Stop using the ClaimsIdentity constructor accepting a single string p…

…arameter and use explicit claim types
openiddict · Jan 23, 2024 · b386b78 · b386b78
1 parent 0a2d1d4
commit b386b78
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 4 deletions.
diff --git a/src/OpenIddict.Client/OpenIddictClientHandlers.cs b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
@@ -2423,7 +2423,11 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context)
             Debug.Assert(context.Registration.Issuer is { IsAbsoluteUri: true }, SR.GetResourceString(SR.ID4013));
 
             // Create a new principal that will be used to store the client assertion claims.
-            var principal = new ClaimsPrincipal(new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType));
+            var principal = new ClaimsPrincipal(new ClaimsIdentity(
+                authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+                nameType: Claims.Name,
+                roleType: Claims.Role));
+
             principal.SetCreationDate(DateTimeOffset.UtcNow);
 
             var lifetime = context.Options.ClientAssertionLifetime;
@@ -4019,7 +4023,10 @@ ClaimsPrincipal CreateMergedPrincipal(params ClaimsPrincipal?[] principals)
                         context.Registration.TokenValidationParameters.AuthenticationType,
                         context.Registration.TokenValidationParameters.NameClaimType,
                         context.Registration.TokenValidationParameters.RoleClaimType) :
-                    new ClaimsIdentity(context.Registration.TokenValidationParameters.AuthenticationType);
+                    new ClaimsIdentity(
+                        context.Registration.TokenValidationParameters.AuthenticationType,
+                        nameType: ClaimTypes.Name,
+                        roleType: ClaimTypes.Role);
 
                 foreach (var principal in principals)
                 {
@@ -5479,7 +5486,11 @@ public ValueTask HandleAsync(ProcessChallengeContext context)
             Debug.Assert(context.Registration.Issuer is { IsAbsoluteUri: true }, SR.GetResourceString(SR.ID4013));
 
             // Create a new principal that will be used to store the client assertion claims.
-            var principal = new ClaimsPrincipal(new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType));
+            var principal = new ClaimsPrincipal(new ClaimsIdentity(
+                authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+                nameType: Claims.Name,
+                roleType: Claims.Role));
+
             principal.SetCreationDate(DateTimeOffset.UtcNow);
 
             var lifetime = context.Options.ClientAssertionLifetime;

diff --git a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
@@ -350,7 +350,11 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context)
             Debug.Assert(context.Configuration.Issuer is { IsAbsoluteUri: true }, SR.GetResourceString(SR.ID4013));
 
             // Create a new principal that will be used to store the client assertion claims.
-            var principal = new ClaimsPrincipal(new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType));
+            var principal = new ClaimsPrincipal(new ClaimsIdentity(
+                authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+                nameType: Claims.Name,
+                roleType: Claims.Role));
+
             principal.SetCreationDate(DateTimeOffset.UtcNow);
 
             var lifetime = context.Options.ClientAssertionLifetime;