial class OpenIddictServerHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.AccessToken, Token = context.AccessToken,
ValidTokenTypes = { TokenTypeHints.AccessToken } ValidTokenTypes = { TokenTypeIdentifiers.AccessToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -1516,7 +1516,7 @@ public static partial class OpenIddictServerHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.AuthorizationCode, Token = context.AuthorizationCode,
ValidTokenTypes = { TokenTypeHints.AuthorizationCode } ValidTokenTypes = { TokenTypeIdentifiers.Private.AuthorizationCode }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -1588,7 +1588,7 @@ public static partial class OpenIddictServerHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.DeviceCode, Token = context.DeviceCode,
ValidTokenTypes = { TokenTypeHints.DeviceCode } ValidTokenTypes = { TokenTypeIdentifiers.Private.DeviceCode }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -1672,12 +1672,12 @@ public static partial class OpenIddictServerHandlers
// are deliberately excluded and not present in the following list: // are deliberately excluded and not present in the following list:
ValidTokenTypes = ValidTokenTypes =
{ {
TokenTypeHints.AccessToken, TokenTypeIdentifiers.AccessToken,
TokenTypeHints.AuthorizationCode, TokenTypeIdentifiers.Private.AuthorizationCode,
TokenTypeHints.DeviceCode, TokenTypeIdentifiers.Private.DeviceCode,
TokenTypeHints.IdToken, TokenTypeIdentifiers.IdentityToken,
TokenTypeHints.RefreshToken, TokenTypeIdentifiers.RefreshToken,
TokenTypeHints.UserCode TokenTypeIdentifiers.Private.UserCode
} }
}; };
@ -1754,7 +1754,7 @@ public static partial class OpenIddictServerHandlers
OpenIddictServerEndpointType.EndSession or OpenIddictServerEndpointType.EndSession or
OpenIddictServerEndpointType.PushedAuthorization, OpenIddictServerEndpointType.PushedAuthorization,
Token = context.IdentityToken, Token = context.IdentityToken,
ValidTokenTypes = { TokenTypeHints.IdToken } ValidTokenTypes = { TokenTypeIdentifiers.IdentityToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -1826,7 +1826,7 @@ public static partial class OpenIddictServerHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.RefreshToken, Token = context.RefreshToken,
ValidTokenTypes = { TokenTypeHints.RefreshToken } ValidTokenTypes = { TokenTypeIdentifiers.RefreshToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -1898,7 +1898,7 @@ public static partial class OpenIddictServerHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.UserCode, Token = context.UserCode,
ValidTokenTypes = { TokenTypeHints.UserCode } ValidTokenTypes = { TokenTypeIdentifiers.Private.UserCode }
}; };
// Note: restrict the allowed characters to the user code charset set in the options. // Note: restrict the allowed characters to the user code charset set in the options.
@ -2563,17 +2563,17 @@ public static partial class OpenIddictServerHandlers
error: Errors.InvalidToken, error: Errors.InvalidToken,
description: principal.GetTokenType() switch description: principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.GetResourceString(SR.ID2010), TokenTypeIdentifiers.Private.AuthorizationCode => SR.GetResourceString(SR.ID2010),
TokenTypeHints.DeviceCode => SR.GetResourceString(SR.ID2011), TokenTypeIdentifiers.Private.DeviceCode => SR.GetResourceString(SR.ID2011),
TokenTypeHints.RefreshToken => SR.GetResourceString(SR.ID2012), TokenTypeIdentifiers.RefreshToken => SR.GetResourceString(SR.ID2012),
_ => SR.GetResourceString(SR.ID2013) _ => SR.GetResourceString(SR.ID2013)
}, },
uri: principal.GetTokenType() switch uri: principal.GetTokenType() switch
{ {
TokenTypeHints.AuthorizationCode => SR.FormatID8000(SR.ID2010), TokenTypeIdentifiers.Private.AuthorizationCode => SR.FormatID8000(SR.ID2010),
TokenTypeHints.DeviceCode => SR.FormatID8000(SR.ID2011), TokenTypeIdentifiers.Private.DeviceCode => SR.FormatID8000(SR.ID2011),
TokenTypeHints.RefreshToken => SR.FormatID8000(SR.ID2012), TokenTypeIdentifiers.RefreshToken => SR.FormatID8000(SR.ID2012),
_ => SR.FormatID8000(SR.ID2013) _ => SR.FormatID8000(SR.ID2013)
}); });
@ -4001,8 +4001,8 @@ public static partial class OpenIddictServerHandlers
IsReferenceToken = context.Options.UseReferenceAccessTokens, IsReferenceToken = context.Options.UseReferenceAccessTokens,
PersistTokenPayload = context.Options.UseReferenceAccessTokens, PersistTokenPayload = context.Options.UseReferenceAccessTokens,
Principal = context.AccessTokenPrincipal!, Principal = context.AccessTokenPrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.AccessToken TokenType = TokenTypeIdentifiers.AccessToken
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -4068,8 +4068,8 @@ public static partial class OpenIddictServerHandlers
IsReferenceToken = !context.Options.DisableTokenStorage, IsReferenceToken = !context.Options.DisableTokenStorage,
PersistTokenPayload = !context.Options.DisableTokenStorage, PersistTokenPayload = !context.Options.DisableTokenStorage,
Principal = context.AuthorizationCodePrincipal!, Principal = context.AuthorizationCodePrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.AuthorizationCode TokenType = TokenTypeIdentifiers.Private.AuthorizationCode
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -4149,8 +4149,8 @@ public static partial class OpenIddictServerHandlers
_ => !context.Options.DisableTokenStorage _ => !context.Options.DisableTokenStorage
}, },
Principal = context.DeviceCodePrincipal!, Principal = context.DeviceCodePrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.DeviceCode TokenType = TokenTypeIdentifiers.Private.DeviceCode
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -4216,8 +4216,8 @@ public static partial class OpenIddictServerHandlers
PersistTokenPayload = !context.Options.DisableTokenStorage, PersistTokenPayload = !context.Options.DisableTokenStorage,
IsReferenceToken = !context.Options.DisableTokenStorage, IsReferenceToken = !context.Options.DisableTokenStorage,
Principal = context.RequestTokenPrincipal!, Principal = context.RequestTokenPrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.Private.RequestToken TokenType = TokenTypeIdentifiers.Private.RequestToken
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -4285,8 +4285,8 @@ public static partial class OpenIddictServerHandlers
IsReferenceToken = context.Options.UseReferenceRefreshTokens, IsReferenceToken = context.Options.UseReferenceRefreshTokens,
PersistTokenPayload = context.Options.UseReferenceRefreshTokens, PersistTokenPayload = context.Options.UseReferenceRefreshTokens,
Principal = context.RefreshTokenPrincipal!, Principal = context.RefreshTokenPrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.RefreshToken TokenType = TokenTypeIdentifiers.RefreshToken
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -4557,8 +4557,8 @@ public static partial class OpenIddictServerHandlers
PersistTokenPayload = !context.Options.DisableTokenStorage, PersistTokenPayload = !context.Options.DisableTokenStorage,
IsReferenceToken = !context.Options.DisableTokenStorage, IsReferenceToken = !context.Options.DisableTokenStorage,
Principal = context.UserCodePrincipal!, Principal = context.UserCodePrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.UserCode TokenType = TokenTypeIdentifiers.Private.UserCode
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -4625,8 +4625,8 @@ public static partial class OpenIddictServerHandlers
IsReferenceToken = false, IsReferenceToken = false,
PersistTokenPayload = false, PersistTokenPayload = false,
Principal = context.IdentityTokenPrincipal!, Principal = context.IdentityTokenPrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.IdToken TokenType = TokenTypeIdentifiers.IdentityToken
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);

4
src/OpenIddict.Server/OpenIddictServerOptions.cs
View File

@ -147,8 +147,8 @@ public sealed class OpenIddictServerOptions
{ {
type = usage switch type = usage switch
{ {
TokenTypeHints.AccessToken => JsonWebTokenTypes.AccessToken, "access_token" => JsonWebTokenTypes.AccessToken,
TokenTypeHints.IdToken => JsonWebTokenTypes.Jwt, "id_token" => JsonWebTokenTypes.Jwt,
_ => throw new NotSupportedException(SR.GetResourceString(SR.ID0269)) _ => throw new NotSupportedException(SR.GetResourceString(SR.ID0269))
}; };

10
src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs
View File

@ -86,10 +86,10 @@ public static partial class OpenIddictValidationDataProtectionHandlers
var principal = context.ValidTokenTypes.Count switch var principal = context.ValidTokenTypes.Count switch
{ {
// If no valid token type was set, all supported token types are allowed. // If no valid token type was set, all supported token types are allowed.
0 => ValidateToken(TokenTypeHints.AccessToken), 0 => ValidateToken(TokenTypeIdentifiers.AccessToken),
_ when context.ValidTokenTypes.Contains(TokenTypeHints.AccessToken) _ when context.ValidTokenTypes.Contains(TokenTypeIdentifiers.AccessToken)
=> ValidateToken(TokenTypeHints.AccessToken), => ValidateToken(TokenTypeIdentifiers.AccessToken),
_ => null // The token type is not supported by the Data Protection integration (e.g identity tokens). _ => null // The token type is not supported by the Data Protection integration (e.g identity tokens).
}; };
@ -118,9 +118,9 @@ public static partial class OpenIddictValidationDataProtectionHandlers
var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector( var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector(
(type, context.IsReferenceToken) switch (type, context.IsReferenceToken) switch
{ {
(TokenTypeHints.AccessToken, true) (TokenTypeIdentifiers.AccessToken, true)
=> [Handlers.Server, Formats.AccessToken, Features.ReferenceTokens, Schemes.Server], => [Handlers.Server, Formats.AccessToken, Features.ReferenceTokens, Schemes.Server],
(TokenTypeHints.AccessToken, false) (TokenTypeIdentifiers.AccessToken, false)
=> [Handlers.Server, Formats.AccessToken, Schemes.Server], => [Handlers.Server, Formats.AccessToken, Schemes.Server],
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) _ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003))

