Elgato_dark/products
1
0
Fork 0
mirror of https://github.com/DuendeSoftware/products synced 2026-05-24 09:28:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make CT required in all 24 validation interfaces (Wave 29)

Browse source
This commit is contained in:
Damian Hickey 2026-02-21 08:30:20 +01:00
parent f54d124340
commit b669c9f62f
124 changed files with 586 additions and 510 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
identity-server/hosts/Shared/Customization/ExtensionGrantValidator.cs
View file

@ -8,7 +8,7 @@ namespace Duende.IdentityServer.Hosts.Shared.Customization;
public class ExtensionGrantValidator : IExtensionGrantValidator
{
public Task ValidateAsync(ExtensionGrantValidationContext context)
public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct)
{
ArgumentNullException.ThrowIfNull(context);
var credential = context.Request.Raw.Get("custom_credential");

2
identity-server/hosts/Shared/Customization/NoSubjectExtensionGrantValidator.cs
View file

@ -8,7 +8,7 @@ namespace Duende.IdentityServer.Hosts.Shared.Customization;
public class NoSubjectExtensionGrantValidator : IExtensionGrantValidator
{
public Task ValidateAsync(ExtensionGrantValidationContext context)
public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct)
{
ArgumentNullException.ThrowIfNull(context);
var credential = context.Request.Raw.Get("custom_credential");

2
identity-server/hosts/Shared/Customization/ParameterizedScopeTokenRequestValidator.cs
View file

@ -8,7 +8,7 @@ namespace Duende.IdentityServer.Hosts.Shared.Customization;
public class ParameterizedScopeTokenRequestValidator : ICustomTokenRequestValidator
{
public Task ValidateAsync(CustomTokenRequestValidationContext context)
public Task ValidateAsync(CustomTokenRequestValidationContext context, CT ct)
{
ArgumentNullException.ThrowIfNull(context);
var transaction = context.Result?.ValidatedRequest.ValidatedResources.ParsedScopes.FirstOrDefault(x => x.ParsedName == "transaction");

8
identity-server/src/AspNetIdentity/ResourceOwnerPasswordValidator.cs
View file

@ -38,12 +38,8 @@ public class ResourceOwnerPasswordValidator<TUser> : IResourceOwnerPasswordValid
_logger = logger;
}
/// <summary>
/// Validates the resource owner password credential
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public virtual async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
/// <inheritdoc/>
public virtual async Task ValidateAsync(ResourceOwnerPasswordValidationContext context, CT ct)
{
var user = await _userManager.FindByNameAsync(context.UserName);
if (user != null)

2
identity-server/src/Configuration/Endpoints/DynamicClientRegistrationEndpoint.cs
View file

@ -62,7 +62,7 @@ public class DynamicClientRegistrationEndpoint
var dcrContext = new DynamicClientRegistrationContext(request, httpContext.User);
// Validate request values
var validationResult = await _validator.ValidateAsync(dcrContext);
var validationResult = await _validator.ValidateAsync(dcrContext, httpContext.RequestAborted);
if (validationResult is DynamicClientRegistrationError validationError)
{

74
identity-server/src/Configuration/Validation/DynamicClientRegistration/DynamicClientRegistrationValidator.cs
View file

@ -27,81 +27,81 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
ILogger<DynamicClientRegistrationValidator> logger) => Logger = logger;
/// <inheritdoc/>
public async Task<IDynamicClientRegistrationValidationResult> ValidateAsync(DynamicClientRegistrationContext context)
public async Task<IDynamicClientRegistrationValidationResult> ValidateAsync(DynamicClientRegistrationContext context, CT ct)
{
var result = await ValidateSoftwareStatementAsync(context);
var result = await ValidateSoftwareStatementAsync(context, ct);
if (result is DynamicClientRegistrationError softwareStatementValidation)
{
return softwareStatementValidation;
}
result = await SetGrantTypesAsync(context);
result = await SetGrantTypesAsync(context, ct);
if (result is DynamicClientRegistrationError grantTypeValidation)
{
return grantTypeValidation;
}
result = await SetRedirectUrisAsync(context);
result = await SetRedirectUrisAsync(context, ct);
if (result is DynamicClientRegistrationError redirectUrisValidation)
{
return redirectUrisValidation;
}
result = await SetScopesAsync(context);
result = await SetScopesAsync(context, ct);
if (result is DynamicClientRegistrationError scopeValidation)
{
return scopeValidation;
}
result = await SetSecretsAsync(context);
result = await SetSecretsAsync(context, ct);
if (result is DynamicClientRegistrationError keySetValidation)
{
return keySetValidation;
}
result = await SetClientNameAsync(context);
result = await SetClientNameAsync(context, ct);
if (result is DynamicClientRegistrationError nameValidation)
{
return nameValidation;
}
result = await SetLogoutParametersAsync(context);
result = await SetLogoutParametersAsync(context, ct);
if (result is DynamicClientRegistrationError logoutValidation)
{
return logoutValidation;
}
result = await SetMaxAgeAsync(context);
result = await SetMaxAgeAsync(context, ct);
if (result is DynamicClientRegistrationError maxAgeValidation)
{
return maxAgeValidation;
}
result = await SetUserInterfaceProperties(context);
result = await SetUserInterfaceProperties(context, ct);
if (result is DynamicClientRegistrationError miscValidation)
{
return miscValidation;
}
result = await SetPublicClientProperties(context);
result = await SetPublicClientProperties(context, ct);
if (result is DynamicClientRegistrationError publicClientValidation)
{
return publicClientValidation;
}
result = await SetAccessTokenProperties(context);
result = await SetAccessTokenProperties(context, ct);
if (result is DynamicClientRegistrationError accessTokenValidation)
{
return accessTokenValidation;
}
result = await SetIdTokenProperties(context);
result = await SetIdTokenProperties(context, ct);
if (result is DynamicClientRegistrationError idTokenValidation)
{
return idTokenValidation;
}
result = await SetServerSideSessionProperties(context);
result = await SetServerSideSessionProperties(context, ct);
if (result is DynamicClientRegistrationError serverSideSessionValidation)
{
return serverSideSessionValidation;
@ -118,9 +118,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its allowed grant types set,
/// the DCR request, and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetGrantTypesAsync(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetGrantTypesAsync(DynamicClientRegistrationContext context, CT ct)
{
if (context.Request.GrantTypes.Count == 0)
{
@ -218,9 +219,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its redirect uri set, the DCR
/// request, and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetRedirectUrisAsync(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetRedirectUrisAsync(DynamicClientRegistrationContext context, CT ct)
{
if (context.Client.AllowedGrantTypes.Contains(GrantType.AuthorizationCode))
{
@ -265,13 +267,14 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its scopes set, the DCR
/// request, and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetScopesAsync(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetScopesAsync(DynamicClientRegistrationContext context, CT ct)
{
if (string.IsNullOrEmpty(context.Request.Scope))
{
return SetDefaultScopes(context);
return SetDefaultScopes(context, ct);
}
else
{
@ -299,9 +302,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its scopes set, the DCR
/// request, and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetDefaultScopes(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetDefaultScopes(DynamicClientRegistrationContext context, CT ct)
{
Logger.LogDebug("No scopes requested for dynamic client registration, and no default scope behavior implemented. To set default scopes, extend the DynamicClientRegistrationValidator and override the SetDefaultScopes method.");
return StepResult.Success();
@ -314,9 +318,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its secrets set, the DCR
/// request, and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetSecretsAsync(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetSecretsAsync(DynamicClientRegistrationContext context, CT ct)
{
if (context.Request.JwksUri is not null && context.Request.Jwks is not null)
{
@ -398,9 +403,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its name set, the DCR request,
/// and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetClientNameAsync(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetClientNameAsync(DynamicClientRegistrationContext context, CT ct)
{
context.Client.ClientName = context.Request?.ClientName;
return StepResult.Success();
@ -417,9 +423,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its logout parameters set, the
/// DCR request, and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetLogoutParametersAsync(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetLogoutParametersAsync(DynamicClientRegistrationContext context, CT ct)
{
context.Client.PostLogoutRedirectUris = context.Request.PostLogoutRedirectUris?.Select(uri => uri.ToString()).ToList() ?? new List<string>();
context.Client.FrontChannelLogoutUri = context.Request.FrontChannelLogoutUri?.AbsoluteUri;
@ -438,9 +445,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its max age set, the DCR
/// request, and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetMaxAgeAsync(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetMaxAgeAsync(DynamicClientRegistrationContext context, CT ct)
{
if (context.Request.DefaultMaxAge.HasValue)
{
@ -465,9 +473,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// <param name="context">The dynamic client registration context, which
/// includes the client model that is being built up, the DCR request, and
/// other contextual information.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> ValidateSoftwareStatementAsync(DynamicClientRegistrationContext context) => StepResult.Success();
protected virtual Task<IStepResult> ValidateSoftwareStatementAsync(DynamicClientRegistrationContext context, CT ct) => StepResult.Success();
/// <summary>
/// Validates the requested client parameters related to public clients and
@ -479,9 +488,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its public client properties
/// set, the DCR request, and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetPublicClientProperties(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetPublicClientProperties(DynamicClientRegistrationContext context, CT ct)
{
context.Client.AllowedCorsOrigins = context.Request.AllowedCorsOrigins ?? new();
if (context.Request.RequireClientSecret.HasValue)
@ -506,9 +516,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its access token properties
/// set, the DCR request, and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetAccessTokenProperties(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetAccessTokenProperties(DynamicClientRegistrationContext context, CT ct)
{
if (context.Request.AccessTokenType != null)
{
@ -540,9 +551,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its id token properties set,
/// the DCR request, and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetIdTokenProperties(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetIdTokenProperties(DynamicClientRegistrationContext context, CT ct)
{
if (context.Request.IdentityTokenLifetime.HasValue)
{
@ -567,9 +579,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// includes the client model that will have its server side session
/// properties set, the DCR request, and other contextual information.
/// </param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetServerSideSessionProperties(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetServerSideSessionProperties(DynamicClientRegistrationContext context, CT ct)
{
if (context.Request.CoordinateLifetimeWithUserSession.HasValue)
{
@ -587,11 +600,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali
/// <param name="context">The dynamic client registration context, which
/// includes the client model that will have miscellaneous properties set,
/// the DCR request, and other contextual information.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
/// <returns>A task that returns an <see cref="IStepResult"/>, which either
/// represents that this step succeeded or failed.</returns>
protected virtual Task<IStepResult> SetUserInterfaceProperties(DynamicClientRegistrationContext context)
protected virtual Task<IStepResult> SetUserInterfaceProperties(DynamicClientRegistrationContext context, CT ct)
{
// Misc Uris
context.Client.LogoUri = context.Request.LogoUri?.ToString();

3
identity-server/src/Configuration/Validation/DynamicClientRegistration/IDynamicClientRegistrationValidator.cs
View file

@ -16,8 +16,9 @@ public interface IDynamicClientRegistrationValidator
/// </summary>
/// <param name="context">Contextual information about the DCR
/// request.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task that returns an <see
/// cref="IDynamicClientRegistrationValidationResult"/>, which either
/// indicates success or failure.</returns>
Task<IDynamicClientRegistrationValidationResult> ValidateAsync(DynamicClientRegistrationContext context);
Task<IDynamicClientRegistrationValidationResult> ValidateAsync(DynamicClientRegistrationContext context, CT ct);
}

2
identity-server/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs
View file

@ -84,7 +84,7 @@ internal abstract class AuthorizeEndpointBase : IEndpointHandler
}
// validate request
var result = await _validator.ValidateAsync(parameters, user);
var result = await _validator.ValidateAsync(parameters, ct, user);
if (result.IsError)
{

2
identity-server/src/IdentityServer/Endpoints/BackchannelAuthenticationEndpoint.cs
View file

@ -70,7 +70,7 @@ internal class BackchannelAuthenticationEndpoint : IEndpointHandler
_logger.LogDebug("Start backchannel authentication request.");
// validate client
var clientResult = await _clientValidator.ValidateAsync(context);
var clientResult = await _clientValidator.ValidateAsync(context, context.RequestAborted);
if (clientResult.IsError)
{
var error = clientResult.Error ?? OidcConstants.BackchannelAuthenticationRequestErrors.InvalidClient;

4
identity-server/src/IdentityServer/Endpoints/DeviceAuthorizationEndpoint.cs
View file

@ -79,7 +79,7 @@ internal class DeviceAuthorizationEndpoint : IEndpointHandler
_logger.LogDebug("Start device authorize request.");
// validate client
var clientResult = await _clientValidator.ValidateAsync(context);
var clientResult = await _clientValidator.ValidateAsync(context, context.RequestAborted);
if (clientResult.IsError)
{
var error = clientResult.Error ?? OidcConstants.TokenErrors.InvalidClient;
@ -89,7 +89,7 @@ internal class DeviceAuthorizationEndpoint : IEndpointHandler
// validate request
var form = (await context.Request.ReadFormAsync()).AsNameValueCollection();
var requestResult = await _requestValidator.ValidateAsync(form, clientResult);
var requestResult = await _requestValidator.ValidateAsync(form, clientResult, context.RequestAborted);
if (requestResult.IsError)
{

4
identity-server/src/IdentityServer/Endpoints/IntrospectionEndpoint.cs
View file

@ -100,10 +100,10 @@ internal class IntrospectionEndpoint : IEndpointHandler
ApiResource api = null;
Client client = null;
var apiResult = await _apiSecretValidator.ValidateAsync(context);
var apiResult = await _apiSecretValidator.ValidateAsync(context, context.RequestAborted);
if (apiResult.IsError)
{
clientResult = await _clientValidator.ValidateAsync(context);
clientResult = await _clientValidator.ValidateAsync(context, context.RequestAborted);
if (clientResult.IsError)
{
_logger.LogError("Unauthorized call introspection endpoint. aborting.");

2
identity-server/src/IdentityServer/Endpoints/OAuthMetadataEndpoint.cs
View file

@ -51,7 +51,7 @@ internal class OAuthMetadataEndpoint(
}
context.Request.Path.StartsWithSegments("/.well-known/oauth-authorization-server", StringComparison.OrdinalIgnoreCase, out var issuerSubPath);
if (!await issuerPathValidator.ValidateAsync(issuerSubPath))
if (!await issuerPathValidator.ValidateAsync(issuerSubPath, context.RequestAborted))
{
logger.LogDebug("Request for OAuth discovery document contains invalid sub-path. Returning 404");
return new StatusCodeResult(HttpStatusCode.NotFound);

4
identity-server/src/IdentityServer/Endpoints/PushedAuthorizationEndpoint.cs
View file

@ -65,7 +65,7 @@ internal class PushedAuthorizationEndpoint : IEndpointHandler
}
// Authenticate Client
var client = await _clientValidator.ValidateAsync(context);
var client = await _clientValidator.ValidateAsync(context, context.RequestAborted);
if (client.IsError)
{
return CreateErrorResult(
@ -91,7 +91,7 @@ internal class PushedAuthorizationEndpoint : IEndpointHandler
}
// Perform validations specific to PAR, as well as validation of the pushed parameters
var parValidationResult = await _parValidator.ValidateAsync(validationContext);
var parValidationResult = await _parValidator.ValidateAsync(validationContext, context.RequestAborted);
if (parValidationResult.IsError)
{
return CreateErrorResult(

2
identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs
View file

@ -88,7 +88,7 @@ internal class TokenEndpoint : IEndpointHandler
_logger.LogDebug("Start token request.");
// validate client
var clientResult = await _clientValidator.ValidateAsync(context);
var clientResult = await _clientValidator.ValidateAsync(context, context.RequestAborted);
if (clientResult.IsError)
{
var errorMsg = clientResult.Error ?? OidcConstants.TokenErrors.InvalidClient;

4
identity-server/src/IdentityServer/Endpoints/TokenRevocationEndpoint.cs
View file

@ -89,7 +89,7 @@ internal class TokenRevocationEndpoint : IEndpointHandler
_logger.LogDebug("Start revocation request.");
// validate client
var clientValidationResult = await _clientValidator.ValidateAsync(context);
var clientValidationResult = await _clientValidator.ValidateAsync(context, context.RequestAborted);
if (clientValidationResult.IsError)
{
var error = clientValidationResult.Error ?? OidcConstants.TokenErrors.InvalidClient;
@ -103,7 +103,7 @@ internal class TokenRevocationEndpoint : IEndpointHandler
var form = (await context.Request.ReadFormAsync()).AsNameValueCollection();
_logger.LogTrace("Calling into token revocation request validator: {type}", _requestValidator.GetType().FullName);
var requestValidationResult = await _requestValidator.ValidateRequestAsync(form, clientValidationResult.Client);
var requestValidationResult = await _requestValidator.ValidateRequestAsync(form, clientValidationResult.Client, context.RequestAborted);
if (requestValidationResult.IsError)
{

2
identity-server/src/IdentityServer/Hosting/DynamicProviders/Store/ValidatingIdentityProviderStore.cs
View file

@ -50,7 +50,7 @@ public class ValidatingIdentityProviderStore<T> : IIdentityProviderStore
_logger.LogTrace("Calling into identity provider configuration validator: {validatorType}", _validatorType);
var context = new IdentityProviderConfigurationValidationContext(idp);
await _validator.ValidateAsync(context);
await _validator.ValidateAsync(context, ct);
if (context.IsValid)
{

2
identity-server/src/IdentityServer/Hosting/LocalApiAuthentication/LocalApiAuthenticationHandler.cs
View file

@ -131,7 +131,7 @@ public class LocalApiAuthenticationHandler : AuthenticationHandler<LocalApiAuthe
ClientClockSkew = client.DPoPClockSkew,
};
var dpopResult = await _dpopValidator.ValidateAsync(validationContext);
var dpopResult = await _dpopValidator.ValidateAsync(validationContext, Context.RequestAborted);
if (dpopResult.IsError)
{
// we need to stash these values away so they are available later when the Challenge method is called later

2
identity-server/src/IdentityServer/Services/Default/OidcReturnUrlParser.cs
View file

@ -53,7 +53,7 @@ internal class OidcReturnUrlParser : IReturnUrlParser
}
var user = await _userSession.GetUserAsync(ct);
var result = await _validator.ValidateAsync(parameters, user);
var result = await _validator.ValidateAsync(parameters, ct, user);
if (!result.IsError)
{
_logger.LogTrace("AuthorizationRequest being returned");

4
identity-server/src/IdentityServer/Stores/ValidatingClientStore.cs
View file

@ -59,7 +59,7 @@ public class ValidatingClientStore<T> : IClientStore
_logger.LogTrace("Calling into client configuration validator: {validatorType}", _validatorType);
var context = new ClientConfigurationValidationContext(client);
await _validator.ValidateAsync(context);
await _validator.ValidateAsync(context, ct);
if (context.IsValid)
{
@ -88,7 +88,7 @@ public class ValidatingClientStore<T> : IClientStore
{
_logger.LogTrace("Calling into client configuration validator: {validatorType}", _validatorType);
var context = new ClientConfigurationValidationContext(client);
await _validator.ValidateAsync(context);
await _validator.ValidateAsync(context, ct);
if (context.IsValid)
{
_logger.LogDebug("client configuration validation for client {clientId} succeeded.", client.ClientId);

2
identity-server/src/IdentityServer/Test/TestBackchannelLoginUserValidator.cs
View file

@ -22,7 +22,7 @@ public class TestBackchannelLoginUserValidator : IBackchannelAuthenticationUserV
public TestBackchannelLoginUserValidator(TestUserStore testUserStore) => _testUserStore = testUserStore;
/// <inheritdoc/>
public Task<BackchannelAuthenticationUserValidationResult> ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext)
public Task<BackchannelAuthenticationUserValidationResult> ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext, CT ct)
{
var result = new BackchannelAuthenticationUserValidationResult();

8
identity-server/src/IdentityServer/Test/TestUserResourceOwnerPasswordValidator.cs
View file

@ -27,12 +27,8 @@ public class TestUserResourceOwnerPasswordValidator : IResourceOwnerPasswordVali
_timeProvider = timeProvider;
}
/// <summary>
/// Validates the resource owner password credential
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
/// <inheritdoc/>
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context, CT ct)
{
if (_users.ValidateCredentials(context.UserName, context.Password))
{

22
identity-server/src/IdentityServer/Validation/Default/ApiSecretValidator.cs
View file

@ -42,8 +42,10 @@ public class ApiSecretValidator : IApiSecretValidator
/// Validates the secret on the current request.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
public async Task<ApiSecretValidationResult> ValidateAsync(HttpContext context)
/// <inheritdoc/>
public async Task<ApiSecretValidationResult> ValidateAsync(HttpContext context, CT ct)
{
using var activity = Tracing.ValidationActivitySource.StartActivity("ApiSecretValidator.Validate");
@ -54,20 +56,20 @@ public class ApiSecretValidator : IApiSecretValidator
IsError = true
};
var parsedSecret = await _parser.ParseAsync(context);
var parsedSecret = await _parser.ParseAsync(context, ct);
if (parsedSecret == null)
{
await RaiseFailureEventAsync("unknown", "No API id or secret found", context.RequestAborted);
await RaiseFailureEventAsync("unknown", "No API id or secret found", ct);
_logger.LogError("No API secret found");
return fail;
}
// load API resource
var apis = await _resources.FindApiResourcesByNameAsync(new[] { parsedSecret.Id }, context.RequestAborted);
var apis = await _resources.FindApiResourcesByNameAsync(new[] { parsedSecret.Id }, ct);
if (apis == null || !apis.Any())
{
await RaiseFailureEventAsync(parsedSecret.Id, "Unknown API resource", context.RequestAborted);
await RaiseFailureEventAsync(parsedSecret.Id, "Unknown API resource", ct);
_logger.LogError("No API resource with that name found. aborting");
return fail;
@ -75,7 +77,7 @@ public class ApiSecretValidator : IApiSecretValidator
if (apis.Count() > 1)
{
await RaiseFailureEventAsync(parsedSecret.Id, "Invalid API resource", context.RequestAborted);
await RaiseFailureEventAsync(parsedSecret.Id, "Invalid API resource", ct);
_logger.LogError("More than one API resource with that name found. aborting");
return fail;
@ -85,13 +87,13 @@ public class ApiSecretValidator : IApiSecretValidator
if (api.Enabled == false)
{
await RaiseFailureEventAsync(parsedSecret.Id, "API resource not enabled", context.RequestAborted);
await RaiseFailureEventAsync(parsedSecret.Id, "API resource not enabled", ct);
_logger.LogError("API resource not enabled. aborting.");
return fail;
}
var result = await _validator.ValidateAsync(api.ApiSecrets, parsedSecret);
var result = await _validator.ValidateAsync(api.ApiSecrets, parsedSecret, ct);
if (result.Success)
{
_logger.LogDebug("API resource validation success");
@ -102,11 +104,11 @@ public class ApiSecretValidator : IApiSecretValidator
Resource = api
};
await RaiseSuccessEventAsync(api.Name, parsedSecret.Type, context.RequestAborted);
await RaiseSuccessEventAsync(api.Name, parsedSecret.Type, ct);
return success;
}
await RaiseFailureEventAsync(api.Name, "Invalid API secret", context.RequestAborted);
await RaiseFailureEventAsync(api.Name, "Invalid API secret", ct);
_logger.LogError("API validation failed.");
return fail;

