mirror of
https://github.com/DuendeSoftware/products
synced 2026-05-24 09:28:24 +00:00
Updated to IdentityModel 8.0.0
This commit is contained in:
Brett Hazen
parent
56b87562ca
commit
91f00cbd8a
39 changed files with 105 additions and 86 deletions
|
|
@ -7,11 +7,12 @@
|
|||
<PackageVersion Include="BenchmarkDotNet" Version="0.15.0" />
|
||||
<PackageVersion Include="BullsEye" Version="5.0.0" />
|
||||
<PackageVersion Include="coverlet.collector" Version="6.0.2" />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement" Version="3.2.0" />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement" Version="3.3.0" />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement.OpenIdConnect" Version="4.0.0-Preview.2" Condition=" '$(IsBffProject)' == 'true' " />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement.OpenIdConnect" Version="3.2.0" Condition=" '$(IsBffProject)' != 'true' " />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement.OpenIdConnect" Version="3.3.0" Condition=" '$(IsBffProject)' != 'true' " />
|
||||
<PackageVersion Include="Duende.AspNetCore.Authentication.JwtBearer" Version="0.1.3" />
|
||||
<PackageVersion Include="Duende.IdentityModel" Version="7.1.0" />
|
||||
<PackageVersion Include="Duende.IdentityModel" Version="8.0.0" Condition=" '$(IsBffProject)' != 'true' " />
|
||||
<PackageVersion Include="Duende.IdentityModel" Version="7.1.0" Condition=" '$(IsBffProject)' == 'true' " />
|
||||
<PackageVersion Include="Duende.IdentityModel.OidcClient" Version="6.0.1" />
|
||||
<PackageVersion Include="Duende.IdentityServer" Version="7.1.0" />
|
||||
<PackageVersion Include="IdentityModel.AspNetCore.OAuth2Introspection" Version="6.2.0" />
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
|
||||
<PackageReference Include="Duende.IdentityModel" />
|
||||
<PackageReference Include="Duende.IdentityModel" VersionOverride="7.1.0" />
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@
|
|||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="AngleSharp" />
|
||||
<PackageReference Include="Duende.AccessTokenManagement.OpenIdConnect" />
|
||||
<PackageReference Include="Duende.IdentityModel" />
|
||||
<PackageReference Include="Duende.AccessTokenManagement.OpenIdConnect" VersionOverride="4.0.0" />
|
||||
<PackageReference Include="Duende.IdentityModel" VersionOverride="7.1.0" />
|
||||
<PackageReference Include="Duende.IdentityServer" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" />
|
||||
|
|
@ -26,4 +26,4 @@
|
|||
<ProjectReference
|
||||
Include="..\..\src\AspNetCore.Authentication.JwtBearer\AspNetCore.Authentication.JwtBearer.csproj" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
</Project>
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
|
|
@ -66,7 +67,7 @@ internal static class DPoPExtensions
|
|||
/// </summary>
|
||||
public static string CreateThumbprint(this JsonWebKey jwk)
|
||||
{
|
||||
var jkt = Base64Url.Encode(jwk.ComputeJwkThumbprint());
|
||||
var jkt = Base64Url.EncodeToString(jwk.ComputeJwkThumbprint());
|
||||
return jkt;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
|
|
@ -226,7 +227,7 @@ public class DPoPProofValidator
|
|||
var bytes = Encoding.UTF8.GetBytes(context.AccessToken);
|
||||
var hash = sha.ComputeHash(bytes);
|
||||
|
||||
var accessTokenHash = Base64Url.Encode(hash);
|
||||
var accessTokenHash = Base64Url.EncodeToString(hash);
|
||||
if (accessTokenHash != result.AccessTokenHash)
|
||||
{
|
||||
result.IsError = true;
|
||||
|
|
@ -328,7 +329,7 @@ public class DPoPProofValidator
|
|||
skew = dpopOptions.ServerClockSkew;
|
||||
}
|
||||
|
||||
// we do x2 here because clock might be might be before or after, so we're making cache duration
|
||||
// we do x2 here because clock might be might be before or after, so we're making cache duration
|
||||
// longer than the likelyhood of proof token expiration, which is done before replay
|
||||
skew *= 2;
|
||||
var cacheDuration = dpopOptions.ProofTokenValidityDuration + skew;
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using Clients;
