mirror of
https://github.com/DuendeSoftware/products
synced 2026-05-24 09:28:24 +00:00
Merge pull request #2247 from DuendeSoftware/beh/im-8preview
Updated IS and BFF to IM 8.0.0 Preview 1 and ATM Previews
This commit is contained in:
Joe DeCock
GitHub
commit
d126cbfca9
43 changed files with 102 additions and 79 deletions
|
|
@ -43,14 +43,16 @@
|
|||
<!-- Added aspire transitive package to resolve package vulnerability -->
|
||||
<PackageVersion Include="KubernetesClient" Version="17.0.14" />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement" Version="3.2.0" Condition="'$(IsBffProject)' == 'true'" />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement" Version="4.0.0" Condition="'$(IsBffProject)' != 'true'" />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement" Version="4.1.0-preview.2" Condition="'$(IsBffProject)' != 'true'" />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement.OpenIdConnect" Version="3.2.0" Condition="'$(IsBffProject)' == 'true'" />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement.OpenIdConnect" Version="4.0.0" Condition="'$(IsBffProject)' != 'true'" />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement.OpenIdConnect" Version="4.1.0-preview.2" Condition="'$(IsBffProject)' != 'true'" />
|
||||
<!-- <PackageVersion Include="Duende.AccessTokenManagement" Version="4.0.0" />
|
||||
<PackageVersion Include="Duende.AccessTokenManagement.OpenIdConnect" Version="4.0.0" /> -->
|
||||
<PackageVersion Include="Duende.AspNetCore.Authentication.JwtBearer" Version="0.1.3" />
|
||||
<PackageVersion Include="Duende.IdentityModel" Version="7.1.0" />
|
||||
<PackageVersion Include="Duende.IdentityModel.OidcClient" Version="6.0.1" />
|
||||
<PackageVersion Include="Duende.IdentityModel" Version="7.0.0" Condition="'$(IsBffProject)' == 'true'" />
|
||||
<PackageVersion Include="Duende.IdentityModel" Version="8.0.0-preview.1" Condition="'$(IsBffProject)' != 'true'" />
|
||||
<PackageVersion Include="Duende.IdentityModel.OidcClient" Version="6.0.1" Condition="'$(IsBffProject)' == 'true'"/>
|
||||
<PackageVersion Include="Duende.IdentityModel.OidcClient" Version="7.0.0-preview.2" Condition="'$(IsBffProject)' != 'true'"/>
|
||||
<PackageVersion Include="Duende.IdentityServer" Version="7.1.0" />
|
||||
<PackageVersion Include="Duende.Private.Licensing" Version="1.0.0" />
|
||||
<PackageVersion Include="IdentityModel.AspNetCore.OAuth2Introspection" Version="6.2.0" />
|
||||
|
|
@ -69,6 +71,7 @@
|
|||
<PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="$(FrameworkVersion)" />
|
||||
<PackageVersion Include="Microsoft.AspNetCore.TestHost" Version="$(FrameworkVersion)" />
|
||||
<PackageVersion Include="Microsoft.AspNetCore.WebUtilities" Version="2.2.0" />
|
||||
<PackageVersion Include="Microsoft.Build.Tasks.Core" Version="17.14.28" />
|
||||
<PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="$(EFCoreVersion)" />
|
||||
<PackageVersion Include="Microsoft.EntityFrameworkCore.InMemory" Version="$(EFCoreVersion)" />
|
||||
<PackageVersion Include="Microsoft.EntityFrameworkCore.Relational" Version="$(EFCoreVersion)" />
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
|
||||
<PackageReference Include="Duende.IdentityModel" />
|
||||
<PackageReference Include="Duende.IdentityModel" VersionOverride="7.1.0" />
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ internal class DPoPProofValidator : IDPoPProofValidator
|
|||
private const string DataProtectorPurpose = "DPoPJwtBearerEvents-DPoPProofValidation-nonce";
|
||||
|
||||
/// <summary>
|
||||
/// Provides the options for DPoP proof validation.
|
||||
/// Provides the options for DPoP proof validation.