56
identity-server/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs
View file

@ -1,6 +1,7 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
#nullable enable
using System.Collections.Specialized;
using System.Security.Claims;
@ -36,8 +37,6 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
private readonly ResponseTypeEqualityComparer
_responseTypeEqualityComparer = new ResponseTypeEqualityComparer();
private CT _ct;
public AuthorizeRequestValidator(
IdentityServerOptions options,
@ -69,19 +68,18 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
public async Task<AuthorizeRequestValidationResult> ValidateAsync(
NameValueCollection parameters,
ClaimsPrincipal subject = null,
CT ct,
ClaimsPrincipal? subject = null,
AuthorizeRequestType authorizeRequestType = AuthorizeRequestType.Authorize)
{
using var activity = Tracing.BasicActivitySource.StartActivity("AuthorizeRequestValidator.Validate");
_ct = CT.None;
_sanitizedLogger.LogDebug("Start authorize request protocol validation");
var request = new ValidatedAuthorizeRequest
{
Options = _options,
IssuerName = await _issuerNameService.GetCurrentAsync(default),
IssuerName = await _issuerNameService.GetCurrentAsync(ct),
Subject = subject ?? Principal.Anonymous,
Raw = parameters ?? throw new ArgumentNullException(nameof(parameters)),
AuthorizeRequestType = authorizeRequestType
@ -96,21 +94,21 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
// load client_id
// client_id must always be present on the request
var loadClientResult = await LoadClientAsync(request);
var loadClientResult = await LoadClientAsync(request, ct);
if (loadClientResult.IsError)
{
return loadClientResult;
}
// load request object
var roLoadResult = await _requestObjectValidator.LoadRequestObjectAsync(request, _ct);
var roLoadResult = await _requestObjectValidator.LoadRequestObjectAsync(request, ct);
if (roLoadResult.IsError)
{
return roLoadResult;
}
// validate request object
var roValidationResult = await _requestObjectValidator.ValidateRequestObjectAsync(request, _ct);
var roValidationResult = await _requestObjectValidator.ValidateRequestObjectAsync(request, ct);
if (roValidationResult.IsError)
{
return roValidationResult;
@ -124,7 +122,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
}
// validate client_id and redirect_uri
var clientResult = await ValidateClientAsync(request);
var clientResult = await ValidateClientAsync(request, ct);
if (clientResult.IsError)
{
return clientResult;
@ -138,14 +136,14 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
}
// scope, scope restrictions and plausibility, and resource indicators
var scopeResult = await ValidateScopeAndResourceAsync(request);
var scopeResult = await ValidateScopeAndResourceAsync(request, ct);
if (scopeResult.IsError)
{
return scopeResult;
}
// nonce, prompt, acr_values, login_hint etc.
var optionalResult = await ValidateOptionalParametersAsync(request);
var optionalResult = await ValidateOptionalParametersAsync(request, ct);
if (optionalResult.IsError)
{
return optionalResult;
@ -157,13 +155,13 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
{
Result = new AuthorizeRequestValidationResult(request)
};
await _customValidator.ValidateAsync(context);
await _customValidator.ValidateAsync(context, ct);
var customResult = context.Result;
if (customResult.IsError)
{
LogError("Error in custom validation", customResult.Error, request);
return Invalid(request, customResult.Error, customResult.ErrorDescription);
return Invalid(request, customResult.Error ?? OidcConstants.AuthorizeErrors.InvalidRequest, customResult.ErrorDescription);
}
_sanitizedLogger.LogTrace("Authorize request protocol validation successful");
@ -198,7 +196,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
return Valid(request);
}
private async Task<AuthorizeRequestValidationResult> LoadClientAsync(ValidatedAuthorizeRequest request)
private async Task<AuthorizeRequestValidationResult> LoadClientAsync(ValidatedAuthorizeRequest request, CT ct)
{
//////////////////////////////////////////////////////////
// client_id must be present
@ -211,12 +209,12 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
return Invalid(request, description: "Invalid client_id");
}
request.ClientId = clientId;
request.ClientId = clientId!;
//////////////////////////////////////////////////////////
// check for valid client
//////////////////////////////////////////////////////////
var client = await _clients.FindEnabledClientByIdAsync(request.ClientId, _ct);
var client = await _clients.FindEnabledClientByIdAsync(request.ClientId, ct);
if (client == null)
{
LogError("Unknown client or not enabled", request.ClientId, request);
@ -228,7 +226,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
return Valid(request);
}
private async Task<AuthorizeRequestValidationResult> ValidateClientAsync(ValidatedAuthorizeRequest request)
private async Task<AuthorizeRequestValidationResult> ValidateClientAsync(ValidatedAuthorizeRequest request, CT ct)
{
//////////////////////////////////////////////////////////
// check request object requirement
@ -252,7 +250,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
return Invalid(request, description: "Invalid redirect_uri");
}
if (!redirectUri.IsUri())
if (!redirectUri!.IsUri())
{
LogError("malformed redirect_uri", redirectUri, request);
return Invalid(request, description: "Invalid redirect_uri");
@ -270,14 +268,14 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
//////////////////////////////////////////////////////////
// check if redirect_uri is valid
//////////////////////////////////////////////////////////
var uriContext = new RedirectUriValidationContext(redirectUri, request);
if (await _uriValidator.IsRedirectUriValidAsync(uriContext) == false)
var uriContext = new RedirectUriValidationContext(redirectUri!, request);
if (await _uriValidator.IsRedirectUriValidAsync(uriContext, ct) == false)
{
LogError("Invalid redirect_uri", redirectUri, request);
return Invalid(request, OidcConstants.AuthorizeErrors.InvalidRequest, "Invalid redirect_uri");
}
request.RedirectUri = redirectUri;
request.RedirectUri = redirectUri!;
return Valid(request);
}
@ -477,7 +475,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
return Valid(request);
}
private async Task<AuthorizeRequestValidationResult> ValidateScopeAndResourceAsync(ValidatedAuthorizeRequest request)
private async Task<AuthorizeRequestValidationResult> ValidateScopeAndResourceAsync(ValidatedAuthorizeRequest request, CT ct)
{
//////////////////////////////////////////////////////////
// scope must be present
@ -551,7 +549,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
Client = request.Client,
Scopes = request.RequestedScopes,
ResourceIndicators = resourceIndicators,
}, default);
}, ct);
if (!validatedResources.Succeeded)
{
@ -566,7 +564,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
}
}
_licenseUsage.ResourceIndicatorsUsed(resourceIndicators);
_licenseUsage.ResourceIndicatorsUsed(resourceIndicators!);
IdentityServerLicenseValidator.Instance.ValidateResourceIndicators(resourceIndicators);
if (validatedResources.Resources.IdentityResources.Count > 0 && !request.IsOpenIdRequest)
@ -619,7 +617,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
return Valid(request);
}
private async Task<AuthorizeRequestValidationResult> ValidateOptionalParametersAsync(ValidatedAuthorizeRequest request)
private async Task<AuthorizeRequestValidationResult> ValidateOptionalParametersAsync(ValidatedAuthorizeRequest request, CT ct)
{
//////////////////////////////////////////////////////////
// check nonce
@ -800,7 +798,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
//////////////////////////////////////////////////////////
if (request.Subject.IsAuthenticated())
{
var sessionId = await _userSession.GetSessionIdAsync(default);
var sessionId = await _userSession.GetSessionIdAsync(ct);
if (sessionId.IsPresent())
{
request.SessionId = sessionId;
@ -844,7 +842,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
return true;
}
private static AuthorizeRequestValidationResult Invalid(ValidatedAuthorizeRequest request, string error = OidcConstants.AuthorizeErrors.InvalidRequest, string description = null) => new AuthorizeRequestValidationResult(request, error, description);
private static AuthorizeRequestValidationResult Invalid(ValidatedAuthorizeRequest request, string error = OidcConstants.AuthorizeErrors.InvalidRequest, string? description = null) => new AuthorizeRequestValidationResult(request, error, description);
private static AuthorizeRequestValidationResult Valid(ValidatedAuthorizeRequest request) => new AuthorizeRequestValidationResult(request);
@ -854,7 +852,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator
_sanitizedLogger.LogError(message + "\n{@requestDetails}", requestDetails);
}
private void LogError(string message, string detail, ValidatedAuthorizeRequest request)
private void LogError(string message, string? detail, ValidatedAuthorizeRequest request)
{
var requestDetails = new AuthorizeRequestValidationLog(request, _options.Logging.AuthorizeRequestSensitiveValuesFilter);
_sanitizedLogger.LogError(message + ": {detail}\n{@requestDetails}", detail, requestDetails);

12
identity-server/src/IdentityServer/Validation/Default/BackchannelAuthenticationRequestValidator.cs
View file

@ -94,7 +94,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic
//////////////////////////////////////////////////////////
// validate request object
//////////////////////////////////////////////////////////
var roValidationResult = await TryValidateRequestObjectAsync();
var roValidationResult = await TryValidateRequestObjectAsync(ct);
if (!roValidationResult.Success)
{
return roValidationResult.ErrorResult;
@ -165,7 +165,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic
Client = _validatedRequest.Client,
Scopes = _validatedRequest.RequestedScopes,
ResourceIndicators = resourceIndicators,
}, default);
}, ct);
if (!validatedResources.Succeeded)
{
@ -391,7 +391,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic
IdTokenHintClaims = _validatedRequest.IdTokenHintClaims,
UserCode = _validatedRequest.UserCode,
BindingMessage = _validatedRequest.BindingMessage
});
}, ct);
if (userResult.IsError)
{
@ -440,7 +440,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic
var result = new BackchannelAuthenticationRequestValidationResult(_validatedRequest);
var customValidationContext = new CustomBackchannelAuthenticationRequestValidationContext(result);
await _customValidator.ValidateAsync(customValidationContext);
await _customValidator.ValidateAsync(customValidationContext, ct);
if (customValidationContext.ValidationResult.IsError)
{
LogError("Custom validation of backchannel authorize request failed");
@ -451,7 +451,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic
return result;
}
private async Task<(bool Success, BackchannelAuthenticationRequestValidationResult ErrorResult)> TryValidateRequestObjectAsync()
private async Task<(bool Success, BackchannelAuthenticationRequestValidationResult ErrorResult)> TryValidateRequestObjectAsync(CT ct)
{
//////////////////////////////////////////////////////////
// validate request object
@ -465,7 +465,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic
JwtTokenString = _validatedRequest.RequestObject,
StrictJarValidation = false,
IncludeJti = true
});
}, ct);
if (jwtRequestValidationResult.IsError)
{
LogError("request JWT validation failure", jwtRequestValidationResult.Error);