|
||||
using ConsoleResourceIndicators;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using Duende.IdentityModel.OidcClient;
|
||||
using Microsoft.Extensions.Hosting;
|
||||
|
|
@ -103,8 +103,8 @@ async Task FrontChannel(string scope, IEnumerable<string> resource)
|
|||
|
||||
Console.WriteLine();
|
||||
Console.WriteLine("Standard access token:");
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.Decode(header)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.Decode(payload)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(header)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload)).PrettyPrintJson());
|
||||
|
||||
if (result.RefreshToken == null)
|
||||
{
|
||||
|
|
@ -155,8 +155,8 @@ async Task Refresh(string refreshToken, string resource)
|
|||
var header = parts[0];
|
||||
var payload = parts[1];
|
||||
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.Decode(header)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.Decode(payload)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(header)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload)).PrettyPrintJson());
|
||||
}
|
||||
|
||||
internal class Test
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
|
||||
namespace Clients;
|
||||
|
|
@ -25,8 +25,8 @@ public static class TokenResponseExtensions
|
|||
var header = parts[0];
|
||||
var payload = parts[1];
|
||||
|
||||
Console.WriteLine(PrettyPrintJson(Encoding.UTF8.GetString(Base64Url.Decode(header))));
|
||||
Console.WriteLine(PrettyPrintJson(Encoding.UTF8.GetString(Base64Url.Decode(payload))));
|
||||
Console.WriteLine(PrettyPrintJson(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(header))));
|
||||
Console.WriteLine(PrettyPrintJson(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload))));
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
|
||||
namespace IdentityServerHost.Pages.Diagnostics;
|
||||
|
|
@ -18,7 +18,7 @@ public class ViewModel
|
|||
{
|
||||
if (encoded != null)
|
||||
{
|
||||
var bytes = Base64Url.Decode(encoded);
|
||||
var bytes = Base64Url.DecodeFromChars(encoded);
|
||||
var value = Encoding.UTF8.GetString(bytes);
|
||||
Clients = JsonSerializer.Deserialize<string[]>(value) ?? Enumerable.Empty<string>();
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
|
||||
namespace IdentityServerHost.Pages.Diagnostics;
|
||||
|
|
@ -18,7 +18,7 @@ public class ViewModel
|
|||
{
|
||||
if (encoded != null)
|
||||
{
|
||||
var bytes = Base64Url.Decode(encoded);
|
||||
var bytes = Base64Url.DecodeFromChars(encoded);
|
||||
var value = Encoding.UTF8.GetString(bytes);
|
||||
Clients = JsonSerializer.Deserialize<string[]>(value) ?? Enumerable.Empty<string>();
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
|
||||
namespace IdentityServerHost.Pages.Diagnostics;
|
||||
|
|
@ -18,7 +18,7 @@ public class ViewModel
|
|||
{
|
||||
if (encoded != null)
|
||||
{
|
||||
var bytes = Base64Url.Decode(encoded);
|
||||
var bytes = Base64Url.DecodeFromChars(encoded);
|
||||
var value = Encoding.UTF8.GetString(bytes);
|
||||
Clients = JsonSerializer.Deserialize<string[]>(value) ?? Enumerable.Empty<string>();
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
|
||||
namespace IdentityServerHost.Pages.Diagnostics;
|
||||
|
|
@ -18,7 +18,7 @@ public class ViewModel
|
|||
{
|
||||
if (encoded != null)
|
||||
{
|
||||
var bytes = Base64Url.Decode(encoded);
|
||||
var bytes = Base64Url.DecodeFromChars(encoded);
|
||||
var value = Encoding.UTF8.GetString(bytes);
|
||||
Clients = JsonSerializer.Deserialize<string[]>(value) ?? Enumerable.Empty<string>();
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
|
||||
namespace IdentityServerHost.Pages.Diagnostics;
|
||||
|
|
@ -18,7 +18,7 @@ public class ViewModel
|
|||
{
|
||||
if (encoded != null)
|
||||
{
|
||||
var bytes = Base64Url.Decode(encoded);
|
||||
var bytes = Base64Url.DecodeFromChars(encoded);
|
||||
var value = Encoding.UTF8.GetString(bytes);
|
||||
Clients = JsonSerializer.Deserialize<string[]>(value) ?? Enumerable.Empty<string>();
