Fix the incorrect jti handling in the introspection middleware

kevinchalet · kevinchalet · commit fb9ffdda304e · 2016-04-29T08:07:33.000+02:00
diff --git a/src/AspNet.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs b/src/AspNet.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs
@@ -288,7 +288,7 @@ protected virtual async Task<AuthenticationTicket> CreateTicketAsync(string toke
 
                     // Add the token identifier as a property on the authentication ticket.
                     case OAuthIntrospectionConstants.Claims.JwtId: {
-                        properties.Items[OAuthIntrospectionConstants.Properties.TicketId] = property.Value<string>();
+                        properties.Items[OAuthIntrospectionConstants.Properties.TicketId] = (string) property;
 
                         continue;
                     }
diff --git a/src/Owin.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs b/src/Owin.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs
@@ -278,7 +278,7 @@ protected virtual async Task<AuthenticationTicket> CreateTicketAsync(string toke
                         
                     // Add the token identifier as a property on the authentication ticket.
                     case OAuthIntrospectionConstants.Claims.JwtId: {
-                        properties.Dictionary[OAuthIntrospectionConstants.Properties.TicketId] = property.Value<string>();
+                        properties.Dictionary[OAuthIntrospectionConstants.Properties.TicketId] = (string) property;
 
                         continue;
                     }
diff --git a/test/AspNet.Security.OAuth.Introspection.Tests/OAuthIntrospectionMiddlewareTests.cs b/test/AspNet.Security.OAuth.Introspection.Tests/OAuthIntrospectionMiddlewareTests.cs
@@ -708,13 +708,15 @@ private static TestServer CreateAuthorizationServer() {
 
                             case "valid-token": {
                                 payload[OAuthIntrospectionConstants.Claims.Active] = true;
+                                payload[OAuthIntrospectionConstants.Claims.JwtId] = "jwt-token-identifier";
                                 payload[OAuthIntrospectionConstants.Claims.Subject] = "Fabrikam";
 
                                 break;
                             }
 
                             case "valid-token-with-scopes": {
                                 payload[OAuthIntrospectionConstants.Claims.Active] = true;
+                                payload[OAuthIntrospectionConstants.Claims.JwtId] = "jwt-token-identifier";
                                 payload[OAuthIntrospectionConstants.Claims.Subject] = "Fabrikam";
                                 payload[OAuthIntrospectionConstants.Claims.Scope] =
                                     "C54A8F5E-0387-43F4-BA43-FD4B50DC190D 5C57E3BD-9EFB-4224-9AB8-C8C5E009FFD7";
@@ -724,6 +726,7 @@ private static TestServer CreateAuthorizationServer() {
 
                             case "valid-token-with-single-audience": {
                                 payload[OAuthIntrospectionConstants.Claims.Active] = true;
+                                payload[OAuthIntrospectionConstants.Claims.JwtId] = "jwt-token-identifier";
                                 payload[OAuthIntrospectionConstants.Claims.Subject] = "Fabrikam";
                                 payload[OAuthIntrospectionConstants.Claims.Audience] = "http://www.google.com/";
 
@@ -732,6 +735,7 @@ private static TestServer CreateAuthorizationServer() {
 
                             case "valid-token-with-multiple-audiences": {
                                 payload[OAuthIntrospectionConstants.Claims.Active] = true;
+                                payload[OAuthIntrospectionConstants.Claims.JwtId] = "jwt-token-identifier";
                                 payload[OAuthIntrospectionConstants.Claims.Subject] = "Fabrikam";
                                 payload[OAuthIntrospectionConstants.Claims.Audience] = JArray.FromObject(new[] {
                                     "http://www.google.com/", "http://www.fabrikam.com/"
diff --git a/test/Owin.Security.OAuth.Introspection.Tests/OAuthIntrospectionMiddlewareTests.cs b/test/Owin.Security.OAuth.Introspection.Tests/OAuthIntrospectionMiddlewareTests.cs
@@ -670,13 +670,15 @@ private static TestServer CreateAuthorizationServer() {
 
                             case "valid-token": {
                                 payload[OAuthIntrospectionConstants.Claims.Active] = true;
+                                payload[OAuthIntrospectionConstants.Claims.JwtId] = "jwt-token-identifier";
                                 payload[OAuthIntrospectionConstants.Claims.Subject] = "Fabrikam";
 
                                 break;
                             }
 
                             case "valid-token-with-scopes": {
                                 payload[OAuthIntrospectionConstants.Claims.Active] = true;
+                                payload[OAuthIntrospectionConstants.Claims.JwtId] = "jwt-token-identifier";
                                 payload[OAuthIntrospectionConstants.Claims.Subject] = "Fabrikam";
                                 payload[OAuthIntrospectionConstants.Claims.Scope] =
                                     "C54A8F5E-0387-43F4-BA43-FD4B50DC190D 5C57E3BD-9EFB-4224-9AB8-C8C5E009FFD7";
@@ -686,6 +688,7 @@ private static TestServer CreateAuthorizationServer() {
 
                             case "valid-token-with-single-audience": {
                                 payload[OAuthIntrospectionConstants.Claims.Active] = true;
+                                payload[OAuthIntrospectionConstants.Claims.JwtId] = "jwt-token-identifier";
                                 payload[OAuthIntrospectionConstants.Claims.Subject] = "Fabrikam";
                                 payload[OAuthIntrospectionConstants.Claims.Audience] = "http://www.google.com/";
 
@@ -694,6 +697,7 @@ private static TestServer CreateAuthorizationServer() {
 
                             case "valid-token-with-multiple-audiences": {
                                 payload[OAuthIntrospectionConstants.Claims.Active] = true;
+                                payload[OAuthIntrospectionConstants.Claims.JwtId] = "jwt-token-identifier";
                                 payload[OAuthIntrospectionConstants.Claims.Subject] = "Fabrikam";
                                 payload[OAuthIntrospectionConstants.Claims.Audience] = JArray.FromObject(new[] {
                                     "http://www.google.com/", "http://www.fabrikam.com/"

Original file line number	Diff line number	Diff line change
`@@ -288,7 +288,7 @@ protected virtual async Task<AuthenticationTicket> CreateTicketAsync(string toke`
`288`	`288`
`289`	`289`	`// Add the token identifier as a property on the authentication ticket.`
`290`	`290`	`case OAuthIntrospectionConstants.Claims.JwtId: {`
`291`		`- properties.Items[OAuthIntrospectionConstants.Properties.TicketId] = property.Value<string>();`
	`291`	`+ properties.Items[OAuthIntrospectionConstants.Properties.TicketId] = (string) property;`
`292`	`292`
`293`	`293`	`continue;`
`294`	`294`	`}`
Original file line number	Diff line number	Diff line change
`@@ -278,7 +278,7 @@ protected virtual async Task<AuthenticationTicket> CreateTicketAsync(string toke`
`278`	`278`
`279`	`279`	`// Add the token identifier as a property on the authentication ticket.`
`280`	`280`	`case OAuthIntrospectionConstants.Claims.JwtId: {`
`281`		`- properties.Dictionary[OAuthIntrospectionConstants.Properties.TicketId] = property.Value<string>();`
	`281`	`+ properties.Dictionary[OAuthIntrospectionConstants.Properties.TicketId] = (string) property;`
`282`	`282`
`283`	`283`	`continue;`
`284`	`284`	`}`