diff --git a/identity-server/src/AspNetIdentity/Decorator.cs b/identity-server/src/AspNetIdentity/Decorator.cs index 58ed6f741..616839371 100644 --- a/identity-server/src/AspNetIdentity/Decorator.cs +++ b/identity-server/src/AspNetIdentity/Decorator.cs @@ -11,8 +11,10 @@ internal class Decorator public Decorator(TService instance) => Instance = instance; } +#pragma warning disable CA1812 // This class is not instantiated directly, but rather used by the DI container internal class Decorator : Decorator where TImpl : class, TService +#pragma warning restore CA1812 { public Decorator(TImpl instance) : base(instance) { diff --git a/identity-server/src/AspNetIdentity/UserClaimsFactory.cs b/identity-server/src/AspNetIdentity/UserClaimsFactory.cs index 7904ce1fd..54d340c2d 100644 --- a/identity-server/src/AspNetIdentity/UserClaimsFactory.cs +++ b/identity-server/src/AspNetIdentity/UserClaimsFactory.cs @@ -8,8 +8,10 @@ using Microsoft.AspNetCore.Identity; namespace Duende.IdentityServer.AspNetIdentity; +#pragma warning disable CA1812 // This class is not instantiated directly, but rather used by the DI container internal class UserClaimsFactory : IUserClaimsPrincipalFactory where TUser : class +#pragma warning restore CA1812 { private readonly Decorator> _inner; private UserManager _userManager; diff --git a/identity-server/src/Configuration.EntityFramework/DefaultCancellationTokenProvider.cs b/identity-server/src/Configuration.EntityFramework/DefaultCancellationTokenProvider.cs index 9db72a2cc..5ac0c8e88 100644 --- a/identity-server/src/Configuration.EntityFramework/DefaultCancellationTokenProvider.cs +++ b/identity-server/src/Configuration.EntityFramework/DefaultCancellationTokenProvider.cs @@ -10,7 +10,9 @@ namespace Duende.IdentityServer.Configuration.EntityFramework; /// /// Provides cancellation tokens based on the incoming http request /// +#pragma warning disable CA1812 // This class is not instantiated directly, but rather used by the DI container internal class DefaultCancellationTokenProvider : ICancellationTokenProvider +#pragma warning restore CA1812 { private readonly IHttpContextAccessor _httpContextAccessor; diff --git a/identity-server/src/Directory.Build.props b/identity-server/src/Directory.Build.props index e00b548fe..04880f7a2 100644 --- a/identity-server/src/Directory.Build.props +++ b/identity-server/src/Directory.Build.props @@ -20,6 +20,6 @@ Currently all existing warnings are suppressed. We will remove them as we address them. But this configuration allows us to prevent new warnings from being introduced while we work on the existing ones. --> - $(NoWarn);CA1002;CA1008;CA1031;CA1034;CA1040;CA1051;CA1054;CA1055;CA1056;CA1062;CA1716;CA1724;CA1725;CA1727;CA1805;CA1806;CA1810;CA1812;CA1819;CA1822;CA1825;CA1845;CA1848;CA1849;CA1851;CA1852;CA1854;CA1859;CA1861;CA1860;CA1863;CA1864;CA1870;CA1872;CA2000;CA2008;CA2201;CA2007;CA2208;CA2016;CA2211;CA2227;CA2234;CA2249;CA2253;CA2254;CA2263;CA5404;CA5394; + $(NoWarn);CA1002;CA1008;CA1031;CA1034;CA1040;CA1051;CA1054;CA1055;CA1056;CA1062;CA1716;CA1724;CA1725;CA1727;CA1819;CA1825;CA1845;CA1848;CA1849;CA1851;CA1852;CA1854;CA1859;CA1861;CA1860;CA1863;CA1864;CA1870;CA1872;CA2000;CA2008;CA2201;CA2007;CA2208;CA2016;CA2211;CA2227;CA2234;CA2249;CA2253;CA2254;CA2263;CA5404;CA5394; diff --git a/identity-server/src/EntityFramework.Storage/Entities/Client.cs b/identity-server/src/EntityFramework.Storage/Entities/Client.cs index 29429fd97..114b051ba 100644 --- a/identity-server/src/EntityFramework.Storage/Entities/Client.cs +++ b/identity-server/src/EntityFramework.Storage/Entities/Client.cs @@ -20,7 +20,7 @@ public class Client public string Description { get; set; } public string ClientUri { get; set; } public string LogoUri { get; set; } - public bool RequireConsent { get; set; } = false; + public bool RequireConsent { get; set; } public bool AllowRememberConsent { get; set; } = true; public bool AlwaysIncludeUserClaimsInIdToken { get; set; } public List AllowedGrantTypes { get; set; } @@ -43,13 +43,13 @@ public class Client public string AllowedIdentityTokenSigningAlgorithms { get; set; } public int AccessTokenLifetime { get; set; } = 3600; public int AuthorizationCodeLifetime { get; set; } = 300; - public int? ConsentLifetime { get; set; } = null; + public int? ConsentLifetime { get; set; } public int AbsoluteRefreshTokenLifetime { get; set; } = 2592000; public int SlidingRefreshTokenLifetime { get; set; } = 1296000; public int RefreshTokenUsage { get; set; } = (int)TokenUsage.OneTimeOnly; public bool UpdateAccessTokenClaimsOnRefresh { get; set; } public int RefreshTokenExpiration { get; set; } = (int)TokenExpiration.Absolute; - public int AccessTokenType { get; set; } = 0; // AccessTokenType.Jwt; + public int AccessTokenType { get; set; } // Default is AccessTokenType.Jwt; public bool EnableLocalLogin { get; set; } = true; public List IdentityProviderRestrictions { get; set; } public bool IncludeJwtId { get; set; } diff --git a/identity-server/src/EntityFramework.Storage/Options/ConfigurationStoreOptions.cs b/identity-server/src/EntityFramework.Storage/Options/ConfigurationStoreOptions.cs index a5b1b4f94..8b7d68987 100644 --- a/identity-server/src/EntityFramework.Storage/Options/ConfigurationStoreOptions.cs +++ b/identity-server/src/EntityFramework.Storage/Options/ConfigurationStoreOptions.cs @@ -35,7 +35,7 @@ public class ConfigurationStoreOptions /// /// The default schema. /// - public string? DefaultSchema { get; set; } = null; + public string? DefaultSchema { get; set; } /// /// Gets or sets the identity resource table configuration. @@ -216,7 +216,7 @@ public class ConfigurationStoreOptions /// /// Gets or set if EF DbContext pooling is enabled. /// - public bool EnablePooling { get; set; } = false; + public bool EnablePooling { get; set; } /// /// Gets or set the pool size to use when DbContext pooling is enabled. If not set, the EF default is used. diff --git a/identity-server/src/EntityFramework.Storage/Options/OperationalStoreOptions.cs b/identity-server/src/EntityFramework.Storage/Options/OperationalStoreOptions.cs index 507c4980a..0b659f4a8 100644 --- a/identity-server/src/EntityFramework.Storage/Options/OperationalStoreOptions.cs +++ b/identity-server/src/EntityFramework.Storage/Options/OperationalStoreOptions.cs @@ -35,7 +35,7 @@ public class OperationalStoreOptions /// /// The default schema. /// - public string? DefaultSchema { get; set; } = null; + public string? DefaultSchema { get; set; } /// /// Gets or sets the persisted grants table configuration. @@ -82,7 +82,7 @@ public class OperationalStoreOptions /// /// true if [enable token cleanup]; otherwise, false. /// - public bool