diff --git a/src/OpenIddict.Server/OpenIddictServerBuilder.cs b/src/OpenIddict.Server/OpenIddictServerBuilder.cs
index 69f85b2c..5cd51dae 100644
--- a/src/OpenIddict.Server/OpenIddictServerBuilder.cs
+++ b/src/OpenIddict.Server/OpenIddictServerBuilder.cs
@@ -1594,14 +1594,22 @@ namespace Microsoft.Extensions.DependencyInjection
public OpenIddictServerBuilder DisableAuthorizationStorage()
=> Configure(options => options.DisableAuthorizationStorage = true);
+ ///
+ /// Allows processing authorization and token requests that specify scopes that have not
+ /// been registered using or the scope manager.
+ ///
+ /// The .
+ public OpenIddictServerBuilder DisableScopeValidation()
+ => Configure(options => options.DisableScopeValidation = true);
+
///
/// Disables sliding expiration. When using this option, refresh tokens
/// are issued with a fixed expiration date: when they expire, a complete
/// authorization flow must be started to retrieve a new refresh token.
///
/// The .
- public OpenIddictServerBuilder DisableSlidingExpiration()
- => Configure(options => options.UseSlidingExpiration = false);
+ public OpenIddictServerBuilder DisableSlidingRefreshTokenExpiration()
+ => Configure(options => options.DisableSlidingRefreshTokenExpiration = true);
///
/// Disables token storage, so that no database entry is created
@@ -1615,14 +1623,6 @@ namespace Microsoft.Extensions.DependencyInjection
public OpenIddictServerBuilder DisableTokenStorage()
=> Configure(options => options.DisableTokenStorage = true);
- ///
- /// Allows processing authorization and token requests that specify scopes that have not
- /// been registered using or the scope manager.
- ///
- /// The .
- public OpenIddictServerBuilder DisableScopeValidation()
- => Configure(options => options.DisableScopeValidation = true);
-
///
/// Enables the degraded mode. When the degraded mode is enabled, all the security checks that
/// depend on the OpenIddict core managers are disabled. This option MUST be enabled with extreme
diff --git a/src/OpenIddict.Server/OpenIddictServerConfiguration.cs b/src/OpenIddict.Server/OpenIddictServerConfiguration.cs
index 0c3f2195..a5cb2e17 100644
--- a/src/OpenIddict.Server/OpenIddictServerConfiguration.cs
+++ b/src/OpenIddict.Server/OpenIddictServerConfiguration.cs
@@ -101,7 +101,7 @@ namespace OpenIddict.Server
throw new InvalidOperationException("Reference tokens cannot be used when disabling token storage.");
}
- if (options.UseSlidingExpiration && !options.UseRollingRefreshTokens)
+ if (!options.DisableSlidingRefreshTokenExpiration && !options.UseRollingRefreshTokens)
{
throw new InvalidOperationException(new StringBuilder()
.Append("Sliding expiration must be disabled when turning off token storage if rolling tokens are not used.")
diff --git a/src/OpenIddict.Server/OpenIddictServerExtensions.cs b/src/OpenIddict.Server/OpenIddictServerExtensions.cs
index 3d6666db..2394a51c 100644
--- a/src/OpenIddict.Server/OpenIddictServerExtensions.cs
+++ b/src/OpenIddict.Server/OpenIddictServerExtensions.cs
@@ -66,7 +66,7 @@ namespace Microsoft.Extensions.DependencyInjection
builder.Services.TryAddSingleton();
builder.Services.TryAddSingleton();
builder.Services.TryAddSingleton();
- builder.Services.TryAddSingleton();
+ builder.Services.TryAddSingleton();
builder.Services.TryAddSingleton();
builder.Services.TryAddSingleton();
builder.Services.TryAddSingleton();
diff --git a/src/OpenIddict.Server/OpenIddictServerHandlerFilters.cs b/src/OpenIddict.Server/OpenIddictServerHandlerFilters.cs
index 1824a8fe..3cd79799 100644
--- a/src/OpenIddict.Server/OpenIddictServerHandlerFilters.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlerFilters.cs
@@ -400,9 +400,9 @@ namespace OpenIddict.Server
}
///
- /// Represents a filter that excludes the associated handlers if sliding expiration was disabled.
+ /// Represents a filter that excludes the associated handlers if sliding refresh token expiration was disabled.