|
||||
/// </summary>
|
||||
internal readonly IOptionsMonitor<DPoPOptions> OptionsMonitor;
|
||||
|
||||
|
|
@ -382,7 +382,7 @@ internal class DPoPProofValidator : IDPoPProofValidator
|
|||
skew = dPoPOptions.ServerClockSkew;
|
||||
}
|
||||
|
||||
// we do x2 here because the clock might be before or after, so we're making cache duration
|
||||
// we do x2 here because the clock might be before or after, so we're making cache duration
|
||||
// longer than the likelihood of proof token expiration, which is done before replay
|
||||
skew *= 2;
|
||||
var cacheDuration = dPoPOptions.ProofTokenValidityDuration + skew;
|
||||
|
|
|
|||
|
|
@ -10,12 +10,11 @@
|
|||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="AngleSharp" />
|
||||
<PackageReference Include="Duende.AccessTokenManagement.OpenIdConnect" />
|
||||
<PackageReference Include="Duende.IdentityModel" />
|
||||
<PackageReference Include="Duende.AccessTokenManagement.OpenIdConnect" VersionOverride="4.0.0"/>
|
||||
<PackageReference Include="Duende.IdentityModel" VersionOverride="7.1.0" />
|
||||
<PackageReference Include="Duende.IdentityServer" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" />
|
||||
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
|
||||
<PackageReference Include="Meziantou.Extensions.Logging.Xunit" />
|
||||
<PackageReference Include="Microsoft.Extensions.TimeProvider.Testing" />
|
||||
<PackageReference Include="NSubstitute" />
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ public abstract class DPoPProofValidatorTestBase
|
|||
|
||||
protected DPoPProofValidationResult Result = new();
|
||||
|
||||
// This is just an arbitrary date that we're going to do all our date arithmetic relative to.
|
||||
// This is just an arbitrary date that we're going to do all our date arithmetic relative to.
|
||||
// It was chosen because it is convenient to use - it is well within the range of DateTime
|
||||
protected const long IssuedAt = 1704088800; // Mon Jan 01 2024 06:00:00 GMT+0000
|
||||
protected const long ValidFor = 100;
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
|
|
|
|||
|
|
@ -328,7 +328,7 @@ public class DPoPProofValidator
|
|||
skew = dpopOptions.ServerClockSkew;
|
||||
}
|
||||
|
||||
// we do x2 here because clock might be might be before or after, so we're making cache duration
|
||||
// we do x2 here because clock might be might be before or after, so we're making cache duration
|
||||
// longer than the likelyhood of proof token expiration, which is done before replay
|
||||
skew *= 2;
|
||||
var cacheDuration = dpopOptions.ProofTokenValidityDuration + skew;
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
</PackageReference>
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" />
|
||||
<PackageReference Include="Microsoft.Build.Tasks.Core" />
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using Clients;
|
||||
using ConsoleResourceIndicators;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using Duende.IdentityModel.OidcClient;
|
||||
using Microsoft.Extensions.Hosting;
|
||||
|
|
@ -103,8 +103,8 @@ async Task FrontChannel(string scope, IEnumerable<string> resource)
|
|||
|
||||
Console.WriteLine();
|
||||
Console.WriteLine("Standard access token:");
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.Decode(header)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.Decode(payload)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(header)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload)).PrettyPrintJson());
|
||||
|
||||
if (result.RefreshToken == null)
|
||||
{
|
||||
|
|
@ -155,8 +155,8 @@ async Task Refresh(string refreshToken, string resource)
|
|||
var header = parts[0];
|
||||
var payload = parts[1];
