From fb2565e298223940de7cf5e1c2fb3dd8de5bc516 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Sat, 27 Jan 2024 16:57:10 +0100 Subject: [PATCH] Update PopulateMergedPrincipal to create a non-empty principal for all authentication demands --- .../OpenIddictClientHandlers.cs | 20 ++++++------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/src/OpenIddict.Client/OpenIddictClientHandlers.cs b/src/OpenIddict.Client/OpenIddictClientHandlers.cs index 933bf01b..62948d1d 100644 --- a/src/OpenIddict.Client/OpenIddictClientHandlers.cs +++ b/src/OpenIddict.Client/OpenIddictClientHandlers.cs @@ -3978,20 +3978,12 @@ public static partial class OpenIddictClientHandlers Debug.Assert(context.Registration.Issuer is { IsAbsoluteUri: true }, SR.GetResourceString(SR.ID4013)); - context.MergedPrincipal = context.EndpointType switch - { - // Create a composite principal containing claims resolved from the frontchannel - // and backchannel identity tokens and the userinfo token principal, if available. - OpenIddictClientEndpointType.Redirection => CreateMergedPrincipal( - context.FrontchannelIdentityTokenPrincipal, - context.BackchannelIdentityTokenPrincipal, - context.UserinfoTokenPrincipal), - - OpenIddictClientEndpointType.PostLogoutRedirection - => context.StateTokenPrincipal?.Clone() ?? new ClaimsPrincipal(new ClaimsIdentity()), - - _ => new ClaimsPrincipal(new ClaimsIdentity()) - }; + // Create a composite principal containing claims resolved from the frontchannel + // and backchannel identity tokens and the userinfo token principal, if available. + context.MergedPrincipal = CreateMergedPrincipal( + context.FrontchannelIdentityTokenPrincipal, + context.BackchannelIdentityTokenPrincipal, + context.UserinfoTokenPrincipal); // Attach the registration identifier and identity of the authorization server to the returned principal to allow // resolving it even if no other claim was added (e.g if no id_token was returned/no userinfo endpoint is available).