Make access token type nullable on token issued event for when an access token is not issued

2026-05-24 09:28:24 +00:00 · 2025-05-27 15:17:03 -05:00 · 2025-05-27 15:17:03 -05:00 · 99a456365f
commit 99a456365f
parent 183bd83ac6
5 changed files with 23 additions and 6 deletions
--- a/identity-server/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs
+++ b/identity-server/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs
@ -241,7 +241,7 @@ internal abstract class AuthorizeEndpointBase : IEndpointHandler
                response.Request.GrantType,
                response.Request.AuthorizeRequestType,
                response.AccessToken.IsPresent(),
-                response.Request.AccessTokenType,
+                response.AccessToken.IsPresent() ? response.Request.AccessTokenType : null,
                false,
                ProofType.None,
                response.IdentityToken.IsPresent());
--- a/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs
+++ b/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs
@ -141,7 +141,7 @@ internal class TokenEndpoint : IEndpointHandler
        await _events.RaiseAsync(new TokenIssuedSuccessEvent(response, requestResult));

        Telemetry.Metrics.TokenIssued(clientResult.Client.ClientId, requestResult.ValidatedRequest.GrantType, null,
-            response.AccessToken.IsPresent(), requestResult.ValidatedRequest.AccessTokenType, response.RefreshToken.IsPresent(),
+            response.AccessToken.IsPresent(), response.AccessTokenType.IsPresent() ? requestResult.ValidatedRequest.AccessTokenType : null, response.RefreshToken.IsPresent(),
            requestResult.ValidatedRequest.ProofType, response.IdentityToken.IsPresent());
        LogTokens(response, requestResult);

--- a/identity-server/src/IdentityServer/Extensions/IClientStoreExtensions.cs
+++ b/identity-server/src/IdentityServer/Extensions/IClientStoreExtensions.cs
@ -22,7 +22,6 @@ public static class IClientStoreExtensions
        var client = await store.FindClientByIdAsync(clientId);
        if (client != null && client.Enabled)
        {
-            //Telemetry.Metrics.ClientLoaded(client);
            return client;
        }

--- a/identity-server/src/Telemetry/Telemetry.cs
+++ b/identity-server/src/Telemetry/Telemetry.cs
@ -466,12 +466,12 @@ public static class Telemetry
        /// <param name="grantType">Grant Type</param>
        /// <param name="requestType">Type of authorization request</param>
        /// <param name="accessTokenIssued">Whether an access token was issued</param>
-        /// <param name="accessTokenType">The type of access token issued (JWT or Reference)</param>
+        /// <param name="accessTokenType">The type of access token issued (Null if no access token was issued, otherwise JWT or Reference)</param>
        /// <param name="refreshTokenIssued">Whether a refresh token was issued</param>
        /// <param name="proofType">The proof type used (None, ClientCertificate, or DPoP)</param>
        /// <param name="idTokenIssued">Whether an id token was issued</param>
        public static void TokenIssued(string clientId, string grantType, AuthorizeRequestType? requestType,
-            bool accessTokenIssued, AccessTokenType accessTokenType, bool refreshTokenIssued, ProofType proofType, bool idTokenIssued)
+            bool accessTokenIssued, AccessTokenType? accessTokenType, bool refreshTokenIssued, ProofType proofType, bool idTokenIssued)
        {
            Success(clientId);
            TokenIssuedCounter.Add(1,
--- a/identity-server/test/IdentityServer.UnitTests/Licensing/v2/DiagnosticEntries/TokenIssueCountDiagnosticEntryTests.cs
+++ b/identity-server/test/IdentityServer.UnitTests/Licensing/v2/DiagnosticEntries/TokenIssueCountDiagnosticEntryTests.cs
@ -104,6 +104,24 @@ public class TokenIssueCountDiagnosticEntryTests
        tokenIssueCounts.GetProperty("Refresh").GetInt64().ShouldBe(1);
    }

+    [Fact]
+    public async Task Should_Handle_No_Token_Issued()
+    {
+        IssueToken("authorization_code", false, null, false, ProofType.None, false);
+
+        var result = await DiagnosticEntryTestHelper.WriteEntryToJson(_subject);
+
+        var tokenIssueCounts = result.RootElement.GetProperty("TokenIssueCounts");
+        tokenIssueCounts.GetProperty("Jwt").GetInt64().ShouldBe(0);
+        tokenIssueCounts.GetProperty("Reference").GetInt64().ShouldBe(0);
+        tokenIssueCounts.GetProperty("JwtPoPDPoP").GetInt64().ShouldBe(0);
+        tokenIssueCounts.GetProperty("JwtPoPmTLS").GetInt64().ShouldBe(0);
+        tokenIssueCounts.GetProperty("ReferencePoPDPoP").GetInt64().ShouldBe(0);
+        tokenIssueCounts.GetProperty("ReferencePoPmTLS").GetInt64().ShouldBe(0);
+        tokenIssueCounts.GetProperty("Refresh").GetInt64().ShouldBe(0);
+        tokenIssueCounts.GetProperty("Id").GetInt64().ShouldBe(0);
+    }
+
    [Fact]
    public async Task Should_Handle_Initial_Grant_Type_Count()
    {
@ -157,7 +175,7 @@ public class TokenIssueCountDiagnosticEntryTests
        tokenIssueCounts.GetProperty("Refresh").GetInt64().ShouldBe(0);
    }

-    private void IssueToken(string grantType, bool accessTokenIssued, AccessTokenType accessTokenType, bool refreshTokenIssued,
+    private void IssueToken(string grantType, bool accessTokenIssued, AccessTokenType? accessTokenType, bool refreshTokenIssued,
        ProofType proofType, bool idTokenIssued) =>
        Duende.IdentityServer.Telemetry.Metrics.TokenIssued("ClientId", grantType, null, accessTokenIssued, accessTokenType, refreshTokenIssued, proofType, idTokenIssued);
 }