3
identity-server/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs
View file

@ -45,7 +45,8 @@ public class BasicAuthenticationSecretParser : ISecretParser
/// <returns>
/// A parsed secret
/// </returns>
public Task<ParsedSecret> ParseAsync(HttpContext context)
/// <inheritdoc/>
public Task<ParsedSecret> ParseAsync(HttpContext context, CT ct)
{
_logger.LogDebug("Start parsing Basic Authentication secret");

22
identity-server/src/IdentityServer/Validation/Default/ClientSecretValidator.cs
View file

@ -39,12 +39,8 @@ public class ClientSecretValidator : IClientSecretValidator
_logger = logger;
}
/// <summary>
/// Validates the current request.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public async Task<ClientSecretValidationResult> ValidateAsync(HttpContext context)
/// <inheritdoc/>
public async Task<ClientSecretValidationResult> ValidateAsync(HttpContext context, CT ct)
{
using var activity = Tracing.ValidationActivitySource.StartActivity("ClientSecretValidator.Validate");
@ -56,10 +52,10 @@ public class ClientSecretValidator : IClientSecretValidator
Error = IdentityModel.OidcConstants.TokenErrors.InvalidClient
};
var parsedSecret = await _parser.ParseAsync(context);
var parsedSecret = await _parser.ParseAsync(context, ct);
if (parsedSecret == null)
{
await RaiseFailureEventAsync("unknown", "No client id found", context.RequestAborted);
await RaiseFailureEventAsync("unknown", "No client id found", ct);
_logger.LogError("No client identifier found");
@ -68,10 +64,10 @@ public class ClientSecretValidator : IClientSecretValidator
}
// load client
var client = await _clients.FindEnabledClientByIdAsync(parsedSecret.Id, context.RequestAborted);
var client = await _clients.FindEnabledClientByIdAsync(parsedSecret.Id, ct);
if (client == null)
{
await RaiseFailureEventAsync(parsedSecret.Id, "Unknown client", context.RequestAborted);
await RaiseFailureEventAsync(parsedSecret.Id, "Unknown client", ct);
_logger.LogError("No client with id '{clientId}' found. aborting", parsedSecret.Id);
return fail;
@ -84,10 +80,10 @@ public class ClientSecretValidator : IClientSecretValidator
}
else
{
secretValidationResult = await _validator.ValidateAsync(client.ClientSecrets, parsedSecret);
secretValidationResult = await _validator.ValidateAsync(client.ClientSecrets, parsedSecret, ct);
if (secretValidationResult.Success == false)
{
await RaiseFailureEventAsync(client.ClientId, "Invalid client secret", context.RequestAborted);
await RaiseFailureEventAsync(client.ClientId, "Invalid client secret", ct);
_logger.LogError("Client secret validation failed for client: {clientId}.", client.ClientId);
return fail;
@ -104,7 +100,7 @@ public class ClientSecretValidator : IClientSecretValidator
Confirmation = secretValidationResult?.Confirmation
};
await RaiseSuccessEventAsync(client.ClientId, parsedSecret.Type, context.RequestAborted);
await RaiseSuccessEventAsync(client.ClientId, parsedSecret.Type, ct);
return success;
}

3
identity-server/src/IdentityServer/Validation/Default/DefaultClientConfigurationValidator.cs
View file

@ -25,8 +25,9 @@ public class DefaultClientConfigurationValidator : IClientConfigurationValidator
/// Determines whether the configuration of a client is valid.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
public async Task ValidateAsync(ClientConfigurationValidationContext context)
public async Task ValidateAsync(ClientConfigurationValidationContext context, CT ct)
{
using var activity = Tracing.ValidationActivitySource.StartActivity("DefaultClientConfigurationValidator.Validate");

4
identity-server/src/IdentityServer/Validation/Default/DefaultCustomAuthorizeRequestValidator.cs
View file

@ -13,5 +13,7 @@ internal class DefaultCustomAuthorizeRequestValidator : ICustomAuthorizeRequestV
/// Custom validation logic for the authorize request.
/// </summary>
/// <param name="context">The context.</param>
public Task ValidateAsync(CustomAuthorizeRequestValidationContext context) => Task.CompletedTask;
/// <param name="ct">The cancellation token.</param>
/// <inheritdoc/>
public Task ValidateAsync(CustomAuthorizeRequestValidationContext context, CT ct) => Task.CompletedTask;
}

3
identity-server/src/IdentityServer/Validation/Default/DefaultCustomBackchannelAuthenticationValidator.cs
View file

@ -11,5 +11,6 @@ namespace Duende.IdentityServer.Validation;
public class DefaultCustomBackchannelAuthenticationValidator : ICustomBackchannelAuthenticationValidator
{
/// <inheritdoc/>
public Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext) => Task.CompletedTask;
/// <inheritdoc/>
public Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext, CT ct) => Task.CompletedTask;
}

4
identity-server/src/IdentityServer/Validation/Default/DefaultCustomTokenRequestValidator.cs
View file

@ -13,8 +13,10 @@ internal class DefaultCustomTokenRequestValidator : ICustomTokenRequestValidator
/// Custom validation logic for a token request.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// The validation result
/// </returns>
public Task ValidateAsync(CustomTokenRequestValidationContext context) => Task.CompletedTask;
/// <inheritdoc/>
public Task ValidateAsync(CustomTokenRequestValidationContext context, CT ct) => Task.CompletedTask;
}

14
identity-server/src/IdentityServer/Validation/Default/DefaultCustomTokenValidator.cs
View file

@ -32,17 +32,13 @@ public class DefaultCustomTokenValidator : ICustomTokenValidator
/// Custom validation logic for access tokens.
/// </summary>
/// <param name="result">The validation result so far.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// The validation result
/// </returns>
public virtual Task<TokenValidationResult> ValidateAccessTokenAsync(TokenValidationResult result) => Task.FromResult(result);
/// <inheritdoc/>
public virtual Task<TokenValidationResult> ValidateAccessTokenAsync(TokenValidationResult result, CT ct) => Task.FromResult(result);
/// <summary>
/// Custom validation logic for identity tokens.
/// </summary>
/// <param name="result">The validation result so far.</param>
/// <returns>
/// The validation result
/// </returns>
public virtual Task<TokenValidationResult> ValidateIdentityTokenAsync(TokenValidationResult result) => Task.FromResult(result);
/// <inheritdoc/>
public virtual Task<TokenValidationResult> ValidateIdentityTokenAsync(TokenValidationResult result, CT ct) => Task.FromResult(result);
}

14
identity-server/src/IdentityServer/Validation/Default/DefaultDPoPProofValidator.cs
View file

@ -69,7 +69,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator
}
/// <inheritdoc/>
public async Task<DPoPProofValidatonResult> ValidateAsync(DPoPProofValidatonContext context)
public async Task<DPoPProofValidatonResult> ValidateAsync(DPoPProofValidatonContext context, CT ct)
{
var result = new DPoPProofValidatonResult() { IsError = false };
@ -96,7 +96,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator
return result;
}
await ValidatePayloadAsync(context, result);
await ValidatePayloadAsync(context, result, ct);
if (result.IsError)
{
Logger.LogDebug("Failed to validate DPoP payload");
@ -284,7 +284,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator
/// <summary>
/// Validates the payload.
/// </summary>
protected virtual async Task ValidatePayloadAsync(DPoPProofValidatonContext context, DPoPProofValidatonResult result)
protected virtual async Task ValidatePayloadAsync(DPoPProofValidatonContext context, DPoPProofValidatonResult result, CT ct)
{
if (context.ValidateAccessToken)
{
@ -370,7 +370,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator
}
// we do replay at the end so we only add to the reply cache if everything else is ok
await ValidateReplayAsync(context, result);
await ValidateReplayAsync(context, result, ct);
if (result.IsError)
{
result.ErrorDescription = "Detected replay of DPoP proof token.";
@ -381,9 +381,9 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator
/// <summary>
/// Validates is the token has been replayed.
/// </summary>
protected virtual async Task ValidateReplayAsync(DPoPProofValidatonContext context, DPoPProofValidatonResult result)
protected virtual async Task ValidateReplayAsync(DPoPProofValidatonContext context, DPoPProofValidatonResult result, CT ct)
{
if (await ReplayCache.ExistsAsync(ReplayCachePurpose, result.TokenId, default))
if (await ReplayCache.ExistsAsync(ReplayCachePurpose, result.TokenId, ct))
{
Logger.LogDebug("Detected DPoP proof token replay for jti {jti}", result.TokenId);
result.IsError = true;
@ -410,7 +410,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator
Logger.LogDebug("Adding proof token with jti {jti} to replay cache for duration {cacheDuration}", result.TokenId, cacheDuration);
await ReplayCache.AddAsync(ReplayCachePurpose, result.TokenId, TimeProvider.GetUtcNow().Add(cacheDuration), default);
await ReplayCache.AddAsync(ReplayCachePurpose, result.TokenId, TimeProvider.GetUtcNow().Add(cacheDuration), ct);
}
/// <summary>

2
identity-server/src/IdentityServer/Validation/Default/DefaultIdentityProviderConfigurationValidator.cs
View file

@ -21,7 +21,7 @@ public class DefaultIdentityProviderConfigurationValidator : IIdentityProviderCo
public DefaultIdentityProviderConfigurationValidator(IdentityServerOptions options) => _options = options;
/// <inheritdoc/>
public virtual async Task ValidateAsync(IdentityProviderConfigurationValidationContext context)
public virtual async Task ValidateAsync(IdentityProviderConfigurationValidationContext context, CT ct)
{
using var activity = Tracing.ValidationActivitySource.StartActivity("DefaultIdentityProviderConfigurationValidator.Validate");

4
identity-server/src/IdentityServer/Validation/Default/DefaultIssuerPathValidator.cs
View file

@ -9,7 +9,7 @@ namespace Duende.IdentityServer.Validation;
public class DefaultIssuerPathValidator(IIssuerNameService issuerNameService, ILogger<DefaultIssuerPathValidator> logger) : IIssuerPathValidator
{
public async Task<bool> ValidateAsync(string path)
public async Task<bool> ValidateAsync(string path, CT ct)
{
//if there is no path, this is fine since the default issuer is probably being used
if (path.IsMissing())
@ -18,7 +18,7 @@ public class DefaultIssuerPathValidator(IIssuerNameService issuerNameService, IL
}
//if there is a path, then we should be matching against an explicitly configured issuer
var currentIssuer = await issuerNameService.GetCurrentAsync(default);
var currentIssuer = await issuerNameService.GetCurrentAsync(ct);
if (!Uri.TryCreate(currentIssuer, UriKind.Absolute, out var uri))
{
logger.LogDebug("Current issuer is not a valid absolute URI: {Issuer}", currentIssuer.SanitizeLogParameter());

8
identity-server/src/IdentityServer/Validation/Default/DeviceAuthorizationRequestValidator.cs
View file

