From cd1a60d450041b295c797b4df629a2c60057550a Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Wed, 18 Mar 2015 13:53:00 +0100 Subject: [PATCH 01/24] renamed solution --- ...enValidation.sln => IdentityServer3.AccessTokenValidation.sln} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename source/{Thinktecture.IdentityServer3.AccessTokenValidation.sln => IdentityServer3.AccessTokenValidation.sln} (100%) diff --git a/source/Thinktecture.IdentityServer3.AccessTokenValidation.sln b/source/IdentityServer3.AccessTokenValidation.sln similarity index 100% rename from source/Thinktecture.IdentityServer3.AccessTokenValidation.sln rename to source/IdentityServer3.AccessTokenValidation.sln From 8acbc1c2a7946da348d260e2ea783a335416d437 Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Wed, 18 Mar 2015 14:14:03 +0100 Subject: [PATCH 02/24] updated ignore --- .gitignore | 1 + .../IdentityServerBearerTokensAuthenticationOptions.cs | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index cffd936..8fc0f31 100644 --- a/.gitignore +++ b/.gitignore @@ -153,3 +153,4 @@ distribution/ #Roslyn compiler temp folders *.sln.ide/ +source/IdentityServer3.AccessTokenValidation.sln.GhostDoc.xml diff --git a/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs b/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs index a5fa250..0ce1f2e 100644 --- a/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs +++ b/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs @@ -36,7 +36,7 @@ public class IdentityServerBearerTokenAuthenticationOptions : AuthenticationOpti public IdentityServerBearerTokenAuthenticationOptions() : base("Bearer") { ValidationMode = ValidationMode.ValidationEndpoint; - RequiredScopes = Enumerable.Empty(); + RequiredScopes = new string[] { }; ValidationResultCacheDuration = TimeSpan.FromMinutes(5); @@ -68,7 +68,7 @@ public IdentityServerBearerTokenAuthenticationOptions() : base("Bearer") /// /// The required scopes. /// - public IEnumerable RequiredScopes { get; set; } + public string[] RequiredScopes { get; set; } /// /// Gets or sets the type of the name claim. From b7bee81fbc3d29c9cf77d40a00d232baa3bb08b3 Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Sat, 4 Apr 2015 20:53:03 +0200 Subject: [PATCH 03/24] updated to 2.0.0 --- default.ps1 | 16 ++++++++-------- .../InMemoryClaimsCacheTests.cs | 2 +- .../AccessTokenValidation.csproj | 8 ++++---- source/AccessTokenValidation/AsyncHelper.cs | 2 +- source/AccessTokenValidation/Cache.cs | 2 +- ...chingDiscoveryIssuerSecurityTokenProvider.cs | 2 +- source/AccessTokenValidation/Clock.cs | 2 +- .../EpochTimeExtensions.cs | 2 +- source/AccessTokenValidation/ICache.cs | 2 +- source/AccessTokenValidation/IClock.cs | 2 +- .../IValidationResultCache.cs | 2 +- ...AccessTokenValidationAppBuilderExtensions.cs | 2 +- ...tyServerBearerTokensAuthenticationOptions.cs | 4 +--- .../InMemoryValidationResultCache.cs | 2 +- .../ScopeRequirementMiddleware.cs | 2 +- .../AccessTokenValidation/StringExtensions.cs | 2 +- .../ValidationEndpointTokenProvider.cs | 2 +- source/AccessTokenValidation/ValidationMode.cs | 2 +- ...dentityServer3.AccessTokenValidation.nuspec} | 8 ++++---- source/VersionAssemblyInfo.cs | Bin 226 -> 226 bytes 20 files changed, 32 insertions(+), 34 deletions(-) rename source/{Thinktecture.IdentityServer3.AccessTokenValidation.nuspec => IdentityServer3.AccessTokenValidation.nuspec} (77%) diff --git a/default.ps1 b/default.ps1 index 16ac260..0a5c67a 100644 --- a/default.ps1 +++ b/default.ps1 @@ -3,7 +3,7 @@ properties { $src_directory = "$base_directory\source" $output_directory = "$base_directory\build" $dist_directory = "$base_directory\distribution" - $sln_file = "$src_directory\Thinktecture.IdentityServer3.AccessTokenValidation.sln" + $sln_file = "$src_directory\IdentityServer3.AccessTokenValidation.sln" $target_config = "Release" $framework_version = "v4.5" $xunit_path = "$src_directory\packages\xunit.runners.1.9.2\tools\xunit.console.clr4.exe" @@ -11,7 +11,7 @@ properties { $nuget_path = "$src_directory\.nuget\nuget.exe" $buildNumber = 0; - $version = "1.2.3.0" + $version = "2.0.0.0" $preRelease = $null } @@ -53,19 +53,19 @@ task UpdateVersion { } task ILMerge -depends Compile { - $input_dlls = "$output_directory\Thinktecture.IdentityServer.v3.AccessTokenValidation.dll" + $input_dlls = "$output_directory\IdentityServer.v3.AccessTokenValidation.dll" Get-ChildItem -Path $output_directory -Filter *.dll | foreach-object { # Exclude Thinktecture.IdentityServer.Core.dll as that will be the primary assembly - if ("$_" -ne "Thinktecture.IdentityServer.v3.AccessTokenValidation.dll" -and + if ("$_" -ne "IdentityServer.v3.AccessTokenValidation.dll" -and "$_" -ne "Owin.dll") { $input_dlls = "$input_dlls $output_directory\$_" } } New-Item $dist_directory\lib\net45 -Type Directory - Invoke-Expression "$ilmerge_path /targetplatform:v4 /internalize:ilmerge.exclude /allowDup /target:library /out:$dist_directory\lib\net45\Thinktecture.IdentityServer.v3.AccessTokenValidation.dll $input_dlls" + Invoke-Expression "$ilmerge_path /targetplatform:v4 /internalize:ilmerge.exclude /allowDup /target:library /out:$dist_directory\lib\net45\IdentityServer.v3.AccessTokenValidation.dll $input_dlls" } task CreateNuGetPackage -depends Compile { @@ -87,8 +87,8 @@ task CreateNuGetPackage -depends Compile { } New-Item $dist_directory\lib\net45 -Type Directory - copy-item $output_directory\Thinktecture.IdentityServer3.AccessTokenValidation.* $dist_directory\lib\net45 + copy-item $output_directory\IdentityServer3.AccessTokenValidation.* $dist_directory\lib\net45 - copy-item $src_directory\Thinktecture.IdentityServer3.AccessTokenValidation.nuspec $dist_directory - exec { . $nuget_path pack $dist_directory\Thinktecture.IdentityServer3.AccessTokenValidation.nuspec -BasePath $dist_directory -o $dist_directory -version $packageVersion } + copy-item $src_directory\IdentityServer3.AccessTokenValidation.nuspec $dist_directory + exec { . $nuget_path pack $dist_directory\IdentityServer3.AccessTokenValidation.nuspec -BasePath $dist_directory -o $dist_directory -version $packageVersion } } diff --git a/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs b/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs index 2d11ba8..b41d2b4 100644 --- a/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs +++ b/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs @@ -3,7 +3,7 @@ using System.Collections.Generic; using System.Security.Claims; using Thinktecture.IdentityModel.Extensions; -using Thinktecture.IdentityServer.AccessTokenValidation; +using IdentityServer3.AccessTokenValidation; using Xunit; namespace AccessTokenValidation.Tests diff --git a/source/AccessTokenValidation/AccessTokenValidation.csproj b/source/AccessTokenValidation/AccessTokenValidation.csproj index 49a37df..a74dac4 100644 --- a/source/AccessTokenValidation/AccessTokenValidation.csproj +++ b/source/AccessTokenValidation/AccessTokenValidation.csproj @@ -7,8 +7,8 @@ {DF867B5D-3A9E-443A-B95E-D8F11E2A88A3} Library Properties - Thinktecture.IdentityServer.AccessTokenValidation - Thinktecture.IdentityServer3.AccessTokenValidation + IdentityServer3.AccessTokenValidation + IdentityServer3.AccessTokenValidation v4.5 512 @@ -20,7 +20,7 @@ DEBUG;TRACE prompt 4 - ..\..\build\Thinktecture.IdentityServer3.AccessTokenValidation.XML + ..\..\build\IdentityServer3.AccessTokenValidation.xml pdbonly @@ -29,7 +29,7 @@ TRACE prompt 4 - ..\..\build\Thinktecture.IdentityServer3.AccessTokenValidation.XML + ..\..\build\IdentityServer3.AccessTokenValidation.xml diff --git a/source/AccessTokenValidation/AsyncHelper.cs b/source/AccessTokenValidation/AsyncHelper.cs index 67657c7..8b6bcb4 100644 --- a/source/AccessTokenValidation/AsyncHelper.cs +++ b/source/AccessTokenValidation/AsyncHelper.cs @@ -18,7 +18,7 @@ using System.Threading; using System.Threading.Tasks; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { internal static class AsyncHelper { diff --git a/source/AccessTokenValidation/Cache.cs b/source/AccessTokenValidation/Cache.cs index 3c35dd7..95b7c78 100644 --- a/source/AccessTokenValidation/Cache.cs +++ b/source/AccessTokenValidation/Cache.cs @@ -17,7 +17,7 @@ using System; using System.Runtime.Caching; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { /// /// Cache implementation using System.Runtime.Cachine.MemoryCache diff --git a/source/AccessTokenValidation/CachingDiscoveryIssuerSecurityTokenProvider.cs b/source/AccessTokenValidation/CachingDiscoveryIssuerSecurityTokenProvider.cs index c8962e6..1480018 100644 --- a/source/AccessTokenValidation/CachingDiscoveryIssuerSecurityTokenProvider.cs +++ b/source/AccessTokenValidation/CachingDiscoveryIssuerSecurityTokenProvider.cs @@ -24,7 +24,7 @@ using System.Security.Cryptography.X509Certificates; using System.Threading; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { internal class CachingDiscoveryIssuerSecurityTokenProvider : IIssuerSecurityTokenProvider { diff --git a/source/AccessTokenValidation/Clock.cs b/source/AccessTokenValidation/Clock.cs index 457684c..5ffbd8f 100644 --- a/source/AccessTokenValidation/Clock.cs +++ b/source/AccessTokenValidation/Clock.cs @@ -16,7 +16,7 @@ using System; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { /// /// Default clock implementation based on DateTimeOffset diff --git a/source/AccessTokenValidation/EpochTimeExtensions.cs b/source/AccessTokenValidation/EpochTimeExtensions.cs index 09b4b84..936bee2 100644 --- a/source/AccessTokenValidation/EpochTimeExtensions.cs +++ b/source/AccessTokenValidation/EpochTimeExtensions.cs @@ -16,7 +16,7 @@ using System; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { internal static class EpochTimeExtensions { diff --git a/source/AccessTokenValidation/ICache.cs b/source/AccessTokenValidation/ICache.cs index 8e90bbb..8b425d0 100644 --- a/source/AccessTokenValidation/ICache.cs +++ b/source/AccessTokenValidation/ICache.cs @@ -16,7 +16,7 @@ using System; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { /// /// Abstraction for a cache diff --git a/source/AccessTokenValidation/IClock.cs b/source/AccessTokenValidation/IClock.cs index 8a28f35..a1a3f74 100644 --- a/source/AccessTokenValidation/IClock.cs +++ b/source/AccessTokenValidation/IClock.cs @@ -16,7 +16,7 @@ using System; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { /// /// Interface to abstract the clock diff --git a/source/AccessTokenValidation/IValidationResultCache.cs b/source/AccessTokenValidation/IValidationResultCache.cs index d550406..7d6d23f 100644 --- a/source/AccessTokenValidation/IValidationResultCache.cs +++ b/source/AccessTokenValidation/IValidationResultCache.cs @@ -18,7 +18,7 @@ using System.Security.Claims; using System.Threading.Tasks; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { /// /// Interface for caching then token validation result diff --git a/source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs b/source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs index 4ea258d..fdaed96 100644 --- a/source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs +++ b/source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs @@ -14,12 +14,12 @@ * limitations under the License. */ +using IdentityServer3.AccessTokenValidation; using Microsoft.Owin.Security.Jwt; using Microsoft.Owin.Security.OAuth; using System; using System.IdentityModel.Tokens; using System.Linq; -using Thinktecture.IdentityServer.AccessTokenValidation; namespace Owin { diff --git a/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs b/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs index 0ce1f2e..9b323ae 100644 --- a/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs +++ b/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs @@ -17,13 +17,11 @@ using Microsoft.Owin.Security; using Microsoft.Owin.Security.OAuth; using