EnableTokenCleanup { get; set; } = false; + public bool EnableTokenCleanup { get; set; } /// /// Gets or sets a value indicating whether consumed tokens will be included in the automatic clean up. @@ -90,7 +90,7 @@ public class OperationalStoreOptions /// /// true if consumed tokens are to be included in cleanup; otherwise, false. /// - public bool RemoveConsumedTokens { get; set; } = false; + public bool RemoveConsumedTokens { get; set; } /// /// Gets or sets the consumed token cleanup delay (in seconds). The default @@ -98,7 +98,7 @@ public class OperationalStoreOptions /// marked as consumed can be deleted. Note that only refresh tokens with /// OneTimeOnly usage can be marked as consumed. /// - public int ConsumedTokenCleanupDelay { get; set; } = 0; + public int ConsumedTokenCleanupDelay { get; set; } /// /// Gets or sets the token cleanup interval (in seconds). The default is 3600 (1 hour). @@ -129,7 +129,7 @@ public class OperationalStoreOptions /// /// Gets or set if EF DbContext pooling is enabled. /// - public bool EnablePooling { get; set; } = false; + public bool EnablePooling { get; set; } /// /// Gets or set the pool size to use when DbContext pooling is enabled. If not set, the EF default is used. diff --git a/identity-server/src/EntityFramework.Storage/Stores/PersistedGrantStore.cs b/identity-server/src/EntityFramework.Storage/Stores/PersistedGrantStore.cs index 2cf23bb37..bf6757357 100644 --- a/identity-server/src/EntityFramework.Storage/Stores/PersistedGrantStore.cs +++ b/identity-server/src/EntityFramework.Storage/Stores/PersistedGrantStore.cs @@ -167,7 +167,7 @@ public class PersistedGrantStore : Duende.IdentityServer.Stores.IPersistedGrantS } - private IQueryable Filter(IQueryable query, PersistedGrantFilter filter) + private static IQueryable Filter(IQueryable query, PersistedGrantFilter filter) { if (filter.ClientIds != null) { diff --git a/identity-server/src/EntityFramework.Storage/Stores/ServerSideSessionStore.cs b/identity-server/src/EntityFramework.Storage/Stores/ServerSideSessionStore.cs index fec415bda..9e0b811ad 100644 --- a/identity-server/src/EntityFramework.Storage/Stores/ServerSideSessionStore.cs +++ b/identity-server/src/EntityFramework.Storage/Stores/ServerSideSessionStore.cs @@ -240,7 +240,7 @@ public class ServerSideSessionStore : IServerSideSessionStore } } - private IQueryable Filter(IQueryable query, SessionFilter filter) + private static IQueryable Filter(IQueryable query, SessionFilter filter) { if (!string.IsNullOrWhiteSpace(filter.SubjectId)) { @@ -471,8 +471,8 @@ public class ServerSideSessionStore : IServerSideSessionStore var parts = filter.ResultsToken.Split(',', StringSplitOptions.RemoveEmptyEntries); if (parts != null && parts.Length == 2) { - int.TryParse(parts[0], out first); - int.TryParse(parts[1], out last); + _ = int.TryParse(parts[0], out first); + _ = int.TryParse(parts[1], out last); } } @@ -508,8 +508,8 @@ public class ServerSideSessionStore : IServerSideSessionStore public int First { get; init; } public int Last { get; init; } public int CurrentPage { get; set; } = 1; - public bool HasNext { get; set; } = false; - public bool HasPrev { get; set; } = false; + public bool HasNext { get; set; } + public bool HasPrev { get; set; } public Entities.ServerSideSession[] Items { get; set; } = Array.Empty(); } } diff --git a/identity-server/src/IdentityServer/Configuration/DependencyInjection/ConfigureOpenIdConnectOptions.cs b/identity-server/src/IdentityServer/Configuration/DependencyInjection/ConfigureOpenIdConnectOptions.cs index 85ddbd90e..434f4e851 100644 --- a/identity-server/src/IdentityServer/Configuration/DependencyInjection/ConfigureOpenIdConnectOptions.cs +++ b/identity-server/src/IdentityServer/Configuration/DependencyInjection/ConfigureOpenIdConnectOptions.cs @@ -22,7 +22,7 @@ internal class ConfigureOpenIdConnectOptions : IPostConfigureOptions /// Specifies if the cookie should be sliding or not (only effective if the built-in cookie middleware is used) /// - public bool CookieSlidingExpiration { get; set; } = false; + public bool CookieSlidingExpiration { get; set; } /// /// Specifies the SameSite mode for the internal authentication and temp cookie @@ -40,7 +40,7 @@ public class AuthenticationOptions /// /// true if required; otherwise, false. /// - public bool RequireAuthenticatedUserForSignOutMessage { get; set; } = false; + public bool RequireAuthenticatedUserForSignOutMessage { get; set; } /// /// Gets or sets the name of the cookie used for the check session endpoint. diff --git a/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/DiscoveryOptions.cs b/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/DiscoveryOptions.cs index fca70a7aa..59f2fa5d5 100644 --- a/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/DiscoveryOptions.cs +++ b/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/DiscoveryOptions.cs @@ -73,7 +73,7 @@ public class DiscoveryOptions /// /// The cache interval in seconds. /// - public int? ResponseCacheInterval { get; set; } = null; + public int? ResponseCacheInterval { get; set; } /// /// Adds custom entries to the discovery document diff --git a/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/EndpointOptions.cs b/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/EndpointOptions.cs index 586a36558..013e065ad 100644 --- a/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/EndpointOptions.cs +++ b/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/EndpointOptions.cs @@ -20,9 +20,9 @@ public class EndpointsOptions public bool EnableAuthorizeEndpoint { get; set; } = true; /// - /// Gets or sets if JWT request_uri processing is enabled on the authorize endpoint. + /// Gets or sets if JWT request_uri processing is enabled on the authorize endpoint. /// - public bool EnableJwtRequestUri { get; set; } = false; + public bool EnableJwtRequestUri { get; set; } /// /// Gets or sets a value indicating whether the token endpoint is enabled. diff --git a/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/EventsOptions.cs b/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/EventsOptions.cs index fe5a7ad9a..f8debd9e2 100644 --- a/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/EventsOptions.cs +++ b/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/EventsOptions.cs @@ -17,7 +17,7 @@ public class EventsOptions /// /// true if success event should be raised; otherwise, false. /// - public bool RaiseSuccessEvents { get; set; } = false; + public bool RaiseSuccessEvents { get; set; } /// /// Gets or sets a value indicating whether to raise failure events. @@ -25,7 +25,7 @@ public class EventsOptions /// /// true if failure events should be