diff --git a/build/dependencies.props b/build/dependencies.props index 0cdcbb98..19f3077a 100644 --- a/build/dependencies.props +++ b/build/dependencies.props @@ -1,8 +1,8 @@ - 2.0.0-rc3-final - 2.0.0-rc3-final + 2.0.0-rtm-0318 + 2.0.0-rtm-1400 2.0.0 4.4.0 3.0.2 diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs index 4b6287cc..749c0650 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs @@ -490,7 +490,7 @@ namespace OpenIddict.Server } } - private async Task TryExtendTokenAsync( + private async Task TryExtendRefreshTokenAsync( [NotNull] object token, [NotNull] AuthenticationTicket ticket, [NotNull] OpenIddictServerOptions options) { var identifier = ticket.GetProperty(OpenIddictConstants.Properties.InternalTokenId); @@ -499,15 +499,26 @@ namespace OpenIddict.Server try { // Compute the new expiration date of the refresh token. - var date = options.SystemClock.UtcNow; - date += ticket.GetRefreshTokenLifetime() ?? options.RefreshTokenLifetime; + var lifetime = ticket.GetRefreshTokenLifetime() ?? options.RefreshTokenLifetime; + if (lifetime != null) + { + // Note: the request cancellation token is deliberately not used here to ensure the caller + // cannot prevent this operation from being executed by resetting the TCP connection. + var date = options.SystemClock.UtcNow + lifetime; + await _tokenManager.ExtendAsync(token, date); - // Note: the request cancellation token is deliberately not used here to ensure the caller - // cannot prevent this operation from being executed by resetting the TCP connection. - await _tokenManager.ExtendAsync(token, date); + _logger.LogInformation("The expiration date of the refresh token '{Identifier}' " + + "was automatically updated: {Date}.", identifier, date); + } - _logger.LogInformation("The expiration date of the refresh token '{Identifier}' " + - "was automatically updated: {Date}.", identifier, date); + else + { + // Note: the request cancellation token is deliberately not used here to ensure the caller + // cannot prevent this operation from being executed by resetting the TCP connection. + await _tokenManager.ExtendAsync(token, date: null); + + _logger.LogInformation("The expiration date of the refresh token '{Identifier}' was removed.", identifier); + } return true; } diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs index 64e97db4..9f2954cd 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs @@ -183,7 +183,7 @@ namespace OpenIddict.Server // already updated the expiration date associated with the refresh token. if (!options.UseRollingTokens && options.UseSlidingExpiration) { - await TryExtendTokenAsync(token, context.Ticket, options); + await TryExtendRefreshTokenAsync(token, context.Ticket, options); } } } diff --git a/src/OpenIddict.Server/OpenIddictServerBuilder.cs b/src/OpenIddict.Server/OpenIddictServerBuilder.cs index e2749734..abdd1823 100644 --- a/src/OpenIddict.Server/OpenIddictServerBuilder.cs +++ b/src/OpenIddict.Server/OpenIddictServerBuilder.cs @@ -282,6 +282,37 @@ namespace Microsoft.Extensions.DependencyInjection return Configure(options => options.SigningCredentials.AddCertificate(assembly, resource, password)); } + /// + /// Registers a retrieved from an + /// embedded resource and used to sign the JWT tokens issued by OpenIddict. + /// + /// The assembly containing the certificate. + /// The name of the embedded resource. + /// The password used to open the certificate. + /// An enumeration of flags indicating how and where to store the private key of the certificate. + /// The . + public OpenIddictServerBuilder AddSigningCertificate( + [NotNull] Assembly assembly, [NotNull] string resource, + [NotNull] string password, X509KeyStorageFlags flags) + { + if (assembly == null) + { + throw new ArgumentNullException(nameof(assembly)); + } + + if (string.IsNullOrEmpty(resource)) + { + throw new ArgumentNullException(nameof(resource)); + } + + if (string.IsNullOrEmpty(password)) + { + throw new ArgumentException("The password cannot be null or empty.", nameof(password)); + } + + return Configure(options => options.SigningCredentials.AddCertificate(assembly, resource, password, flags)); + } + /// /// Registers a extracted from a /// stream and used to sign the JWT tokens issued by OpenIddict.