System; -using System.Collections.Generic; using System.IdentityModel.Tokens; -using System.Linq; using System.Net.Http; using System.Security.Cryptography.X509Certificates; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { /// /// Options class for configuring the access token validation middleware diff --git a/source/AccessTokenValidation/InMemoryValidationResultCache.cs b/source/AccessTokenValidation/InMemoryValidationResultCache.cs index 13d4019..982189d 100644 --- a/source/AccessTokenValidation/InMemoryValidationResultCache.cs +++ b/source/AccessTokenValidation/InMemoryValidationResultCache.cs @@ -20,7 +20,7 @@ using System.Security.Claims; using System.Threading.Tasks; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { /// /// In-memory cache for validation results diff --git a/source/AccessTokenValidation/ScopeRequirementMiddleware.cs b/source/AccessTokenValidation/ScopeRequirementMiddleware.cs index d57e709..9f54937 100644 --- a/source/AccessTokenValidation/ScopeRequirementMiddleware.cs +++ b/source/AccessTokenValidation/ScopeRequirementMiddleware.cs @@ -20,7 +20,7 @@ using System.Linq; using System.Threading.Tasks; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { internal class ScopeRequirementMiddleware { diff --git a/source/AccessTokenValidation/StringExtensions.cs b/source/AccessTokenValidation/StringExtensions.cs index d2cbddd..f60d561 100644 --- a/source/AccessTokenValidation/StringExtensions.cs +++ b/source/AccessTokenValidation/StringExtensions.cs @@ -14,7 +14,7 @@ * limitations under the License. */ -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { internal static class StringExtensions { diff --git a/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs b/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs index b2c163b..ea42e72 100644 --- a/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs +++ b/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs @@ -24,7 +24,7 @@ using System.Security.Claims; using System.Threading.Tasks; -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { internal class ValidationEndpointTokenProvider : AuthenticationTokenProvider { diff --git a/source/AccessTokenValidation/ValidationMode.cs b/source/AccessTokenValidation/ValidationMode.cs index 44d9444..318f913 100644 --- a/source/AccessTokenValidation/ValidationMode.cs +++ b/source/AccessTokenValidation/ValidationMode.cs @@ -14,7 +14,7 @@ * limitations under the License. */ -namespace Thinktecture.IdentityServer.AccessTokenValidation +namespace IdentityServer3.AccessTokenValidation { /// /// Enum for specifying where to validate the access token diff --git a/source/Thinktecture.IdentityServer3.AccessTokenValidation.nuspec b/source/IdentityServer3.AccessTokenValidation.nuspec similarity index 77% rename from source/Thinktecture.IdentityServer3.AccessTokenValidation.nuspec rename to source/IdentityServer3.AccessTokenValidation.nuspec index 3f82672..2986dc5 100644 --- a/source/Thinktecture.IdentityServer3.AccessTokenValidation.nuspec +++ b/source/IdentityServer3.AccessTokenValidation.nuspec @@ -1,15 +1,15 @@ - Thinktecture.IdentityServer3.AccessTokenValidation + IdentityServer3.AccessTokenValidation 0.0.0 - Thinktecture IdentityServer3 - Access Token Validation + IdentityServer3 - Access Token Validation Brock Allen, Dominick Baier Brock Allen, Dominick Baier https://github.com/identityserver/Thinktecture.IdentityServer3.AccessTokenValidation - http://www.thinktecture.com/images/favicon.ico + https://identityserver.github.io/Documentation/assets/images/icons/IDserver_icon128.jpg false - https://github.com/IdentityServer/Thinktecture.IdentityServer3.AccessTokenValidation/blob/master/LICENSE + https://github.com/IdentityServer/IdentityServer3.AccessTokenValidation/blob/master/LICENSE Access token validation middleware for JWT and reference tokens issued by IdentityServer3. Copyright 2015 Thinktecture IdentityServer OpenID Connect OpenIDConnect OAuth2 OWIN ASP.NET Katana WebApi SSO Federation Claims Identity JWT token diff --git a/source/VersionAssemblyInfo.cs b/source/VersionAssemblyInfo.cs index ac95a1d36ec0ac0301767e559dc7b88038891bff..1ceeba718ebcac77b417a816d11a42b335b6d351 100644 GIT binary patch delta 40 mcmaFF_=s^r5vvh{9)rQe@?Z%t1H=JiB?e7~SO#7OE(QR;=?2^Y delta 40 pcmaFF_=s^r5vw7C9)r=u@?Z%t1IRH3Vgm*x22F-o23`g(1^~Z82H^kz From 3261e8d290fc0feea95ebee1fa5b02448cad493d Mon Sep 17 00:00:00 2001 From: Brock Allen Date: Sun, 19 Apr 2015 22:48:55 -0400 Subject: [PATCH 04/24] name change --- source/AccessTokenValidation/Cache.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/AccessTokenValidation/Cache.cs b/source/AccessTokenValidation/Cache.cs index 95b7c78..339fcca 100644 --- a/source/AccessTokenValidation/Cache.cs +++ b/source/AccessTokenValidation/Cache.cs @@ -24,7 +24,7 @@ namespace IdentityServer3.AccessTokenValidation /// public class Cache : ICache { - const string CacheName = "thinktecture.validationCache"; + const string CacheName = "IdentityServer3.validationCache"; readonly MemoryCache _cache = new MemoryCache(CacheName); /// From 5e6fbe31aa0cc0b0391c7461437968821dfcbe39 Mon Sep 17 00:00:00 2001 From: Brock Allen Date: Sun, 19 Apr 2015 22:49:06 -0400 Subject: [PATCH 05/24] update identitymodel --- .../AccessTokenValidation.Tests.csproj | 13 +++++++++---- .../InMemoryClaimsCacheTests.cs | 2 +- source/AccessTokenValidation.Tests/packages.config | 3 ++- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj b/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj index 317974b..0c30754 100644 --- a/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj +++ b/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj @@ -41,6 +41,10 @@ False ..\packages\FluentAssertions.3.2.2\lib\net45\FluentAssertions.Core.dll + + ..\packages\IdentityModel.1.0.0-build00006\lib\net45\IdentityModel.Net45.dll + True + False ..\packages\Microsoft.Owin.3.0.0\lib\net45\Microsoft.Owin.dll @@ -52,6 +56,10 @@ ..\packages\Moq.4.2.1409.1722\lib\net40\Moq.dll + + ..\packages\Newtonsoft.Json.6.0.8\lib\net45\Newtonsoft.Json.dll + True + False ..\packages\Owin.1.0\lib\net40\Owin.dll @@ -59,15 +67,12 @@ + - - False - ..\packages\Thinktecture.IdentityModel.Core.1.3.0\lib\net45\Thinktecture.IdentityModel.Core.dll - ..\packages\xunit.1.9.2\lib\net20\xunit.dll diff --git a/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs b/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs index b41d2b4..390eb4c 100644 --- a/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs +++ b/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs @@ -2,7 +2,7 @@ using System; using System.Collections.Generic; using System.Security.Claims; -using Thinktecture.IdentityModel.Extensions; +using IdentityModel.Extensions; using IdentityServer3.AccessTokenValidation; using Xunit; diff --git a/source/AccessTokenValidation.Tests/packages.config b/source/AccessTokenValidation.Tests/packages.config index 4de2f7d..cd00234 100644 --- a/source/AccessTokenValidation.Tests/packages.config +++ b/source/AccessTokenValidation.Tests/packages.config @@ -1,11 +1,12 @@  + + - \ No newline at end of file From 490d79dc56b3019ea47254b311be991e4e5788cb Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Mon, 20 Apr 2015 09:52:38 +0200 Subject: [PATCH 06/24] fixing required scopes --- .../IdentityServerBearerTokensAuthenticationOptions.cs | 6 ++++-- source/AccessTokenValidation/ScopeRequirementMiddleware.cs | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs b/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs index 9b323ae..fcfe201 100644 --- a/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs +++ b/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs @@ -17,7 +17,9 @@ using Microsoft.Owin.Security; using Microsoft.Owin.Security.OAuth; using System; +using System.Collections.Generic; using System.IdentityModel.Tokens; +using System.Linq; using System.Net.Http; using System.Security.Cryptography.X509Certificates; @@ -34,7 +36,7 @@ public class IdentityServerBearerTokenAuthenticationOptions : AuthenticationOpti public IdentityServerBearerTokenAuthenticationOptions() : base("Bearer") { ValidationMode = ValidationMode.ValidationEndpoint; - RequiredScopes = new string[] { }; + RequiredScopes = Enumerable.Empty(); ValidationResultCacheDuration = TimeSpan.FromMinutes(5); @@ -66,7 +68,7 @@ public IdentityServerBearerTokenAuthenticationOptions() : base("Bearer") /// /// The required scopes. /// - public string[] RequiredScopes { get; set; } + public IEnumerable RequiredScopes { get; set; } /// /// Gets or sets the type of the name claim. diff --git a/source/AccessTokenValidation/ScopeRequirementMiddleware.cs b/source/AccessTokenValidation/ScopeRequirementMiddleware.cs index 9f54937..8d8bd13 100644 --- a/source/AccessTokenValidation/ScopeRequirementMiddleware.cs +++ b/source/AccessTokenValidation/ScopeRequirementMiddleware.cs @@ -27,7 +27,7 @@ internal class ScopeRequirementMiddleware private readonly Func, Task> _next; private readonly IEnumerable _scopes; - public ScopeRequirementMiddleware(Func, Task> next, params string[] scopes) + public ScopeRequirementMiddleware(Func, Task> next, IEnumerable scopes) { _next = next; _scopes = scopes; From cb88c4fab59ef8e76f469cbd9ffe972116412887 Mon Sep 17 00:00:00 2001 From: Brock Allen Date: Tue, 21 Apr 2015 09:48:02 -0400 Subject: [PATCH 07/24] name changes --- README.md | 4 ++-- default.ps1 | 4 ++-- mygetpush.cmd | 2 +- source/IdentityServer3.AccessTokenValidation.nuspec | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 6243331..30de880 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ You can either validate the tokens locally (JWTs only) or use the IdentityServer ```csharp app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions { - Authority = "https://identity.thinktecture.com" + Authority = "https://identity.identityserver.io" }); ``` @@ -20,7 +20,7 @@ The middleware can also do the scope validation in one go. ```csharp app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions { - Authority = "https://identity.thinktecture.com", + Authority = "https://identity.identityserver.io", RequiredScopes = new[] { "api1", "api2" } }); ``` diff --git a/default.ps1 b/default.ps1 index 0a5c67a..5f84f0f 100644 --- a/default.ps1 +++ b/default.ps1 @@ -57,8 +57,8 @@ task ILMerge -depends Compile { Get-ChildItem -Path $output_directory -Filter *.dll | foreach-object { - # Exclude Thinktecture.IdentityServer.Core.dll as that will be the primary assembly - if ("$_" -ne "IdentityServer.v3.AccessTokenValidation.dll" -and + # Exclude IdentityServer3.AccessTokenValidation.dll as that will be the primary assembly + if ("$_" -ne "IdentityServer3.AccessTokenValidation.dll" -and "$_" -ne "Owin.dll") { $input_dlls = "$input_dlls $output_directory\$_" } diff --git a/mygetpush.cmd b/mygetpush.cmd index abe28bc..6166665 100644 --- a/mygetpush.cmd +++ b/mygetpush.cmd @@ -1 +1 @@ -nuget push distribution\*.nupkg -Source https://www.myget.org/F/thinktecture/ +nuget push distribution\*.nupkg -Source https://www.myget.org/F/identity/ diff --git a/source/IdentityServer3.AccessTokenValidation.nuspec b/source/IdentityServer3.AccessTokenValidation.nuspec index 2986dc5..d5a2c18 100644 --- a/source/IdentityServer3.AccessTokenValidation.nuspec +++ b/source/IdentityServer3.AccessTokenValidation.nuspec @@ -6,13 +6,13 @@ IdentityServer3 - Access Token Validation Brock Allen, Dominick Baier Brock Allen, Dominick Baier - https://github.com/identityserver/Thinktecture.IdentityServer3.AccessTokenValidation + https://github.com/identityserver/IdentityServer3.AccessTokenValidation https://identityserver.github.io/Documentation/assets/images/icons/IDserver_icon128.jpg false https://github.com/IdentityServer/IdentityServer3.AccessTokenValidation/blob/master/LICENSE Access token validation middleware for JWT and reference tokens issued