///
- public class RequireSlidingExpirationEnabled : IOpenIddictServerHandlerFilter
+ public class RequireSlidingRefreshTokenExpirationEnabled : IOpenIddictServerHandlerFilter
{
public ValueTask IsActiveAsync([NotNull] BaseContext context)
{
@@ -411,7 +411,7 @@ namespace OpenIddict.Server
throw new ArgumentNullException(nameof(context));
}
- return new ValueTask(context.Options.UseSlidingExpiration);
+ return new ValueTask(!context.Options.DisableSlidingRefreshTokenExpiration);
}
}
diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.cs
index fc258233..f21c4ee9 100644
--- a/src/OpenIddict.Server/OpenIddictServerHandlers.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.cs
@@ -2315,7 +2315,7 @@ namespace OpenIddict.Server
// When sliding expiration is disabled, the expiration date of generated refresh tokens is fixed
// and must exactly match the expiration date of the refresh token used in the token request.
if (context.EndpointType == OpenIddictServerEndpointType.Token &&
- context.Request.IsRefreshTokenGrantType() && !context.Options.UseSlidingExpiration)
+ context.Request.IsRefreshTokenGrantType() && !context.Options.DisableSlidingRefreshTokenExpiration)
{
var notification = context.Transaction.GetProperty(
typeof(ProcessAuthenticationContext).FullName) ??
@@ -2736,7 +2736,7 @@ namespace OpenIddict.Server
= OpenIddictServerHandlerDescriptor.CreateBuilder()
.AddFilter()
.AddFilter()
- .AddFilter()
+ .AddFilter()
.AddFilter()
.UseScopedHandler()
.SetOrder(RevokeExistingTokenEntries.Descriptor.Order + 1_000)
diff --git a/src/OpenIddict.Server/OpenIddictServerOptions.cs b/src/OpenIddict.Server/OpenIddictServerOptions.cs
index f5658343..79609333 100644
--- a/src/OpenIddict.Server/OpenIddictServerOptions.cs
+++ b/src/OpenIddict.Server/OpenIddictServerOptions.cs
@@ -217,13 +217,6 @@ namespace OpenIddict.Server
public List Handlers { get; } =
new List(OpenIddictServerHandlers.DefaultHandlers);
- ///
- /// Gets or sets a boolean indicating whether new refresh tokens should be issued during a refresh token request.
- /// Set this property to true to issue a new refresh token, false to prevent OpenIddict
- /// from issuing new refresh tokens when receiving a grant_type=refresh_token request.
- ///
- public bool UseSlidingExpiration { get; set; } = true;
-
///
/// Gets or sets a boolean determining whether client identification is optional.
/// Enabling this option allows client applications to communicate with the token,
@@ -259,6 +252,14 @@ namespace OpenIddict.Server
///
public bool DisableAuthorizationStorage { get; set; }
+ ///
+ /// Gets or sets a boolean indicating whether sliding expiration is disabled
+ /// for refresh tokens. When this option is set to true, refresh tokens
+ /// are issued with a fixed expiration date: when they expire, a complete
+ /// authorization flow must be started to retrieve a new refresh token.
+ ///
+ public bool DisableSlidingRefreshTokenExpiration { get; set; }
+
///
/// Gets or sets a boolean indicating whether token storage should be disabled.
/// When disabled, no database entry is created for the tokens and codes
diff --git a/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Authentication.cs b/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Authentication.cs
index 307e9177..672be607 100644
--- a/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Authentication.cs
+++ b/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Authentication.cs
@@ -619,7 +619,7 @@ namespace OpenIddict.Server.FunctionalTests
options.RegisterScopes("registered_scope");
options.SetRevocationEndpointUris(Array.Empty());
options.DisableTokenStorage();
- options.DisableSlidingExpiration();
+ options.DisableSlidingRefreshTokenExpiration();
options.Services.AddSingleton(CreateApplicationManager(mock =>
{
@@ -689,7 +689,7 @@ namespace OpenIddict.Server.FunctionalTests
options.RegisterScopes("scope_registered_in_options");
options.SetRevocationEndpointUris(Array.Empty());
options.DisableTokenStorage();
- options.DisableSlidingExpiration();
+ options.DisableSlidingRefreshTokenExpiration();
options.Services.AddSingleton(CreateApplicationManager(mock =>
{
@@ -1418,7 +1418,7 @@ namespace OpenIddict.Server.FunctionalTests
options.SetRevocationEndpointUris(Array.Empty());
options.DisableAuthorizationStorage();
options.DisableTokenStorage();
- options.DisableSlidingExpiration();
+ options.DisableSlidingRefreshTokenExpiration();
options.Services.AddSingleton(manager);
@@ -1476,7 +1476,7 @@ namespace OpenIddict.Server.FunctionalTests
options.SetRevocationEndpointUris(Array.Empty());