5
src/OpenIddict.Validation.Owin/OpenIddictValidationOwinConstants.cs
View File

@ -44,4 +44,9 @@ public static class OpenIddictValidationOwinConstants
public const string Json = "#json"; public const string Json = "#json";
public const string String = "#string"; public const string String = "#string";
} }
public static class Tokens
{
public const string AccessToken = "access_token";
}
} }

3
src/OpenIddict.Validation.Owin/OpenIddictValidationOwinHandler.cs
View File

@ -7,6 +7,7 @@
using System.ComponentModel; using System.ComponentModel;
using System.Security.Claims; using System.Security.Claims;
using Microsoft.Owin.Security.Infrastructure; using Microsoft.Owin.Security.Infrastructure;
using static OpenIddict.Validation.Owin.OpenIddictValidationOwinConstants;
using Properties = OpenIddict.Validation.Owin.OpenIddictValidationOwinConstants.Properties; using Properties = OpenIddict.Validation.Owin.OpenIddictValidationOwinConstants.Properties;
namespace OpenIddict.Validation.Owin; namespace OpenIddict.Validation.Owin;
@ -186,7 +187,7 @@ public sealed class OpenIddictValidationOwinHandler : AuthenticationHandler<Open
if (!string.IsNullOrEmpty(context.AccessToken)) if (!string.IsNullOrEmpty(context.AccessToken))
{ {
properties.Dictionary[TokenTypeHints.AccessToken] = context.AccessToken; properties.Dictionary[Tokens.AccessToken] = context.AccessToken;
} }
return properties; return properties;

19
src/OpenIddict.Validation/OpenIddictValidationEvents.Protection.cs
View File

@ -53,19 +53,32 @@ public static partial class OpenIddictValidationEvents
public bool PersistTokenPayload { get; set; } public bool PersistTokenPayload { get; set; }
/// <summary> /// <summary>
/// Gets or sets the security principal used to create the token. /// Gets or sets the security principal that will be derived to create the token.
/// </summary> /// </summary>
public ClaimsPrincipal Principal { get; set; } = default!; public ClaimsPrincipal Principal { get; set; } = default!;
/// <summary> /// <summary>
/// Gets or sets the encryption credentials used to encrypt the token. /// Gets or sets the encryption credentials used to encrypt the token.
/// </summary> /// </summary>
public EncryptingCredentials? EncryptionCredentials { get; set; } public EncryptingCredentials? EncryptionCredentials
{
get => SecurityTokenDescriptor.EncryptingCredentials;
set => SecurityTokenDescriptor.EncryptingCredentials = value;
}
/// <summary> /// <summary>
/// Gets or sets the signing credentials used to sign the token. /// Gets or sets the signing credentials used to sign the token.
/// </summary> /// </summary>
public SigningCredentials? SigningCredentials { get; set; } public SigningCredentials? SigningCredentials
{
get => SecurityTokenDescriptor.SigningCredentials;
set => SecurityTokenDescriptor.SigningCredentials = value;
}
/// <summary>
/// Gets the security token descriptor used to create the token.
/// </summary>
public SecurityTokenDescriptor SecurityTokenDescriptor { get; } = new();
/// <summary> /// <summary>
/// Gets or sets the security token handler used to serialize the security principal. /// Gets or sets the security token handler used to serialize the security principal.

2
src/OpenIddict.Validation/OpenIddictValidationHandlerFilters.cs
View File

@ -126,7 +126,7 @@ public static class OpenIddictValidationHandlerFilters
throw new ArgumentNullException(nameof(context)); throw new ArgumentNullException(nameof(context));
} }
return new(context.TokenFormat is TokenFormats.Jwt); return new(context.TokenFormat is TokenFormats.Private.JsonWebToken);
} }
} }

35
src/OpenIddict.Validation/OpenIddictValidationHandlers.Introspection.cs
View File

@ -339,24 +339,27 @@ public static partial class OpenIddictValidationHandlers
// In this handler, the "token_usage" is verified to ensure it corresponds to a supported // In this handler, the "token_usage" is verified to ensure it corresponds to a supported
// value so that the component that triggered the introspection request can determine // value so that the component that triggered the introspection request can determine
// whether the returned token has an acceptable type depending on the context. // whether the returned token has an acceptable type depending on the context.
var usage = (string?) context.Response[Claims.TokenUsage]; switch ((string?) context.Response[Claims.TokenUsage])
if (string.IsNullOrEmpty(usage))
{ {
return default; case null or { Length: 0 }: return default;
}
// Note: by default, OpenIddict only allows access/refresh tokens to be
// Note: by default, OpenIddict only allows access/refresh tokens to be // introspected but additional types can be added using the events model.
// introspected but additional types can be added using the events model. case "access_token":
if (usage is not (TokenTypeHints.AccessToken or TokenTypeHints.AuthorizationCode or case "authorization_code":
TokenTypeHints.DeviceCode or TokenTypeHints.IdToken or case "device_code":
TokenTypeHints.RefreshToken or TokenTypeHints.UserCode)) case "id_token":
{ case "refresh_token":
context.Reject( case "user_code":
error: Errors.ServerError, break;
description: SR.GetResourceString(SR.ID2118),
uri: SR.FormatID8000(SR.ID2118)); default:
context.Reject(
error: Errors.ServerError,
description: SR.GetResourceString(SR.ID2118),
uri: SR.FormatID8000(SR.ID2118));
return default; return default;
} }
return default; return default;

