From a1403145e028070877296daf20cd0923889808fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Mon, 9 Dec 2024 15:37:37 +0100 Subject: [PATCH] Bump OpenIddict to 6.0.0 --- Directory.Packages.props | 28 ++++----- samples/Aridka/Aridka.Server/Startup.cs | 1 - .../Controllers/AuthorizationController.cs | 12 ++-- samples/Balosar/Balosar.Server/Startup.cs | 7 +-- samples/Balosar/Balosar.Server/Worker.cs | 2 +- samples/Contruum/Contruum.Server/Handlers.cs | 58 ------------------ .../Pages/Connect/Authorize.cshtml.cs | 6 +- samples/Contruum/Contruum.Server/Startup.cs | 59 ++++++++++++++++--- .../Controllers/AuthorizationController.cs | 12 ++-- samples/Dantooine/Dantooine.Server/Startup.cs | 11 ++-- samples/Dantooine/Dantooine.Server/Worker.cs | 2 +- .../TokenRefreshingDelegatingHandler.cs | 4 +- .../Dantooine.WebAssembly.Server/Startup.cs | 1 - .../Fornax.Server/Connect/Authorize.aspx.cs | 6 +- samples/Hollastin/Hollastin.Server/Startup.cs | 1 - samples/Imynusoph/Imynusoph.Server/Startup.cs | 1 - samples/Matty/Matty.Client/Program.cs | 2 +- samples/Matty/Matty.Server/Startup.cs | 13 ++-- samples/Matty/Matty.Server/Worker.cs | 2 +- samples/Mimban/Mimban.Server/Program.cs | 1 - .../Controllers/AuthorizationController.cs | 6 +- samples/Mortis/Mortis.Server/Startup.cs | 6 +- .../Sorgan/Sorgan.Console.Client/Program.cs | 2 +- samples/Velusia/Velusia.Client/Startup.cs | 1 - .../Controllers/AuthorizationController.cs | 12 ++-- samples/Velusia/Velusia.Server/Startup.cs | 9 ++- samples/Velusia/Velusia.Server/Worker.cs | 2 +- samples/Weytta/Weytta.Server/Startup.cs | 1 - samples/Zirku/Zirku.Server/Program.cs | 3 +- 29 files changed, 122 insertions(+), 149 deletions(-) delete mode 100644 samples/Contruum/Contruum.Server/Handlers.cs diff --git a/Directory.Packages.props b/Directory.Packages.props index a8dd8e60a..574ba3c71 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -44,11 +44,11 @@ - - - - - + + + + + @@ -85,15 +85,15 @@ - - - - - - - - - + + + + + + + + + diff --git a/samples/Aridka/Aridka.Server/Startup.cs b/samples/Aridka/Aridka.Server/Startup.cs index 1ddbb4941..3d0fd50cd 100644 --- a/samples/Aridka/Aridka.Server/Startup.cs +++ b/samples/Aridka/Aridka.Server/Startup.cs @@ -34,7 +34,6 @@ public void ConfigureServices(IServiceCollection services) // (like pruning orphaned authorizations/tokens from the database) at regular intervals. services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); diff --git a/samples/Balosar/Balosar.Server/Controllers/AuthorizationController.cs b/samples/Balosar/Balosar.Server/Controllers/AuthorizationController.cs index 344e0015f..10bc4bd2f 100644 --- a/samples/Balosar/Balosar.Server/Controllers/AuthorizationController.cs +++ b/samples/Balosar/Balosar.Server/Controllers/AuthorizationController.cs @@ -61,13 +61,13 @@ public async Task Authorize() // For scenarios where the default authentication handler configured in the ASP.NET Core // authentication options shouldn't be used, a specific scheme can be specified here. var result = await HttpContext.AuthenticateAsync(); - if (result == null || !result.Succeeded || request.HasPrompt(Prompts.Login) || + if (result == null || !result.Succeeded || request.HasPromptValue(PromptValues.Login) || (request.MaxAge != null && result.Properties?.IssuedUtc != null && DateTimeOffset.UtcNow - result.Properties.IssuedUtc > TimeSpan.FromSeconds(request.MaxAge.Value))) { // If the client application requested promptless authentication, // return an error indicating that the user is not logged in. - if (request.HasPrompt(Prompts.None)) + if (request.HasPromptValue(PromptValues.None)) { return Forbid( authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, @@ -80,7 +80,7 @@ public async Task Authorize() // To avoid endless login -> authorization redirects, the prompt=login flag // is removed from the authorization request payload before redirecting the user. - var prompt = string.Join(" ", request.GetPrompts().Remove(Prompts.Login)); + var prompt = string.Join(" ", request.GetPromptValues().Remove(PromptValues.Login)); var parameters = Request.HasFormContentType ? Request.Form.Where(parameter => parameter.Key != Parameters.Prompt).ToList() : @@ -130,7 +130,7 @@ public async Task Authorize() // return an authorization response without displaying the consent form. case ConsentTypes.Implicit: case ConsentTypes.External when authorizations.Count is not 0: - case ConsentTypes.Explicit when authorizations.Count is not 0 && !request.HasPrompt(Prompts.Consent): + case ConsentTypes.Explicit when authorizations.Count is not 0 && !request.HasPromptValue(PromptValues.Consent): // Create the claims-based identity that will be