by IdentityServer3. Copyright 2015 - Thinktecture IdentityServer OpenID Connect OpenIDConnect OAuth2 OWIN ASP.NET Katana WebApi SSO Federation Claims Identity JWT token + IdentityServer OpenID Connect OpenIDConnect OAuth2 OWIN ASP.NET Katana WebApi SSO Federation Claims Identity JWT token From 03b3127d626bc96b874f7d9dacfc13de201dbf5d Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Thu, 25 Jun 2015 17:41:04 +0200 Subject: [PATCH 08/24] Switch from GET to POST for reference token validation --- .../ValidationEndpointTokenProvider.cs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs b/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs index ea42e72..8a7b755 100644 --- a/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs +++ b/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs @@ -36,7 +36,7 @@ public ValidationEndpointTokenProvider(IdentityServerBearerTokenAuthenticationOp { var baseAddress = options.Authority.EnsureTrailingSlash(); baseAddress += "connect/accesstokenvalidation"; - _tokenValidationEndpoint = baseAddress + "?token={0}"; + _tokenValidationEndpoint = baseAddress; var handler = options.BackchannelHttpHandler ?? new WebRequestHandler(); @@ -68,9 +68,12 @@ public override async Task ReceiveAsync(AuthenticationTokenReceiveContext contex } } - var url = string.Format(_tokenValidationEndpoint, context.Token); + var form = new Dictionary + { + { "token", context.Token } + }; - var response = await _client.GetAsync(url); + var response = await _client.PostAsync(_tokenValidationEndpoint, new FormUrlEncodedContent(form)); if (response.StatusCode != HttpStatusCode.OK) { return; From 386a21b6ea9a6345c35a09b5904366693f6a172a Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Thu, 25 Jun 2015 17:44:17 +0200 Subject: [PATCH 09/24] updated nugets --- .../AccessTokenValidation.Tests.csproj | 9 ++--- source/AccessTokenValidation.Tests/app.config | 23 +++++++++++++ .../packages.config | 4 +-- .../AccessTokenValidation.csproj | 33 +++++++++++-------- source/AccessTokenValidation/app.config | 23 +++++++++++++ source/AccessTokenValidation/packages.config | 14 ++++---- 6 files changed, 79 insertions(+), 27 deletions(-) create mode 100644 source/AccessTokenValidation.Tests/app.config create mode 100644 source/AccessTokenValidation/app.config diff --git a/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj b/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj index 0c30754..a4c8c5b 100644 --- a/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj +++ b/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj @@ -45,13 +45,13 @@ ..\packages\IdentityModel.1.0.0-build00006\lib\net45\IdentityModel.Net45.dll True - + False - ..\packages\Microsoft.Owin.3.0.0\lib\net45\Microsoft.Owin.dll + ..\packages\Microsoft.Owin.3.0.1\lib\net45\Microsoft.Owin.dll - + False - ..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll + ..\packages\Microsoft.Owin.Security.3.0.1\lib\net45\Microsoft.Owin.Security.dll ..\packages\Moq.4.2.1409.1722\lib\net40\Moq.dll @@ -82,6 +82,7 @@ + diff --git a/source/AccessTokenValidation.Tests/app.config b/source/AccessTokenValidation.Tests/app.config new file mode 100644 index 0000000..8f9af70 --- /dev/null +++ b/source/AccessTokenValidation.Tests/app.config @@ -0,0 +1,23 @@ + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/source/AccessTokenValidation.Tests/packages.config b/source/AccessTokenValidation.Tests/packages.config index cd00234..61bfddc 100644 --- a/source/AccessTokenValidation.Tests/packages.config +++ b/source/AccessTokenValidation.Tests/packages.config @@ -2,8 +2,8 @@ - - + + diff --git a/source/AccessTokenValidation/AccessTokenValidation.csproj b/source/AccessTokenValidation/AccessTokenValidation.csproj index a74dac4..024ce69 100644 --- a/source/AccessTokenValidation/AccessTokenValidation.csproj +++ b/source/AccessTokenValidation/AccessTokenValidation.csproj @@ -32,21 +32,25 @@ ..\..\build\IdentityServer3.AccessTokenValidation.xml - + False - ..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.1\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll + ..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.2.206221351\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll - - ..\packages\Microsoft.Owin.3.0.0\lib\net45\Microsoft.Owin.dll + + False + ..\packages\Microsoft.Owin.3.0.1\lib\net45\Microsoft.Owin.dll - - ..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll + + False + ..\packages\Microsoft.Owin.Security.3.0.1\lib\net45\Microsoft.Owin.Security.dll - - ..\packages\Microsoft.Owin.Security.Jwt.3.0.0\lib\net45\Microsoft.Owin.Security.Jwt.dll + + False + ..\packages\Microsoft.Owin.Security.Jwt.3.0.1\lib\net45\Microsoft.Owin.Security.Jwt.dll - - ..\packages\Microsoft.Owin.Security.OAuth.3.0.0\lib\net45\Microsoft.Owin.Security.OAuth.dll + + False + ..\packages\Microsoft.Owin.Security.OAuth.3.0.1\lib\net45\Microsoft.Owin.Security.OAuth.dll False @@ -58,14 +62,14 @@ - + False - ..\packages\System.IdentityModel.Tokens.Jwt.4.0.1\lib\net45\System.IdentityModel.Tokens.Jwt.dll + ..\packages\System.IdentityModel.Tokens.Jwt.4.0.2.206221351\lib\net45\System.IdentityModel.Tokens.Jwt.dll - + False - ..\packages\Microsoft.AspNet.WebApi.Client.5.2.2\lib\net45\System.Net.Http.Formatting.dll + ..\packages\Microsoft.AspNet.WebApi.Client.5.2.3\lib\net45\System.Net.Http.Formatting.dll @@ -97,6 +101,7 @@ default.licenseheader + diff --git a/source/AccessTokenValidation/app.config b/source/AccessTokenValidation/app.config new file mode 100644 index 0000000..b39636f --- /dev/null +++ b/source/AccessTokenValidation/app.config @@ -0,0 +1,23 @@ + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/source/AccessTokenValidation/packages.config b/source/AccessTokenValidation/packages.config index 6742dc2..7ed1744 100644 --- a/source/AccessTokenValidation/packages.config +++ b/source/AccessTokenValidation/packages.config @@ -1,12 +1,12 @@  - - - - - - + + + + + + - + \ No newline at end of file From 8fbd3732911bbe44b60553e97cdae102d658867a Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Fri, 26 Jun 2015 15:49:24 +0200 Subject: [PATCH 10/24] updated nugets & nuspec --- source/AccessTokenValidation/AccessTokenValidation.csproj | 3 ++- source/IdentityServer3.AccessTokenValidation.nuspec | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/source/AccessTokenValidation/AccessTokenValidation.csproj b/source/AccessTokenValidation/AccessTokenValidation.csproj index 024ce69..2c32e74 100644 --- a/source/AccessTokenValidation/AccessTokenValidation.csproj +++ b/source/AccessTokenValidation/AccessTokenValidation.csproj @@ -56,7 +56,8 @@ False ..\packages\Newtonsoft.Json.6.0.8\lib\net45\Newtonsoft.Json.dll - + + False ..\packages\Owin.1.0\lib\net40\Owin.dll diff --git a/source/IdentityServer3.AccessTokenValidation.nuspec b/source/IdentityServer3.AccessTokenValidation.nuspec index d5a2c18..69dab3c 100644 --- a/source/IdentityServer3.AccessTokenValidation.nuspec +++ b/source/IdentityServer3.AccessTokenValidation.nuspec @@ -22,8 +22,8 @@ - - + + \ No newline at end of file From 29be7153b9f1f3025a8171ac6c867f148925e024 Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Sat, 27 Jun 2015 21:38:14 +0200 Subject: [PATCH 11/24] added logging around validation endpoint communication --- ...cessTokenValidationAppBuilderExtensions.cs | 3 ++- .../ValidationEndpointTokenProvider.cs | 22 +++++++++++++++---- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs b/source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs index fdaed96..36b4ec6 100644 --- a/source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs +++ b/source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs @@ -15,6 +15,7 @@ */ using IdentityServer3.AccessTokenValidation; +using Microsoft.Owin.Logging; using Microsoft.Owin.Security.Jwt; using Microsoft.Owin.Security.OAuth; using System; @@ -138,7 +139,7 @@ internal static void UseValidationEndpoint(this IAppBuilder app, IdentityServerB app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions { - AccessTokenProvider = new ValidationEndpointTokenProvider(options), + AccessTokenProvider = new ValidationEndpointTokenProvider(options, app.GetLoggerFactory()), Provider = options.Provider }); } diff --git a/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs b/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs index 8a7b755..6e3f39d 100644 --- a/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs +++ b/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs @@ -14,6 +14,7 @@ * limitations under the License. */ +using Microsoft.Owin.Logging; using Microsoft.Owin.Security; using Microsoft.Owin.Security.Infrastructure; using Newtonsoft.Json; @@ -31,9 +32,12 @@ internal class ValidationEndpointTokenProvider : AuthenticationTokenProvider private readonly HttpClient _client; private readonly string _tokenValidationEndpoint; private readonly IdentityServerBearerTokenAuthenticationOptions _options; + private readonly ILogger _logger; - public ValidationEndpointTokenProvider(IdentityServerBearerTokenAuthenticationOptions options) + public ValidationEndpointTokenProvider(IdentityServerBearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) { + _logger = loggerFactory.Create("ValidationEndpointTokenProvider"); + var baseAddress = options.Authority.EnsureTrailingSlash(); baseAddress += "connect/accesstokenvalidation"; _tokenValidationEndpoint = baseAddress; @@ -73,10 +77,20 @@ public override async Task ReceiveAsync(AuthenticationTokenReceiveContext contex { "token", context.Token } }; - var response = await _client.PostAsync(_tokenValidationEndpoint, new FormUrlEncodedContent(form)); - if (response.StatusCode != HttpStatusCode.OK) + HttpResponseMessage response = null; + try + { + response = await _client.PostAsync(_tokenValidationEndpoint, new FormUrlEncodedContent(form)); + if (response.StatusCode != HttpStatusCode.OK) + { + _logger.WriteInformation("Error returned from token validation endpoint: " + response.ReasonPhrase); + return; + } + } + catch (Exception ex) { - return; + _logger.WriteError("Exception while contacting token validation endpoint: " + ex.ToString()); + throw; } var jsonString = await response.Content.ReadAsStringAsync(); From c1ecbbeba1c6eea0f8d813a3fabc92e4105f618d Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Mon, 20 Jul 2015 10:38:00 +0200 Subject: [PATCH 12/24] updated nugets --- .../AccessTokenValidation.Tests.csproj | 6 +++--- .../AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs | 2 +- source/AccessTokenValidation.Tests/packages.config | 2 +- source/IdentityServer3.AccessTokenValidation.nuspec | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj b/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj index a4c8c5b..3ad96ec 100644 --- a/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj +++ b/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj @@ -42,8 +42,8 @@ ..\packages\FluentAssertions.3.2.2\lib\net45\FluentAssertions.Core.dll - ..\packages\IdentityModel.1.0.0-build00006\lib\net45\IdentityModel.Net45.dll - True + False + ..\packages\IdentityModel.1.0.0-rc8\lib\net45\IdentityModel.Net45.dll False @@ -57,8 +57,8 @@ ..\packages\Moq.4.2.1409.1722\lib\net40\Moq.dll + False ..