diff --git a/identity-server/src/IdentityServer/Endpoints/Results/IntrospectionResult.cs b/identity-server/src/IdentityServer/Endpoints/Results/IntrospectionResult.cs index 3ffc423e9..77f6023c8 100644 --- a/identity-server/src/IdentityServer/Endpoints/Results/IntrospectionResult.cs +++ b/identity-server/src/IdentityServer/Endpoints/Results/IntrospectionResult.cs @@ -84,7 +84,7 @@ internal class IntrospectionHttpWriter(IIssuerNameService issuerNameService, ITo CreationTime = DateTime.UtcNow, Claims = [new Claim("token_introspection", ObjectSerializer.ToString(result.Entries), IdentityServerConstants.ClaimValueTypes.Json)] }; - var jwt = await tokenCreationService.CreateTokenAsync(token); + var jwt = await tokenCreationService.CreateTokenAsync(token, context.RequestAborted); await context.Response.WriteAsync(jwt); } diff --git a/identity-server/src/IdentityServer/IdentityServerTools.cs b/identity-server/src/IdentityServer/IdentityServerTools.cs index 6e0197654..755547c2f 100644 --- a/identity-server/src/IdentityServer/IdentityServerTools.cs +++ b/identity-server/src/IdentityServer/IdentityServerTools.cs @@ -142,7 +142,7 @@ public class IdentityServerTools : IIdentityServerTools Claims = new HashSet(claims, new ClaimComparer()) }; - return await _tokenCreation.CreateTokenAsync(token); + return await _tokenCreation.CreateTokenAsync(token, default); } /// diff --git a/identity-server/src/IdentityServer/Services/Default/DefaultClaimsService.cs b/identity-server/src/IdentityServer/Services/Default/DefaultClaimsService.cs index 07f445e19..5dcbc1fe3 100644 --- a/identity-server/src/IdentityServer/Services/Default/DefaultClaimsService.cs +++ b/identity-server/src/IdentityServer/Services/Default/DefaultClaimsService.cs @@ -38,17 +38,8 @@ public class DefaultClaimsService : IClaimsService Profile = profile; } - /// - /// Returns claims for an identity token - /// - /// The subject - /// The requested resources - /// Specifies if all claims should be included in the token, or if the userinfo endpoint can be used to retrieve them - /// The raw request - /// - /// Claims for the identity token - /// - public virtual async Task> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request) + /// + public virtual async Task> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request, CT ct) { using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultClaimsService.GetIdentityTokenClaims"); @@ -101,16 +92,8 @@ public class DefaultClaimsService : IClaimsService return outputClaims; } - /// - /// Returns claims for an access token. - /// - /// The subject. - /// The validated resource result - /// The raw request. - /// - /// Claims for the access token - /// - public virtual async Task> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resourceResult, ValidatedRequest request) + /// + public virtual async Task> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resourceResult, ValidatedRequest request, CT ct) { using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultClaimsService.GetAccessTokenClaims"); diff --git a/identity-server/src/IdentityServer/Services/Default/DefaultTokenCreationService.cs b/identity-server/src/IdentityServer/Services/Default/DefaultTokenCreationService.cs index ee2ef6901..da2970fa2 100644 --- a/identity-server/src/IdentityServer/Services/Default/DefaultTokenCreationService.cs +++ b/identity-server/src/IdentityServer/Services/Default/DefaultTokenCreationService.cs @@ -56,21 +56,15 @@ public class DefaultTokenCreationService : ITokenCreationService Logger = logger; } - /// - /// Creates the token. - /// - /// The token. - /// - /// A protected and serialized security token - /// - public virtual async Task CreateTokenAsync(Token token) + /// + public virtual async Task CreateTokenAsync(Token token, CT ct) { using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultTokenCreationService.CreateToken"); var payload = await CreatePayloadAsync(token); var headerElements = await CreateHeaderElementsAsync(token); - return await CreateJwtAsync(token, payload, headerElements); + return await CreateJwtAsync(token, payload, headerElements, ct); } /// @@ -121,14 +115,15 @@ public class DefaultTokenCreationService : ITokenCreationService /// /// /// + /// /// /// protected virtual async Task CreateJwtAsync(Token token, string payload, - Dictionary headerElements) + Dictionary headerElements, CT ct) { using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultTokenCreationService.CreateJwt"); - var credential = await Keys.GetSigningCredentialsAsync(token.AllowedSigningAlgorithms, default); + var credential = await Keys.GetSigningCredentialsAsync(token.AllowedSigningAlgorithms, ct); if (credential == null) { diff --git a/identity-server/src/IdentityServer/Services/Default/DefaultTokenService.cs b/identity-server/src/IdentityServer/Services/Default/DefaultTokenService.cs index af2c7ba66..f193ac8ad 100644 --- a/identity-server/src/IdentityServer/Services/Default/DefaultTokenService.cs +++ b/identity-server/src/IdentityServer/Services/Default/DefaultTokenService.cs @@ -135,7 +135,8 @@ public class DefaultTokenService : ITokenService request.Subject, request.ValidatedResources, request.IncludeAllIdentityClaims, - request.ValidatedRequest)); + request.ValidatedRequest, + ct)); var issuer = request.ValidatedRequest.IssuerName; var token = new Token(OidcConstants.TokenTypes.IdentityToken) @@ -165,7 +166,8 @@ public class DefaultTokenService : ITokenService claims.AddRange(await ClaimsProvider.GetAccessTokenClaimsAsync( request.Subject, request.ValidatedResources, - request.ValidatedRequest)); + request.ValidatedRequest, + ct)); if (request.ValidatedRequest.SessionId.IsPresent()) { @@ -231,7 +233,7 @@ public class DefaultTokenService : ITokenService { Logger.LogTrace("Creating JWT access token"); - tokenResult = await CreationService.CreateTokenAsync(token); + tokenResult = await CreationService.CreateTokenAsync(token, ct); } else { @@ -246,7 +248,7 @@ public class DefaultTokenService : ITokenService { Logger.LogTrace("Creating JWT identity token"); - tokenResult = await CreationService.CreateTokenAsync(token); + tokenResult = await CreationService.CreateTokenAsync(token, ct); } else { diff --git a/identity-server/src/IdentityServer/Services/IClaimsService.cs b/identity-server/src/IdentityServer/Services/IClaimsService.cs index 553bbb655..f3380e20a 100644 --- a/identity-server/src/IdentityServer/Services/IClaimsService.cs +++ b/identity-server/src/IdentityServer/Services/IClaimsService.cs @@ -21,10 +21,11 @@ public interface IClaimsService /// The resources. /// Specifies if all claims should be included in the token, or if the userinfo endpoint can be used to retrieve them /// The raw request + /// A token to monitor for cancellation requests. /// /// Claims for the identity token /// - Task> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request); + Task> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request, CT ct); /// /// Returns claims for an access token. @@ -32,8 +33,9 @@ public interface IClaimsService /// The subject. /// The resources. /// The raw request. + /// A token to monitor for cancellation requests. /// /// Claims for the access token /// - Task> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, ValidatedRequest request); + Task> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, ValidatedRequest request, CT ct); } diff --git a/identity-server/src/IdentityServer/Services/ITokenCreationService.cs b/identity-server/src/IdentityServer/Services/ITokenCreationService.cs index 7ff182d15..1d23e1803 100644 --- a/identity-server/src/IdentityServer/Services/ITokenCreationService.cs +++ b/identity-server/src/IdentityServer/Services/ITokenCreationService.cs @@ -17,6 +17,7 @@ public interface ITokenCreationService /// Creates a token. /// /// The token description. + /// A token to monitor for cancellation requests. /// A protected and serialized security token - Task CreateTokenAsync(Token token); + Task CreateTokenAsync(Token token, CT ct); } diff --git a/identity-server/test/IdentityServer.IntegrationTests/Extensibility/CustomClaimsServiceTests.cs b/identity-server/test/IdentityServer.IntegrationTests/Extensibility/CustomClaimsServiceTests.cs index 84130fc52..bbe5b845f 100644 --- a/identity-server/test/IdentityServer.IntegrationTests/Extensibility/CustomClaimsServiceTests.cs +++ b/identity-server/test/IdentityServer.IntegrationTests/Extensibility/CustomClaimsServiceTests.cs @@ -77,9 +77,9 @@ public class CustomClaimsService : DefaultClaimsService { } - public override async Task> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resourceResult, ValidatedRequest request) + public override async Task> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resourceResult, ValidatedRequest request, CT ct) { - var result = (await base.GetAccessTokenClaimsAsync(subject, resourceResult, request)).ToList(); + var result = (await base.GetAccessTokenClaimsAsync(subject, resourceResult, request, ct)).ToList(); result.Add(new Claim("foo", "foo1")); diff --git a/identity-server/test/IdentityServer.UnitTests/Common/MockClaimsService.cs b/identity-server/test/IdentityServer.UnitTests/Common/MockClaimsService.cs index e76b4827d..50672ed0b 100644 --- a/identity-server/test/IdentityServer.UnitTests/Common/MockClaimsService.cs +++ b/identity-server/test/IdentityServer.UnitTests/Common/MockClaimsService.cs @@ -13,7 +13,7 @@ internal class MockClaimsService : IClaimsService public List IdentityTokenClaims { get; set; } = new List(); public List AccessTokenClaims { get; set; } = new List(); - public Task> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request) => Task.FromResult(IdentityTokenClaims.AsEnumerable()); + public Task> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request, CT ct) => Task.FromResult(IdentityTokenClaims.AsEnumerable()); - public Task> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, ValidatedRequest request) => Task.FromResult(AccessTokenClaims.AsEnumerable()); + public Task> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, ValidatedRequest request, CT ct) => Task.FromResult(AccessTokenClaims.AsEnumerable()); } diff --git a/identity-server/test/IdentityServer.UnitTests/Common/MockTokenCreationService.cs b/identity-server/test/IdentityServer.UnitTests/Common/MockTokenCreationService.cs index 0dac0ddd0..c6c03e62e 100644 --- a/identity-server/test/IdentityServer.UnitTests/Common/MockTokenCreationService.cs +++ b/identity-server/test/IdentityServer.UnitTests/Common/MockTokenCreationService.cs @@ -12,7 +12,7 @@ internal class MockTokenCreationService : ITokenCreationService public string TokenResult { get; set; } public Token Token { get; set; } - public Task CreateTokenAsync(Token token) + public Task CreateTokenAsync(Token token, CT ct) { Token = token; return Task.FromResult(TokenResult); diff --git a/identity-server/test/IdentityServer.UnitTests/Services/Default/DefaultClaimsServiceTests.cs b/identity-server/test/IdentityServer.UnitTests/Services/Default/DefaultClaimsServiceTests.cs index bb03226fb..bd67f8a51 100644 --- a/identity-server/test/IdentityServer.UnitTests/Services/Default/DefaultClaimsServiceTests.cs +++ b/identity-server/test/IdentityServer.UnitTests/Services/Default/DefaultClaimsServiceTests.cs @@ -17,6 +17,7 @@ public class DefaultClaimsServiceTests { private DefaultClaimsService _subject; private MockProfileService _mockMockProfileService = new MockProfileService(); + private readonly CT _ct = TestContext.Current.CancellationToken; private ClaimsPrincipal _user; private Client _client; @@ -58,7 +59,7 @@ public class DefaultClaimsServiceTests [Fact] public async Task GetIdentityTokenClaimsAsync_should_return_standard_user_claims() { - var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest); + var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest, _ct); var types = claims.Select(x => x.Type); types.ShouldContain(JwtClaimTypes.Subject); @@ -73,7 +74,7 @@ public class DefaultClaimsServiceTests { _resources.IdentityResources.Add(new IdentityResource("id_scope", new[] { "foo" })); - var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest); + var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest, _ct); _mockMockProfileService.GetProfileWasCalled.ShouldBeFalse(); } @@ -84,7 +85,7 @@ public class DefaultClaimsServiceTests _resources.IdentityResources.Add(new IdentityResource("id_scope", new[] { "foo" })); _mockMockProfileService.ProfileClaims.Add(new Claim("foo", "foo1")); - var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, true, _validatedRequest); + var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, true, _validatedRequest, _ct); _mockMockProfileService.GetProfileWasCalled.ShouldBeTrue(); _mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("foo"); @@ -98,7 +99,7 @@ public class DefaultClaimsServiceTests _resources.IdentityResources.Add(new IdentityResource("id_scope", new[] { "foo" })); _mockMockProfileService.ProfileClaims.Add(new Claim("foo", "foo1")); - var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest); + var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest, _ct); _mockMockProfileService.GetProfileWasCalled.ShouldBeTrue(); _mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("foo"); @@ -110,7 +111,7 @@ public class DefaultClaimsServiceTests _resources.IdentityResources.Add(new IdentityResource("id_scope", new[] { "foo" })); _mockMockProfileService.ProfileClaims.Add(new Claim("aud", "bar")); - var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, true, _validatedRequest); + var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, true, _validatedRequest, _ct); claims.Count(x => x.Type == "aud" && x.Value == "bar").ShouldBe(0); } @@ -118,7 +119,7 @@ public class DefaultClaimsServiceTests [Fact] public async Task GetAccessTokenClaimsAsync_should_contain_client_id() { - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); claims.Count(x => x.Type == JwtClaimTypes.ClientId && x.Value == _client.ClientId).ShouldBe(1); } @@ -126,7 +127,7 @@ public class DefaultClaimsServiceTests [Fact] public async Task GetAccessTokenClaimsAsync_client_claims_should_be_prefixed_with_default_value() { - var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest, _ct); claims.Count(x => x.Type == "client_some_claim" && x.Value == "some_claim_value").ShouldBe(1); } @@ -135,7 +136,7 @@ public class DefaultClaimsServiceTests public async Task GetAccessTokenClaimsAsync_client_claims_should_be_prefixed_with_custom_value() { _validatedRequest.Client.ClientClaimsPrefix = "custom_prefix_"; - var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest, _ct); claims.Count(x => x.Type == "custom_prefix_some_claim" && x.Value == "some_claim_value").ShouldBe(1); } @@ -144,7 +145,7 @@ public class DefaultClaimsServiceTests public async Task GetAccessTokenClaimsAsync_should_contain_client_claims_when_no_subject() { _validatedRequest.Client.ClientClaimsPrefix = null; - var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest, _ct); claims.Count(x => x.Type == "some_claim" && x.Value == "some_claim_value").ShouldBe(1); } @@ -155,7 +156,7 @@ public class DefaultClaimsServiceTests _validatedRequest.Client.ClientClaimsPrefix = null; _validatedRequest.Client.AlwaysSendClientClaims = true; - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); claims.Count(x => x.Type == "some_claim" && x.Value == "some_claim_value").ShouldBe(1); } @@ -168,7 +169,7 @@ public class DefaultClaimsServiceTests _resources.ApiScopes.Add(new ApiScope("api1")); _resources.ApiScopes.Add(new ApiScope("api2")); - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value); scopes.Count().ShouldBe(4); @@ -185,7 +186,7 @@ public class DefaultClaimsServiceTests ParsedScopes = { new ParsedScopeValue("api:123", "api", "123") } }; - var claims = await _subject.GetAccessTokenClaimsAsync(_user, resourceResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, resourceResult, _validatedRequest, _ct); var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value); scopes.Count().ShouldBe(1); @@ -197,7 +198,7 @@ public class DefaultClaimsServiceTests { _resources.ApiResources.Add(new ApiResource("api1")); - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value); scopes.Count().ShouldBe(0); @@ -215,7 +216,7 @@ public class DefaultClaimsServiceTests ParsedScopes = { new ParsedScopeValue("api2") } }; - var claims = await _subject.GetAccessTokenClaimsAsync(_user, resourceResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, resourceResult, _validatedRequest, _ct); var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value); scopes.Count().ShouldBe(1); @@ -235,7 +236,7 @@ public class DefaultClaimsServiceTests _resources.ApiResources.Add(new ApiResource { Name = "api3", Scopes = { "resource" } }); _resources.ApiScopes.Add(new ApiScope("resource")); - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value); scopes.Count().ShouldBe(1); @@ -251,7 +252,7 @@ public class DefaultClaimsServiceTests _resources.ApiResources.Add(new ApiResource("api2")); _resources.OfflineAccess = true; - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value); scopes.ShouldContain(IdentityServerConstants.StandardScopes.OfflineAccess); @@ -266,7 +267,7 @@ public class DefaultClaimsServiceTests _resources.ApiResources.Add(new ApiResource("api2")); _resources.OfflineAccess = true; - var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest, _ct); var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value); scopes.ShouldNotContain(IdentityServerConstants.StandardScopes.OfflineAccess); @@ -275,7 +276,7 @@ public class DefaultClaimsServiceTests [Fact] public async Task GetAccessTokenClaimsAsync_should_return_standard_user_claims() { - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); var types = claims.Select(x => x.Type); types.ShouldContain(JwtClaimTypes.Subject); @@ -291,7 +292,7 @@ public class DefaultClaimsServiceTests _resources.IdentityResources.Add(new IdentityResource("id1", new[] { "foo" })); _resources.ApiResources.Add(new ApiResource("api1", new string[] { "bar" })); - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); _mockMockProfileService.GetProfileWasCalled.ShouldBeTrue(); _mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldNotContain("foo"); @@ -304,7 +305,7 @@ public class DefaultClaimsServiceTests _resources.ApiResources.Add(new ApiResource("api1", new[] { "foo" })); _mockMockProfileService.ProfileClaims.Add(new Claim("aud", "bar")); - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); claims.Count(x => x.Type == "aud" && x.Value == "bar").ShouldBe(0); } @@ -314,7 +315,7 @@ public class DefaultClaimsServiceTests { _resources.ApiResources.Add(new ApiResource("api1", new[] { "foo" })); - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); _mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("foo"); } @@ -335,7 +336,7 @@ public class DefaultClaimsServiceTests } ); - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); _mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("foo"); } @@ -357,7 +358,7 @@ public class DefaultClaimsServiceTests } ); - var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest); + var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct); _mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("foo"); _mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("bar"); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AccessTokenValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AccessTokenValidation.cs index 201b7404d..e957d7cb3 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AccessTokenValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AccessTokenValidation.cs @@ -163,7 +163,7 @@ public class AccessTokenValidation public async Task Valid_JWT_Token() { var signer = Factory.CreateDefaultTokenCreator(); - var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write")); + var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"), _ct); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt, null, _ct); @@ -181,7 +181,7 @@ public class AccessTokenValidation options.EmitScopesAsSpaceDelimitedStringInJwt = flag; var signer = Factory.CreateDefaultTokenCreator(options); - var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write")); + var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"), _ct); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt, null, _ct); @@ -204,7 +204,7 @@ public class AccessTokenValidation var signer = Factory.CreateDefaultTokenCreator(); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"); token.Issuer = "invalid"; - var jwt = await signer.CreateTokenAsync(token); + var jwt = await signer.CreateTokenAsync(token, _ct); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt, null, _ct); @@ -218,7 +218,7 @@ public class AccessTokenValidation public async Task JWT_Token_Too_Long() { var signer = Factory.CreateDefaultTokenCreator(); - var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessTokenLong(new Client { ClientId = "roclient" }, "valid", 600, 1000, "read", "write")); + var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessTokenLong(new Client { ClientId = "roclient" }, "valid", 600, 