137
src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs
View File

@ -40,6 +40,8 @@ public static partial class OpenIddictValidationHandlers
* Token generation: * Token generation:
*/ */
AttachSecurityCredentials.Descriptor, AttachSecurityCredentials.Descriptor,
AttachTokenSubject.Descriptor,
AttachTokenMetadata.Descriptor,
GenerateIdentityModelToken.Descriptor GenerateIdentityModelToken.Descriptor
]; ];
@ -114,16 +116,16 @@ public static partial class OpenIddictValidationHandlers
0 => null, 0 => null,
// Otherwise, map the token types to their JWT public or internal representation. // Otherwise, map the token types to their JWT public or internal representation.
_ => context.ValidTokenTypes.SelectMany(type => type switch _ => context.ValidTokenTypes.SelectMany<string, string>(type => type switch
{ {
// For access tokens, both "at+jwt" and "application/at+jwt" are valid. // For access tokens, both "at+jwt" and "application/at+jwt" are valid.
TokenTypeHints.AccessToken => new[] TokenTypeIdentifiers.AccessToken =>
{ [
JsonWebTokenTypes.AccessToken, JsonWebTokenTypes.AccessToken,
JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.AccessToken JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.AccessToken
}, ],
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) string value => [value]
}) })
}; };
@ -288,7 +290,7 @@ public static partial class OpenIddictValidationHandlers
} }
// If a specific token format is expected, return immediately if it doesn't match the expected value. // If a specific token format is expected, return immediately if it doesn't match the expected value.
if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Jwt) if (context.TokenFormat is not null && context.TokenFormat is not TokenFormats.Private.JsonWebToken)
{ {
return; return;
} }
@ -366,9 +368,9 @@ public static partial class OpenIddictValidationHandlers
// Both at+jwt and application/at+jwt are supported for access tokens. // Both at+jwt and application/at+jwt are supported for access tokens.
JsonWebTokenTypes.AccessToken or JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.AccessToken JsonWebTokenTypes.AccessToken or JsonWebTokenTypes.Prefixes.Application + JsonWebTokenTypes.AccessToken
=> TokenTypeHints.AccessToken, => TokenTypeIdentifiers.AccessToken,
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) string value => value
}); });
context.Logger.LogTrace(SR.GetResourceString(SR.ID6001), context.Token, context.Principal.Claims); context.Logger.LogTrace(SR.GetResourceString(SR.ID6001), context.Token, context.Principal.Claims);
@ -879,25 +881,24 @@ public static partial class OpenIddictValidationHandlers
throw new ArgumentNullException(nameof(context)); throw new ArgumentNullException(nameof(context));
} }
context.SecurityTokenDescriptor.SigningCredentials = context.Options.SigningCredentials.First();
context.SecurityTokenHandler = context.Options.JsonWebTokenHandler; context.SecurityTokenHandler = context.Options.JsonWebTokenHandler;
context.SigningCredentials = context.Options.SigningCredentials.First();
return default; return default;
} }
} }
/// <summary> /// <summary>
/// Contains the logic responsible for generating a token using IdentityModel. /// Contains the logic responsible for attaching the subject to the security token descriptor.
/// </summary> /// </summary>
public sealed class GenerateIdentityModelToken : IOpenIddictValidationHandler<GenerateTokenContext> public sealed class AttachTokenSubject : IOpenIddictValidationHandler<GenerateTokenContext>
{ {
/// <summary> /// <summary>
/// Gets the default descriptor definition assigned to this handler. /// Gets the default descriptor definition assigned to this handler.
/// </summary> /// </summary>
public static OpenIddictValidationHandlerDescriptor Descriptor { get; } public static OpenIddictValidationHandlerDescriptor Descriptor { get; }
= OpenIddictValidationHandlerDescriptor.CreateBuilder<GenerateTokenContext>() = OpenIddictValidationHandlerDescriptor.CreateBuilder<GenerateTokenContext>()
.AddFilter<RequireJsonWebTokenFormat>() .UseSingletonHandler<AttachTokenSubject>()
.UseSingletonHandler<GenerateIdentityModelToken>()
.SetOrder(AttachSecurityCredentials.Descriptor.Order + 1_000) .SetOrder(AttachSecurityCredentials.Descriptor.Order + 1_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn) .SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build(); .Build();
@ -910,35 +911,60 @@ public static partial class OpenIddictValidationHandlers
throw new ArgumentNullException(nameof(context)); throw new ArgumentNullException(nameof(context));
} }
// If a token was already attached by another handler, don't overwrite it. if (context.Principal is not { Identity: ClaimsIdentity } principal)
if (!string.IsNullOrEmpty(context.Token))
{
return default;
}
if (context.Principal is not { Identity: ClaimsIdentity })
{ {
throw new InvalidOperationException(SR.GetResourceString(SR.ID0022)); throw new InvalidOperationException(SR.GetResourceString(SR.ID0022));
} }
// Clone the principal and exclude the private claims mapped to standard JWT claims. // Clone the principal and exclude the private claims mapped to standard JWT claims.
var principal = context.Principal.Clone(claim => claim.Type switch principal = context.Principal.Clone(claim => claim.Type switch
{ {
Claims.Private.CreationDate or Claims.Private.ExpirationDate or Claims.Private.CreationDate or Claims.Private.ExpirationDate or
Claims.Private.Issuer or Claims.Private.TokenType => false, Claims.Private.Issuer or Claims.Private.TokenType => false,
Claims.Private.Audience when context.TokenType is TokenTypeHints.ClientAssertion => false, Claims.Private.Audience when context.TokenType is TokenTypeIdentifiers.Private.ClientAssertion => false,
_ => true _ => true
}); });
Debug.Assert(principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006)); Debug.Assert(principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
var claims = new Dictionary<string, object>(StringComparer.Ordinal); context.SecurityTokenDescriptor.Subject = (ClaimsIdentity) principal.Identity;
return default;
}
}
/// <summary>
/// Contains the logic responsible for attaching metadata claims to the security token descriptor, if necessary.
/// </summary>
public sealed class AttachTokenMetadata : IOpenIddictValidationHandler<GenerateTokenContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictValidationHandlerDescriptor Descriptor { get; }
= OpenIddictValidationHandlerDescriptor.CreateBuilder<GenerateTokenContext>()
.UseSingletonHandler<AttachTokenMetadata>()
.SetOrder(AttachTokenSubject.Descriptor.Order + 1_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(GenerateTokenContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
var claims = context.SecurityTokenDescriptor.Claims is not null ?
new Dictionary<string, object>(context.SecurityTokenDescriptor.Claims, StringComparer.Ordinal) :
new Dictionary<string, object>(StringComparer.Ordinal);
// For client assertions, set the public audience claims // For client assertions, set the public audience claims
// using the private audience claims from the security principal. // using the private audience claims from the security principal.
if (context.TokenType is TokenTypeHints.ClientAssertion) if (context.TokenType is TokenTypeIdentifiers.Private.ClientAssertion)
{ {
var audiences = context.Principal.GetAudiences(); var audiences = context.Principal.GetAudiences();
if (audiences.Any()) if (audiences.Any())
@ -951,29 +977,58 @@ public static partial class OpenIddictValidationHandlers
} }
} }
var descriptor = new SecurityTokenDescriptor context.SecurityTokenDescriptor.Claims = claims;
context.SecurityTokenDescriptor.Expires = context.Principal.GetExpirationDate()?.UtcDateTime;
context.SecurityTokenDescriptor.IssuedAt = context.Principal.GetCreationDate()?.UtcDateTime;
context.SecurityTokenDescriptor.Issuer = context.Principal.GetClaim(Claims.Private.Issuer);
context.SecurityTokenDescriptor.TokenType = context.TokenType switch
{ {
Claims = claims, null or { Length: 0 } => throw new InvalidOperationException(SR.GetResourceString(SR.ID0025)),
EncryptingCredentials = context.EncryptionCredentials,
Expires = context.Principal.GetExpirationDate()?.UtcDateTime,
IssuedAt = context.Principal.GetCreationDate()?.UtcDateTime,
Issuer = context.Principal.GetClaim(Claims.Private.Issuer),
SigningCredentials = context.SigningCredentials,
Subject = (ClaimsIdentity) principal.Identity,
TokenType = context.TokenType switch
{
null or { Length: 0 } => throw new InvalidOperationException(SR.GetResourceString(SR.ID0025)),
// For client assertions, use the generic "JWT" type. // For client assertions, use the generic "JWT" type.
TokenTypeHints.ClientAssertion => JsonWebTokenTypes.Jwt, TokenTypeIdentifiers.Private.ClientAssertion => JsonWebTokenTypes.Jwt,
_ => throw new InvalidOperationException(SR.GetResourceString(SR.ID0003)) string value => value
}
}; };
context.Token = context.SecurityTokenHandler.CreateToken(descriptor); return default;
}
}
/// <summary>
/// Contains the logic responsible for generating a token using IdentityModel.
/// </summary>
public sealed class GenerateIdentityModelToken : IOpenIddictValidationHandler<GenerateTokenContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictValidationHandlerDescriptor Descriptor { get; }
= OpenIddictValidationHandlerDescriptor.CreateBuilder<GenerateTokenContext>()
.AddFilter<RequireJsonWebTokenFormat>()
.UseSingletonHandler<GenerateIdentityModelToken>()
.SetOrder(AttachTokenMetadata.Descriptor.Order + 1_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(GenerateTokenContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
// If a token was already attached by another handler, don't overwrite it.
if (!string.IsNullOrEmpty(context.Token))
{
return default;
}
context.Token = context.SecurityTokenHandler.CreateToken(context.SecurityTokenDescriptor);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6013), context.TokenType, context.Token, principal.Claims); context.Logger.LogTrace(SR.GetResourceString(SR.ID6013), context.TokenType,
context.Token, context.SecurityTokenDescriptor.Subject?.Claims ?? []);
return default; return default;
} }

14
src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
View File

@ -490,8 +490,8 @@ public static partial class OpenIddictValidationHandlers
IsReferenceToken = false, IsReferenceToken = false,
PersistTokenPayload = false, PersistTokenPayload = false,
Principal = context.ClientAssertionPrincipal!, Principal = context.ClientAssertionPrincipal!,
TokenFormat = TokenFormats.Jwt, TokenFormat = TokenFormats.Private.JsonWebToken,
TokenType = TokenTypeHints.ClientAssertion TokenType = TokenTypeIdentifiers.Private.ClientAssertion
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);
@ -520,8 +520,8 @@ public static partial class OpenIddictValidationHandlers
context.ClientAssertion = notification.Token; context.ClientAssertion = notification.Token;
context.ClientAssertionType = notification.TokenFormat switch context.ClientAssertionType = notification.TokenFormat switch
{ {
TokenFormats.Jwt => ClientAssertionTypes.JwtBearer, TokenFormats.Private.JsonWebToken => ClientAssertionTypes.JwtBearer,
TokenFormats.Saml2 => ClientAssertionTypes.Saml2Bearer, TokenFormats.Private.Saml2 => ClientAssertionTypes.Saml2Bearer,
_ => null _ => null
}; };
@ -672,7 +672,7 @@ public static partial class OpenIddictValidationHandlers
// If a "token_usage" claim can be extracted from the principal, use it to determine whether // If a "token_usage" claim can be extracted from the principal, use it to determine whether
// the token details returned by the authorization server correspond to an access token. // the token details returned by the authorization server correspond to an access token.
var usage = context.AccessTokenPrincipal.GetClaim(Claims.TokenUsage); var usage = context.AccessTokenPrincipal.GetClaim(Claims.TokenUsage);
if (!string.IsNullOrEmpty(usage) && usage is not TokenTypeHints.AccessToken) if (!string.IsNullOrEmpty(usage) && usage is not "access_token")
{ {
context.Reject( context.Reject(
error: Errors.InvalidToken, error: Errors.InvalidToken,
@ -683,7 +683,7 @@ public static partial class OpenIddictValidationHandlers
} }
// Note: if no token usage could be resolved, the token is assumed to be an access token. // Note: if no token usage could be resolved, the token is assumed to be an access token.
context.AccessTokenPrincipal = context.AccessTokenPrincipal.SetTokenType(usage ?? TokenTypeHints.AccessToken); context.AccessTokenPrincipal = context.AccessTokenPrincipal.SetTokenType(usage ?? TokenTypeIdentifiers.AccessToken);
return default; return default;
} }
@ -795,7 +795,7 @@ public static partial class OpenIddictValidationHandlers
var notification = new ValidateTokenContext(context.Transaction) var notification = new ValidateTokenContext(context.Transaction)
{ {
Token = context.AccessToken, Token = context.AccessToken,
ValidTokenTypes = { TokenTypeHints.AccessToken } ValidTokenTypes = { TokenTypeIdentifiers.AccessToken }
}; };
await _dispatcher.DispatchAsync(notification); await _dispatcher.DispatchAsync(notification);

