Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gotcha in PersistedGrantFilter validation extension? #1145

Closed
stewart-ritchie opened this issue Feb 29, 2024 · 2 comments
Closed

Gotcha in PersistedGrantFilter validation extension? #1145

stewart-ritchie opened this issue Feb 29, 2024 · 2 comments
Assignees
@RolandGuijt
Labels
IdentityServer question

Comments

@stewart-ritchie
Copy link

It's possible to initialize the ClientIds and Types properties of the PersistedGrantFilter objects with empty collections, rather than null values.

In this scenario the validation does not capture that there are still no filters set, which feels like a bug waiting to happen.

https://github.com/DuendeSoftware/IdentityServer/blob/aff8930ebdcbcb3e2a4c8713a3fdf88712c757de/src/Storage/Extensions/PersistedGrantFilterExtensions.cs#L19-L32
@brockallen brockallen transferred this issue from DuendeSoftware/IdentityServer Feb 29, 2024
@josephdecock
Copy link
Member

Thanks for bringing this up. We'll investigate and follow up with our thoughts.

@RolandGuijt RolandGuijt self-assigned this Mar 1, 2024
@RolandGuijt RolandGuijt mentioned this issue Mar 1, 2024
Open
@RolandGuijt
Copy link

I've created an issue for this. Thanks for bringing this to our attention.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RolandGuijt RolandGuijt

Labels
IdentityServer question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@josephdecock @RolandGuijt @stewart-ritchie