Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to Openiddict 6.0.0 #20979

Draft
wants to merge 9 commits into
base: dev
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions Directory.Packages.props
Original file line number Diff line number Diff line change
Expand Up @@ -120,11 +120,11 @@
<PackageVersion Include="NUglify" Version="1.21.9" />
<PackageVersion Include="Nullable" Version="1.3.1" />
<PackageVersion Include="Octokit" Version="13.0.1" />
<PackageVersion Include="OpenIddict.Abstractions" Version="5.8.0" />
<PackageVersion Include="OpenIddict.Core" Version="5.8.0" />
<PackageVersion Include="OpenIddict.Server.AspNetCore" Version="5.8.0" />
<PackageVersion Include="OpenIddict.Validation.AspNetCore" Version="5.8.0" />
<PackageVersion Include="OpenIddict.Validation.ServerIntegration" Version="5.8.0" />
<PackageVersion Include="OpenIddict.Abstractions" Version="6.0.0-preview4.24563.42" />
<PackageVersion Include="OpenIddict.Core" Version="6.0.0-preview4.24563.42" />
<PackageVersion Include="OpenIddict.Server.AspNetCore" Version="6.0.0-preview4.24563.42" />
<PackageVersion Include="OpenIddict.Validation.AspNetCore" Version="6.0.0-preview4.24563.42" />
<PackageVersion Include="OpenIddict.Validation.ServerIntegration" Version="6.0.0-preview4.24563.42" />
<PackageVersion Include="Oracle.EntityFrameworkCore" Version="8.23.60" />
<PackageVersion Include="Polly" Version="8.4.2" />
<PackageVersion Include="Polly.Extensions.Http" Version="3.0.0" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ Welcome to your new app.

@if (_claims.Count() > 0)
{
<p>
<textarea style="width: -webkit-fill-available; height: 300px">
@_accessToken
</p>
</textarea>

<ul>
@foreach (var claim in _claims)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
options.ProviderOptions.ClientId = "AbpBlazorWASMApp";
options.ProviderOptions.ResponseType = "code";

options.UserOptions.NameClaim = JwtClaimTypes.Name;
options.UserOptions.NameClaim = JwtClaimTypes.PreferredUserName;
options.UserOptions.RoleClaim = JwtClaimTypes.Role;

options.ProviderOptions.DefaultScopes.Add("roles");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,10 +67,10 @@ await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.Endpoints.Device,
OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization,
OpenIddictConstants.Permissions.Endpoints.Introspection,
OpenIddictConstants.Permissions.Endpoints.Revocation,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.Endpoints.EndSession,

OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.Implicit,
Expand Down Expand Up @@ -125,10 +125,10 @@ await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.Endpoints.Device,
OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization,
OpenIddictConstants.Permissions.Endpoints.Introspection,
OpenIddictConstants.Permissions.Endpoints.Revocation,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.Endpoints.EndSession,

OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.Implicit,
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -232,9 +232,11 @@ protected override void Up(MigrationBuilder migrationBuilder)
TenantId = table.Column<Guid>(type: "uniqueidentifier", nullable: true),
UserId = table.Column<Guid>(type: "uniqueidentifier", nullable: false),
ClientId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
IpAddresses = table.Column<string>(type: "nvarchar(256)", maxLength: 256, nullable: true),
IpAddresses = table.Column<string>(type: "nvarchar(2048)", maxLength: 2048, nullable: true),
SignedIn = table.Column<DateTime>(type: "datetime2", nullable: false),
LastAccessed = table.Column<DateTime>(type: "datetime2", nullable: true)
LastAccessed = table.Column<DateTime>(type: "datetime2", nullable: true),
ExtraProperties = table.Column<string>(type: "nvarchar(max)", nullable: false),
ConcurrencyStamp = table.Column<string>(type: "nvarchar(40)", maxLength: 40, nullable: false)
},
constraints: table =>
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ protected override void BuildModel(ModelBuilder modelBuilder)
#pragma warning disable 612, 618
modelBuilder
.HasAnnotation("_Abp_DatabaseProvider", EfCoreDatabaseProvider.SqlServer)
.HasAnnotation("ProductVersion", "8.0.4")
.HasAnnotation("ProductVersion", "9.0.0-rc.1.24451.1")
.HasAnnotation("Relational:MaxIdentifierLength", 128);

SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder);
Expand Down Expand Up @@ -391,6 +391,13 @@ protected override void BuildModel(ModelBuilder modelBuilder)
.HasMaxLength(64)
.HasColumnType("nvarchar(64)");

b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.IsRequired()
.HasMaxLength(40)
.HasColumnType("nvarchar(40)")
.HasColumnName("ConcurrencyStamp");

b.Property<string>("Device")
.IsRequired()
.HasMaxLength(64)
Expand All @@ -400,9 +407,14 @@ protected override void BuildModel(ModelBuilder modelBuilder)
.HasMaxLength(64)
.HasColumnType("nvarchar(64)");

b.Property<string>("ExtraProperties")
.IsRequired()
.HasColumnType("nvarchar(max)")
.HasColumnName("ExtraProperties");

b.Property<string>("IpAddresses")
.HasMaxLength(256)
.HasColumnType("nvarchar(256)");
.HasMaxLength(2048)
.HasColumnType("nvarchar(2048)");

b.Property<DateTime?>("LastAccessed")
.HasColumnType("datetime2");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -89,24 +89,7 @@ public override void PreConfigureServices(ServiceConfigurationContext context)

PreConfigure<OpenIddictServerBuilder>(builder =>
{
//https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
using (var algorithm = RSA.Create(keySizeInBits: 2048))
{
var subject = new X500DistinguishedName("CN=Fabrikam Encryption Certificate");
var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(2));
builder.AddSigningCertificate(certificate);
}

using (var algorithm = RSA.Create(keySizeInBits: 2048))
{
var subject = new X500DistinguishedName("CN=Fabrikam Signing Certificate");
var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment, critical: true));
var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(2));
builder.AddEncryptionCertificate(certificate);
}
builder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "00000000-0000-0000-0000-000000000000");

builder.Configure(openIddictServerOptions =>
{
Expand Down
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -62,13 +62,13 @@ private void AddOpenIddictServer(IServiceCollection services)
//.SetConfigurationEndpointUris()
// .well-known/jwks
//.SetCryptographyEndpointUris()
.SetDeviceEndpointUris("device")
.SetDeviceAuthorizationEndpointUris("device")
.SetIntrospectionEndpointUris("connect/introspect")
.SetLogoutEndpointUris("connect/logout")
.SetEndSessionEndpointUris("connect/endsession")
.SetRevocationEndpointUris("connect/revocat")
.SetTokenEndpointUris("connect/token")
.SetUserinfoEndpointUris("connect/userinfo")
.SetVerificationEndpointUris("connect/verify");
.SetUserInfoEndpointUris("connect/userinfo")
.SetEndUserVerificationEndpointUris("connect/verify");

builder
.AllowAuthorizationCodeFlow()
Expand All @@ -77,7 +77,7 @@ private void AddOpenIddictServer(IServiceCollection services)
.AllowPasswordFlow()
.AllowClientCredentialsFlow()
.AllowRefreshTokenFlow()
.AllowDeviceCodeFlow()
.AllowDeviceAuthorizationFlow()
.AllowNoneFlow();

builder.RegisterScopes(new[]
Expand All @@ -94,9 +94,9 @@ private void AddOpenIddictServer(IServiceCollection services)
builder.UseAspNetCore()
.EnableAuthorizationEndpointPassthrough()
.EnableTokenEndpointPassthrough()
.EnableUserinfoEndpointPassthrough()
.EnableLogoutEndpointPassthrough()
.EnableVerificationEndpointPassthrough()
.EnableUserInfoEndpointPassthrough()
.EnableEndSessionEndpointPassthrough()
.EnableEndUserVerificationEndpointPassthrough()
.EnableStatusCodePagesIntegration();

if (builderOptions.AddDevelopmentEncryptionAndSigningCertificate)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@ public virtual async Task<IActionResult> HandleAsync()

// If prompt=login was specified by the client application,
// immediately return the user agent to the login page.
if (request.HasPrompt(OpenIddictConstants.Prompts.Login))
if (request.HasPromptValue(OpenIddictConstants.PromptValues.Login))
{
// To avoid endless login -> authorization redirects, the prompt=login flag
// is removed from the authorization request payload before redirecting the user.
var prompt = string.Join(" ", request.GetPrompts().Remove(OpenIddictConstants.Prompts.Login));
var prompt = string.Join(" ", request.GetPromptValues().Remove(OpenIddictConstants.PromptValues.Login));

var parameters = Request.HasFormContentType ?
Request.Form.Where(parameter => parameter.Key != OpenIddictConstants.Parameters.Prompt).ToList() :
Expand All @@ -59,7 +59,7 @@ public virtual async Task<IActionResult> HandleAsync()
{
// If the client application requested promptless authentication,
// return an error indicating that the user is not logged in.
if (request.HasPrompt(OpenIddictConstants.Prompts.None))
if (request.HasPromptValue(OpenIddictConstants.PromptValues.None))
{
return Forbid(
authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
Expand Down Expand Up @@ -137,7 +137,7 @@ public virtual async Task<IActionResult> HandleAsync()
// return an authorization response without displaying the consent form.
case OpenIddictConstants.ConsentTypes.Implicit:
case OpenIddictConstants.ConsentTypes.External when authorizations.Any():
case OpenIddictConstants.ConsentTypes.Explicit when authorizations.Any() && !request.HasPrompt(OpenIddictConstants.Prompts.Consent):
case OpenIddictConstants.ConsentTypes.Explicit when authorizations.Any() && !request.HasPromptValue(OpenIddictConstants.PromptValues.Consent):
var principal = await SignInManager.CreateUserPrincipalAsync(user);

