NullReferenceException in DefaultClaimsProvider since update to 2.6.0

[cypressious]

Question / Issue

After upgrading to 2.6.0 from 2.5.4 I get this exception when trying to log in. I'm using https://www.nuget.org/packages/IdentityServer3.MongoDb, a custom IUserService and as well as

.UseInMemoryClients(BlsClientConfig.GetAll(frontEnds, userApiHosts))
.UseInMemoryScopes(DefaultUsers.GetScopes());

Relevant parts of the log file

2017-01-19 11:03:35.403 +01:00 [Debug] HTTP Request
{
  "Method": "GET",
  "Url": "http://localhost/identity/callback",
  "Headers": {
    "Connection": [
      "keep-alive"
    ],
    "Accept": [
      "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
    ],
    "Accept-Encoding": [
      "gzip, deflate"
    ],
    "Accept-Language": [
      "de,en-US;q=0.7,en;q=0.3"
    ],
    "Cookie": [
      "idsrv.xsrf=kM1sxQT9p294Hmt38SokBOUUwWZM1nwYSyK3pLyzIpDWM4iskQ6LQlSgrhnRwzwiyDv-bGHbSawD4KSeOY1CHGI5vYHoGGLja5QNmwP3o_I; SignInMessage.51428b9186c86703f8b13fe22b2726b4=x4Mif_eGHgdMilsuu8oYW4ky1ITKjF-9M6jbFTrAzNf5gvcXquFiAGBjGB0w9-VCsuY0JeTYAbR3ccvYAXpKxtj3NRXMQEJ7DKaVsmolgDl1-reYFSCNB2X4NJugQOGNE58hPnTRgwpPQ1QhdRBN5rC0AescRZhZsm-6_7cVDS7CLtJgtij12DdbFwUzJ0qm73fvxTplJZHgCz3tQ5wWMU_l-9aef1TTFwp-lmeavaiouCXZ53ChxdaQuZS2L5R3vbDR7vDEgRPMvYDtUzRYCr8w1sY31WSEeuwQAvbQPxlTIT5KzoNFmp7tIiXZuF7Ok6wvCBmqAgYBxviyXHxHKcmhKYR78mlaEoRQN2e5zVftkx2xGXIkImpzi1yAsKZ81AU_wk__c9eNV0TgzlT1PskLRllaE2E0nJY8_nS1Rax-XB7T0z_EhPw6rOBqu9iYdj1Y0h8jAgy7xjfm4jLl0Or1VcMuJXcxdipFL3eVDFqeWHOTu0C26aTK2qGzqooZgIUr0ZS-xzwj_E6z5uGTmfoZ2ZqPS5GNaQfsxP4qhtYLZuW9C-xStqaXmBUFdLAHrRhW3gT9c_-o-NlwWjfKIFJpwHkkKUxYDM1NkqEoUUWxF7MI1p682VjH5dbrj33J86jcB-rRy0DzcNVJOouo271CODEqfvLzlcdPDU-8mvU6TdJnlCPQGFevK_jRsoTIllaNHkYiMFV2kgOYartzM9dbAeZSfYriwniOCVLLZej_iqS9DUiia-Xq2qrtqS6hKAbLEznotIjLce9ae8mbSGDqejI1dfyM6pM8Jtm-v1XLeYYI1SDpnmenWXnsDxtrYfNjtj06vcgj1dFGCdJQYIKJhHAKOrFVOu-DR9MP38FrgUlTErb1Uo_z5ptg3ZAWVd9uXlRA1C-hUFve2O7HzKooWqtwHxgXM6FyV8eewJGO3CTJezWswG6X_qymjZjI; idsrv.external=5Id64c2psQRHVTexHRNnkdkSpEIWcR5pJ7a7mmZri3zP4rUGq-Da3ltAWbPMgx5YJTLbW-cTOKuHBm6zitEJ4WVSeWi1rflnGuQCKjE-WsZXMybDfgipSRLEcK0y_wtSxUWAqXEgm0tfOilPyTNcI-wR-QeiljhV_FRStk6H04uMWYHj4runjuIJId8e2puQ8Xw9WArNiUMsB9uWLkKEiKF9gCpknSS1VmCdzhm9qf-jwvMu4TrHqYW4WwOBXtvZDkSfUwz0vHjg5X5BPMjoJ9ZGdJ4yqTXWblqAXS3aCedgdjV95FqJT3PeZWE3CYYoTIGQbQOCbDAfzicQYIYq3Ka9x-RXgYJcr1uQ6FEnLfM2nxVnFFh03AameuhTbr3jQM4fS1B7fkeXaQcK2xrRjlXwb_Eyh6SHh-nPO7RSkyyGfjIqaZ6QniHnOv1HnORzeFEx-IKKOmjujpIGTP6hblhn4sDSlYCPF9ttD9fxIYc; Idea-3aa62fe9=6aa43724-248a-4469-97b2-91e03ac28890; CookieInfo=1; LastUserSearch=From=berlin&To=hamburg; OpenIdConnect.nonce.6qJTNzFsWHppPOa%2FDEXxbcUYQ0cJMOU0aDtYlrPCO%2Fk%3D=M1c2eFNOUU1nSlE2Z091N3pMZ3ZrRDRjS291LWkzcGlhSGFsNzQ0azJILWJ5VHJPdDkwamwyXzZQWnFBd3JHa0JiRUo5Wll6WkR2OEd5aGN3dTdrMHRad2R5VW5lSXBCenlzT2YyTmVmWmwwbEtmU0ZIeTBXMllwcUppRFVtUVE5ZEQwUEZ5R0ZObG5kbFJaZXl1SXBsUzJ3RVo1RHBkc3hDenhuaTJZOG9KbC1GbnNJeTZJS2FSQ3RzSDFGeW5CMUxaejRnMk95d001eTdPRlo0cU0yRFJhLWFj"
    ],
    "Host": [
      "localhost"
    ],
    "Referer": [
      "http://localhost/identity/login?signin=51428b9186c86703f8b13fe22b2726b4"
    ],
    "User-Agent": [
      "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
    ],
    "Upgrade-Insecure-Requests": [
      "1"
    ]
  },
  "Body": ""
}
2017-01-19 11:03:35.404 +01:00 [Information] Callback invoked from external identity provider
2017-01-19 11:03:35.405 +01:00 [Information] external user provider: "Facebook", provider ID: "1568367229844585"
2017-01-19 11:03:35.415 +01:00 [Information] External identity successfully validated by user service
2017-01-19 11:03:35.415 +01:00 [Information] Calling PostAuthenticateAsync on the user service
2017-01-19 11:03:35.416 +01:00 [Information] issuing primary signin cookie