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
#nullable enable
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Cryptography;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using System.Text;
|
||||
|
|
@ -70,7 +71,7 @@ public static class CryptoHelper
|
|||
var leftPart = new byte[size];
|
||||
Array.Copy(hash, leftPart, size);
|
||||
|
||||
return Base64Url.Encode(leftPart);
|
||||
return Base64Url.EncodeToString(leftPart);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using Duende.IdentityModel;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
|
||||
namespace Duende.IdentityServer.Extensions;
|
||||
|
|
@ -91,7 +91,7 @@ public static class AuthenticationPropertiesExtensions
|
|||
{
|
||||
if (value.IsPresent())
|
||||
{
|
||||
var bytes = Base64Url.Decode(value);
|
||||
var bytes = Base64Url.DecodeFromChars(value);
|
||||
value = Encoding.UTF8.GetString(bytes);
|
||||
return ObjectSerializer.FromString<string[]>(value);
|
||||
}
|
||||
|
|
@ -105,7 +105,7 @@ public static class AuthenticationPropertiesExtensions
|
|||
{
|
||||
var value = ObjectSerializer.ToString(list);
|
||||
var bytes = Encoding.UTF8.GetBytes(value);
|
||||
value = Base64Url.Encode(bytes);
|
||||
value = Base64Url.EncodeToString(bytes);
|
||||
return value;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
|
|
@ -30,7 +31,7 @@ internal static class JsonWebKeyExtensions
|
|||
/// </summary>
|
||||
public static string CreateThumbprint(this JsonWebKey jwk)
|
||||
{
|
||||
var jkt = Base64Url.Encode(jwk.ComputeJwkThumbprint());
|
||||
var jkt = Base64Url.EncodeToString(jwk.ComputeJwkThumbprint());
|
||||
return jkt;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Collections.Specialized;
|
||||
using System.Globalization;
|
||||
using System.Security.Cryptography;
|
||||
|
|
@ -159,7 +160,7 @@ public static class ValidatedAuthorizeRequestExtensions
|
|||
var bytes = Encoding.UTF8.GetBytes(clientId + origin + sessionId + salt);
|
||||
var hash = SHA256.HashData(bytes);
|
||||
|
||||
return Base64Url.Encode(hash) + "." + salt;
|
||||
return Base64Url.EncodeToString(hash) + "." + salt;
|
||||
}
|
||||
|
||||
private static NameValueCollection ToOptimizedRawValues(this ValidatedAuthorizeRequest request)
|
||||
|
|
@ -170,7 +171,7 @@ public static class ValidatedAuthorizeRequestExtensions
|
|||
var collection = new NameValueCollection();
|
||||
foreach (var key in request.Raw.AllKeys)
|
||||
{
|
||||
// https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests
|
||||
// https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests
|
||||
// requires client id and response type to always be in URL
|
||||
if (key == OidcConstants.AuthorizeRequest.ClientId ||
|
||||
key == OidcConstants.AuthorizeRequest.ResponseType ||
|
||||
|
|
|
|||
|
|
@ -2,10 +2,10 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Cryptography;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
|
||||
namespace Duende.IdentityServer.Extensions;
|
||||
|
||||
|
|
@ -35,5 +35,5 @@ public static class X509CertificateExtensions
|
|||
/// Returns the SHA256 thumbprint of the certificate as a base64url encoded string
|
||||
/// </summary>
|
||||
/// <returns></returns>
|
||||
public static string GetSha256Thumbprint(this X509Certificate2 certificate) => Base64Url.Encode(certificate.GetCertHash(HashAlgorithmName.SHA256));
|
||||
public static string GetSha256Thumbprint(this X509Certificate2 certificate) => Base64Url.EncodeToString(certificate.GetCertHash(HashAlgorithmName.SHA256));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Collections.Specialized;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
|
|
@ -89,7 +90,7 @@ public class ConsentRequest
|
|||
var bytes = Encoding.UTF8.GetBytes(value);
|
||||
var hash = SHA256.HashData(bytes);
|
||||
|
||||
return Base64Url.Encode(hash);
|
||||
return Base64Url.EncodeToString(hash);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Cryptography;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityServer.Configuration;
|
||||
|
|
@ -431,13 +432,13 @@ public class DiscoveryResponseGenerator : IDiscoveryResponseGenerator
|
|||
if (key.Key is X509SecurityKey x509Key)
|
||||
{
|
||||
var cert64 = Convert.ToBase64String(x509Key.Certificate.RawData);
|
||||
var thumbprint = Base64Url.Encode(x509Key.Certificate.GetCertHash());
|
||||
var thumbprint = Base64Url.EncodeToString(x509Key.Certificate.GetCertHash());
|
||||
|
||||
if (x509Key.PublicKey is RSA rsa)
|
||||
{
|
||||
var parameters = rsa.ExportParameters(false);
|
||||
var exponent = Base64Url.Encode(parameters.Exponent);
|
||||
var modulus = Base64Url.Encode(parameters.Modulus);
|
||||
var exponent = Base64Url.EncodeToString(parameters.Exponent);
|
||||
var modulus = Base64Url.EncodeToString(parameters.Modulus);
|
||||
|
||||
var rsaJsonWebKey = new Models.JsonWebKey
|
||||
{
|
||||
|
|
@ -455,8 +456,8 @@ public class DiscoveryResponseGenerator : IDiscoveryResponseGenerator
|
|||
else if (x509Key.PublicKey is ECDsa ecdsa)
|
||||
{
|
||||
var parameters = ecdsa.ExportParameters(false);
|
||||
var x = Base64Url.Encode(parameters.Q.X);
|
||||
var y = Base64Url.Encode(parameters.Q.Y);
|
||||
var x = Base64Url.EncodeToString(parameters.Q.X);
|
||||
var y = Base64Url.EncodeToString(parameters.Q.Y);
|
||||
|
||||
var ecdsaJsonWebKey = new Models.JsonWebKey
|
||||
{
|
||||
|
|
@ -480,8 +481,8 @@ public class DiscoveryResponseGenerator : IDiscoveryResponseGenerator
|
|||
else if (key.Key is RsaSecurityKey rsaKey)
|
||||
{
|
||||
var parameters = rsaKey.Rsa?.ExportParameters(false) ?? rsaKey.Parameters;
|
||||
var exponent = Base64Url.Encode(parameters.Exponent);
|
||||
var modulus = Base64Url.Encode(parameters.Modulus);
|
||||
var exponent = Base64Url.EncodeToString(parameters.Exponent);
|
||||
var modulus = Base64Url.EncodeToString(parameters.Modulus);
|
||||
|
||||
var webKey = new Models.JsonWebKey
|
||||
{
|
||||
|
|
@ -498,8 +499,8 @@ public class DiscoveryResponseGenerator : IDiscoveryResponseGenerator
|
|||
else if (key.Key is ECDsaSecurityKey ecdsaKey)
|
||||
{
|
||||
var parameters = ecdsaKey.ECDsa.ExportParameters(false);
|
||||
var x = Base64Url.Encode(parameters.Q.X);
|
||||
var y = Base64Url.Encode(parameters.Q.Y);
|
||||
var x = Base64Url.EncodeToString(parameters.Q.X);
|
||||
var y = Base64Url.EncodeToString(parameters.Q.Y);
|
||||
|
||||
var ecdsaJsonWebKey = new Models.JsonWebKey
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityServer.Models;
|
||||
using Microsoft.AspNetCore.DataProtection;
|
||||
using Microsoft.Extensions.Logging;
|
||||
|
|
@ -50,7 +50,7 @@ public class ProtectedDataMessageStore<TModel> : IMessageStore<TModel>
|
|||
{
|
||||
try
|
||||
{
|
||||
var bytes = Base64Url.Decode(value);
|
||||
var bytes = Base64Url.DecodeFromChars(value);
|
||||
bytes = Protector.Unprotect(bytes);
|
||||
var json = Encoding.UTF8.GetString(bytes);
|
||||
result = ObjectSerializer.FromString<Message<TModel>>(json);
|
||||
|
|
@ -76,7 +76,7 @@ public class ProtectedDataMessageStore<TModel> : IMessageStore<TModel>
|
|||
var json = ObjectSerializer.ToString(message);
|
||||
var bytes = Encoding.UTF8.GetBytes(json);
|
||||
bytes = Protector.Protect(bytes);
|
||||
value = Base64Url.Encode(bytes);
|
||||
value = Base64Url.EncodeToString(bytes);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
|
|
@ -299,7 +300,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator
|
|||
var bytes = Encoding.UTF8.GetBytes(context.AccessToken);
|
||||
var hash = SHA256.HashData(bytes);
|
||||
|
||||
var accessTokenHash = Base64Url.Encode(hash);
|
||||
var accessTokenHash = Base64Url.EncodeToString(hash);
|
||||
if (accessTokenHash != result.AccessTokenHash)
|
||||
{
|
||||
result.IsError = true;
|
||||
|
|
@ -399,7 +400,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator
|
|||
skew = Options.DPoP.ServerClockSkew;
|
||||
}
|
||||
|
||||
// we do x2 here because clock might be might be before or after, so we're making cache duration
|
||||
// we do x2 here because clock might be might be before or after, so we're making cache duration
|
||||