\packages\Newtonsoft.Json.6.0.8\lib\net45\Newtonsoft.Json.dll - True False diff --git a/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs b/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs index 390eb4c..8a0b016 100644 --- a/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs +++ b/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs @@ -2,7 +2,7 @@ using System; using System.Collections.Generic; using System.Security.Claims; -using IdentityModel.Extensions; +using IdentityModel; using IdentityServer3.AccessTokenValidation; using Xunit; diff --git a/source/AccessTokenValidation.Tests/packages.config b/source/AccessTokenValidation.Tests/packages.config index 61bfddc..6836752 100644 --- a/source/AccessTokenValidation.Tests/packages.config +++ b/source/AccessTokenValidation.Tests/packages.config @@ -1,7 +1,7 @@  - + diff --git a/source/IdentityServer3.AccessTokenValidation.nuspec b/source/IdentityServer3.AccessTokenValidation.nuspec index 69dab3c..d0e88f6 100644 --- a/source/IdentityServer3.AccessTokenValidation.nuspec +++ b/source/IdentityServer3.AccessTokenValidation.nuspec @@ -21,7 +21,7 @@ - + From fb067a4b6df2fd7cab0ee0ecb766f939f41c14bd Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Fri, 24 Jul 2015 07:20:27 +0200 Subject: [PATCH 13/24] re-work --- .../InMemoryClaimsCacheTests.cs | 16 +- .../AccessTokenValidation.csproj | 29 ++-- ...cessTokenValidationAppBuilderExtensions.cs | 147 ---------------- ...ServerBearerTokensAuthenticationOptions.cs | 164 ------------------ ...yServerOAuthBearerAuthenticationOptions.cs | 28 +++ ...dentityServerTokenAuthenticationOptions.cs | 60 +++++++ ...rverTokenValidationAppBuilderExtensions.cs | 110 ++++++++++++ ...IdentityServerTokenValidationMiddleware.cs | 135 ++++++++++++++ .../{ => Plumbing}/AsyncHelper.cs | 0 .../{ => Plumbing}/Cache.cs | 0 .../{ => Plumbing}/Clock.cs | 0 .../Plumbing/ContextTokenProvider.cs | 40 +++++ ...eryDocumentIssuerSecurityTokenProvider.cs} | 4 +- .../{ => Plumbing}/EpochTimeExtensions.cs | 0 .../{ => Plumbing}/ICache.cs | 0 .../{ => Plumbing}/IClock.cs | 0 .../{ => Plumbing}/IValidationResultCache.cs | 0 .../InMemoryValidationResultCache.cs | 59 +++---- .../{ => Plumbing}/StringExtensions.cs | 0 .../ValidationEndpointTokenProvider.cs | 4 +- .../ScopeRequirementMiddleware.cs | 9 +- .../AccessTokenValidation/ValidationMode.cs | 13 +- 22 files changed, 445 insertions(+), 373 deletions(-) delete mode 100644 source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs delete mode 100644 source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs create mode 100644 source/AccessTokenValidation/IdentityServerOAuthBearerAuthenticationOptions.cs create mode 100644 source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs create mode 100644 source/AccessTokenValidation/IdentityServerTokenValidationAppBuilderExtensions.cs create mode 100644 source/AccessTokenValidation/IdentityServerTokenValidationMiddleware.cs rename source/AccessTokenValidation/{ => Plumbing}/AsyncHelper.cs (100%) rename source/AccessTokenValidation/{ => Plumbing}/Cache.cs (100%) rename source/AccessTokenValidation/{ => Plumbing}/Clock.cs (100%) create mode 100644 source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs rename source/AccessTokenValidation/{CachingDiscoveryIssuerSecurityTokenProvider.cs => Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs} (95%) rename source/AccessTokenValidation/{ => Plumbing}/EpochTimeExtensions.cs (100%) rename source/AccessTokenValidation/{ => Plumbing}/ICache.cs (100%) rename source/AccessTokenValidation/{ => Plumbing}/IClock.cs (100%) rename source/AccessTokenValidation/{ => Plumbing}/IValidationResultCache.cs (100%) rename source/AccessTokenValidation/{ => Plumbing}/InMemoryValidationResultCache.cs (64%) rename source/AccessTokenValidation/{ => Plumbing}/StringExtensions.cs (100%) rename source/AccessTokenValidation/{ => Plumbing}/ValidationEndpointTokenProvider.cs (95%) diff --git a/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs b/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs index 8a0b016..8838379 100644 --- a/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs +++ b/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs @@ -1,9 +1,9 @@ -using Moq; +using IdentityModel; +using IdentityServer3.AccessTokenValidation; +using Moq; using System; using System.Collections.Generic; using System.Security.Claims; -using IdentityModel; -using IdentityServer3.AccessTokenValidation; using Xunit; namespace AccessTokenValidation.Tests @@ -13,7 +13,7 @@ public class InMemoryClaimsCacheTests const string Category = "InMemoryClaimsCache"; protected double ExpiryClaimSaysTokenExpiresInMinutes; protected double CacheEvictsTokensAfterMinutes; - IdentityServerBearerTokenAuthenticationOptions _options; + IdentityServerTokenAuthenticationOptions _options; ICache _cache; IClock _clock; protected IEnumerable Claims; @@ -27,7 +27,7 @@ public class InMemoryClaimsCacheTests [Trait("Category", Category)] public void InvokingConstructor_WithOptionsOnly_ShouldNotError() { - var options = new IdentityServerBearerTokenAuthenticationOptions(); + var options = new IdentityServerTokenAuthenticationOptions(); new InMemoryValidationResultCache(options); } @@ -36,7 +36,7 @@ public void InvokingConstructor_WithOptionsOnly_ShouldNotError() [Trait("Category", Category)] public void InvokingConstructor_WithNullIClock_ShouldError() { - var options = new IdentityServerBearerTokenAuthenticationOptions(); + var options = new IdentityServerTokenAuthenticationOptions(); Assert.Throws(() => new InMemoryValidationResultCache(options, null, new Cache())); } @@ -76,7 +76,7 @@ public void WhenTokenExpiryClaimExpiresAfterClaimsCacheDuration_CacheExpiry_Shou void Arrange(Action specifyExpectedCacheExpiry) { _cache = Mock.Of(); _clock = Mock.Of(c => c.UtcNow == DateTimeOffset.Now); - _options = new IdentityServerBearerTokenAuthenticationOptions + _options = new IdentityServerTokenAuthenticationOptions { ValidationResultCacheDuration = TimeSpan.FromMinutes(CacheEvictsTokensAfterMinutes) }; @@ -92,7 +92,7 @@ void Arrange(Action specifyExpectedCacheExpiry) { Sut = new InMemoryValidationResultCache(_options, _clock, _cache); } - static void DebugToConsole(DateTime now, DateTimeOffset expiryClaimSaysTokenExpiresAt, IdentityServerBearerTokenAuthenticationOptions options, DateTimeOffset cacheExpiryEvictsTokenAt, DateTimeOffset expectedCacheExpiry) { + static void DebugToConsole(DateTime now, DateTimeOffset expiryClaimSaysTokenExpiresAt, IdentityServerTokenAuthenticationOptions options, DateTimeOffset cacheExpiryEvictsTokenAt, DateTimeOffset expectedCacheExpiry) { Console.WriteLine("now: {0}", now); Console.WriteLine("expiry claim says token expires at: {0}", expiryClaimSaysTokenExpiresAt); Console.WriteLine("claims cache duration: {0}", options.ValidationResultCacheDuration); diff --git a/source/AccessTokenValidation/AccessTokenValidation.csproj b/source/AccessTokenValidation/AccessTokenValidation.csproj index 2c32e74..8e83d80 100644 --- a/source/AccessTokenValidation/AccessTokenValidation.csproj +++ b/source/AccessTokenValidation/AccessTokenValidation.csproj @@ -81,21 +81,24 @@ - - - - - - - - - - - + + + + + + + + + + + + + + + + - - diff --git a/source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs b/source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs deleted file mode 100644 index 36b4ec6..0000000 --- a/source/AccessTokenValidation/IdentityServerAccessTokenValidationAppBuilderExtensions.cs +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright 2015 Dominick Baier, Brock Allen - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -using IdentityServer3.AccessTokenValidation; -using Microsoft.Owin.Logging; -using Microsoft.Owin.Security.Jwt; -using Microsoft.Owin.Security.OAuth; -using System; -using System.IdentityModel.Tokens; -using System.Linq; - -namespace Owin -{ - /// - /// Extension method for wiring up the access token validation middleware to the OWIN pipeline - /// - public static class IdentityServerAccessTokenValidationAppBuilderExtensions - { - /// - /// Adds the access token validation middleware to the OWIN pipeline. - /// - /// The application. - /// The options. - /// - /// options - public static IAppBuilder UseIdentityServerBearerTokenAuthentication(this IAppBuilder app, IdentityServerBearerTokenAuthenticationOptions options) - { - if (options == null) - { - throw new ArgumentNullException("options"); - } - - if (options.ValidationMode == ValidationMode.Local) - { - app.UseLocalValidation(options); - } - else if (options.ValidationMode == ValidationMode.ValidationEndpoint) - { - app.UseValidationEndpoint(options); - } - - if (options.RequiredScopes.Any()) - { - app.Use(options.RequiredScopes); - } - - return app; - } - - internal static void UseLocalValidation(this IAppBuilder app, IdentityServerBearerTokenAuthenticationOptions options) - { - JwtFormat tokenFormat = null; - - // use discovery document to fully configure middleware - if (!string.IsNullOrEmpty(options.Authority)) - { - var discoveryEndpoint = options.Authority.EnsureTrailingSlash(); - discoveryEndpoint += ".well-known/openid-configuration"; - - var issuerProvider = new CachingDiscoveryIssuerSecurityTokenProvider( - discoveryEndpoint, - options); - - if (options.TokenValidationParameters != null) - { - tokenFormat = new JwtFormat(options.TokenValidationParameters, issuerProvider); - } - else - { - var valParams = new TokenValidationParameters - { - ValidAudience = issuerProvider.Audience, - NameClaimType = options.NameClaimType, - RoleClaimType = options.RoleClaimType - }; - - tokenFormat = new JwtFormat(valParams, issuerProvider); - } - } - // use token validation parameters - else if (options.TokenValidationParameters != null) - { - tokenFormat = new JwtFormat(options.TokenValidationParameters); - } - // use simplified manual configuration - else - { - var valParams = new TokenValidationParameters - { - ValidIssuer = options.IssuerName, - ValidAudience = options.IssuerName.EnsureTrailingSlash() + "resources", - IssuerSigningToken = new X509SecurityToken(options.IssuerCertificate), - NameClaimType = options.NameClaimType, - RoleClaimType = options.RoleClaimType - }; - - tokenFormat = new JwtFormat(valParams); - } - - if (options.TokenHandler != null) - { - tokenFormat.TokenHandler = options.TokenHandler; - } - - var bearerOptions = new OAuthBearerAuthenticationOptions - { - Provider = options.Provider, - AccessTokenFormat = tokenFormat, - AuthenticationMode = options.AuthenticationMode, - AuthenticationType = options.AuthenticationType, - Description = options.Description - }; - - app.UseOAuthBearerAuthentication(bearerOptions); - } - - internal static void UseValidationEndpoint(this IAppBuilder app, IdentityServerBearerTokenAuthenticationOptions options) - { - if (options.EnableValidationResultCache) - { - if (options.ValidationResultCache == null) - { - options.ValidationResultCache = new InMemoryValidationResultCache(options); - } - } - - app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions - { - AccessTokenProvider = new ValidationEndpointTokenProvider(options, app.GetLoggerFactory()), - Provider = options.Provider - }); - } - } -} \ No newline at end of file diff --git a/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs b/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs deleted file mode 100644 index fcfe201..0000000 --- a/source/AccessTokenValidation/IdentityServerBearerTokensAuthenticationOptions.cs +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright 2015 Dominick Baier, Brock Allen - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -using Microsoft.Owin.Security; -using Microsoft.Owin.Security.OAuth; -using System; -using System.Collections.Generic; -using System.IdentityModel.Tokens; -using System.Linq; -using System.Net.Http; -using System.Security.Cryptography.X509Certificates; - -namespace IdentityServer3.AccessTokenValidation -{ - /// - /// Options class for configuring the access token validation middleware - /// - public class IdentityServerBearerTokenAuthenticationOptions : AuthenticationOptions - { - /// - /// Initializes a new instance of the class. - /// - public IdentityServerBearerTokenAuthenticationOptions() : base("Bearer") - { - ValidationMode = ValidationMode.ValidationEndpoint; - RequiredScopes = Enumerable.Empty(); - - ValidationResultCacheDuration = TimeSpan.FromMinutes(5); - - NameClaimType = "name"; - RoleClaimType = "role"; - } - - // common for local and validation endpoint - - /// - /// Gets or sets the validation mode (either local for JWT tokens, or using the validation endpoint for both JWT and reference tokens. - /// - /// - /// The validation mode. - /// - public ValidationMode ValidationMode { get; set; } - - /// - /// Gets or sets the base adress of IdentityServer - this is used to construct the URLs to the discovery document and the validation endpoint - /// - /// - /// The authority. - /// - public string Authority { get; set; } - - /// - /// Gets or sets one of the required scopes to access the API - /// - /// - /// The required scopes. - /// - public IEnumerable RequiredScopes { get; set; } - - /// - /// Gets or sets the type of the name claim. - /// - /// - /// The type of the name claim. - /// - public string NameClaimType { get; set; } - - /// - /// Gets or sets the type of the role claim. - /// - /// - /// The type of the role claim. - /// - public string RoleClaimType { get; set; } - - /// - /// Gets or sets the name of the issuer (only use if authority is not set). - /// - /// - /// The name of the issuer. - /// - public string IssuerName { get; set; } - - /// - /// Gets or sets the issuer certificate (only used if authority is not set). - /// - /// - /// The issuer certificate. - /// - public X509Certificate2 IssuerCertificate { get; set; } - - /// - /// Gets or sets a value indicating whether the result of the validation endpoint should be cached. - /// - /// - /// true if caching should be enabled; otherwise, false. - /// - public bool EnableValidationResultCache { get; set; } - - /// - /// Gets or sets the claims cache implementation (defaults to in-memory). - /// - /// - /// The claims cache. - /// - public IValidationResultCache ValidationResultCache { get; set; } - - /// - /// Specifies for how long the validation results should be cached. - /// - /// - /// The duration of the claims cache. - /// - public TimeSpan ValidationResultCacheDuration { get; set; } - - /// - /// Gets or sets the authentication provider. - /// - /// - /// The provider. - /// - public IOAuthBearerAuthenticationProvider Provider { get; set; } - - /// - /// Gets or sets the a certificate validator to use to validate the metadata endpoint. - /// - /// - /// The certificate validator. - /// - /// If this property is null then the default certificate checks are performed, - /// validating the subject name and if the signing chain is a trusted party. - public ICertificateValidator BackchannelCertificateValidator { get; set; } - - /// - /// The HttpMessageHandler used to communicate with the metadata endpoint. - /// This cannot be set at the same time as BackchannelCertificateValidator unless the value - /// can be downcast to a WebRequestHandler. - /// - public HttpMessageHandler BackchannelHttpHandler { get; set; } - - /// - /// Gets or sets the used to determine if a token is valid. - /// - public TokenValidationParameters TokenValidationParameters { get; set; } - - /// - /// A System.IdentityModel.Tokens.SecurityTokenHandler designed for creating and validating Json Web Tokens. - /// - public JwtSecurityTokenHandler TokenHandler { get; set; } - } -} \ No newline at end of file diff --git a/source/AccessTokenValidation/IdentityServerOAuthBearerAuthenticationOptions.cs b/source/AccessTokenValidation/IdentityServerOAuthBearerAuthenticationOptions.cs new file mode 100644 index 0000000..ec501af --- /dev/null +++ b/source/AccessTokenValidation/IdentityServerOAuthBearerAuthenticationOptions.cs @@ -0,0 +1,28 @@ +/* + * Copyright 2015 Dominick Baier, Brock Allen + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +using Microsoft.Owin.Security.OAuth; + +namespace IdentityServer3.AccessTokenValidation +{ + public class IdentityServerOAuthBearerAuthenticationOptions + { + public IOAuthBearerAuthenticationProvider TokenProvider { get; set; } + + public OAuthBearerAuthenticationOptions LocalValidationOptions { get; set; } + public OAuthBearerAuthenticationOptions EndpointValidationOptions { get; set; } + } +} \ No newline at end of file diff --git a/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs b/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs new file mode 100644 index 0000000..9683a35 --- /dev/null +++ b/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs @@ -0,0 +1,60 @@ +/* + * Copyright 2015 Dominick Baier, Brock Allen + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +using Microsoft.Owin.Security; +using Microsoft.Owin.Security.OAuth; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Net.Http; + +namespace IdentityServer3.AccessTokenValidation +{ + public class IdentityServerTokenAuthenticationOptions : AuthenticationOptions + { + public IdentityServerTokenAuthenticationOptions() : base("Bearer") + { + NameClaimType = "name"; + RoleClaimType = "role"; + + ValidationMode = ValidationMode.Both; + + RequiredScopes = Enumerable.Empty(); + + ValidationResultCacheDuration = TimeSpan.FromMinutes(5); + } + + public string Authority { get; set; } + + public ValidationMode ValidationMode { get; set; } + + public WebRequestHandler BackchannelHttpHandler { get; set; } + public ICertificateValidator BackchannelCertificateValidator { get; set; } + + public string NameClaimType { get; set; } + public string RoleClaimType { get; set; } + + public IOAuthBearerAuthenticationProvider TokenProvider { get; set; } + + public TimeSpan ValidationResultCacheDuration { get; set; } + + public bool EnableValidationResultCache { get; set; } + + public IValidationResultCache ValidationResultCache { get; set; } + + public IEnumerable RequiredScopes { get; set; } + } +} \ No newline at end of file diff --git a/source/AccessTokenValidation/IdentityServerTokenValidationAppBuilderExtensions.cs b/source/AccessTokenValidation/IdentityServerTokenValidationAppBuilderExtensions.cs new file mode 100644 index 0000000..ae359ff --- /dev/null +++ b/source/AccessTokenValidation/IdentityServerTokenValidationAppBuilderExtensions.cs @@ -0,0 +1,110 @@ +/* + * Copyright 2015 Dominick Baier, Brock Allen + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +using IdentityServer3.AccessTokenValidation; +using Microsoft.Owin.Logging; +using Microsoft.Owin.Security.Jwt; +using Microsoft.Owin.Security.OAuth; +using System.IdentityModel.Tokens; +using System.Linq; + +namespace Owin +{ + public static class IdentityServerTokenValidationAppBuilderExtensions + { + public static IAppBuilder UseIdentityServerTokenAuthentication(this IAppBuilder app, IdentityServerTokenAuthenticationOptions options) + { + var loggerFactory = app.GetLoggerFactory(); + var middlewareOptions = new IdentityServerOAuthBearerAuthenticationOptions(); + + if (options.ValidationMode == ValidationMode.Both || + options.ValidationMode == ValidationMode.LocalOnly) + { + middlewareOptions.LocalValidationOptions = ConfigureLocalValidation(options, loggerFactory); + } + + if (options.ValidationMode == ValidationMode.Both || + options.ValidationMode == ValidationMode.ValidationEndpointOnly) + { + middlewareOptions.EndpointValidationOptions = ConfigureEndpointValidation(options, loggerFactory); + } + + if (options.TokenProvider != null) + { + middlewareOptions.TokenProvider = options.TokenProvider; + } + + app.Use(middlewareOptions); + + if (options.RequiredScopes.Any()) + { + app.Use(options.RequiredScopes); + } + + return app; + } + + private static OAuthBearerAuthenticationOptions ConfigureEndpointValidation(IdentityServerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) + { + if (options.EnableValidationResultCache) + { + if (options.ValidationResultCache == null) + { + options.ValidationResultCache = new InMemoryValidationResultCache(options); + } + } + + var bearerOptions = new OAuthBearerAuthenticationOptions + { + AuthenticationMode = options.AuthenticationMode, + AuthenticationType = options.AuthenticationType, + AccessTokenProvider = new ValidationEndpointTokenProvider(options, loggerFactory), + Provider = new ContextTokenProvider(), + }; + + return bearerOptions; + } + + internal static OAuthBearerAuthenticationOptions ConfigureLocalValidation(IdentityServerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) + { + var discoveryEndpoint = options.Authority.EnsureTrailingSlash(); + discoveryEndpoint += ".well-known/openid-configuration"; + + var issuerProvider = new DiscoveryDocumentIssuerSecurityTokenProvider( + discoveryEndpoint, + options); + + var valParams = new TokenValidationParameters + { + ValidAudience = issuerProvider.Audience, + NameClaimType = options.NameClaimType, + RoleClaimType = options.RoleClaimType + }; + + var tokenFormat = new JwtFormat(valParams, issuerProvider); + + var bearerOptions = new OAuthBearerAuthenticationOptions + { + AccessTokenFormat = tokenFormat, + AuthenticationMode = options.AuthenticationMode, + AuthenticationType = options.AuthenticationType, + Provider = new ContextTokenProvider() + }; + + return bearerOptions; + } + } +} \ No newline at end of file diff --git a/source/AccessTokenValidation/IdentityServerTokenValidationMiddleware.cs b/source/AccessTokenValidation/IdentityServerTokenValidationMiddleware.cs new file mode 100644 index 0000000..6767763 --- /dev/null +++ b/source/AccessTokenValidation/IdentityServerTokenValidationMiddleware.cs @@ -0,0 +1,135 @@ +/* + * Copyright 2015 Dominick Baier, Brock Allen + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +using Microsoft.Owin; +using Microsoft.Owin.Builder; +using Microsoft.Owin.Security.OAuth; +using Owin; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using AppFunc = System.Func, System.Threading.Tasks.Task>; + +namespace IdentityServer3.AccessTokenValidation +{ + public class IdentityServerTokenValidationMiddleware + { + private readonly AppFunc _next; + private readonly AppFunc _localValidationFunc; + private readonly AppFunc _endpointValidationFunc; + private IdentityServerOAuthBearerAuthenticationOptions _options; + + public IdentityServerTokenValidationMiddleware(AppFunc next, IdentityServerOAuthBearerAuthenticationOptions options) + { + _next = next; + _options = options; + + if (options.LocalValidationOptions != null) + { + var localBuilder = new AppBuilder(); + localBuilder.UseOAuthBearerAuthentication(options.LocalValidationOptions); + localBuilder.Run(ctx => next(ctx.Environment)); + _localValidationFunc = localBuilder.Build(); + } + + if (options.EndpointValidationOptions != null) + { + var endpointBuilder = new AppBuilder(); + endpointBuilder.Properties["host.AppName"] = "foobar"; + + endpointBuilder.UseOAuthBearerAuthentication(options.EndpointValidationOptions); + endpointBuilder.Run(ctx => next(ctx.Environment)); + _endpointValidationFunc = endpointBuilder.Build(); + } + } + + public async Task Invoke(IDictionary environment) + { + var context = new OwinContext(environment); + + var token = await GetTokenAsync(context); + + if (token == null) + { + await _next(environment); + return; + } + + context.Set("idsrv:tokenvalidation:token", token); + + + // seems to be a JWT + if (token.Contains('.')) + { + // see if local validation is setup + if (_localValidationFunc != null) + { + await _localValidationFunc(environment); + return; + } + // otherwise use validation endpoint + if (_endpointValidationFunc != null) + { + await _endpointValidationFunc(environment); + return; + } + } + else + { + // use validation endpoint + if (_endpointValidationFunc != null) + { + await _endpointValidationFunc(environment); + return; + } + } + + await _next(environment); + } + + private async Task GetTokenAsync(OwinContext context) + { + // find token in default location + string requestToken = null; + string authorization = context.Request.Headers.Get("Authorization"); + if (!string.IsNullOrEmpty(authorization)) + { + if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) + { + requestToken = authorization.Substring("Bearer ".Length).Trim(); + } + } + + // give application opportunity to find from a different location, adjust, or reject token + if (_options.TokenProvider != null) + { + var requestTokenContext = new OAuthRequestTokenContext(context, requestToken); + await _options.TokenProvider.RequestToken(requestTokenContext); + + // if no token found, no further work possible + if (string.IsNullOrEmpty(requestTokenContext.Token)) + { + return null; + } + + return requestTokenContext.Token; + } + + return requestToken; + } + } +} \ No newline at end of file diff --git a/source/AccessTokenValidation/AsyncHelper.cs b/source/AccessTokenValidation/Plumbing/AsyncHelper.cs similarity index 100% rename from source/AccessTokenValidation/AsyncHelper.cs rename to source/AccessTokenValidation/Plumbing/AsyncHelper.cs diff --git a/source/AccessTokenValidation/Cache.cs b/source/AccessTokenValidation/Plumbing/Cache.cs similarity index 100% rename from source/AccessTokenValidation/Cache.cs rename to source/AccessTokenValidation/Plumbing/Cache.cs diff --git a/source/AccessTokenValidation/Clock.cs b/source/AccessTokenValidation/Plumbing/Clock.cs similarity index 100% rename from source/AccessTokenValidation/Clock.cs rename to source/AccessTokenValidation/Plumbing/Clock.cs diff --git a/source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs b/source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs new file mode 100644 index 0000000..f0b1742 --- /dev/null +++ b/source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs @@ -0,0 +1,40 @@ +/* + * Copyright 2015 Dominick Baier, Brock Allen + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +using Microsoft.Owin.Security.OAuth; +using System; +using System.Threading.Tasks; + +namespace IdentityServer3.AccessTokenValidation +{ + public class ContextTokenProvider : IOAuthBearerAuthenticationProvider + { + public Task ApplyChallenge(OAuthChallengeContext context) + { + throw new NotImplementedException(); + } + + public Task RequestToken(OAuthRequestTokenContext context) + { + context.Token = context.OwinContext.Get("idsrv:tokenvalidation:token"); + return Task.FromResult(0); + } + + public Task ValidateIdentity(OAuthValidateIdentityContext context) + { + return Task.FromResult(0); + } + } +} \ No newline at end of file diff --git a/source/AccessTokenValidation/CachingDiscoveryIssuerSecurityTokenProvider.cs b/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs similarity index 95% rename from source/AccessTokenValidation/CachingDiscoveryIssuerSecurityTokenProvider.cs rename to source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs index 1480018..d57dd4d 100644 --- a/source/AccessTokenValidation/CachingDiscoveryIssuerSecurityTokenProvider.cs +++ b/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs @@ -26,7 +26,7 @@ namespace IdentityServer3.AccessTokenValidation { - internal class CachingDiscoveryIssuerSecurityTokenProvider : IIssuerSecurityTokenProvider + internal class DiscoveryDocumentIssuerSecurityTokenProvider : IIssuerSecurityTokenProvider { private readonly TimeSpan _refreshInterval = new TimeSpan(1, 0, 0, 0); private readonly ReaderWriterLockSlim _synclock = new ReaderWriterLockSlim(); @@ -36,7 +36,7 @@ internal class CachingDiscoveryIssuerSecurityTokenProvider : IIssuerSecurityToke private string _issuer; private IEnumerable _tokens; - public CachingDiscoveryIssuerSecurityTokenProvider(string discoveryEndpoint, IdentityServerBearerTokenAuthenticationOptions options) + public DiscoveryDocumentIssuerSecurityTokenProvider(string discoveryEndpoint, IdentityServerTokenAuthenticationOptions options) { var handler = options.BackchannelHttpHandler ?? new WebRequestHandler(); diff --git a/source/AccessTokenValidation/EpochTimeExtensions.cs b/source/AccessTokenValidation/Plumbing/EpochTimeExtensions.cs similarity index 100% rename from source/AccessTokenValidation/EpochTimeExtensions.cs rename to source/AccessTokenValidation/Plumbing/EpochTimeExtensions.cs diff --git a/source/AccessTokenValidation/ICache.cs b/source/AccessTokenValidation/Plumbing/ICache.cs similarity index 100% rename from source/AccessTokenValidation/ICache.cs rename to source/AccessTokenValidation/Plumbing/ICache.cs diff --git a/source/AccessTokenValidation/IClock.cs b/source/AccessTokenValidation/Plumbing/IClock.cs similarity index 100% rename from source/AccessTokenValidation/IClock.cs rename to source/AccessTokenValidation/Plumbing/IClock.cs diff --git a/source/AccessTokenValidation/IValidationResultCache.cs b/source/AccessTokenValidation/Plumbing/IValidationResultCache.cs similarity index 100% rename from source/AccessTokenValidation/IValidationResultCache.cs rename to source/AccessTokenValidation/Plumbing/IValidationResultCache.cs diff --git a/source/AccessTokenValidation/InMemoryValidationResultCache.cs b/source/AccessTokenValidation/Plumbing/InMemoryValidationResultCache.cs similarity index 64% rename from source/AccessTokenValidation/InMemoryValidationResultCache.cs rename to source/AccessTokenValidation/Plumbing/InMemoryValidationResultCache.cs index 982189d..dce656c 100644 --- a/source/AccessTokenValidation/InMemoryValidationResultCache.cs +++ b/source/AccessTokenValidation/Plumbing/InMemoryValidationResultCache.cs @@ -27,17 +27,17 @@ namespace IdentityServer3.AccessTokenValidation /// public class InMemoryValidationResultCache : IValidationResultCache { - private readonly IdentityServerBearerTokenAuthenticationOptions _options; + private readonly IdentityServerTokenAuthenticationOptions _options; private readonly ICache _cache; - private readonly IClock _clock; + private readonly IClock _clock; /// /// Initializes a new instance of the class. /// /// The options. - public InMemoryValidationResultCache(IdentityServerBearerTokenAuthenticationOptions options) + public InMemoryValidationResultCache(IdentityServerTokenAuthenticationOptions options) : this(options, new Clock(), new Cache()) - { } + { } /// /// Initializes a new instance of the class. @@ -52,16 +52,16 @@ public InMemoryValidationResultCache(IdentityServerBearerTokenAuthenticationOpti /// or /// cache /// - public InMemoryValidationResultCache(IdentityServerBearerTokenAuthenticationOptions options, IClock clock, ICache cache) - { - if (clock == null) { throw new ArgumentNullException("clock"); } - if (options == null) { throw new ArgumentNullException("options"); } - if (cache == null) { throw new ArgumentNullException("cache"); } + public InMemoryValidationResultCache(IdentityServerTokenAuthenticationOptions options, IClock clock, ICache cache) + { + if (clock == null) { throw new ArgumentNullException("clock"); } + if (options == null) { throw new ArgumentNullException("options"); } + if (cache == null) { throw new ArgumentNullException("cache"); } - _options = options; - _cache = cache; - _clock = clock; - } + _options = options; + _cache = cache; + _clock = clock; + } /// /// Add a validation result @@ -69,25 +69,26 @@ public InMemoryValidationResultCache(IdentityServerBearerTokenAuthenticationOpti /// The token. /// The claims. /// - public Task AddAsync(string token, IEnumerable claims) + public Task AddAsync(string token, IEnumerable claims) { - var expiryClaim = claims.FirstOrDefault(c => c.Type == ClaimTypes.Expiration); - var cacheExpirySetting = _clock.UtcNow.Add(_options.ValidationResultCacheDuration); - - if (expiryClaim != null) { - long epoch; - if (long.TryParse(expiryClaim.Value, out epoch)) + var expiryClaim = claims.FirstOrDefault(c => c.Type == ClaimTypes.Expiration); + var cacheExpirySetting = _clock.UtcNow.Add(_options.ValidationResultCacheDuration); + + if (expiryClaim != null) + { + long epoch; + if (long.TryParse(expiryClaim.Value, out epoch)) { - var tokenExpiresAt = epoch.ToDateTimeOffsetFromEpoch(); - - if (tokenExpiresAt < cacheExpirySetting) + var tokenExpiresAt = epoch.ToDateTimeOffsetFromEpoch(); + + if (tokenExpiresAt < cacheExpirySetting) { - _cache.Add(token, claims, tokenExpiresAt); - return Task.FromResult(null); - } - } - } - + _cache.Add(token, claims, tokenExpiresAt); + return Task.FromResult(null); + } + } + } + _cache.Add(token, claims, cacheExpirySetting); return Task.FromResult(null); diff --git a/source/AccessTokenValidation/StringExtensions.cs b/source/AccessTokenValidation/Plumbing/StringExtensions.cs similarity index 100% rename from source/AccessTokenValidation/StringExtensions.cs rename to source/AccessTokenValidation/Plumbing/StringExtensions.cs diff --git a/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs b/source/AccessTokenValidation/Plumbing/ValidationEndpointTokenProvider.cs similarity index 95% rename from source/AccessTokenValidation/ValidationEndpointTokenProvider.cs rename to source/AccessTokenValidation/Plumbing/ValidationEndpointTokenProvider.cs index 6e3f39d..51f1e14 100644 --- a/source/AccessTokenValidation/ValidationEndpointTokenProvider.cs +++ b/source/AccessTokenValidation/Plumbing/ValidationEndpointTokenProvider.cs @@ -31,10 +31,10 @@ internal class ValidationEndpointTokenProvider : AuthenticationTokenProvider { private readonly HttpClient _client; private readonly string _tokenValidationEndpoint; - private readonly IdentityServerBearerTokenAuthenticationOptions _options; + private readonly IdentityServerTokenAuthenticationOptions _options; private readonly ILogger _logger; - public ValidationEndpointTokenProvider(IdentityServerBearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) + public ValidationEndpointTokenProvider(IdentityServerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) { _logger = loggerFactory.Create("ValidationEndpointTokenProvider"); diff --git a/source/AccessTokenValidation/ScopeRequirementMiddleware.cs b/source/AccessTokenValidation/ScopeRequirementMiddleware.cs index 8d8bd13..f096ebe 100644 --- a/source/AccessTokenValidation/ScopeRequirementMiddleware.cs +++ b/source/AccessTokenValidation/ScopeRequirementMiddleware.cs @@ -19,15 +19,16 @@ using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; +using AppFunc = System.Func, System.Threading.Tasks.Task>; namespace IdentityServer3.AccessTokenValidation { - internal class ScopeRequirementMiddleware + public class ScopeRequirementMiddleware { - private readonly Func, Task> _next; + private readonly AppFunc _next; private readonly IEnumerable _scopes; - public ScopeRequirementMiddleware(Func, Task> next, IEnumerable scopes) + public ScopeRequirementMiddleware(AppFunc next, IEnumerable scopes) { _next = next; _scopes = scopes; @@ -90,7 +91,7 @@ private bool ScopesFound(OwinContext context) foreach (var scope in scopeClaims) { - if (_scopes.Contains(scope.Value)) + if (_scopes.Contains(scope.Value, StringComparer.Ordinal)) { return true; } diff --git a/source/AccessTokenValidation/ValidationMode.cs b/source/AccessTokenValidation/ValidationMode.cs index 318f913..b03e2ae 100644 --- a/source/AccessTokenValidation/ValidationMode.cs +++ b/source/AccessTokenValidation/ValidationMode.cs @@ -22,13 +22,18 @@ namespace IdentityServer3.AccessTokenValidation public enum ValidationMode { /// - /// Use local validation (only suitable for JWT tokens) + /// Use local validation for JWTs and the validation endpoint for reference tokens /// - Local, + Both, /// - /// Use the validation endpoint (works for both JWT and reference tokens) + /// Use local validation oly (only suitable for JWT tokens) /// - ValidationEndpoint, + LocalOnly, + + /// + /// Use the validation endpoint only (works for both JWT and reference tokens) + /// + ValidationEndpointOnly } } \ No newline at end of file From 19cc9560e35043c0d1e5250edd01967159a9c0f5 Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Fri, 24 Jul 2015 08:20:45 +0200 Subject: [PATCH 14/24] added comments and logging --- ...dentityServerTokenAuthenticationOptions.cs | 76 ++++++++++++++++++- ...rverTokenValidationAppBuilderExtensions.cs | 17 ++++- ...veryDocumentIssuerSecurityTokenProvider.cs | 15 +++- 3 files changed, 102 insertions(+), 6 deletions(-) diff --git a/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs b/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs index 9683a35..d4a0faa 100644 --- a/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs +++ b/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs @@ -23,38 +23,110 @@ namespace IdentityServer3.AccessTokenValidation { + /// + /// Configures identity server token validation + /// public class IdentityServerTokenAuthenticationOptions : AuthenticationOptions { + /// + /// Initializes a new instance of the class. + /// public IdentityServerTokenAuthenticationOptions() : base("Bearer") { NameClaimType = "name"; RoleClaimType = "role"; ValidationMode = ValidationMode.Both; - RequiredScopes = Enumerable.Empty(); - ValidationResultCacheDuration = TimeSpan.FromMinutes(5); } + /// + /// Gets or sets the base address of identity server (required) + /// + /// + /// The authority. + /// public string Authority { get; set; } + /// + /// Gets or sets the validation mode. + /// + /// + /// The validation mode. + /// public ValidationMode ValidationMode { get; set; } + /// + /// Gets or sets the backchannel HTTP handler. + /// + /// + /// The backchannel HTTP handler. + /// public WebRequestHandler BackchannelHttpHandler { get; set; } + + /// + /// Gets or sets the backchannel certificate validator. + /// + /// + /// The backchannel certificate validator. + /// public ICertificateValidator BackchannelCertificateValidator { get; set; } + /// + /// Gets or sets the type of the name claim. + /// + /// + /// The type of the name claim. + /// public string NameClaimType { get; set; } + + /// + /// Gets or sets the type of the role claim. + /// + /// + /// The type of the role claim. + /// public string RoleClaimType { get; set; } + /// + /// Gets or sets the token provider. + /// + /// + /// The token provider. + /// public IOAuthBearerAuthenticationProvider TokenProvider { get; set; } + /// + /// Gets or sets the duration of the validation result cache. + /// + /// + /// The duration of the validation result cache. + /// public TimeSpan ValidationResultCacheDuration { get; set; } + /// + /// Gets or sets a value indicating whether to enable validation result caching. + /// + /// + /// true if [enable validation result cache]; otherwise, false. + /// public bool EnableValidationResultCache { get; set; } + /// + /// Gets or sets the validation result cache. + /// + /// + /// The validation result cache. + /// public IValidationResultCache ValidationResultCache { get; set; } + /// + /// Gets or sets the required scopes. + /// + /// + /// The required scopes. + /// public IEnumerable RequiredScopes { get; set; } } } \ No newline at end of file diff --git a/source/AccessTokenValidation/IdentityServerTokenValidationAppBuilderExtensions.cs b/source/AccessTokenValidation/IdentityServerTokenValidationAppBuilderExtensions.cs index ae359ff..1c4c575 100644 --- a/source/AccessTokenValidation/IdentityServerTokenValidationAppBuilderExtensions.cs +++ b/source/AccessTokenValidation/IdentityServerTokenValidationAppBuilderExtensions.cs @@ -18,15 +18,29 @@ using Microsoft.Owin.Logging; using Microsoft.Owin.Security.Jwt; using Microsoft.Owin.Security.OAuth; +using System; using System.IdentityModel.Tokens; using System.Linq; namespace Owin { + /// + /// AppBuilder extensions for identity server token validation + /// public static class IdentityServerTokenValidationAppBuilderExtensions { + /// + /// Add identity server token authentication to the pipeline. + /// + /// The application. + /// The options. + /// public static IAppBuilder UseIdentityServerTokenAuthentication(this IAppBuilder app, IdentityServerTokenAuthenticationOptions options) { + if (app == null) throw new ArgumentNullException("app"); + if (options == null) throw new ArgumentNullException("options"); + if (string.IsNullOrEmpty(options.Authority)) throw new ArgumentException("Authority must be set", "authority"); + var loggerFactory = app.GetLoggerFactory(); var middlewareOptions = new IdentityServerOAuthBearerAuthenticationOptions(); @@ -85,7 +99,8 @@ internal static OAuthBearerAuthenticationOptions ConfigureLocalValidation(Identi var issuerProvider = new DiscoveryDocumentIssuerSecurityTokenProvider( discoveryEndpoint, - options); + options, + loggerFactory); var valParams = new TokenValidationParameters { diff --git a/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs b/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs index d57dd4d..e594a8a 100644 --- a/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs +++ b/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs @@ -15,6 +15,7 @@ */ using Microsoft.IdentityModel.Protocols; +using Microsoft.Owin.Logging; using Microsoft.Owin.Security.Jwt; using System; using System.Collections.Generic; @@ -31,13 +32,16 @@ internal class DiscoveryDocumentIssuerSecurityTokenProvider : IIssuerSecurityTok private readonly TimeSpan _refreshInterval = new TimeSpan(1, 0, 0, 0); private readonly ReaderWriterLockSlim _synclock = new ReaderWriterLockSlim(); private readonly ConfigurationManager _configurationManager; - + private readonly ILogger _logger; + private DateTimeOffset _syncAfter = new DateTimeOffset(new DateTime(2001, 1, 1)); private string _issuer; private IEnumerable _tokens; - public DiscoveryDocumentIssuerSecurityTokenProvider(string discoveryEndpoint, IdentityServerTokenAuthenticationOptions options) + public DiscoveryDocumentIssuerSecurityTokenProvider(string discoveryEndpoint, IdentityServerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) { + _logger = loggerFactory.Create("IdentityServer3.AccessTokenValidation.DiscoveryDocumentIssuerSecurityTokenProvider"); + var handler = options.BackchannelHttpHandler ?? new WebRequestHandler(); if (options.BackchannelCertificateValidator != null) @@ -134,12 +138,17 @@ private void RetrieveMetadata() { var result = AsyncHelper.RunSync(async () => await _configurationManager.GetConfigurationAsync()); var tokens = from key in result.JsonWebKeySet.Keys - select new X509SecurityToken(new X509Certificate2(Convert.FromBase64String(key.X5c.First()))); + select new X509SecurityToken(new X509Certificate2(Convert.FromBase64String(key.X5c.First()))); _issuer = result.Issuer; _tokens = tokens; _syncAfter = DateTimeOffset.UtcNow + _refreshInterval; } + catch (Exception ex) + { + _logger.WriteError("Error contacting discovery endpoint: " + ex.ToString()); + throw; + } finally { _synclock.ExitWriteLock(); From 16368a7ee2972ebe2ebc4b34700066fa9ec5ce0e Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Sun, 26 Jul 2015 12:37:27 +0200 Subject: [PATCH 15/24] changed names to be backwards compat --- .../InMemoryClaimsCacheTests.cs | 10 ++--- .../AccessTokenValidation.csproj | 42 +++++++++---------- ...rerTokenValidationAppBuilderExtensions.cs} | 10 ++--- ...yServerBearerTokenValidationMiddleware.cs} | 4 +- ...dentityServerTokenAuthenticationOptions.cs | 6 +-- ...veryDocumentIssuerSecurityTokenProvider.cs | 2 +- .../Plumbing/InMemoryValidationResultCache.cs | 6 +-- .../ValidationEndpointTokenProvider.cs | 4 +- source/AccessTokenValidation/packages.config | 12 +++--- 9 files changed, 48 insertions(+), 48 deletions(-) rename source/AccessTokenValidation/{IdentityServerTokenValidationAppBuilderExtensions.cs => IdentityServerBearerTokenValidationAppBuilderExtensions.cs} (90%) rename source/AccessTokenValidation/{IdentityServerTokenValidationMiddleware.cs => IdentityServerBearerTokenValidationMiddleware.cs} (95%) diff --git a/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs b/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs index 8838379..0db91b2 100644 --- a/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs +++ b/source/AccessTokenValidation.Tests/InMemoryClaimsCacheTests.cs @@ -13,7 +13,7 @@ public class InMemoryClaimsCacheTests const string Category = "InMemoryClaimsCache"; protected double ExpiryClaimSaysTokenExpiresInMinutes; protected double CacheEvictsTokensAfterMinutes; - IdentityServerTokenAuthenticationOptions _options; + IdentityServerBearerTokenAuthenticationOptions _options; ICache _cache; IClock _clock; protected IEnumerable Claims; @@ -27,7 +27,7 @@ public class InMemoryClaimsCacheTests [Trait("Category", Category)] public void InvokingConstructor_WithOptionsOnly_ShouldNotError() { - var options = new IdentityServerTokenAuthenticationOptions(); + var options = new IdentityServerBearerTokenAuthenticationOptions(); new InMemoryValidationResultCache(options); } @@ -36,7 +36,7 @@ public void InvokingConstructor_WithOptionsOnly_ShouldNotError() [Trait("Category", Category)] public void InvokingConstructor_WithNullIClock_ShouldError() { - var options = new IdentityServerTokenAuthenticationOptions(); + var options = new IdentityServerBearerTokenAuthenticationOptions(); Assert.Throws(() => new InMemoryValidationResultCache(options, null, new Cache())); } @@ -76,7 +76,7 @@ public void WhenTokenExpiryClaimExpiresAfterClaimsCacheDuration_CacheExpiry_Shou void Arrange(Action specifyExpectedCacheExpiry) { _cache = Mock.Of(); _clock = Mock.Of(c => c.UtcNow == DateTimeOffset.Now); - _options = new IdentityServerTokenAuthenticationOptions + _options = new IdentityServerBearerTokenAuthenticationOptions { ValidationResultCacheDuration = TimeSpan.FromMinutes(CacheEvictsTokensAfterMinutes) }; @@ -92,7 +92,7 @@ void Arrange(Action specifyExpectedCacheExpiry) { Sut = new InMemoryValidationResultCache(_options, _clock, _cache); } - static void DebugToConsole(DateTime now, DateTimeOffset expiryClaimSaysTokenExpiresAt, IdentityServerTokenAuthenticationOptions options, DateTimeOffset cacheExpiryEvictsTokenAt, DateTimeOffset expectedCacheExpiry) { + static void DebugToConsole(DateTime now, DateTimeOffset expiryClaimSaysTokenExpiresAt, IdentityServerBearerTokenAuthenticationOptions options, DateTimeOffset cacheExpiryEvictsTokenAt, DateTimeOffset expectedCacheExpiry) { Console.WriteLine("now: {0}", now); Console.WriteLine("expiry claim says token expires at: {0}", expiryClaimSaysTokenExpiresAt); Console.WriteLine("claims cache duration: {0}", options.ValidationResultCacheDuration); diff --git a/source/AccessTokenValidation/AccessTokenValidation.csproj b/source/AccessTokenValidation/AccessTokenValidation.csproj index 8e83d80..1bb638c 100644 --- a/source/AccessTokenValidation/AccessTokenValidation.csproj +++ b/source/AccessTokenValidation/AccessTokenValidation.csproj @@ -32,40 +32,40 @@ ..\..\build\IdentityServer3.AccessTokenValidation.xml - - False - ..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.2.206221351\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll + + ..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.0\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll + True - - False - ..\packages\Microsoft.Owin.3.0.1\lib\net45\Microsoft.Owin.dll + + ..\packages\Microsoft.Owin.3.0.0\lib\net45\Microsoft.Owin.dll + True - - False - ..\packages\Microsoft.Owin.Security.3.0.1\lib\net45\Microsoft.Owin.Security.dll + + ..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll + True - - False - ..\packages\Microsoft.Owin.Security.Jwt.3.0.1\lib\net45\Microsoft.Owin.Security.Jwt.dll + + ..\packages\Microsoft.Owin.Security.Jwt.3.0.0\lib\net45\Microsoft.Owin.Security.Jwt.dll + True - - False - ..\packages\Microsoft.Owin.Security.OAuth.3.0.1\lib\net45\Microsoft.Owin.Security.OAuth.dll + + ..\packages\Microsoft.Owin.Security.OAuth.3.0.0\lib\net45\Microsoft.Owin.Security.OAuth.dll + True False ..\packages\Newtonsoft.Json.6.0.8\lib\net45\Newtonsoft.Json.dll - False ..\packages\Owin.1.0\lib\net40\Owin.dll + True - - False - ..\packages\System.IdentityModel.Tokens.Jwt.4.0.2.206221351\lib\net45\System.IdentityModel.Tokens.Jwt.dll + + ..