|
||||
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.Decode(header)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.Decode(payload)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(header)).PrettyPrintJson());
|
||||
Console.WriteLine(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload)).PrettyPrintJson());
|
||||
}
|
||||
|
||||
internal class Test
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
|
||||
namespace Clients;
|
||||
|
|
@ -25,8 +25,8 @@ public static class TokenResponseExtensions
|
|||
var header = parts[0];
|
||||
var payload = parts[1];
|
||||
|
||||
Console.WriteLine(PrettyPrintJson(Encoding.UTF8.GetString(Base64Url.Decode(header))));
|
||||
Console.WriteLine(PrettyPrintJson(Encoding.UTF8.GetString(Base64Url.Decode(payload))));
|
||||
Console.WriteLine(PrettyPrintJson(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(header))));
|
||||
Console.WriteLine(PrettyPrintJson(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload))));
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<Nullable>enable</Nullable>
|
||||
<RootNamespace>Duende.IdentityServer.Hosts.Shared</RootNamespace>
|
||||
<IsPackable>false</IsPackable>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
<AddRazorSupportForMvc>true</AddRazorSupportForMvc>
|
||||
<RootNamespace>Duende.IdentityServer.UI.AspNetIdentity</RootNamespace>
|
||||
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
|
||||
<IsPackable>false</IsPackable>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
<AddRazorSupportForMvc>true</AddRazorSupportForMvc>
|
||||
<RootNamespace>Duende.IdentityServer.UI.EntityFramework</RootNamespace>
|
||||
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
|
||||
<IsPackable>false</IsPackable>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
|
||||
namespace Duende.IdentityServer.UI.Pages.Diagnostics;
|
||||
|
|
@ -18,7 +18,7 @@ public class ViewModel
|
|||
{
|
||||
if (encoded != null)
|
||||
{
|
||||
var bytes = Base64Url.Decode(encoded);
|
||||
var bytes = Base64Url.DecodeFromChars(encoded);
|
||||
var value = Encoding.UTF8.GetString(bytes);
|
||||
Clients = JsonSerializer.Deserialize<string[]>(value) ?? Enumerable.Empty<string>();
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
<RootNamespace>Duende.IdentityServer.UI</RootNamespace>
|
||||
<GenerateEmbeddedFilesManifest>true</GenerateEmbeddedFilesManifest>
|
||||
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
|
||||
<IsPackable>false</IsPackable>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
#nullable enable
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Globalization;
|
||||
using System.Security.Cryptography;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
|
|
@ -75,7 +76,7 @@ public static class CryptoHelper
|
|||
var leftPart = new byte[size];
|
||||
Array.Copy(hash, leftPart, size);
|
||||
|
||||
return Base64Url.Encode(leftPart);
|
||||
return Base64Url.EncodeToString(leftPart);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using Duende.IdentityModel;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
|
||||
namespace Duende.IdentityServer.Extensions;
|
||||
|
|
@ -91,7 +91,7 @@ public static class AuthenticationPropertiesExtensions
|
|||
{
|
||||
if (value.IsPresent())
|
||||
{
|
||||
var bytes = Base64Url.Decode(value);
|
||||
var bytes = Base64Url.DecodeFromChars(value);
|
||||
value = Encoding.UTF8.GetString(bytes);
|
||||
return ObjectSerializer.FromString<string[]>(value);
|
||||
}
|
||||
|
|
@ -105,7 +105,7 @@ public static class AuthenticationPropertiesExtensions
|
|||
{
|
||||
var value = ObjectSerializer.ToString(list);
|
||||
var bytes = Encoding.UTF8.GetBytes(value);
|
||||
value = Base64Url.Encode(bytes);
