Skip to content

Commit

Permalink
Merge pull request #1660 from DuendeSoftware/joe/server-side-session-…
Browse files Browse the repository at this point in the history
…issuers

Persist claim issuers in server side sessions
  • Loading branch information
josephdecock authored Dec 10, 2024
2 parents e4a3de9 + dffa57e commit b5712bd
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 4 deletions.
1 change: 0 additions & 1 deletion hosts/EntityFramework/Pages/Account/Login/Index.cshtml.cs
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using static System.Runtime.InteropServices.JavaScript.JSType;

namespace IdentityServerHost.Pages.Login;

Expand Down
6 changes: 4 additions & 2 deletions src/Storage/Extensions/ClaimsPrincipalLiteExtensions.cs
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ public static class ClaimsPrincipalLiteExtensions
/// </summary>
public static ClaimsPrincipal ToClaimsPrincipal(this ClaimsPrincipalLite principal)
{
var claims = principal.Claims.Select(x => new Claim(x.Type, x.Value, x.ValueType ?? ClaimValueTypes.String)).ToArray();
var claims = principal.Claims.Select(x => new Claim(x.Type, x.Value, x.ValueType ?? ClaimValueTypes.String, x.Issuer ?? ClaimsIdentity.DefaultIssuer)).ToArray();
var id = new ClaimsIdentity(claims, principal.AuthenticationType, JwtClaimTypes.Name, JwtClaimTypes.Role);

return new ClaimsPrincipal(id);
Expand All @@ -35,7 +35,9 @@ public static ClaimsPrincipalLite ToClaimsPrincipalLite(this ClaimsPrincipal pri
{
Type = x.Type,
Value = x.Value,
ValueType = x.ValueType == ClaimValueTypes.String ? null : x.ValueType
// Leave out default values, to avoid bloat
ValueType = x.ValueType == ClaimValueTypes.String ? null : x.ValueType,
Issuer = x.Issuer == ClaimsIdentity.DefaultIssuer ? null : x.Issuer
}).ToArray();

return new ClaimsPrincipalLite
Expand Down
3 changes: 2 additions & 1 deletion src/Storage/Stores/Serialization/ClaimLite.cs
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,5 @@ public class ClaimLite
public string Type { get; set; }
public string Value { get; set; }
public string ValueType { get; set; }
}
public string Issuer { get; set; }
}
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
using Duende.IdentityServer;
using Microsoft.AspNetCore.DataProtection;
using Duende.IdentityServer.Extensions;
using System.Security.Claims;

namespace IntegrationTests.Hosting;

Expand Down Expand Up @@ -743,4 +744,24 @@ public async Task using_access_token_for_expired_session_should_fail()
response.IsError.Should().BeTrue();
}
}


[Fact]
public async Task claim_issuers_should_be_persisted()
{
var claimWithCustomIssuer = new Claim("Test", "true", ClaimValueTypes.Boolean, "Custom Issuer");
var claimWithDefaultIssuer = new Claim("Test", "false", ClaimValueTypes.Boolean, ClaimsIdentity.DefaultIssuer);

var user = new IdentityServerUser("alice").CreatePrincipal();
user.Identities.First().AddClaim(claimWithCustomIssuer);
user.Identities.First().AddClaim(claimWithDefaultIssuer);

await _pipeline.LoginAsync(user);

var ticket = (await _sessionStore.GetSessionsAsync(new SessionFilter { SubjectId = "alice" })).Single()
.Deserialize(_protector, null);
var claims = ticket.Principal.Claims;
claims.Should().Contain(c => c.Issuer == "Custom Issuer" && c.Type == "Test");
claims.Should().Contain(c => c.Issuer == ClaimsIdentity.DefaultIssuer && c.Type == "Test");
}
}

0 comments on commit b5712bd

Please sign in to comment.