cleanup auth session user token store

brockallen · brockallen · commit 1b2107f997fb · 2023-06-22T20:03:31.000-04:00
diff --git a/src/Duende.AccessTokenManagement.OpenIdConnect/AuthenticationSessionUserTokenStore.cs b/src/Duende.AccessTokenManagement.OpenIdConnect/AuthenticationSessionUserTokenStore.cs
@@ -102,13 +102,14 @@ public async Task<UserToken> GetTokenAsync(
             {
                 dpopKeyName += $"::{parameters.Resource}";
             }
-            var expiresName = $"{TokenPrefix}expires_at"; string? refreshToken = null;
+            var expiresName = $"{TokenPrefix}expires_at";
             if (!string.IsNullOrEmpty(parameters.Resource))
             {
                 expiresName += $"::{parameters.Resource}";
             }
             const string refreshTokenName = $"{TokenPrefix}{OpenIdConnectParameterNames.RefreshToken}";
 
+            string? refreshToken = null;
             string? accessToken = null;
             string? accessTokenType = null;
             string? dpopKey = null;
@@ -156,7 +157,7 @@ public async Task StoreTokenAsync(
             UserToken token,
             UserTokenRequestParameters? parameters = null)
         {
-            parameters ??= new ();
+            parameters ??= new();
 
             // check the cache in case the cookie was re-issued via StoreTokenAsync
             // we use String.Empty as the key for a null SignInScheme
@@ -173,13 +174,7 @@ public async Task StoreTokenAsync(
             // in case you want to filter certain claims before re-issuing the authentication session
             var transformedPrincipal = await FilterPrincipalAsync(result.Principal!).ConfigureAwait(false);
 
-            var expiresName = "expires_at";
-            if (!string.IsNullOrEmpty(parameters.Resource))
-            {
-                expiresName += $"::{parameters.Resource}";
-            }
-
-            var tokenName = OpenIdConnectParameterNames.AccessToken;
+            var tokenName = $"{TokenPrefix}{OpenIdConnectParameterNames.AccessToken}";
             if (!string.IsNullOrEmpty(parameters.Resource))
             {
                 tokenName += $"::{parameters.Resource}";
@@ -194,7 +189,11 @@ public async Task StoreTokenAsync(
             {
                 dpopKeyName += $"::{parameters.Resource}";
             }
-
+            var expiresName = $"{TokenPrefix}expires_at";
+            if (!string.IsNullOrEmpty(parameters.Resource))
+            {
+                expiresName += $"::{parameters.Resource}";
+            }
             var refreshTokenName = $"{OpenIdConnectParameterNames.RefreshToken}";
 
             if (AppendChallengeSchemeToTokenNames(parameters))
@@ -206,13 +205,13 @@ public async Task StoreTokenAsync(
                 expiresName += $"||{parameters.ChallengeScheme}";
             }
 
-            result.Properties!.Items[$"{TokenPrefix}{tokenName}"] = token.AccessToken;
-            result.Properties!.Items[$"{TokenPrefix}{tokenTypeName}"] = token.AccessTokenType;
+            result.Properties!.Items[tokenName] = token.AccessToken;
+            result.Properties!.Items[tokenTypeName] = token.AccessTokenType;
             if (token.DPoPJsonWebKey != null)
             {
-                result.Properties!.Items[$"{TokenPrefix}{dpopKeyName}"] = token.DPoPJsonWebKey;
+                result.Properties!.Items[dpopKeyName] = token.DPoPJsonWebKey;
             }
-            result.Properties!.Items[$"{TokenPrefix}{expiresName}"] = token.Expiration.ToString("o", CultureInfo.InvariantCulture);
+            result.Properties!.Items[expiresName] = token.Expiration.ToString("o", CultureInfo.InvariantCulture);
 
             if (token.RefreshToken != null)
             {
diff --git a/test/Tests/UserTokenManagementTests.cs b/test/Tests/UserTokenManagementTests.cs
@@ -262,7 +262,7 @@ public async Task Short_token_lifetime_should_trigger_refresh()
         token.ShouldNotBeNull();
         token.IsError.ShouldBeFalse();
         token.AccessToken.ShouldBe("refreshed2_access_token");
-        token.AccessTokenType.ShouldBe("token_type");
+        token.AccessTokenType.ShouldBe("token_type2");
         token.RefreshToken.ShouldBe("refreshed2_refresh_token");
         token.Expiration.ShouldNotBe(DateTimeOffset.MaxValue);
     }