// longer than the likelyhood of proof token expiration, which is done before replay
|
||||
skew *= 2;
|
||||
var cacheDuration = Options.DPoP.ProofTokenValidityDuration + skew;
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Collections.Specialized;
|
||||
using System.Text;
|
||||
using Duende.IdentityModel;
|
||||
|
|
@ -1231,7 +1232,7 @@ internal class TokenRequestValidator : ITokenRequestValidator
|
|||
|
||||
var codeVerifierBytes = Encoding.ASCII.GetBytes(codeVerifier);
|
||||
var hashedBytes = codeVerifierBytes.Sha256();
|
||||
var transformedCodeVerifier = Base64Url.Encode(hashedBytes);
|
||||
var transformedCodeVerifier = Base64Url.EncodeToString(hashedBytes);
|
||||
|
||||
return TimeConstantComparer.IsEqual(transformedCodeVerifier.Sha256(), codeChallenge);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
|
|
@ -217,7 +218,7 @@ public class ClientAssertionClient
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
|
|
@ -427,7 +428,7 @@ public class ClientCredentialsClient
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using IntegrationTests.Clients.Setup;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
|
|
@ -268,7 +268,7 @@ public class CustomTokenResponseClients
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
|
|
@ -582,7 +583,7 @@ public class ExtensionGrantClient
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,10 +2,10 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using IntegrationTests.Clients.Setup;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
|
|
@ -262,7 +262,7 @@ public class ResourceOwnerClient
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,10 +2,10 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using IntegrationTests.Clients.Setup;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
|
|
@ -197,7 +197,7 @@ public class UserInfoEndpointClient
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, object>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using Duende.IdentityModel;
|
||||
|
|
@ -529,7 +530,7 @@ public class PkceTests
|
|||
{
|
||||
var codeVerifierBytes = Encoding.ASCII.GetBytes(codeVerifier);
|
||||
var hashedBytes = codeVerifierBytes.Sha256();
|
||||
var transformedCodeVerifier = Base64Url.Encode(hashedBytes);
|
||||
var transformedCodeVerifier = Base64Url.EncodeToString(hashedBytes);
|
||||
|
||||
return transformedCodeVerifier;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Net;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
|
|
@ -535,7 +536,7 @@ public class EndSessionTests
|
|||
var parts = token.Split('.');
|
||||
parts.Length.ShouldBe(3);
|
||||
|
||||
var bytes = Base64Url.Decode(parts[1]);
|
||||
var bytes = Base64Url.DecodeFromChars(parts[1]);
|
||||
var json = Encoding.UTF8.GetString(bytes);
|
||||
var payload = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
|
|
@ -583,7 +584,7 @@ public class EndSessionTests
|
|||
var parts = token.Split('.');
|
||||
parts.Length.ShouldBe(3);
|
||||
|
||||
var bytes = Base64Url.Decode(parts[0]);
|
||||
var bytes = Base64Url.DecodeFromChars(parts[0]);
|
||||
var json = Encoding.UTF8.GetString(bytes);
|
||||
var header = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
|
|
@ -623,7 +624,7 @@ public class EndSessionTests
|
|||
var parts = token.Split('.');
|
||||
parts.Length.ShouldBe(3);
|
||||
|
||||
var bytes = Base64Url.Decode(parts[0]);
|
||||
var bytes = Base64Url.DecodeFromChars(parts[0]);
|
||||
var json = Encoding.UTF8.GetString(bytes);
|
||||
var header = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Claims;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using Duende.IdentityServer.Models;
|
||||
using Duende.IdentityServer.Test;
|
||||
|
|
@ -97,7 +97,7 @@ public class RefreshTokenTests
|
|||
tokenResult1.AccessToken.ShouldNotBeNull();
|
||||
|
||||
|
||||
var payload1 = JsonSerializer.Deserialize<JsonElement>(Base64Url.Decode(tokenResult1.AccessToken.Split('.')[1]));
|
||||
var payload1 = JsonSerializer.Deserialize<JsonElement>(Base64Url.DecodeFromChars(tokenResult1.AccessToken.Split('.')[1]));
|
||||
var sid1 = payload1.TryGetValue("sid").GetString();
|
||||
sid1.ShouldBe(_mockPipeline.GetSessionCookie().Value);
|
||||
|
||||
|
|
@ -114,7 +114,7 @@ public class RefreshTokenTests
|
|||
tokenResult2.IsError.ShouldBeFalse();
|
||||
tokenResult2.AccessToken.ShouldNotBeNull();
|
||||
|
||||
var payload2 = JsonSerializer.Deserialize<JsonElement>(Base64Url.Decode(tokenResult2.AccessToken.Split('.')[1]));
|
||||
var payload2 = JsonSerializer.Deserialize<JsonElement>(Base64Url.DecodeFromChars(tokenResult2.AccessToken.Split('.')[1]));
|
||||
var sid2 = payload2.TryGetValue("sid").GetString();
|
||||
sid1.ShouldBe(sid2);
|
||||
}
|
||||
|
|
@ -155,7 +155,7 @@ public class RefreshTokenTests
|
|||
tokenResult1.AccessToken.ShouldNotBeNull();
|
||||
|
||||
|
||||
var payload1 = JsonSerializer.Deserialize<JsonElement>(Base64Url.Decode(tokenResult1.AccessToken.Split('.')[1]));
|
||||
var payload1 = JsonSerializer.Deserialize<JsonElement>(Base64Url.DecodeFromChars(tokenResult1.AccessToken.Split('.')[1]));
|
||||
var sid1 = payload1.TryGetValue("sid").GetString();
|
||||
sid1.ShouldBe(_mockPipeline.GetSessionCookie().Value);
|
||||
|
||||
|
|
@ -172,7 +172,7 @@ public class RefreshTokenTests
|
|||
tokenResult2.IsError.ShouldBeFalse();
|
||||
tokenResult2.AccessToken.ShouldNotBeNull();
|
||||
|
||||
var payload2 = JsonSerializer.Deserialize<JsonElement>(Base64Url.Decode(tokenResult2.AccessToken.Split('.')[1]));
|
||||
var payload2 = JsonSerializer.Deserialize<JsonElement>(Base64Url.DecodeFromChars(tokenResult2.AccessToken.Split('.')[1]));
|
||||
var sid2 = payload2.TryGetValue("sid").GetString();
|
||||
sid1.ShouldBe(sid2);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,10 +2,10 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using Duende.IdentityServer.Models;
|
||||
using Duende.IdentityServer.Services;
|
||||
|
|
@ -64,7 +64,7 @@ public class CustomClaimsServiceTests
|
|||
|
||||
var accessToken = result.AccessToken;
|
||||
var payload = accessToken.Split('.')[1];
|
||||
var json = Encoding.UTF8.GetString(Base64Url.Decode(payload));
|
||||
var json = Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload));
|
||||
var obj = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
obj["foo"].GetString().ShouldBe("foo1");
|
||||
|
|
|
|||
|
|
@ -2,11 +2,11 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Net;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityServer.Models;
|
||||
using Duende.IdentityServer.Services;
|
||||
using IntegrationTests.Common;
|
||||
|
|
@ -73,7 +73,7 @@ public class CustomProfileServiceTests
|
|||
authorization.IdentityToken.ShouldNotBeNull();
|
||||
|
||||
var payload = authorization.IdentityToken.Split('.')[1];
|
||||
var json = Encoding.UTF8.GetString(Base64Url.Decode(payload));
|
||||
var json = Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload));
|
||||
var obj = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
obj["foo"].GetString().ShouldBe("bar");
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using Duende.IdentityServer;
|
||||
using Duende.IdentityServer.Configuration;
|
||||
|
|
@ -64,7 +64,7 @@ public class CustomTokenCreationServiceTests
|
|||
|
||||
var accessToken = result.AccessToken;
|
||||
var payload = accessToken.Split('.')[1];
|
||||
var json = Encoding.UTF8.GetString(Base64Url.Decode(payload));
|
||||
var json = Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload));
|
||||
var obj = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
obj["aud"].ToStringList().ShouldContain("custom1");
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Net;
|
||||
using System.Net.Http.Headers;
|
||||
|
|
@ -212,11 +213,11 @@ public class LocalApiAuthenticationTests
|
|||
|
||||
if (!string.IsNullOrWhiteSpace(accessToken))
|
||||
{
|
||||
// ath: hash of the access token. The value MUST be the result of a base64url encoding
|
||||
// ath: hash of the access token. The value MUST be the result of a base64url encoding
|
||||
// the SHA-256 hash of the ASCII encoding of the associated access token's value.
