Skip to content

Fixed an issue where claims where duplicated #2301

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
josephdecock merged 1 commit into from
Dec 9, 2025
Merged

Fixed an issue where claims where duplicated #2301

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions identity-server/src/AspNetIdentity/DefaultSessionClaimsFilter.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,6 @@ public Task<IReadOnlyCollection<Claim>> FilterToSessionClaimsAsync(SecurityStamp
{
var newClaimTypes = context.NewPrincipal.Claims.Select(x => x.Type).ToArray();
var currentClaimsToKeep = context.CurrentPrincipal.Claims.Where(x => !newClaimTypes.Contains(x.Type)).ToArray();

var id = context.NewPrincipal.Identities.First();
id.AddClaims(currentClaimsToKeep);

return Task.FromResult<IReadOnlyCollection<Claim>>(currentClaimsToKeep);
}
}
12 changes: 11 additions & 1 deletion ...ty-server/test/IdentityServer.UnitTests/AspNetIdentity/DefaultSessionClaimsFilterTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ public async Task FilterToSessionClaimsAsync_with_session_and_non_session_claims
new Claim(ClaimTypes.Name, "bob")
};
var currentPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims));
var newPrincipal = new ClaimsPrincipal(new ClaimsIdentity([new Claim("custom", "value"), new Claim(ClaimTypes.Name, "bob")]));
Claim[] newClaims = [new Claim("custom", "value"), new Claim(ClaimTypes.Name, "bob")];
var newPrincipal = new ClaimsPrincipal(new ClaimsIdentity(newClaims));
var filter = new DefaultSessionClaimsFilter();
var context = new SecurityStampRefreshingPrincipalContext() { NewPrincipal = newPrincipal, CurrentPrincipal = currentPrincipal };

Expand All @@ -35,6 +36,9 @@ public async Task FilterToSessionClaimsAsync_with_session_and_non_session_claims
resultTypes.ShouldContain(JwtClaimTypes.AuthenticationTime);
resultTypes.ShouldNotContain("custom");
resultTypes.ShouldNotContain(ClaimTypes.Name);

currentPrincipal.Claims.Count().ShouldBe(claims.Length);
newPrincipal.Claims.Count().ShouldBe(newClaims.Length);
}

[Fact]
Expand All @@ -60,6 +64,8 @@ public async Task FilterToSessionClaimsAsync_with_only_session_claims_should_fil
JwtClaimTypes.AuthenticationTime
];
result.ShouldAllBe(c => expectClaimTypes.Contains(c.Type));
currentPrincipal.Claims.Count().ShouldBe(claims.Length);
newPrincipal.Claims.Count().ShouldBe(0);
}

[Fact]
Expand All @@ -78,6 +84,8 @@ public async Task FilterToSessionClaimsAsync_with_no_session_claims_should_retur
var result = await filter.FilterToSessionClaimsAsync(context);

result.ShouldBeEmpty();
currentPrincipal.Claims.Count().ShouldBe(claims.Length);
newPrincipal.Claims.Count().ShouldBe(claims.Length);
}

[Fact]
Expand All @@ -91,5 +99,7 @@ public async Task FilterToSessionClaimsAsync_when_principal_has_no_claims_should
var result = await filter.FilterToSessionClaimsAsync(context);

result.ShouldBeEmpty();
currentPrincipal.Claims.Count().ShouldBe(0);
newPrincipal.Claims.Count().ShouldBe(0);
}
}