Skip to content

Commit

Permalink
Simplify the authentication properties filtering logic
Browse files Browse the repository at this point in the history
  • Loading branch information
kevinchalet committed Jan 23, 2024
1 parent 2ed4735 commit fb3f594
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 54 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -77,17 +77,10 @@ public async Task<ActionResult> LogInCallback()

// If needed, the tokens returned by the authorization server can be stored in the authentication cookie.
// To make cookies less heavy, tokens that are not used are filtered out before creating the cookie.
properties.StoreTokens(result.Properties.GetTokens().Where(token => token switch
{
properties.StoreTokens(result.Properties.GetTokens().Where(token => token.Name is
// Preserve the access and refresh tokens returned in the token response, if available.
{
Name: OpenIddictClientAspNetCoreConstants.Tokens.BackchannelAccessToken or
OpenIddictClientAspNetCoreConstants.Tokens.RefreshToken
} => true,

// Ignore the other tokens.
_ => false
}));
OpenIddictClientAspNetCoreConstants.Tokens.BackchannelAccessToken or
OpenIddictClientAspNetCoreConstants.Tokens.RefreshToken));

// Ask the default sign-in handler to return a new cookie and redirect the
// user agent to the return URL stored in the authentication properties.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -130,18 +130,11 @@ public async Task<ActionResult> LogInCallback()
// If needed, the tokens returned by the authorization server can be stored in the authentication cookie.
//
// To make cookies less heavy, tokens that are not used are filtered out before creating the cookie.
properties.StoreTokens(result.Properties.GetTokens().Where(token => token switch
{
properties.StoreTokens(result.Properties.GetTokens().Where(token => token.Name is
// Preserve the access, identity and refresh tokens returned in the token response, if available.
{
Name: OpenIddictClientAspNetCoreConstants.Tokens.BackchannelAccessToken or
OpenIddictClientAspNetCoreConstants.Tokens.BackchannelIdentityToken or
OpenIddictClientAspNetCoreConstants.Tokens.RefreshToken
} => true,

// Ignore the other tokens.
_ => false
}));
OpenIddictClientAspNetCoreConstants.Tokens.BackchannelAccessToken or
OpenIddictClientAspNetCoreConstants.Tokens.BackchannelIdentityToken or
OpenIddictClientAspNetCoreConstants.Tokens.RefreshToken));

// Ask the default sign-in handler to return a new cookie and redirect the
// user agent to the return URL stored in the authentication properties.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -128,21 +128,14 @@ or Claims.Private.RegistrationId or Claims.Private.ProviderName

// Build the authentication properties based on the properties that were added when the challenge was triggered.
var properties = new AuthenticationProperties(result.Properties.Dictionary
.Where(item => item switch
{
.Where(item => item.Key is
// Preserve the return URL.
{ Key: ".redirect" } => true,
".redirect" or

// If needed, the tokens returned by the authorization server can be stored in the authentication cookie.
{
Key: OpenIddictClientOwinConstants.Tokens.BackchannelAccessToken or
OpenIddictClientOwinConstants.Tokens.BackchannelIdentityToken or
OpenIddictClientOwinConstants.Tokens.RefreshToken
} => true,

// Don't add the other properties to the external cookie.
_ => false
})
OpenIddictClientOwinConstants.Tokens.BackchannelAccessToken or
OpenIddictClientOwinConstants.Tokens.BackchannelIdentityToken or
OpenIddictClientOwinConstants.Tokens.RefreshToken)
.ToDictionary(pair => pair.Key, pair => pair.Value));

context.Authentication.SignIn(properties, identity);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -130,18 +130,11 @@ public async Task<ActionResult> LogInCallback()
// If needed, the tokens returned by the authorization server can be stored in the authentication cookie.
//
// To make cookies less heavy, tokens that are not used are filtered out before creating the cookie.
properties.StoreTokens(result.Properties.GetTokens().Where(token => token switch
{
properties.StoreTokens(result.Properties.GetTokens().Where(token => token.Name is
// Preserve the access, identity and refresh tokens returned in the token response, if available.
{
Name: OpenIddictClientAspNetCoreConstants.Tokens.BackchannelAccessToken or
OpenIddictClientAspNetCoreConstants.Tokens.BackchannelIdentityToken or
OpenIddictClientAspNetCoreConstants.Tokens.RefreshToken
} => true,

// Ignore the other tokens.
_ => false
}));
OpenIddictClientAspNetCoreConstants.Tokens.BackchannelAccessToken or
OpenIddictClientAspNetCoreConstants.Tokens.BackchannelIdentityToken or
OpenIddictClientAspNetCoreConstants.Tokens.RefreshToken));

// Ask the default sign-in handler to return a new cookie and redirect the
// user agent to the return URL stored in the authentication properties.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -77,17 +77,10 @@ public async Task<ActionResult> LogInCallback()

// If needed, the tokens returned by the authorization server can be stored in the authentication cookie.
// To make cookies less heavy, tokens that are not used are filtered out before creating the cookie.
properties.StoreTokens(result.Properties.GetTokens().Where(token => token switch
{
properties.StoreTokens(result.Properties.GetTokens().Where(token => token.Name is
// Preserve the access and refresh tokens returned in the token response, if available.
{
Name: OpenIddictClientAspNetCoreConstants.Tokens.BackchannelAccessToken or
OpenIddictClientAspNetCoreConstants.Tokens.RefreshToken
} => true,

// Ignore the other tokens.
_ => false
}));
OpenIddictClientAspNetCoreConstants.Tokens.BackchannelAccessToken or
OpenIddictClientAspNetCoreConstants.Tokens.RefreshToken));

// Ask the default sign-in handler to return a new cookie and redirect the
// user agent to the return URL stored in the authentication properties.
Expand Down

0 comments on commit fb3f594

Please sign in to comment.