4
src/OpenIddict.Validation/OpenIddictValidationOptions.cs
View File

@ -178,8 +178,8 @@ public sealed class OpenIddictValidationOptions
{ {
type = usage switch type = usage switch
{ {
TokenTypeHints.AccessToken => JsonWebTokenTypes.AccessToken, "access_token" => JsonWebTokenTypes.AccessToken,
TokenTypeHints.IdToken => JsonWebTokenTypes.Jwt, "id_token" => JsonWebTokenTypes.Jwt,
_ => throw new NotSupportedException(SR.GetResourceString(SR.ID0269)) _ => throw new NotSupportedException(SR.GetResourceString(SR.ID0269))
}; };

24
test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictExtensionsTests.cs
View File

@ -5297,7 +5297,7 @@ public class OpenIddictExtensionsTests
var identity = (ClaimsIdentity) null!; var identity = (ClaimsIdentity) null!;
// Act and assert // Act and assert
var exception = Assert.Throws<ArgumentNullException>(() => identity.HasTokenType(TokenTypeHints.AccessToken)); var exception = Assert.Throws<ArgumentNullException>(() => identity.HasTokenType(TokenTypeIdentifiers.AccessToken));
Assert.Equal("identity", exception.ParamName); Assert.Equal("identity", exception.ParamName);
} }
@ -5309,7 +5309,7 @@ public class OpenIddictExtensionsTests
var principal = (ClaimsPrincipal) null!; var principal = (ClaimsPrincipal) null!;
// Act and assert // Act and assert
var exception = Assert.Throws<ArgumentNullException>(() => principal.HasTokenType(TokenTypeHints.AccessToken)); var exception = Assert.Throws<ArgumentNullException>(() => principal.HasTokenType(TokenTypeIdentifiers.AccessToken));
Assert.Equal("principal", exception.ParamName); Assert.Equal("principal", exception.ParamName);
} }
@ -5349,11 +5349,11 @@ public class OpenIddictExtensionsTests
{ {
// Arrange // Arrange
var identity = new ClaimsIdentity(); var identity = new ClaimsIdentity();
identity.SetTokenType(TokenTypeHints.AccessToken); identity.SetTokenType(TokenTypeIdentifiers.AccessToken);
// Act and assert // Act and assert
Assert.True(identity.HasTokenType(TokenTypeHints.AccessToken)); Assert.True(identity.HasTokenType(TokenTypeIdentifiers.AccessToken));
Assert.False(identity.HasTokenType(TokenTypeHints.RefreshToken)); Assert.False(identity.HasTokenType(TokenTypeIdentifiers.RefreshToken));
} }
[Fact] [Fact]
@ -5361,11 +5361,11 @@ public class OpenIddictExtensionsTests
{ {
// Arrange // Arrange
var principal = new ClaimsPrincipal(new ClaimsIdentity()); var principal = new ClaimsPrincipal(new ClaimsIdentity());
principal.SetTokenType(TokenTypeHints.AccessToken); principal.SetTokenType(TokenTypeIdentifiers.AccessToken);
// Act and assert // Act and assert
Assert.True(principal.HasTokenType(TokenTypeHints.AccessToken)); Assert.True(principal.HasTokenType(TokenTypeIdentifiers.AccessToken));
Assert.False(principal.HasTokenType(TokenTypeHints.RefreshToken)); Assert.False(principal.HasTokenType(TokenTypeIdentifiers.RefreshToken));
} }
[Fact] [Fact]
@ -6489,10 +6489,10 @@ public class OpenIddictExtensionsTests
var identity = new ClaimsIdentity(); var identity = new ClaimsIdentity();
// Act // Act
identity.SetTokenType(TokenTypeHints.AccessToken); identity.SetTokenType(TokenTypeIdentifiers.AccessToken);
// Assert // Assert
Assert.Equal(TokenTypeHints.AccessToken, identity.GetClaim(Claims.Private.TokenType)); Assert.Equal(TokenTypeIdentifiers.AccessToken, identity.GetClaim(Claims.Private.TokenType));
} }
[Fact] [Fact]
@ -6502,9 +6502,9 @@ public class OpenIddictExtensionsTests
var principal = new ClaimsPrincipal(new ClaimsIdentity()); var principal = new ClaimsPrincipal(new ClaimsIdentity());
// Act // Act
principal.SetTokenType(TokenTypeHints.AccessToken); principal.SetTokenType(TokenTypeIdentifiers.AccessToken);
// Assert // Assert
Assert.Equal(TokenTypeHints.AccessToken, principal.GetClaim(Claims.Private.TokenType)); Assert.Equal(TokenTypeIdentifiers.AccessToken, principal.GetClaim(Claims.Private.TokenType));
} }
} }

8
test/OpenIddict.Server.AspNetCore.IntegrationTests/OpenIddictServerAspNetCoreIntegrationTests.cs
View File

@ -133,10 +133,10 @@ public partial class OpenIddictServerAspNetCoreIntegrationTests : OpenIddictServ
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetCreationDate(new DateTimeOffset(2020, 01, 01, 00, 00, 00, TimeSpan.Zero)); .SetCreationDate(new DateTimeOffset(2020, 01, 01, 00, 00, 00, TimeSpan.Zero));
@ -184,10 +184,10 @@ public partial class OpenIddictServerAspNetCoreIntegrationTests : OpenIddictServ
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetExpirationDate(new DateTimeOffset(2120, 01, 01, 00, 00, 00, TimeSpan.Zero)); .SetExpirationDate(new DateTimeOffset(2120, 01, 01, 00, 00, 00, TimeSpan.Zero));
return default; return default;

20
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Authentication.cs
View File

@ -227,10 +227,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("6esc_11ACC5bwc014ltc14eY22c", context.Token); Assert.Equal("6esc_11ACC5bwc014ltc14eY22c", context.Token);
Assert.Equal([TokenTypeHints.Private.RequestToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.RequestToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.Private.RequestToken) .SetTokenType(TokenTypeIdentifiers.Private.RequestToken)
.SetClaim(Claims.Private.RequestTokenType, RequestTokenTypes.Private.PushedAuthorizationRequest) .SetClaim(Claims.Private.RequestTokenType, RequestTokenTypes.Private.PushedAuthorizationRequest)
.SetClaim(Claims.Private.RequestParameters, $$""" .SetClaim(Claims.Private.RequestParameters, $$"""
{ {
@ -2161,10 +2161,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("id_token", context.Token); Assert.Equal("id_token", context.Token);
Assert.Equal([TokenTypeHints.IdToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.IdentityToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.IdToken) .SetTokenType(TokenTypeIdentifiers.IdentityToken)
.SetPresenters("Contoso") .SetPresenters("Contoso")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2232,10 +2232,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("id_token", context.Token); Assert.Equal("id_token", context.Token);
Assert.Equal([TokenTypeHints.IdToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.IdentityToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.IdToken) .SetTokenType(TokenTypeIdentifiers.IdentityToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetExpirationDate(new DateTimeOffset(2017, 1, 1, 0, 0, 0, TimeSpan.Zero)) .SetExpirationDate(new DateTimeOffset(2017, 1, 1, 0, 0, 0, TimeSpan.Zero))
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -4849,10 +4849,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("id_token", context.Token); Assert.Equal("id_token", context.Token);
Assert.Equal([TokenTypeHints.IdToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.IdentityToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.IdToken) .SetTokenType(TokenTypeIdentifiers.IdentityToken)
.SetPresenters("Contoso") .SetPresenters("Contoso")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -4920,10 +4920,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("id_token", context.Token); Assert.Equal("id_token", context.Token);
Assert.Equal([TokenTypeHints.IdToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.IdentityToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.IdToken) .SetTokenType(TokenTypeIdentifiers.IdentityToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetExpirationDate(new DateTimeOffset(2017, 1, 1, 0, 0, 0, TimeSpan.Zero)) .SetExpirationDate(new DateTimeOffset(2017, 1, 1, 0, 0, 0, TimeSpan.Zero))
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");

4
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Device.cs
View File

@ -1441,10 +1441,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("WDJB-MJHT", context.Token); Assert.Equal("WDJB-MJHT", context.Token);
Assert.Equal([TokenTypeHints.UserCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.UserCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity()) context.Principal = new ClaimsPrincipal(new ClaimsIdentity())
.SetTokenType(TokenTypeHints.UserCode); .SetTokenType(TokenTypeIdentifiers.Private.UserCode);
return default; return default;
}); });