raised; otherwise, false. /// - public bool RaiseFailureEvents { get; set; } = false; + public bool RaiseFailureEvents { get; set; } /// /// Gets or sets a value indicating whether to raise information events. @@ -33,7 +33,7 @@ public class EventsOptions /// /// true if information events should be raised; otherwise, false. /// - public bool RaiseInformationEvents { get; set; } = false; + public bool RaiseInformationEvents { get; set; } /// /// Gets or sets a value indicating whether to raise error events. @@ -41,5 +41,5 @@ public class EventsOptions /// /// true if error events should be raised; otherwise, false. /// - public bool RaiseErrorEvents { get; set; } = false; + public bool RaiseErrorEvents { get; set; } } diff --git a/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/IdentityServerOptions.cs b/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/IdentityServerOptions.cs index 2a44c4d4a..93763f48f 100644 --- a/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/IdentityServerOptions.cs +++ b/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/IdentityServerOptions.cs @@ -48,12 +48,12 @@ public class IdentityServerOptions /// /// Emits an aud claim with the format issuer/resources. That's needed for some older access token validation plumbing. Defaults to false. /// - public bool EmitStaticAudienceClaim { get; set; } = false; + public bool EmitStaticAudienceClaim { get; set; } /// /// Specifies whether scopes in JWTs are emitted as array or string /// - public bool EmitScopesAsSpaceDelimitedStringInJwt { get; set; } = false; + public bool EmitScopesAsSpaceDelimitedStringInJwt { get; set; } /// /// Specifies whether authorize responses contain the iss parameter (https://www.rfc-editor.org/rfc/rfc9207.html) @@ -63,18 +63,18 @@ public class IdentityServerOptions /// /// Specifies whether the s_hash claim gets emitted in identity tokens. Defaults to false. /// - public bool EmitStateHash { get; set; } = false; + public bool EmitStateHash { get; set; } /// /// Specifies whether the JWT typ and content-type for JWT secured authorization requests is checked according to IETF spec. /// This might break older OIDC conformant request objects. /// - public bool StrictJarValidation { get; set; } = false; + public bool StrictJarValidation { get; set; } /// /// Specifies if a user's tenant claim is compared to the tenant acr_values parameter value to determine if the login page is displayed. Defaults to false. /// - public bool ValidateTenantOnAuthorization { get; set; } = false; + public bool ValidateTenantOnAuthorization { get; set; } /// /// Gets or sets the endpoint configuration. diff --git a/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/PreviewFeatureOptions.cs b/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/PreviewFeatureOptions.cs index 51a175c94..6321a3c45 100644 --- a/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/PreviewFeatureOptions.cs +++ b/identity-server/src/IdentityServer/Configuration/DependencyInjection/Options/PreviewFeatureOptions.cs @@ -9,14 +9,14 @@ namespace Duende.IdentityServer.Configuration; public class PreviewFeatureOptions { /// - /// Enables Caching of Discovery Document based on ResponseCaching Interval + /// Enables Caching of Discovery Document based on ResponseCaching Interval /// - public bool EnableDiscoveryDocumentCache { get; set; } = false; + public bool EnableDiscoveryDocumentCache { get; set; } /// /// When clients authenticate with private_key_jwt assertions, validate the audience of the assertion strictly: the audience must be this IdentityServer's issuer identifier as a single string. /// - public bool StrictClientAssertionAudienceValidation { get; set; } = false; + public bool StrictClientAssertionAudienceValidation { get; set; } /// /// DiscoveryDocument Cache Duration diff --git a/identity-server/src/IdentityServer/Endpoints/BackchannelAuthenticationEndpoint.cs b/identity-server/src/IdentityServer/Endpoints/BackchannelAuthenticationEndpoint.cs index 8122ddebe..aea0cc79b 100644 --- a/identity-server/src/IdentityServer/Endpoints/BackchannelAuthenticationEndpoint.cs +++ b/identity-server/src/IdentityServer/Endpoints/BackchannelAuthenticationEndpoint.cs @@ -106,5 +106,5 @@ internal class BackchannelAuthenticationEndpoint : IEndpointHandler private void LogResponse(BackchannelAuthenticationResponse response, BackchannelAuthenticationRequestValidationResult requestResult) => _logger.LogTrace("BackchannelAuthenticationResponse: {@response} for subject {subjectId}", response, requestResult.ValidatedRequest.Subject.GetSubjectId()); - private BackchannelAuthenticationResult Error(string error, string errorDescription = null) => new BackchannelAuthenticationResult(new BackchannelAuthenticationResponse(error, errorDescription)); + private static BackchannelAuthenticationResult Error(string error, string errorDescription = null) => new BackchannelAuthenticationResult(new BackchannelAuthenticationResponse(error, errorDescription)); } diff --git a/identity-server/src/IdentityServer/Endpoints/Results/CheckSessionResult.cs b/identity-server/src/IdentityServer/Endpoints/Results/CheckSessionResult.cs index 994e34d1a..b7839213d 100644 --- a/identity-server/src/IdentityServer/Endpoints/Results/CheckSessionResult.cs +++ b/identity-server/src/IdentityServer/Endpoints/Results/CheckSessionResult.cs @@ -35,7 +35,7 @@ internal class CheckSessionHttpWriter : IHttpResponseWriter } private void AddCspHeaders(HttpContext context) => context.Response.AddScriptCspHeaders(_options.Csp, IdentityServerConstants.ContentSecurityPolicyHashes.CheckSessionScript); - private string GetHtml(string cookieName) + private static string GetHtml(string cookieName) { if (cookieName != LastCheckSessionCookieName) { diff --git a/identity-server/src/IdentityServer/Endpoints/Results/EndSessionCallbackResult.cs b/identity-server/src/IdentityServer/Endpoints/Results/EndSessionCallbackResult.cs index 226ef7f7a..18ab5395b 100644 --- a/identity-server/src/IdentityServer/Endpoints/Results/EndSessionCallbackResult.cs +++ b/identity-server/src/IdentityServer/Endpoints/Results/EndSessionCallbackResult.cs @@ -77,7 +77,7 @@ internal class EndSessionCallbackHttpWriter : IHttpResponseWriter"); diff --git a/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs b/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs index 875ed27e5..b64739c83 100644 --- a/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs +++ b/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs @@ -170,7 +170,7 @@ internal class TokenEndpoint : IEndpointHandler return null; } - private TokenErrorResult Error(string error, string errorDescription = null, Dictionary