From 25181d808d82833daf44c939e112e159678ba046 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Mon, 25 Apr 2022 16:12:52 -0700 Subject: [PATCH 01/11] Update duende versions to 6.0.4 --- eng/Versions.props | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/eng/Versions.props b/eng/Versions.props index 5e4f7a0bf72a..f8ceb6c74d13 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -245,11 +245,11 @@ 2.43.0 2.43.0 2.43.0 - 5.2.0 - 5.2.0 - 5.2.0 - 5.2.0 - 5.2.0 + 6.0.4 + 6.0.4 + 6.0.4 + 6.0.4 + 6.0.4 2.1.90 1.16.0 1.16.0 From 395ac903eba267bcc94c0ce5e9bb6aba48ac8c0f Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Fri, 13 May 2022 08:51:17 -0700 Subject: [PATCH 02/11] Switch to non obsolete API --- .../Extensions/DefaultClientRequestParametersProvider.cs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs b/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs index 653044e09172..371c43fa369f 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs @@ -2,7 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Linq; -using Duende.IdentityServer.Extensions; +using Duende.IdentityServer.Services; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Options; @@ -12,7 +12,8 @@ internal class DefaultClientRequestParametersProvider : IClientRequestParameters { public DefaultClientRequestParametersProvider( IAbsoluteUrlFactory urlFactory, - IOptions options) + IOptions options, + IIssuerNameService nameService) { UrlFactory = urlFactory; Options = options; @@ -22,10 +23,12 @@ public DefaultClientRequestParametersProvider( public IOptions Options { get; } + public IIssuerNameService NameService { get; } + public IDictionary GetClientParameters(HttpContext context, string clientId) { var client = Options.Value.Clients[clientId]; - var authority = context.GetIdentityServerIssuerUri(); + var authority = NameService.GetCurrentAsync().GetAwaiter().GetResult(); if (!client.Properties.TryGetValue(ApplicationProfilesPropertyNames.Profile, out var type)) { throw new InvalidOperationException($"Can't determine the type for the client '{clientId}'"); From 3f5ce246ad5649eb3c2c80cca4d24229e085fe93 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Fri, 13 May 2022 08:53:48 -0700 Subject: [PATCH 03/11] switch to new api --- .../IdentityServerJwtBearerOptionsConfiguration.cs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs b/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs index 08e608ec49d9..43e750f61fcc 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs @@ -2,6 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using Duende.IdentityServer.Extensions; +using Duende.IdentityServer.Services; using Duende.IdentityServer.Stores; using Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Configuration; using Microsoft.AspNetCore.Authentication.JwtBearer; @@ -16,15 +17,18 @@ internal class IdentityServerJwtBearerOptionsConfiguration : IConfigureNamedOpti private readonly string _scheme; private readonly string _apiName; private readonly IIdentityServerJwtDescriptor _localApiDescriptor; + private readonly IIssuerNameService _issuerService; public IdentityServerJwtBearerOptionsConfiguration( string scheme, string apiName, - IIdentityServerJwtDescriptor localApiDescriptor) + IIdentityServerJwtDescriptor localApiDescriptor, + IIssuerNameService issuerService) { _scheme = scheme; _apiName = apiName; _localApiDescriptor = localApiDescriptor; + _issuerService = issuerService; } public void Configure(string name, JwtBearerOptions options) @@ -61,7 +65,7 @@ internal static async Task ResolveAuthorityAndKeysAsync(MessageReceivedContext m { var store = messageReceivedContext.HttpContext.RequestServices.GetRequiredService(); var credential = await store.GetSigningCredentialsAsync(); - options.Authority = options.Authority ?? messageReceivedContext.HttpContext.GetIdentityServerIssuerUri(); + options.Authority = options.Authority ?? await _issuerService.GetCurrentAsync(); options.TokenValidationParameters.IssuerSigningKey = credential.Key; options.TokenValidationParameters.ValidIssuer = options.Authority; } From da35e59b9b673ea838c998fd3cc59e5613d3c7c1 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Fri, 13 May 2022 13:12:01 -0700 Subject: [PATCH 04/11] Fix build --- .../IdentityServerJwtBearerOptionsConfiguration.cs | 9 +++------ .../Extensions/DefaultClientRequestParametersProvider.cs | 