1000, "read", "write"), _ct); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt, null, _ct); @@ -236,7 +236,7 @@ public class AccessTokenValidation futureClock.SetUtcNow(definitelyNotNow); var signer = Factory.CreateDefaultTokenCreator(timeProvider: futureClock); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"); - var jwt = await signer.CreateTokenAsync(token); + var jwt = await signer.CreateTokenAsync(token, _ct); var options = TestIdentityServerOptions.Create(); options.JwtValidationClockSkew = TimeSpan.FromSeconds(10); @@ -255,7 +255,7 @@ public class AccessTokenValidation futureClock.SetUtcNow(definitelyNotNow); var signer = Factory.CreateDefaultTokenCreator(timeProvider: futureClock); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"); - var jwt = await signer.CreateTokenAsync(token); + var jwt = await signer.CreateTokenAsync(token, _ct); var options = TestIdentityServerOptions.Create(); options.JwtValidationClockSkew = TimeSpan.FromSeconds(5); @@ -272,7 +272,7 @@ public class AccessTokenValidation { var signer = Factory.CreateDefaultTokenCreator(); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"); - var jwt = await signer.CreateTokenAsync(token); + var jwt = await signer.CreateTokenAsync(token, _ct); var options = TestIdentityServerOptions.Create(); options.SupportedRequestObjectSigningAlgorithms = ["Test"]; diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/IdentityTokenValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/IdentityTokenValidation.cs index 6b80a8513..7a14bcc89 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/IdentityTokenValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/IdentityTokenValidation.cs @@ -24,7 +24,7 @@ public class IdentityTokenValidation { var creator = Factory.CreateDefaultTokenCreator(); var token = TokenFactory.CreateIdentityToken("roclient", "valid"); - var jwt = await creator.CreateTokenAsync(token); + var jwt = await creator.CreateTokenAsync(token, _ct); var validator = Factory.CreateTokenValidator(); var result = await validator.ValidateIdentityTokenAsync(jwt, "roclient", true, _ct); @@ -37,7 +37,7 @@ public class IdentityTokenValidation public async Task Valid_IdentityToken_DefaultKeyType_no_ClientId_supplied() { var creator = Factory.CreateDefaultTokenCreator(); - var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid")); + var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"), _ct); var validator = Factory.CreateTokenValidator(); var result = await validator.ValidateIdentityTokenAsync(jwt, "roclient", true, _ct); @@ -49,7 +49,7 @@ public class IdentityTokenValidation public async Task Valid_IdentityToken_no_ClientId_supplied() { var creator = Factory.CreateDefaultTokenCreator(); - var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid")); + var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"), _ct); var validator = Factory.CreateTokenValidator(); var result = await validator.ValidateIdentityTokenAsync(jwt, null, true, _ct); @@ -61,7 +61,7 @@ public class IdentityTokenValidation public async Task IdentityToken_InvalidClientId() { var creator = Factory.CreateDefaultTokenCreator(); - var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid")); + var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"), _ct); var validator = Factory.CreateTokenValidator(); var result = await validator.ValidateIdentityTokenAsync(jwt, "invalid", true, _ct); @@ -74,7 +74,7 @@ public class IdentityTokenValidation public async Task IdentityToken_Too_Long() { var creator = Factory.CreateDefaultTokenCreator(); - var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityTokenLong("roclient", "valid", 1000)); + var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityTokenLong("roclient", "valid", 1000), _ct); var validator = Factory.CreateTokenValidator(); var result = await validator.ValidateIdentityTokenAsync(jwt, "roclient", true, _ct); @@ -91,7 +91,7 @@ public class IdentityTokenValidation id_token.Claims.Add(new System.Security.Claims.Claim("aud", "some_aud")); // this should not throw - var jwt = await creator.CreateTokenAsync(id_token); + var jwt = await creator.CreateTokenAsync(id_token, _ct); // check that the custom aud was ignored var payload = jwt.Split('.')[1];