custom = null) + private static TokenErrorResult Error(string error, string errorDescription = null, Dictionary custom = null) { var response = new TokenErrorResponse { diff --git a/identity-server/src/IdentityServer/Endpoints/UserInfoEndpoint.cs b/identity-server/src/IdentityServer/Endpoints/UserInfoEndpoint.cs index de3337660..f623066fb 100644 --- a/identity-server/src/IdentityServer/Endpoints/UserInfoEndpoint.cs +++ b/identity-server/src/IdentityServer/Endpoints/UserInfoEndpoint.cs @@ -93,5 +93,5 @@ internal class UserInfoEndpoint : IEndpointHandler return new UserInfoResult(response); } - private IEndpointResult Error(string error, string description = null) => new ProtectedResourceErrorResult(error, description); + private static IEndpointResult Error(string error, string description = null) => new ProtectedResourceErrorResult(error, description); } diff --git a/identity-server/src/IdentityServer/Hosting/IdentityServerAuthenticationService.cs b/identity-server/src/IdentityServer/Hosting/IdentityServerAuthenticationService.cs index b6c2b11ef..a9a41c376 100644 --- a/identity-server/src/IdentityServer/Hosting/IdentityServerAuthenticationService.cs +++ b/identity-server/src/IdentityServer/Hosting/IdentityServerAuthenticationService.cs @@ -88,7 +88,7 @@ internal class IdentityServerAuthenticationService : IAuthenticationService public Task ForbidAsync(HttpContext context, string scheme, AuthenticationProperties properties) => _inner.ForbidAsync(context, scheme, properties); - private void AssertRequiredClaims(ClaimsPrincipal principal) + private static void AssertRequiredClaims(ClaimsPrincipal principal) { // for now, we don't allow more than one identity in the principal/cookie if (principal.Identities.Count() != 1) diff --git a/identity-server/src/IdentityServer/Hosting/MutualTlsEndpointMiddleware.cs b/identity-server/src/IdentityServer/Hosting/MutualTlsEndpointMiddleware.cs index 6db254768..5e5d8581a 100644 --- a/identity-server/src/IdentityServer/Hosting/MutualTlsEndpointMiddleware.cs +++ b/identity-server/src/IdentityServer/Hosting/MutualTlsEndpointMiddleware.cs @@ -119,7 +119,7 @@ public class MutualTlsEndpointMiddleware } - private bool RequestedHostMatches(HostString requestHost, string configuredDomain) + private static bool RequestedHostMatches(HostString requestHost, string configuredDomain) { // Parse the configured domain which might contain a port var configuredHostname = configuredDomain; diff --git a/identity-server/src/IdentityServer/Infrastructure/DistributedCacheStateDataFormatter.cs b/identity-server/src/IdentityServer/Infrastructure/DistributedCacheStateDataFormatter.cs index 319f6eb6e..30c8d40b9 100644 --- a/identity-server/src/IdentityServer/Infrastructure/DistributedCacheStateDataFormatter.cs +++ b/identity-server/src/IdentityServer/Infrastructure/DistributedCacheStateDataFormatter.cs @@ -28,7 +28,7 @@ public class DistributedCacheStateDataFormatter : ISecureDataFormat "DistributedCacheStateDataFormatter"; + private static string CacheKeyPrefix => "DistributedCacheStateDataFormatter"; private IDistributedCache Cache => _provider.GetRequiredService(); private IDataProtector Protector => _provider.GetRequiredService().CreateProtector(CacheKeyPrefix, _name); diff --git a/identity-server/src/IdentityServer/Infrastructure/MessageCookie.cs b/identity-server/src/IdentityServer/Infrastructure/MessageCookie.cs index 417371210..6a2981de7 100644 --- a/identity-server/src/IdentityServer/Infrastructure/MessageCookie.cs +++ b/identity-server/src/IdentityServer/Infrastructure/MessageCookie.cs @@ -35,7 +35,7 @@ internal class MessageCookie _protector = provider.CreateProtector(MessageType); } - private string MessageType => typeof(TModel).Name; + private static string MessageType => typeof(TModel).Name; private string Protect(Message message) { @@ -52,9 +52,9 @@ internal class MessageCookie return message; } - private string CookiePrefix => MessageType + "."; + private static string CookiePrefix => MessageType + "."; - private string GetCookieFullName(string id) => CookiePrefix + id; + private static string GetCookieFullName(string id) => CookiePrefix + id; private string CookiePath => _urls.BasePath.CleanUrlPath(); diff --git a/identity-server/src/IdentityServer/Licensing/IdentityServerLicenseValidator.cs b/identity-server/src/IdentityServer/Licensing/IdentityServerLicenseValidator.cs index c6cbfee61..ce0404da5 100644 --- a/identity-server/src/IdentityServer/Licensing/IdentityServerLicenseValidator.cs +++ b/identity-server/src/IdentityServer/Licensing/IdentityServerLicenseValidator.cs @@ -64,7 +64,7 @@ internal class IdentityServerLicenseValidator : LicenseValidator hashSet, object lockObject, string key) + private static void EnsureAdded(ref HashSet hashSet, object lockObject, string key) { // Lock free test first. if (!hashSet.Contains(key)) @@ -144,7 +144,7 @@ internal class IdentityServerLicenseValidator : LicenseValidator GetAssemblyInfo() + private static List GetAssemblyInfo() { var assemblies = AssemblyLoadContext.Default.Assemblies .OrderBy(a => a.FullName) diff --git a/identity-server/src/IdentityServer/Licensing/V2/Diagnostics/DiagnosticEntries/TokenIssueCountDiagnosticEntry.cs b/identity-server/src/IdentityServer/Licensing/V2/Diagnostics/DiagnosticEntries/TokenIssueCountDiagnosticEntry.cs index ba093e0f0..f7092feaa 100644 --- a/identity-server/src/IdentityServer/Licensing/V2/Diagnostics/DiagnosticEntries/TokenIssueCountDiagnosticEntry.cs +++ b/identity-server/src/IdentityServer/Licensing/V2/Diagnostics/DiagnosticEntries/TokenIssueCountDiagnosticEntry.cs @@ -110,7 +110,7 @@ internal class TokenIssueCountDiagnosticEntry : IDiagnosticEntry, IDisposable } break; case Telemetry.Metrics.Tags.RefreshTokenIssued: - bool.TryParse(tag.Value?.ToString(), out refreshTokenIssued); + _ = bool.TryParse(tag.Value?.ToString(), out refreshTokenIssued); break; case Telemetry.Metrics.Tags.ProofType: if (!Enum.TryParse(tag.Value?.ToString(), out proofType)) @@ -119,10 +119,10 @@ internal class TokenIssueCountDiagnosticEntry : IDiagnosticEntry, IDisposable } break; case Telemetry.Metrics.Tags.AccessTokenIssued: - bool.TryParse(tag.Value?.ToString(), out accessTokenIssued); + _ = bool.TryParse(tag.Value?.ToString(), out accessTokenIssued); break; case Telemetry.Metrics.Tags.IdTokenIssued: - bool.TryParse(tag.Value?.ToString(), out identityTokenIssued); + _ = bool.TryParse(tag.Value?.ToString(), out identityTokenIssued); break; case Telemetry.Metrics.Tags.GrantType: grantType = tag.Value?.ToString(); diff --git a/identity-server/src/IdentityServer/Licensing/V2/License.cs b/identity-server/src/IdentityServer/Licensing/V2/License.cs index 89774a4ea..01724a73b 