From 865e76f6202453a26b2d6419607bd0af9e3a8363 Mon Sep 17 00:00:00 2001 From: Patrick Pimentel Date: Mon, 8 Dec 2025 15:00:14 -0500 Subject: [PATCH] fix(auth-validator): [PM-22975] Client Version Validator - Reorder of client version validation. --- .../RequestValidators/ClientVersionValidator.cs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Identity/IdentityServer/RequestValidators/ClientVersionValidator.cs b/src/Identity/IdentityServer/RequestValidators/ClientVersionValidator.cs index d34890475f..7f332c8997 100644 --- a/src/Identity/IdentityServer/RequestValidators/ClientVersionValidator.cs +++ b/src/Identity/IdentityServer/RequestValidators/ClientVersionValidator.cs @@ -41,10 +41,6 @@ public class ClientVersionValidator( Version? clientVersion = currentContext.ClientVersion; - // Determine the minimum version client that a user needs. If no V2 encryption detected then - // no validation needs to occur, which is why min version number can be null. - Version? minVersion = user.HasV2Encryption() ? Constants.MinimumClientVersionForV2Encryption : null; - // Deny access if the client version headers are missing. // We want to establish a strict contract with clients that if they omit this header, // then the server cannot guarantee that a client won't do harm to a user's data @@ -55,6 +51,10 @@ public class ClientVersionValidator( return false; } + // Determine the minimum version client that a user needs. If no V2 encryption detected then + // no validation needs to occur, which is why min version number can be null. + Version? minVersion = user.HasV2Encryption() ? Constants.MinimumClientVersionForV2Encryption : null; + // If min version is null then we know that the user had an encryption // configuration that doesn't require a minimum version. Allowing through. if (minVersion == null)