Skip to content

Commit

Permalink
Revamp the validation handler and add client assertions support
Browse files Browse the repository at this point in the history
  • Loading branch information
@kevinchalet
kevinchalet committed Oct 7, 2023
1 parent 746f384 commit 4b9029e
Show file tree
Hide file tree
Showing 15 changed files with 1,133 additions and 243 deletions.
2 changes: 1 addition & 1 deletion src/OpenIddict.Abstractions/OpenIddictResources.resx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -562,7 +562,7 @@ Reference the 'OpenIddict.Validation.SystemNetHttp' package and call 'services.A
<value>The client identifier cannot be null or empty when using introspection.</value>
</data>
<data name="ID0132" xml:space="preserve">
<value>The client secret cannot be null or empty when using introspection.</value>
<value>The client secret cannot be null or empty when using introspection. Alternatively, one or multiple signing credentials can be registered and used to produce client assertions if the authorization server supports this client authentication method.</value>
</data>
<data name="ID0133" xml:space="preserve">
<value>Authorization entry validation cannot be enabled when using introspection.</value>
Expand Down
32 changes: 16 additions & 16 deletions src/OpenIddict.Client/OpenIddictClientHandlers.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -605,14 +605,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.StateTokenPrincipal is not null ||
string.IsNullOrEmpty(context.StateToken))
if (string.IsNullOrEmpty(context.StateToken))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.StateTokenPrincipal,
Token = context.StateToken,
ValidTokenTypes = { TokenTypeHints.StateToken }
};
Expand Down Expand Up @@ -1486,14 +1486,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.FrontchannelIdentityTokenPrincipal is not null ||
string.IsNullOrEmpty(context.FrontchannelIdentityToken))
if (string.IsNullOrEmpty(context.FrontchannelIdentityToken))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.FrontchannelIdentityTokenPrincipal,
Token = context.FrontchannelIdentityToken,
ValidTokenTypes = { TokenTypeHints.IdToken }
};
Expand Down Expand Up @@ -2011,14 +2011,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.FrontchannelAccessTokenPrincipal is not null ||
string.IsNullOrEmpty(context.FrontchannelAccessToken))
if (string.IsNullOrEmpty(context.FrontchannelAccessToken))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.FrontchannelAccessTokenPrincipal,
Token = context.FrontchannelAccessToken,
ValidTokenTypes = { TokenTypeHints.AccessToken }
};
Expand Down Expand Up @@ -2086,14 +2086,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.AuthorizationCodePrincipal is not null ||
string.IsNullOrEmpty(context.AuthorizationCode))
if (string.IsNullOrEmpty(context.AuthorizationCode))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.AuthorizationCodePrincipal,
Token = context.AuthorizationCode,
ValidTokenTypes = { TokenTypeHints.AuthorizationCode }
};
Expand Down Expand Up @@ -2822,14 +2822,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.BackchannelIdentityTokenPrincipal is not null ||
string.IsNullOrEmpty(context.BackchannelIdentityToken))
if (string.IsNullOrEmpty(context.BackchannelIdentityToken))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.BackchannelIdentityTokenPrincipal,
Token = context.BackchannelIdentityToken,
ValidTokenTypes = { TokenTypeHints.IdToken }
};
Expand Down Expand Up @@ -3311,14 +3311,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.BackchannelAccessTokenPrincipal is not null ||
string.IsNullOrEmpty(context.BackchannelAccessToken))
if (string.IsNullOrEmpty(context.BackchannelAccessToken))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.BackchannelAccessTokenPrincipal,
Token = context.BackchannelAccessToken,
ValidTokenTypes = { TokenTypeHints.AccessToken }
};
Expand Down Expand Up @@ -3386,14 +3386,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.RefreshTokenPrincipal is not null ||
string.IsNullOrEmpty(context.RefreshToken))
if (string.IsNullOrEmpty(context.RefreshToken))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.RefreshTokenPrincipal,
Token = context.RefreshToken,
ValidTokenTypes = { TokenTypeHints.RefreshToken }
};
Expand Down Expand Up @@ -3738,14 +3738,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.UserinfoTokenPrincipal is not null ||
string.IsNullOrEmpty(context.UserinfoToken))
if (string.IsNullOrEmpty(context.UserinfoToken))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.UserinfoTokenPrincipal,
Token = context.UserinfoToken,
ValidTokenTypes = { TokenTypeHints.UserinfoToken }
};
Expand Down
24 changes: 16 additions & 8 deletions src/OpenIddict.Server/OpenIddictServerHandlers.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -544,13 +544,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.ClientAssertionPrincipal is not null || string.IsNullOrEmpty(context.ClientAssertion))
if (string.IsNullOrEmpty(context.ClientAssertion))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.ClientAssertionPrincipal,
Token = context.ClientAssertion,
TokenFormat = context.ClientAssertionType switch
{
Expand Down Expand Up @@ -1268,13 +1269,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.AccessTokenPrincipal is not null || string.IsNullOrEmpty(context.AccessToken))
if (string.IsNullOrEmpty(context.AccessToken))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.AccessTokenPrincipal,
Token = context.AccessToken,
ValidTokenTypes = { TokenTypeHints.AccessToken }
};
Expand Down Expand Up @@ -1340,13 +1342,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.AuthorizationCodePrincipal is not null || string.IsNullOrEmpty(context.AuthorizationCode))
if (string.IsNullOrEmpty(context.AuthorizationCode))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.AuthorizationCodePrincipal,
Token = context.AuthorizationCode,
ValidTokenTypes = { TokenTypeHints.AuthorizationCode }
};
Expand Down Expand Up @@ -1412,13 +1415,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.DeviceCodePrincipal is not null || string.IsNullOrEmpty(context.DeviceCode))
if (string.IsNullOrEmpty(context.DeviceCode))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.DeviceCodePrincipal,
Token = context.DeviceCode,
ValidTokenTypes = { TokenTypeHints.DeviceCode }
};
Expand Down Expand Up @@ -1484,13 +1488,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.GenericTokenPrincipal is not null || string.IsNullOrEmpty(context.GenericToken))
if (string.IsNullOrEmpty(context.GenericToken))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.GenericTokenPrincipal,
Token = context.GenericToken,
TokenTypeHint = context.GenericTokenTypeHint,