1 + .../DefaultClientRequestParametersProviderTests.cs | 9 ++++++++- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs b/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs index 3cb6801abb9f..9b0c0b10177a 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs @@ -1,7 +1,6 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. -using Duende.IdentityServer.Extensions; using Duende.IdentityServer.Services; using Duende.IdentityServer.Stores; using Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Configuration; @@ -17,18 +16,15 @@ internal sealed class IdentityServerJwtBearerOptionsConfiguration : IConfigureNa private readonly string _scheme; private readonly string _apiName; private readonly IIdentityServerJwtDescriptor _localApiDescriptor; - private readonly IIssuerNameService _issuerService; public IdentityServerJwtBearerOptionsConfiguration( string scheme, string apiName, - IIdentityServerJwtDescriptor localApiDescriptor, - IIssuerNameService issuerService) + IIdentityServerJwtDescriptor localApiDescriptor) { _scheme = scheme; _apiName = apiName; _localApiDescriptor = localApiDescriptor; - _issuerService = issuerService; } public void Configure(string name, JwtBearerOptions options) @@ -64,8 +60,9 @@ internal static async Task ResolveAuthorityAndKeysAsync(MessageReceivedContext m if (options.TokenValidationParameters.ValidIssuer == null || options.TokenValidationParameters.IssuerSigningKey == null) { var store = messageReceivedContext.HttpContext.RequestServices.GetRequiredService(); + var issuerService = messageReceivedContext.HttpContext.RequestServices.GetRequiredService(); var credential = await store.GetSigningCredentialsAsync(); - options.Authority = options.Authority ?? await _issuerService.GetCurrentAsync(); + options.Authority = options.Authority ?? await issuerService.GetCurrentAsync(); options.TokenValidationParameters.IssuerSigningKey = credential.Key; options.TokenValidationParameters.ValidIssuer = options.Authority; } diff --git a/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs b/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs index d0b0a84074c0..2b0606890e5c 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs @@ -17,6 +17,7 @@ public DefaultClientRequestParametersProvider( { UrlFactory = urlFactory; Options = options; + NameService = nameService; } public IAbsoluteUrlFactory UrlFactory { get; } diff --git a/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs b/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs index 393dda2ea762..1cc3475ba2a3 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs @@ -2,6 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using Duende.IdentityServer.Configuration; +using Duende.IdentityServer.Services; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Options; @@ -11,6 +12,11 @@ namespace Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Extensions; public class DefaultClientRequestParametersProviderTests { + class NameService : IIssuerNameService + { + public Task GetCurrentAsync() => Task.FromResult("http://localhost"); + } + [Fact] public void GetClientParameters_ReturnsParametersForExistingClients() { @@ -35,7 +41,8 @@ public void GetClientParameters_ReturnsParametersForExistingClients() var clientRequestParametersProvider = new DefaultClientRequestParametersProvider( absoluteUrlFactory.Object, - options); + options, + new NameService()); var expectedParameters = new Dictionary { From 175b42030cca1770c4921833962c9e49da83d058 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Fri, 13 May 2022 17:45:14 -0700 Subject: [PATCH 05/11] Fix tests --- .../Authentication/LocalApiJwtBearerConfigurationTest.cs | 7 ++++++- .../DefaultClientRequestParametersProviderTests.cs | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/LocalApiJwtBearerConfigurationTest.cs b/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/LocalApiJwtBearerConfigurationTest.cs index b0df451be339..49e18a671416 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/LocalApiJwtBearerConfigurationTest.