100644 --- a/identity-server/src/IdentityServer/Licensing/V2/License.cs +++ b/identity-server/src/IdentityServer/Licensing/V2/License.cs @@ -97,7 +97,7 @@ internal class License if (!claims.HasClaim("feature", "unlimited_issuers")) { - // default + // default IssuerLimit = 1; if (int.TryParse(claims.FindFirst("issuer_limit")?.Value, out var issuerLimit)) @@ -137,7 +137,7 @@ internal class License public DateTimeOffset? Expiration { get; init; } /// - /// The license edition + /// The license edition /// public LicenseEdition? Edition { get; init; } @@ -208,7 +208,7 @@ internal class License } } - private LicenseFeature ToFeatureEnum(string claimValue) + private static LicenseFeature ToFeatureEnum(string claimValue) { foreach (var field in typeof(LicenseFeature).GetFields()) { @@ -257,7 +257,7 @@ internal class License _ => throw new ArgumentException(), }; - private ulong FeatureMaskForFeatures(params LicenseFeature[] licenseFeatures) + private static ulong FeatureMaskForFeatures(params LicenseFeature[] licenseFeatures) { var result = 0UL; foreach (var feature in licenseFeatures) diff --git a/identity-server/src/IdentityServer/Models/RefreshTokenCreationRequest.cs b/identity-server/src/IdentityServer/Models/RefreshTokenCreationRequest.cs index 7851ccf3d..52f7f1a05 100644 --- a/identity-server/src/IdentityServer/Models/RefreshTokenCreationRequest.cs +++ b/identity-server/src/IdentityServer/Models/RefreshTokenCreationRequest.cs @@ -34,7 +34,7 @@ public class RefreshTokenCreationRequest public IEnumerable AuthorizedScopes { get; set; } = default!; /// - /// The resource indicators. Null indicates there was no authorization step, thus no restrictions. + /// The resource indicators. Null indicates there was no authorization step, thus no restrictions. /// Non-null means there was an authorization step, and subsequent requested resource indicators must be in the original list. /// public IEnumerable? AuthorizedResourceIndicators { get; set; } @@ -57,7 +57,9 @@ public class RefreshTokenCreationRequest /// /// Called to validate the before it is processed. /// +#pragma warning disable CA1822 // Changing this on a public method in a public class would be a breaking change. public void Validate() +#pragma warning restore CA1822 { //if (ValidatedResources == null) throw new ArgumentNullException(nameof(ValidatedResources)); //if (ValidatedRequest == null) throw new ArgumentNullException(nameof(ValidatedRequest)); diff --git a/identity-server/src/IdentityServer/Services/Default/DefaultBackChannelLogoutService.cs b/identity-server/src/IdentityServer/Services/Default/DefaultBackChannelLogoutService.cs index 0bf5f6cea..a336c3c8a 100644 --- a/identity-server/src/IdentityServer/Services/Default/DefaultBackChannelLogoutService.cs +++ b/identity-server/src/IdentityServer/Services/Default/DefaultBackChannelLogoutService.cs @@ -161,7 +161,9 @@ public class DefaultBackChannelLogoutService : IBackChannelLogoutService /// /// /// The claims to include in the token. +#pragma warning disable CA1822 // Changing this on a protected method in a public class would be a breaking change. protected Task> CreateClaimsForTokenAsync(BackChannelLogoutRequest request) +#pragma warning restore CA1822 { if (request.SessionIdRequired && request.SessionId == null) { diff --git a/identity-server/src/IdentityServer/Services/Default/DefaultPersistedGrantService.cs b/identity-server/src/IdentityServer/Services/Default/DefaultPersistedGrantService.cs index 926fcb220..9d3fc9a0c 100644 --- a/identity-server/src/IdentityServer/Services/Default/DefaultPersistedGrantService.cs +++ b/identity-server/src/IdentityServer/Services/Default/DefaultPersistedGrantService.cs @@ -131,7 +131,7 @@ public class DefaultPersistedGrantService : IPersistedGrantService return Enumerable.Empty(); } - private IEnumerable Join(IEnumerable first, IEnumerable second) + private static IEnumerable Join(IEnumerable first, IEnumerable second) { var list = first.ToList(); diff --git a/identity-server/src/IdentityServer/Stores/Caching/CachingResourceStore.cs b/identity-server/src/IdentityServer/Stores/Caching/CachingResourceStore.cs index b157dedba..d77e45960 100644 --- a/identity-server/src/IdentityServer/Stores/Caching/CachingResourceStore.cs +++ b/identity-server/src/IdentityServer/Stores/Caching/CachingResourceStore.cs @@ -67,7 +67,7 @@ public class CachingResourceStore : IResourceStore _apiResourceNames = apiResourceNames; } - private string GetKey(IEnumerable names) + private static string GetKey(IEnumerable names) { using var activity = Tracing.StoreActivitySource.StartActivity("CachingResourceStore.GetKey"); @@ -119,7 +119,7 @@ public class CachingResourceStore : IResourceStore if (uncachedScopes.Any()) { - // now we need to lookup the remaining items. it's possible this is happening concurrently, so + // now we need to lookup the remaining items. it's possible this is happening concurrently, so // we're going to use the "allcache" to throttle this lookup since the cache has concurrency lock. // also, the "allcache" conveniently holds Resources objects so it can handle all three of our resource types. // the results will then be put into the correct and specific cache as individual items for subsequent lookups. @@ -225,7 +225,7 @@ public class CachingResourceStore : IResourceStore if (uncachedNames.Any()) { - // now we need to lookup the remaining items. it's possible this is happening concurrently, so + // now we need to lookup the remaining items. it's possible this is happening concurrently, so // we're going to use the "allcache" to throttle this lookup since the cache has concurrency lock. // also, the "allcache" conveniently holds Resources objects so it can handle all three of our resource types. // the results will then be put into the correct and specific cache as individual items for subsequent lookups. diff --git a/identity-server/src/IdentityServer/Stores/Default/DefaultUserConsentStore.cs b/identity-server/src/IdentityServer/Stores/Default/DefaultUserConsentStore.cs index 25dd47c35..9552c63b8 100644 --- a/identity-server/src/IdentityServer/Stores/Default/DefaultUserConsentStore.cs +++ b/identity-server/src/IdentityServer/Stores/Default/DefaultUserConsentStore.cs @@ -30,7 +30,7 @@ public class DefaultUserConsentStore : DefaultGrantStore, IUserConsentS { } - private string GetConsentKey(string subjectId, string clientId, bool useHexEncoding = true) + private static string GetConsentKey(string subjectId, string clientId, bool useHexEncoding = true) { if (useHexEncoding) { diff --git a/identity-server/src/IdentityServer/Stores/Default/DistributedCacheAuthorizationParametersMessageStore.cs