diff --git a/Directory.Build.props b/Directory.Build.props index deb1a75f..8db769a5 100644 --- a/Directory.Build.props +++ b/Directory.Build.props @@ -69,7 +69,7 @@ Note: OpenIddict uses PolySharp to dynamically generate polyfills for types that are not available on some of the targeted TFMs (e.g Index, Range or nullable attributes on .NET Framework/.NET Standard). --> - diff --git a/Packages.props b/Packages.props index e74a3c3b..bf2da24f 100644 --- a/Packages.props +++ b/Packages.props @@ -12,45 +12,45 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - + + + + + + + - - - - - - + + + + + + - - - - + + + + - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + - - - - - - + + + + + + - - - + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + - - - - + + + + - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + diff --git a/gen/OpenIddict.Client.WebIntegration.Generators/OpenIddictClientWebIntegrationGenerator.cs b/gen/OpenIddict.Client.WebIntegration.Generators/OpenIddictClientWebIntegrationGenerator.cs index 3245ff2d..76becfef 100644 --- a/gen/OpenIddict.Client.WebIntegration.Generators/OpenIddictClientWebIntegrationGenerator.cs +++ b/gen/OpenIddict.Client.WebIntegration.Generators/OpenIddictClientWebIntegrationGenerator.cs @@ -48,6 +48,7 @@ namespace OpenIddict.Client.WebIntegration.Generators var template = Template.Parse(@"#nullable enable using System.ComponentModel; +using System.Diagnostics.CodeAnalysis; using Microsoft.Extensions.DependencyInjection.Extensions; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; @@ -196,7 +197,7 @@ public partial class OpenIddictClientWebIntegrationBuilder /// /// The redirection URI. /// The instance. - public {{ provider.name }} SetRedirectUri(string address) + public {{ provider.name }} SetRedirectUri([StringSyntax(StringSyntaxAttribute.Uri)] string address) { if (string.IsNullOrEmpty(address)) { diff --git a/src/OpenIddict.Abstractions/Caches/IOpenIddictApplicationCache.cs b/src/OpenIddict.Abstractions/Caches/IOpenIddictApplicationCache.cs index 74ec738c..2f336326 100644 --- a/src/OpenIddict.Abstractions/Caches/IOpenIddictApplicationCache.cs +++ b/src/OpenIddict.Abstractions/Caches/IOpenIddictApplicationCache.cs @@ -4,6 +4,8 @@ * the license and the contributors participating to this project. */ +using System.Diagnostics.CodeAnalysis; + namespace OpenIddict.Abstractions; /// @@ -48,7 +50,8 @@ public interface IOpenIddictApplicationCache where TApplication : /// The redirect_uri associated with the applications. /// The that can be used to abort the operation. /// The client applications corresponding to the specified redirect_uri. - IAsyncEnumerable FindByPostLogoutRedirectUriAsync(string address, CancellationToken cancellationToken); + IAsyncEnumerable FindByPostLogoutRedirectUriAsync( + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken); /// /// Retrieves all the applications associated with the specified redirect_uri. @@ -56,7 +59,8 @@ public interface IOpenIddictApplicationCache where TApplication : /// The redirect_uri associated with the applications. /// The that can be used to abort the operation. /// The client applications corresponding to the specified redirect_uri. - IAsyncEnumerable FindByRedirectUriAsync(string address, CancellationToken cancellationToken); + IAsyncEnumerable FindByRedirectUriAsync( + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken); /// /// Removes the specified application from the cache. diff --git a/src/OpenIddict.Abstractions/Managers/IOpenIddictApplicationManager.cs b/src/OpenIddict.Abstractions/Managers/IOpenIddictApplicationManager.cs index fa1b5ee6..37293c92 100644 --- a/src/OpenIddict.Abstractions/Managers/IOpenIddictApplicationManager.cs +++ b/src/OpenIddict.Abstractions/Managers/IOpenIddictApplicationManager.cs @@ -6,6 +6,7 @@ using System.Collections.Immutable; using System.ComponentModel.DataAnnotations; +using System.Diagnostics.CodeAnalysis; using System.Globalization; using System.Text.Json; @@ -117,7 +118,8 @@ public interface IOpenIddictApplicationManager /// The post_logout_redirect_uri associated with the applications. /// The that can be used to abort the operation. /// The client applications corresponding to the specified post_logout_redirect_uri. - IAsyncEnumerable FindByPostLogoutRedirectUriAsync(string address, CancellationToken cancellationToken = default); + IAsyncEnumerable FindByPostLogoutRedirectUriAsync( + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken = default); /// /// Retrieves all the applications associated with the specified redirect_uri. @@ -125,7 +127,8 @@ public interface IOpenIddictApplicationManager /// The redirect_uri associated with the applications. /// The that can be used to abort the operation. /// The client applications corresponding to the specified redirect_uri. - IAsyncEnumerable FindByRedirectUriAsync(string address, CancellationToken cancellationToken = default); + IAsyncEnumerable FindByRedirectUriAsync( + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken = default); /// /// Executes the