@ -28,7 +28,7 @@ internal class DeviceAuthorizationRequestValidator : IDeviceAuthorizationRequest
_logger = logger;
}
public async Task<DeviceAuthorizationRequestValidationResult> ValidateAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult)
public async Task<DeviceAuthorizationRequestValidationResult> ValidateAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult, CT ct)
{
using var activity = Tracing.BasicActivitySource.StartActivity("DeviceAuthorizationRequestValidator.Validate");
@ -46,7 +46,7 @@ internal class DeviceAuthorizationRequestValidator : IDeviceAuthorizationRequest
return clientResult;
}
var scopeResult = await ValidateScopeAsync(request);
var scopeResult = await ValidateScopeAsync(request, ct);
if (scopeResult.IsError)
{
return scopeResult;
@ -101,7 +101,7 @@ internal class DeviceAuthorizationRequestValidator : IDeviceAuthorizationRequest
return Valid(request);
}
private async Task<DeviceAuthorizationRequestValidationResult> ValidateScopeAsync(ValidatedDeviceAuthorizationRequest request)
private async Task<DeviceAuthorizationRequestValidationResult> ValidateScopeAsync(ValidatedDeviceAuthorizationRequest request, CT ct)
{
//////////////////////////////////////////////////////////
// scope must be present
@ -148,7 +148,7 @@ internal class DeviceAuthorizationRequestValidator : IDeviceAuthorizationRequest
{
Client = request.Client,
Scopes = request.RequestedScopes
}, default);
}, ct);
if (!validatedResources.Succeeded)
{

2
identity-server/src/IdentityServer/Validation/Default/EndSessionRequestValidator.cs
View file

@ -145,7 +145,7 @@ public class EndSessionRequestValidator : IEndSessionRequestValidator
var redirectUri = parameters.Get(OidcConstants.EndSessionRequest.PostLogoutRedirectUri);
if (redirectUri.IsPresent())
{
if (await UriValidator.IsPostLogoutRedirectUriValidAsync(redirectUri, validatedRequest.Client))
if (await UriValidator.IsPostLogoutRedirectUriValidAsync(redirectUri, validatedRequest.Client, ct))
{
validatedRequest.PostLogOutUri = redirectUri;
}

5
identity-server/src/IdentityServer/Validation/Default/ExtensionGrantValidator.cs
View file

@ -44,8 +44,9 @@ public class ExtensionGrantValidator
/// Validates the request.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
public async Task<GrantValidationResult> ValidateAsync(ValidatedTokenRequest request)
public async Task<GrantValidationResult> ValidateAsync(ValidatedTokenRequest request, CT ct)
{
var validator = _validators.FirstOrDefault(v => v.GrantType.Equals(request.GrantType, StringComparison.Ordinal));
@ -64,7 +65,7 @@ public class ExtensionGrantValidator
Request = request
};
await validator.ValidateAsync(context);
await validator.ValidateAsync(context, ct);
return context.Result;
}
catch (Exception e)

4
identity-server/src/IdentityServer/Validation/Default/HashedSharedSecretValidator.cs
View file

@ -27,11 +27,13 @@ public class HashedSharedSecretValidator : ISecretValidator
/// </summary>
/// <param name="secrets">The stored secrets.</param>
/// <param name="parsedSecret">The received secret.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// A validation result
/// </returns>
/// <exception cref="System.ArgumentNullException">Id or credential</exception>
public Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret)
/// <inheritdoc/>
public Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret, CT ct)
{
var fail = Task.FromResult(new SecretValidationResult { Success = false });
var success = Task.FromResult(new SecretValidationResult { Success = true });

6
identity-server/src/IdentityServer/Validation/Default/JwtBearerClientAssertionSecretParser.cs
View file

@ -44,10 +44,12 @@ public class JwtBearerClientAssertionSecretParser : ISecretParser
/// Used for "private_key_jwt" client authentication method as defined in http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
/// </summary>
/// <param name="context">The HTTP context</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// A parsed secret
/// </returns>
public async Task<ParsedSecret> ParseAsync(HttpContext context)
/// <inheritdoc/>
public async Task<ParsedSecret> ParseAsync(HttpContext context, CT ct)
{
_logger.LogDebug("Start parsing for JWT client assertion in post body");
@ -57,7 +59,7 @@ public class JwtBearerClientAssertionSecretParser : ISecretParser
return null;
}
var body = await context.Request.ReadFormAsync();
var body = await context.Request.ReadFormAsync(ct);
if (body != null)
{

12
identity-server/src/IdentityServer/Validation/Default/JwtRequestValidator.cs
View file

@ -29,14 +29,14 @@ public class JwtRequestValidator : IJwtRequestValidator
/// <summary>
/// The audience URI to use
/// </summary>
protected async Task<string> GetAudienceUri()
protected async Task<string> GetAudienceUri(CT ct)
{
if (_audienceUri.IsPresent())
{
return _audienceUri;
}
return await IssuerNameService.GetCurrentAsync(default);
return await IssuerNameService.GetCurrentAsync(ct);
}
/// <summary>
@ -82,7 +82,7 @@ public class JwtRequestValidator : IJwtRequestValidator
}
/// <inheritdoc/>
public virtual async Task<JwtRequestValidationResult> ValidateAsync(JwtRequestValidationContext context)
public virtual async Task<JwtRequestValidationResult> ValidateAsync(JwtRequestValidationContext context, CT ct)
{
using var activity = Tracing.BasicActivitySource.StartActivity("JwtRequestValidator.Validate");
@ -119,7 +119,7 @@ public class JwtRequestValidator : IJwtRequestValidator
JsonWebToken jwtSecurityToken;
try
{
jwtSecurityToken = await ValidateJwtAsync(context, trustedKeys);
jwtSecurityToken = await ValidateJwtAsync(context, trustedKeys, ct);
}
catch (Exception e)
{
@ -156,7 +156,7 @@ public class JwtRequestValidator : IJwtRequestValidator
/// <summary>
/// Validates the JWT token
/// </summary>
protected virtual async Task<JsonWebToken> ValidateJwtAsync(JwtRequestValidationContext context, IEnumerable<SecurityKey> keys)
protected virtual async Task<JsonWebToken> ValidateJwtAsync(JwtRequestValidationContext context, IEnumerable<SecurityKey> keys, CT ct)
{
var tokenValidationParameters = new TokenValidationParameters
{
@ -166,7 +166,7 @@ public class JwtRequestValidator : IJwtRequestValidator
ValidIssuer = context.Client.ClientId,
ValidateIssuer = true,
ValidAudience = await GetAudienceUri(),
ValidAudience = await GetAudienceUri(ct),
ValidateAudience = true,
RequireSignedTokens = true,

8
identity-server/src/IdentityServer/Validation/Default/MutualTlsSecretParser.cs
View file

@ -38,8 +38,10 @@ public class MutualTlsSecretParser : ISecretParser
/// Parses the HTTP context
/// </summary>
/// <param name="context"></param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
public async Task<ParsedSecret> ParseAsync(HttpContext context)
/// <inheritdoc/>
public async Task<ParsedSecret> ParseAsync(HttpContext context, CT ct)
{
_logger.LogDebug("Start parsing for client id in post body");
@ -49,7 +51,7 @@ public class MutualTlsSecretParser : ISecretParser
return null;
}
var body = await context.Request.ReadFormAsync();
var body = await context.Request.ReadFormAsync(ct);
if (body != null)
{
@ -64,7 +66,7 @@ public class MutualTlsSecretParser : ISecretParser
return null;
}
var clientCertificate = await context.Connection.GetClientCertificateAsync();
var clientCertificate = await context.Connection.GetClientCertificateAsync(ct);
if (clientCertificate is null)
{

2
identity-server/src/IdentityServer/Validation/Default/NopBackchannelAuthenticationUserValidator.cs
View file

@ -12,7 +12,7 @@ namespace Duende.IdentityServer.Validation;
public class NopBackchannelAuthenticationUserValidator : IBackchannelAuthenticationUserValidator
{
/// <inheritdoc/>
public Task<BackchannelAuthenticationUserValidationResult> ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext)
public Task<BackchannelAuthenticationUserValidationResult> ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext, CT ct)
{
var result = new BackchannelAuthenticationUserValidationResult
{

4
identity-server/src/IdentityServer/Validation/Default/NopClientConfigurationValidator.cs
View file

@ -14,8 +14,10 @@ public class NopClientConfigurationValidator : IClientConfigurationValidator
/// Determines whether the configuration of a client is valid.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
public Task ValidateAsync(ClientConfigurationValidationContext context)
/// <inheritdoc/>
public Task ValidateAsync(ClientConfigurationValidationContext context, CT ct)
{
context.IsValid = true;
return Task.CompletedTask;

4
identity-server/src/IdentityServer/Validation/Default/NotSupportedResouceOwnerCredentialValidator.cs
View file

@ -25,8 +25,10 @@ public class NotSupportedResourceOwnerPasswordValidator : IResourceOwnerPassword
/// Validates the resource owner password credential
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
/// <inheritdoc/>
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context, CT ct)
{
context.Result = new GrantValidationResult(TokenRequestErrors.UnsupportedGrantType);

4
identity-server/src/IdentityServer/Validation/Default/PlainTextSharedSecretValidator.cs
View file

@ -27,11 +27,13 @@ public class PlainTextSharedSecretValidator : ISecretValidator
/// </summary>
/// <param name="secrets">The stored secrets.</param>
/// <param name="parsedSecret">The received secret.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// A validation result
/// </returns>
/// <exception cref="System.ArgumentException">id or credential is missing.</exception>
public Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret)
/// <inheritdoc/>
public Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret, CT ct)
{
var fail = Task.FromResult(new SecretValidationResult { Success = false });
var success = Task.FromResult(new SecretValidationResult { Success = true });

6
identity-server/src/IdentityServer/Validation/Default/PostBodySecretParser.cs
View file

@ -42,10 +42,12 @@ public class PostBodySecretParser : ISecretParser
/// Tries to find a secret on the context that can be used for authentication
/// </summary>
/// <param name="context">The HTTP context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// A parsed secret
/// </returns>
public async Task<ParsedSecret> ParseAsync(HttpContext context)
/// <inheritdoc/>
public async Task<ParsedSecret> ParseAsync(HttpContext context, CT ct)
{
_logger.LogDebug("Start parsing for secret in post body");
@ -55,7 +57,7 @@ public class PostBodySecretParser : ISecretParser
return null;
}
var body = await context.Request.ReadFormAsync();
var body = await context.Request.ReadFormAsync(ct);
if (body != null)
{

12
identity-server/src/IdentityServer/Validation/Default/PrivateKeyJwtSecretValidator.cs
View file

@ -48,11 +48,13 @@ public class PrivateKeyJwtSecretValidator : ISecretValidator
/// </summary>
/// <param name="secrets">The stored secrets.</param>
/// <param name="parsedSecret">The received secret.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// A validation result
/// </returns>
/// <exception cref="System.ArgumentException">ParsedSecret.Credential is not a JWT token</exception>
public async Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret)
/// <inheritdoc/>
public async Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret, CT ct)
{
var fail = new SecretValidationResult { Success = false };
var success = new SecretValidationResult { Success = true };
@ -124,7 +126,7 @@ public class PrivateKeyJwtSecretValidator : ISecretValidator
ValidAlgorithms = _options.SupportedClientAssertionSigningAlgorithms
};
var issuer = await _issuerNameService.GetCurrentAsync(default);
var issuer = await _issuerNameService.GetCurrentAsync(ct);
if (enforceStrictAud)
{
@ -153,7 +155,7 @@ public class PrivateKeyJwtSecretValidator : ISecretValidator
// token endpoint URL
string.Concat(_urls.BaseUrl.EnsureTrailingSlash(), ProtocolRoutePaths.Token),
// issuer URL + token (legacy support)
string.Concat((await _issuerNameService.GetCurrentAsync(default)).EnsureTrailingSlash(), ProtocolRoutePaths.Token),
string.Concat((await _issuerNameService.GetCurrentAsync(ct)).EnsureTrailingSlash(), ProtocolRoutePaths.Token),
// issuer URL
issuer,
// CIBA endpoint: https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#auth_request
@ -193,14 +195,14 @@ public class PrivateKeyJwtSecretValidator : ISecretValidator
return fail;
}
if (await _replayCache.ExistsAsync(Purpose, jti, default))
if (await _replayCache.ExistsAsync(Purpose, jti, ct))
{
_logger.LogError("jti is found in replay cache. Possible replay attack.");
return fail;
}
else
{
await _replayCache.AddAsync(Purpose, jti, exp.AddMinutes(5), default);
await _replayCache.AddAsync(Purpose, jti, exp.AddMinutes(5), ct);
}
return success;

6
identity-server/src/IdentityServer/Validation/Default/PushedAuthorizationRequestValidator.cs
View file

@ -44,7 +44,7 @@ internal class PushedAuthorizationRequestValidator(
IMtlsEndpointGenerator mtlsEndpointGenerator,
ILogger<PushedAuthorizationRequestValidator> logger) : IPushedAuthorizationRequestValidator
{
public async Task<PushedAuthorizationValidationResult> ValidateAsync(PushedAuthorizationRequestValidationContext context)
public async Task<PushedAuthorizationValidationResult> ValidateAsync(PushedAuthorizationRequestValidationContext context, CT ct)
{
// Licensing
licenseUsage.FeatureUsed(LicenseFeature.PAR);
@ -96,7 +96,7 @@ internal class PushedAuthorizationRequestValidator(
Method = "POST",
Url = parUrl
};
var dpopValidationResult = await dpopProofValidator.ValidateAsync(dpopContext);
var dpopValidationResult = await dpopProofValidator.ValidateAsync(dpopContext, ct);
if (dpopValidationResult.ServerIssuedNonce != null)
{
return PushedAuthorizationValidationResult.CreateServerNonceResult(dpopValidationResult.ServerIssuedNonce);
@ -131,7 +131,7 @@ internal class PushedAuthorizationRequestValidator(
}
// -- Authorization Parameter Validation --
var authorizeRequestValidation = await authorizeRequestValidator.ValidateAsync(context.RequestParameters,
var authorizeRequestValidation = await authorizeRequestValidator.ValidateAsync(context.RequestParameters, ct,
authorizeRequestType: AuthorizeRequestType.PushedAuthorization);
if (authorizeRequestValidation.IsError)
{

2
identity-server/src/IdentityServer/Validation/Default/RequestObjectValidator.cs
View file

@ -229,7 +229,7 @@ internal class RequestObjectValidator : IRequestObjectValidator
{
Client = request.Client,
JwtTokenString = request.RequestObject
});
}, ct);
if (jwtRequestValidationResult.IsError)
{
LogError("request JWT validation failure", request);

6
identity-server/src/IdentityServer/Validation/Default/SecretParser.cs
View file

@ -31,14 +31,16 @@ public class SecretParser : ISecretsListParser
/// Checks the context to find a secret.
/// </summary>
/// <param name="context">The HTTP context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
public async Task<ParsedSecret> ParseAsync(HttpContext context)
/// <inheritdoc/>
public async Task<ParsedSecret> ParseAsync(HttpContext context, CT ct)
{
// see if a registered parser finds a secret on the request
ParsedSecret bestSecret = null;
foreach (var parser in _parsers)
{
var parsedSecret = await parser.ParseAsync(context);
var parsedSecret = await parser.ParseAsync(context, ct);
if (parsedSecret != null)
{
_logger.LogDebug("Parser found secret: {type}", parser.GetType().Name);

6
identity-server/src/IdentityServer/Validation/Default/SecretValidator.cs
View file

@ -35,8 +35,10 @@ public class SecretValidator : ISecretsListValidator
/// </summary>
/// <param name="parsedSecret">The parsed secret.</param>
/// <param name="secrets">The secrets.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
public async Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret)
/// <inheritdoc/>
public async Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret, CT ct)
{
var secretsArray = secrets as Secret[] ?? secrets.ToArray();
@ -50,7 +52,7 @@ public class SecretValidator : ISecretsListValidator
// see if a registered validator can validate the secret
foreach (var validator in _validators)
{
var secretValidationResult = await validator.ValidateAsync(currentSecrets, parsedSecret);
var secretValidationResult = await validator.ValidateAsync(currentSecrets, parsedSecret, ct);
if (secretValidationResult.Success)
{

6
identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidator.cs
View file

@ -55,19 +55,21 @@ public class StrictRedirectUriValidator : IRedirectUriValidator
/// </summary>
/// <param name="requestedUri">The requested URI.</param>
/// <param name="client">The client.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// <c>true</c> is the URI is valid; <c>false</c> otherwise.
/// </returns>
public virtual Task<bool> IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client) => Task.FromResult(StringCollectionContainsString(client.PostLogoutRedirectUris, requestedUri));
public virtual Task<bool> IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client, CT ct) => Task.FromResult(StringCollectionContainsString(client.PostLogoutRedirectUris, requestedUri));
/// <summary>
/// Determines whether a redirect uri is valid for a context.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// <c>true</c> is the URI is valid; <c>false</c> otherwise.
/// </returns>
public virtual Task<bool> IsRedirectUriValidAsync(RedirectUriValidationContext context)
public virtual Task<bool> IsRedirectUriValidAsync(RedirectUriValidationContext context, CT ct)
{
// Check if special case handling for PAR is enabled and that the client
// is a confidential client. If so, any pushed redirect uri is allowed

9
identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidatorAppAuth.cs
View file

@ -27,9 +27,9 @@ public class StrictRedirectUriValidatorAppAuth : StrictRedirectUriValidator
: base(options) => _logger = logger;
/// <inheritdoc/>
public override async Task<bool> IsRedirectUriValidAsync(RedirectUriValidationContext context)
public override async Task<bool> IsRedirectUriValidAsync(RedirectUriValidationContext context, CT ct)
{
var isAllowed = await base.IsRedirectUriValidAsync(context);
var isAllowed = await base.IsRedirectUriValidAsync(context, ct);
if (isAllowed)
{
return isAllowed;
@ -49,12 +49,13 @@ public class StrictRedirectUriValidatorAppAuth : StrictRedirectUriValidator
/// </summary>
/// <param name="requestedUri">The requested URI.</param>
/// <param name="client">The client.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// <c>true</c> is the URI is valid; <c>false</c> otherwise.
/// </returns>
public override async Task<bool> IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client)
public override async Task<bool> IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client, CT ct)
{
var isAllowed = await base.IsPostLogoutRedirectUriValidAsync(requestedUri, client);
var isAllowed = await base.IsPostLogoutRedirectUriValidAsync(requestedUri, client, ct);
if (isAllowed)
{
return isAllowed;

8
identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs
View file

@ -263,7 +263,7 @@ internal class TokenRequestValidator : ITokenRequestValidator
Url = tokenUrl,
Method = "POST",
};
var dpopResult = await _dPoPProofValidator.ValidateAsync(dpopContext);
var dpopResult = await _dPoPProofValidator.ValidateAsync(dpopContext, _ct);
if (dpopResult.IsError)
{
LogError(dpopResult.ErrorDescription ?? dpopResult.Error);
@ -298,7 +298,7 @@ internal class TokenRequestValidator : ITokenRequestValidator
_logger.LogTrace("Calling into custom request validator: {type}", _customRequestValidator.GetType().FullName);
var customValidationContext = new CustomTokenRequestValidationContext { Result = result };
await _customRequestValidator.ValidateAsync(customValidationContext);
await _customRequestValidator.ValidateAsync(customValidationContext, _ct);
if (customValidationContext.Result.IsError)
{
@ -622,7 +622,7 @@ internal class TokenRequestValidator : ITokenRequestValidator
Password = password,
Request = _validatedRequest
};
await _resourceOwnerValidator.ValidateAsync(resourceOwnerContext);
await _resourceOwnerValidator.ValidateAsync(resourceOwnerContext, _ct);
if (resourceOwnerContext.Result.IsError)
{
@ -1042,7 +1042,7 @@ internal class TokenRequestValidator : ITokenRequestValidator
/////////////////////////////////////////////
// validate custom grant type
/////////////////////////////////////////////
var result = await _extensionGrantValidator.ValidateAsync(_validatedRequest);
var result = await _extensionGrantValidator.ValidateAsync(_validatedRequest, _ct);
if (result == null)
{

4
identity-server/src/IdentityServer/Validation/Default/TokenRevocationRequestValidator.cs
View file

@ -35,7 +35,9 @@ internal class TokenRevocationRequestValidator : ITokenRevocationRequestValidato
/// or
/// client
/// </exception>
public Task<TokenRevocationRequestValidationResult> ValidateRequestAsync(NameValueCollection parameters, Client client)
/// <param name="ct">The cancellation token.</param>
/// <inheritdoc/>
public Task<TokenRevocationRequestValidationResult> ValidateRequestAsync(NameValueCollection parameters, Client client, CT ct)
{
using var activity = Tracing.BasicActivitySource.StartActivity("TokenRevocationRequestValidator.ValidateRequest");

4
identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs
View file

@ -106,7 +106,7 @@ internal class TokenValidator : ITokenValidator
}
_logger.LogDebug("Calling into custom token validator: {type}", _customValidator.GetType().FullName);
var customResult = await _customValidator.ValidateIdentityTokenAsync(result);
var customResult = await _customValidator.ValidateIdentityTokenAsync(result, ct);
if (customResult.IsError)
{
@ -253,7 +253,7 @@ internal class TokenValidator : ITokenValidator
}
_logger.LogDebug("Calling into custom token validator: {type}", _customValidator.GetType().FullName);
var customResult = await _customValidator.ValidateAccessTokenAsync(result);
var customResult = await _customValidator.ValidateAccessTokenAsync(result, ct);
if (customResult.IsError)
{

3
identity-server/src/IdentityServer/Validation/Default/X509NameSecretValidator.cs
View file

@ -23,7 +23,8 @@ public class X509NameSecretValidator : ISecretValidator
public X509NameSecretValidator(ILogger<X509NameSecretValidator> logger) => _logger = logger;
/// <inheritdoc/>
public Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret)
/// <inheritdoc/>
public Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret, CT ct)
{
var fail = Task.FromResult(new SecretValidationResult { Success = false });

3
identity-server/src/IdentityServer/Validation/Default/X509ThumbprintSecretValidator.cs
View file

@ -23,7 +23,8 @@ public class X509ThumbprintSecretValidator : ISecretValidator
public X509ThumbprintSecretValidator(ILogger<X509ThumbprintSecretValidator> logger) => _logger = logger;
/// <inheritdoc/>
public Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret)
/// <inheritdoc/>
public Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret, CT ct)
{
var fail = Task.FromResult(new SecretValidationResult { Success = false });