b/identity-server/src/IdentityServer/Stores/Default/DistributedCacheAuthorizationParametersMessageStore.cs index 2bb912ab0..ca90eaeef 100644 --- a/identity-server/src/IdentityServer/Stores/Default/DistributedCacheAuthorizationParametersMessageStore.cs +++ b/identity-server/src/IdentityServer/Stores/Default/DistributedCacheAuthorizationParametersMessageStore.cs @@ -28,7 +28,7 @@ public class DistributedCacheAuthorizationParametersMessageStore : IAuthorizatio _handleGenerationService = handleGenerationService; } - private string CacheKeyPrefix => "DistributedCacheAuthorizationParametersMessageStore"; + private static string CacheKeyPrefix => "DistributedCacheAuthorizationParametersMessageStore"; /// public virtual async Task WriteAsync(Message> message) diff --git a/identity-server/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs index ab11da255..4d59914b2 100644 --- a/identity-server/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs @@ -818,9 +818,9 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator return true; } - private AuthorizeRequestValidationResult Invalid(ValidatedAuthorizeRequest request, string error = OidcConstants.AuthorizeErrors.InvalidRequest, string description = null) => new AuthorizeRequestValidationResult(request, error, description); + private static AuthorizeRequestValidationResult Invalid(ValidatedAuthorizeRequest request, string error = OidcConstants.AuthorizeErrors.InvalidRequest, string description = null) => new AuthorizeRequestValidationResult(request, error, description); - private AuthorizeRequestValidationResult Valid(ValidatedAuthorizeRequest request) => new AuthorizeRequestValidationResult(request); + private static AuthorizeRequestValidationResult Valid(ValidatedAuthorizeRequest request) => new AuthorizeRequestValidationResult(request); private void LogError(string message, ValidatedAuthorizeRequest request) { diff --git a/identity-server/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs b/identity-server/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs index abc1e9f8d..f94013834 100644 --- a/identity-server/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs +++ b/identity-server/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs @@ -159,7 +159,7 @@ public class BasicAuthenticationSecretParser : ISecretParser return notfound; } - private string UrlDecode(string value) + private static string UrlDecode(string value) { if (value.IsMissing()) { diff --git a/identity-server/src/IdentityServer/Validation/Default/BearerTokenUsageValidator.cs b/identity-server/src/IdentityServer/Validation/Default/BearerTokenUsageValidator.cs index b2f24cf6f..37919f8ad 100644 --- a/identity-server/src/IdentityServer/Validation/Default/BearerTokenUsageValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/BearerTokenUsageValidator.cs @@ -88,7 +88,7 @@ internal class BearerTokenUsageValidator /// /// The context. /// - public async Task ValidatePostBodyAsync(HttpContext context) + public static async Task ValidatePostBodyAsync(HttpContext context) { var token = (await context.Request.ReadFormAsync())["access_token"].FirstOrDefault(); if (token.IsPresent()) diff --git a/identity-server/src/IdentityServer/Validation/Default/DeviceAuthorizationRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/DeviceAuthorizationRequestValidator.cs index 066b327b9..abb786c19 100644 --- a/identity-server/src/IdentityServer/Validation/Default/DeviceAuthorizationRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/DeviceAuthorizationRequestValidator.cs @@ -56,9 +56,9 @@ internal class DeviceAuthorizationRequestValidator : IDeviceAuthorizationRequest return Valid(request); } - private DeviceAuthorizationRequestValidationResult Valid(ValidatedDeviceAuthorizationRequest request) => new DeviceAuthorizationRequestValidationResult(request); + private static DeviceAuthorizationRequestValidationResult Valid(ValidatedDeviceAuthorizationRequest request) => new DeviceAuthorizationRequestValidationResult(request); - private DeviceAuthorizationRequestValidationResult Invalid(ValidatedDeviceAuthorizationRequest request, string error = OidcConstants.AuthorizeErrors.InvalidRequest, string description = null) => new DeviceAuthorizationRequestValidationResult(request, error, description); + private static DeviceAuthorizationRequestValidationResult Invalid(ValidatedDeviceAuthorizationRequest request, string error = OidcConstants.AuthorizeErrors.InvalidRequest, string description = null) => new DeviceAuthorizationRequestValidationResult(request, error, description); private void LogError(string message, ValidatedDeviceAuthorizationRequest request) { diff --git a/identity-server/src/IdentityServer/Validation/Default/PushedAuthorizationRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/PushedAuthorizationRequestValidator.cs index 6634284c6..a5618c8e0 100644 --- a/identity-server/src/IdentityServer/Validation/Default/PushedAuthorizationRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/PushedAuthorizationRequestValidator.cs @@ -152,7 +152,7 @@ internal class PushedAuthorizationRequestValidator( /// context. /// A task containing the . - private Task ValidateRequestUriAsync(PushedAuthorizationRequestValidationContext context) + private static Task ValidateRequestUriAsync(PushedAuthorizationRequestValidationContext context) { // Reject request_uri parameter if (context.RequestParameters.Get(OidcConstants.AuthorizeRequest.RequestUri).IsPresent()) diff --git a/identity-server/src/IdentityServer/Validation/Default/RequestObjectValidator.cs b/identity-server/src/IdentityServer/Validation/Default/RequestObjectValidator.cs index f437fa447..3e03a3ef1 100644 --- a/identity-server/src/IdentityServer/Validation/Default/RequestObjectValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/RequestObjectValidator.cs @@ -114,7 +114,7 @@ internal class RequestObjectValidator : IRequestObjectValidator private static bool IsParRequestUri(string requestUri) => requestUri.StartsWith(IdentityServerConstants.PushedAuthorizationRequestUri, StringComparison.Ordinal); - private string? LoadRequestObjectFromPushedAuthorizationRequest(ValidatedAuthorizeRequest request) => request.Raw.Get(OidcConstants.AuthorizeRequest.Request); + private static string? LoadRequestObjectFromPushedAuthorizationRequest(ValidatedAuthorizeRequest request) => request.Raw.Get(OidcConstants.AuthorizeRequest.Request); public async Task ValidatePushedAuthorizationRequest(ValidatedAuthorizeRequest request) { @@ -168,7 +168,7 @@ internal class RequestObjectValidator : IRequestObjectValidator return null; } - public AuthorizeRequestValidationResult? ValidatePushedAuthorizationBindingToClient(DeserializedPushedAuthorizationRequest