diff --git a/src/IdentityServer/Endpoints/Results/BackchannelAuthenticationResult.cs b/src/IdentityServer/Endpoints/Results/BackchannelAuthenticationResult.cs index 5583e7cd7..b518bc6b1 100644 --- a/src/IdentityServer/Endpoints/Results/BackchannelAuthenticationResult.cs +++ b/src/IdentityServer/Endpoints/Results/BackchannelAuthenticationResult.cs @@ -71,7 +71,7 @@ await context.Response.WriteJsonAsync(new SuccessResultDto expires_in = result.Response.ExpiresIn, interval = result.Response.Interval, - Properties = result.Response.Properties + Custom = result.Response.Custom }); } } @@ -84,7 +84,7 @@ internal class SuccessResultDto public int interval { get; set; } [JsonExtensionData] - public Dictionary Properties { get; set; } + public Dictionary Custom { get; set; } #pragma warning restore IDE1006 // Naming Styles } diff --git a/src/IdentityServer/Models/BackchannelUserLoginRequest.cs b/src/IdentityServer/Models/BackchannelUserLoginRequest.cs index c831ac51e..8173149e3 100644 --- a/src/IdentityServer/Models/BackchannelUserLoginRequest.cs +++ b/src/IdentityServer/Models/BackchannelUserLoginRequest.cs @@ -62,8 +62,9 @@ public class BackchannelUserLoginRequest public ResourceValidationResult ValidatedResources { get; set; } = default!; /// - /// Gets or sets a dictionary of custom properties that can pass additional - /// state to the notification process. + /// Gets or sets a dictionary of custom properties associated with this + /// request. These properties by default are copied from the validated + /// custom request parameters. /// public Dictionary Properties { get; set; } = new(); } diff --git a/src/IdentityServer/ResponseHandling/Default/BackchannelAuthenticationResponseGenerator.cs b/src/IdentityServer/ResponseHandling/Default/BackchannelAuthenticationResponseGenerator.cs index 8a377b741..75a2596e5 100644 --- a/src/IdentityServer/ResponseHandling/Default/BackchannelAuthenticationResponseGenerator.cs +++ b/src/IdentityServer/ResponseHandling/Default/BackchannelAuthenticationResponseGenerator.cs @@ -99,7 +99,6 @@ public virtual async Task ProcessAsync(Backch AuthenticationRequestId = requestId, ExpiresIn = request.Lifetime, Interval = interval, - Properties = validationResult.ValidatedRequest.Properties }; await UserLoginService.SendLoginRequestAsync(new BackchannelUserLoginRequest diff --git a/src/IdentityServer/ResponseHandling/Models/BackchannelAuthenticationResponse.cs b/src/IdentityServer/ResponseHandling/Models/BackchannelAuthenticationResponse.cs index 6a429b609..2bd18ebbd 100644 --- a/src/IdentityServer/ResponseHandling/Models/BackchannelAuthenticationResponse.cs +++ b/src/IdentityServer/ResponseHandling/Models/BackchannelAuthenticationResponse.cs @@ -61,8 +61,10 @@ public BackchannelAuthenticationResponse(string error, string errorDescription = public int Interval { get; set; } /// - /// Gets or sets a dictionary of custom properties that can pass additional - /// state in the response to the client application. + /// Gets or sets a dictionary of custom properties that will be included in + /// the response to the client. This dictionary is intended to be used to + /// implement extensions to CIBA that defines additional response + /// parameters. /// - public Dictionary Properties { get; set; } = new(); + public Dictionary Custom { get; set; } = new(); } \ No newline at end of file diff --git a/src/IdentityServer/Validation/Models/ValidatedBackchannelAuthenticationRequest.cs b/src/IdentityServer/Validation/Models/ValidatedBackchannelAuthenticationRequest.cs index 1e1dc4ac1..a8fea25b2 100644 --- a/src/IdentityServer/Validation/Models/ValidatedBackchannelAuthenticationRequest.cs +++ b/src/IdentityServer/Validation/Models/ValidatedBackchannelAuthenticationRequest.cs @@ -85,8 +85,11 @@ public class ValidatedBackchannelAuthenticationRequest : ValidatedRequest public string? RequestObject { get; set; } /// - /// Gets or sets a dictionary of custom properties that can pass - /// additional state to the back channel authentication process. + /// Gets or sets a dictionary of validated custom request parameters. Custom + /// request parameters should be validated and added to this collection in + /// an . These + /// properties are persisted to the store and made available in the + /// backchannel authentication UI and notification services. /// public Dictionary Properties { get; set; } = new(); } diff --git a/src/Storage/Models/BackChannelAuthenticationRequest.cs b/src/Storage/Models/BackChannelAuthenticationRequest.cs index d3349186e..36e82c43d 100644 --- a/src/Storage/Models/BackChannelAuthenticationRequest.cs +++ b/src/Storage/Models/BackChannelAuthenticationRequest.cs @@ -92,7 +92,9 @@ public class BackChannelAuthenticationRequest public string? Description { get; set; } /// - /// Gets or sets a dictionary of custom properties associated with this instance. + /// Gets or sets a dictionary of custom properties associated with this + /// request. These properties by default are copied from the validated + /// custom request parameters. /// public Dictionary Properties { get; set; } = new(); } diff --git a/test/IdentityServer.IntegrationTests/Endpoints/Ciba/CibaTests.cs b/test/IdentityServer.IntegrationTests/Endpoints/Ciba/CibaTests.cs index 849e2f02d..1f82e6ece 100644 --- a/test/IdentityServer.IntegrationTests/Endpoints/Ciba/CibaTests.cs +++ b/test/IdentityServer.IntegrationTests/Endpoints/Ciba/CibaTests.cs @@ -252,7 +252,7 @@ public async Task custom_validators_are_invoked_and_can_process_custom_input() [Fact] [Trait("Category", Category)] - public async Task custom_validator_can_add_complex_properties_that_are_passed_to_user_notification_and_client_response() + public async Task custom_validator_can_add_complex_properties_that_are_passed_to_user_notification_but_not_client_response() { _mockCustomBackchannelAuthenticationValidator.Thunk = ctx => { @@ -281,13 +281,12 @@ public async Task custom_validator_can_add_complex_properties_that_are_passed_to IdentityServerPipeline.BackchannelAuthenticationEndpoint, new FormUrlEncodedContent(body)); - // Custom properties are flattened into the response to the client + // Custom request properties are not included automatically in the response to the client response.StatusCode.Should().Be(HttpStatusCode.OK); var responseContent = await response.Content.ReadAsStringAsync(); var json = JsonSerializer.Deserialize>(responseContent); json.Should().NotBeNull(); - var complex = json["complex"]; - complex.TryGetValue("nested").GetString().Should().Be("value"); + json.Should().NotContainKey("complex"); // Custom properties are passed to the notification service var notificationProperties = _mockCibaUserNotificationService.LoginRequest.Properties;