3
identity-server/src/IdentityServer/Validation/IApiSecretValidator.cs
View file

@ -17,6 +17,7 @@ public interface IApiSecretValidator
/// Tries to authenticate an API client based on the incoming request
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
Task<ApiSecretValidationResult> ValidateAsync(HttpContext context);
Task<ApiSecretValidationResult> ValidateAsync(HttpContext context, CT ct);
}

4
identity-server/src/IdentityServer/Validation/IAuthorizeRequestValidator.cs
View file

@ -1,6 +1,7 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
#nullable enable
using System.Collections.Specialized;
using System.Security.Claims;
@ -16,8 +17,9 @@ public interface IAuthorizeRequestValidator
/// Validates authorize request parameters.
/// </summary>
/// <param name="parameters"></param>
/// <param name="ct">The cancellation token.</param>
/// <param name="subject"></param>
/// <param name="authorizeRequestType"></param>
/// <returns></returns>
Task<AuthorizeRequestValidationResult> ValidateAsync(NameValueCollection parameters, ClaimsPrincipal subject = null, AuthorizeRequestType authorizeRequestType = AuthorizeRequestType.Authorize);
Task<AuthorizeRequestValidationResult> ValidateAsync(NameValueCollection parameters, CT ct, ClaimsPrincipal? subject = null, AuthorizeRequestType authorizeRequestType = AuthorizeRequestType.Authorize);
}

3
identity-server/src/IdentityServer/Validation/IBackchannelAuthenticationUserValidator.cs
View file

@ -15,6 +15,7 @@ public interface IBackchannelAuthenticationUserValidator
/// Validates the user.
/// </summary>
/// <param name="userValidatorContext"></param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
Task<BackchannelAuthenticationUserValidationResult> ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext);
Task<BackchannelAuthenticationUserValidationResult> ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext, CT ct);
}

3
identity-server/src/IdentityServer/Validation/IClientConfigurationValidator.cs
View file

@ -15,6 +15,7 @@ public interface IClientConfigurationValidator
/// Determines whether the configuration of a client is valid.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
Task ValidateAsync(ClientConfigurationValidationContext context);
Task ValidateAsync(ClientConfigurationValidationContext context, CT ct);
}

3
identity-server/src/IdentityServer/Validation/IClientSecretValidator.cs
View file

@ -17,6 +17,7 @@ public interface IClientSecretValidator
/// Tries to authenticate a client based on the incoming request
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
Task<ClientSecretValidationResult> ValidateAsync(HttpContext context);
Task<ClientSecretValidationResult> ValidateAsync(HttpContext context, CT ct);
}

3
identity-server/src/IdentityServer/Validation/ICustomAuthorizeRequestValidator.cs
View file

@ -15,5 +15,6 @@ public interface ICustomAuthorizeRequestValidator
/// Custom validation logic for the authorize request.
/// </summary>
/// <param name="context">The context.</param>
Task ValidateAsync(CustomAuthorizeRequestValidationContext context);
/// <param name="ct">The cancellation token.</param>
Task ValidateAsync(CustomAuthorizeRequestValidationContext context, CT ct);
}

3
identity-server/src/IdentityServer/Validation/ICustomBackchannelAuthenticationValidator.cs
View file

@ -13,6 +13,7 @@ public interface ICustomBackchannelAuthenticationValidator
/// Validates a CIBA authentication request.
/// </summary>
/// <param name="customValidationContext"></param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext);
Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext, CT ct);
}

3
identity-server/src/IdentityServer/Validation/ICustomTokenRequestValidator.cs
View file

@ -15,8 +15,9 @@ public interface ICustomTokenRequestValidator
/// Custom validation logic for a token request.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// The validation result
/// </returns>
Task ValidateAsync(CustomTokenRequestValidationContext context);
Task ValidateAsync(CustomTokenRequestValidationContext context, CT ct);
}

6
identity-server/src/IdentityServer/Validation/ICustomTokenValidator.cs
View file

@ -15,13 +15,15 @@ public interface ICustomTokenValidator
/// Custom validation logic for access tokens.
/// </summary>
/// <param name="result">The validation result so far.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>The validation result</returns>
Task<TokenValidationResult> ValidateAccessTokenAsync(TokenValidationResult result);
Task<TokenValidationResult> ValidateAccessTokenAsync(TokenValidationResult result, CT ct);
/// <summary>
/// Custom validation logic for identity tokens.
/// </summary>
/// <param name="result">The validation result so far.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>The validation result</returns>
Task<TokenValidationResult> ValidateIdentityTokenAsync(TokenValidationResult result);
Task<TokenValidationResult> ValidateIdentityTokenAsync(TokenValidationResult result, CT ct);
}

4
identity-server/src/IdentityServer/Validation/IDPoPProofValidator.cs
View file

@ -14,5 +14,7 @@ public interface IDPoPProofValidator
/// <summary>
/// Validates the DPoP proof.
/// </summary>
Task<DPoPProofValidatonResult> ValidateAsync(DPoPProofValidatonContext context);
/// <param name="context">The validation context.</param>
/// <param name="ct">The cancellation token.</param>
Task<DPoPProofValidatonResult> ValidateAsync(DPoPProofValidatonContext context, CT ct);
}

3
identity-server/src/IdentityServer/Validation/IDeviceAuthorizationRequestValidator.cs
View file

@ -16,6 +16,7 @@ public interface IDeviceAuthorizationRequestValidator
/// </summary>
/// <param name="parameters"></param>
/// <param name="clientValidationResult"></param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
Task<DeviceAuthorizationRequestValidationResult> ValidateAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult);
Task<DeviceAuthorizationRequestValidationResult> ValidateAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult, CT ct);
}

3
identity-server/src/IdentityServer/Validation/IExtensionGrantValidator.cs
View file

@ -15,10 +15,11 @@ public interface IExtensionGrantValidator
/// Validates the custom grant request.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// A principal
/// </returns>
Task ValidateAsync(ExtensionGrantValidationContext context);
Task ValidateAsync(ExtensionGrantValidationContext context, CT ct);
/// <summary>
/// Returns the grant type this validator can deal with

3
identity-server/src/IdentityServer/Validation/IIdentityProviderConfigurationValidator.cs
View file

@ -15,6 +15,7 @@ public interface IIdentityProviderConfigurationValidator
/// Determines whether the configuration of an identity provider is valid.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
Task ValidateAsync(IdentityProviderConfigurationValidationContext context);
Task ValidateAsync(IdentityProviderConfigurationValidationContext context, CT ct);
}

3
identity-server/src/IdentityServer/Validation/IIssuerPathValidator.cs
View file

@ -9,6 +9,7 @@ public interface IIssuerPathValidator
/// Validates that the path is valid for issuer URIs used.
/// </summary>
/// <param name="path">A path component of a URI to validate against the issuer for the current request.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>True if the path component is valid in for the issuer in the context of the current request.</returns>
Task<bool> ValidateAsync(string path);
Task<bool> ValidateAsync(string path, CT ct);
}

4
identity-server/src/IdentityServer/Validation/IJwtRequestValidator.cs
View file

@ -14,5 +14,7 @@ public interface IJwtRequestValidator
/// <summary>
/// Validates a JWT request object
/// </summary>
Task<JwtRequestValidationResult> ValidateAsync(JwtRequestValidationContext context);
/// <param name="context">The validation context.</param>
/// <param name="ct">The cancellation token.</param>
Task<JwtRequestValidationResult> ValidateAsync(JwtRequestValidationContext context, CT ct);
}

3
identity-server/src/IdentityServer/Validation/IPushedAuthorizationRequestValidator.cs
View file

@ -20,8 +20,9 @@ public interface IPushedAuthorizationRequestValidator
/// Validates the pushed authorization request.
/// </summary>
/// <param name="context">The validation context</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A task containing a pushed authorization result that either
/// wraps the validated request values or indicates the error code and
/// description.</returns>
Task<PushedAuthorizationValidationResult> ValidateAsync(PushedAuthorizationRequestValidationContext context);
Task<PushedAuthorizationValidationResult> ValidateAsync(PushedAuthorizationRequestValidationContext context, CT ct);
}

7
identity-server/src/IdentityServer/Validation/IRedirectUriValidator.cs
View file

@ -27,7 +27,9 @@ public interface IRedirectUriValidator
/// <summary>
/// Determines whether a redirect URI is valid for a client.
/// </summary>
Task<bool> IsRedirectUriValidAsync(RedirectUriValidationContext context)
/// <param name="context">The validation context.</param>
/// <param name="ct">The cancellation token.</param>
Task<bool> IsRedirectUriValidAsync(RedirectUriValidationContext context, CT ct)
#pragma warning disable CS0618 // Type or member is obsolete
=> IsRedirectUriValidAsync(context.RequestedUri, context.Client);
#pragma warning restore CS0618 // Type or member is obsolete
@ -37,8 +39,9 @@ public interface IRedirectUriValidator
/// </summary>
/// <param name="requestedUri">The requested URI.</param>
/// <param name="client">The client.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns><c>true</c> is the URI is valid; <c>false</c> otherwise.</returns>
Task<bool> IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client);
Task<bool> IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client, CT ct);
}
/// <summary>

3
identity-server/src/IdentityServer/Validation/IResourceOwnerPasswordValidator.cs
View file

@ -15,5 +15,6 @@ public interface IResourceOwnerPasswordValidator
/// Validates the resource owner password credential
/// </summary>
/// <param name="context">The context.</param>
Task ValidateAsync(ResourceOwnerPasswordValidationContext context);
/// <param name="ct">The cancellation token.</param>
Task ValidateAsync(ResourceOwnerPasswordValidationContext context, CT ct);
}

3
identity-server/src/IdentityServer/Validation/ISecretParser.cs
View file

@ -18,10 +18,11 @@ public interface ISecretParser
/// Tries to find a secret on the context that can be used for authentication
/// </summary>
/// <param name="context">The HTTP context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// A parsed secret
/// </returns>
Task<ParsedSecret?> ParseAsync(HttpContext context);
Task<ParsedSecret?> ParseAsync(HttpContext context, CT ct);
/// <summary>
/// Returns the authentication method name that this parser implements

3
identity-server/src/IdentityServer/Validation/ISecretValidator.cs
View file

@ -18,6 +18,7 @@ public interface ISecretValidator
/// </summary>
/// <param name="secrets">The stored secrets.</param>
/// <param name="parsedSecret">The received secret.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A validation result</returns>
Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret);
Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret, CT ct);
}

3
identity-server/src/IdentityServer/Validation/ISecretsListParser.cs
View file

@ -18,10 +18,11 @@ public interface ISecretsListParser
/// Tries to find the best secret on the context that can be used for authentication
/// </summary>
/// <param name="context">The HTTP context.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>
/// A parsed secret
/// </returns>
Task<ParsedSecret?> ParseAsync(HttpContext context);
Task<ParsedSecret?> ParseAsync(HttpContext context, CT ct);
/// <summary>
/// Gets all available authentication methods.