2017-01-19 11:03:35.416 +01:00 [Information] redirecting to: http://localhost/identity/connect/authorize?client_id=BlsFrontend&redirect_uri=http:%2F%2Flocalhost&response_mode=form_post&response_type=code id_token token&scope=openid profile offline_access&state=OpenIdConnect.AuthenticationProperties%3DK9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA&nonce=636204170122151954.NTU4ZTI4MDUtYmYxOC00YmZkLWE1NjYtNDQ2ZWZhY2E2MWEzM2Q2NmQyNGEtZWZmNC00MTkyLWE5NjEtYmNhZDUwMTMxOTk4
2017-01-19 11:03:35.420 +01:00 [Debug] HTTP Response
{
  "StatusCode": 302,
  "Headers": {
    "Content-Type": [
      "text/html"
    ],
    "Server": [
      "Microsoft-IIS/10.0"
    ],
    "Set-Cookie": [
      "SignInMessage.51428b9186c86703f8b13fe22b2726b4=.; path=/identity; expires=Tue, 19-Jan-2016 10:03:35 GMT; HttpOnly",
      "idsvr.session=864b6e0d905f11c428aae0ec1c81ba58; path=/identity; expires=Thu, 19-Jan-2017 20:03:35 GMT"
    ],
    "Location": [
      "http://localhost/identity/connect/authorize?client_id=BlsFrontend&redirect_uri=http%3A%2F%2Flocalhost&response_mode=form_post&response_type=code%20id_token%20token&scope=openid%20profile%20offline_access&state=OpenIdConnect.AuthenticationProperties%3DK9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA&nonce=636204170122151954.NTU4ZTI4MDUtYmYxOC00YmZkLWE1NjYtNDQ2ZWZhY2E2MWEzM2Q2NmQyNGEtZWZmNC00MTkyLWE5NjEtYmNhZDUwMTMxOTk4"
    ],
    "Content-Length": [
      "0"
    ]
  },
  "Body": ""
}
2017-01-19 11:03:35.462 +01:00 [Debug] HTTP Request
{
  "Method": "GET",
  "Url": "http://localhost/identity/connect/authorize?client_id=BlsFrontend&redirect_uri=http%3A%2F%2Flocalhost&response_mode=form_post&response_type=code%20id_token%20token&scope=openid%20profile%20offline_access&state=OpenIdConnect.AuthenticationProperties%3DK9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA&nonce=636204170122151954.NTU4ZTI4MDUtYmYxOC00YmZkLWE1NjYtNDQ2ZWZhY2E2MWEzM2Q2NmQyNGEtZWZmNC00MTkyLWE5NjEtYmNhZDUwMTMxOTk4",
  "Headers": {
    "Connection": [
      "keep-alive"
    ],
    "Accept": [
      "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
    ],
    "Accept-Encoding": [
      "gzip, deflate"
    ],
    "Accept-Language": [
      "de,en-US;q=0.7,en;q=0.3"
    ],
    "Cookie": [
      "idsrv.xsrf=kM1sxQT9p294Hmt38SokBOUUwWZM1nwYSyK3pLyzIpDWM4iskQ6LQlSgrhnRwzwiyDv-bGHbSawD4KSeOY1CHGI5vYHoGGLja5QNmwP3o_I; idsvr.session=864b6e0d905f11c428aae0ec1c81ba58; idsrv=NxF-5fEHizfsMRacMS3YlL0qn2w-SdfHwFfaQGsHzeyJCokz85hkDXOAs8Jtd_jx1li1gC-IfW_AEsH4lEK5baKDAQyKvHjHSXX8CyVLfEcBAj6auqAb5POWA7cjyFj9ckFK2WujOnzDA0xdDxhBVNLorcvUCvs_KbKXvhnPHSYuSUPf75O_zPODWgiEmw-nlZIuSngGOXROXX8woSAknZPjJt8tdvSRIz__N4HXUGls930LIsSaK60qMlG50pMmQSsEp4o8ZqdpPcA-b2SmNXU4T4v-eVXivNqooBd5deYZSLkEV3t5Tp1AasXhAohhCXII6I8AXvi4JadojMzCFS_b-r3yxPcln_hTh_EiO_OiIkTVW1v7HtBFf96yR1aY9ipR_e3rZXMlQ8Nrl8kdZg; Idea-3aa62fe9=6aa43724-248a-4469-97b2-91e03ac28890; CookieInfo=1; LastUserSearch=From=berlin&To=hamburg; OpenIdConnect.nonce.6qJTNzFsWHppPOa%2FDEXxbcUYQ0cJMOU0aDtYlrPCO%2Fk%3D=M1c2eFNOUU1nSlE2Z091N3pMZ3ZrRDRjS291LWkzcGlhSGFsNzQ0azJILWJ5VHJPdDkwamwyXzZQWnFBd3JHa0JiRUo5Wll6WkR2OEd5aGN3dTdrMHRad2R5VW5lSXBCenlzT2YyTmVmWmwwbEtmU0ZIeTBXMllwcUppRFVtUVE5ZEQwUEZ5R0ZObG5kbFJaZXl1SXBsUzJ3RVo1RHBkc3hDenhuaTJZOG9KbC1GbnNJeTZJS2FSQ3RzSDFGeW5CMUxaejRnMk95d001eTdPRlo0cU0yRFJhLWFj"
    ],
    "Host": [
      "localhost"
    ],
    "Referer": [
      "http://localhost/identity/login?signin=51428b9186c86703f8b13fe22b2726b4"
    ],
    "User-Agent": [
      "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
    ],
    "Upgrade-Insecure-Requests": [
      "1"
    ]
  },
  "Body": ""
}
2017-01-19 11:03:35.463 +01:00 [Information] Start authorize request
