From a36f5f6b60e1ca6c575685d2288a14b8f43f7ef3 Mon Sep 17 00:00:00 2001 From: Simon Cropp Date: Fri, 20 Dec 2024 14:53:40 +1100 Subject: [PATCH] enable nullable in TokenValidator --- .../Validation/Default/TokenValidator.cs | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs b/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs index be1a13903..bc3632317 100644 --- a/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs @@ -2,6 +2,7 @@ // See LICENSE in the project root for license information. +#nullable enable using Duende.IdentityModel; using Duende.IdentityServer.Extensions; using Microsoft.Extensions.Logging; @@ -61,7 +62,7 @@ public TokenValidator( _log = new TokenValidationLog(); } - public async Task ValidateIdentityTokenAsync(string token, string clientId = null, + public async Task ValidateIdentityTokenAsync(string token, string? clientId = null, bool validateLifetime = true) { using var activity = Tracing.BasicActivitySource.StartActivity("TokenValidator.ValidateIdentityToken"); @@ -124,7 +125,7 @@ public async Task ValidateIdentityTokenAsync(string token return customResult; } - public async Task ValidateAccessTokenAsync(string token, string expectedScope = null) + public async Task ValidateAccessTokenAsync(string token, string? expectedScope = null) { using var activity = Tracing.BasicActivitySource.StartActivity("TokenValidator.ValidateAccessToken"); @@ -180,7 +181,7 @@ public async Task ValidateAccessTokenAsync(string token, } // make sure client is still active (if client_id claim is present) - var clientClaim = result.Claims.FirstOrDefault(c => c.Type == JwtClaimTypes.ClientId); + var clientClaim = result.Claims?.FirstOrDefault(c => c.Type == JwtClaimTypes.ClientId); if (clientClaim != null) { var client = await _clients.FindEnabledClientByIdAsync(clientClaim.Value); @@ -197,10 +198,10 @@ public async Task ValidateAccessTokenAsync(string token, } // make sure user is still active (if sub claim is present) - var subClaim = result.Claims.FirstOrDefault(c => c.Type == JwtClaimTypes.Subject); + var subClaim = result.Claims?.FirstOrDefault(c => c.Type == JwtClaimTypes.Subject); if (subClaim != null) { - var principal = Principal.Create("tokenvalidator", result.Claims.ToArray()); + var principal = Principal.Create("tokenvalidator", result.Claims!.ToArray()); if (result.ReferenceTokenId.IsPresent()) { @@ -208,7 +209,7 @@ public async Task ValidateAccessTokenAsync(string token, .AddClaim(new Claim(JwtClaimTypes.ReferenceTokenId, result.ReferenceTokenId)); } - var isActiveCtx = new IsActiveContext(principal, result.Client, + var isActiveCtx = new IsActiveContext(principal, result.Client!, IdentityServerConstants.ProfileIsActiveCallers.AccessTokenValidation); await _profile.IsActiveAsync(isActiveCtx); @@ -231,7 +232,7 @@ public async Task ValidateAccessTokenAsync(string token, { SubjectId = sub, SessionId = sid, - Client = result.Client, + Client = result.Client!, Type = SessionValidationType.AccessToken }); @@ -246,7 +247,7 @@ public async Task ValidateAccessTokenAsync(string token, // check expected scope(s) if (expectedScope.IsPresent()) { - var scope = result.Claims.FirstOrDefault(c => + var scope = result.Claims?.FirstOrDefault(c => c.Type == JwtClaimTypes.Scope && c.Value == expectedScope); if (scope == null) { @@ -272,7 +273,7 @@ public async Task ValidateAccessTokenAsync(string token, } private async Task ValidateJwtAsync(string jwtString, - IEnumerable validationKeys, bool validateLifetime = true, string audience = null) + IEnumerable validationKeys, bool validateLifetime = true, string? audience = null) { using var activity = Tracing.BasicActivitySource.StartActivity("TokenValidator.ValidateJwt"); @@ -327,7 +328,7 @@ private async Task ValidateJwtAsync(string jwtString, } // load the client that belongs to the client_id claim - Client client = null; + Client? client = null; var clientId = id.FindFirst(JwtClaimTypes.ClientId); if (clientId != null) { @@ -388,7 +389,7 @@ private async Task ValidateReferenceAccessTokenAsync(stri } // load the client that is defined in the token - Client client = null; + Client? client = null; if (token.ClientId != null) { client = await _clients.FindEnabledClientByIdAsync(token.ClientId); @@ -444,7 +445,7 @@ private IEnumerable ReferenceTokenToClaims(Token token) return claims; } - private string GetClientIdFromJwt(string token) + private string? GetClientIdFromJwt(string token) { try {