|
||||
using var sha256 = SHA256.Create();
|
||||
var hash = sha256.ComputeHash(Encoding.ASCII.GetBytes(accessToken));
|
||||
var ath = Base64Url.Encode(hash);
|
||||
var ath = Base64Url.EncodeToString(hash);
|
||||
|
||||
payload.Add(JwtClaimTypes.DPoPAccessTokenHash, ath);
|
||||
}
|
||||
|
|
@ -293,7 +294,7 @@ public class LocalApiAuthenticationTests
|
|||
// so it should fail.
|
||||
var newKey = GenerateJwk();
|
||||
var newJwk = new Microsoft.IdentityModel.Tokens.JsonWebKey(newKey);
|
||||
var newJkt = Base64Url.Encode(newJwk.ComputeJwkThumbprint());
|
||||
var newJkt = Base64Url.EncodeToString(newJwk.ComputeJwkThumbprint());
|
||||
var proofToken = CreateProofToken("GET", "https://server/api", at, jwkString: newKey);
|
||||
req.Headers.Add("DPoP", proofToken);
|
||||
|
||||
|
|
@ -328,7 +329,7 @@ public class LocalApiAuthenticationTests
|
|||
// so it should fail.
|
||||
var newKey = GenerateJwk();
|
||||
var newJwk = new Microsoft.IdentityModel.Tokens.JsonWebKey(newKey);
|
||||
var newJkt = Base64Url.Encode(newJwk.ComputeJwkThumbprint());
|
||||
var newJkt = Base64Url.EncodeToString(newJwk.ComputeJwkThumbprint());
|
||||
var proofToken = CreateProofToken("GET", "https://server/api", at, jwkString: newKey);
|
||||
req.Headers.Add("DPoP", proofToken);
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityServer;
|
||||
using Duende.IdentityServer.Configuration;
|
||||
using Duende.IdentityServer.Services;
|
||||
|
|
@ -62,7 +62,7 @@ public class DefaultBackChannelLogoutServiceTests
|
|||
});
|
||||
|
||||
|
||||
var payload = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(Base64Url.Decode(rawToken.Split('.')[1]));
|
||||
var payload = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(Base64Url.DecodeFromChars(rawToken.Split('.')[1]));
|
||||
payload["iss"].GetString().ShouldBe(expected);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Claims;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
|
|
@ -168,7 +169,7 @@ public class DPoPProofValidatorTests
|
|||
using var sha = SHA256.Create();
|
||||
var bytes = Encoding.UTF8.GetBytes(_context.AccessToken);
|
||||
var hash = sha.ComputeHash(bytes);
|
||||
return Base64Url.Encode(hash);
|
||||
return Base64Url.EncodeToString(hash);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
|
|
@ -93,7 +94,7 @@ public class IdentityTokenValidation
|
|||
|
||||
// check that the custom aud was ignored
|
||||
var payload = jwt.Split('.')[1];
|
||||
var json = Encoding.UTF8.GetString(Base64Url.Decode(payload));
|
||||
var json = Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload));
|
||||
var values = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
values["aud"].GetString().ShouldBe("roclient");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Collections.Specialized;
|
||||
using System.Text;
|
||||
using Duende.IdentityModel;
|
||||
|
|
@ -316,7 +317,7 @@ public class TokenRequestValidation_PKCE
|
|||
{
|
||||
var codeVerifierBytes = Encoding.ASCII.GetBytes(codeVerifier);
|
||||
var hashedBytes = codeVerifierBytes.Sha256();
|
||||
var transformedCodeVerifier = Base64Url.Encode(hashedBytes);
|
||||
var transformedCodeVerifier = Base64Url.EncodeToString(hashedBytes);
|
||||
|
||||
return transformedCodeVerifier;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue