Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

NullReferenceException in DefaultClaimsProvider since update to 2.6.0 #3470

Open
cypressious opened this issue Jan 19, 2017 · 17 comments
Open

NullReferenceException in DefaultClaimsProvider since update to 2.6.0 #3470

cypressious opened this issue Jan 19, 2017 · 17 comments
Assignees
@brockallen
Labels
bug report

Comments

@cypressious
Copy link

Question / Issue

After upgrading to 2.6.0 from 2.5.4 I get this exception when trying to log in. I'm using https://www.nuget.org/packages/IdentityServer3.MongoDb, a custom IUserService and as well as

.UseInMemoryClients(BlsClientConfig.GetAll(frontEnds, userApiHosts))
.UseInMemoryScopes(DefaultUsers.GetScopes());

Relevant parts of the log file

2017-01-19 11:03:35.403 +01:00 [Debug] HTTP Request
{
  "Method": "GET",
  "Url": "http://localhost/identity/callback",
  "Headers": {
    "Connection": [
      "keep-alive"
    ],
    "Accept": [
      "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
    ],
    "Accept-Encoding": [
      "gzip, deflate"
    ],
    "Accept-Language": [
      "de,en-US;q=0.7,en;q=0.3"
    ],
    "Cookie": [
      "idsrv.xsrf=kM1sxQT9p294Hmt38SokBOUUwWZM1nwYSyK3pLyzIpDWM4iskQ6LQlSgrhnRwzwiyDv-bGHbSawD4KSeOY1CHGI5vYHoGGLja5QNmwP3o_I; SignInMessage.51428b9186c86703f8b13fe22b2726b4=x4Mif_eGHgdMilsuu8oYW4ky1ITKjF-9M6jbFTrAzNf5gvcXquFiAGBjGB0w9-VCsuY0JeTYAbR3ccvYAXpKxtj3NRXMQEJ7DKaVsmolgDl1-reYFSCNB2X4NJugQOGNE58hPnTRgwpPQ1QhdRBN5rC0AescRZhZsm-6_7cVDS7CLtJgtij12DdbFwUzJ0qm73fvxTplJZHgCz3tQ5wWMU_l-9aef1TTFwp-lmeavaiouCXZ53ChxdaQuZS2L5R3vbDR7vDEgRPMvYDtUzRYCr8w1sY31WSEeuwQAvbQPxlTIT5KzoNFmp7tIiXZuF7Ok6wvCBmqAgYBxviyXHxHKcmhKYR78mlaEoRQN2e5zVftkx2xGXIkImpzi1yAsKZ81AU_wk__c9eNV0TgzlT1PskLRllaE2E0nJY8_nS1Rax-XB7T0z_EhPw6rOBqu9iYdj1Y0h8jAgy7xjfm4jLl0Or1VcMuJXcxdipFL3eVDFqeWHOTu0C26aTK2qGzqooZgIUr0ZS-xzwj_E6z5uGTmfoZ2ZqPS5GNaQfsxP4qhtYLZuW9C-xStqaXmBUFdLAHrRhW3gT9c_-o-NlwWjfKIFJpwHkkKUxYDM1NkqEoUUWxF7MI1p682VjH5dbrj33J86jcB-rRy0DzcNVJOouo271CODEqfvLzlcdPDU-8mvU6TdJnlCPQGFevK_jRsoTIllaNHkYiMFV2kgOYartzM9dbAeZSfYriwniOCVLLZej_iqS9DUiia-Xq2qrtqS6hKAbLEznotIjLce9ae8mbSGDqejI1dfyM6pM8Jtm-v1XLeYYI1SDpnmenWXnsDxtrYfNjtj06vcgj1dFGCdJQYIKJhHAKOrFVOu-DR9MP38FrgUlTErb1Uo_z5ptg3ZAWVd9uXlRA1C-hUFve2O7HzKooWqtwHxgXM6FyV8eewJGO3CTJezWswG6X_qymjZjI; idsrv.external=5Id64c2psQRHVTexHRNnkdkSpEIWcR5pJ7a7mmZri3zP4rUGq-Da3ltAWbPMgx5YJTLbW-cTOKuHBm6zitEJ4WVSeWi1rflnGuQCKjE-WsZXMybDfgipSRLEcK0y_wtSxUWAqXEgm0tfOilPyTNcI-wR-QeiljhV_FRStk6H04uMWYHj4runjuIJId8e2puQ8Xw9WArNiUMsB9uWLkKEiKF9gCpknSS1VmCdzhm9qf-jwvMu4TrHqYW4WwOBXtvZDkSfUwz0vHjg5X5BPMjoJ9ZGdJ4yqTXWblqAXS3aCedgdjV95FqJT3PeZWE3CYYoTIGQbQOCbDAfzicQYIYq3Ka9x-RXgYJcr1uQ6FEnLfM2nxVnFFh03AameuhTbr3jQM4fS1B7fkeXaQcK2xrRjlXwb_Eyh6SHh-nPO7RSkyyGfjIqaZ6QniHnOv1HnORzeFEx-IKKOmjujpIGTP6hblhn4sDSlYCPF9ttD9fxIYc; Idea-3aa62fe9=6aa43724-248a-4469-97b2-91e03ac28890; CookieInfo=1; LastUserSearch=From=berlin&To=hamburg; OpenIdConnect.nonce.6qJTNzFsWHppPOa%2FDEXxbcUYQ0cJMOU0aDtYlrPCO%2Fk%3D=M1c2eFNOUU1nSlE2Z091N3pMZ3ZrRDRjS291LWkzcGlhSGFsNzQ0azJILWJ5VHJPdDkwamwyXzZQWnFBd3JHa0JiRUo5Wll6WkR2OEd5aGN3dTdrMHRad2R5VW5lSXBCenlzT2YyTmVmWmwwbEtmU0ZIeTBXMllwcUppRFVtUVE5ZEQwUEZ5R0ZObG5kbFJaZXl1SXBsUzJ3RVo1RHBkc3hDenhuaTJZOG9KbC1GbnNJeTZJS2FSQ3RzSDFGeW5CMUxaejRnMk95d001eTdPRlo0cU0yRFJhLWFj"
    ],
    "Host": [
      "localhost"
    ],
    "Referer": [
      "http://localhost/identity/login?signin=51428b9186c86703f8b13fe22b2726b4"
    ],
    "User-Agent": [
      "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
    ],
    "Upgrade-Insecure-Requests": [
      "1"
    ]
  },
  "Body": ""
}
2017-01-19 11:03:35.404 +01:00 [Information] Callback invoked from external identity provider
2017-01-19 11:03:35.405 +01:00 [Information] external user provider: "Facebook", provider ID: "1568367229844585"
2017-01-19 11:03:35.415 +01:00 [Information] External identity successfully validated by user service
2017-01-19 11:03:35.415 +01:00 [Information] Calling PostAuthenticateAsync on the user service
2017-01-19 11:03:35.416 +01:00 [Information] issuing primary signin cookie
2017-01-19 11:03:35.416 +01:00 [Information] redirecting to: http://localhost/identity/connect/authorize?client_id=BlsFrontend&redirect_uri=http:%2F%2Flocalhost&response_mode=form_post&response_type=code id_token token&scope=openid profile offline_access&state=OpenIdConnect.AuthenticationProperties%3DK9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA&nonce=636204170122151954.NTU4ZTI4MDUtYmYxOC00YmZkLWE1NjYtNDQ2ZWZhY2E2MWEzM2Q2NmQyNGEtZWZmNC00MTkyLWE5NjEtYmNhZDUwMTMxOTk4
2017-01-19 11:03:35.420 +01:00 [Debug] HTTP Response
{
  "StatusCode": 302,
  "Headers": {
    "Content-Type": [
      "text/html"
    ],
    "Server": [
      "Microsoft-IIS/10.0"
    ],
    "Set-Cookie": [
      "SignInMessage.51428b9186c86703f8b13fe22b2726b4=.; path=/identity; expires=Tue, 19-Jan-2016 10:03:35 GMT; HttpOnly",
      "idsvr.session=864b6e0d905f11c428aae0ec1c81ba58; path=/identity; expires=Thu, 19-Jan-2017 20:03:35 GMT"
    ],
    "Location": [
      "http://localhost/identity/connect/authorize?client_id=BlsFrontend&redirect_uri=http%3A%2F%2Flocalhost&response_mode=form_post&response_type=code%20id_token%20token&scope=openid%20profile%20offline_access&state=OpenIdConnect.AuthenticationProperties%3DK9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA&nonce=636204170122151954.NTU4ZTI4MDUtYmYxOC00YmZkLWE1NjYtNDQ2ZWZhY2E2MWEzM2Q2NmQyNGEtZWZmNC00MTkyLWE5NjEtYmNhZDUwMTMxOTk4"
    ],
    "Content-Length": [
      "0"
    ]
  },
  "Body": ""
}
2017-01-19 11:03:35.462 +01:00 [Debug] HTTP Request
{
  "Method": "GET",
  "Url": "http://localhost/identity/connect/authorize?client_id=BlsFrontend&redirect_uri=http%3A%2F%2Flocalhost&response_mode=form_post&response_type=code%20id_token%20token&scope=openid%20profile%20offline_access&state=OpenIdConnect.AuthenticationProperties%3DK9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA&nonce=636204170122151954.NTU4ZTI4MDUtYmYxOC00YmZkLWE1NjYtNDQ2ZWZhY2E2MWEzM2Q2NmQyNGEtZWZmNC00MTkyLWE5NjEtYmNhZDUwMTMxOTk4",
  "Headers": {
    "Connection": [
      "keep-alive"
    ],
    "Accept": [
      "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
    ],
    "Accept-Encoding": [
      "gzip, deflate"
    ],
    "Accept-Language": [
      "de,en-US;q=0.7,en;q=0.3"
    ],
    "Cookie": [
      "idsrv.xsrf=kM1sxQT9p294Hmt38SokBOUUwWZM1nwYSyK3pLyzIpDWM4iskQ6LQlSgrhnRwzwiyDv-bGHbSawD4KSeOY1CHGI5vYHoGGLja5QNmwP3o_I; idsvr.session=864b6e0d905f11c428aae0ec1c81ba58; idsrv=NxF-5fEHizfsMRacMS3YlL0qn2w-SdfHwFfaQGsHzeyJCokz85hkDXOAs8Jtd_jx1li1gC-IfW_AEsH4lEK5baKDAQyKvHjHSXX8CyVLfEcBAj6auqAb5POWA7cjyFj9ckFK2WujOnzDA0xdDxhBVNLorcvUCvs_KbKXvhnPHSYuSUPf75O_zPODWgiEmw-nlZIuSngGOXROXX8woSAknZPjJt8tdvSRIz__N4HXUGls930LIsSaK60qMlG50pMmQSsEp4o8ZqdpPcA-b2SmNXU4T4v-eVXivNqooBd5deYZSLkEV3t5Tp1AasXhAohhCXII6I8AXvi4JadojMzCFS_b-r3yxPcln_hTh_EiO_OiIkTVW1v7HtBFf96yR1aY9ipR_e3rZXMlQ8Nrl8kdZg; Idea-3aa62fe9=6aa43724-248a-4469-97b2-91e03ac28890; CookieInfo=1; LastUserSearch=From=berlin&To=hamburg; OpenIdConnect.nonce.6qJTNzFsWHppPOa%2FDEXxbcUYQ0cJMOU0aDtYlrPCO%2Fk%3D=M1c2eFNOUU1nSlE2Z091N3pMZ3ZrRDRjS291LWkzcGlhSGFsNzQ0azJILWJ5VHJPdDkwamwyXzZQWnFBd3JHa0JiRUo5Wll6WkR2OEd5aGN3dTdrMHRad2R5VW5lSXBCenlzT2YyTmVmWmwwbEtmU0ZIeTBXMllwcUppRFVtUVE5ZEQwUEZ5R0ZObG5kbFJaZXl1SXBsUzJ3RVo1RHBkc3hDenhuaTJZOG9KbC1GbnNJeTZJS2FSQ3RzSDFGeW5CMUxaejRnMk95d001eTdPRlo0cU0yRFJhLWFj"
    ],
    "Host": [
      "localhost"
    ],
    "Referer": [
      "http://localhost/identity/login?signin=51428b9186c86703f8b13fe22b2726b4"
    ],
    "User-Agent": [
      "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
    ],
    "Upgrade-Insecure-Requests": [
      "1"
    ]
  },
  "Body": ""
}
2017-01-19 11:03:35.463 +01:00 [Information] Start authorize request
2017-01-19 11:03:35.463 +01:00 [Information] Start authorize request protocol validation
2017-01-19 11:03:35.463 +01:00 [Information] "Authorize request validation success"
 "{
  \"ClientId\": \"BlsFrontend\",
  \"ClientName\": \"Frontend of BLS\",
  \"RedirectUri\": \"http://localhost\",
  \"AllowedRedirectUris\": [
    \"http://localhost\",
    \"http://localhost/\",
    \"http://localhost/internal\",
    \"http://localhost/client-callback-silent/\",
    \"http://localhost/signin-oidc\",
    \"http://localhost/login\",
    \"http://localhost/client-callback-popup/\",
    \"http://bls.dev.de.green-parrot.net\",
    \"http://bls.dev.de.green-parrot.net/\",
    \"http://bls.dev.de.green-parrot.net/internal\",
    \"http://bls.dev.de.green-parrot.net/client-callback-silent/\",
    \"http://bls.dev.de.green-parrot.net/signin-oidc\",
    \"http://bls.dev.de.green-parrot.net/login\",
    \"http://bls.dev.de.green-parrot.net/client-callback-popup/\",
    \"http://bls.de.local\",
    \"http://bls.de.local/\",
    \"http://bls.de.local/internal\",
    \"http://bls.de.local/client-callback-silent/\",
    \"http://bls.de.local/signin-oidc\",
    \"http://bls.de.local/login\",
    \"http://bls.de.local/client-callback-popup/\",
    \"http://bls.fr.local\",
    \"http://bls.fr.local/\",
    \"http://bls.fr.local/internal\",
    \"http://bls.fr.local/client-callback-silent/\",
    \"http://bls.fr.local/signin-oidc\",
    \"http://bls.fr.local/login\",
    \"http://bls.fr.local/client-callback-popup/\"
  ],
  \"SubjectId\": \"587f9baca1fa4c400c14dc72\",
  \"ResponseType\": \"code id_token token\",
  \"ResponseMode\": \"form_post\",
  \"Flow\": \"Hybrid\",
  \"RequestedScopes\": \"openid profile offline_access\",
  \"State\": \"OpenIdConnect.AuthenticationProperties=K9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA\",
  \"Nonce\": \"636204170122151954.NTU4ZTI4MDUtYmYxOC00YmZkLWE1NjYtNDQ2ZWZhY2E2MWEzM2Q2NmQyNGEtZWZmNC00MTkyLWE5NjEtYmNhZDUwMTMxOTk4\",
  \"SessionId\": \"864b6e0d905f11c428aae0ec1c81ba58\",
  \"Raw\": {
    \"client_id\": \"BlsFrontend\",
    \"redirect_uri\": \"http://localhost\",
    \"response_mode\": \"form_post\",
    \"response_type\": \"code id_token token\",
    \"scope\": \"openid profile offline_access\",
    \"state\": \"OpenIdConnect.AuthenticationProperties=K9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA\",
    \"nonce\": \"636204170122151954.NTU4ZTI4MDUtYmYxOC00YmZkLWE1NjYtNDQ2ZWZhY2E2MWEzM2Q2NmQyNGEtZWZmNC00MTkyLWE5NjEtYmNhZDUwMTMxOTk4\"
  }
}"
2017-01-19 11:03:35.468 +01:00 [Information] Creating Hybrid Flow response.
2017-01-19 11:03:35.468 +01:00 [Debug] Storing authorization code with keyQyW0yRb0rW1fkqsV6x8Vj0CJus2n6h-ejBc8G82iquo
2017-01-19 11:03:35.470 +01:00 [Debug] MongoDB.Driver.ReplaceOneResult+Acknowledged
2017-01-19 11:03:35.471 +01:00 [Information] Creating Implicit Flow response.
2017-01-19 11:03:35.471 +01:00 [Debug] Creating access token
2017-01-19 11:03:35.471 +01:00 [Debug] Creating JWT access token
2017-01-19 11:03:35.476 +01:00 [Debug] Creating identity token
2017-01-19 11:03:35.476 +01:00 [Information] Getting claims for identity token for subject: 587f9baca1fa4c400c14dc72
2017-01-19 11:03:35.480 +01:00 [Debug] Creating JWT identity token
2017-01-19 11:03:35.486 +01:00 [Debug] Adding client "BlsFrontend" to client list cookie for subject "587f9baca1fa4c400c14dc72"
2017-01-19 11:03:35.486 +01:00 [Information] End authorize request
2017-01-19 11:03:35.486 +01:00 [Information] Posting to http://localhost
2017-01-19 11:03:35.487 +01:00 [Debug] Using DefaultViewService to render authorization response HTML
2017-01-19 11:03:35.487 +01:00 [Debug] HTTP Response
{
  "StatusCode": 200,
  "Headers": {
    "Content-Type": [
      "text/html; charset=utf-8"
    ],
    "Server": [
      "Microsoft-IIS/10.0"
    ],
    "Set-Cookie": [
      "idsvr.clients=WyJCbHNGcm9udGVuZCJd; path=/identity; HttpOnly"
    ],
    "Cache-Control": [
      "no-store, no-cache, max-age=0, private"
    ],
    "Pragma": [
      "no-cache"
    ],
    "X-Content-Type-Options": [
      "nosniff"
    ],
    "Content-Security-Policy": [
      "default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *;  report-uri http://localhost/identity/csp/report"
    ],
    "X-Content-Security-Policy": [
      "default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *;  report-uri http://localhost/identity/csp/report"
    ],
    "Content-Length": [
      "4823"
    ]
  },
  "Body": "<!DOCTYPE html>\r\n<html ng-app=\"app\" ng-csp ng-controller=\"LayoutCtrl\">\r\n<head>\r\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\" />\r\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\r\n    <title>Green Parrot GmbH / Busliniensuche / Busradar</title>\r\n    <link href='/identity/assets/styles.min.css' rel='stylesheet'>\r\n\r\n</head>\r\n<body lang=\"en\">\r\n    <div class=\"navbar navbar-inverse navbar-fixed-top\">\r\n        <div class=\"navbar-header\">\r\n            <a href=\"/identity/\">\r\n                <span class=\"navbar-brand\">Green Parrot GmbH / Busliniensuche / Busradar</span>\r\n            </a>\r\n        </div>\r\n        <ul class=\"nav navbar-nav\" ng-show=\"model.currentUser\" ng-cloak>\r\n            <li class=\"dropdown\">\r\n                <a href=\"#\" class=\"dropdown-toggle\" data-toggle=\"dropdown\">{model.currentUser} <b class=\"caret\"></b></a>\r\n                <ul class=\"dropdown-menu\">\r\n                    <li><a href=\"{model.logoutUrl}\">Logout</a></li>\r\n                    <li class=\"divider\" ng-show=\"model.loginWithDifferentAccountUrl\"></li>\r\n                    <li><a href=\"{model.loginWithDifferentAccountUrl}\" ng-show=\"model.loginWithDifferentAccountUrl\">Login With Different Account</a></li>\r\n                </ul>\r\n            </li>\r\n        </ul>\r\n    </div>\r\n\r\n    <div class='container page-authorizeresponse' ng-cloak>\r\n        <div class=\"page-header\">\r\n    <h1>Please wait...</h1>\r\n</div>\r\n\r\n<div class=\"row\">\r\n    <div class=\"col-md-6 col-sm-6\">\r\n        <form method=\"post\" action=\"http://localhost\">\r\n            <input type=\"hidden\" name=\"code\" value=\"950a7938643d0469f14ac5228bc5a9ce\" />\n<input type=\"hidden\" name=\"id_token\" value=\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2lkZW50aXR5IiwiYXVkIjoiQmxzRnJvbnRlbmQiLCJleHAiOjE0ODQ4MjA1MTUsIm5iZiI6MTQ4NDgyMDIxNSwibm9uY2UiOiI2MzYyMDQxNzAxMjIxNTE5NTQuTlRVNFpUSTRNRFV0WW1ZeE9DMDBZbVprTFdFMU5qWXRORFEyWldaaFkyRTJNV0V6TTJRMk5tUXlOR0V0WldabU5DMDBNVGt5TFdFNU5qRXRZbU5oWkRVd01UTXhPVGs0IiwiaWF0IjoxNDg0ODIwMjE1LCJhdF9oYXNoIjoiNjRGaUluWjgyRm9Nekp0MGEySURzdyIsImNfaGFzaCI6IlF5VzB5UmIwclcxZmtxc1Y2eDhWanciLCJzaWQiOiI4NjRiNmUwZDkwNWYxMWM0MjhhYWUwZWMxYzgxYmE1OCIsInN1YiI6IjU4N2Y5YmFjYTFmYTRjNDAwYzE0ZGM3MiIsImF1dGhfdGltZSI6MTQ4NDgyMDIxNSwiaWRwIjoiRmFjZWJvb2siLCJmYWNlYm9va19pZCI6IjE1NjgzNjcyMjk4NDQ1ODUiLCJkaXNwbGF5bmFtZSI6IktpcmlsbCBSYWtobWFuIiwiYW1yIjpbImV4dGVybmFsIl19.SmbC-Xn7KPCEOuZ6wSYd9wFTW7Y6mUO_nRkRa6WRM8Eg2-uJusyyKZb13gD-G26V0Efb5DpFw9v4PWazChDE4pEA__PV539dM8CeFxeTHy1HQgw4p-MwTNqN1Yxy_XlpQ14PSzSRs0Uno0JkUVGO-CsmOybr3u9YQCJxNOp2m4YdV1yjQixziy58YuxyqCdS9Bc1ywlRNk1v9TemFaDarUktpNx8T4fEq8uaBEwNw0sxnF4N2tcVLyLlVN7T5NTVNChc3A8-768GUHV0o7qeKzoTJ_q4EJn7j3n2o2shnJq6CJB74f-HMvIKpPryqd50HEFwJJASL6qxsvcn2PhyJQ\" />\n<input type=\"hidden\" name=\"access_token\" value=\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2lkZW50aXR5IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdC9pZGVudGl0eS9yZXNvdXJjZXMiLCJleHAiOjE0ODQ4MjAzMzUsIm5iZiI6MTQ4NDgyMDIxNSwiY2xpZW50X2lkIjoiQmxzRnJvbnRlbmQiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwib2ZmbGluZV9hY2Nlc3MiXSwic3ViIjoiNTg3ZjliYWNhMWZhNGM0MDBjMTRkYzcyIiwiYXV0aF90aW1lIjoxNDg0ODIwMjE1LCJpZHAiOiJGYWNlYm9vayIsImFtciI6WyJleHRlcm5hbCJdfQ.CBHD5kGALeOHOkMu6Cu3BmH0CGk7JfdOgpbE2XUe3VFgbYXv80gssr4OgLeRlhhytoGP8IYG9xUPOUaDxCMg2FFYA1HT_CczT3b5dft1qvHTzVEliM98e8vKY7NsNPX4dX_b7IUvp6pSMfHq0snIW-e6j2hH0pkRxLwn0XZmGtxHeGM26N3_i45JtOcw4v9CQPMWhnS7uCErNYyDZrqVSfNGuAFTBMU0l_xFmBskXiXELUFHW9RCYdS8ssqvm1H7yrToUC_f0Bd-8R5bmHqygitfeTFwKJakB5TzKaSxwD1X42BB8wEZJ7aOmNqsF2DPUN7n6SoHWopwYCFcepJoSg\" />\n<input type=\"hidden\" name=\"token_type\" value=\"Bearer\" />\n<input type=\"hidden\" name=\"expires_in\" value=\"120\" />\n<input type=\"hidden\" name=\"scope\" value=\"openid profile offline_access\" />\n<input type=\"hidden\" name=\"state\" value=\"OpenIdConnect.AuthenticationProperties=K9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA\" />\n<input type=\"hidden\" name=\"session_state\" value=\"0RIyenl1PjMhBN0bh1542Qe9kSg6tg1O7XncItp0pvw.9e68dee8d8a72bc0e6f5e08f3a3c5304\" />\n\r\n        </form>\r\n    </div>\r\n</div>\r\n\r\n    </div>\r\n\r\n    <script id='modelJson' type='application/json'>{&quot;siteUrl&quot;:&quot;http://localhost/identity/&quot;,&quot;siteName&quot;:&quot;Green Parrot GmbH / Busliniensuche / Busradar&quot;,&quot;currentUser&quot;:null,&quot;logoutUrl&quot;:null,&quot;custom&quot;:null}</script>\r\n    <script src=\"/identity/assets/scripts.2.5.0.js\"></script>\r\n    <script src='/identity/assets/app.FormPostResponse.js'></script>\r\n\r\n</body>\r\n</html>\r\n"
}
2017-01-19 11:03:35.626 +01:00 [Debug] HTTP Request
{
  "Method": "POST",
  "Url": "http://localhost/identity/connect/token",
  "Headers": {
    "Content-Length": [
      "103"
    ],
    "Content-Type": [
      "application/x-www-form-urlencoded"
    ],
    "Accept": [
      "application/json"
    ],
    "Authorization": [
      "Basic QmxzRnJvbnRlbmQ6c2VjcmV0"
    ],
    "Expect": [
      "100-continue"
    ],
    "Host": [
      "localhost"
    ]
  },
  "Body": "grant_type=authorization_code&code=950a7938643d0469f14ac5228bc5a9ce&redirect_uri=http%3A%2F%2Flocalhost"
}
2017-01-19 11:03:35.628 +01:00 [Information] Start token request
2017-01-19 11:03:35.628 +01:00 [Debug] Start client validation
2017-01-19 11:03:35.628 +01:00 [Debug] Start parsing Basic Authentication secret
2017-01-19 11:03:35.629 +01:00 [Debug] Parser found secret: "BasicAuthenticationSecretParser"
2017-01-19 11:03:35.629 +01:00 [Information] Secret id found: "BlsFrontend"
2017-01-19 11:03:35.629 +01:00 [Debug] Secret validator success: "HashedSharedSecretValidator"
2017-01-19 11:03:35.629 +01:00 [Information] Client validation success
2017-01-19 11:03:35.629 +01:00 [Information] Start token request validation
2017-01-19 11:03:35.629 +01:00 [Information] Start validation of authorization code token request
2017-01-19 11:03:35.637 +01:00 [Debug] Authorization code found for key QyW0yRb0rW1fkqsV6x8Vj0CJus2n6h-ejBc8G82iquo. Deserializing...
2017-01-19 11:03:35.646 +01:00 [Debug] MongoDB.Driver.DeleteResult+Acknowledged
2017-01-19 11:03:35.650 +01:00 [Information] Validation of authorization code token request success
2017-01-19 11:03:35.650 +01:00 [Information] Token request validation success
 {
  "ClientId": "BlsFrontend",
  "ClientName": "Frontend of BLS",
  "GrantType": "authorization_code",
  "AuthorizationCode": "950a7938643d0469f14ac5228bc5a9ce",
  "Raw": {
    "grant_type": "authorization_code",
    "code": "950a7938643d0469f14ac5228bc5a9ce",
    "redirect_uri": "http://localhost"
  }
}
2017-01-19 11:03:35.651 +01:00 [Information] Creating token response
2017-01-19 11:03:35.651 +01:00 [Information] Processing authorization code request
2017-01-19 11:03:35.651 +01:00 [Debug] Creating access token
2017-01-19 11:03:35.651 +01:00 [Debug] Creating refresh token
2017-01-19 11:03:35.651 +01:00 [Debug] Setting an absolute lifetime: 2592000
2017-01-19 11:03:35.658 +01:00 [Debug] MongoDB.Driver.ReplaceOneResult+Acknowledged
2017-01-19 11:03:35.659 +01:00 [Debug] Creating JWT access token
2017-01-19 11:03:35.665 +01:00 [Debug] Creating identity token
2017-01-19 11:03:35.666 +01:00 [Information] Getting claims for identity token for subject: 587f9baca1fa4c400c14dc72
2017-01-19 11:03:35.668 +01:00 [Debug] Creating JWT identity token
2017-01-19 11:03:35.676 +01:00 [Information] End token request
2017-01-19 11:03:35.677 +01:00 [Information] Returning token response.
2017-01-19 11:03:35.678 +01:00 [Debug] HTTP Response
{
  "StatusCode": 200,
  "Headers": {
    "Content-Type": [
      "application/json; charset=utf-8"
    ],
    "Server": [
      "Microsoft-IIS/10.0"
    ],
    "Cache-Control": [
      "no-store, no-cache, max-age=0, private"
    ],
    "Pragma": [
      "no-cache"
    ],
    "Content-Length": [
      "1963"
    ]
  },
  "Body": "{\"id_token\":\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2lkZW50aXR5IiwiYXVkIjoiQmxzRnJvbnRlbmQiLCJleHAiOjE0ODQ4MjA1MTUsIm5iZiI6MTQ4NDgyMDIxNSwibm9uY2UiOiI2MzYyMDQxNzAxMjIxNTE5NTQuTlRVNFpUSTRNRFV0WW1ZeE9DMDBZbVprTFdFMU5qWXRORFEyWldaaFkyRTJNV0V6TTJRMk5tUXlOR0V0WldabU5DMDBNVGt5TFdFNU5qRXRZbU5oWkRVd01UTXhPVGs0IiwiaWF0IjoxNDg0ODIwMjE1LCJzdWIiOiI1ODdmOWJhY2ExZmE0YzQwMGMxNGRjNzIiLCJhdXRoX3RpbWUiOjE0ODQ4MjAyMTUsImlkcCI6IkZhY2Vib29rIiwiZmFjZWJvb2tfaWQiOiIxNTY4MzY3MjI5ODQ0NTg1IiwiZGlzcGxheW5hbWUiOiJLaXJpbGwgUmFraG1hbiIsImFtciI6WyJleHRlcm5hbCJdfQ.Q79kBwB0Po5dR6no-XLKWMdvSeEpSSexpS4PeIcCnSE0KhRa24XxMQ397ys8bBY5iaeyRzrx_PAH8600y4ltROoghPOC42AF5-hGZmg4dqI9BaAU70Z4Gs3MdiABAIWzXBte_UzN7QJdUCysqCPH4QTLvKqAENtBcvuOcE2hEP7ovbxrxofyV2VEACw2fb3XufRcUZbaN0WWeElBTRIJSd2RGm3oeAkyw_w_8sra2DljU8o4SJJc_ipyei0Q22vB2dG5yAEm4SWBvyX2jEdvOoBA500PlRAI795AbQ0HvXTwDJgiLdoWJAI0f8FBEYUBJFlDYomr_X6aJC_Q6i8FpA\",\"access_token\":\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2lkZW50aXR5IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdC9pZGVudGl0eS9yZXNvdXJjZXMiLCJleHAiOjE0ODQ4MjAzMzUsIm5iZiI6MTQ4NDgyMDIxNSwiY2xpZW50X2lkIjoiQmxzRnJvbnRlbmQiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwib2ZmbGluZV9hY2Nlc3MiXSwic3ViIjoiNTg3ZjliYWNhMWZhNGM0MDBjMTRkYzcyIiwiYXV0aF90aW1lIjoxNDg0ODIwMjE1LCJpZHAiOiJGYWNlYm9vayIsImFtciI6WyJleHRlcm5hbCJdfQ.CBHD5kGALeOHOkMu6Cu3BmH0CGk7JfdOgpbE2XUe3VFgbYXv80gssr4OgLeRlhhytoGP8IYG9xUPOUaDxCMg2FFYA1HT_CczT3b5dft1qvHTzVEliM98e8vKY7NsNPX4dX_b7IUvp6pSMfHq0snIW-e6j2hH0pkRxLwn0XZmGtxHeGM26N3_i45JtOcw4v9CQPMWhnS7uCErNYyDZrqVSfNGuAFTBMU0l_xFmBskXiXELUFHW9RCYdS8ssqvm1H7yrToUC_f0Bd-8R5bmHqygitfeTFwKJakB5TzKaSxwD1X42BB8wEZJ7aOmNqsF2DPUN7n6SoHWopwYCFcepJoSg\",\"expires_in\":120,\"token_type\":\"Bearer\",\"refresh_token\":\"bc1edc14300f9c7bef892c4a45e6054e\"}"
}
2017-01-19 11:03:35.725 +01:00 [Debug] HTTP Request
{
  "Method": "POST",
  "Url": "http://localhost/identity/connect/token",
  "Headers": {
    "Content-Length": [
      "71"
    ],
    "Content-Type": [
      "application/x-www-form-urlencoded"
    ],
    "Accept": [
      "application/json"
    ],
    "Authorization": [
      "Basic QmxzRnJvbnRlbmQ6c2VjcmV0"
    ],
    "Expect": [
      "100-continue"
    ],
    "Host": [
      "localhost"
    ]
  },