|
||||
value = Base64Url.EncodeToString(bytes);
|
||||
return value;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
|
|
@ -30,7 +31,7 @@ internal static class JsonWebKeyExtensions
|
|||
/// </summary>
|
||||
public static string CreateThumbprint(this JsonWebKey jwk)
|
||||
{
|
||||
var jkt = Base64Url.Encode(jwk.ComputeJwkThumbprint());
|
||||
var jkt = Base64Url.EncodeToString(jwk.ComputeJwkThumbprint());
|
||||
return jkt;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Collections.Specialized;
|
||||
using System.Globalization;
|
||||
using System.Security.Cryptography;
|
||||
|
|
@ -159,7 +160,7 @@ public static class ValidatedAuthorizeRequestExtensions
|
|||
var bytes = Encoding.UTF8.GetBytes(clientId + origin + sessionId + salt);
|
||||
var hash = SHA256.HashData(bytes);
|
||||
|
||||
return Base64Url.Encode(hash) + "." + salt;
|
||||
return Base64Url.EncodeToString(hash) + "." + salt;
|
||||
}
|
||||
|
||||
private static NameValueCollection ToOptimizedRawValues(this ValidatedAuthorizeRequest request)
|
||||
|
|
|
|||
|
|
@ -2,10 +2,10 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Cryptography;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
|
||||
namespace Duende.IdentityServer.Extensions;
|
||||
|
||||
|
|
@ -35,5 +35,5 @@ public static class X509CertificateExtensions
|
|||
/// Returns the SHA256 thumbprint of the certificate as a base64url encoded string
|
||||
/// </summary>
|
||||
/// <returns></returns>
|
||||
public static string GetSha256Thumbprint(this X509Certificate2 certificate) => Base64Url.Encode(certificate.GetCertHash(HashAlgorithmName.SHA256));
|
||||
public static string GetSha256Thumbprint(this X509Certificate2 certificate) => Base64Url.EncodeToString(certificate.GetCertHash(HashAlgorithmName.SHA256));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Collections.Specialized;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
|
|
@ -89,7 +90,7 @@ public class ConsentRequest
|
|||
var bytes = Encoding.UTF8.GetBytes(value);
|
||||
var hash = SHA256.HashData(bytes);
|
||||
|
||||
return Base64Url.Encode(hash);
|
||||
return Base64Url.EncodeToString(hash);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Cryptography;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityServer.Configuration;
|
||||
|
|
@ -435,13 +436,13 @@ public class DiscoveryResponseGenerator : IDiscoveryResponseGenerator
|
|||
if (key.Key is X509SecurityKey x509Key)
|
||||
{
|
||||
var cert64 = Convert.ToBase64String(x509Key.Certificate.RawData);
|
||||
var thumbprint = Base64Url.Encode(x509Key.Certificate.GetCertHash());
|
||||
var thumbprint = Base64Url.EncodeToString(x509Key.Certificate.GetCertHash());
|
||||
|
||||
if (x509Key.PublicKey is RSA rsa)
|
||||
{
|
||||
var parameters = rsa.ExportParameters(false);
|
||||
var exponent = Base64Url.Encode(parameters.Exponent);
|
||||
var modulus = Base64Url.Encode(parameters.Modulus);
|
||||
var exponent = Base64Url.EncodeToString(parameters.Exponent);
|
||||
var modulus = Base64Url.EncodeToString(parameters.Modulus);
|
||||
|
||||
var rsaJsonWebKey = new Models.JsonWebKey
|
||||
{
|
||||
|
|
@ -459,8 +460,8 @@ public class DiscoveryResponseGenerator : IDiscoveryResponseGenerator
|
|||
else if (x509Key.PublicKey is ECDsa ecdsa)
|
||||
{
|
||||
var parameters = ecdsa.ExportParameters(false);
|
||||
var x = Base64Url.Encode(parameters.Q.X);
|
||||
var y = Base64Url.Encode(parameters.Q.Y);
|
||||
var x = Base64Url.EncodeToString(parameters.Q.X);
|
||||
var y = Base64Url.EncodeToString(parameters.Q.Y);
|
||||
|
||||
var ecdsaJsonWebKey = new Models.JsonWebKey
|
||||
{
|
||||
|
|
@ -484,8 +485,8 @@ public class DiscoveryResponseGenerator : IDiscoveryResponseGenerator