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/LocalApiJwtBearerConfigurationTest.cs @@ -1,8 +1,9 @@ -// Licensed to the .NET Foundation under one or more agreements. +// Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. using System.Security.Cryptography; using Duende.IdentityServer.Configuration; +using Duende.IdentityServer.Services; using Duende.IdentityServer.Stores; using Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Configuration; using Microsoft.AspNetCore.Authentication; @@ -59,12 +60,16 @@ public async Task ResolveAuthorityAndKeysAsync_SetsUpAuthorityAndKeysOnTheTokenV credentialsStore.Setup(cs => cs.GetSigningCredentialsAsync()) .ReturnsAsync(new SigningCredentials(key, "RS256")); + var issuerName = new Mock(); + issuerName.Setup(i => i.GetCurrentAsync()).ReturnsAsync("https://localhost"); + var context = new DefaultHttpContext(); context.Request.Scheme = "https"; context.Request.Host = new HostString("localhost"); context.RequestServices = new ServiceCollection() .AddSingleton(new IdentityServerOptions()) .AddSingleton(credentialsStore.Object) + .AddSingleton(issuerName.Object) .BuildServiceProvider(); var options = new JwtBearerOptions(); diff --git a/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs b/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs index 1cc3475ba2a3..840be1a10491 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs @@ -32,17 +32,19 @@ public void GetClientParameters_ReturnsParametersForExistingClients() .WithLogoutRedirectUri("authentication/logout-callback")); var context = new DefaultHttpContext(); + var nameService = new NameService(); context.Request.Scheme = "http"; context.Request.Host = new HostString("localhost"); context.RequestServices = new ServiceCollection() .AddSingleton(new IdentityServerOptions()) + .AddSingleton(nameService) .BuildServiceProvider(); var clientRequestParametersProvider = new DefaultClientRequestParametersProvider( absoluteUrlFactory.Object, options, - new NameService()); + nameService); var expectedParameters = new Dictionary { From 656b15f1e6025db382a378464492811298eaa65a Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Wed, 18 May 2022 10:38:59 -0700 Subject: [PATCH 06/11] Revert "Fix tests" This reverts commit 175b42030cca1770c4921833962c9e49da83d058. --- .../Authentication/LocalApiJwtBearerConfigurationTest.cs | 7 +------ .../DefaultClientRequestParametersProviderTests.cs | 4 +--- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/LocalApiJwtBearerConfigurationTest.cs b/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/LocalApiJwtBearerConfigurationTest.cs index 49e18a671416..b0df451be339 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/LocalApiJwtBearerConfigurationTest.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/LocalApiJwtBearerConfigurationTest.cs @@ -1,9 +1,8 @@ -// Licensed to the .NET Foundation under one or more agreements. +// Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. using System.Security.Cryptography; using Duende.IdentityServer.Configuration; -using Duende.IdentityServer.Services; using Duende.IdentityServer.Stores; using Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Configuration; using Microsoft.AspNetCore.Authentication; @@ -60,16 +59,12 @@ public async Task ResolveAuthorityAndKeysAsync_SetsUpAuthorityAndKeysOnTheTokenV credentialsStore.Setup(cs => cs.GetSigningCredentialsAsync()) .ReturnsAsync(new SigningCredentials(key, "RS256")); - var issuerName = new Mock(); - issuerName.Setup(i => i.GetCurrentAsync()).ReturnsAsync("https://localhost"); - var context = new DefaultHttpContext(); context.Request.Scheme = "https"; context.Request.Host = new HostString("localhost"); context.RequestServices = new ServiceCollection() .AddSingleton(new IdentityServerOptions()) .AddSingleton(credentialsStore.Object) - .AddSingleton(issuerName.Object) .BuildServiceProvider(); var options = new JwtBearerOptions(); diff --git a/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs b/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs index 840be1a10491..1cc3475ba2a3 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs @@ -32,19 +32,17 @@ public void GetClientParameters_ReturnsParametersForExistingClients() .WithLogoutRedirectUri("authentication/logout-callback")); var context = new DefaultHttpContext(); - var nameService = new NameService(); context.Request.Scheme = "http"; context.Request.Host = new HostString("localhost"); context.RequestServices = new ServiceCollection() .AddSingleton(new IdentityServerOptions()) - .AddSingleton(nameService) .BuildServiceProvider(); var clientRequestParametersProvider = new DefaultClientRequestParametersProvider( absoluteUrlFactory.Object, options, - nameService); + new