From 2bfd936210084f40534d14f5c77ea110e91774d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ademar=20Gon=C3=A7alves?= <ademar.goncalves@farfetch.com>
Date: Tue, 19 Jul 2022 10:02:18 +0100
Subject: [PATCH] Fix act claim chaining (#15)

* fix: act claim chaining
---
 .../Builders/TokenExchangeResultBuilder.cs     | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/Farfetch.IdentityServer.Contrib.TokenExchange/Builders/TokenExchangeResultBuilder.cs b/src/Farfetch.IdentityServer.Contrib.TokenExchange/Builders/TokenExchangeResultBuilder.cs
index 143cb94..a419e9b 100644
--- a/src/Farfetch.IdentityServer.Contrib.TokenExchange/Builders/TokenExchangeResultBuilder.cs
+++ b/src/Farfetch.IdentityServer.Contrib.TokenExchange/Builders/TokenExchangeResultBuilder.cs
@@ -134,7 +134,10 @@ public IExtensionGrantResultBuilder WithError(TokenRequestErrors error, string e
 
         private Claim BuildActClaim(IEnumerable<string> claimTypesToInclude)
         {
-            var act = new Dictionary<string, object>();
+            var act = new Dictionary<string, object>
+            {
+                { JwtClaimTypes.ClientId, this.actorClient.ClientId },
+            };
 
             var existingActClaim = this.subjectUserClaims.Act();
 
@@ -147,11 +150,6 @@ private Claim BuildActClaim(IEnumerable<string> claimTypesToInclude)
                 lastClientId = actClaimObject.LastClientId;
             }
 
-            if (existingActClaim.IsNullOrEmpty() || this.actorClient.ClientId != lastClientId)
-            {
-                act.Add(JwtClaimTypes.ClientId, this.actorClient.ClientId);
-            }
-
             foreach (var claimType in claimTypesToInclude)
             {
                 var claim = this.actorUserClaims.SingleOrDefault(c => claimType.Equals(c.Type));
@@ -161,10 +159,14 @@ private Claim BuildActClaim(IEnumerable<string> claimTypesToInclude)
                 }
             }
 
-            if (!string.IsNullOrEmpty(existingActClaim) && this.actorClient.ClientId != lastClientId)
+            if (!string.IsNullOrEmpty(existingActClaim))
             {
                 this.subjectUserClaims.Remove(this.subjectUserClaims.FirstOrDefault(c => TokenExchangeConstants.ClaimTypes.Act.Equals(c.Type)));
-                act.Add(TokenExchangeConstants.ClaimTypes.Act, JsonConvert.DeserializeObject(existingActClaim, this.jsonSettings));
+                if (this.actorClient.ClientId != lastClientId)
+                {
+                    act.Add(TokenExchangeConstants.ClaimTypes.Act,
+                        JsonConvert.DeserializeObject(existingActClaim, this.jsonSettings));
+                }
             }
 
             var existingClientActClaim = this.subjectUserClaims.ClientAct();