filter out disabled clients

source/Core/Extensions/IClientStoreExtensions.cs

@@ -25,6 +25,22 @@ namespace IdentityServer3.Core.Extensions
 {
     internal static class IClientStoreExtensions
     {
+        internal static async Task<Client> FindEnabledClientByIdAsync(this IClientStore store, string clientId)
+        {
+            if (store == null) throw new ArgumentNullException("store");
+
+            if (clientId.IsPresent())
+            {
+                var client = await store.FindClientByIdAsync(clientId);
+                if (client != null && client.Enabled)
+                {
+                    return client;
+                }
+            }
+
+            return null;
+        }
+
         internal static async Task<IEnumerable<string>> GetIdentityProviderRestrictionsAsync(this IClientStore store, string clientId)
         {
             if (store == null) throw new ArgumentNullException("store");

source/Core/Services/Default/DefaultCustomTokenValidator.cs

@@ -100,8 +100,8 @@ public virtual async Task<TokenValidationResult> ValidateAccessTokenAsync(TokenV
             var clientClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.ClientId);
             if (clientClaim != null)
             {
-                var client = await _clients.FindClientByIdAsync(clientClaim.Value);
-                if (client == null || client.Enabled == false)
+                var client = await _clients.FindEnabledClientByIdAsync(clientClaim.Value);
+                if (client == null)
                 {
                     Logger.Warn("Client deleted or disabled: " + clientClaim.Value);
 

source/Core/Validation/AuthorizeRequestValidator.cs

@@ -158,8 +158,8 @@ public async Task<AuthorizeRequestValidationResult> ValidateClientAsync(Validate
             //////////////////////////////////////////////////////////
             // check for valid client
             //////////////////////////////////////////////////////////
-            var client = await _clients.FindClientByIdAsync(request.ClientId);
-            if (client == null || client.Enabled == false)
+            var client = await _clients.FindEnabledClientByIdAsync(request.ClientId);
+            if (client == null)
             {
                 LogError("Unknown client or not enabled: " + request.ClientId, request);
                 return Invalid(request, ErrorTypes.User, Constants.AuthorizeErrors.UnauthorizedClient);

source/Core/Validation/ClientSecretValidator.cs

@@ -60,12 +60,12 @@ public async Task<ClientSecretValidationResult> ValidateAsync()
             }
 
             // load client
-            var client = await _clients.FindClientByIdAsync(parsedSecret.Id);
+            var client = await _clients.FindEnabledClientByIdAsync(parsedSecret.Id);
             if (client == null)
             {
-                await RaiseFailureEvent(parsedSecret.Id, "Unknown client");
+                await RaiseFailureEvent(parsedSecret.Id, "Unknown or disabled client");
 
-                Logger.Info("No client with that id found. aborting");
+                Logger.Info("No client with that id found or client is disabled. aborting");
                 return fail;
             }
 

source/Core/Validation/TokenValidator.cs

@@ -110,7 +110,7 @@ public virtual async Task<TokenValidationResult> ValidateIdentityTokenAsync(stri
             _log.ClientId = clientId;
             _log.ValidateLifetime = validateLifetime;
 
-            var client = await _clients.FindClientByIdAsync(clientId);
+            var client = await _clients.FindEnabledClientByIdAsync(clientId);
             if (client == null)
             {
                 LogError("Unknown or disabled client.");
@@ -264,10 +264,10 @@ private async Task<TokenValidationResult> ValidateJwtAsync(string jwt, string au
                 var clientId = id.FindFirst(Constants.ClaimTypes.ClientId);
                 if (clientId != null)
                 {
-                    client = await _clients.FindClientByIdAsync(clientId.Value);
+                    client = await _clients.FindEnabledClientByIdAsync(clientId.Value);
                     if (client == null)
                     {
-                        throw new InvalidOperationException("Client does not exist anymore.");
+                        throw new InvalidOperationException("Client does not exist anymore or is disabled.");
                     }
                 }