Migrate to the AspNet.Security.OpenIdConnect.Server RC1 nightly builds

src/OpenIddict.Mvc/project.json

@@ -33,7 +33,7 @@
   },
 
   "dependencies": {
-    "AspNet.Security.OpenIdConnect.Server": "1.0.0-beta7-final",
+    "AspNet.Security.OpenIdConnect.Server": "1.0.0-rc1-*",
     "JetBrains.Annotations": { "type": "build", "version": "10.1.4" },
     "Microsoft.AspNetCore.Mvc.Core": "1.0.0",
     "OpenIddict.Core": { "target": "project" }

src/OpenIddict/OpenIddictOptions.cs

@@ -47,7 +47,7 @@ namespace OpenIddict {
         /// <summary>
         /// Gets the OAuth2/OpenID Connect flows enabled for this application.
         /// </summary>
-        public ICollection<string> GrantTypes { get; } = new HashSet<string>(StringComparer.Ordinal);
+        public ISet<string> GrantTypes { get; } = new HashSet<string>(StringComparer.Ordinal);
 
         /// <summary>
         /// Gets or sets a boolean determining whether client identification is required.

src/OpenIddict/OpenIddictProvider.Discovery.cs

@@ -23,20 +23,14 @@ namespace OpenIddict {
 
             // Note: though it's natively supported by the OpenID Connect server middleware,
             // OpenIddict disallows the use of the unsecure code_challenge_method=plain method,
-            // which must be manually removed from the code_challenge_methods_supported property.
+            // which is manually removed from the code_challenge_methods_supported property.
             // See https://tools.ietf.org/html/rfc7636#section-7.2 for more information.
-            context.CodeChallengeMethods.Clear();
-            context.CodeChallengeMethods.Add(OpenIdConnectConstants.CodeChallengeMethods.Sha256);
+            context.CodeChallengeMethods.Remove(OpenIdConnectConstants.CodeChallengeMethods.Plain);
 
             // Note: the OpenID Connect server middleware automatically populates grant_types_supported
             // by determining whether the authorization and token endpoints are enabled or not but
-            // OpenIddict uses a different approach and relies on a configurable "supported list".
-            context.GrantTypes.Clear();
-
-            // Copy the supported grant types list to the discovery document.
-            foreach (var type in options.Value.GrantTypes) {
-                context.GrantTypes.Add(type);
-            }
+            // OpenIddict uses a different approach and relies on a configurable "grants list".
+            context.GrantTypes.IntersectWith(options.Value.GrantTypes);
 
             // Note: the "openid" scope is automatically
             // added by the OpenID Connect server middleware.
@@ -51,7 +45,7 @@ namespace OpenIddict {
                 context.Scopes.Add(OpenIdConnectConstants.Scopes.OfflineAccess);
             }
 
-            context.Metadata[OpenIddictConstants.Metadata.ExternalProvidersSupported] = JArray.FromObject(
+            context.Metadata[OpenIddictConstants.Metadata.ExternalProvidersSupported] = new JArray(
                 from provider in context.HttpContext.Authentication.GetAuthenticationSchemes()
                 where !string.IsNullOrEmpty(provider.DisplayName)
                 select provider.AuthenticationScheme);

src/OpenIddict/OpenIddictProvider.Introspection.cs

@@ -105,7 +105,6 @@ namespace OpenIddict {
                                   "token '{Identifier}' because it's not listed as a valid audience.",
                                   context.Request.ClientId, context.Ticket.GetTicketId());
 
-                context.Claims.RemoveAll();
                 context.Active = false;
 
                 return;
@@ -120,7 +119,6 @@ namespace OpenIddict {
                     logger.LogInformation("The token {Identifier} was declared as inactive because " +
                                           "it was revoked.", context.Ticket.GetTicketId());
 
-                    context.Claims.RemoveAll();
                     context.Active = false;
 
                     return;

src/OpenIddict/project.json

@@ -33,7 +33,7 @@
   },
 
   "dependencies": {
-    "AspNet.Security.OpenIdConnect.Server": "1.0.0-beta7-final",
+    "AspNet.Security.OpenIdConnect.Server": "1.0.0-rc1-*",
     "JetBrains.Annotations": { "type": "build", "version": "10.1.4" },
     "Microsoft.AspNetCore.Diagnostics.Abstractions": "1.0.0",
     "Microsoft.Extensions.Caching.Abstractions": "1.0.0",

test/OpenIddict.Tests/OpenIddictProviderTests.Discovery.cs

@@ -6,6 +6,7 @@ using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.Facebook;
 using Microsoft.AspNetCore.Authentication.Google;
 using Microsoft.AspNetCore.Builder;
+using Newtonsoft.Json.Linq;
 using OpenIddict.Core;
 using Xunit;
 
@@ -24,7 +25,7 @@ namespace OpenIddict.Tests {
             // Assert
             Assert.DoesNotContain(
                 OpenIdConnectConstants.CodeChallengeMethods.Plain,
-                response[OpenIdConnectConstants.Metadata.CodeChallengeMethodsSupported].Values<string>());
+                ((JArray) response[OpenIdConnectConstants.Metadata.CodeChallengeMethodsSupported]).Values<string>());
         }
 
         [Theory]
@@ -46,7 +47,7 @@ namespace OpenIddict.Tests {
 
             // Act
             var response = await client.GetAsync(ConfigurationEndpoint);
-            var types = response[OpenIdConnectConstants.Metadata.GrantTypesSupported].Values<string>();
+            var types = ((JArray) response[OpenIdConnectConstants.Metadata.GrantTypesSupported]).Values<string>();
 
             // Assert
             Assert.Equal(1, types.Count());
@@ -68,7 +69,7 @@ namespace OpenIddict.Tests {
             var response = await client.GetAsync(ConfigurationEndpoint);
 
             // Assert
-            Assert.Contains(scope, response[OpenIdConnectConstants.Metadata.ScopesSupported].Values<string>());
+            Assert.Contains(scope, ((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values<string>());
         }
 
         [Fact]
@@ -83,7 +84,7 @@ namespace OpenIddict.Tests {
 
             // Assert
             Assert.Contains(OpenIdConnectConstants.Scopes.OfflineAccess,
-                response[OpenIdConnectConstants.Metadata.ScopesSupported].Values<string>());
+                ((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values<string>());
         }
 
         [Fact]
@@ -104,7 +105,7 @@ namespace OpenIddict.Tests {
 
             // Assert
             Assert.DoesNotContain(OpenIdConnectConstants.Scopes.OfflineAccess,
-                response[OpenIdConnectConstants.Metadata.ScopesSupported].Values<string>());
+                ((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values<string>());
         }
 
         [Fact]
@@ -116,7 +117,7 @@ namespace OpenIddict.Tests {
 
             // Act
             var response = await client.GetAsync(ConfigurationEndpoint);
-            var providers = response[OpenIddictConstants.Metadata.ExternalProvidersSupported].Values<string>();
+            var providers = ((JArray) response[OpenIddictConstants.Metadata.ExternalProvidersSupported]).Values<string>();
 
             // Assert
             Assert.DoesNotContain(CookieAuthenticationDefaults.AuthenticationScheme, providers);

test/OpenIddict.Tests/project.json

@@ -8,7 +8,7 @@
   },
 
   "dependencies": {
-    "AspNet.Security.OpenIdConnect.Client": "1.0.0-beta7-final",
+    "AspNet.Security.OpenIdConnect.Client": "1.0.0-rc1-*",
     "dotnet-test-xunit": "2.2.0-preview2-build1029",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0",
     "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0",