Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ClientCredentialsHelper should check if ClientId or ClientSecret are not yet added to request

See original GitHub issue

Hello,

I am using HttpClientTokenRequestExtensions from IdentityModel v3.10.0. For method RequestTokenAsync I am passing clientId and clientSecret by my self like:

var parameters = new Dictionary<string, string>
{
    {"grant_type", "delegation"},
    {"client_id", clientId},
    {"client_secret", clientSecret},
    {"token_hint", userAccessToken},
};

var tokenResponse = await _client
    .RequestTokenAsync(new TokenRequest
    {
        Address = tokensEndpoint,
        ClientId = clientId,
        ClientSecret = clientSecret,
        GrantType = "delegation",
        Parameters = parameters
    }, cancellationToken)
    .ConfigureAwait(false);

I am aware that I am duplicating stuff… however having the code like above will throw exception:

An item with the same key has already been added. Key: client_id

Short investigation showed that ClientCredentialsHelper does not check if parameters are already added which causes this exception: https://github.com/IdentityModel/IdentityModel2/blob/master/src/Internal/ClientCredentialsHelper.cs#L32

However its fine with GranType, which is checked and added in RequestTokenAsync method: https://github.com/IdentityModel/IdentityModel2/blob/master/src/Client/New/HttpClientTokenRequestExtensions.cs#L115

if (!request.Parameters.ContainsKey(OidcConstants.TokenRequest.GrantType))
{
    request.Parameters.AddRequired(OidcConstants.TokenRequest.GrantType, request.GrantType);
}

I guess should be the same also with other arguments.