2017-01-19 11:03:35.463 +01:00 [Information] Start authorize request protocol validation
2017-01-19 11:03:35.463 +01:00 [Information] "Authorize request validation success"
 "{
  \"ClientId\": \"BlsFrontend\",
  \"ClientName\": \"Frontend of BLS\",
  \"RedirectUri\": \"http://localhost\",
  \"AllowedRedirectUris\": [
    \"http://localhost\",
    \"http://localhost/\",
    \"http://localhost/internal\",
    \"http://localhost/client-callback-silent/\",
    \"http://localhost/signin-oidc\",
    \"http://localhost/login\",
    \"http://localhost/client-callback-popup/\",
    \"http://bls.dev.de.green-parrot.net\",
    \"http://bls.dev.de.green-parrot.net/\",
    \"http://bls.dev.de.green-parrot.net/internal\",
    \"http://bls.dev.de.green-parrot.net/client-callback-silent/\",
    \"http://bls.dev.de.green-parrot.net/signin-oidc\",
    \"http://bls.dev.de.green-parrot.net/login\",
    \"http://bls.dev.de.green-parrot.net/client-callback-popup/\",
    \"http://bls.de.local\",
    \"http://bls.de.local/\",
    \"http://bls.de.local/internal\",
    \"http://bls.de.local/client-callback-silent/\",
    \"http://bls.de.local/signin-oidc\",
    \"http://bls.de.local/login\",
    \"http://bls.de.local/client-callback-popup/\",
    \"http://bls.fr.local\",
    \"http://bls.fr.local/\",
    \"http://bls.fr.local/internal\",
    \"http://bls.fr.local/client-callback-silent/\",
    \"http://bls.fr.local/signin-oidc\",
    \"http://bls.fr.local/login\",
    \"http://bls.fr.local/client-callback-popup/\"
  ],
  \"SubjectId\": \"587f9baca1fa4c400c14dc72\",
  \"ResponseType\": \"code id_token token\",
  \"ResponseMode\": \"form_post\",
  \"Flow\": \"Hybrid\",
  \"RequestedScopes\": \"openid profile offline_access\",
  \"State\": \"OpenIdConnect.AuthenticationProperties=K9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA\",
  \"Nonce\": \"636204170122151954.NTU4ZTI4MDUtYmYxOC00YmZkLWE1NjYtNDQ2ZWZhY2E2MWEzM2Q2NmQyNGEtZWZmNC00MTkyLWE5NjEtYmNhZDUwMTMxOTk4\",
  \"SessionId\": \"864b6e0d905f11c428aae0ec1c81ba58\",
  \"Raw\": {
    \"client_id\": \"BlsFrontend\",
    \"redirect_uri\": \"http://localhost\",
    \"response_mode\": \"form_post\",
    \"response_type\": \"code id_token token\",
    \"scope\": \"openid profile offline_access\",
    \"state\": \"OpenIdConnect.AuthenticationProperties=K9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA\",
    \"nonce\": \"636204170122151954.NTU4ZTI4MDUtYmYxOC00YmZkLWE1NjYtNDQ2ZWZhY2E2MWEzM2Q2NmQyNGEtZWZmNC00MTkyLWE5NjEtYmNhZDUwMTMxOTk4\"
  }
}"
2017-01-19 11:03:35.468 +01:00 [Information] Creating Hybrid Flow response.
2017-01-19 11:03:35.468 +01:00 [Debug] Storing authorization code with keyQyW0yRb0rW1fkqsV6x8Vj0CJus2n6h-ejBc8G82iquo
2017-01-19 11:03:35.470 +01:00 [Debug] MongoDB.Driver.ReplaceOneResult+Acknowledged
2017-01-19 11:03:35.471 +01:00 [Information] Creating Implicit Flow response.
2017-01-19 11:03:35.471 +01:00 [Debug] Creating access token
2017-01-19 11:03:35.471 +01:00 [Debug] Creating JWT access token
2017-01-19 11:03:35.476 +01:00 [Debug] Creating identity token
2017-01-19 11:03:35.476 +01:00 [Information] Getting claims for identity token for subject: 587f9baca1fa4c400c14dc72
2017-01-19 11:03:35.480 +01:00 [Debug] Creating JWT identity token
2017-01-19 11:03:35.486 +01:00 [Debug] Adding client "BlsFrontend" to client list cookie for subject "587f9baca1fa4c400c14dc72"
2017-01-19 11:03:35.486 +01:00 [Information] End authorize request
2017-01-19 11:03:35.486 +01:00 [Information] Posting to http://localhost
2017-01-19 11:03:35.487 +01:00 [Debug] Using DefaultViewService to render authorization response HTML
2017-01-19 11:03:35.487 +01:00 [Debug] HTTP Response
{
  "StatusCode": 200,
  "Headers": {
    "Content-Type": [
      "text/html; charset=utf-8"
