From 651a41edaf4b6bfc554b4297cba5441216ab9b84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Fri, 20 Jan 2017 02:28:49 +0100 Subject: [PATCH] Migrate to the AspNet.Security.OpenIdConnect.Server RC1 nightly builds --- src/OpenIddict.Mvc/project.json | 2 +- src/OpenIddict/OpenIddictOptions.cs | 2 +- src/OpenIddict/OpenIddictProvider.Discovery.cs | 16 +++++----------- .../OpenIddictProvider.Introspection.cs | 2 -- src/OpenIddict/project.json | 2 +- .../OpenIddictProviderTests.Discovery.cs | 13 +++++++------ test/OpenIddict.Tests/project.json | 2 +- 7 files changed, 16 insertions(+), 23 deletions(-) diff --git a/src/OpenIddict.Mvc/project.json b/src/OpenIddict.Mvc/project.json index 4778f21b..d5e4f2c9 100644 --- a/src/OpenIddict.Mvc/project.json +++ b/src/OpenIddict.Mvc/project.json @@ -33,7 +33,7 @@ }, "dependencies": { - "AspNet.Security.OpenIdConnect.Server": "1.0.0-beta7-final", + "AspNet.Security.OpenIdConnect.Server": "1.0.0-rc1-*", "JetBrains.Annotations": { "type": "build", "version": "10.1.4" }, "Microsoft.AspNetCore.Mvc.Core": "1.0.0", "OpenIddict.Core": { "target": "project" } diff --git a/src/OpenIddict/OpenIddictOptions.cs b/src/OpenIddict/OpenIddictOptions.cs index 8a18c3f8..13af4295 100644 --- a/src/OpenIddict/OpenIddictOptions.cs +++ b/src/OpenIddict/OpenIddictOptions.cs @@ -47,7 +47,7 @@ namespace OpenIddict { /// /// Gets the OAuth2/OpenID Connect flows enabled for this application. /// - public ICollection GrantTypes { get; } = new HashSet(StringComparer.Ordinal); + public ISet GrantTypes { get; } = new HashSet(StringComparer.Ordinal); /// /// Gets or sets a boolean determining whether client identification is required. diff --git a/src/OpenIddict/OpenIddictProvider.Discovery.cs b/src/OpenIddict/OpenIddictProvider.Discovery.cs index 96613bd7..eb5cedee 100644 --- a/src/OpenIddict/OpenIddictProvider.Discovery.cs +++ b/src/OpenIddict/OpenIddictProvider.Discovery.cs @@ -23,20 +23,14 @@ namespace OpenIddict { // Note: though it's natively supported by the OpenID Connect server middleware, // OpenIddict disallows the use of the unsecure code_challenge_method=plain method, - // which must be manually removed from the code_challenge_methods_supported property. + // which is manually removed from the code_challenge_methods_supported property. // See https://tools.ietf.org/html/rfc7636#section-7.2 for more information. - context.CodeChallengeMethods.Clear(); - context.CodeChallengeMethods.Add(OpenIdConnectConstants.CodeChallengeMethods.Sha256); + context.CodeChallengeMethods.Remove(OpenIdConnectConstants.CodeChallengeMethods.Plain); // Note: the OpenID Connect server middleware automatically populates grant_types_supported // by determining whether the authorization and token endpoints are enabled or not but - // OpenIddict uses a different approach and relies on a configurable "supported list". - context.GrantTypes.Clear(); - - // Copy the supported grant types list to the discovery document. - foreach (var type in options.Value.GrantTypes) { - context.GrantTypes.Add(type); - } + // OpenIddict uses a different approach and relies on a configurable "grants list". + context.GrantTypes.IntersectWith(options.Value.GrantTypes); // Note: the "openid" scope is automatically // added by the OpenID Connect server middleware. @@ -51,7 +45,7 @@ namespace OpenIddict { context.Scopes.Add(OpenIdConnectConstants.Scopes.OfflineAccess); } - context.Metadata[OpenIddictConstants.Metadata.ExternalProvidersSupported] = JArray.FromObject( + context.Metadata[OpenIddictConstants.Metadata.ExternalProvidersSupported] = new JArray( from provider in context.HttpContext.Authentication.GetAuthenticationSchemes() where !string.IsNullOrEmpty(provider.DisplayName) select provider.AuthenticationScheme); diff --git a/src/OpenIddict/OpenIddictProvider.Introspection.cs b/src/OpenIddict/OpenIddictProvider.Introspection.cs index bc4f8c2a..9925df9b 100644 --- a/src/OpenIddict/OpenIddictProvider.Introspection.cs +++ b/src/OpenIddict/OpenIddictProvider.Introspection.cs @@ -105,7 +105,6 @@ namespace OpenIddict { "token '{Identifier}' because it's not listed as a valid audience.", context.Request.ClientId, context.Ticket.GetTicketId()); - context.Claims.RemoveAll(); context.Active = false; return; @@ -120,7 +119,6 @@ namespace OpenIddict { logger.LogInformation("The token {Identifier} was declared as inactive because " + "it was revoked.", context.Ticket.GetTicketId()); - context.Claims.RemoveAll(); context.Active = false; return; diff --git a/src/OpenIddict/project.json b/src/OpenIddict/project.json index ff9802c9..81f5cce3 100644 --- a/src/OpenIddict/project.json +++ b/src/OpenIddict/project.json @@ -33,7 +33,7 @@ }, "dependencies": { - "AspNet.Security.OpenIdConnect.Server": "1.0.0-beta7-final", + "AspNet.Security.OpenIdConnect.Server": "1.0.0-rc1-*", "JetBrains.Annotations": { "type": "build", "version": "10.1.4" }, "Microsoft.AspNetCore.Diagnostics.Abstractions": "1.0.0", "Microsoft.Extensions.Caching.Abstractions": "1.0.0", diff --git a/test/OpenIddict.Tests/OpenIddictProviderTests.Discovery.cs b/test/OpenIddict.Tests/OpenIddictProviderTests.Discovery.cs index e7ed6143..457a5d7d 100644 --- a/test/OpenIddict.Tests/OpenIddictProviderTests.Discovery.cs +++ b/test/OpenIddict.Tests/OpenIddictProviderTests.Discovery.cs @@ -6,6 +6,7 @@ using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.Facebook; using Microsoft.AspNetCore.Authentication.Google; using Microsoft.AspNetCore.Builder; +using Newtonsoft.Json.Linq; using OpenIddict.Core; using Xunit; @@ -24,7 +25,7 @@ namespace OpenIddict.Tests { // Assert Assert.DoesNotContain( OpenIdConnectConstants.CodeChallengeMethods.Plain, - response[OpenIdConnectConstants.Metadata.CodeChallengeMethodsSupported].Values()); + ((JArray) response[OpenIdConnectConstants.Metadata.CodeChallengeMethodsSupported]).Values()); } [Theory] @@ -46,7 +47,7 @@ namespace OpenIddict.Tests { // Act var response = await client.GetAsync(ConfigurationEndpoint); - var types = response[OpenIdConnectConstants.Metadata.GrantTypesSupported].Values(); + var types = ((JArray) response[OpenIdConnectConstants.Metadata.GrantTypesSupported]).Values(); // Assert Assert.Equal(1, types.Count()); @@ -68,7 +69,7 @@ namespace OpenIddict.Tests { var response = await client.GetAsync(ConfigurationEndpoint); // Assert - Assert.Contains(scope, response[OpenIdConnectConstants.Metadata.ScopesSupported].Values()); + Assert.Contains(scope, ((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values()); } [Fact] @@ -83,7 +84,7 @@ namespace OpenIddict.Tests { // Assert Assert.Contains(OpenIdConnectConstants.Scopes.OfflineAccess, - response[OpenIdConnectConstants.Metadata.ScopesSupported].Values()); + ((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values()); } [Fact] @@ -104,7 +105,7 @@ namespace OpenIddict.Tests { // Assert Assert.DoesNotContain(OpenIdConnectConstants.Scopes.OfflineAccess, - response[OpenIdConnectConstants.Metadata.ScopesSupported].Values()); + ((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values()); } [Fact] @@ -116,7 +117,7 @@ namespace OpenIddict.Tests { // Act var response = await client.GetAsync(ConfigurationEndpoint); - var providers = response[OpenIddictConstants.Metadata.ExternalProvidersSupported].Values(); + var providers = ((JArray) response[OpenIddictConstants.Metadata.ExternalProvidersSupported]).Values(); // Assert Assert.DoesNotContain(CookieAuthenticationDefaults.AuthenticationScheme, providers); diff --git a/test/OpenIddict.Tests/project.json b/test/OpenIddict.Tests/project.json index 562f5d87..1105d4e7 100644 --- a/test/OpenIddict.Tests/project.json +++ b/test/OpenIddict.Tests/project.json @@ -8,7 +8,7 @@ }, "dependencies": { - "AspNet.Security.OpenIdConnect.Client": "1.0.0-beta7-final", + "AspNet.Security.OpenIdConnect.Client": "1.0.0-rc1-*", "dotnet-test-xunit": "2.2.0-preview2-build1029", "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0", "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0",