|
|||
else if (key.Key is RsaSecurityKey rsaKey)
|
||||
{
|
||||
var parameters = rsaKey.Rsa?.ExportParameters(false) ?? rsaKey.Parameters;
|
||||
var exponent = Base64Url.Encode(parameters.Exponent);
|
||||
var modulus = Base64Url.Encode(parameters.Modulus);
|
||||
var exponent = Base64Url.EncodeToString(parameters.Exponent);
|
||||
var modulus = Base64Url.EncodeToString(parameters.Modulus);
|
||||
|
||||
var webKey = new Models.JsonWebKey
|
||||
{
|
||||
|
|
@ -502,8 +503,8 @@ public class DiscoveryResponseGenerator : IDiscoveryResponseGenerator
|
|||
else if (key.Key is ECDsaSecurityKey ecdsaKey)
|
||||
{
|
||||
var parameters = ecdsaKey.ECDsa.ExportParameters(false);
|
||||
var x = Base64Url.Encode(parameters.Q.X);
|
||||
var y = Base64Url.Encode(parameters.Q.Y);
|
||||
var x = Base64Url.EncodeToString(parameters.Q.X);
|
||||
var y = Base64Url.EncodeToString(parameters.Q.Y);
|
||||
|
||||
var ecdsaJsonWebKey = new Models.JsonWebKey
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityServer.Models;
|
||||
using Microsoft.AspNetCore.DataProtection;
|
||||
using Microsoft.Extensions.Logging;
|
||||
|
|
@ -50,7 +50,7 @@ public class ProtectedDataMessageStore<TModel> : IMessageStore<TModel>
|
|||
{
|
||||
try
|
||||
{
|
||||
var bytes = Base64Url.Decode(value);
|
||||
var bytes = Base64Url.DecodeFromChars(value);
|
||||
bytes = Protector.Unprotect(bytes);
|
||||
var json = Encoding.UTF8.GetString(bytes);
|
||||
result = ObjectSerializer.FromString<Message<TModel>>(json);
|
||||
|
|
@ -76,7 +76,7 @@ public class ProtectedDataMessageStore<TModel> : IMessageStore<TModel>
|
|||
var json = ObjectSerializer.ToString(message);
|
||||
var bytes = Encoding.UTF8.GetBytes(json);
|
||||
bytes = Protector.Protect(bytes);
|
||||
value = Base64Url.Encode(bytes);
|
||||
value = Base64Url.EncodeToString(bytes);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Globalization;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
|
|
@ -302,7 +303,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator
|
|||
var bytes = Encoding.UTF8.GetBytes(context.AccessToken);
|
||||
var hash = SHA256.HashData(bytes);
|
||||
|
||||
var accessTokenHash = Base64Url.Encode(hash);
|
||||
var accessTokenHash = Base64Url.EncodeToString(hash);
|
||||
if (accessTokenHash != result.AccessTokenHash)
|
||||
{
|
||||
result.IsError = true;
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Collections.Specialized;
|
||||
using System.Text;
|
||||
using Duende.IdentityModel;
|
||||
|
|
@ -1231,7 +1232,7 @@ internal class TokenRequestValidator : ITokenRequestValidator
|
|||
|
||||
var codeVerifierBytes = Encoding.ASCII.GetBytes(codeVerifier);
|
||||
var hashedBytes = codeVerifierBytes.Sha256();
|
||||
var transformedCodeVerifier = Base64Url.Encode(hashedBytes);
|
||||
var transformedCodeVerifier = Base64Url.EncodeToString(hashedBytes);
|
||||
|
||||
return TimeConstantComparer.IsEqual(transformedCodeVerifier.Sha256(), codeChallenge);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
|
|
@ -223,7 +224,7 @@ public class ClientAssertionClient
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
|
|
@ -433,7 +434,7 @@ public class ClientCredentialsClient
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using Duende.IdentityServer.IntegrationTests.Clients.Setup;
|
||||
using Duende.IdentityServer.IntegrationTests.Common;
|
||||
|
|
@ -275,7 +275,7 @@ public class CustomTokenResponseClients
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
|
|
@ -588,7 +589,7 @@ public class ExtensionGrantClient
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,10 +2,10 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using Duende.IdentityServer.IntegrationTests.Clients.Setup;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