    ],
    "Server": [
      "Microsoft-IIS/10.0"
    ],
    "Set-Cookie": [
      "idsvr.clients=WyJCbHNGcm9udGVuZCJd; path=/identity; HttpOnly"
    ],
    "Cache-Control": [
      "no-store, no-cache, max-age=0, private"
    ],
    "Pragma": [
      "no-cache"
    ],
    "X-Content-Type-Options": [
      "nosniff"
    ],
    "Content-Security-Policy": [
      "default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *;  report-uri http://localhost/identity/csp/report"
    ],
    "X-Content-Security-Policy": [
      "default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *;  report-uri http://localhost/identity/csp/report"
    ],
    "Content-Length": [
      "4823"
    ]
  },
  "Body": "<!DOCTYPE html>\r\n<html ng-app=\"app\" ng-csp ng-controller=\"LayoutCtrl\">\r\n<head>\r\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\" />\r\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\r\n    <title>Green Parrot GmbH / Busliniensuche / Busradar</title>\r\n    <link href='/identity/assets/styles.min.css' rel='stylesheet'>\r\n\r\n</head>\r\n<body lang=\"en\">\r\n    <div class=\"navbar navbar-inverse navbar-fixed-top\">\r\n        <div class=\"navbar-header\">\r\n            <a href=\"/identity/\">\r\n                <span class=\"navbar-brand\">Green Parrot GmbH / Busliniensuche / Busradar</span>\r\n            </a>\r\n        </div>\r\n        <ul class=\"nav navbar-nav\" ng-show=\"model.currentUser\" ng-cloak>\r\n            <li class=\"dropdown\">\r\n                <a href=\"#\" class=\"dropdown-toggle\" data-toggle=\"dropdown\">{model.currentUser} <b class=\"caret\"></b></a>\r\n                <ul class=\"dropdown-menu\">\r\n                    <li><a href=\"{model.logoutUrl}\">Logout</a></li>\r\n                    <li class=\"divider\" ng-show=\"model.loginWithDifferentAccountUrl\"></li>\r\n                    <li><a href=\"{model.loginWithDifferentAccountUrl}\" ng-show=\"model.loginWithDifferentAccountUrl\">Login With Different Account</a></li>\r\n                </ul>\r\n            </li>\r\n        </ul>\r\n    </div>\r\n\r\n    <div class='container page-authorizeresponse' ng-cloak>\r\n        <div class=\"page-header\">\r\n    <h1>Please wait...</h1>\r\n</div>\r\n\r\n<div class=\"row\">\r\n    <div class=\"col-md-6 col-sm-6\">\r\n        <form method=\"post\" action=\"http://localhost\">\r\n            <input type=\"hidden\" name=\"code\" value=\"950a7938643d0469f14ac5228bc5a9ce\" />\n<input type=\"hidden\" name=\"id_token\" value=\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2lkZW50aXR5IiwiYXVkIjoiQmxzRnJvbnRlbmQiLCJleHAiOjE0ODQ4MjA1MTUsIm5iZiI6MTQ4NDgyMDIxNSwibm9uY2UiOiI2MzYyMDQxNzAxMjIxNTE5NTQuTlRVNFpUSTRNRFV0WW1ZeE9DMDBZbVprTFdFMU5qWXRORFEyWldaaFkyRTJNV0V6TTJRMk5tUXlOR0V0WldabU5DMDBNVGt5TFdFNU5qRXRZbU5oWkRVd01UTXhPVGs0IiwiaWF0IjoxNDg0ODIwMjE1LCJhdF9oYXNoIjoiNjRGaUluWjgyRm9Nekp0MGEySURzdyIsImNfaGFzaCI6IlF5VzB5UmIwclcxZmtxc1Y2eDhWanciLCJzaWQiOiI4NjRiNmUwZDkwNWYxMWM0MjhhYWUwZWMxYzgxYmE1OCIsInN1YiI6IjU4N2Y5YmFjYTFmYTRjNDAwYzE0ZGM3MiIsImF1dGhfdGltZSI6MTQ4NDgyMDIxNSwiaWRwIjoiRmFjZWJvb2siLCJmYWNlYm9va19pZCI6IjE1NjgzNjcyMjk4NDQ1ODUiLCJkaXNwbGF5bmFtZSI6IktpcmlsbCBSYWtobWFuIiwiYW1yIjpbImV4dGVybmFsIl19.SmbC-Xn7KPCEOuZ6wSYd9wFTW7Y6mUO_nRkRa6WRM8Eg2-uJusyyKZb13gD-G26V0Efb5DpFw9v4PWazChDE4pEA__PV539dM8CeFxeTHy1HQgw4p-MwTNqN1Yxy_XlpQ14PSzSRs0Uno0JkUVGO-CsmOybr3u9YQCJxNOp2m4YdV1yjQixziy58YuxyqCdS9Bc1ywlRNk1v9TemFaDarUktpNx8T4fEq8uaBEwNw0sxnF4N2tcVLyLlVN7T5NTVNChc3A8-768GUHV0o7qeKzoTJ_q4EJn7j3n2o2shnJq6CJB74f-HMvIKpPryqd50HEFwJJASL6qxsvcn2PhyJQ\" />\n<input