212
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Exchange.cs
View File

@ -299,10 +299,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -446,10 +446,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetExpirationDate(TimeProvider.System.GetUtcNow() - TimeSpan.FromDays(1)) .SetExpirationDate(TimeProvider.System.GetUtcNow() - TimeSpan.FromDays(1))
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -489,10 +489,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetExpirationDate(TimeProvider.System.GetUtcNow() - TimeSpan.FromDays(1)) .SetExpirationDate(TimeProvider.System.GetUtcNow() - TimeSpan.FromDays(1))
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -530,9 +530,9 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync(token); .ReturnsAsync(token);
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.DeviceCode); .ReturnsAsync(TokenTypeIdentifiers.Private.DeviceCode);
mock.Setup(manager => manager.HasTypeAsync(token, TokenTypeHints.DeviceCode, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasTypeAsync(token, TokenTypeIdentifiers.Private.DeviceCode, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
mock.Setup(manager => manager.GetIdAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetIdAsync(token, It.IsAny<CancellationToken>()))
@ -548,7 +548,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync(TimeProvider.System.GetUtcNow() - TimeSpan.FromDays(1)); .ReturnsAsync(TimeProvider.System.GetUtcNow() - TimeSpan.FromDays(1));
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.DeviceCode); .ReturnsAsync(TokenTypeIdentifiers.Private.DeviceCode);
}); });
await using var server = await CreateServerAsync(options => await using var server = await CreateServerAsync(options =>
@ -558,12 +558,12 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS", context.Token); Assert.Equal("GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS", context.Token);
Assert.Equal([TokenTypeHints.DeviceCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.DeviceCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetClaim(Claims.Subject, "Bob le Bricoleur") .SetClaim(Claims.Subject, "Bob le Bricoleur")
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetTokenType(TokenTypeHints.DeviceCode); .SetTokenType(TokenTypeIdentifiers.Private.DeviceCode);
return default; return default;
}); });
@ -605,10 +605,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters(Enumerable.Empty<string>()) .SetPresenters(Enumerable.Empty<string>())
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -648,10 +648,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Contoso") .SetPresenters("Contoso")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -691,10 +691,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetPresenters("Contoso") .SetPresenters("Contoso")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -734,10 +734,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Subject, "Bob le Bricoleur") .SetClaim(Claims.Subject, "Bob le Bricoleur")
.SetClaim(Claims.Private.RedirectUri, "http://www.fabrikam.com/callback"); .SetClaim(Claims.Private.RedirectUri, "http://www.fabrikam.com/callback");
@ -779,10 +779,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Subject, "Bob le Bricoleur") .SetClaim(Claims.Subject, "Bob le Bricoleur")
.SetClaim(Claims.Private.RedirectUri, "http://www.fabrikam.com/callback"); .SetClaim(Claims.Private.RedirectUri, "http://www.fabrikam.com/callback");
@ -824,10 +824,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -868,10 +868,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Subject, "Bob le Bricoleur") .SetClaim(Claims.Subject, "Bob le Bricoleur")
.SetClaim(Claims.Private.CodeChallenge, "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM") .SetClaim(Claims.Private.CodeChallenge, "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM")
@ -914,10 +914,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Subject, "Bob le Bricoleur") .SetClaim(Claims.Subject, "Bob le Bricoleur")
.SetClaim(Claims.Private.CodeChallenge, "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM"); .SetClaim(Claims.Private.CodeChallenge, "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM");
@ -959,10 +959,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Subject, "Bob le Bricoleur") .SetClaim(Claims.Subject, "Bob le Bricoleur")
.SetClaim(Claims.Private.CodeChallenge, "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM") .SetClaim(Claims.Private.CodeChallenge, "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM")
@ -1007,10 +1007,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Subject, "Bob le Bricoleur") .SetClaim(Claims.Subject, "Bob le Bricoleur")
.SetClaim(Claims.Private.CodeChallenge, challenge) .SetClaim(Claims.Private.CodeChallenge, challenge)
@ -1055,10 +1055,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Subject, "Bob le Bricoleur") .SetClaim(Claims.Subject, "Bob le Bricoleur")
.SetClaim(Claims.Private.CodeChallenge, challenge) .SetClaim(Claims.Private.CodeChallenge, challenge)
@ -1109,10 +1109,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetScopes(Enumerable.Empty<string>()) .SetScopes(Enumerable.Empty<string>())
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -1153,10 +1153,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetScopes("profile", "email") .SetScopes("profile", "email")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -1945,10 +1945,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2017,10 +2017,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2088,10 +2088,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetClaim(Claims.Subject, "Bob le Bricoleur") .SetClaim(Claims.Subject, "Bob le Bricoleur")
@ -2250,10 +2250,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2320,10 +2320,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2379,10 +2379,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2451,10 +2451,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2509,7 +2509,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AuthorizationCode); .ReturnsAsync(TokenTypeIdentifiers.Private.AuthorizationCode);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -2522,10 +2522,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2595,7 +2595,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103"); .ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -2613,10 +2613,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2672,7 +2672,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103"); .ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -2690,10 +2690,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2749,7 +2749,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103"); .ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -2770,10 +2770,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2836,7 +2836,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); .ReturnsAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
mock.Setup(manager => manager.GetTypeAsync(tokens[0], It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(tokens[0], It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AuthorizationCode); .ReturnsAsync(TokenTypeIdentifiers.Private.AuthorizationCode);
mock.Setup(manager => manager.HasStatusAsync(tokens[0], Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(tokens[0], Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -2852,10 +2852,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
@ -2935,7 +2935,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); .ReturnsAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
mock.Setup(manager => manager.GetTypeAsync(tokens[0], It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(tokens[0], It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(tokens[0], Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(tokens[0], Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -2956,10 +2956,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
@ -3026,7 +3026,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); .ReturnsAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
mock.Setup(manager => manager.GetTypeAsync(tokens[0], It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(tokens[0], It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(tokens[0], Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(tokens[0], Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -3047,10 +3047,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
@ -3117,7 +3117,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); .ReturnsAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
mock.Setup(manager => manager.GetTypeAsync(tokens[0], It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(tokens[0], It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(tokens[0], Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(tokens[0], Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -3141,10 +3141,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -3212,7 +3212,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AuthorizationCode); .ReturnsAsync(TokenTypeIdentifiers.Private.AuthorizationCode);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(false); .ReturnsAsync(false);
@ -3228,10 +3228,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
@ -3302,7 +3302,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103"); .ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(false); .ReturnsAsync(false);
@ -3318,10 +3318,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
@ -3380,10 +3380,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
@ -3429,7 +3429,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AuthorizationCode); .ReturnsAsync(TokenTypeIdentifiers.Private.AuthorizationCode);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(false); .ReturnsAsync(false);
@ -3490,10 +3490,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -3524,7 +3524,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103"); .ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(false); .ReturnsAsync(false);
@ -3576,10 +3576,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
@ -3622,7 +3622,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AuthorizationCode); .ReturnsAsync(TokenTypeIdentifiers.Private.AuthorizationCode);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(false); .ReturnsAsync(false);
@ -3678,10 +3678,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
@ -3724,7 +3724,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AuthorizationCode); .ReturnsAsync(TokenTypeIdentifiers.Private.AuthorizationCode);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(false); .ReturnsAsync(false);
@ -3776,10 +3776,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -3810,7 +3810,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103"); .ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(false); .ReturnsAsync(false);
@ -3864,10 +3864,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -3898,7 +3898,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103"); .ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(false); .ReturnsAsync(false);
@ -3946,7 +3946,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AuthorizationCode); .ReturnsAsync(TokenTypeIdentifiers.Private.AuthorizationCode);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(false); .ReturnsAsync(false);
@ -3968,10 +3968,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -4047,8 +4047,8 @@ public abstract partial class OpenIddictServerIntegrationTests
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(flow is GrantTypes.AuthorizationCode ? .ReturnsAsync(flow is GrantTypes.AuthorizationCode ?
TokenTypeHints.AuthorizationCode : TokenTypeIdentifiers.Private.AuthorizationCode :
TokenTypeHints.RefreshToken); TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Valid, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Valid, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -4073,8 +4073,8 @@ public abstract partial class OpenIddictServerIntegrationTests
{ {
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(context.Request!.IsAuthorizationCodeGrantType() ? .SetTokenType(context.Request!.IsAuthorizationCodeGrantType() ?
TokenTypeHints.AuthorizationCode : TokenTypeIdentifiers.Private.AuthorizationCode :
TokenTypeHints.RefreshToken) TokenTypeIdentifiers.RefreshToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("0270F515-C5B1-4FBF-B673-D7CAF7CCDABC") .SetTokenId("0270F515-C5B1-4FBF-B673-D7CAF7CCDABC")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");

106
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Introspection.cs
View File

