Skip to content

Commit efdf8ce

Browse files
kevinchaletkevinchalet
committed
Move the token binding methods constants to a private nested class exposing URI-style values
1 parent 32f70f2 commit efdf8ce

File tree

2 files changed

+11
-8
lines changed

2 files changed

+11
-8
lines changed

src/OpenIddict.Abstractions/OpenIddictConstants.cs

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -566,8 +566,11 @@ public static class SubjectTypes
566566

567567
public static class TokenBindingMethods
568568
{
569-
public const string SelfSignedTlsClientCertificate = "self_signed_tls_client_certificate";
570-
public const string TlsClientCertificate = "tls_client_certificate";
569+
public static class Private
570+
{
571+
public const string SelfSignedTlsClientCertificate = "urn:openiddict:params:oauth:token-binding-method:self_signed_tls_client_certificate";
572+
public const string TlsClientCertificate = "urn:openiddict:params:oauth:token-binding-method:tls_client_certificate";
573+
}
571574
}
572575

573576
public static class TokenFormats

src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.cs

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -230,13 +230,13 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context)
230230
if (context.TokenEndpointClientAuthenticationMethod is ClientAuthenticationMethods.TlsClientAuth &&
231231
_options.CurrentValue.TlsClientAuthenticationCertificateSelector(context.Registration) is not null)
232232
{
233-
context.UserInfoEndpointTokenBindingMethods.Add(TokenBindingMethods.TlsClientCertificate);
233+
context.UserInfoEndpointTokenBindingMethods.Add(TokenBindingMethods.Private.TlsClientCertificate);
234234
}
235235

236236
else if (context.TokenEndpointClientAuthenticationMethod is ClientAuthenticationMethods.SelfSignedTlsClientAuth &&
237237
_options.CurrentValue.SelfSignedTlsClientAuthenticationCertificateSelector(context.Registration) is not null)
238238
{
239-
context.UserInfoEndpointTokenBindingMethods.Add(TokenBindingMethods.SelfSignedTlsClientCertificate);
239+
context.UserInfoEndpointTokenBindingMethods.Add(TokenBindingMethods.Private.SelfSignedTlsClientCertificate);
240240
}
241241

242242
return default;
@@ -661,16 +661,16 @@ public ValueTask HandleAsync(TContext context)
661661
// If both a client authentication method and one or multiple token binding methods were negotiated,
662662
// make sure they are compatible (e.g that they all use a CA-issued or self-signed X.509 certificate).
663663
if ((context.ClientAuthenticationMethod is ClientAuthenticationMethods.TlsClientAuth &&
664-
context.TokenBindingMethods.Contains(TokenBindingMethods.SelfSignedTlsClientCertificate)) ||
664+
context.TokenBindingMethods.Contains(TokenBindingMethods.Private.SelfSignedTlsClientCertificate)) ||
665665
(context.ClientAuthenticationMethod is ClientAuthenticationMethods.SelfSignedTlsClientAuth &&
666-
context.TokenBindingMethods.Contains(TokenBindingMethods.TlsClientCertificate)))
666+
context.TokenBindingMethods.Contains(TokenBindingMethods.Private.TlsClientCertificate)))
667667
{
668668
throw new InvalidOperationException(SR.GetResourceString(SR.ID0456));
669669
}
670670

671671
// Attach a flag indicating that a client certificate should be used in the TLS handshake.
672672
if (context.ClientAuthenticationMethod is ClientAuthenticationMethods.TlsClientAuth ||
673-
context.TokenBindingMethods.Contains(TokenBindingMethods.TlsClientCertificate))
673+
context.TokenBindingMethods.Contains(TokenBindingMethods.Private.TlsClientCertificate))
674674
{
675675
builder.Append('\u001f');
676676

@@ -681,7 +681,7 @@ public ValueTask HandleAsync(TContext context)
681681

682682
// Attach a flag indicating that a self-signed client certificate should be used in the TLS handshake.
683683
else if (context.ClientAuthenticationMethod is ClientAuthenticationMethods.SelfSignedTlsClientAuth ||
684-
context.TokenBindingMethods.Contains(TokenBindingMethods.SelfSignedTlsClientCertificate))
684+
context.TokenBindingMethods.Contains(TokenBindingMethods.Private.SelfSignedTlsClientCertificate))
685685
{
686686
builder.Append('\u001f');
687687

0 commit comments

Comments
 (0)