type=\"hidden\" name=\"access_token\" value=\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2lkZW50aXR5IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdC9pZGVudGl0eS9yZXNvdXJjZXMiLCJleHAiOjE0ODQ4MjAzMzUsIm5iZiI6MTQ4NDgyMDIxNSwiY2xpZW50X2lkIjoiQmxzRnJvbnRlbmQiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwib2ZmbGluZV9hY2Nlc3MiXSwic3ViIjoiNTg3ZjliYWNhMWZhNGM0MDBjMTRkYzcyIiwiYXV0aF90aW1lIjoxNDg0ODIwMjE1LCJpZHAiOiJGYWNlYm9vayIsImFtciI6WyJleHRlcm5hbCJdfQ.CBHD5kGALeOHOkMu6Cu3BmH0CGk7JfdOgpbE2XUe3VFgbYXv80gssr4OgLeRlhhytoGP8IYG9xUPOUaDxCMg2FFYA1HT_CczT3b5dft1qvHTzVEliM98e8vKY7NsNPX4dX_b7IUvp6pSMfHq0snIW-e6j2hH0pkRxLwn0XZmGtxHeGM26N3_i45JtOcw4v9CQPMWhnS7uCErNYyDZrqVSfNGuAFTBMU0l_xFmBskXiXELUFHW9RCYdS8ssqvm1H7yrToUC_f0Bd-8R5bmHqygitfeTFwKJakB5TzKaSxwD1X42BB8wEZJ7aOmNqsF2DPUN7n6SoHWopwYCFcepJoSg\" />\n<input type=\"hidden\" name=\"token_type\" value=\"Bearer\" />\n<input type=\"hidden\" name=\"expires_in\" value=\"120\" />\n<input type=\"hidden\" name=\"scope\" value=\"openid profile offline_access\" />\n<input type=\"hidden\" name=\"state\" value=\"OpenIdConnect.AuthenticationProperties=K9Z96GJQca5BaYon-kdSW73xnoLSLTq8y4hrHob1ILj1JCPD4UDNyh2f2T-KHBCysHwViU0apcLyCeYn6E79oiyB7LEaP3YRew7lNpJiQCIKzE_-SGTQ4Exmpthjl8Z3Hg7lahIp7d26_GEj6cRPJPzn2HN-NaiEIlwjnLMwKLEKwgVoFTPFdIe4woJ91QyiZ2MsOA\" />\n<input type=\"hidden\" name=\"session_state\" value=\"0RIyenl1PjMhBN0bh1542Qe9kSg6tg1O7XncItp0pvw.9e68dee8d8a72bc0e6f5e08f3a3c5304\" />\n\r\n        </form>\r\n    </div>\r\n</div>\r\n\r\n    </div>\r\n\r\n    <script id='modelJson' type='application/json'>{&quot;siteUrl&quot;:&quot;http://localhost/identity/&quot;,&quot;siteName&quot;:&quot;Green Parrot GmbH / Busliniensuche / Busradar&quot;,&quot;currentUser&quot;:null,&quot;logoutUrl&quot;:null,&quot;custom&quot;:null}</script>\r\n    <script src=\"/identity/assets/scripts.2.5.0.js\"></script>\r\n    <script src='/identity/assets/app.FormPostResponse.js'></script>\r\n\r\n</body>\r\n</html>\r\n"
}
2017-01-19 11:03:35.626 +01:00 [Debug] HTTP Request
{
  "Method": "POST",
  "Url": "http://localhost/identity/connect/token",
  "Headers": {
    "Content-Length": [
      "103"
    ],
    "Content-Type": [
      "application/x-www-form-urlencoded"
    ],
    "Accept": [
      "application/json"
    ],
    "Authorization": [
      "Basic QmxzRnJvbnRlbmQ6c2VjcmV0"
    ],
    "Expect": [
      "100-continue"
    ],
    "Host": [
      "localhost"
    ]
  },
  "Body": "grant_type=authorization_code&code=950a7938643d0469f14ac5228bc5a9ce&redirect_uri=http%3A%2F%2Flocalhost"
}
2017-01-19 11:03:35.628 +01:00 [Information] Start token request
2017-01-19 11:03:35.628 +01:00 [Debug] Start client validation
2017-01-19 11:03:35.628 +01:00 [Debug] Start parsing Basic Authentication secret
2017-01-19 11:03:35.629 +01:00 [Debug] Parser found secret: "BasicAuthenticationSecretParser"
2017-01-19 11:03:35.629 +01:00 [Information] Secret id found: "BlsFrontend"
2017-01-19 11:03:35.629 +01:00 [Debug] Secret validator success: "HashedSharedSecretValidator"
2017-01-19 11:03:35.629 +01:00 [Information] Client validation success
2017-01-19 11:03:35.629 +01:00 [Information] Start token request validation
2017-01-19 11:03:35.629 +01:00 [Information] Start validation of authorization code token request
2017-01-19 11:03:35.637 +01:00 [Debug] Authorization code found for key QyW0yRb0rW1fkqsV6x8Vj0CJus2n6h-ejBc8G82iquo. Deserializing...
2017-01-19 11:03:35.646 +01:00 [Debug] MongoDB.Driver.DeleteResult+Acknowledged
2017-01-19 11:03:35.650 +01:00 [Information] Validation of authorization code token request success
2017-01-19 11:03:35.650 +01:00 [Information] Token request validation success
 {
  "ClientId": "BlsFrontend",
  "ClientName": "Frontend of BLS",
  "GrantType": "authorization_code",
  "AuthorizationCode": "950a7938643d0469f14ac5228bc5a9ce",
  "Raw": {
    "grant_type": "authorization_code",
    "code": "950a7938643d0469f14ac5228bc5a9ce",