@ -332,7 +332,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken); .SetTokenType(TokenTypeIdentifiers.RefreshToken);
return default; return default;
}); });
@ -522,7 +522,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetExpirationDate(TimeProvider.System.GetUtcNow() - TimeSpan.FromDays(1)); .SetExpirationDate(TimeProvider.System.GetUtcNow() - TimeSpan.FromDays(1));
return default; return default;
@ -550,10 +550,10 @@ public abstract partial class OpenIddictServerIntegrationTests
} }
[Theory] [Theory]
[InlineData(TokenTypeHints.AuthorizationCode)] [InlineData(TokenTypeIdentifiers.Private.AuthorizationCode)]
[InlineData(TokenTypeHints.DeviceCode)] [InlineData(TokenTypeIdentifiers.Private.DeviceCode)]
[InlineData(TokenTypeHints.IdToken)] [InlineData(TokenTypeIdentifiers.IdentityToken)]
[InlineData(TokenTypeHints.UserCode)] [InlineData(TokenTypeIdentifiers.Private.UserCode)]
public async Task ValidateIntrospectionRequest_UnsupportedTokenTypeCausesAnError(string type) public async Task ValidateIntrospectionRequest_UnsupportedTokenTypeCausesAnError(string type)
{ {
// Arrange // Arrange
@ -609,7 +609,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetAudiences("AdventureWorks") .SetAudiences("AdventureWorks")
.SetPresenters("Contoso"); .SetPresenters("Contoso");
@ -653,7 +653,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetPresenters("Contoso"); .SetPresenters("Contoso");
return default; return default;
@ -703,7 +703,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -749,7 +749,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -798,7 +798,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -842,7 +842,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetAudiences("Fabrikam") .SetAudiences("Fabrikam")
.SetPresenters("Contoso", "AdventureWorks Cycles") .SetPresenters("Contoso", "AdventureWorks Cycles")
.SetCreationDate(new DateTimeOffset(2016, 1, 1, 0, 0, 0, TimeSpan.Zero)) .SetCreationDate(new DateTimeOffset(2016, 1, 1, 0, 0, 0, TimeSpan.Zero))
@ -874,7 +874,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.True((bool) response[Claims.Active]); Assert.True((bool) response[Claims.Active]);
Assert.Equal("66B65AED-4033-4E9C-B975-A8CA7FB6FA79", (string?) response[Claims.JwtId]); Assert.Equal("66B65AED-4033-4E9C-B975-A8CA7FB6FA79", (string?) response[Claims.JwtId]);
Assert.Equal(TokenTypes.Bearer, (string?) response[Claims.TokenType]); Assert.Equal(TokenTypes.Bearer, (string?) response[Claims.TokenType]);
Assert.Equal(TokenTypeHints.AccessToken, (string?) response[Claims.TokenUsage]); Assert.Equal("access_token", (string?) response[Claims.TokenUsage]);
Assert.Equal("http://localhost/", (string?) response[Claims.Issuer]); Assert.Equal("http://localhost/", (string?) response[Claims.Issuer]);
Assert.Equal("Bob le Magnifique", (string?) response[Claims.Subject]); Assert.Equal("Bob le Magnifique", (string?) response[Claims.Subject]);
Assert.Equal(1451606400, (long) response[Claims.IssuedAt]); Assert.Equal(1451606400, (long) response[Claims.IssuedAt]);
@ -899,7 +899,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Username, "Bob") .SetClaim(Claims.Username, "Bob")
.SetClaim("custom_claim", "secret_value"); .SetClaim("custom_claim", "secret_value");
@ -954,7 +954,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetAudiences("Fabrikam") .SetAudiences("Fabrikam")
.SetPresenters("Contoso", "AdventureWorks Cycles") .SetPresenters("Contoso", "AdventureWorks Cycles")
.SetScopes(Scopes.OpenId, Scopes.Profile) .SetScopes(Scopes.OpenId, Scopes.Profile)
@ -1020,7 +1020,7 @@ public abstract partial class OpenIddictServerIntegrationTests
identity.AddClaim(new Claim("object_claim", @"{""parameter"":""value""}", JsonClaimValueTypes.Json)); identity.AddClaim(new Claim("object_claim", @"{""parameter"":""value""}", JsonClaimValueTypes.Json));
context.Principal = new ClaimsPrincipal(identity) context.Principal = new ClaimsPrincipal(identity)
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetAudiences("Fabrikam"); .SetAudiences("Fabrikam");
return default; return default;
@ -1094,7 +1094,7 @@ public abstract partial class OpenIddictServerIntegrationTests
identity.AddClaim(new Claim("object_claim", @"{""parameter_2"":""value-2""}", JsonClaimValueTypes.Json)); identity.AddClaim(new Claim("object_claim", @"{""parameter_2"":""value-2""}", JsonClaimValueTypes.Json));
context.Principal = new ClaimsPrincipal(identity) context.Principal = new ClaimsPrincipal(identity)
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetAudiences("Fabrikam"); .SetAudiences("Fabrikam");
return default; return default;
@ -1214,7 +1214,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.SetAudiences("Fabrikam") .SetAudiences("Fabrikam")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;
@ -1245,7 +1245,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync(token); .ReturnsAsync(token);
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AccessToken); .ReturnsAsync(TokenTypeIdentifiers.AccessToken);
mock.Setup(manager => manager.GetIdAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetIdAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
@ -1261,12 +1261,12 @@ public abstract partial class OpenIddictServerIntegrationTests
mock.Setup(manager => manager.HasTypeAsync(token, ImmutableArray.Create(new[] mock.Setup(manager => manager.HasTypeAsync(token, ImmutableArray.Create(new[]
{ {
TokenTypeHints.AccessToken, TokenTypeIdentifiers.AccessToken,
TokenTypeHints.AuthorizationCode, TokenTypeIdentifiers.Private.AuthorizationCode,
TokenTypeHints.DeviceCode, TokenTypeIdentifiers.Private.DeviceCode,
TokenTypeHints.IdToken, TokenTypeIdentifiers.IdentityToken,
TokenTypeHints.RefreshToken, TokenTypeIdentifiers.RefreshToken,
TokenTypeHints.UserCode TokenTypeIdentifiers.Private.UserCode
}), It.IsAny<CancellationToken>())) }), It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -1317,7 +1317,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.SetAudiences("Fabrikam") .SetAudiences("Fabrikam")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;
@ -1348,7 +1348,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync(token); .ReturnsAsync(token);
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AccessToken); .ReturnsAsync(TokenTypeIdentifiers.AccessToken);
mock.Setup(manager => manager.GetIdAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetIdAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
@ -1364,12 +1364,12 @@ public abstract partial class OpenIddictServerIntegrationTests
mock.Setup(manager => manager.HasTypeAsync(token, ImmutableArray.Create(new[] mock.Setup(manager => manager.HasTypeAsync(token, ImmutableArray.Create(new[]
{ {
TokenTypeHints.AccessToken, TokenTypeIdentifiers.AccessToken,
TokenTypeHints.AuthorizationCode, TokenTypeIdentifiers.Private.AuthorizationCode,
TokenTypeHints.DeviceCode, TokenTypeIdentifiers.Private.DeviceCode,
TokenTypeHints.IdToken, TokenTypeIdentifiers.IdentityToken,
TokenTypeHints.RefreshToken, TokenTypeIdentifiers.RefreshToken,
TokenTypeHints.UserCode TokenTypeIdentifiers.Private.UserCode
}), It.IsAny<CancellationToken>())) }), It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -1427,7 +1427,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.SetAudiences("Fabrikam") .SetAudiences("Fabrikam")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;
@ -1458,7 +1458,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync(token); .ReturnsAsync(token);
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AccessToken); .ReturnsAsync(TokenTypeIdentifiers.AccessToken);
mock.Setup(manager => manager.GetIdAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetIdAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
@ -1474,12 +1474,12 @@ public abstract partial class OpenIddictServerIntegrationTests
mock.Setup(manager => manager.HasTypeAsync(token, ImmutableArray.Create(new[] mock.Setup(manager => manager.HasTypeAsync(token, ImmutableArray.Create(new[]
{ {
TokenTypeHints.AccessToken, TokenTypeIdentifiers.AccessToken,
TokenTypeHints.AuthorizationCode, TokenTypeIdentifiers.Private.AuthorizationCode,
TokenTypeHints.DeviceCode, TokenTypeIdentifiers.Private.DeviceCode,
TokenTypeHints.IdToken, TokenTypeIdentifiers.IdentityToken,
TokenTypeHints.RefreshToken, TokenTypeIdentifiers.RefreshToken,
TokenTypeHints.UserCode TokenTypeIdentifiers.Private.UserCode
}), It.IsAny<CancellationToken>())) }), It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -1523,7 +1523,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync(token); .ReturnsAsync(token);
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AccessToken); .ReturnsAsync(TokenTypeIdentifiers.AccessToken);
mock.Setup(manager => manager.GetIdAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetIdAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
@ -1539,12 +1539,12 @@ public abstract partial class OpenIddictServerIntegrationTests
mock.Setup(manager => manager.HasTypeAsync(token, ImmutableArray.Create(new[] mock.Setup(manager => manager.HasTypeAsync(token, ImmutableArray.Create(new[]
{ {
TokenTypeHints.AccessToken, TokenTypeIdentifiers.AccessToken,
TokenTypeHints.AuthorizationCode, TokenTypeIdentifiers.Private.AuthorizationCode,
TokenTypeHints.DeviceCode, TokenTypeIdentifiers.Private.DeviceCode,
TokenTypeHints.IdToken, TokenTypeIdentifiers.IdentityToken,
TokenTypeHints.RefreshToken, TokenTypeIdentifiers.RefreshToken,
TokenTypeHints.UserCode TokenTypeIdentifiers.Private.UserCode
}), It.IsAny<CancellationToken>())) }), It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
}); });
@ -1561,7 +1561,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.SetAudiences("Fabrikam") .SetAudiences("Fabrikam")
.SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0") .SetAuthorizationId("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;
@ -1630,7 +1630,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -1676,7 +1676,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -1725,7 +1725,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -1769,7 +1769,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });

42
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Protection.cs
View File

@ -38,13 +38,13 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
var identity = new ClaimsIdentity("Bearer"); var identity = new ClaimsIdentity("Bearer");
identity.AddClaim(new Claim(Claims.IssuedAt, "1577836800", ClaimValueTypes.Integer64)); identity.AddClaim(new Claim(Claims.IssuedAt, "1577836800", ClaimValueTypes.Integer64));
context.Principal = new ClaimsPrincipal(identity) context.Principal = new ClaimsPrincipal(identity)
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;
@ -90,13 +90,13 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
var identity = new ClaimsIdentity("Bearer"); var identity = new ClaimsIdentity("Bearer");
identity.AddClaim(new Claim(Claims.ExpiresAt, "2524608000", ClaimValueTypes.Integer64)); identity.AddClaim(new Claim(Claims.ExpiresAt, "2524608000", ClaimValueTypes.Integer64));
context.Principal = new ClaimsPrincipal(identity) context.Principal = new ClaimsPrincipal(identity)
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;
@ -142,10 +142,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetClaim(Claims.AuthorizedParty, "Fabrikam"); .SetClaim(Claims.AuthorizedParty, "Fabrikam");
@ -192,10 +192,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetClaim(Claims.ClientId, "Fabrikam"); .SetClaim(Claims.ClientId, "Fabrikam");
@ -242,10 +242,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetClaim(Claims.Audience, "Fabrikam"); .SetClaim(Claims.Audience, "Fabrikam");
@ -292,10 +292,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetClaims(Claims.Audience, ["Fabrikam", "Contoso"]); .SetClaims(Claims.Audience, ["Fabrikam", "Contoso"]);
@ -342,10 +342,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetClaims(Claims.Scope, [Scopes.OpenId, Scopes.Profile]); .SetClaims(Claims.Scope, [Scopes.OpenId, Scopes.Profile]);
@ -391,10 +391,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetClaim(Claims.Scope, "openid profile"); .SetClaim(Claims.Scope, "openid profile");
@ -440,10 +440,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetClaims(Claims.Scope, [Scopes.OpenId, Scopes.Profile]); .SetClaims(Claims.Scope, [Scopes.OpenId, Scopes.Profile]);
@ -529,10 +529,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;
@ -554,6 +554,6 @@ public abstract partial class OpenIddictServerIntegrationTests
}); });
// Assert // Assert
Assert.Equal(SR.FormatID0005(TokenTypeHints.AuthorizationCode, TokenTypeHints.AccessToken), exception.Message); Assert.Equal(SR.FormatID0005(TokenTypeIdentifiers.Private.AuthorizationCode, TokenTypeIdentifiers.AccessToken), exception.Message);
} }
} }

38
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Revocation.cs
View File

@ -332,7 +332,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken); .SetTokenType(TokenTypeIdentifiers.RefreshToken);
return default; return default;
}); });
@ -490,10 +490,10 @@ public abstract partial class OpenIddictServerIntegrationTests
} }
[Theory] [Theory]
[InlineData(TokenTypeHints.AuthorizationCode)] [InlineData(TokenTypeIdentifiers.Private.AuthorizationCode)]
[InlineData(TokenTypeHints.DeviceCode)] [InlineData(TokenTypeIdentifiers.Private.DeviceCode)]
[InlineData(TokenTypeHints.IdToken)] [InlineData(TokenTypeIdentifiers.IdentityToken)]
[InlineData(TokenTypeHints.UserCode)] [InlineData(TokenTypeIdentifiers.Private.UserCode)]
public async Task ValidateRevocationRequest_UnsupportedTokenTypeCausesAnError(string type) public async Task ValidateRevocationRequest_UnsupportedTokenTypeCausesAnError(string type)
{ {
// Arrange // Arrange
@ -549,7 +549,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetAudiences("AdventureWorks") .SetAudiences("AdventureWorks")
.SetPresenters("Contoso"); .SetPresenters("Contoso");
@ -593,7 +593,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetPresenters("Contoso"); .SetPresenters("Contoso");
return default; return default;
@ -643,7 +643,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -689,7 +689,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -738,7 +738,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -786,7 +786,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
return default; return default;
@ -835,7 +835,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync(false); .ReturnsAsync(false);
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
}); });
await using var server = await CreateServerAsync(options => await using var server = await CreateServerAsync(options =>
@ -847,7 +847,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
return default; return default;
@ -896,7 +896,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync(true); .ReturnsAsync(true);
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.TryRevokeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.TryRevokeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -911,7 +911,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
return default; return default;
@ -962,7 +962,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -1008,7 +1008,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -1057,7 +1057,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -1101,7 +1101,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token); Assert.Equal("2YotnFZFEjr1zCsicMWpAA", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });

20
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Session.cs
View File

@ -171,10 +171,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("6esc_11ACC5bwc014ltc14eY22c", context.Token); Assert.Equal("6esc_11ACC5bwc014ltc14eY22c", context.Token);
Assert.Equal([TokenTypeHints.Private.RequestToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.RequestToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.Private.RequestToken) .SetTokenType(TokenTypeIdentifiers.Private.RequestToken)
.SetClaim(Claims.Private.RequestTokenType, RequestTokenTypes.Private.CachedEndSessionRequest) .SetClaim(Claims.Private.RequestTokenType, RequestTokenTypes.Private.CachedEndSessionRequest)
.SetClaim(Claims.Private.RequestParameters, $$""" .SetClaim(Claims.Private.RequestParameters, $$"""
{ {
@ -227,10 +227,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("6esc_11ACC5bwc014ltc14eY22c", context.Token); Assert.Equal("6esc_11ACC5bwc014ltc14eY22c", context.Token);
Assert.Equal([TokenTypeHints.Private.RequestToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.RequestToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.Private.RequestToken) .SetTokenType(TokenTypeIdentifiers.Private.RequestToken)
.SetClaim(Claims.Private.RequestTokenType, RequestTokenTypes.Private.CachedEndSessionRequest) .SetClaim(Claims.Private.RequestTokenType, RequestTokenTypes.Private.CachedEndSessionRequest)
.SetClaim(Claims.Private.RequestParameters, $$""" .SetClaim(Claims.Private.RequestParameters, $$"""
{ {
@ -662,10 +662,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("id_token", context.Token); Assert.Equal("id_token", context.Token);
Assert.Equal([TokenTypeHints.IdToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.IdentityToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.IdToken) .SetTokenType(TokenTypeIdentifiers.IdentityToken)
.SetPresenters("Contoso") .SetPresenters("Contoso")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -736,10 +736,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("id_token", context.Token); Assert.Equal("id_token", context.Token);
Assert.Equal([TokenTypeHints.IdToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.IdentityToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.IdToken) .SetTokenType(TokenTypeIdentifiers.IdentityToken)
.SetPresenters("Contoso") .SetPresenters("Contoso")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -801,10 +801,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("id_token", context.Token); Assert.Equal("id_token", context.Token);
Assert.Equal([TokenTypeHints.IdToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.IdentityToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.IdToken) .SetTokenType(TokenTypeIdentifiers.IdentityToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetExpirationDate(new DateTimeOffset(2017, 1, 1, 0, 0, 0, TimeSpan.Zero)) .SetExpirationDate(new DateTimeOffset(2017, 1, 1, 0, 0, 0, TimeSpan.Zero))
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");

28
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Userinfo.cs
View File

@ -179,7 +179,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetExpirationDate(TimeProvider.System.GetUtcNow() - TimeSpan.FromDays(1)); .SetExpirationDate(TimeProvider.System.GetUtcNow() - TimeSpan.FromDays(1));
return default; return default;
@ -225,7 +225,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -271,7 +271,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -320,7 +320,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -364,7 +364,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetPresenters("Fabrikam", "Contoso") .SetPresenters("Fabrikam", "Contoso")
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
@ -413,7 +413,7 @@ public abstract partial class OpenIddictServerIntegrationTests
identity.AddClaim(Claims.PhoneNumber, "0148962355"); identity.AddClaim(Claims.PhoneNumber, "0148962355");
context.Principal = new ClaimsPrincipal(identity) context.Principal = new ClaimsPrincipal(identity)
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetScopes(ImmutableArray<string>.Empty); .SetScopes(ImmutableArray<string>.Empty);
@ -460,7 +460,7 @@ public abstract partial class OpenIddictServerIntegrationTests
identity.AddClaim(Claims.Birthdate, "04/09/1933"); identity.AddClaim(Claims.Birthdate, "04/09/1933");
context.Principal = new ClaimsPrincipal(identity) context.Principal = new ClaimsPrincipal(identity)
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetScopes(Scopes.Profile) .SetScopes(Scopes.Profile)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
@ -501,7 +501,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetScopes(Scopes.Email) .SetScopes(Scopes.Email)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
@ -541,7 +541,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetScopes(Scopes.Phone) .SetScopes(Scopes.Phone)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
@ -588,7 +588,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -634,7 +634,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -683,7 +683,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -727,7 +727,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });
@ -776,7 +776,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken); .SetTokenType(TokenTypeIdentifiers.AccessToken);
return default; return default;
}); });