specified query and returns the first element. @@ -461,7 +464,8 @@ public interface IOpenIddictApplicationManager /// A that can be used to monitor the asynchronous operation, /// whose result returns a boolean indicating whether the post_logout_redirect_uri was valid. /// - ValueTask ValidatePostLogoutRedirectUriAsync(object application, string address, CancellationToken cancellationToken = default); + ValueTask ValidatePostLogoutRedirectUriAsync(object application, + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken = default); /// /// Validates the redirect_uri to ensure it's associated with an application. @@ -473,5 +477,6 @@ public interface IOpenIddictApplicationManager /// A that can be used to monitor the asynchronous operation, /// whose result returns a boolean indicating whether the redirect_uri was valid. /// - ValueTask ValidateRedirectUriAsync(object application, string address, CancellationToken cancellationToken = default); + ValueTask ValidateRedirectUriAsync(object application, + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken = default); } diff --git a/src/OpenIddict.Abstractions/Primitives/OpenIddictRequest.cs b/src/OpenIddict.Abstractions/Primitives/OpenIddictRequest.cs index 19848660..3d52275c 100644 --- a/src/OpenIddict.Abstractions/Primitives/OpenIddictRequest.cs +++ b/src/OpenIddict.Abstractions/Primitives/OpenIddictRequest.cs @@ -5,6 +5,7 @@ */ using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; using System.Text.Json; using System.Text.Json.Serialization; using Microsoft.Extensions.Primitives; @@ -316,6 +317,7 @@ public class OpenIddictRequest : OpenIddictMessage /// /// Gets or sets the "post_logout_redirect_uri" parameter. /// + [StringSyntax(StringSyntaxAttribute.Uri)] public string? PostLogoutRedirectUri { get => (string?) GetParameter(OpenIddictConstants.Parameters.PostLogoutRedirectUri); @@ -334,6 +336,7 @@ public class OpenIddictRequest : OpenIddictMessage /// /// Gets or sets the "redirect_uri" parameter. /// + [StringSyntax(StringSyntaxAttribute.Uri)] public string? RedirectUri { get => (string?) GetParameter(OpenIddictConstants.Parameters.RedirectUri); diff --git a/src/OpenIddict.Abstractions/Stores/IOpenIddictApplicationStore.cs b/src/OpenIddict.Abstractions/Stores/IOpenIddictApplicationStore.cs index 224cefeb..88193083 100644 --- a/src/OpenIddict.Abstractions/Stores/IOpenIddictApplicationStore.cs +++ b/src/OpenIddict.Abstractions/Stores/IOpenIddictApplicationStore.cs @@ -5,6 +5,7 @@ */ using System.Collections.Immutable; +using System.Diagnostics.CodeAnalysis; using System.Globalization; using System.Text.Json; @@ -82,7 +83,8 @@ public interface IOpenIddictApplicationStore where TApplication : /// The post_logout_redirect_uri associated with the applications. /// The that can be used to abort the operation. /// The client applications corresponding to the specified post_logout_redirect_uri. - IAsyncEnumerable FindByPostLogoutRedirectUriAsync(string address, CancellationToken cancellationToken); + IAsyncEnumerable FindByPostLogoutRedirectUriAsync( + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken); /// /// Retrieves all the applications associated with the specified redirect_uri. @@ -90,7 +92,8 @@ public interface IOpenIddictApplicationStore where TApplication : /// The redirect_uri associated with the applications. /// The that can be used to abort the operation. /// The client applications corresponding to the specified redirect_uri. - IAsyncEnumerable FindByRedirectUriAsync(string address, CancellationToken cancellationToken); + IAsyncEnumerable FindByRedirectUriAsync( + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken); /// /// Executes the specified query and returns the first element. diff --git a/src/OpenIddict.Client/OpenIddictClientBuilder.cs b/src/OpenIddict.Client/OpenIddictClientBuilder.cs index 3c1ae9d1..1c906889 100644 --- a/src/OpenIddict.Client/OpenIddictClientBuilder.cs +++ b/src/OpenIddict.Client/OpenIddictClientBuilder.cs @@ -982,7 +982,8 @@ public class OpenIddictClientBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictClientBuilder SetRedirectionEndpointUris(params string[] addresses) + public OpenIddictClientBuilder SetRedirectionEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { @@ -1034,7 +1035,8 @@ public class OpenIddictClientBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictClientBuilder SetPostLogoutRedirectionEndpointUris(params string[] addresses) + public OpenIddictClientBuilder SetPostLogoutRedirectionEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { diff --git a/src/OpenIddict.Client/OpenIddictClientEvents.cs b/src/OpenIddict.Client/OpenIddictClientEvents.cs index 2e7672d9..548b90ca 100644 --- a/src/OpenIddict.Client/OpenIddictClientEvents.cs +++ b/src/OpenIddict.Client/OpenIddictClientEvents.cs @@ -5,6 +5,7 @@ */ using System.ComponentModel; +using System.Diagnostics.CodeAnalysis; using System.Security.Claims; using Microsoft.Extensions.Logging; @@ -735,6 +736,7 @@ public static partial class OpenIddictClientEvents /// Gets or sets the