used by OpenIddict to generate tokens. var identity = new ClaimsIdentity( authenticationType: TokenValidationParameters.DefaultAuthenticationType, @@ -167,8 +167,8 @@ public async Task Authorize() // At this point, no authorization was found in the database and an error must be returned // if the client application specified prompt=none in the authorization request. - case ConsentTypes.Explicit when request.HasPrompt(Prompts.None): - case ConsentTypes.Systematic when request.HasPrompt(Prompts.None): + case ConsentTypes.Explicit when request.HasPromptValue(PromptValues.None): + case ConsentTypes.Systematic when request.HasPromptValue(PromptValues.None): return Forbid( authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, properties: new AuthenticationProperties(new Dictionary diff --git a/samples/Balosar/Balosar.Server/Startup.cs b/samples/Balosar/Balosar.Server/Startup.cs index 41b21b9c6..487530e59 100644 --- a/samples/Balosar/Balosar.Server/Startup.cs +++ b/samples/Balosar/Balosar.Server/Startup.cs @@ -42,7 +42,6 @@ public void ConfigureServices(IServiceCollection services) // (like pruning orphaned authorizations/tokens from the database) at regular intervals. services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); @@ -106,9 +105,9 @@ public void ConfigureServices(IServiceCollection services) { // Enable the authorization, logout, token and userinfo endpoints. options.SetAuthorizationEndpointUris("connect/authorize") - .SetLogoutEndpointUris("connect/logout") + .SetEndSessionEndpointUris("connect/logout") .SetTokenEndpointUris("connect/token") - .SetUserinfoEndpointUris("connect/userinfo"); + .SetUserInfoEndpointUris("connect/userinfo"); // Mark the "email", "profile" and "roles" scopes as supported scopes. options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles); @@ -125,7 +124,7 @@ public void ConfigureServices(IServiceCollection services) // Register the ASP.NET Core host and configure the ASP.NET Core-specific options. options.UseAspNetCore() .EnableAuthorizationEndpointPassthrough() - .EnableLogoutEndpointPassthrough() + .EnableEndSessionEndpointPassthrough() .EnableStatusCodePagesIntegration() .EnableTokenEndpointPassthrough(); }) diff --git a/samples/Balosar/Balosar.Server/Worker.cs b/samples/Balosar/Balosar.Server/Worker.cs index 4725c9b5e..551e2a703 100644 --- a/samples/Balosar/Balosar.Server/Worker.cs +++ b/samples/Balosar/Balosar.Server/Worker.cs @@ -44,7 +44,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Logout, + Permissions.Endpoints.EndSession, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.RefreshToken, diff --git a/samples/Contruum/Contruum.Server/Handlers.cs b/samples/Contruum/Contruum.Server/Handlers.cs deleted file mode 100644 index 9122e1ec4..000000000 --- a/samples/Contruum/Contruum.Server/Handlers.cs +++ /dev/null @@ -1,58 +0,0 @@ -using System.Globalization; -using System.Text.Json; -using System.Threading.Tasks; -using OpenIddict.Abstractions; -using OpenIddict.Server; -using static OpenIddict.Abstractions.OpenIddictConstants; -using static OpenIddict.Server.OpenIddictServerEvents; - -namespace Contruum.Server; - -public static class Handlers -{ - public class PopulateUserinfo : IOpenIddictServerHandler - { - public ValueTask HandleAsync(HandleUserinfoRequestContext context) - { - if (context.Principal.HasScope(Scopes.Profile)) - { - context.GivenName = context.Principal.GetClaim(Claims.GivenName); - context.FamilyName = context.Principal.GetClaim(Claims.FamilyName); - context.BirthDate = context.Principal.GetClaim(Claims.Birthdate); - context.Profile = context.Principal.GetClaim(Claims.Profile); - context.PreferredUsername = context.Principal.GetClaim(Claims.PreferredUsername); - context.Website = context.Principal.GetClaim(Claims.Website); - - context.Claims[Claims.Name] = context.Principal.GetClaim(Claims.Name); - context.Claims[Claims.Gender] = context.Principal.GetClaim(Claims.Gender); - context.Claims[Claims.MiddleName] = context.Principal.GetClaim(Claims.MiddleName); - context.Claims[Claims.Nickname] = context.Principal.GetClaim(Claims.Nickname); - context.Claims[Claims.Picture] = context.Principal.GetClaim(Claims.Picture); - context.Claims[Claims.Locale] = context.Principal.GetClaim(Claims.Locale); - context.Claims[Claims.Zoneinfo] = context.Principal.GetClaim(Claims.Zoneinfo); - context.Claims[Claims.UpdatedAt] = long.Parse( - context.Principal.GetClaim(Claims.UpdatedAt)!, - NumberStyles.Number, CultureInfo.InvariantCulture); - } - - if (context.Principal.HasScope(Scopes.Email)) - { - context.Email = context.Principal.GetClaim(Claims.Email); - context.EmailVerified = false; - } - - if (context.Principal.HasScope(Scopes.Phone)) - { - context.PhoneNumber = context.Principal.GetClaim(Claims.PhoneNumber); - context.PhoneNumberVerified = false; - } - - if (context.Principal.HasScope(Scopes.Address)) - { - context.Address = JsonSerializer.Deserialize(context.Principal.GetClaim(Claims.Address)!); - } - - return default; - } - } -} diff --git a/samples/Contruum/Contruum.Server/Pages/Connect/Authorize.cshtml.cs b/samples/Contruum/Contruum.Server/Pages/Connect/Authorize.cshtml.cs index 871875bc9..8b7aa0183 100644 --- a/samples/Contruum/Contruum.Server/Pages/Connect/Authorize.cshtml.cs +++ b/samples/Contruum/Contruum.Server/Pages/Connect/Authorize.cshtml.cs @@ -33,7 +33,7 @@ public async Task OnGetAsync() { // If the client application requested promptless authentication, // return an error indicating that the user is not logged in. - if (request.HasPrompt(Prompts.None)) + if (request.HasPromptValue(PromptValues.None)) { return Forbid( authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, @@ -55,11 +55,11 @@ public async Task OnGetAsync() // If prompt=login was specified by the client application, // immediately return the user agent to the login page. - if (request.HasPrompt(Prompts.Login)) + if (request.HasPromptValue(PromptValues.Login)) { // To avoid endless login -> authorization redirects, the prompt=login flag // is removed from the authorization request payload before redirecting the user. - var prompt = string.Join(" ", request.GetPrompts().Remove(Prompts.Login)); + var prompt = string.Join(" ", request.GetPromptValues().Remove(PromptValues.Login)); var parameters = Request.HasFormContentType ? Request.Form.Where(parameter => parameter.Key != Parameters.Prompt).ToList() : diff --git a/samples/Contruum/Contruum.Server/Startup.cs b/samples/Contruum/Contruum.Server/Startup.cs index 5a23830c5..b8f905079 100644 --- a/samples/Contruum/Contruum.Server/Startup.cs +++ b/samples/Contruum/Contruum.Server/Startup.cs @@ -1,4 +1,6 @@ +using System.Globalization; using System.IO; +using System.Text.Json; using Contruum.Server.Models; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Builder; @@ -7,7 +9,9 @@ using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; +using OpenIddict.Abstractions; using Quartz; +using static OpenIddict.Abstractions.OpenIddictConstants; using static OpenIddict.Server.OpenIddictServerEvents; namespace Contruum.Server; @@ -43,7 +47,6 @@ public void ConfigureServices(IServiceCollection services) // (like pruning orphaned authorizations/tokens from the database) at regular intervals. services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); @@ -69,8 +72,8 @@ public void ConfigureServices(IServiceCollection services) options.SetAuthorizationEndpointUris(Configuration["OpenIddict:Endpoints:Authorization"]!) .SetTokenEndpointUris(Configuration["OpenIddict:Endpoints:Token"]!) .SetIntrospectionEndpointUris(Configuration["OpenIddict:Endpoints:Introspection"]!) - .SetUserinfoEndpointUris(Configuration["OpenIddict:Endpoints:Userinfo"]!) - .SetLogoutEndpointUris(Configuration["OpenIddict:Endpoints:Logout"]!); + .SetUserInfoEndpointUris(Configuration["OpenIddict:Endpoints:Userinfo"]!) + .SetEndSessionEndpointUris(Configuration["OpenIddict:Endpoints:Logout"]!); // Enable the authorization code, implicit, hybrid and the refresh token flows. options.AllowAuthorizationCodeFlow() @@ -96,11 +99,51 @@ public void ConfigureServices(IServiceCollection services) options.UseAspNetCore() .EnableAuthorizationEndpointPassthrough() .EnableAuthorizationRequestCaching() - .EnableLogoutEndpointPassthrough(); - - // Register the event handler responsible for populating userinfo responses. - options.AddEventHandler(options => - options.UseSingletonHandler()); + .EnableEndSessionEndpointPassthrough(); + + // Register the custom event handler responsible for populating userinfo responses. + options.AddEventHandler(options => options.UseInlineHandler(context => + { + if (context.Principal.HasScope(Scopes.Profile)) + { + context.GivenName = context.Principal.GetClaim(Claims.GivenName); + context.FamilyName = context.Principal.GetClaim(Claims.FamilyName); + context.BirthDate = context.Principal.GetClaim(Claims.Birthdate); + context.Profile = context.Principal.GetClaim(Claims.Profile); + context.PreferredUsername = context.Principal.GetClaim(Claims.PreferredUsername); + context.Website = context.Principal.GetClaim(Claims.Website); + + context.Claims[Claims.Name] = context.Principal.GetClaim(Claims.Name); + context.Claims[Claims.Gender] = context.Principal.GetClaim(Claims.Gender); + context.Claims[Claims.MiddleName] = context.Principal.GetClaim(Claims.MiddleName); + context.Claims[Claims.Nickname] = context.Principal.GetClaim(Claims.Nickname); + context.Claims[Claims.Picture] = context.Principal.GetClaim(Claims.Picture); + context.Claims[Claims.Locale] = context.Principal.GetClaim(Claims.Locale); + context.Claims[Claims.Zoneinfo] = context.Principal.GetClaim(Claims.Zoneinfo); + context.Claims[Claims.UpdatedAt] = long.Parse( + context.Principal.GetClaim(Claims.UpdatedAt)!, + NumberStyles.Number, CultureInfo.InvariantCulture); + } + + if (context.Principal.HasScope(Scopes.Email)) + { + context.Email = context.Principal.GetClaim(Claims.Email); + context.EmailVerified = false; + } + + if (context.Principal.HasScope(Scopes.Phone)) + { + context.PhoneNumber = context.Principal.GetClaim(Claims.PhoneNumber); + context.PhoneNumberVerified = false; + } + + if (context.Principal.HasScope(Scopes.Address)) + { + context.Address = JsonSerializer.Deserialize(context.Principal.GetClaim(Claims.Address)!); + } + + return default; + })); }) .AddValidation(options => diff --git a/samples/Dantooine/Dantooine.Server/Controllers/AuthorizationController.cs b/samples/Dantooine/Dantooine.Server/Controllers/AuthorizationController.cs index 8b39545d6..b2fc4367f 100644 --- a/samples/Dantooine/Dantooine.Server/Controllers/AuthorizationController.cs +++ b/samples/Dantooine/Dantooine.Server/Controllers/AuthorizationController.cs @@ -61,13 +61,13 @@ public async Task Authorize() // For scenarios where the default authentication handler configured in the ASP.NET Core // authentication options shouldn't be used, a specific scheme can be specified here. var result = await HttpContext.AuthenticateAsync(); - if (result == null || !result.Succeeded || request.HasPrompt(Prompts.Login) || + if (result == null || !result.Succeeded || request.HasPromptValue(PromptValues.Login) || (request.MaxAge != null && result.Properties?.IssuedUtc != null && DateTimeOffset.UtcNow - result.Properties.IssuedUtc > TimeSpan.FromSeconds(request.MaxAge.Value))) { // If the client application requested promptless authentication, // return an error indicating that the user is not logged in. - if (request.HasPrompt(Prompts.None)) + if (request.HasPromptValue(PromptValues.None)) { return Forbid( authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, @@ -80,7 +80,7 @@ public async Task Authorize() // To avoid endless login -> authorization redirects, the prompt=login flag // is removed from the authorization request payload before redirecting the user. - var prompt = string.Join(" ", request.GetPrompts().Remove(Prompts.Login)); + var prompt = string.Join(" ", request.GetPromptValues().Remove(PromptValues.Login)); var parameters = Request.HasFormContentType ? Request.Form.Where(parameter => parameter.Key != Parameters.Prompt).ToList() : @@ -130,7 +130,7 @@ public async Task Authorize() // return an authorization response without displaying the consent form. case ConsentTypes.Implicit: case ConsentTypes.External when authorizations.Count is not 0: - case ConsentTypes.Explicit when authorizations.Count is not 0 && !request.HasPrompt(Prompts.Consent): + case ConsentTypes.Explicit when authorizations.Count is not 0 && !request.HasPromptValue(PromptValues.Consent): // Create the claims-based identity that will be used by OpenIddict to generate tokens. var identity = new ClaimsIdentity( authenticationType: TokenValidationParameters.DefaultAuthenticationType, @@ -167,8 +167,8 @@ public async Task Authorize() // At this point, no authorization was found in the database and an error must be returned // if the client application specified prompt=none in the authorization request. - case ConsentTypes.Explicit when request.HasPrompt(Prompts.None): - case ConsentTypes.Systematic when request.HasPrompt(Prompts.None): + case ConsentTypes.Explicit when request.HasPromptValue(PromptValues.None): + case ConsentTypes.Systematic when request.HasPromptValue(PromptValues.None): return Forbid( authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, properties: new AuthenticationProperties(new Dictionary diff --git a/samples/Dantooine/Dantooine.Server/Startup.cs b/samples/Dantooine/Dantooine.Server/Startup.cs index 4eb841af2..9cfe4fd16 100644 --- a/samples/Dantooine/Dantooine.Server/Startup.cs +++ b/samples/Dantooine/Dantooine.Server/Startup.cs @@ -47,7 +47,6 @@ public void ConfigureServices(IServiceCollection services) // (like pruning orphaned authorizations/tokens from the database) at regular intervals. services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); @@ -74,11 +73,11 @@ public void ConfigureServices(IServiceCollection services) { // Enable the authorization, logout, token and userinfo endpoints. options.SetAuthorizationEndpointUris("connect/authorize") - .SetLogoutEndpointUris("connect/logout") + .SetEndSessionEndpointUris("connect/logout") .SetIntrospectionEndpointUris("connect/introspect") .SetTokenEndpointUris("connect/token") - .SetUserinfoEndpointUris("connect/userinfo") - .SetVerificationEndpointUris("connect/verify"); + .SetUserInfoEndpointUris("connect/userinfo") + .SetEndUserVerificationEndpointUris("connect/verify"); // Mark the "email", "profile" and "roles" scopes as supported scopes. options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles); @@ -96,9 +95,9 @@ public void ConfigureServices(IServiceCollection services) // Register the ASP.NET Core host and configure the ASP.NET Core-specific options. options.UseAspNetCore() .EnableAuthorizationEndpointPassthrough() - .EnableLogoutEndpointPassthrough() + .EnableEndSessionEndpointPassthrough() .EnableTokenEndpointPassthrough() - .EnableUserinfoEndpointPassthrough() + .EnableUserInfoEndpointPassthrough() .EnableStatusCodePagesIntegration(); }) diff --git a/samples/Dantooine/Dantooine.Server/Worker.cs b/samples/Dantooine/Dantooine.Server/Worker.cs index ee2bb1e59..9cceee77d 100644 --- a/samples/Dantooine/Dantooine.Server/Worker.cs +++ b/samples/Dantooine/Dantooine.Server/Worker.cs @@ -67,7 +67,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Logout, + Permissions.Endpoints.EndSession, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.RefreshToken, diff --git a/samples/Dantooine/Dantooine.WebAssembly.Server/Helpers/TokenRefreshingDelegatingHandler.cs b/samples/Dantooine/Dantooine.WebAssembly.Server/Helpers/TokenRefreshingDelegatingHandler.cs index 5c21f32ca..8dd8d0dcf 100644 --- a/samples/Dantooine/Dantooine.WebAssembly.Server/Helpers/TokenRefreshingDelegatingHandler.cs +++ b/samples/Dantooine/Dantooine.WebAssembly.Server/Helpers/TokenRefreshingDelegatingHandler.cs @@ -42,7 +42,7 @@ protected override async Task SendAsync( var result = await _service.AuthenticateWithRefreshTokenAsync(new RefreshTokenAuthenticationRequest { CancellationToken = cancellationToken, - DisableUserinfo = true, + DisableUserInfo = true, RefreshToken = GetRefreshToken(request.Options) }); @@ -57,7 +57,7 @@ protected override async Task SendAsync( var result = await _service.AuthenticateWithRefreshTokenAsync(new RefreshTokenAuthenticationRequest { CancellationToken = cancellationToken, - DisableUserinfo = true, + DisableUserInfo = true, RefreshToken = GetRefreshToken(request.Options) }); diff --git a/samples/Dantooine/Dantooine.WebAssembly.Server/Startup.cs b/samples/Dantooine/Dantooine.WebAssembly.Server/Startup.cs index 10881f72f..2ccc648e4 100644 --- a/samples/Dantooine/Dantooine.WebAssembly.Server/Startup.cs +++ b/samples/Dantooine/Dantooine.WebAssembly.Server/Startup.cs @@ -70,7 +70,6 @@ public void ConfigureServices(IServiceCollection services) // (like pruning orphaned authorizations from the database) at regular intervals. services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); diff --git a/samples/Fornax/Fornax.Server/Connect/Authorize.aspx.cs b/samples/Fornax/Fornax.Server/Connect/Authorize.aspx.cs index c22af888f..4be98a019 100644 --- a/samples/Fornax/Fornax.Server/Connect/Authorize.aspx.cs +++ b/samples/Fornax/Fornax.Server/Connect/Authorize.aspx.cs @@ -79,7 +79,7 @@ protected void Page_Load(object sender, EventArgs e) => RegisterAsyncTask(new Pa // return an authorization response without displaying the consent form. case ConsentTypes.Implicit: case ConsentTypes.External when authorizations.Count is not 0: - case ConsentTypes.Explicit when authorizations.Count is not 0 && !request.HasPrompt(Prompts.Consent): + case ConsentTypes.Explicit when authorizations.Count is not 0 && !request.HasPromptValue(PromptValues.Consent): // Create the claims-based identity that will be used by OpenIddict to generate tokens. var identity = new ClaimsIdentity( authenticationType: OpenIddictServerOwinDefaults.AuthenticationType, @@ -118,8 +118,8 @@ protected void Page_Load(object sender, EventArgs e) => RegisterAsyncTask(new Pa // At this point, no authorization was found in the database and an error must be returned // if the client application specified prompt=none in the authorization request. - case ConsentTypes.Explicit when request.HasPrompt(Prompts.None): - case ConsentTypes.Systematic when request.HasPrompt(Prompts.None): + case ConsentTypes.Explicit when request.HasPromptValue(PromptValues.None): + case ConsentTypes.Systematic when request.HasPromptValue(PromptValues.None): context.Authentication.Challenge( authenticationTypes: OpenIddictServerOwinDefaults.AuthenticationType, properties: new AuthenticationProperties(new Dictionary diff --git a/samples/Hollastin/Hollastin.Server/Startup.cs b/samples/Hollastin/Hollastin.Server/Startup.cs index 8cb1a2d3a..dfa8b5c31 100644 --- a/samples/Hollastin/Hollastin.Server/Startup.cs +++ b/samples/Hollastin/Hollastin.Server/Startup.cs @@ -41,7 +41,6 @@ public void ConfigureServices(IServiceCollection services) // (like pruning orphaned authorizations/tokens from the database) at regular intervals. services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); diff --git a/samples/Imynusoph/Imynusoph.Server/Startup.cs b/samples/Imynusoph/Imynusoph.Server/Startup.cs index ed7f21b40..a3aee645a 100644 --- a/samples/Imynusoph/Imynusoph.Server/Startup.cs +++ b/samples/Imynusoph/Imynusoph.Server/Startup.cs @@ -43,7 +43,6 @@ public void ConfigureServices(IServiceCollection services) // (like pruning orphaned authorizations/tokens from the database) at regular intervals. services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); diff --git a/samples/Matty/Matty.Client/Program.cs b/samples/Matty/Matty.Client/Program.cs index 6a193d093..1f4462ae9 100644 --- a/samples/Matty/Matty.Client/Program.cs +++ b/samples/Matty/Matty.Client/Program.cs @@ -23,7 +23,7 @@ { // Note: this sample uses the device authorization flow, // but you can enable the other flows if necessary. - options.AllowDeviceCodeFlow(); + options.AllowDeviceAuthorizationFlow(); // Disable token storage, which is not necessary for the device authorization flow. options.DisableTokenStorage(); diff --git a/samples/Matty/Matty.Server/Startup.cs b/samples/Matty/Matty.Server/Startup.cs index 7803c496b..2f8bc0377 100644 --- a/samples/Matty/Matty.Server/Startup.cs +++ b/samples/Matty/Matty.Server/Startup.cs @@ -47,7 +47,6 @@ public void ConfigureServices(IServiceCollection services) // (like pruning orphaned authorizations/tokens from the database) at regular intervals. services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); @@ -73,17 +72,17 @@ public void ConfigureServices(IServiceCollection services) .AddServer(options => { // Enable the device, verification, token and userinfo endpoints. - options.SetDeviceEndpointUris("connect/device") - .SetVerificationEndpointUris("connect/verify") + options.SetDeviceAuthorizationEndpointUris("connect/device") + .SetEndUserVerificationEndpointUris("connect/verify") .SetTokenEndpointUris("connect/token") - .SetUserinfoEndpointUris("connect/userinfo"); + .SetUserInfoEndpointUris("connect/userinfo"); // Mark the "email", "profile" and "roles" scopes as supported scopes. options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles); // Note: this sample uses the device code and refresh token flows but you can // enable the other flows if you need to support implicit, password, etc. - options.AllowDeviceCodeFlow() + options.AllowDeviceAuthorizationFlow() .AllowRefreshTokenFlow(); // Register the signing and encryption credentials. @@ -93,8 +92,8 @@ public void ConfigureServices(IServiceCollection services) // Register the ASP.NET Core host and configure the ASP.NET Core-specific options. options.UseAspNetCore() .EnableTokenEndpointPassthrough() - .EnableUserinfoEndpointPassthrough() - .EnableVerificationEndpointPassthrough() + .EnableUserInfoEndpointPassthrough() + .EnableEndUserVerificationEndpointPassthrough() .EnableStatusCodePagesIntegration(); }) diff --git a/samples/Matty/Matty.Server/Worker.cs b/samples/Matty/Matty.Server/Worker.cs index aafb23e2f..798dcd3a4 100644 --- a/samples/Matty/Matty.Server/Worker.cs +++ b/samples/Matty/Matty.Server/Worker.cs @@ -37,7 +37,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor { Permissions.GrantTypes.DeviceCode, Permissions.GrantTypes.RefreshToken, - Permissions.Endpoints.Device, + Permissions.Endpoints.DeviceAuthorization, Permissions.Endpoints.Token, Permissions.Scopes.Email, Permissions.Scopes.Profile, diff --git a/samples/Mimban/Mimban.Server/Program.cs b/samples/Mimban/Mimban.Server/Program.cs index 67ae500c8..a8b816829 100644 --- a/samples/Mimban/Mimban.Server/Program.cs +++ b/samples/Mimban/Mimban.Server/Program.cs @@ -18,7 +18,6 @@ // (like pruning orphaned authorizations/tokens from the database) at regular intervals. builder.Services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); diff --git a/samples/Mortis/Mortis.Server/Controllers/AuthorizationController.cs b/samples/Mortis/Mortis.Server/Controllers/AuthorizationController.cs index b1d85b651..7b56de07c 100644 --- a/samples/Mortis/Mortis.Server/Controllers/AuthorizationController.cs +++ b/samples/Mortis/Mortis.Server/Controllers/AuthorizationController.cs @@ -95,7 +95,7 @@ public async Task Authorize() // return an authorization response without displaying the consent form. case ConsentTypes.Implicit: case ConsentTypes.External when authorizations.Count is not 0: - case ConsentTypes.Explicit when authorizations.Count is not 0 && !request.HasPrompt(Prompts.Consent): + case ConsentTypes.Explicit when authorizations.Count is not 0 && !request.HasPromptValue(PromptValues.Consent): // Create the claims-based identity that will be used by OpenIddict to generate tokens. var identity = new ClaimsIdentity( authenticationType: OpenIddictServerOwinDefaults.AuthenticationType, @@ -134,8 +134,8 @@ public async Task Authorize() // At this point, no authorization was found in the database and an error must be returned // if the client application specified prompt=none in the authorization request. - case ConsentTypes.Explicit when request.HasPrompt(Prompts.None): - case ConsentTypes.Systematic when request.HasPrompt(Prompts.None): + case ConsentTypes.Explicit when request.HasPromptValue(PromptValues.None): + case ConsentTypes.Systematic when request.HasPromptValue(PromptValues.None): context.Authentication.Challenge( authenticationTypes: OpenIddictServerOwinDefaults.AuthenticationType, properties: new AuthenticationProperties(new Dictionary diff --git a/samples/Mortis/Mortis.Server/Startup.cs b/samples/Mortis/Mortis.Server/Startup.cs index a5d5e1b41..2e09c3c4b 100644 --- a/samples/Mortis/Mortis.Server/Startup.cs +++ b/samples/Mortis/Mortis.Server/Startup.cs @@ -43,7 +43,7 @@ public void Configuration(IAppBuilder app) { // Enable the authorization, logout and token endpoints. options.SetAuthorizationEndpointUris("connect/authorize") - .SetLogoutEndpointUris("connect/logout") + .SetEndSessionEndpointUris("connect/logout") .SetTokenEndpointUris("connect/token"); // Mark the "email", "profile" and "roles" scopes as supported scopes. @@ -60,7 +60,7 @@ public void Configuration(IAppBuilder app) // Register the OWIN host and configure the OWIN-specific options. options.UseOwin() .EnableAuthorizationEndpointPassthrough() - .EnableLogoutEndpointPassthrough() + .EnableEndSessionEndpointPassthrough() .EnableTokenEndpointPassthrough(); }) @@ -162,7 +162,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Logout, + Permissions.Endpoints.EndSession, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.ResponseTypes.Code, diff --git a/samples/Sorgan/Sorgan.Console.Client/Program.cs b/samples/Sorgan/Sorgan.Console.Client/Program.cs index 4e7db5523..adf208e75 100644 --- a/samples/Sorgan/Sorgan.Console.Client/Program.cs +++ b/samples/Sorgan/Sorgan.Console.Client/Program.cs @@ -37,7 +37,7 @@ // Note: this sample uses the authorization code, device authorization code // and refresh token flows, but you can enable the other flows if necessary. options.AllowAuthorizationCodeFlow() - .AllowDeviceCodeFlow() + .AllowDeviceAuthorizationFlow() .AllowRefreshTokenFlow(); // Register the signing and encryption credentials used to protect diff --git a/samples/Velusia/Velusia.Client/Startup.cs b/samples/Velusia/Velusia.Client/Startup.cs index 257dad29b..6ee413705 100644 --- a/samples/Velusia/Velusia.Client/Startup.cs +++ b/samples/Velusia/Velusia.Client/Startup.cs @@ -49,7 +49,6 @@ public void ConfigureServices(IServiceCollection services) // (like pruning orphaned authorizations from the database) at regular intervals. services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); diff --git a/samples/Velusia/Velusia.Server/Controllers/AuthorizationController.cs b/samples/Velusia/Velusia.Server/Controllers/AuthorizationController.cs index af2b14254..099a3b215 100644 --- a/samples/Velusia/Velusia.Server/Controllers/AuthorizationController.cs +++ b/samples/Velusia/Velusia.Server/Controllers/AuthorizationController.cs @@ -61,13 +61,13 @@ public async Task Authorize() // For scenarios where the default authentication handler configured in the ASP.NET Core // authentication options shouldn't be used, a specific scheme can be specified here. var result = await HttpContext.AuthenticateAsync(); - if (result == null || !result.Succeeded || request.HasPrompt(Prompts.Login) || + if (result == null || !result.Succeeded || request.HasPromptValue(PromptValues.Login) || (request.MaxAge != null && result.Properties?.IssuedUtc != null && DateTimeOffset.UtcNow - result.Properties.IssuedUtc > TimeSpan.FromSeconds(request.MaxAge.Value))) { // If the client application requested promptless authentication, // return an error indicating that the user is not logged in. - if (request.HasPrompt(Prompts.None)) + if (request.HasPromptValue(PromptValues.None)) { return Forbid( authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, @@ -80,7 +80,7 @@ public async Task Authorize() // To avoid endless login -> authorization redirects, the prompt=login flag // is removed from the authorization request payload before redirecting the user. - var prompt = string.Join(" ", request.GetPrompts().Remove(Prompts.Login)); + var prompt = string.Join(" ", request.GetPromptValues().Remove(PromptValues.Login)); var parameters = Request.HasFormContentType ? Request.Form.Where(parameter => parameter.Key != Parameters.Prompt).ToList() : @@ -130,7 +130,7 @@ public async Task Authorize() // return an authorization response without displaying the consent form. case ConsentTypes.Implicit: case ConsentTypes.External when authorizations.Count is not 0: - case ConsentTypes.Explicit when authorizations.Count is not 0 && !request.HasPrompt(Prompts.Consent): + case ConsentTypes.Explicit when authorizations.Count is not 0 && !request.HasPromptValue(PromptValues.Consent): // Create the claims-based identity that will be used by OpenIddict to generate tokens. var identity = new ClaimsIdentity( authenticationType: TokenValidationParameters.DefaultAuthenticationType, @@ -167,8 +167,8 @@ public async Task Authorize() // At this point, no authorization was found in the database and an error must be returned // if the client application specified prompt=none in the authorization request. - case ConsentTypes.Explicit when request.HasPrompt(Prompts.None): - case ConsentTypes.Systematic when request.HasPrompt(Prompts.None): + case ConsentTypes.Explicit when request.HasPromptValue(PromptValues.None): + case ConsentTypes.Systematic when request.HasPromptValue(PromptValues.None): return Forbid( authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, properties: new AuthenticationProperties(new Dictionary diff --git a/samples/Velusia/Velusia.Server/Startup.cs b/samples/Velusia/Velusia.Server/Startup.cs index 022bbe7c1..af6aaac90 100644 --- a/samples/Velusia/Velusia.Server/Startup.cs +++ b/samples/Velusia/Velusia.Server/Startup.cs @@ -47,7 +47,6 @@ public void ConfigureServices(IServiceCollection services) // (like pruning orphaned authorizations/tokens from the database) at regular intervals. services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); @@ -111,9 +110,9 @@ public void ConfigureServices(IServiceCollection services) { // Enable the authorization, logout, token and userinfo endpoints. options.SetAuthorizationEndpointUris("connect/authorize") - .SetLogoutEndpointUris("connect/logout") + .SetEndSessionEndpointUris("connect/logout") .SetTokenEndpointUris("connect/token") - .SetUserinfoEndpointUris("connect/userinfo"); + .SetUserInfoEndpointUris("connect/userinfo"); // Mark the "email", "profile" and "roles" scopes as supported scopes. options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles); @@ -129,9 +128,9 @@ public void ConfigureServices(IServiceCollection services) // Register the ASP.NET Core host and configure the ASP.NET Core-specific options. options.UseAspNetCore() .EnableAuthorizationEndpointPassthrough() - .EnableLogoutEndpointPassthrough() + .EnableEndSessionEndpointPassthrough() .EnableTokenEndpointPassthrough() - .EnableUserinfoEndpointPassthrough() + .EnableUserInfoEndpointPassthrough() .EnableStatusCodePagesIntegration(); }) diff --git a/samples/Velusia/Velusia.Server/Worker.cs b/samples/Velusia/Velusia.Server/Worker.cs index 2d3fecaa6..c3c814772 100644 --- a/samples/Velusia/Velusia.Server/Worker.cs +++ b/samples/Velusia/Velusia.Server/Worker.cs @@ -44,7 +44,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Logout, + Permissions.Endpoints.EndSession, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.ResponseTypes.Code, diff --git a/samples/Weytta/Weytta.Server/Startup.cs b/samples/Weytta/Weytta.Server/Startup.cs index 7a7f358dc..301beba43 100644 --- a/samples/Weytta/Weytta.Server/Startup.cs +++ b/samples/Weytta/Weytta.Server/Startup.cs @@ -30,7 +30,6 @@ public void ConfigureServices(IServiceCollection services) // (like pruning orphaned authorizations/tokens from the database) at regular intervals. services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); diff --git a/samples/Zirku/Zirku.Server/Program.cs b/samples/Zirku/Zirku.Server/Program.cs index cc51136d7..17ec584fd 100644 --- a/samples/Zirku/Zirku.Server/Program.cs +++ b/samples/Zirku/Zirku.Server/Program.cs @@ -25,7 +25,6 @@ // (like pruning orphaned authorizations/tokens from the database) at regular intervals. builder.Services.AddQuartz(options => { - options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore(); }); @@ -163,7 +162,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Logout, + Permissions.Endpoints.EndSession, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.RefreshToken,