90
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.cs
View File

@ -590,10 +590,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;
@ -697,10 +697,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("id_token", context.Token); Assert.Equal("id_token", context.Token);
Assert.Equal([TokenTypeHints.IdToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.IdentityToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.IdToken) .SetTokenType(TokenTypeIdentifiers.IdentityToken)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;
@ -808,10 +808,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("authorization_code", context.Token); Assert.Equal("authorization_code", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetPresenters("Fabrikam"); .SetPresenters("Fabrikam");
@ -943,10 +943,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("request_token", context.Token); Assert.Equal("request_token", context.Token);
Assert.Equal([TokenTypeHints.Private.RequestToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.RequestToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.Private.RequestToken) .SetTokenType(TokenTypeIdentifiers.Private.RequestToken)
.SetClaim(Claims.Private.RequestTokenType, RequestTokenTypes.Private.CachedEndSessionRequest); .SetClaim(Claims.Private.RequestTokenType, RequestTokenTypes.Private.CachedEndSessionRequest);
return default; return default;
@ -1002,10 +1002,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("request_token", context.Token); Assert.Equal("request_token", context.Token);
Assert.Equal([TokenTypeHints.Private.RequestToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.RequestToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.Private.RequestToken) .SetTokenType(TokenTypeIdentifiers.Private.RequestToken)
.SetClaim(Claims.Private.RequestTokenType, RequestTokenTypes.Private.PushedAuthorizationRequest) .SetClaim(Claims.Private.RequestTokenType, RequestTokenTypes.Private.PushedAuthorizationRequest)
.SetClaim(Claims.Private.RequestParameters, "{}"); .SetClaim(Claims.Private.RequestParameters, "{}");
@ -1124,10 +1124,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("refresh_token", context.Token); Assert.Equal("refresh_token", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;
@ -1281,7 +1281,7 @@ public abstract partial class OpenIddictServerIntegrationTests
Assert.Equal("SlAV32hkKG", context.Token); Assert.Equal("SlAV32hkKG", context.Token);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;
@ -1719,7 +1719,7 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
var identity = new ClaimsIdentity("Bearer") var identity = new ClaimsIdentity("Bearer")
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2011,10 +2011,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2065,10 +2065,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS", context.Token); Assert.Equal("GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS", context.Token);
Assert.Equal([TokenTypeHints.DeviceCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.DeviceCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity()) context.Principal = new ClaimsPrincipal(new ClaimsIdentity())
.SetTokenType(TokenTypeHints.DeviceCode) .SetTokenType(TokenTypeIdentifiers.Private.DeviceCode)
.SetPresenters("Fabrikam"); .SetPresenters("Fabrikam");
return default; return default;
@ -2131,10 +2131,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
return default; return default;
@ -2411,10 +2411,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetScopes(Scopes.Profile, Scopes.OfflineAccess) .SetScopes(Scopes.Profile, Scopes.OfflineAccess)
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2509,10 +2509,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetScopes(Scopes.OfflineAccess) .SetScopes(Scopes.OfflineAccess)
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2564,10 +2564,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS", context.Token); Assert.Equal("GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS", context.Token);
Assert.Equal([TokenTypeHints.DeviceCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.DeviceCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity()) context.Principal = new ClaimsPrincipal(new ClaimsIdentity())
.SetTokenType(TokenTypeHints.DeviceCode) .SetTokenType(TokenTypeIdentifiers.Private.DeviceCode)
.SetPresenters("Fabrikam"); .SetPresenters("Fabrikam");
return default; return default;
@ -2631,10 +2631,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetScopes(Scopes.OfflineAccess) .SetScopes(Scopes.OfflineAccess)
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2917,10 +2917,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetScopes(Scopes.OpenId) .SetScopes(Scopes.OpenId)
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -2972,10 +2972,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS", context.Token); Assert.Equal("GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS", context.Token);
Assert.Equal([TokenTypeHints.DeviceCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.DeviceCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity()) context.Principal = new ClaimsPrincipal(new ClaimsIdentity())
.SetTokenType(TokenTypeHints.DeviceCode) .SetTokenType(TokenTypeIdentifiers.Private.DeviceCode)
.SetPresenters("Fabrikam"); .SetPresenters("Fabrikam");
return default; return default;
@ -3039,10 +3039,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetScopes(Scopes.OpenId) .SetScopes(Scopes.OpenId)
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -3271,10 +3271,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetScopes(Scopes.OpenId, Scopes.OfflineAccess) .SetScopes(Scopes.OpenId, Scopes.OfflineAccess)
.SetClaim(Claims.Subject, "Bob le Bricoleur") .SetClaim(Claims.Subject, "Bob le Bricoleur")
.SetClaim(Claims.Prefixes.Private + "_private_claim", "value"); .SetClaim(Claims.Prefixes.Private + "_private_claim", "value");
@ -3324,7 +3324,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.AuthorizationCode); .ReturnsAsync(TokenTypeIdentifiers.Private.AuthorizationCode);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Valid, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Valid, It.IsAny<CancellationToken>()))
.ReturnsAsync(true); .ReturnsAsync(true);
@ -3343,10 +3343,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token); Assert.Equal("SplxlOBeZQQYbYS6WxSbIA", context.Token);
Assert.Equal([TokenTypeHints.AuthorizationCode], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.Private.AuthorizationCode], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AuthorizationCode) .SetTokenType(TokenTypeIdentifiers.Private.AuthorizationCode)
.SetPresenters("Fabrikam") .SetPresenters("Fabrikam")
.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56") .SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -3406,7 +3406,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103"); .ReturnsAsync("60FFF7EA-F98E-437B-937E-5073CC313103");
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(false); .ReturnsAsync(false);
@ -3430,10 +3430,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetScopes(Scopes.OpenId, Scopes.OfflineAccess) .SetScopes(Scopes.OpenId, Scopes.OfflineAccess)
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");
@ -3475,7 +3475,7 @@ public abstract partial class OpenIddictServerIntegrationTests
.ReturnsAsync(token); .ReturnsAsync(token);
mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.GetTypeAsync(token, It.IsAny<CancellationToken>()))
.ReturnsAsync(TokenTypeHints.RefreshToken); .ReturnsAsync(TokenTypeIdentifiers.RefreshToken);
mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>())) mock.Setup(manager => manager.HasStatusAsync(token, Statuses.Redeemed, It.IsAny<CancellationToken>()))
.ReturnsAsync(false); .ReturnsAsync(false);
@ -3497,10 +3497,10 @@ public abstract partial class OpenIddictServerIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("8xLOxBtZp8", context.Token); Assert.Equal("8xLOxBtZp8", context.Token);
Assert.Equal([TokenTypeHints.RefreshToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.RefreshToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.RefreshToken) .SetTokenType(TokenTypeIdentifiers.RefreshToken)
.SetScopes(Scopes.OpenId, Scopes.OfflineAccess) .SetScopes(Scopes.OpenId, Scopes.OfflineAccess)
.SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103") .SetTokenId("60FFF7EA-F98E-437B-937E-5073CC313103")
.SetClaim(Claims.Subject, "Bob le Bricoleur"); .SetClaim(Claims.Subject, "Bob le Bricoleur");

8
test/OpenIddict.Server.Owin.IntegrationTests/OpenIddictServerOwinIntegrationTests.cs
View File

@ -129,10 +129,10 @@ public partial class OpenIddictServerOwinIntegrationTests : OpenIddictServerInte
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetCreationDate(new DateTimeOffset(2020, 01, 01, 00, 00, 00, TimeSpan.Zero)); .SetCreationDate(new DateTimeOffset(2020, 01, 01, 00, 00, 00, TimeSpan.Zero));
@ -180,10 +180,10 @@ public partial class OpenIddictServerOwinIntegrationTests : OpenIddictServerInte
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetExpirationDate(new DateTimeOffset(2120, 01, 01, 00, 00, 00, TimeSpan.Zero)); .SetExpirationDate(new DateTimeOffset(2120, 01, 01, 00, 00, 00, TimeSpan.Zero));
return default; return default;

8
test/OpenIddict.Validation.AspNetCore.IntegrationTests/OpenIddictValidationAspNetCoreIntegrationTests.cs
View File

@ -41,10 +41,10 @@ public partial class OpenIddictValidationAspNetCoreIntegrationTests : OpenIddict
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetCreationDate(new DateTimeOffset(2020, 01, 01, 00, 00, 00, TimeSpan.Zero)); .SetCreationDate(new DateTimeOffset(2020, 01, 01, 00, 00, 00, TimeSpan.Zero));
@ -81,10 +81,10 @@ public partial class OpenIddictValidationAspNetCoreIntegrationTests : OpenIddict
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetExpirationDate(new DateTimeOffset(2120, 01, 01, 00, 00, 00, TimeSpan.Zero)); .SetExpirationDate(new DateTimeOffset(2120, 01, 01, 00, 00, 00, TimeSpan.Zero));
return default; return default;

4
test/OpenIddict.Validation.IntegrationTests/OpenIddictValidationIntegrationTests.cs
View File

@ -152,10 +152,10 @@ public abstract partial class OpenIddictValidationIntegrationTests
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique"); .SetClaim(Claims.Subject, "Bob le Magnifique");
return default; return default;

8
test/OpenIddict.Validation.Owin.IntegrationTests/OpenIddictValidationOwinIntegrationTests.cs
View File

@ -39,10 +39,10 @@ public partial class OpenIddictValidationOwinIntegrationTests : OpenIddictValida
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetClaim(Claims.Subject, "Bob le Magnifique") .SetClaim(Claims.Subject, "Bob le Magnifique")
.SetCreationDate(new DateTimeOffset(2020, 01, 01, 00, 00, 00, TimeSpan.Zero)); .SetCreationDate(new DateTimeOffset(2020, 01, 01, 00, 00, 00, TimeSpan.Zero));
@ -79,10 +79,10 @@ public partial class OpenIddictValidationOwinIntegrationTests : OpenIddictValida
builder.UseInlineHandler(context => builder.UseInlineHandler(context =>
{ {
Assert.Equal("access_token", context.Token); Assert.Equal("access_token", context.Token);
Assert.Equal([TokenTypeHints.AccessToken], context.ValidTokenTypes); Assert.Equal([TokenTypeIdentifiers.AccessToken], context.ValidTokenTypes);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer")) context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetTokenType(TokenTypeHints.AccessToken) .SetTokenType(TokenTypeIdentifiers.AccessToken)
.SetExpirationDate(new DateTimeOffset(2120, 01, 01, 00, 00, 00, TimeSpan.Zero)); .SetExpirationDate(new DateTimeOffset(2120, 01, 01, 00, 00, 00, TimeSpan.Zero));
return default; return default;

Write Preview
Loading…
Cancel
Save