    "redirect_uri": "http://localhost"
  }
}
2017-01-19 11:03:35.651 +01:00 [Information] Creating token response
2017-01-19 11:03:35.651 +01:00 [Information] Processing authorization code request
2017-01-19 11:03:35.651 +01:00 [Debug] Creating access token
2017-01-19 11:03:35.651 +01:00 [Debug] Creating refresh token
2017-01-19 11:03:35.651 +01:00 [Debug] Setting an absolute lifetime: 2592000
2017-01-19 11:03:35.658 +01:00 [Debug] MongoDB.Driver.ReplaceOneResult+Acknowledged
2017-01-19 11:03:35.659 +01:00 [Debug] Creating JWT access token
2017-01-19 11:03:35.665 +01:00 [Debug] Creating identity token
2017-01-19 11:03:35.666 +01:00 [Information] Getting claims for identity token for subject: 587f9baca1fa4c400c14dc72
2017-01-19 11:03:35.668 +01:00 [Debug] Creating JWT identity token
2017-01-19 11:03:35.676 +01:00 [Information] End token request
2017-01-19 11:03:35.677 +01:00 [Information] Returning token response.
2017-01-19 11:03:35.678 +01:00 [Debug] HTTP Response
{
  "StatusCode": 200,
  "Headers": {
    "Content-Type": [
      "application/json; charset=utf-8"
    ],
    "Server": [
      "Microsoft-IIS/10.0"
    ],
    "Cache-Control": [
      "no-store, no-cache, max-age=0, private"
    ],
    "Pragma": [
      "no-cache"
    ],
    "Content-Length": [
      "1963"
    ]
  },
  "Body": "{\"id_token\":\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2lkZW50aXR5IiwiYXVkIjoiQmxzRnJvbnRlbmQiLCJleHAiOjE0ODQ4MjA1MTUsIm5iZiI6MTQ4NDgyMDIxNSwibm9uY2UiOiI2MzYyMDQxNzAxMjIxNTE5NTQuTlRVNFpUSTRNRFV0WW1ZeE9DMDBZbVprTFdFMU5qWXRORFEyWldaaFkyRTJNV0V6TTJRMk5tUXlOR0V0WldabU5DMDBNVGt5TFdFNU5qRXRZbU5oWkRVd01UTXhPVGs0IiwiaWF0IjoxNDg0ODIwMjE1LCJzdWIiOiI1ODdmOWJhY2ExZmE0YzQwMGMxNGRjNzIiLCJhdXRoX3RpbWUiOjE0ODQ4MjAyMTUsImlkcCI6IkZhY2Vib29rIiwiZmFjZWJvb2tfaWQiOiIxNTY4MzY3MjI5ODQ0NTg1IiwiZGlzcGxheW5hbWUiOiJLaXJpbGwgUmFraG1hbiIsImFtciI6WyJleHRlcm5hbCJdfQ.Q79kBwB0Po5dR6no-XLKWMdvSeEpSSexpS4PeIcCnSE0KhRa24XxMQ397ys8bBY5iaeyRzrx_PAH8600y4ltROoghPOC42AF5-hGZmg4dqI9BaAU70Z4Gs3MdiABAIWzXBte_UzN7QJdUCysqCPH4QTLvKqAENtBcvuOcE2hEP7ovbxrxofyV2VEACw2fb3XufRcUZbaN0WWeElBTRIJSd2RGm3oeAkyw_w_8sra2DljU8o4SJJc_ipyei0Q22vB2dG5yAEm4SWBvyX2jEdvOoBA500PlRAI795AbQ0HvXTwDJgiLdoWJAI0f8FBEYUBJFlDYomr_X6aJC_Q6i8FpA\",\"access_token\":\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2lkZW50aXR5IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdC9pZGVudGl0eS9yZXNvdXJjZXMiLCJleHAiOjE0ODQ4MjAzMzUsIm5iZiI6MTQ4NDgyMDIxNSwiY2xpZW50X2lkIjoiQmxzRnJvbnRlbmQiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwib2ZmbGluZV9hY2Nlc3MiXSwic3ViIjoiNTg3ZjliYWNhMWZhNGM0MDBjMTRkYzcyIiwiYXV0aF90aW1lIjoxNDg0ODIwMjE1LCJpZHAiOiJGYWNlYm9vayIsImFtciI6WyJleHRlcm5hbCJdfQ.CBHD5kGALeOHOkMu6Cu3BmH0CGk7JfdOgpbE2XUe3VFgbYXv80gssr4OgLeRlhhytoGP8IYG9xUPOUaDxCMg2FFYA1HT_CczT3b5dft1qvHTzVEliM98e8vKY7NsNPX4dX_b7IUvp6pSMfHq0snIW-e6j2hH0pkRxLwn0XZmGtxHeGM26N3_i45JtOcw4v9CQPMWhnS7uCErNYyDZrqVSfNGuAFTBMU0l_xFmBskXiXELUFHW9RCYdS8ssqvm1H7yrToUC_f0Bd-8R5bmHqygitfeTFwKJakB5TzKaSxwD1X42BB8wEZJ7aOmNqsF2DPUN7n6SoHWopwYCFcepJoSg\",\"expires_in\":120,\"token_type\":\"Bearer\",\"refresh_token\":\"bc1edc14300f9c7bef892c4a45e6054e\"}"
}
2017-01-19 11:03:35.725 +01:00 [Debug] HTTP Request
{
  "Method": "POST",
  "Url": "http://localhost/identity/connect/token",
  "Headers": {
    "Content-Length": [
      "71"
    ],
    "Content-Type": [
      "application/x-www-form-urlencoded"
    ],
    "Accept": [
      "application/json"
    ],
    "Authorization": [
      "Basic QmxzRnJvbnRlbmQ6c2VjcmV0"
    ],
    "Expect": [
      "100-continue"
    ],
    "Host": [
      "localhost"
    ]
  },
  "Body": "grant_type=refresh_token&refresh_token=bc1edc14300f9c7bef892c4a45e6054e"
}
2017-01-19 11:03:35.727 +01:00 [Information] Start token request