3
identity-server/src/IdentityServer/Validation/ISecretsListValidator.cs
View file

@ -18,6 +18,7 @@ public interface ISecretsListValidator
/// </summary>
/// <param name="secrets">The stored secrets.</param>
/// <param name="parsedSecret">The received secret.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns>A validation result</returns>
Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret);
Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret, CT ct);
}

3
identity-server/src/IdentityServer/Validation/ITokenRevocationRequestValidator.cs
View file

@ -17,6 +17,7 @@ public interface ITokenRevocationRequestValidator
/// </summary>
/// <param name="parameters">The parameters.</param>
/// <param name="client">The client.</param>
/// <param name="ct">The cancellation token.</param>
/// <returns></returns>
Task<TokenRevocationRequestValidationResult> ValidateRequestAsync(NameValueCollection parameters, Client client);
Task<TokenRevocationRequestValidationResult> ValidateRequestAsync(NameValueCollection parameters, Client client, CT ct);
}

2
identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ConfirmationSecretValidator.cs
View file

@ -10,7 +10,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup;
public class ConfirmationSecretValidator : ISecretValidator
{
public Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret)
public Task<SecretValidationResult> ValidateAsync(IEnumerable<Secret> secrets, ParsedSecret parsedSecret, CT ct)
{
if (secrets.Any())
{

2
identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/CustomResponseExtensionGrantValidator.cs
View file

@ -9,7 +9,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup;
public class CustomResponseExtensionGrantValidator : IExtensionGrantValidator
{
public Task ValidateAsync(ExtensionGrantValidationContext context)
public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct)
{
var response = new Dictionary<string, object>
{

2
identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/CustomResponseResourceOwnerValidator.cs
View file

@ -9,7 +9,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup;
public class CustomResponseResourceOwnerValidator : IResourceOwnerPasswordValidator
{
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context, CT ct)
{
var response = new Dictionary<string, object>
{

2
identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/DynamicParameterExtensionGrantValidator.cs
View file

@ -10,7 +10,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup;
public class DynamicParameterExtensionGrantValidator : IExtensionGrantValidator
{
public Task ValidateAsync(ExtensionGrantValidationContext context)
public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct)
{
var impersonatedClient = context.Request.Raw.Get("impersonated_client");
var lifetime = context.Request.Raw.Get("lifetime");

2
identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ExtensionGrantValidator.cs
View file

@ -10,7 +10,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup;
public class ExtensionGrantValidator : IExtensionGrantValidator
{
public Task ValidateAsync(ExtensionGrantValidationContext context)
public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct)
{
var credential = context.Request.Raw.Get("custom_credential");
var extraClaim = context.Request.Raw.Get("extra_claim");

2
identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ExtensionGrantValidator2.cs
View file

@ -8,7 +8,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup;
public class ExtensionGrantValidator2 : IExtensionGrantValidator
{
public Task ValidateAsync(ExtensionGrantValidationContext context)
public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct)
{
var credential = context.Request.Raw.Get("custom_credential");

2
identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/NoSubjectExtensionGrantValidator.cs
View file

@ -9,7 +9,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup;
public class NoSubjectExtensionGrantValidator : IExtensionGrantValidator
{
public Task ValidateAsync(ExtensionGrantValidationContext context)
public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct)
{
var credential = context.Request.Raw.Get("custom_credential");

2
identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/TestCustomTokenRequestValidator.cs
View file

@ -8,7 +8,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup;
public class TestCustomTokenRequestValidator : ICustomTokenRequestValidator
{
public Task ValidateAsync(CustomTokenRequestValidationContext context)
public Task ValidateAsync(CustomTokenRequestValidationContext context, CT ct)
{
context.Result.CustomResponse = new Dictionary<string, object>
{

2
identity-server/test/IdentityServer.IntegrationTests/Common/MockCibaUserValidator.cs
View file

@ -11,7 +11,7 @@ internal class MockCibaUserValidator : IBackchannelAuthenticationUserValidator
public BackchannelAuthenticationUserValidationResult Result { get; set; } = new BackchannelAuthenticationUserValidationResult();
public BackchannelAuthenticationUserValidatorContext UserValidatorContext { get; set; }
public Task<BackchannelAuthenticationUserValidationResult> ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext)
public Task<BackchannelAuthenticationUserValidationResult> ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext, CT ct)
{
UserValidatorContext = userValidatorContext;
return Task.FromResult(Result);

2
identity-server/test/IdentityServer.IntegrationTests/Common/MockCustomBackchannelAuthenticationValidator.cs
View file

@ -16,7 +16,7 @@ internal class MockCustomBackchannelAuthenticationValidator : ICustomBackchannel
/// </summary>
public Action<CustomBackchannelAuthenticationRequestValidationContext> Thunk { get; set; } = delegate { };
public Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext)
public Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext, CT ct)
{
Thunk(customValidationContext);
Context = customValidationContext;

2
identity-server/test/IdentityServer.UnitTests/Endpoints/Authorize/StubAuthorizeRequestValidator.cs
View file

@ -12,7 +12,7 @@ public class StubAuthorizeRequestValidator : IAuthorizeRequestValidator
{
public AuthorizeRequestValidationResult Result { get; set; }
public Task<AuthorizeRequestValidationResult> ValidateAsync(NameValueCollection parameters, ClaimsPrincipal subject = null, AuthorizeRequestType authorizeRequestType = AuthorizeRequestType.Authorize)
public Task<AuthorizeRequestValidationResult> ValidateAsync(NameValueCollection parameters, CT ct, ClaimsPrincipal subject = null, AuthorizeRequestType authorizeRequestType = AuthorizeRequestType.Authorize)
{
Result.ValidatedRequest.Raw = parameters;
return Task.FromResult(Result);

2
identity-server/test/IdentityServer.UnitTests/Endpoints/Token/StubClientSecretValidator.cs
View file

@ -11,5 +11,5 @@ internal class StubClientSecretValidator : IClientSecretValidator
{
public ClientSecretValidationResult Result { get; set; }
public Task<ClientSecretValidationResult> ValidateAsync(HttpContext context) => Task.FromResult(Result);
public Task<ClientSecretValidationResult> ValidateAsync(HttpContext context, CT ct) => Task.FromResult(Result);
}

10
identity-server/test/IdentityServer.UnitTests/Services/Default/ParRedirectUriValidatorTests.cs
View file

@ -31,7 +31,7 @@ public class ParRedirectUriValidatorTests
{
RequireClientSecret = true,
}
});
}, default);
result.ShouldBe(true);
}
@ -57,7 +57,7 @@ public class ParRedirectUriValidatorTests
{
RequireClientSecret = true,
}
});
}, default);
result.ShouldBe(true);
}
@ -82,7 +82,7 @@ public class ParRedirectUriValidatorTests
RequestParameters = pushedParameters,
RequestedUri = notThePushedRedirectUri,
Client = new Client()
});
}, default);
result.ShouldBe(false);
}
@ -110,7 +110,7 @@ public class ParRedirectUriValidatorTests
{
RedirectUris = { "https://registered.example.com" }
}
});
}, default);
registeredRedirectUri.ShouldNotBe(pushedRedirectUri);
result.ShouldBe(true);
@ -139,7 +139,7 @@ public class ParRedirectUriValidatorTests
{
RedirectUris = { "https://registered.example.com" }
}
});
}, default);
registeredRedirectUri.ShouldNotBe(requestedRedirectUri);
result.ShouldBe(false);

2
identity-server/test/IdentityServer.UnitTests/Stores/ValidatingClientStoreTests.cs
View file

@ -182,7 +182,7 @@ public class ValidatingClientStoreTests
_errorMessage = errorMessage;
}
public Task ValidateAsync(ClientConfigurationValidationContext context)
public Task ValidateAsync(ClientConfigurationValidationContext context, CT ct)
{
var isValid = _validationFunc != null ? _validationFunc(context.Client) : _isValid;

13
identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Code.cs
View file

@ -13,6 +13,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation;
public class Authorize_ClientValidation_Code
{
private IdentityServerOptions _options = TestIdentityServerOptions.Create();
private readonly CT _ct = TestContext.Current.CancellationToken;
[Fact]
[Trait("Category", "AuthorizeRequest Client Validation - Code")]
@ -25,7 +26,7 @@ public class Authorize_ClientValidation_Code
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeTrue();
result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope);
@ -42,7 +43,7 @@ public class Authorize_ClientValidation_Code
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeTrue();
result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -60,7 +61,7 @@ public class Authorize_ClientValidation_Code
parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc");
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeTrue();
result.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient);
@ -78,7 +79,7 @@ public class Authorize_ClientValidation_Code
parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc");
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeTrue();
result.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient);
@ -95,7 +96,7 @@ public class Authorize_ClientValidation_Code
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeTrue();
result.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient);
@ -112,7 +113,7 @@ public class Authorize_ClientValidation_Code
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeTrue();
result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope);

3
identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_IdToken.cs
View file

@ -13,6 +13,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation;
public class Authorize_ClientValidation_IdToken
{
private IdentityServerOptions _options = TestIdentityServerOptions.Create();
private readonly CT _ct = TestContext.Current.CancellationToken;
[Fact]
[Trait("Category", "AuthorizeRequest Client Validation - IdToken")]
@ -26,7 +27,7 @@ public class Authorize_ClientValidation_IdToken
parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc");
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeTrue();
result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope);

3
identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Invalid.cs
View file

@ -13,6 +13,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation;
public class Authorize_ClientValidation_Invalid
{
private const string Category = "AuthorizeRequest Client Validation - Invalid";
private readonly CT _ct = TestContext.Current.CancellationToken;
private IdentityServerOptions _options = TestIdentityServerOptions.Create();
@ -27,7 +28,7 @@ public class Authorize_ClientValidation_Invalid
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.IdToken);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeTrue();
result.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient);

7
identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Token.cs
View file

@ -13,6 +13,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation;
public class Authorize_ClientValidation_Token
{
private const string Category = "AuthorizeRequest Client Validation - Token";
private readonly CT _ct = TestContext.Current.CancellationToken;
private IdentityServerOptions _options = TestIdentityServerOptions.Create();
@ -27,7 +28,7 @@ public class Authorize_ClientValidation_Token
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Token);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeTrue();
result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope);
@ -45,7 +46,7 @@ public class Authorize_ClientValidation_Token
parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc");
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeTrue();
result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);
@ -64,7 +65,7 @@ public class Authorize_ClientValidation_Token
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeIdTokenToken);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeTrue();
result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest);

27
identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Valid.cs
View file

@ -13,6 +13,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation;
public class Authorize_ClientValidation_Valid
{
private const string Category = "AuthorizeRequest Client Validation - Valid";
private readonly CT _ct = TestContext.Current.CancellationToken;
private IdentityServerOptions _options = TestIdentityServerOptions.Create();
@ -27,7 +28,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -43,7 +44,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -59,7 +60,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -75,7 +76,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -92,7 +93,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeIdToken);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -109,7 +110,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeIdTokenToken);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -126,7 +127,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeIdToken);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -143,7 +144,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeIdTokenToken);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -160,7 +161,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc");
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -177,7 +178,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc");
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -194,7 +195,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc");
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -210,7 +211,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Token);
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}
@ -227,7 +228,7 @@ public class Authorize_ClientValidation_Valid
parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc");
var validator = Factory.CreateAuthorizeRequestValidator();
var result = await validator.ValidateAsync(parameters);
var result = await validator.ValidateAsync(parameters, _ct);
result.IsError.ShouldBeFalse();
}

Some files were not shown because too many files have changed in this diff Show more