NameService()); var expectedParameters = new Dictionary { From 75118053cb17f019e479fea360c5a82bc216f66f Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Wed, 18 May 2022 10:39:04 -0700 Subject: [PATCH 07/11] Revert "Fix build" This reverts commit da35e59b9b673ea838c998fd3cc59e5613d3c7c1. --- .../IdentityServerJwtBearerOptionsConfiguration.cs | 9 ++++++--- .../Extensions/DefaultClientRequestParametersProvider.cs | 1 - .../DefaultClientRequestParametersProviderTests.cs | 9 +-------- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs b/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs index 9b0c0b10177a..3cb6801abb9f 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs @@ -1,6 +1,7 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using Duende.IdentityServer.Extensions; using Duende.IdentityServer.Services; using Duende.IdentityServer.Stores; using Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Configuration; @@ -16,15 +17,18 @@ internal sealed class IdentityServerJwtBearerOptionsConfiguration : IConfigureNa private readonly string _scheme; private readonly string _apiName; private readonly IIdentityServerJwtDescriptor _localApiDescriptor; + private readonly IIssuerNameService _issuerService; public IdentityServerJwtBearerOptionsConfiguration( string scheme, string apiName, - IIdentityServerJwtDescriptor localApiDescriptor) + IIdentityServerJwtDescriptor localApiDescriptor, + IIssuerNameService issuerService) { _scheme = scheme; _apiName = apiName; _localApiDescriptor = localApiDescriptor; + _issuerService = issuerService; } public void Configure(string name, JwtBearerOptions options) @@ -60,9 +64,8 @@ internal static async Task ResolveAuthorityAndKeysAsync(MessageReceivedContext m if (options.TokenValidationParameters.ValidIssuer == null || options.TokenValidationParameters.IssuerSigningKey == null) { var store = messageReceivedContext.HttpContext.RequestServices.GetRequiredService(); - var issuerService = messageReceivedContext.HttpContext.RequestServices.GetRequiredService(); var credential = await store.GetSigningCredentialsAsync(); - options.Authority = options.Authority ?? await issuerService.GetCurrentAsync(); + options.Authority = options.Authority ?? await _issuerService.GetCurrentAsync(); options.TokenValidationParameters.IssuerSigningKey = credential.Key; options.TokenValidationParameters.ValidIssuer = options.Authority; } diff --git a/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs b/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs index 2b0606890e5c..d0b0a84074c0 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs @@ -17,7 +17,6 @@ public DefaultClientRequestParametersProvider( { UrlFactory = urlFactory; Options = options; - NameService = nameService; } public IAbsoluteUrlFactory UrlFactory { get; } diff --git a/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs b/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs index 1cc3475ba2a3..393dda2ea762 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs @@ -2,7 +2,6 @@ // The .NET Foundation licenses this file to you under the MIT license. using Duende.IdentityServer.Configuration; -using Duende.IdentityServer.Services; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Options; @@ -12,11 +11,6 @@ namespace Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Extensions; public class DefaultClientRequestParametersProviderTests { - class NameService : IIssuerNameService - { - public Task GetCurrentAsync() => Task.FromResult("http://localhost"); - } - [Fact] public void GetClientParameters_ReturnsParametersForExistingClients() { @@ -41,8 +35,7 @@ public void GetClientParameters_ReturnsParametersForExistingClients() var clientRequestParametersProvider = new DefaultClientRequestParametersProvider( absoluteUrlFactory.Object, - options, - new NameService()); + options); var expectedParameters = new Dictionary { From 47ea8f4b1a048b1982a4cd3cc92f4b18880cb690 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Wed, 18 May 2022 10:40:33 -0700 Subject: [PATCH 08/11] Revert "switch to new api" This reverts commit 3f5ce246ad5649eb3c2c80cca4d24229e085fe93. --- .../IdentityServerJwtBearerOptionsConfiguration.cs | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs b/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs index 3cb6801abb9f..c5c1491e6495 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs @@ -2,7 +2,6 @@ // The .NET Foundation licenses this file to you under the MIT license. using Duende.IdentityServer.Extensions; -using Duende.IdentityServer.Services; using Duende.IdentityServer.Stores; using Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Configuration; using Microsoft.AspNetCore.Authentication.JwtBearer; @@ -17,18 +16,15 @@ internal sealed class IdentityServerJwtBearerOptionsConfiguration : IConfigureNa private readonly string _scheme; private readonly string _apiName; private readonly IIdentityServerJwtDescriptor _localApiDescriptor; - private readonly IIssuerNameService _issuerService; public IdentityServerJwtBearerOptionsConfiguration( string scheme, string apiName, - IIdentityServerJwtDescriptor localApiDescriptor, - IIssuerNameService issuerService) + IIdentityServerJwtDescriptor localApiDescriptor) { _scheme = scheme; _apiName = apiName; _localApiDescriptor = localApiDescriptor; - _issuerService = issuerService; } public void Configure(string name, JwtBearerOptions options) @@ -65,7 +61,7 @@ internal static async Task ResolveAuthorityAndKeysAsync(MessageReceivedContext m { var store = messageReceivedContext.HttpContext.RequestServices.GetRequiredService(); var credential = await store.GetSigningCredentialsAsync(); - options.Authority = options.Authority ?? await _issuerService.GetCurrentAsync(); + options.Authority = options.Authority ?? messageReceivedContext.HttpContext.GetIdentityServerIssuerUri(); options.TokenValidationParameters.IssuerSigningKey = credential.Key; options.TokenValidationParameters.ValidIssuer = options.Authority; } From 45fb5925e9ee8139488a751e2e14c97f7dc9e0be Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Wed, 18 May 2022 10:40:40 -0700 Subject: [PATCH 09/11] Revert "Switch to non obsolete API" This reverts commit 395ac903eba267bcc94c0ce5e9bb6aba48ac8c0f. --- .../Extensions/DefaultClientRequestParametersProvider.cs | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs b/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs index d0b0a84074c0..964947371758 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs @@ -2,7 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Linq; -using Duende.IdentityServer.Services; +using Duende.IdentityServer.Extensions; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Options; @@ -12,8 +12,7 @@ internal sealed class DefaultClientRequestParametersProvider : IClientRequestPar { public DefaultClientRequestParametersProvider( IAbsoluteUrlFactory urlFactory, - IOptions options, - IIssuerNameService nameService) + IOptions options) { UrlFactory = urlFactory; Options = options; @@ -23,12 +22,10 @@ public DefaultClientRequestParametersProvider( public IOptions Options { get; } - public IIssuerNameService NameService { get; } - public IDictionary GetClientParameters(HttpContext context, string clientId) { var client = Options.Value.Clients[clientId]; - var authority = NameService.GetCurrentAsync().GetAwaiter().GetResult(); + var authority = context.GetIdentityServerIssuerUri(); if (!client.Properties.TryGetValue(ApplicationProfilesPropertyNames.Profile, out var type)) { throw new InvalidOperationException($"Can't determine the type for the client '{clientId}'"); From 9dc24d5069dd77fad26c130a86c3cd25bfab05ed Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Wed, 18 May 2022 14:13:19 -0700 Subject: [PATCH 10/11] Disable obsolete warning instead --- .../IdentityServerJwtBearerOptionsConfiguration.cs | 2 ++ .../src/Extensions/DefaultClientRequestParametersProvider.cs | 3 +++ 2 files changed, 5 insertions(+) diff --git a/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs b/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs index c5c1491e6495..f671c75ace98 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs @@ -61,7 +61,9 @@ internal static async Task ResolveAuthorityAndKeysAsync(MessageReceivedContext m { var store = messageReceivedContext.HttpContext.RequestServices.GetRequiredService(); var credential = await store.GetSigningCredentialsAsync(); +#pragma warning disable 0618 options.Authority = options.Authority ?? messageReceivedContext.HttpContext.GetIdentityServerIssuerUri(); +#pragma warning restore 0618 options.TokenValidationParameters.IssuerSigningKey = credential.Key; options.TokenValidationParameters.ValidIssuer = options.Authority; } diff --git a/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs b/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs index 964947371758..1d8c390bcfb5 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/src/Extensions/DefaultClientRequestParametersProvider.cs @@ -25,7 +25,10 @@ public DefaultClientRequestParametersProvider( public IDictionary GetClientParameters(HttpContext context, string clientId) { var client = Options.Value.Clients[clientId]; +#pragma warning disable 0618 + // Deprecated in Identity Server 6.0 var authority = context.GetIdentityServerIssuerUri(); +#pragma warning restore 0618 if (!client.Properties.TryGetValue(ApplicationProfilesPropertyNames.Profile, out var type)) { throw new InvalidOperationException($"Can't determine the type for the client '{clientId}'"); From 4c82a4fa350ffd349f25bbee1c234f921fee6b8c Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Wed, 18 May 2022 16:56:31 -0700 Subject: [PATCH 11/11] Fix tests --- ...Test.cs => IdentityServerJwtBearerConfigurationTest.cs} | 7 ++++++- .../DefaultClientRequestParametersProviderTests.cs | 7 +++++++ 2 files changed, 13 insertions(+), 1 deletion(-) rename src/Identity/ApiAuthorization.IdentityServer/test/Authentication/{LocalApiJwtBearerConfigurationTest.cs => IdentityServerJwtBearerConfigurationTest.cs} (95%) diff --git a/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/LocalApiJwtBearerConfigurationTest.cs b/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/IdentityServerJwtBearerConfigurationTest.cs similarity index 95% rename from src/Identity/ApiAuthorization.IdentityServer/test/Authentication/LocalApiJwtBearerConfigurationTest.cs rename to src/Identity/ApiAuthorization.IdentityServer/test/Authentication/IdentityServerJwtBearerConfigurationTest.cs index b0df451be339..49e18a671416 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/LocalApiJwtBearerConfigurationTest.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/test/Authentication/IdentityServerJwtBearerConfigurationTest.cs @@ -1,8 +1,9 @@ -// Licensed to the .NET Foundation under one or more agreements. +// Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. using System.Security.Cryptography; using Duende.IdentityServer.Configuration; +using Duende.IdentityServer.Services; using Duende.IdentityServer.Stores; using Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Configuration; using Microsoft.AspNetCore.Authentication; @@ -59,12 +60,16 @@ public async Task ResolveAuthorityAndKeysAsync_SetsUpAuthorityAndKeysOnTheTokenV credentialsStore.Setup(cs => cs.GetSigningCredentialsAsync()) .ReturnsAsync(new SigningCredentials(key, "RS256")); + var issuerName = new Mock(); + issuerName.Setup(i => i.GetCurrentAsync()).ReturnsAsync("https://localhost"); + var context = new DefaultHttpContext(); context.Request.Scheme = "https"; context.Request.Host = new HostString("localhost"); context.RequestServices = new ServiceCollection() .AddSingleton(new IdentityServerOptions()) .AddSingleton(credentialsStore.Object) + .AddSingleton(issuerName.Object) .BuildServiceProvider(); var options = new JwtBearerOptions(); diff --git a/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs b/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs index 393dda2ea762..550c9a07fa19 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs +++ b/src/Identity/ApiAuthorization.IdentityServer/test/Extensions/DefaultClientRequestParametersProviderTests.cs @@ -2,6 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using Duende.IdentityServer.Configuration; +using Duende.IdentityServer.Services; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Options; @@ -11,6 +12,11 @@ namespace Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Extensions; public class DefaultClientRequestParametersProviderTests { + class NameService : IIssuerNameService + { + public Task GetCurrentAsync() => Task.FromResult("http://localhost"); + } + [Fact] public void GetClientParameters_ReturnsParametersForExistingClients() { @@ -30,6 +36,7 @@ public void GetClientParameters_ReturnsParametersForExistingClients() context.Request.Host = new HostString("localhost"); context.RequestServices = new ServiceCollection() .AddSingleton(new IdentityServerOptions()) + .AddSingleton(new NameService()) .BuildServiceProvider(); var clientRequestParametersProvider =