redirection endpoint that will /// be used for the challenge demand, if applicable. /// + [StringSyntax(StringSyntaxAttribute.Uri)] public string? RedirectUri { get; set; } /// @@ -769,6 +771,7 @@ public static partial class OpenIddictClientEvents /// /// Gets or sets the optional return URL that will be stored in the state token, if applicable. /// + [StringSyntax(StringSyntaxAttribute.Uri)] public string? TargetLinkUri { get; set; } /// @@ -868,6 +871,7 @@ public static partial class OpenIddictClientEvents /// Gets or sets the post-logout redirection endpoint that /// will be used for the sign-out demand, if applicable. /// + [StringSyntax(StringSyntaxAttribute.Uri)] public string? PostLogoutRedirectUri { get; set; } /// diff --git a/src/OpenIddict.Client/OpenIddictClientHandlers.cs b/src/OpenIddict.Client/OpenIddictClientHandlers.cs index 1cb688f2..d67daac3 100644 --- a/src/OpenIddict.Client/OpenIddictClientHandlers.cs +++ b/src/OpenIddict.Client/OpenIddictClientHandlers.cs @@ -3627,7 +3627,7 @@ public static partial class OpenIddictClientHandlers context.Configuration.ResponseTypesSupported.Select(types => types.Split(Separators.Space).ToImmutableHashSet(StringComparer.Ordinal)).ToList()) switch { - // Note: the OAuth 2.0 provider metadata and OpenID Connect discovery specification define + // Note: the OAuth 2.0 provider metadata and OpenID Connect discovery specifications define // the supported response types as a required property. Nevertheless, to ensure OpenIddict // is compatible with most identity providers, a missing or empty list is not treated as an // error. In this case, response_type=code (for the code grant) and response_type=id_token diff --git a/src/OpenIddict.Client/OpenIddictClientRetriever.cs b/src/OpenIddict.Client/OpenIddictClientRetriever.cs index 334dd011..166a2823 100644 --- a/src/OpenIddict.Client/OpenIddictClientRetriever.cs +++ b/src/OpenIddict.Client/OpenIddictClientRetriever.cs @@ -4,6 +4,7 @@ * the license and the contributors participating to this project. */ +using System.Diagnostics.CodeAnalysis; using Microsoft.IdentityModel.Protocols; namespace OpenIddict.Client; @@ -32,7 +33,8 @@ public class OpenIddictClientRetriever : IConfigurationRetrieverThe retriever used by IdentityModel. /// The that can be used to abort the operation. /// The OpenID Connect server configuration retrieved from the remote server. - async Task IConfigurationRetriever.GetConfigurationAsync(string address, IDocumentRetriever retriever, CancellationToken cancel) + async Task IConfigurationRetriever.GetConfigurationAsync( + [StringSyntax(StringSyntaxAttribute.Uri)] string address, IDocumentRetriever retriever, CancellationToken cancel) { if (string.IsNullOrEmpty(address)) { diff --git a/src/OpenIddict.Core/Caches/OpenIddictApplicationCache.cs b/src/OpenIddict.Core/Caches/OpenIddictApplicationCache.cs index b84cdd63..256f4442 100644 --- a/src/OpenIddict.Core/Caches/OpenIddictApplicationCache.cs +++ b/src/OpenIddict.Core/Caches/OpenIddictApplicationCache.cs @@ -6,6 +6,7 @@ using System.Collections.Concurrent; using System.Collections.Immutable; +using System.Diagnostics.CodeAnalysis; using System.Runtime.CompilerServices; using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.Options; @@ -167,7 +168,8 @@ public class OpenIddictApplicationCache : IOpenIddictApplicationCa } /// - public IAsyncEnumerable FindByPostLogoutRedirectUriAsync(string address, CancellationToken cancellationToken) + public IAsyncEnumerable FindByPostLogoutRedirectUriAsync( + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) { if (string.IsNullOrEmpty(address)) { @@ -208,7 +210,8 @@ public class OpenIddictApplicationCache : IOpenIddictApplicationCa } /// - public IAsyncEnumerable FindByRedirectUriAsync(string address, CancellationToken cancellationToken) + public IAsyncEnumerable FindByRedirectUriAsync( + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) { if (string.IsNullOrEmpty(address)) { diff --git a/src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs b/src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs index 408033c8..dc945ac4 100644 --- a/src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs +++ b/src/OpenIddict.Core/Managers/OpenIddictApplicationManager.cs @@ -334,7 +334,7 @@ public class OpenIddictApplicationManager : IOpenIddictApplication /// The that can be used to abort the operation. /// The client applications corresponding to the specified post_logout_redirect_uri. public virtual IAsyncEnumerable FindByPostLogoutRedirectUriAsync( - string address, CancellationToken cancellationToken = default) + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken = default) { if (string.IsNullOrEmpty(address)) { @@ -376,7 +376,7 @@ public class OpenIddictApplicationManager : IOpenIddictApplication /// The that can be used to abort the operation. /// The client applications corresponding to the specified redirect_uri. public virtual IAsyncEnumerable FindByRedirectUriAsync( - string address, CancellationToken cancellationToken = default) + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken = default) { if (string.IsNullOrEmpty(address)) { @@ -1300,8 +1300,8 @@ public class OpenIddictApplicationManager : IOpenIddictApplication /// A that can be used to monitor the asynchronous operation, /// whose result returns a boolean indicating whether the post_logout_redirect_uri was valid. /// - public virtual async ValueTask ValidatePostLogoutRedirectUriAsync( - TApplication application, string address, CancellationToken cancellationToken = default) + public virtual async ValueTask ValidatePostLogoutRedirectUriAsync(TApplication application, + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken = default) { if (application is null) { @@ -1337,8 +1337,8 @@ public class OpenIddictApplicationManager : IOpenIddictApplication /// A that can be used to monitor the asynchronous operation, /// whose result returns a boolean indicating whether the redirect_uri was valid. /// - public virtual async ValueTask ValidateRedirectUriAsync( - TApplication application, string address, CancellationToken cancellationToken = default) + public virtual async ValueTask ValidateRedirectUriAsync(TApplication application, + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken = default) { if (application is null) { @@ -1596,11 +1596,11 @@ public class OpenIddictApplicationManager : IOpenIddictApplication => await FindByIdAsync(identifier, cancellationToken); /// - IAsyncEnumerable IOpenIddictApplicationManager.FindByPostLogoutRedirectUriAsync(string address, CancellationToken cancellationToken) + IAsyncEnumerable IOpenIddictApplicationManager.FindByPostLogoutRedirectUriAsync([StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) => FindByPostLogoutRedirectUriAsync(address, cancellationToken); /// - IAsyncEnumerable IOpenIddictApplicationManager.FindByRedirectUriAsync(string address, CancellationToken cancellationToken) + IAsyncEnumerable IOpenIddictApplicationManager.FindByRedirectUriAsync([StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) => FindByRedirectUriAsync(address, cancellationToken); /// @@ -1720,10 +1720,10 @@ public class OpenIddictApplicationManager : IOpenIddictApplication => ValidateClientSecretAsync((TApplication) application, secret, cancellationToken); /// - ValueTask IOpenIddictApplicationManager.ValidatePostLogoutRedirectUriAsync(object application, string address, CancellationToken cancellationToken) + ValueTask IOpenIddictApplicationManager.ValidatePostLogoutRedirectUriAsync(object application, [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) => ValidatePostLogoutRedirectUriAsync((TApplication) application, address, cancellationToken); /// - ValueTask IOpenIddictApplicationManager.ValidateRedirectUriAsync(object application, string address, CancellationToken cancellationToken) + ValueTask IOpenIddictApplicationManager.ValidateRedirectUriAsync(object application, [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) => ValidateRedirectUriAsync((TApplication) application, address, cancellationToken); } diff --git a/src/OpenIddict.EntityFramework.Models/OpenIddict.EntityFramework.Models.csproj b/src/OpenIddict.EntityFramework.Models/OpenIddict.EntityFramework.Models.csproj index 587e7da4..d059ac8a 100644 --- a/src/OpenIddict.EntityFramework.Models/OpenIddict.EntityFramework.Models.csproj +++ b/src/OpenIddict.EntityFramework.Models/OpenIddict.EntityFramework.Models.csproj @@ -2,7 +2,10 @@ net461;netstandard2.0 - true + + + + System.Diagnostics.CodeAnalysis.StringSyntaxAttribute diff --git a/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkApplication.cs b/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkApplication.cs index 572fffcb..86014a95 100644 --- a/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkApplication.cs +++ b/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkApplication.cs @@ -5,6 +5,7 @@ */ using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; namespace OpenIddict.EntityFramework.Models; @@ -66,6 +67,7 @@ public class OpenIddictEntityFrameworkApplication /// associated with the current application, /// serialized as a JSON object. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? DisplayNames { get; set; } /// @@ -77,30 +79,35 @@ public class OpenIddictEntityFrameworkApplication /// Gets or sets the permissions associated with the /// current application, serialized as a JSON array. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Permissions { get; set; } /// /// Gets or sets the logout callback URLs associated with /// the current application, serialized as a JSON array. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? PostLogoutRedirectUris { get; set; } /// /// Gets or sets the additional properties serialized as a JSON object, /// or if no bag was associated with the current application. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Properties { get; set; } /// /// Gets or sets the callback URLs associated with the /// current application, serialized as a JSON array. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? RedirectUris { get; set; } /// /// Gets or sets the requirements associated with the /// current application, serialized as a JSON array. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Requirements { get; set; } /// diff --git a/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkAuthorization.cs b/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkAuthorization.cs index e65d51e7..9684f967 100644 --- a/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkAuthorization.cs +++ b/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkAuthorization.cs @@ -5,6 +5,7 @@ */ using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; namespace OpenIddict.EntityFramework.Models; @@ -53,12 +54,14 @@ public class OpenIddictEntityFrameworkAuthorization /// Gets or sets the additional properties serialized as a JSON object, /// or if no bag was associated with the current authorization. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Properties { get; set; } /// /// Gets or sets the scopes associated with the current /// authorization, serialized as a JSON array. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Scopes { get; set; } /// diff --git a/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkScope.cs b/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkScope.cs index db941a82..4d51bab2 100644 --- a/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkScope.cs +++ b/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkScope.cs @@ -5,6 +5,7 @@ */ using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; namespace OpenIddict.EntityFramework.Models; @@ -40,6 +41,7 @@ public class OpenIddictEntityFrameworkScope where TKey : notnull, IEquatab /// Gets or sets the localized public descriptions associated /// with the current scope, serialized as a JSON object. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Descriptions { get; set; } /// @@ -52,6 +54,7 @@ public class OpenIddictEntityFrameworkScope where TKey : notnull, IEquatab /// associated with the current application, /// serialized as a JSON object. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? DisplayNames { get; set; } /// @@ -68,11 +71,13 @@ public class OpenIddictEntityFrameworkScope where TKey : notnull, IEquatab /// Gets or sets the additional properties serialized as a JSON object, /// or if no bag was associated with the current scope. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Properties { get; set; } /// /// Gets or sets the resources associated with the /// current scope, serialized as a JSON array. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Resources { get; set; } } diff --git a/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkToken.cs b/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkToken.cs index 3b8fb8e1..058d2204 100644 --- a/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkToken.cs +++ b/src/OpenIddict.EntityFramework.Models/OpenIddictEntityFrameworkToken.cs @@ -5,6 +5,7 @@ */ using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; namespace OpenIddict.EntityFramework.Models; @@ -70,6 +71,7 @@ public class OpenIddictEntityFrameworkToken /// Gets or sets the additional properties serialized as a JSON object, /// or if no bag was associated with the current token. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Properties { get; set; } /// diff --git a/src/OpenIddict.EntityFramework/Stores/OpenIddictEntityFrameworkApplicationStore.cs b/src/OpenIddict.EntityFramework/Stores/OpenIddictEntityFrameworkApplicationStore.cs index 97145830..dbab0916 100644 --- a/src/OpenIddict.EntityFramework/Stores/OpenIddictEntityFrameworkApplicationStore.cs +++ b/src/OpenIddict.EntityFramework/Stores/OpenIddictEntityFrameworkApplicationStore.cs @@ -8,6 +8,7 @@ using System.Collections.Immutable; using System.ComponentModel; using System.Data; using System.Data.Entity.Infrastructure; +using System.Diagnostics.CodeAnalysis; using System.Globalization; using System.Runtime.CompilerServices; using System.Text; @@ -236,7 +237,7 @@ public class OpenIddictEntityFrameworkApplicationStore public virtual IAsyncEnumerable FindByPostLogoutRedirectUriAsync( - string address, CancellationToken cancellationToken) + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) { if (string.IsNullOrEmpty(address)) { @@ -270,7 +271,7 @@ public class OpenIddictEntityFrameworkApplicationStore public virtual IAsyncEnumerable FindByRedirectUriAsync( - string address, CancellationToken cancellationToken) + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) { if (string.IsNullOrEmpty(address)) { diff --git a/src/OpenIddict.EntityFrameworkCore.Models/OpenIddict.EntityFrameworkCore.Models.csproj b/src/OpenIddict.EntityFrameworkCore.Models/OpenIddict.EntityFrameworkCore.Models.csproj index f7bf28c4..ad58ce5c 100644 --- a/src/OpenIddict.EntityFrameworkCore.Models/OpenIddict.EntityFrameworkCore.Models.csproj +++ b/src/OpenIddict.EntityFrameworkCore.Models/OpenIddict.EntityFrameworkCore.Models.csproj @@ -2,7 +2,10 @@ net461;netstandard2.0 - true + + + + System.Diagnostics.CodeAnalysis.StringSyntaxAttribute diff --git a/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreApplication.cs b/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreApplication.cs index 134729f8..8c015b5a 100644 --- a/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreApplication.cs +++ b/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreApplication.cs @@ -5,6 +5,7 @@ */ using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; namespace OpenIddict.EntityFrameworkCore.Models; @@ -74,6 +75,7 @@ public class OpenIddictEntityFrameworkCoreApplication + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? DisplayNames { get; set; } /// @@ -85,30 +87,35 @@ public class OpenIddictEntityFrameworkCoreApplication + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Permissions { get; set; } /// /// Gets or sets the logout callback URLs associated with /// the current application, serialized as a JSON array. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? PostLogoutRedirectUris { get; set; } /// /// Gets or sets the additional properties serialized as a JSON object, /// or if no bag was associated with the current application. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Properties { get; set; } /// /// Gets or sets the callback URLs associated with the /// current application, serialized as a JSON array. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? RedirectUris { get; set; } /// /// Gets or sets the requirements associated with the /// current application, serialized as a JSON array. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Requirements { get; set; } /// diff --git a/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreAuthorization.cs b/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreAuthorization.cs index 77a3c905..0ac9d6e0 100644 --- a/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreAuthorization.cs +++ b/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreAuthorization.cs @@ -5,6 +5,7 @@ */ using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; namespace OpenIddict.EntityFrameworkCore.Models; @@ -61,6 +62,7 @@ public class OpenIddictEntityFrameworkCoreAuthorization if no bag was associated with the current authorization. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Properties { get; set; } /// diff --git a/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreScope.cs b/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreScope.cs index fe5eda1f..06b8e9c3 100644 --- a/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreScope.cs +++ b/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreScope.cs @@ -5,6 +5,7 @@ */ using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; namespace OpenIddict.EntityFrameworkCore.Models; @@ -40,6 +41,7 @@ public class OpenIddictEntityFrameworkCoreScope where TKey : notnull, IEqu /// Gets or sets the localized public descriptions associated /// with the current scope, serialized as a JSON object. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Descriptions { get; set; } /// @@ -52,6 +54,7 @@ public class OpenIddictEntityFrameworkCoreScope where TKey : notnull, IEqu /// associated with the current application, /// serialized as a JSON object. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? DisplayNames { get; set; } /// @@ -68,11 +71,13 @@ public class OpenIddictEntityFrameworkCoreScope where TKey : notnull, IEqu /// Gets or sets the additional properties serialized as a JSON object, /// or if no bag was associated with the current scope. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Properties { get; set; } /// /// Gets or sets the resources associated with the /// current scope, serialized as a JSON array. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Resources { get; set; } } diff --git a/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreToken.cs b/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreToken.cs index 1ee7162c..60df7c0a 100644 --- a/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreToken.cs +++ b/src/OpenIddict.EntityFrameworkCore.Models/OpenIddictEntityFrameworkCoreToken.cs @@ -5,6 +5,7 @@ */ using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; namespace OpenIddict.EntityFrameworkCore.Models; @@ -78,6 +79,7 @@ public class OpenIddictEntityFrameworkCoreToken if no bag was associated with the current token. /// + [StringSyntax(StringSyntaxAttribute.Json)] public virtual string? Properties { get; set; } /// diff --git a/src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictEntityFrameworkCoreApplicationStore.cs b/src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictEntityFrameworkCoreApplicationStore.cs index fab6a5e7..5492c94c 100644 --- a/src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictEntityFrameworkCoreApplicationStore.cs +++ b/src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictEntityFrameworkCoreApplicationStore.cs @@ -7,6 +7,7 @@ using System.Collections.Immutable; using System.ComponentModel; using System.Data; +using System.Diagnostics.CodeAnalysis; using System.Globalization; using