You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.
// load clientvarclient=await_clients.FindClientByIdAsync(parsedSecret.Id);if(client==null){awaitRaiseFailureEvent(parsedSecret.Id,"Unknown client");Logger.Info("No client with that id found. aborting");returnfail;}
This should check if the client is null or disabled.
I just noticed your InMemoryClientStore.cs filters out disabled clients internally. In my scenario we use a custom IClientStore which is why I am seeing the issue.
Off the top of my head I can think of two reasons why the disabled flag should probably be handled outside:
Users implementing the interface wouldn't expect disabled clients to be filtered out.
A user may want to use the IClientStore outside of the authentication process, maybe an administrative page that lists the current clients and their state.
From ClientSecretValidator.cs:
This should check if the client is null or disabled.
This issue is also present in TokenValidator.cs.
https://github.com/IdentityServer/IdentityServer3/blob/master/source/Core/Validation/TokenValidator.cs#L114
https://github.com/IdentityServer/IdentityServer3/blob/master/source/Core/Validation/TokenValidator.cs#L267
AuthorizeRequestValidator.cs handles it correctly.
The text was updated successfully, but these errors were encountered: