Skip to content

Commit

Permalink
Keep old value of max_age when removed
Browse files Browse the repository at this point in the history
  • Loading branch information
Petr Waclawek authored and josephdecock committed May 31, 2024
1 parent 26a15d9 commit 4058400
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 2 deletions.
6 changes: 6 additions & 0 deletions src/IdentityServer/Constants.cs
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,12 @@ public static class SigningAlgorithms
/// </summary>
public const string ProcessedPrompt = "suppressed_" + OidcConstants.AuthorizeRequest.Prompt;

/// <summary>
/// The name of the parameter passed to the authorize callback to indicate
/// max age that have already been used.
/// </summary>
public const string ProcessedMaxAge = "suppressed_" + OidcConstants.AuthorizeRequest.MaxAge;

public static class KnownAcrValues
{
public const string HomeRealm = "idp:";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
using System.Security.Cryptography;
using System.Text;
using System.Collections.Specialized;
using System.Globalization;

#pragma warning disable 1591

Expand Down Expand Up @@ -49,6 +50,16 @@ public static void RemovePrompt(this ValidatedAuthorizeRequest request)
}).ToArray();
}

public static void RemoveMaxAge(this ValidatedAuthorizeRequest request)
{
request.Raw.Remove("max_age");

if (request.MaxAge.HasValue)
{
request.Raw.Add(Constants.ProcessedMaxAge, request.MaxAge.Value.ToString(CultureInfo.InvariantCulture));
}
}

public static string GetPrefixedAcrValue(this ValidatedAuthorizeRequest request, string prefix)
{
var value = request.AuthenticationContextReferenceClasses
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -244,8 +244,11 @@ protected internal virtual async Task<InteractionResponse> ProcessLoginAsync(Val
var authTime = request.Subject.GetAuthenticationTime();
if (Clock.UtcNow.UtcDateTime > authTime.AddSeconds(request.MaxAge.Value))
{
// Remove the max_age parameter to prevent (infinite) loop
request.Raw.Remove("max_age");
// Remove the max_age=0 parameter to prevent (infinite) loop
if (request.MaxAge.Value == 0)
{
request.RemoveMaxAge();
}

Logger.LogInformation("Showing login: Requested MaxAge exceeded.");

Expand Down

0 comments on commit 4058400

Please sign in to comment.