if (result.Properties != null && result.Properties.IsPersistent)
Expand Down Expand Up @@ -173,8 +173,8 @@ public virtual async Task<IActionResult> HandleAsync()

// At this point, no authorization was found in the database and an error must be returned
// if the client application specified prompt=none in the authorization request.
case OpenIddictConstants.ConsentTypes.Explicit when request.HasPrompt(OpenIddictConstants.Prompts.None):
case OpenIddictConstants.ConsentTypes.Systematic when request.HasPrompt(OpenIddictConstants.Prompts.None):
case OpenIddictConstants.ConsentTypes.Explicit when request.HasPromptValue(OpenIddictConstants.PromptValues.None):
case OpenIddictConstants.ConsentTypes.Systematic when request.HasPromptValue(OpenIddictConstants.PromptValues.None):
return Forbid(
authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
properties: new AuthenticationProperties(new Dictionary<string, string>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Mvc;
using OpenIddict.Server.AspNetCore;

namespace Volo.Abp.OpenIddict.Controllers;

[Route("connect/logout")]
[Route("connect/endsession")]
[ApiExplorerSettings(IgnoreApi = true)]
public class LogoutController : AbpOpenIdDictControllerBase
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@

namespace Volo.Abp.OpenIddict.WildcardDomains;

public class AbpValidateAuthorizedParty : AbpOpenIddictWildcardDomainBase<AbpValidateAuthorizedParty, OpenIddictServerHandlers.Session.ValidateAuthorizedParty, OpenIddictServerEvents.ValidateLogoutRequestContext>
public class AbpValidateAuthorizedParty : AbpOpenIddictWildcardDomainBase<AbpValidateAuthorizedParty, OpenIddictServerHandlers.Session.ValidateAuthorizedParty, OpenIddictServerEvents.ValidateEndSessionRequestContext>
{
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ValidateLogoutRequestContext>()
= OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ValidateEndSessionRequestContext>()
.UseScopedHandler<AbpValidateAuthorizedParty>()
.SetOrder(OpenIddictServerHandlers.Session.ValidateEndpointPermissions.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
Expand All @@ -22,7 +22,7 @@ public AbpValidateAuthorizedParty(
OriginalHandler = new OpenIddictServerHandlers.Session.ValidateAuthorizedParty(applicationManager);
}

public async override ValueTask HandleAsync(OpenIddictServerEvents.ValidateLogoutRequestContext context)
public async override ValueTask HandleAsync(OpenIddictServerEvents.ValidateEndSessionRequestContext context)
{
Check.NotNull(context, nameof(context));

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@

namespace Volo.Abp.OpenIddict.WildcardDomains;

public class AbpValidateClientPostLogoutRedirectUri : AbpOpenIddictWildcardDomainBase<AbpValidateClientPostLogoutRedirectUri, OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri, OpenIddictServerEvents.ValidateLogoutRequestContext>
public class AbpValidateClientPostLogoutRedirectUri : AbpOpenIddictWildcardDomainBase<AbpValidateClientPostLogoutRedirectUri, OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri, OpenIddictServerEvents.ValidateEndSessionRequestContext>
{
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ValidateLogoutRequestContext>()
= OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ValidateEndSessionRequestContext>()
.AddFilter<OpenIddictServerHandlerFilters.RequireDegradedModeDisabled>()
.AddFilter<OpenIddictServerHandlerFilters.RequirePostLogoutRedirectUriParameter>()
.UseScopedHandler<AbpValidateClientPostLogoutRedirectUri>()
Expand All @@ -24,7 +24,7 @@ public AbpValidateClientPostLogoutRedirectUri(
OriginalHandler = new OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri(applicationManager);
}

public async override ValueTask HandleAsync(OpenIddictServerEvents.ValidateLogoutRequestContext context)
public async override ValueTask HandleAsync(OpenIddictServerEvents.ValidateEndSessionRequestContext context)
{
Check.NotNull(context, nameof(context));
Check.NotNullOrEmpty(context.PostLogoutRedirectUri, nameof(context.PostLogoutRedirectUri));
Expand Down
Loading
Loading