System.Runtime.CompilerServices; using System.Text; @@ -278,7 +279,7 @@ public class OpenIddictEntityFrameworkCoreApplicationStore public virtual IAsyncEnumerable FindByPostLogoutRedirectUriAsync( - string address, CancellationToken cancellationToken) + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) { if (string.IsNullOrEmpty(address)) { @@ -312,7 +313,7 @@ public class OpenIddictEntityFrameworkCoreApplicationStore public virtual IAsyncEnumerable FindByRedirectUriAsync( - string address, CancellationToken cancellationToken) + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) { if (string.IsNullOrEmpty(address)) { diff --git a/src/OpenIddict.MongoDb/Stores/OpenIddictMongoDbApplicationStore.cs b/src/OpenIddict.MongoDb/Stores/OpenIddictMongoDbApplicationStore.cs index 7d60beee..ed4ff8d0 100644 --- a/src/OpenIddict.MongoDb/Stores/OpenIddictMongoDbApplicationStore.cs +++ b/src/OpenIddict.MongoDb/Stores/OpenIddictMongoDbApplicationStore.cs @@ -5,6 +5,7 @@ */ using System.Collections.Immutable; +using System.Diagnostics.CodeAnalysis; using System.Globalization; using System.Runtime.CompilerServices; using System.Text; @@ -137,7 +138,7 @@ public class OpenIddictMongoDbApplicationStore : IOpenIddictApplic /// public virtual IAsyncEnumerable FindByPostLogoutRedirectUriAsync( - string address, CancellationToken cancellationToken) + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) { if (string.IsNullOrEmpty(address)) { @@ -161,7 +162,7 @@ public class OpenIddictMongoDbApplicationStore : IOpenIddictApplic /// public virtual IAsyncEnumerable FindByRedirectUriAsync( - string address, CancellationToken cancellationToken) + [StringSyntax(StringSyntaxAttribute.Uri)] string address, CancellationToken cancellationToken) { if (string.IsNullOrEmpty(address)) { diff --git a/src/OpenIddict.Server/OpenIddictServerBuilder.cs b/src/OpenIddict.Server/OpenIddictServerBuilder.cs index 02bab5a6..fec737fe 100644 --- a/src/OpenIddict.Server/OpenIddictServerBuilder.cs +++ b/src/OpenIddict.Server/OpenIddictServerBuilder.cs @@ -1094,7 +1094,8 @@ public class OpenIddictServerBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictServerBuilder SetAuthorizationEndpointUris(params string[] addresses) + public OpenIddictServerBuilder SetAuthorizationEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { @@ -1142,7 +1143,8 @@ public class OpenIddictServerBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictServerBuilder SetConfigurationEndpointUris(params string[] addresses) + public OpenIddictServerBuilder SetConfigurationEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { @@ -1190,7 +1192,8 @@ public class OpenIddictServerBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictServerBuilder SetCryptographyEndpointUris(params string[] addresses) + public OpenIddictServerBuilder SetCryptographyEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { @@ -1238,7 +1241,8 @@ public class OpenIddictServerBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictServerBuilder SetDeviceEndpointUris(params string[] addresses) + public OpenIddictServerBuilder SetDeviceEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { @@ -1286,7 +1290,8 @@ public class OpenIddictServerBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictServerBuilder SetIntrospectionEndpointUris(params string[] addresses) + public OpenIddictServerBuilder SetIntrospectionEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { @@ -1334,7 +1339,8 @@ public class OpenIddictServerBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictServerBuilder SetLogoutEndpointUris(params string[] addresses) + public OpenIddictServerBuilder SetLogoutEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { @@ -1382,7 +1388,8 @@ public class OpenIddictServerBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictServerBuilder SetRevocationEndpointUris(params string[] addresses) + public OpenIddictServerBuilder SetRevocationEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { @@ -1430,7 +1437,8 @@ public class OpenIddictServerBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictServerBuilder SetTokenEndpointUris(params string[] addresses) + public OpenIddictServerBuilder SetTokenEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { @@ -1478,7 +1486,8 @@ public class OpenIddictServerBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictServerBuilder SetUserinfoEndpointUris(params string[] addresses) + public OpenIddictServerBuilder SetUserinfoEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { @@ -1526,7 +1535,8 @@ public class OpenIddictServerBuilder /// /// The addresses associated to the endpoint. /// The instance. - public OpenIddictServerBuilder SetVerificationEndpointUris(params string[] addresses) + public OpenIddictServerBuilder SetVerificationEndpointUris( + [StringSyntax(StringSyntaxAttribute.Uri)] params string[] addresses) { if (addresses is null) { diff --git a/src/OpenIddict.Server/OpenIddictServerEvents.Authentication.cs b/src/OpenIddict.Server/OpenIddictServerEvents.Authentication.cs index f4cc8266..caeaa5d4 100644 --- a/src/OpenIddict.Server/OpenIddictServerEvents.Authentication.cs +++ b/src/OpenIddict.Server/OpenIddictServerEvents.Authentication.cs @@ -4,6 +4,7 @@ * the license and the contributors participating to this project. */ +using System.Diagnostics.CodeAnalysis; using System.Security.Claims; namespace OpenIddict.Server; @@ -67,6 +68,7 @@ public static partial class OpenIddictServerEvents /// If it's not provided by the client, it must be set by /// the user code by calling . /// + [StringSyntax(StringSyntaxAttribute.Uri)] public string? RedirectUri { get; private set; } /// @@ -79,7 +81,7 @@ public static partial class OpenIddictServerEvents /// Populates the property with the specified redirect_uri. /// /// The redirect_uri to use when redirecting the user agent. - public void SetRedirectUri(string address) + public void SetRedirectUri([StringSyntax(StringSyntaxAttribute.Uri)] string address) { if (string.IsNullOrEmpty(address)) { diff --git a/src/OpenIddict.Server/OpenIddictServerEvents.Session.cs b/src/OpenIddict.Server/OpenIddictServerEvents.Session.cs index ba6589e3..97051d7c 100644 --- a/src/OpenIddict.Server/OpenIddictServerEvents.Session.cs +++ b/src/OpenIddict.Server/OpenIddictServerEvents.Session.cs @@ -4,6 +4,7 @@ * the license and the contributors participating to this project. */ +using System.Diagnostics.CodeAnalysis; using System.Security.Claims; namespace OpenIddict.Server; @@ -65,6 +66,7 @@ public static partial class OpenIddictServerEvents /// /// Gets the post_logout_redirect_uri specified by the client application. /// + [StringSyntax(StringSyntaxAttribute.Uri)] public string? PostLogoutRedirectUri { get; private set; } /// @@ -77,7 +79,7 @@ public static partial class OpenIddictServerEvents /// Populates the property with the specified redirect_uri. /// /// The post_logout_redirect_uri to use when redirecting the user agent. - public void SetPostLogoutRedirectUri(string address) + public void SetPostLogoutRedirectUri([StringSyntax(StringSyntaxAttribute.Uri)] string address) { if (string.IsNullOrEmpty(address)) { diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs index 96e295ef..a8a99398 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Session.cs @@ -6,6 +6,7 @@ using System.Collections.Immutable; using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; using System.Security.Claims; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; @@ -513,7 +514,7 @@ public static partial class OpenIddictServerHandlers return; } - async ValueTask ValidatePostLogoutRedirectUriAsync(string address) + async ValueTask ValidatePostLogoutRedirectUriAsync([StringSyntax(StringSyntaxAttribute.Uri)] string address) { // To be considered valid, a post_logout_redirect_uri must correspond to an existing client application // that was granted the ept:logout permission, unless endpoint permissions checking was explicitly disabled. @@ -753,7 +754,8 @@ public static partial class OpenIddictServerHandlers return; } - async ValueTask ValidateAuthorizedParty(ClaimsPrincipal principal, string address) + async ValueTask ValidateAuthorizedParty(ClaimsPrincipal principal, + [StringSyntax(StringSyntaxAttribute.Uri)] string address) { // To be considered valid, one of the clients matching the specified post_logout_redirect_uri // must be listed either as an audience or as a presenter in the identity token hint. diff --git a/src/OpenIddict.Validation/OpenIddictValidationBuilder.cs b/src/OpenIddict.Validation/OpenIddictValidationBuilder.cs index f376c32b..0023700f 100644 --- a/src/OpenIddict.Validation/OpenIddictValidationBuilder.cs +++ b/src/OpenIddict.Validation/OpenIddictValidationBuilder.cs @@ -456,7 +456,7 @@ public class OpenIddictValidationBuilder /// /// The issuer address. /// The instance. - public OpenIddictValidationBuilder SetIssuer(string address) + public OpenIddictValidationBuilder SetIssuer([StringSyntax(StringSyntaxAttribute.Uri)] string address) { if (string.IsNullOrEmpty(address)) { diff --git a/src/OpenIddict.Validation/OpenIddictValidationRetriever.cs b/src/OpenIddict.Validation/OpenIddictValidationRetriever.cs index 26d07900..d07f0d24 100644 --- a/src/OpenIddict.Validation/OpenIddictValidationRetriever.cs +++ b/src/OpenIddict.Validation/OpenIddictValidationRetriever.cs @@ -4,6 +4,7 @@ * the license and the contributors participating to this project. */ +using System.Diagnostics.CodeAnalysis; using Microsoft.IdentityModel.Protocols; namespace OpenIddict.Validation; @@ -26,7 +27,8 @@ public class OpenIddictValidationRetriever : IConfigurationRetrieverThe retriever used by IdentityModel. /// The that can be used to abort the operation. /// The OpenID Connect server configuration retrieved from the remote server. - async Task IConfigurationRetriever.GetConfigurationAsync(string address, IDocumentRetriever retriever, CancellationToken cancel) + async Task IConfigurationRetriever.GetConfigurationAsync( + [StringSyntax(StringSyntaxAttribute.Uri)] string address, IDocumentRetriever retriever, CancellationToken cancel) { if (string.IsNullOrEmpty(address)) {