Expand Down Expand Up @@ -1574,7 +1579,7 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.IdentityTokenPrincipal is not null || string.IsNullOrEmpty(context.IdentityToken))
if (string.IsNullOrEmpty(context.IdentityToken))
{
return;
}
Expand All @@ -1584,6 +1589,7 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
// Don't validate the lifetime of id_tokens used as id_token_hints.
DisableLifetimeValidation = context.EndpointType is OpenIddictServerEndpointType.Authorization or
OpenIddictServerEndpointType.Logout,
Principal = context.IdentityTokenPrincipal,
Token = context.IdentityToken,
ValidTokenTypes = { TokenTypeHints.IdToken }
};
Expand Down Expand Up @@ -1649,13 +1655,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.RefreshTokenPrincipal is not null || string.IsNullOrEmpty(context.RefreshToken))
if (string.IsNullOrEmpty(context.RefreshToken))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.RefreshTokenPrincipal,
Token = context.RefreshToken,
ValidTokenTypes = { TokenTypeHints.RefreshToken }
};
Expand Down Expand Up @@ -1721,13 +1728,14 @@ public async ValueTask HandleAsync(ProcessAuthenticationContext context)
throw new ArgumentNullException(nameof(context));
}

if (context.UserCodePrincipal is not null || string.IsNullOrEmpty(context.UserCode))
if (string.IsNullOrEmpty(context.UserCode))
{
return;
}

var notification = new ValidateTokenContext(context.Transaction)
{
Principal = context.UserCodePrincipal,
Token = context.UserCode,
ValidTokenTypes = { TokenTypeHints.UserCode }
};
Expand Down
Loading

0 comments on commit 4b9029e

Please sign in to comment.