2017-01-19 11:03:35.727 +01:00 [Debug] Start client validation
2017-01-19 11:03:35.727 +01:00 [Debug] Start parsing Basic Authentication secret
2017-01-19 11:03:35.727 +01:00 [Debug] Parser found secret: "BasicAuthenticationSecretParser"
2017-01-19 11:03:35.727 +01:00 [Information] Secret id found: "BlsFrontend"
2017-01-19 11:03:35.727 +01:00 [Debug] Secret validator success: "HashedSharedSecretValidator"
2017-01-19 11:03:35.727 +01:00 [Information] Client validation success
2017-01-19 11:03:35.728 +01:00 [Information] Start token request validation
2017-01-19 11:03:35.728 +01:00 [Information] Start validation of refresh token request
2017-01-19 11:03:35.736 +01:00 [Information] Validation of refresh token request success
2017-01-19 11:03:35.737 +01:00 [Information] Token request validation success
 {
  "ClientId": "BlsFrontend",
  "ClientName": "Frontend of BLS",
  "GrantType": "refresh_token",
  "RefreshToken": "bc1edc14300f9c7bef892c4a45e6054e",
  "Raw": {
    "grant_type": "refresh_token",
    "refresh_token": "bc1edc14300f9c7bef892c4a45e6054e"
  }
}
2017-01-19 11:03:35.737 +01:00 [Information] Creating token response
2017-01-19 11:03:35.737 +01:00 [Information] Processing refresh token request
2017-01-19 11:03:35.737 +01:00 [Debug] Creating JWT access token
2017-01-19 11:03:35.744 +01:00 [Debug] Updating refresh token
2017-01-19 11:03:35.744 +01:00 [Debug] No updates to refresh token done
2017-01-19 11:03:35.744 +01:00 [Debug] Creating identity token
2017-01-19 11:03:35.751 +01:00 [Error] Unhandled exception accessing: /identity/connect/token
System.NullReferenceException: Object reference not set to an instance of an object.
   at IdentityServer3.Core.Services.Default.DefaultClaimsProvider.<GetIdentityTokenClaimsAsync>d__0.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Services\Default\DefaultClaimsProvider.cs:line 65
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.Core.Services.Default.DefaultTokenService.<CreateIdentityTokenAsync>d__1.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Services\Default\DefaultTokenService.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.Core.ResponseHandling.TokenResponseGenerator.<CreateIdTokenFromRefreshTokenRequestAsync>d__33.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\ResponseHandling\TokenResponseGenerator.cs:line 264
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
   at IdentityServer3.Core.ResponseHandling.TokenResponseGenerator.<ProcessRefreshTokenRequestAsync>d__18.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\ResponseHandling\TokenResponseGenerator.cs:line 194
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.Core.ResponseHandling.TokenResponseGenerator.<ProcessAsync>d__0.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\ResponseHandling\TokenResponseGenerator.cs:line 61
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.Core.Endpoints.TokenEndpointController.<ProcessAsync>d__7.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\TokenEndpointController.cs:line 113
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.Core.Endpoints.TokenEndpointController.<Post>d__0.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\TokenEndpointController.cs:line 74
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Threading.Tasks.System.Web.Http910911.TaskHelpersExtensions.<CastToObject>d__3`1.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__5.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__5.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<ExecuteActionFilterAsyncCore>d__0.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext() in c:\local\identity\server3\IdentityServer3\source\Core\Endpoints\Connect\DiscoveryEndpointController.cs:line 0