Original file line number	Diff line number	Diff line change
`@@ -102,13 +102,14 @@ public async Task<UserToken> GetTokenAsync(`
`102`	`102`	`{`
`103`	`103`	`dpopKeyName += $"::{parameters.Resource}";`
`104`	`104`	`}`
`105`		`- var expiresName = $"{TokenPrefix}expires_at"; string? refreshToken = null;`
	`105`	`+ var expiresName = $"{TokenPrefix}expires_at";`
`106`	`106`	`if (!string.IsNullOrEmpty(parameters.Resource))`
`107`	`107`	`{`
`108`	`108`	`expiresName += $"::{parameters.Resource}";`
`109`	`109`	`}`
`110`	`110`	`const string refreshTokenName = $"{TokenPrefix}{OpenIdConnectParameterNames.RefreshToken}";`
`111`	`111`
	`112`	`+ string? refreshToken = null;`
`112`	`113`	`string? accessToken = null;`
`113`	`114`	`string? accessTokenType = null;`
`114`	`115`	`string? dpopKey = null;`
`@@ -156,7 +157,7 @@ public async Task StoreTokenAsync(`
`156`	`157`	`UserToken token,`
`157`	`158`	`UserTokenRequestParameters? parameters = null)`
`158`	`159`	`{`
`159`		`- parameters ??= new ();`
	`160`	`+ parameters ??= new();`
`160`	`161`
`161`	`162`	`// check the cache in case the cookie was re-issued via StoreTokenAsync`
`162`	`163`	`// we use String.Empty as the key for a null SignInScheme`
`@@ -173,13 +174,7 @@ public async Task StoreTokenAsync(`
`173`	`174`	`// in case you want to filter certain claims before re-issuing the authentication session`
`174`	`175`	`var transformedPrincipal = await FilterPrincipalAsync(result.Principal!).ConfigureAwait(false);`
`175`	`176`
`176`		`- var expiresName = "expires_at";`
`177`		`- if (!string.IsNullOrEmpty(parameters.Resource))`
`178`		`- {`
`179`		`- expiresName += $"::{parameters.Resource}";`
`180`		`- }`
`181`		`-`
`182`		`- var tokenName = OpenIdConnectParameterNames.AccessToken;`
	`177`	`+ var tokenName = $"{TokenPrefix}{OpenIdConnectParameterNames.AccessToken}";`
`183`	`178`	`if (!string.IsNullOrEmpty(parameters.Resource))`
`184`	`179`	`{`
`185`	`180`	`tokenName += $"::{parameters.Resource}";`
`@@ -194,7 +189,11 @@ public async Task StoreTokenAsync(`
`194`	`189`	`{`
`195`	`190`	`dpopKeyName += $"::{parameters.Resource}";`
`196`	`191`	`}`
`197`		`-`
	`192`	`+ var expiresName = $"{TokenPrefix}expires_at";`
	`193`	`+ if (!string.IsNullOrEmpty(parameters.Resource))`
	`194`	`+ {`
	`195`	`+ expiresName += $"::{parameters.Resource}";`
	`196`	`+ }`
`198`	`197`	`var refreshTokenName = $"{OpenIdConnectParameterNames.RefreshToken}";`
`199`	`198`
`200`	`199`	`if (AppendChallengeSchemeToTokenNames(parameters))`
`@@ -206,13 +205,13 @@ public async Task StoreTokenAsync(`
`206`	`205`	`expiresName += $"\|\|{parameters.ChallengeScheme}";`
`207`	`206`	`}`
`208`	`207`
`209`		`- result.Properties!.Items[$"{TokenPrefix}{tokenName}"] = token.AccessToken;`
`210`		`- result.Properties!.Items[$"{TokenPrefix}{tokenTypeName}"] = token.AccessTokenType;`
	`208`	`+ result.Properties!.Items[tokenName] = token.AccessToken;`
	`209`	`+ result.Properties!.Items[tokenTypeName] = token.AccessTokenType;`
`211`	`210`	`if (token.DPoPJsonWebKey != null)`
`212`	`211`	`{`
`213`		`- result.Properties!.Items[$"{TokenPrefix}{dpopKeyName}"] = token.DPoPJsonWebKey;`
	`212`	`+ result.Properties!.Items[dpopKeyName] = token.DPoPJsonWebKey;`
`214`	`213`	`}`
`215`		`- result.Properties!.Items[$"{TokenPrefix}{expiresName}"] = token.Expiration.ToString("o", CultureInfo.InvariantCulture);`
	`214`	`+ result.Properties!.Items[expiresName] = token.Expiration.ToString("o", CultureInfo.InvariantCulture);`
`216`	`215`
`217`	`216`	`if (token.RefreshToken != null)`
`218`	`217`	`{`
Original file line number	Diff line number	Diff line change
`@@ -262,7 +262,7 @@ public async Task Short_token_lifetime_should_trigger_refresh()`
`262`	`262`	`token.ShouldNotBeNull();`
`263`	`263`	`token.IsError.ShouldBeFalse();`
`264`	`264`	`token.AccessToken.ShouldBe("refreshed2_access_token");`
`265`		`- token.AccessTokenType.ShouldBe("token_type");`
	`265`	`+ token.AccessTokenType.ShouldBe("token_type2");`
`266`	`266`	`token.RefreshToken.ShouldBe("refreshed2_refresh_token");`
`267`	`267`	`token.Expiration.ShouldNotBe(DateTimeOffset.MaxValue);`
`268`	`268`	`}`