Fix retrieval of dpop keys when using resources

We don't have a per-resource dpop key, so we should not include the resource name when retrieving the dpop key.
DuendeSoftware · Apr 18, 2024 · 085f90f · 085f90f
1 parent 7da9e53
commit 085f90f
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/src/Duende.AccessTokenManagement.OpenIdConnect/AuthenticationSessionUserTokenStore.cs b/src/Duende.AccessTokenManagement.OpenIdConnect/AuthenticationSessionUserTokenStore.cs
@@ -89,11 +89,12 @@ public async Task<UserToken> GetTokenAsync(
 
             var tokenName = NamePrefixAndResourceSuffix(OpenIdConnectParameterNames.AccessToken, parameters);
             var tokenTypeName = NamePrefixAndResourceSuffix(OpenIdConnectParameterNames.TokenType, parameters);
-            var dpopKeyName = NamePrefixAndResourceSuffix(DPoPKeyName, parameters);
             var expiresName = NamePrefixAndResourceSuffix("expires_at", parameters);
 
-            // Note that we are not including the the resource suffix because there is no per-resource refresh token
+            // Note that we are not including the the resource suffix because
+            // there is no per-resource refresh token or dpop key
             var refreshTokenName = NamePrefix(OpenIdConnectParameterNames.RefreshToken);
+            var dpopKeyName = NamePrefix(DPoPKeyName);
 
             var appendChallengeScheme = AppendChallengeSchemeToTokenNames(parameters);
 
@@ -189,12 +190,12 @@ public async Task StoreTokenAsync(
 
             var tokenName = NamePrefixAndResourceSuffix(OpenIdConnectParameterNames.AccessToken, parameters);
             var tokenTypeName = NamePrefixAndResourceSuffix(OpenIdConnectParameterNames.TokenType, parameters);
-            var dpopKeyName = NamePrefixAndResourceSuffix(DPoPKeyName, parameters);
             var expiresName = NamePrefixAndResourceSuffix("expires_at", parameters);
 
             // Note that we are not including the resource suffix because there
-            // is no per-resource refresh token
+            // is no per-resource refresh token or dpop key
             var refreshTokenName = NamePrefix(OpenIdConnectParameterNames.RefreshToken);
+            var dpopKeyName = NamePrefix(DPoPKeyName);
 
             if (AppendChallengeSchemeToTokenNames(parameters))
             {