|
|
@ -268,7 +268,7 @@ public class ResourceOwnerClient
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,10 +2,10 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using Duende.IdentityServer.IntegrationTests.Clients.Setup;
|
||||
using Duende.IdentityServer.IntegrationTests.Common;
|
||||
|
|
@ -204,7 +204,7 @@ public class UserInfoEndpointClient
|
|||
{
|
||||
var token = response.AccessToken.Split('.').Skip(1).Take(1).First();
|
||||
var dictionary = JsonSerializer.Deserialize<Dictionary<string, object>>(
|
||||
Encoding.UTF8.GetString(Base64Url.Decode(token)));
|
||||
Encoding.UTF8.GetString(Base64Url.DecodeFromChars(token)));
|
||||
|
||||
return dictionary;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using Duende.IdentityModel;
|
||||
|
|
@ -528,7 +529,7 @@ public class PkceTests
|
|||
{
|
||||
var codeVerifierBytes = Encoding.ASCII.GetBytes(codeVerifier);
|
||||
var hashedBytes = codeVerifierBytes.Sha256();
|
||||
var transformedCodeVerifier = Base64Url.Encode(hashedBytes);
|
||||
var transformedCodeVerifier = Base64Url.EncodeToString(hashedBytes);
|
||||
|
||||
return transformedCodeVerifier;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Globalization;
|
||||
using System.Net;
|
||||
using System.Security.Claims;
|
||||
|
|
@ -581,7 +582,7 @@ public class EndSessionTests
|
|||
var parts = token.Split('.');
|
||||
parts.Length.ShouldBe(3);
|
||||
|
||||
var bytes = Base64Url.Decode(parts[1]);
|
||||
var bytes = Base64Url.DecodeFromChars(parts[1]);
|
||||
var json = Encoding.UTF8.GetString(bytes);
|
||||
var payload = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
|
|
@ -629,7 +630,7 @@ public class EndSessionTests
|
|||
var parts = token.Split('.');
|
||||
parts.Length.ShouldBe(3);
|
||||
|
||||
var bytes = Base64Url.Decode(parts[0]);
|
||||
var bytes = Base64Url.DecodeFromChars(parts[0]);
|
||||
var json = Encoding.UTF8.GetString(bytes);
|
||||
var header = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
|
|
@ -669,7 +670,7 @@ public class EndSessionTests
|
|||
var parts = token.Split('.');
|
||||
parts.Length.ShouldBe(3);
|
||||
|
||||
var bytes = Base64Url.Decode(parts[0]);
|
||||
var bytes = Base64Url.DecodeFromChars(parts[0]);
|
||||
var json = Encoding.UTF8.GetString(bytes);
|
||||
var header = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Claims;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using Duende.IdentityServer.IntegrationTests.Common;
|
||||
using Duende.IdentityServer.Models;
|
||||
|
|
@ -97,7 +97,7 @@ public class RefreshTokenTests
|
|||
tokenResult1.AccessToken.ShouldNotBeNull();
|
||||
|
||||
|
||||
var payload1 = JsonSerializer.Deserialize<JsonElement>(Base64Url.Decode(tokenResult1.AccessToken.Split('.')[1]));
|
||||
var payload1 = JsonSerializer.Deserialize<JsonElement>(Base64Url.DecodeFromChars(tokenResult1.AccessToken.Split('.')[1]));
|
||||
var sid1 = payload1.TryGetValue("sid").GetString();
|
||||
sid1.ShouldBe(_mockPipeline.GetSessionCookie().Value);
|
||||
|
||||
|
|
@ -114,7 +114,7 @@ public class RefreshTokenTests
|
|||
tokenResult2.IsError.ShouldBeFalse();
|
||||
tokenResult2.AccessToken.ShouldNotBeNull();
|
||||
|
||||
var payload2 = JsonSerializer.Deserialize<JsonElement>(Base64Url.Decode(tokenResult2.AccessToken.Split('.')[1]));
|
||||
var payload2 = JsonSerializer.Deserialize<JsonElement>(Base64Url.DecodeFromChars(tokenResult2.AccessToken.Split('.')[1]));
|
||||
var sid2 = payload2.TryGetValue("sid").GetString();
|
||||
sid1.ShouldBe(sid2);
|
||||
}
|
||||
|
|
@ -155,7 +155,7 @@ public class RefreshTokenTests
|
|||
tokenResult1.AccessToken.ShouldNotBeNull();
|
||||
|
||||
|
||||
var payload1 = JsonSerializer.Deserialize<JsonElement>(Base64Url.Decode(tokenResult1.AccessToken.Split('.')[1]));
|
||||
var payload1 = JsonSerializer.Deserialize<JsonElement>(Base64Url.DecodeFromChars(tokenResult1.AccessToken.Split('.')[1]));
|
||||
var sid1 = payload1.TryGetValue("sid").GetString();
|
||||
sid1.ShouldBe(_mockPipeline.GetSessionCookie().Value);
|
||||
|
||||
|
|
@ -172,7 +172,7 @@ public class RefreshTokenTests
|
|||
tokenResult2.IsError.ShouldBeFalse();
|
||||
tokenResult2.AccessToken.ShouldNotBeNull();
|
||||
|
||||
var payload2 = JsonSerializer.Deserialize<JsonElement>(Base64Url.Decode(tokenResult2.AccessToken.Split('.')[1]));
|
||||
var payload2 = JsonSerializer.Deserialize<JsonElement>(Base64Url.DecodeFromChars(tokenResult2.AccessToken.Split('.')[1]));
|
||||
var sid2 = payload2.TryGetValue("sid").GetString();
|
||||
sid1.ShouldBe(sid2);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,10 +2,10 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using Duende.IdentityServer.IntegrationTests.Common;
|
||||
using Duende.IdentityServer.Models;
|
||||
|
|
@ -64,7 +64,7 @@ public class CustomClaimsServiceTests
|
|||
|
||||
var accessToken = result.AccessToken;
|
||||
var payload = accessToken.Split('.')[1];
|
||||
var json = Encoding.UTF8.GetString(Base64Url.Decode(payload));
|
||||
var json = Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload));
|
||||
var obj = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
obj["foo"].GetString().ShouldBe("foo1");
|
||||
|
|
|
|||
|
|
@ -2,11 +2,11 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Net;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityServer.IntegrationTests.Common;
|
||||
using Duende.IdentityServer.Models;
|
||||
using Duende.IdentityServer.Services;
|
||||
|
|
@ -73,7 +73,7 @@ public class CustomProfileServiceTests
|
|||
authorization.IdentityToken.ShouldNotBeNull();
|
||||
|
||||
var payload = authorization.IdentityToken.Split('.')[1];
|
||||
var json = Encoding.UTF8.GetString(Base64Url.Decode(payload));
|
||||
var json = Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload));
|
||||
var obj = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
obj["foo"].GetString().ShouldBe("bar");
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityModel.Client;
|
||||
using Duende.IdentityServer.Configuration;
|
||||
using Duende.IdentityServer.IntegrationTests.Common;
|
||||
|
|
@ -63,7 +63,7 @@ public class CustomTokenCreationServiceTests
|
|||
|
||||
var accessToken = result.AccessToken;
|
||||
var payload = accessToken.Split('.')[1];
|
||||
var json = Encoding.UTF8.GetString(Base64Url.Decode(payload));
|
||||
var json = Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload));
|
||||
var obj = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
|
||||
obj["aud"].ToStringList().ShouldContain("custom1");
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Net;
|
||||
using System.Net.Http.Headers;
|
||||
|
|
@ -212,11 +213,11 @@ public class LocalApiAuthenticationTests
|
|||
|
||||
if (!string.IsNullOrWhiteSpace(accessToken))
|
||||
{
|
||||
// ath: hash of the access token. The value MUST be the result of a base64url encoding
|
||||
// ath: hash of the access token. The value MUST be the result of a base64url encoding
|
||||
// the SHA-256 hash of the ASCII encoding of the associated access token's value.
|
||||
using var sha256 = SHA256.Create();
|
||||
var hash = sha256.ComputeHash(Encoding.ASCII.GetBytes(accessToken));
|
||||
var ath = Base64Url.Encode(hash);
|
||||
var ath = Base64Url.EncodeToString(hash);
|
||||
|
||||
payload.Add(JwtClaimTypes.DPoPAccessTokenHash, ath);
|
||||
}
|
||||
|
|
@ -293,7 +294,7 @@ public class LocalApiAuthenticationTests
|
|||
// so it should fail.
