search

DuendeSoftware / Support

Support for Duende Software products
20 stars 0 forks source link

Why refresh token is having multiple access token in duende idp server version 7.0.5? #1363

Closed susan12-web closed 3 weeks ago

susan12-web commented 1 month ago

Which version of Duende IdentityServer are you using? idp 7.0.5

Which version of .NET are you using? .net 8

Describe the bug

/// <summary>
/// Gets or sets the resource indicator specific access token.
/// </summary>
/// <value>
/// The access token.
/// </value>
public Dictionary<string, Token> AccessTokens { get; set; } = new Dictionary<string, Token>();

Could you please let me know the use cases for making the above accesstoken as Dictionary in below file? 

namespace Duende.IdentityServer.Models;

/// <summary>
/// Models a refresh token.
/// </summary>
public class RefreshToken
RolandGuijt commented 1 month ago

Refresh tokens could be configured to be used multiple times. This can be used by confidential clients and prevents the possible loss of a new refresh token due to network anomalies. Please see the documentation here.

josephdecock commented 1 month ago

It's also possible for a client to request authorization with multiple resource indicators and then use their refresh token with each specific resource indicator to get distinct tokens that are intended to be sent to different resources. This is useful when there is a trust boundary between resources.

josephdecock commented 1 month ago

See https://docs.duendesoftware.com/identityserver/v7/fundamentals/resources/isolation/#requesting-access-to-multiple-resources

susan12-web commented 4 weeks ago

thanks a lot for above information

susan12-web commented 4 weeks ago

@josephdecock @RolandGuijt Could you please let me know Is there any where duende is taking care of below issue ? Is the backward compatibility with IdentityServer 4 taken care by duende got error as :

Here in below line if version is <5 its assigning some values but AccessTokenType is not assigning.

https://github.com/DuendeSoftware/IdentityServer/blob/7.0.5/src/Storage/Stores/Serialization/PersistentGrantSerializer.cs#L116

System.Text.Json.JsonException: 'The JSON value could not be converted to Duende.IdentityServer.Models.AccessTokenType. Path: $.AccessToken.AccessTokenType | LineNumber: 0 | BytePositionInLine: 2835.'

But in duende its an enum as below :

///

/// Gets or sets the type of access token of the client /// /// /// The access token type specified by the client. /// public AccessTokenType AccessTokenType { get; set; }

For the idp 4 version do we have to do a conversion as below for deserializing :

// To backward compatibility with IdentityServer 4: // if (jsonObj["Version"] == Common.Constants.Grants.IdentityServer4VersionValue) // { // jsonObj["AccessToken"]["AccessTokenType"] = (int)AccessTokenType.Reference; // string output = Newtonsoft.Json.JsonConvert.SerializeObject(jsonObj, Newtonsoft.Json.Formatting.Indented); // return Serializer.Deserialize(output); // }

RolandGuijt commented 3 weeks ago

@susan12-web This seems to be a new topic for this issue. It seems similar to this issue you raised a while ago. Can you please reopen that?

Closing this one for now but feel free to reopen if you have more questions about the refresh token topic.