options.DisableAuthorizationStorage();
options.DisableTokenStorage();
- options.DisableSlidingExpiration();
+ options.DisableSlidingRefreshTokenExpiration();
options.Services.AddSingleton(manager);
diff --git a/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Exchange.cs b/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Exchange.cs
index 6231a46f..389ff5e2 100644
--- a/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Exchange.cs
+++ b/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Exchange.cs
@@ -1201,7 +1201,7 @@ namespace OpenIddict.Server.FunctionalTests
options.RegisterScopes("scope_registered_in_options");
options.SetRevocationEndpointUris(Array.Empty());
options.DisableTokenStorage();
- options.DisableSlidingExpiration();
+ options.DisableSlidingRefreshTokenExpiration();
options.Services.AddSingleton(manager);
@@ -1764,7 +1764,7 @@ namespace OpenIddict.Server.FunctionalTests
options.SetRevocationEndpointUris(Array.Empty());
options.DisableTokenStorage();
- options.DisableSlidingExpiration();
+ options.DisableSlidingRefreshTokenExpiration();
});
await using var client = await server.CreateClientAsync();
@@ -1832,7 +1832,7 @@ namespace OpenIddict.Server.FunctionalTests
options.SetRevocationEndpointUris(Array.Empty());
options.DisableTokenStorage();
- options.DisableSlidingExpiration();
+ options.DisableSlidingRefreshTokenExpiration();
});
await using var client = await server.CreateClientAsync();
@@ -2008,7 +2008,7 @@ namespace OpenIddict.Server.FunctionalTests
options.SetRevocationEndpointUris(Array.Empty());
options.DisableTokenStorage();
- options.DisableSlidingExpiration();
+ options.DisableSlidingRefreshTokenExpiration();
});
await using var client = await server.CreateClientAsync();
@@ -2061,7 +2061,7 @@ namespace OpenIddict.Server.FunctionalTests
options.SetRevocationEndpointUris(Array.Empty());
options.DisableTokenStorage();
- options.DisableSlidingExpiration();
+ options.DisableSlidingRefreshTokenExpiration();
});
await using var client = await server.CreateClientAsync();
diff --git a/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.cs b/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.cs
index bb5776d1..bd9fa152 100644
--- a/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.cs
+++ b/test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.cs
@@ -2279,7 +2279,7 @@ namespace OpenIddict.Server.FunctionalTests
await using var server = await CreateServerAsync(options =>
{
options.EnableDegradedMode();
- options.DisableSlidingExpiration();
+ options.DisableSlidingRefreshTokenExpiration();
options.AddEventHandler(builder =>
{
@@ -3697,7 +3697,7 @@ namespace OpenIddict.Server.FunctionalTests
await using var server = await CreateServerAsync(options =>
{
- options.DisableSlidingExpiration();
+ options.DisableSlidingRefreshTokenExpiration();
options.AddEventHandler(builder =>
{
diff --git a/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs b/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs
index 3177488e..cb88d18c 100644
--- a/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs
+++ b/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs
@@ -763,19 +763,35 @@ namespace OpenIddict.Server.Tests
}
[Fact]
- public void DisableSlidingExpiration_SlidingExpirationIsDisabled()
+ public void DisableScopeValidation_ScopeValidationIsDisabled()
+ {
+ // Arrange
+ var services = CreateServices();
+ var builder = CreateBuilder(services);
+
+ // Act
+ builder.DisableScopeValidation();
+
+ var options = GetOptions(services);
+
+ // Assert
+ Assert.True(options.DisableScopeValidation);
+ }
+
+ [Fact]
+ public void DisableSlidingRefreshTokenExpiration_SlidingExpirationIsDisabled()
{
// Arrange
var services = CreateServices();
var builder = CreateBuilder(services);
// Act
- builder.DisableSlidingExpiration();
+ builder.DisableSlidingRefreshTokenExpiration();
var options = GetOptions(services);
// Assert
- Assert.False(options.UseSlidingExpiration);
+ Assert.True(options.DisableSlidingRefreshTokenExpiration);
}
[Fact]
@@ -1102,22 +1118,6 @@ namespace OpenIddict.Server.Tests
Assert.Contains(new Uri("http://localhost/endpoint-path"), options.RevocationEndpointUris);
}
- [Fact]
- public void DisableScopeValidation_ScopeValidationIsDisabled()
- {
- // Arrange
- var services = CreateServices();
- var builder = CreateBuilder(services);
-
- // Act
- builder.DisableScopeValidation();
-
- var options = GetOptions(services);
-
- // Assert
- Assert.True(options.DisableScopeValidation);
- }
-
[Fact]
public void SetTokenEndpointUris_ThrowsExceptionWhenAddressesIsNull()
{