|
||||
var newKey = GenerateJwk();
|
||||
var newJwk = new Microsoft.IdentityModel.Tokens.JsonWebKey(newKey);
|
||||
var newJkt = Base64Url.Encode(newJwk.ComputeJwkThumbprint());
|
||||
var newJkt = Base64Url.EncodeToString(newJwk.ComputeJwkThumbprint());
|
||||
var proofToken = CreateProofToken("GET", "https://server/api", at, jwkString: newKey);
|
||||
req.Headers.Add("DPoP", proofToken);
|
||||
|
||||
|
|
@ -328,7 +329,7 @@ public class LocalApiAuthenticationTests
|
|||
// so it should fail.
|
||||
var newKey = GenerateJwk();
|
||||
var newJwk = new Microsoft.IdentityModel.Tokens.JsonWebKey(newKey);
|
||||
var newJkt = Base64Url.Encode(newJwk.ComputeJwkThumbprint());
|
||||
var newJkt = Base64Url.EncodeToString(newJwk.ComputeJwkThumbprint());
|
||||
var proofToken = CreateProofToken("GET", "https://server/api", at, jwkString: newKey);
|
||||
req.Headers.Add("DPoP", proofToken);
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Text.Json;
|
||||
using Duende.IdentityModel;
|
||||
using Duende.IdentityServer;
|
||||
using Duende.IdentityServer.Configuration;
|
||||
using Duende.IdentityServer.Services;
|
||||
|
|
@ -62,7 +62,7 @@ public class DefaultBackChannelLogoutServiceTests
|
|||
});
|
||||
|
||||
|
||||
var payload = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(Base64Url.Decode(rawToken.Split('.')[1]));
|
||||
var payload = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(Base64Url.DecodeFromChars(rawToken.Split('.')[1]));
|
||||
payload["iss"].GetString().ShouldBe(expected);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
// Copyright (c) Duende Software. All rights reserved.
|
||||
// See LICENSE in the project root for license information.
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Security.Claims;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
|
|
@ -168,7 +169,7 @@ public class DPoPProofValidatorTests
|
|||
using var sha = SHA256.Create();
|
||||
var bytes = Encoding.UTF8.GetBytes(_context.AccessToken);
|
||||
var hash = sha.ComputeHash(bytes);
|
||||
return Base64Url.Encode(hash);
|
||||
return Base64Url.EncodeToString(hash);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
|
|
@ -93,7 +94,7 @@ public class IdentityTokenValidation
|
|||
|
||||
// check that the custom aud was ignored
|
||||
var payload = jwt.Split('.')[1];
|
||||
var json = Encoding.UTF8.GetString(Base64Url.Decode(payload));
|
||||
var json = Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload));
|
||||
var values = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json);
|
||||
values["aud"].GetString().ShouldBe("roclient");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// See LICENSE in the project root for license information.
|
||||
|
||||
|
||||
using System.Buffers.Text;
|
||||
using System.Collections.Specialized;
|
||||
using System.Text;
|
||||
using Duende.IdentityModel;
|
||||
|
|
@ -316,7 +317,7 @@ public class TokenRequestValidation_PKCE
|
|||
{
|
||||
var codeVerifierBytes = Encoding.ASCII.GetBytes(codeVerifier);
|
||||
var hashedBytes = codeVerifierBytes.Sha256();
|
||||
var transformedCodeVerifier = Base64Url.Encode(hashedBytes);
|
||||
var transformedCodeVerifier = Base64Url.EncodeToString(hashedBytes);
|
||||
|
||||
return transformedCodeVerifier;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
<RootNamespace>Duende.Xunit.Playwright</RootNamespace>
|
||||
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
|
||||
<IsTestProject>false</IsTestProject>
|
||||
<IsPackable>false</IsPackable>
|
||||
</PropertyGroup>
|
||||
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug_ncrunch|AnyCPU'">
|
||||
|
|
|
|||
Loading…
Reference in a new issue