pushedAuthorizationRequest, ValidatedAuthorizeRequest authorizeRequest) + public static AuthorizeRequestValidationResult? ValidatePushedAuthorizationBindingToClient(DeserializedPushedAuthorizationRequest pushedAuthorizationRequest, ValidatedAuthorizeRequest authorizeRequest) { var parClientId = pushedAuthorizationRequest.PushedParameters.Get(OidcConstants.AuthorizeRequest.ClientId); if (parClientId != authorizeRequest.ClientId) @@ -181,7 +181,7 @@ internal class RequestObjectValidator : IRequestObjectValidator return null; } - public AuthorizeRequestValidationResult? ValidatePushedAuthorizationExpiration(DeserializedPushedAuthorizationRequest pushedAuthorizationRequest, ValidatedAuthorizeRequest authorizeRequest) + public static AuthorizeRequestValidationResult? ValidatePushedAuthorizationExpiration(DeserializedPushedAuthorizationRequest pushedAuthorizationRequest, ValidatedAuthorizeRequest authorizeRequest) { if (DateTime.UtcNow > pushedAuthorizationRequest.ExpiresAtUtc) { @@ -203,7 +203,7 @@ internal class RequestObjectValidator : IRequestObjectValidator return null; } - private string? GetReferenceValue(ValidatedAuthorizeRequest request) + private static string? GetReferenceValue(ValidatedAuthorizeRequest request) { var requestUri = request.Raw.Get(OidcConstants.AuthorizeRequest.RequestUri); if (requestUri.IsPresent()) @@ -335,9 +335,9 @@ internal class RequestObjectValidator : IRequestObjectValidator return Valid(request); } - private AuthorizeRequestValidationResult Invalid(ValidatedAuthorizeRequest request, string error = OidcConstants.AuthorizeErrors.InvalidRequest, string? description = null) => new AuthorizeRequestValidationResult(request, error, description); + private static AuthorizeRequestValidationResult Invalid(ValidatedAuthorizeRequest request, string error = OidcConstants.AuthorizeErrors.InvalidRequest, string? description = null) => new AuthorizeRequestValidationResult(request, error, description); - private AuthorizeRequestValidationResult Valid(ValidatedAuthorizeRequest request) => new AuthorizeRequestValidationResult(request); + private static AuthorizeRequestValidationResult Valid(ValidatedAuthorizeRequest request) => new AuthorizeRequestValidationResult(request); private void LogError(string message, ValidatedAuthorizeRequest request) { diff --git a/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidator.cs b/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidator.cs index de50e7490..7e08bb6c6 100644 --- a/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidator.cs @@ -28,7 +28,9 @@ public class StrictRedirectUriValidator : IRedirectUriValidator /// The uris. /// The requested URI. /// +#pragma warning disable CA1822 // Changing this on a protected method in a public class would be a breaking change. protected bool StringCollectionContainsString(IEnumerable uris, string requestedUri) +#pragma warning restore CA1822 { if (IEnumerableExtensions.IsNullOrEmpty(uris)) { diff --git a/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs index 240dec22d..7f41885a7 100644 --- a/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs @@ -1222,7 +1222,7 @@ internal class TokenRequestValidator : ITokenRequestValidator return Valid(); } - private bool ValidateCodeVerifierAgainstCodeChallenge(string codeVerifier, string codeChallenge, string codeChallengeMethod) + private static bool ValidateCodeVerifierAgainstCodeChallenge(string codeVerifier, string codeChallenge, string codeChallengeMethod) { if (codeChallengeMethod == OidcConstants.CodeChallengeMethods.Plain) { diff --git a/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs b/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs index 160d77634..294835b40 100644 --- a/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs @@ -409,7 +409,7 @@ internal class TokenValidator : ITokenValidator }; } - private IEnumerable ReferenceTokenToClaims(Token token) + private static IEnumerable ReferenceTokenToClaims(Token token) { var claims = new List { @@ -458,7 +458,7 @@ internal class TokenValidator : ITokenValidator } } - private TokenValidationResult Invalid(string error) => new TokenValidationResult + private static TokenValidationResult Invalid(string error) => new TokenValidationResult { IsError = true, Error = error diff --git a/identity-server/src/IdentityServer/Validation/Models/GrantValidationResult.cs b/identity-server/src/IdentityServer/Validation/Models/GrantValidationResult.cs index 331b162eb..a551f50a6 100644 --- a/identity-server/src/IdentityServer/Validation/Models/GrantValidationResult.cs +++ b/identity-server/src/IdentityServer/Validation/Models/GrantValidationResult.cs @@ -147,7 +147,7 @@ public class GrantValidationResult : ValidationResult CustomResponse = customResponse; } - private string ConvertTokenErrorEnumToString(TokenRequestErrors error) => error switch + private static string ConvertTokenErrorEnumToString(TokenRequestErrors error) => error switch { TokenRequestErrors.InvalidClient => OidcConstants.TokenErrors.InvalidClient, TokenRequestErrors.InvalidGrant => OidcConstants.TokenErrors.InvalidGrant, diff --git a/identity-server/src/Storage/Models/ApiScope.cs b/identity-server/src/Storage/Models/ApiScope.cs index 4027f724c..432d7d52d 100644 --- a/identity-server/src/Storage/Models/ApiScope.cs +++ b/identity-server/src/Storage/Models/ApiScope.cs @@ -82,10 +82,10 @@ public class ApiScope : Resource /// /// Specifies whether the user can de-select the scope on the consent screen. Defaults to false. /// - public bool Required { get; set; } = false; + public bool Required { get; set; } /// /// Specifies whether the consent screen will emphasize this scope. Use this setting for sensitive or important scopes. Defaults to false. /// - public bool Emphasize { get; set; } = false; + public bool Emphasize { get; set; } } diff --git a/identity-server/src/Storage/Models/Client.cs b/identity-server/src/Storage/Models/Client.cs index 5cd21861d..cdb5a6cd7 100644 --- a/identity-server/src/Storage/Models/Client.cs +++ b/identity-server/src/Storage/Models/Client.cs @@ -70,7 +70,7 @@ public class Client /// /// Specifies whether a consent screen is required (defaults to false) /// - public bool RequireConsent { get; set; } = false; + public bool RequireConsent { get; set; } /// /// Specifies whether user can choose to store consent decisions (defaults to true) @@ -98,12 +98,12 @@ public class Client /// /// Specifies whether a proof key can be sent using plain method (not recommended and defaults to false.) /// - public bool AllowPlainTextPkce { get; set; } = false; + public bool AllowPlainTextPkce { get; set; } /// /// Specifies whether the client must use a request