[odinnou]

hi! Same here, I can't get a Refresh Token after update from 2.5.4 to 2.6.0 :( (I use reference token stored in a SQL Server database)

So, I downgrade to 2.5.4 and it works again.

[johnkors]

Also using refresh tokens and 2.6.0, but not the mongodb package. Not having issues so far.

This issue probably relates to: #3458

[brockallen]

Can you check in the DB and show me what one of your refresh token records looks like (and omit the sensitive stuff, please)? I tried to repo and I can't, so the only thing that would make sense to me is that the Subject/Claims associated with the record is missing or not getting deserialized.

[johnkors]

I see the mongodb implementation does not serialize the claimsprincipal. Could that be it? Maybe @jageall can chime in :)

[jageall]

I'll get a package with a fix for this out today

[jageall]

that took a bit longer than expected due to some changes in mongodb upsert behaviour :( but 2.1.1 of the mongodb package has been updated to work with 2.6.0

[johnkors]

@cypressious : can you test the new mongodb package, and see if that solves your issues?

[cypressious]

Seems to work. Thanks to all of you!

[ghost]

This still occurs when using reference refresh tokens with SQL. Downgrading from 2.6.0 to 2.5.4 solves the issue, just as @odinnou did. You seem to only have discussed the MongoDB issue here, or does anybody know why it also happens with SQL databases, @jageall ?

[johnkors]

How are you implementing IRefreshTokenStore? EF? Rolled your own?

The MongoDB implementation was lacking the Subject for Refreshtokens - not sure if what you're seeing is related or not.

[ghost]

@johnkors ~~We do not implement our own IRefreshTokenStore, so it has the default one.~~

EDIT: My mistake, I misread it for IRefreshTokenService!

[johnkors]

The default is in-memory, not backed by SQL.

[ghost]

@johnkors Sorry about the confusion, I misread it. So we do have a RefreshTokenStore where we just inserted the freshly generated RefreshToken into the table, and now when trying to change into a ReUse-scheme we instead check first if it exists, update it in that case, otherwise just insert.

And from what I can see we use a JsonConvert from Newtonsoft.Json a default JsonSerializerSettings containing a ClaimConverter, which extends a JsonConverter.

[johnkors]

Do you have something in that SerializerSettings for converting the ClaimsPrincipal as well ..? (the .Subject prop of RefreshToken.cs)

Similar to:

https://github.com/IdentityServer/IdentityServer3.EntityFramework/blob/master/Source/Core.EntityFramework/Stores/BaseTokenStore.cs#L67

[ghost]

@johnkors No we did not do that, so I'm currently implementing one right now. Is this a new thing in 2.6.0? Considering we had no issues with this before, I mean. Or was it just a silent error/corruption previously?

[johnkors]

No, the Subject property has been there for 2 years. Not sure why you haven't seen an issue with it before, but this commit from @brockallen I believe is the "new" thing now requiring you to store/retrieve the .Subject of RefreshToken.

https://github.com/IdentityServer/IdentityServer3/commit/9f5c9fee22c0bfdc2a6f70a0b0867af99ea347d0#diff-287491a9b650b4ec461c20c747595077R258

[ghost]

@johnkors That makes sense, because it did crash in our ITokenService when creating an IdentityToken, which is where I was debugging. But when reverting to 2.5.4 it did not even go there, compared to 2.6.0. So I guess that's it then. I have implemented the ClaimsPrincipalConverter now and will try to update once more after I finish what I'm currently working on.