Merge pull request #980 from DuendeSoftware/brock/missing_client_id_e…

…rror support invalid_request when client_id is missing in client secret validator
DuendeSoftware · Jul 22, 2022 · 1b2eaf8 · 1b2eaf8
2 parents 0222403 + 44ffb33
commit 1b2eaf8
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 12 deletions.
diff --git a/src/IdentityServer/Endpoints/BackchannelAuthenticationEndpoint.cs b/src/IdentityServer/Endpoints/BackchannelAuthenticationEndpoint.cs
@@ -72,10 +72,9 @@ private async Task<IEndpointResult> ProcessAuthenticationRequestAsync(HttpContex
 
         // validate client
         var clientResult = await _clientValidator.ValidateAsync(context);
-
-        if (clientResult.Client == null)
+        if (clientResult.IsError)
         {
-            return Error(OidcConstants.BackchannelAuthenticationRequestErrors.InvalidClient);
+            return Error(clientResult.Error ?? OidcConstants.BackchannelAuthenticationRequestErrors.InvalidClient);
         }
 
         // validate request

diff --git a/src/IdentityServer/Endpoints/DeviceAuthorizationEndpoint.cs b/src/IdentityServer/Endpoints/DeviceAuthorizationEndpoint.cs
@@ -83,7 +83,7 @@ private async Task<IEndpointResult> ProcessDeviceAuthorizationRequestAsync(HttpC
 
         // validate client
         var clientResult = await _clientValidator.ValidateAsync(context);
-        if (clientResult.Client == null) return Error(OidcConstants.TokenErrors.InvalidClient);
+        if (clientResult.IsError) return Error(clientResult.Error ?? OidcConstants.TokenErrors.InvalidClient);
 
         // validate request
         var form = (await context.Request.ReadFormAsync()).AsNameValueCollection();

diff --git a/src/IdentityServer/Endpoints/TokenEndpoint.cs b/src/IdentityServer/Endpoints/TokenEndpoint.cs
@@ -88,10 +88,9 @@ private async Task<IEndpointResult> ProcessTokenRequestAsync(HttpContext context
 
         // validate client
         var clientResult = await _clientValidator.ValidateAsync(context);
-
-        if (clientResult.Client == null)
+        if (clientResult.IsError)
         {
-            return Error(OidcConstants.TokenErrors.InvalidClient);
+            return Error(clientResult.Error ?? OidcConstants.TokenErrors.InvalidClient);
         }
 
         // validate request

diff --git a/src/IdentityServer/Endpoints/TokenRevocationEndpoint.cs b/src/IdentityServer/Endpoints/TokenRevocationEndpoint.cs
@@ -92,10 +92,9 @@ private async Task<IEndpointResult> ProcessRevocationRequestAsync(HttpContext co
 
         // validate client
         var clientValidationResult = await _clientValidator.ValidateAsync(context);
-
         if (clientValidationResult.IsError)
         {
-            return new TokenRevocationErrorResult(OidcConstants.TokenErrors.InvalidClient);
+            return new TokenRevocationErrorResult(clientValidationResult.Error ?? OidcConstants.TokenErrors.InvalidClient);
         }
 
         _logger.LogTrace("Client validation successful");

diff --git a/src/IdentityServer/Validation/Default/ClientSecretValidator.cs b/src/IdentityServer/Validation/Default/ClientSecretValidator.cs
@@ -53,7 +53,8 @@ public async Task<ClientSecretValidationResult> ValidateAsync(HttpContext contex
 
         var fail = new ClientSecretValidationResult
         {
-            IsError = true
+            IsError = true,
+            Error = IdentityModel.OidcConstants.TokenErrors.InvalidClient
         };
 
         var parsedSecret = await _parser.ParseAsync(context);
@@ -62,6 +63,8 @@ public async Task<ClientSecretValidationResult> ValidateAsync(HttpContext contex
             await RaiseFailureEventAsync("unknown", "No client id found");
 
             _logger.LogError("No client identifier found");
+
+            fail.Error = IdentityModel.OidcConstants.TokenErrors.InvalidRequest;
             return fail;
         }
 

diff --git a/...IdentityServer.IntegrationTests/Endpoints/DeviceAuthorization/DeviceAuthorizationTests.cs b/...IdentityServer.IntegrationTests/Endpoints/DeviceAuthorization/DeviceAuthorizationTests.cs
@@ -75,7 +75,7 @@ public async Task wrong_content_type_return_InvalidRequest()
 
     [Fact]
     [Trait("Category", Category)]
-    public async Task empty_request_should_return_InvalidClient()
+    public async Task empty_request_should_return_InvalidRequest()
     {
         var response = await _mockPipeline.BackChannelClient.PostAsync(IdentityServerPipeline.DeviceAuthorization,
             new FormUrlEncodedContent(new Dictionary<string, string>()));
@@ -85,7 +85,7 @@ public async Task empty_request_should_return_InvalidClient()
         var resultDto = ParseJsonBody<ErrorResultDto>(await response.Content.ReadAsStreamAsync());
 
         resultDto.Should().NotBeNull();
-        resultDto.error.Should().Be(OidcConstants.TokenErrors.InvalidClient);
+        resultDto.error.Should().Be(OidcConstants.TokenErrors.InvalidRequest);
     }
 
     [Fact]