object on authorize requests (defaults to false.) /// - public bool RequireRequestObject { get; set; } = false; + public bool RequireRequestObject { get; set; } /// /// Controls whether access tokens are transmitted via the browser for this client (defaults to false). @@ -112,7 +112,7 @@ public class Client /// /// true if access tokens can be transmitted via the browser; otherwise, false. /// - public bool AllowAccessTokensViaBrowser { get; set; } = false; + public bool AllowAccessTokensViaBrowser { get; set; } /// /// Specifies whether a DPoP (Demonstrating Proof-of-Possession) token is requied to be used by this client (defaults to false). @@ -164,7 +164,7 @@ public class Client /// /// Gets or sets a value indicating whether [allow offline access]. Defaults to false. /// - public bool AllowOfflineAccess { get; set; } = false; + public bool AllowOfflineAccess { get; set; } /// /// Specifies the api scopes that the client is allowed to request. If empty, the client can't access any scope @@ -175,7 +175,7 @@ public class Client /// When requesting both an id token and access token, should the user claims always be added to the id token instead of requiring the client to use the userinfo endpoint. /// Defaults to false. /// - public bool AlwaysIncludeUserClaimsInIdToken { get; set; } = false; + public bool AlwaysIncludeUserClaimsInIdToken { get; set; } /// /// Lifetime of identity token in seconds (defaults to 300 seconds / 5 minutes) @@ -210,7 +210,7 @@ public class Client /// /// Lifetime of a user consent in seconds. Defaults to null (no expiration) /// - public int? ConsentLifetime { get; set; } = null; + public int? ConsentLifetime { get; set; } /// /// Lifetime of pushed authorization requests for this client. If this lifetime is set, it takes precedence over @@ -224,7 +224,7 @@ public class Client /// configuration flag to require pushed authorization in PushedAuthorizationOptions. Pushed authorization is /// required for a client if either the global configuration flag is enabled or if this flag is set for that client. /// - public bool RequirePushedAuthorization { get; set; } = false; + public bool RequirePushedAuthorization { get; set; } /// /// Specifies if tokens should be rotated when they are used. Defaults to @@ -246,7 +246,7 @@ public class Client /// /// true if the token should be updated; otherwise, false. /// - public bool UpdateAccessTokenClaimsOnRefresh { get; set; } = false; + public bool UpdateAccessTokenClaimsOnRefresh { get; set; } /// /// Absolute: the refresh token will expire on a fixed point in time (specified by the AbsoluteRefreshTokenLifetime) @@ -295,7 +295,7 @@ public class Client /// /// true if claims should always be sent; otherwise, false. /// - public bool AlwaysSendClientClaims { get; set; } = false; + public bool AlwaysSendClientClaims { get; set; } /// /// Gets or sets a value to prefix it on client claim types. Defaults to client_. diff --git a/identity-server/src/Storage/Models/IdentityResource.cs b/identity-server/src/Storage/Models/IdentityResource.cs index 8f5d6d246..e75e953a2 100644 --- a/identity-server/src/Storage/Models/IdentityResource.cs +++ b/identity-server/src/Storage/Models/IdentityResource.cs @@ -66,11 +66,11 @@ public class IdentityResource : Resource /// /// Specifies whether the user can de-select the scope on the consent screen (if the consent screen wants to implement such a feature). Defaults to false. /// - public bool Required { get; set; } = false; + public bool Required { get; set; } /// - /// Specifies whether the consent screen will emphasize this scope (if the consent screen wants to implement such a feature). + /// Specifies whether the consent screen will emphasize this scope (if the consent screen wants to implement such a feature). /// Use this setting for sensitive or important scopes. Defaults to false. /// - public bool Emphasize { get; set; } = false; + public bool Emphasize { get; set; } } diff --git a/identity-server/src/Storage/Stores/Serialization/PersistentGrantSerializer.cs b/identity-server/src/Storage/Stores/Serialization/PersistentGrantSerializer.cs index f1bb53432..8e6105aa5 100644 --- a/identity-server/src/Storage/Stores/Serialization/PersistentGrantSerializer.cs +++ b/identity-server/src/Storage/Stores/Serialization/PersistentGrantSerializer.cs @@ -15,24 +15,21 @@ namespace Duende.IdentityServer.Stores.Serialization; /// public class PersistentGrantSerializer : IPersistentGrantSerializer { - private static readonly JsonSerializerOptions Settings; + private static readonly JsonSerializerOptions Settings = new() + { + IgnoreReadOnlyFields = true, + IgnoreReadOnlyProperties = true, + DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull, + Converters = + { + new ClaimConverter(), + new ClaimsPrincipalConverter() + } + }; private readonly PersistentGrantOptions _options; private readonly IDataProtector _provider; - static PersistentGrantSerializer() - { - Settings = new JsonSerializerOptions - { - IgnoreReadOnlyFields = true, - IgnoreReadOnlyProperties = true, - DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull - }; - - Settings.Converters.Add(new ClaimConverter()); - Settings.Converters.Add(new ClaimsPrincipalConverter()); - } - /// /// Ctor. /// @@ -110,7 +107,7 @@ public class PersistentGrantSerializer : IPersistentGrantSerializer throw new Exception($"Invalid version in persisted grant data: '{container.PersistentGrantDataContainerVersion}'."); } - private void PostProcess(RefreshToken refreshToken) + private static void PostProcess(RefreshToken refreshToken) { if (refreshToken != null && refreshToken.Version < 5) { diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_PAR.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_PAR.cs index 27dc0c261..1196b149d 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_PAR.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_PAR.cs @@ -34,8 +34,7 @@ public class Authorize_ProtocolValidation_Valid_PAR ClientId = differentClientInAuthorizeRequest }; - var validator = Factory.CreateRequestObjectValidator(); - var result = validator.ValidatePushedAuthorizationBindingToClient(par, request); + var result = RequestObjectValidator.ValidatePushedAuthorizationBindingToClient(par, request); result.ShouldNotBeNull(); result.IsError.ShouldBe(true); @@ -55,7 +54,7 @@ public class Authorize_ProtocolValidation_Valid_PAR }; var validator = Factory.CreateRequestObjectValidator(); - var result = validator.ValidatePushedAuthorizationExpiration(par, authorizeRequest); + var result = RequestObjectValidator.ValidatePushedAuthorizationExpiration(par, authorizeRequest); result.ShouldNotBeNull(); result.IsError.ShouldBe(true);