  "Body": "grant_type=refresh_token&refresh_token=bc1edc14300f9c7bef892c4a45e6054e"
}
2017-01-19 11:03:35.727 +01:00 [Information] Start token request
2017-01-19 11:03:35.727 +01:00 [Debug] Start client validation
2017-01-19 11:03:35.727 +01:00 [Debug] Start parsing Basic Authentication secret
2017-01-19 11:03:35.727 +01:00 [Debug] Parser found secret: "BasicAuthenticationSecretParser"
2017-01-19 11:03:35.727 +01:00 [Information] Secret id found: "BlsFrontend"
2017-01-19 11:03:35.727 +01:00 [Debug] Secret validator success: "HashedSharedSecretValidator"
2017-01-19 11:03:35.727 +01:00 [Information] Client validation success
2017-01-19 11:03:35.728 +01:00 [Information] Start token request validation
2017-01-19 11:03:35.728 +01:00 [Information] Start validation of refresh token request
2017-01-19 11:03:35.736 +01:00 [Information] Validation of refresh token request success
2017-01-19 11:03:35.737 +01:00 [Information] Token request validation success
 {
  "ClientId": "BlsFrontend",
  "ClientName": "Frontend of BLS",
  "GrantType": "refresh_token",
  "RefreshToken": "bc1edc14300f9c7bef892c4a45e6054e",
  "Raw": {
    "grant_type": "refresh_token",
    "refresh_token": "bc1edc14300f9c7bef892c4a45e6054e"
  }
}
2017-01-19 11:03:35.737 +01:00 [Information] Creating token response
2017-01-19 11:03:35.737 +01:00 [Information] Processing refresh token request
2017-01-19 11:03:35.737 +01:00 [Debug] Creating JWT access token
2017-01-19 11:03:35.744 +01:00 [Debug] Updating refresh token
2017-01-19 11:03:35.744 +01:00 [Debug] No updates to refresh token done
2017-01-19 11:03:35.744 +01:00 [Debug] Creating identity token
2017-01-19 11:03:35.751 +01:00 [Error] Unhandled exception accessing: /identity/connect/token
System.NullReferenceException: Object reference not set to an instance of an object.
   at IdentityServer3.Core.Services.Default.DefaultClaimsProvider.<GetIdentityTokenClaimsAsync>d__0.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Services\Default\DefaultClaimsProvider.cs:line 65
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.Core.Services.Default.DefaultTokenService.<CreateIdentityTokenAsync>d__1.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Services\Default\DefaultTokenService.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.Core.ResponseHandling.TokenResponseGenerator.<CreateIdTokenFromRefreshTokenRequestAsync>d__33.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\ResponseHandling\TokenResponseGenerator.cs:line 264
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
   at IdentityServer3.Core.ResponseHandling.TokenResponseGenerator.<ProcessRefreshTokenRequestAsync>d__18.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\ResponseHandling\TokenResponseGenerator.cs:line 194
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.Core.ResponseHandling.TokenResponseGenerator.<ProcessAsync>d__0.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\ResponseHandling\TokenResponseGenerator.cs:line 61
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.Core.Endpoints.TokenEndpointController.<ProcessAsync>d__7.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\TokenEndpointController.cs:line 113
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.Core.Endpoints.TokenEndpointController.<Post>d__0.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\TokenEndpointController.cs:line 74
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Threading.Tasks.System.Web.Http910911.TaskHelpersExtensions.<CastToObject>d__3`1.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__5.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__5.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<ExecuteActionFilterAsyncCore>d__0.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
@odinnou
Copy link

odinnou commented Jan 19, 2017

hi!
Same here, I can't get a Refresh Token after update from 2.5.4 to 2.6.0 :(
(I use reference token stored in a SQL Server database)

So, I downgrade to 2.5.4 and it works again.

@johnkors
Copy link
Contributor

Also using refresh tokens and 2.6.0, but not the mongodb package. Not having issues so far.

This issue probably relates to: #3458

@brockallen
Copy link
Member

Can you check in the DB and show me what one of your refresh token records looks like (and omit the sensitive stuff, please)? I tried to repo and I can't, so the only thing that would make sense to me is that the Subject/Claims associated with the record is missing or not getting deserialized.

@johnkors johnkors mentioned this issue Jan 22, 2017
Merged
@johnkors
Copy link
Contributor

I see the mongodb implementation does not serialize the claimsprincipal. Could that be it? Maybe @jageall can chime in :)

@jageall
Copy link
Contributor

jageall commented Jan 22, 2017

I'll get a package with a fix for this out today

@jageall
Copy link
Contributor

jageall commented Jan 25, 2017

that took a bit longer than expected due to some changes in mongodb upsert behaviour :( but 2.1.1 of the mongodb package has been updated to work with 2.6.0

@johnkors
Copy link
Contributor

@cypressious : can you test the new mongodb package, and see if that solves your issues?

@cypressious
Copy link
Author

cypressious commented Jan 27, 2017
edited

Seems to work. Thanks to all of you!

@ghost
Copy link

ghost commented Mar 21, 2017
edited by ghost

This still occurs when using reference refresh tokens with SQL. Downgrading from 2.6.0 to 2.5.4 solves the issue, just as @odinnou did. You seem to only have discussed the MongoDB issue here, or does anybody know why it also happens with SQL databases, @jageall ?

@johnkors
Copy link
Contributor

How are you implementing IRefreshTokenStore? EF? Rolled your own?

The MongoDB implementation was lacking the Subject for Refreshtokens - not sure if what you're seeing is related or not.

@ghost
Copy link

ghost commented Mar 21, 2017
edited by ghost

@johnkors We do not implement our own IRefreshTokenStore, so it has the default one.

EDIT: My mistake, I misread it for IRefreshTokenService!

@johnkors
Copy link
Contributor

The default is in-memory, not backed by SQL.

@ghost
Copy link

ghost commented Mar 23, 2017
edited by ghost

@johnkors Sorry about the confusion, I misread it. So we do have a RefreshTokenStore where we just inserted the freshly generated RefreshToken into the table, and now when trying to change into a ReUse-scheme we instead check first if it exists, update it in that case, otherwise just insert.

And from what I can see we use a JsonConvert from Newtonsoft.Json a default JsonSerializerSettings containing a ClaimConverter, which extends a JsonConverter.

@johnkors
Copy link
Contributor

johnkors commented Mar 23, 2017
edited

Do you have something in that SerializerSettings for converting the ClaimsPrincipal as well ..? (the .Subject prop of RefreshToken.cs)

Similar to:

https://github.com/IdentityServer/IdentityServer3.EntityFramework/blob/master/Source/Core.EntityFramework/Stores/BaseTokenStore.cs#L67

@ghost
Copy link

ghost commented Mar 23, 2017

@johnkors No we did not do that, so I'm currently implementing one right now. Is this a new thing in 2.6.0? Considering we had no issues with this before, I mean. Or was it just a silent error/corruption previously?

@johnkors
Copy link
Contributor

No, the Subject property has been there for 2 years. Not sure why you haven't seen an issue with it before, but this commit from @brockallen I believe is the "new" thing now requiring you to store/retrieve the .Subject of RefreshToken.

9f5c9fe#diff-287491a9b650b4ec461c20c747595077R258

@ghost
Copy link

ghost commented Mar 23, 2017

@johnkors That makes sense, because it did crash in our ITokenService when creating an IdentityToken, which is where I was debugging. But when reverting to 2.5.4 it did not even go there, compared to 2.6.0. So I guess that's it then. I have implemented the ClaimsPrincipalConverter now and will try to update once more after I finish what I'm currently working on.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@brockallen brockallen

Labels
bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@johnkors @brockallen @cypressious @leastprivilege @odinnou @jageall