From 99a456365f4b8e38958df1bb8e9853bfeae4e9f8 Mon Sep 17 00:00:00 2001
From: Brett Hazen <2651260+bhazen@users.noreply.github.com>
Date: Tue, 27 May 2025 15:17:03 -0500
Subject: [PATCH] Make access token type nullable on token issued event for
when an access token is not issued
---
.../Endpoints/AuthorizeEndpointBase.cs | 2 +-
.../IdentityServer/Endpoints/TokenEndpoint.cs | 2 +-
.../Extensions/IClientStoreExtensions.cs | 1 -
identity-server/src/Telemetry/Telemetry.cs | 4 ++--
.../TokenIssueCountDiagnosticEntryTests.cs | 20 ++++++++++++++++++-
5 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/identity-server/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs b/identity-server/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs
index faf3c16b4..8a608980e 100644
--- a/identity-server/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs
+++ b/identity-server/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs
@@ -241,7 +241,7 @@ internal abstract class AuthorizeEndpointBase : IEndpointHandler
response.Request.GrantType,
response.Request.AuthorizeRequestType,
response.AccessToken.IsPresent(),
- response.Request.AccessTokenType,
+ response.AccessToken.IsPresent() ? response.Request.AccessTokenType : null,
false,
ProofType.None,
response.IdentityToken.IsPresent());
diff --git a/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs b/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs
index 9a87ee13a..875ed27e5 100644
--- a/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs
+++ b/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs
@@ -141,7 +141,7 @@ internal class TokenEndpoint : IEndpointHandler
await _events.RaiseAsync(new TokenIssuedSuccessEvent(response, requestResult));
Telemetry.Metrics.TokenIssued(clientResult.Client.ClientId, requestResult.ValidatedRequest.GrantType, null,
- response.AccessToken.IsPresent(), requestResult.ValidatedRequest.AccessTokenType, response.RefreshToken.IsPresent(),
+ response.AccessToken.IsPresent(), response.AccessTokenType.IsPresent() ? requestResult.ValidatedRequest.AccessTokenType : null, response.RefreshToken.IsPresent(),
requestResult.ValidatedRequest.ProofType, response.IdentityToken.IsPresent());
LogTokens(response, requestResult);
diff --git a/identity-server/src/IdentityServer/Extensions/IClientStoreExtensions.cs b/identity-server/src/IdentityServer/Extensions/IClientStoreExtensions.cs
index a4e54f9e1..eb161bc00 100644
--- a/identity-server/src/IdentityServer/Extensions/IClientStoreExtensions.cs
+++ b/identity-server/src/IdentityServer/Extensions/IClientStoreExtensions.cs
@@ -22,7 +22,6 @@ public static class IClientStoreExtensions
var client = await store.FindClientByIdAsync(clientId);
if (client != null && client.Enabled)
{
- //Telemetry.Metrics.ClientLoaded(client);
return client;
}
diff --git a/identity-server/src/Telemetry/Telemetry.cs b/identity-server/src/Telemetry/Telemetry.cs
index 89adffaee..b1380a4a6 100644
--- a/identity-server/src/Telemetry/Telemetry.cs
+++ b/identity-server/src/Telemetry/Telemetry.cs
@@ -466,12 +466,12 @@ public static class Telemetry
/// Grant Type
/// Type of authorization request
/// Whether an access token was issued
- /// The type of access token issued (JWT or Reference)
+ /// The type of access token issued (Null if no access token was issued, otherwise JWT or Reference)
/// Whether a refresh token was issued
/// The proof type used (None, ClientCertificate, or DPoP)
/// Whether an id token was issued
public static void TokenIssued(string clientId, string grantType, AuthorizeRequestType? requestType,
- bool accessTokenIssued, AccessTokenType accessTokenType, bool refreshTokenIssued, ProofType proofType, bool idTokenIssued)
+ bool accessTokenIssued, AccessTokenType? accessTokenType, bool refreshTokenIssued, ProofType proofType, bool idTokenIssued)
{
Success(clientId);
TokenIssuedCounter.Add(1,
diff --git a/identity-server/test/IdentityServer.UnitTests/Licensing/v2/DiagnosticEntries/TokenIssueCountDiagnosticEntryTests.cs b/identity-server/test/IdentityServer.UnitTests/Licensing/v2/DiagnosticEntries/TokenIssueCountDiagnosticEntryTests.cs
index b02bda63a..38c09e80f 100644
--- a/identity-server/test/IdentityServer.UnitTests/Licensing/v2/DiagnosticEntries/TokenIssueCountDiagnosticEntryTests.cs
+++ b/identity-server/test/IdentityServer.UnitTests/Licensing/v2/DiagnosticEntries/TokenIssueCountDiagnosticEntryTests.cs
@@ -104,6 +104,24 @@ public class TokenIssueCountDiagnosticEntryTests
tokenIssueCounts.GetProperty("Refresh").GetInt64().ShouldBe(1);
}
+ [Fact]
+ public async Task Should_Handle_No_Token_Issued()
+ {
+ IssueToken("authorization_code", false, null, false, ProofType.None, false);
+
+ var result = await DiagnosticEntryTestHelper.WriteEntryToJson(_subject);
+
+ var tokenIssueCounts = result.RootElement.GetProperty("TokenIssueCounts");
+ tokenIssueCounts.GetProperty("Jwt").GetInt64().ShouldBe(0);
+ tokenIssueCounts.GetProperty("Reference").GetInt64().ShouldBe(0);
+ tokenIssueCounts.GetProperty("JwtPoPDPoP").GetInt64().ShouldBe(0);
+ tokenIssueCounts.GetProperty("JwtPoPmTLS").GetInt64().ShouldBe(0);
+ tokenIssueCounts.GetProperty("ReferencePoPDPoP").GetInt64().ShouldBe(0);
+ tokenIssueCounts.GetProperty("ReferencePoPmTLS").GetInt64().ShouldBe(0);
+ tokenIssueCounts.GetProperty("Refresh").GetInt64().ShouldBe(0);
+ tokenIssueCounts.GetProperty("Id").GetInt64().ShouldBe(0);
+ }
+
[Fact]
public async Task Should_Handle_Initial_Grant_Type_Count()
{
@@ -157,7 +175,7 @@ public class TokenIssueCountDiagnosticEntryTests
tokenIssueCounts.GetProperty("Refresh").GetInt64().ShouldBe(0);
}
- private void IssueToken(string grantType, bool accessTokenIssued, AccessTokenType accessTokenType, bool refreshTokenIssued,
+ private void IssueToken(string grantType, bool accessTokenIssued, AccessTokenType? accessTokenType, bool refreshTokenIssued,
ProofType proofType, bool idTokenIssued) =>
Duende.IdentityServer.Telemetry.Metrics.TokenIssued("ClientId", grantType, null, accessTokenIssued, accessTokenType, refreshTokenIssued, proofType, idTokenIssued);
}