OpenIdConnectUserAccessTokenHandler throws NRE while no httpContext

[e5tamp]

Affected component

Duende.AccessTokenManagement.OpenIdConnect

Version

4.1.1

Describe the bug

Problem with using OpenIdConnectUserAccessTokenHandler

if HttpContextAccessor.HttpContext?.User is null your HttpContextUserAccessor.GetCurrentUserAsync() returns new ClaimsPrincipal() with NO identity. After that in UserAccessTokenManagementService.cs in UserAccessAccessTokenManager.GetAccessTokenAsync there is an exception:

System.NullReferenceException
Object reference not set to an instance of an object.
at Duende.AccessTokenManagement.OpenIdConnect.UserAccessAccessTokenManagementService.GetAccessTokenAsync()

This exception occurs in 37 line because of null forgiving if (!user.Identity!.IsAuthenticated). This code throws exception and makes it impossible to use other httpClientHandlers. Remove null-forgiving or return new ClaimsPrincipal(new ClaimsIdentity()) in HttpContextUserAccessor.GetCurrentUserAsync()

Steps to reproduce

Register OpenIdConnectUserAccessTokenHandler. Run some request to httpClient with no httpContext.

Expected behavior

No Exception. Return TokenResult.Failure("No active user");

Additional context

No response

[Erwinvandervalk]

Thank you again for reporting this. The latest release 4.2.0 has a fix for this.

[e5tamp]

Waiting for new release with fixed LogLevel. I'm using this Handler with another and i get following:

[18:03:58.0826 ERROR] Duende.AccessTokenManagement.OpenIdConnect.Internal.UserAccessAccessTokenManager
Cannot retrieve token: No active user

[18:03:58.0826 WARN] Duende.AccessTokenManagement.AccessTokenRequestHandler
Failed to obtain an access token while sending the request. Error: No active user, ErrorDescription (null)

It would be nice to see only Debug info like this in prev version:

[18:03:58.0826 DEBUG] Duende.AccessTokenManagement.OpenIdConnect.UserAccessAccessTokenManagementService
Cannot retrieve token: No active user

[josephdecock]

Is the log level issue tracked here?

#311