\packages\System.IdentityModel.Tokens.Jwt.4.0.0\lib\net45\System.IdentityModel.Tokens.Jwt.dll + True @@ -83,8 +83,8 @@ - - + + diff --git a/source/AccessTokenValidation/IdentityServerTokenValidationAppBuilderExtensions.cs b/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs similarity index 90% rename from source/AccessTokenValidation/IdentityServerTokenValidationAppBuilderExtensions.cs rename to source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs index 1c4c575..04d61e9 100644 --- a/source/AccessTokenValidation/IdentityServerTokenValidationAppBuilderExtensions.cs +++ b/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs @@ -27,7 +27,7 @@ namespace Owin /// /// AppBuilder extensions for identity server token validation /// - public static class IdentityServerTokenValidationAppBuilderExtensions + public static class IdentityServerBearerTokenValidationAppBuilderExtensions { /// /// Add identity server token authentication to the pipeline. @@ -35,7 +35,7 @@ public static class IdentityServerTokenValidationAppBuilderExtensions /// The application. /// The options. /// - public static IAppBuilder UseIdentityServerTokenAuthentication(this IAppBuilder app, IdentityServerTokenAuthenticationOptions options) + public static IAppBuilder UseIdentityServerTokenAuthentication(this IAppBuilder app, IdentityServerBearerTokenAuthenticationOptions options) { if (app == null) throw new ArgumentNullException("app"); if (options == null) throw new ArgumentNullException("options"); @@ -61,7 +61,7 @@ public static IAppBuilder UseIdentityServerTokenAuthentication(this IAppBuilder middlewareOptions.TokenProvider = options.TokenProvider; } - app.Use(middlewareOptions); + app.Use(middlewareOptions); if (options.RequiredScopes.Any()) { @@ -71,7 +71,7 @@ public static IAppBuilder UseIdentityServerTokenAuthentication(this IAppBuilder return app; } - private static OAuthBearerAuthenticationOptions ConfigureEndpointValidation(IdentityServerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) + private static OAuthBearerAuthenticationOptions ConfigureEndpointValidation(IdentityServerBearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) { if (options.EnableValidationResultCache) { @@ -92,7 +92,7 @@ private static OAuthBearerAuthenticationOptions ConfigureEndpointValidation(Iden return bearerOptions; } - internal static OAuthBearerAuthenticationOptions ConfigureLocalValidation(IdentityServerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) + internal static OAuthBearerAuthenticationOptions ConfigureLocalValidation(IdentityServerBearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) { var discoveryEndpoint = options.Authority.EnsureTrailingSlash(); discoveryEndpoint += ".well-known/openid-configuration"; diff --git a/source/AccessTokenValidation/IdentityServerTokenValidationMiddleware.cs b/source/AccessTokenValidation/IdentityServerBearerTokenValidationMiddleware.cs similarity index 95% rename from source/AccessTokenValidation/IdentityServerTokenValidationMiddleware.cs rename to source/AccessTokenValidation/IdentityServerBearerTokenValidationMiddleware.cs index 6767763..975aa85 100644 --- a/source/AccessTokenValidation/IdentityServerTokenValidationMiddleware.cs +++ b/source/AccessTokenValidation/IdentityServerBearerTokenValidationMiddleware.cs @@ -26,14 +26,14 @@ namespace IdentityServer3.AccessTokenValidation { - public class IdentityServerTokenValidationMiddleware + public class IdentityServerBearerTokenValidationMiddleware { private readonly AppFunc _next; private readonly AppFunc _localValidationFunc; private readonly AppFunc _endpointValidationFunc; private IdentityServerOAuthBearerAuthenticationOptions _options; - public IdentityServerTokenValidationMiddleware(AppFunc next, IdentityServerOAuthBearerAuthenticationOptions options) + public IdentityServerBearerTokenValidationMiddleware(AppFunc next, IdentityServerOAuthBearerAuthenticationOptions options) { _next = next; _options = options; diff --git a/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs b/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs index d4a0faa..f8f0f71 100644 --- a/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs +++ b/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs @@ -26,12 +26,12 @@ namespace IdentityServer3.AccessTokenValidation /// /// Configures identity server token validation /// - public class IdentityServerTokenAuthenticationOptions : AuthenticationOptions + public class IdentityServerBearerTokenAuthenticationOptions : AuthenticationOptions { /// - /// Initializes a new instance of the class. + /// Initializes a new instance of the class. /// - public IdentityServerTokenAuthenticationOptions() : base("Bearer") + public IdentityServerBearerTokenAuthenticationOptions() : base("Bearer") { NameClaimType = "name"; RoleClaimType = "role"; diff --git a/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs b/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs index e594a8a..47b1c5d 100644 --- a/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs +++ b/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs @@ -38,7 +38,7 @@ internal class DiscoveryDocumentIssuerSecurityTokenProvider : IIssuerSecurityTok private string _issuer; private IEnumerable _tokens; - public DiscoveryDocumentIssuerSecurityTokenProvider(string discoveryEndpoint, IdentityServerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) + public DiscoveryDocumentIssuerSecurityTokenProvider(string discoveryEndpoint, IdentityServerBearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) { _logger = loggerFactory.Create("IdentityServer3.AccessTokenValidation.DiscoveryDocumentIssuerSecurityTokenProvider"); diff --git a/source/AccessTokenValidation/Plumbing/InMemoryValidationResultCache.cs b/source/AccessTokenValidation/Plumbing/InMemoryValidationResultCache.cs index dce656c..6c34162 100644 --- a/source/AccessTokenValidation/Plumbing/InMemoryValidationResultCache.cs +++ b/source/AccessTokenValidation/Plumbing/InMemoryValidationResultCache.cs @@ -27,7 +27,7 @@ namespace IdentityServer3.AccessTokenValidation /// public class InMemoryValidationResultCache : IValidationResultCache { - private readonly IdentityServerTokenAuthenticationOptions _options; + private readonly IdentityServerBearerTokenAuthenticationOptions _options; private readonly ICache _cache; private readonly IClock _clock; @@ -35,7 +35,7 @@ public class InMemoryValidationResultCache : IValidationResultCache /// Initializes a new instance of the class. /// /// The options. - public InMemoryValidationResultCache(IdentityServerTokenAuthenticationOptions options) + public InMemoryValidationResultCache(IdentityServerBearerTokenAuthenticationOptions options) : this(options, new Clock(), new Cache()) { } @@ -52,7 +52,7 @@ public InMemoryValidationResultCache(IdentityServerTokenAuthenticationOptions op /// or /// cache /// - public InMemoryValidationResultCache(IdentityServerTokenAuthenticationOptions options, IClock clock, ICache cache) + public InMemoryValidationResultCache(IdentityServerBearerTokenAuthenticationOptions options, IClock clock, ICache cache) { if (clock == null) { throw new ArgumentNullException("clock"); } if (options == null) { throw new ArgumentNullException("options"); } diff --git a/source/AccessTokenValidation/Plumbing/ValidationEndpointTokenProvider.cs b/source/AccessTokenValidation/Plumbing/ValidationEndpointTokenProvider.cs index 51f1e14..6e3f39d 100644 --- a/source/AccessTokenValidation/Plumbing/ValidationEndpointTokenProvider.cs +++ b/source/AccessTokenValidation/Plumbing/ValidationEndpointTokenProvider.cs @@ -31,10 +31,10 @@ internal class ValidationEndpointTokenProvider : AuthenticationTokenProvider { private readonly HttpClient _client; private readonly string _tokenValidationEndpoint; - private readonly IdentityServerTokenAuthenticationOptions _options; + private readonly IdentityServerBearerTokenAuthenticationOptions _options; private readonly ILogger _logger; - public ValidationEndpointTokenProvider(IdentityServerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) + public ValidationEndpointTokenProvider(IdentityServerBearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) { _logger = loggerFactory.Create("ValidationEndpointTokenProvider"); diff --git a/source/AccessTokenValidation/packages.config b/source/AccessTokenValidation/packages.config index 7ed1744..3cb139b 100644 --- a/source/AccessTokenValidation/packages.config +++ b/source/AccessTokenValidation/packages.config @@ -1,12 +1,12 @@  - - - - - + + + + + - + \ No newline at end of file From ef13b8ed216fba10cca671bb97f164c02797e1ad Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Sun, 26 Jul 2015 12:41:27 +0200 Subject: [PATCH 16/24] updated nuspec --- source/IdentityServer3.AccessTokenValidation.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/IdentityServer3.AccessTokenValidation.nuspec b/source/IdentityServer3.AccessTokenValidation.nuspec index d0e88f6..b479871 100644 --- a/source/IdentityServer3.AccessTokenValidation.nuspec +++ b/source/IdentityServer3.AccessTokenValidation.nuspec @@ -21,9 +21,9 @@ - + - + \ No newline at end of file From b440e00e12e877dff388f73853861c0f3b6a95cc Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Sun, 26 Jul 2015 12:44:26 +0200 Subject: [PATCH 17/24] another name change --- .../IdentityServerBearerTokenValidationAppBuilderExtensions.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs b/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs index 04d61e9..4d35ebc 100644 --- a/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs +++ b/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs @@ -35,7 +35,7 @@ public static class IdentityServerBearerTokenValidationAppBuilderExtensions /// The application. /// The options. /// - public static IAppBuilder UseIdentityServerTokenAuthentication(this IAppBuilder app, IdentityServerBearerTokenAuthenticationOptions options) + public static IAppBuilder UseIdentityServerBearerTokenAuthentication(this IAppBuilder app, IdentityServerBearerTokenAuthenticationOptions options) { if (app == null) throw new ArgumentNullException("app"); if (options == null) throw new ArgumentNullException("options"); From ec8115bf292999a1e34f2c453cbcd5380d1146db Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Sun, 26 Jul 2015 12:54:50 +0200 Subject: [PATCH 18/24] renamed file --- ...tions.cs => IdentityServerBearerTokenAuthenticationOptions.cs} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename source/AccessTokenValidation/{IdentityServerTokenAuthenticationOptions.cs => IdentityServerBearerTokenAuthenticationOptions.cs} (100%) diff --git a/source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs b/source/AccessTokenValidation/IdentityServerBearerTokenAuthenticationOptions.cs similarity index 100% rename from source/AccessTokenValidation/IdentityServerTokenAuthenticationOptions.cs rename to source/AccessTokenValidation/IdentityServerBearerTokenAuthenticationOptions.cs From ce6b954b771eb805d3c56daf638cdb9d69fe888f Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Sun, 26 Jul 2015 12:57:07 +0200 Subject: [PATCH 19/24] added check for null jwks uri in disco doc --- source/AccessTokenValidation/AccessTokenValidation.csproj | 2 +- .../DiscoveryDocumentIssuerSecurityTokenProvider.cs | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/source/AccessTokenValidation/AccessTokenValidation.csproj b/source/AccessTokenValidation/AccessTokenValidation.csproj index 1bb638c..9127837 100644 --- a/source/AccessTokenValidation/AccessTokenValidation.csproj +++ b/source/AccessTokenValidation/AccessTokenValidation.csproj @@ -82,7 +82,7 @@ - + diff --git a/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs b/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs index 47b1c5d..35c62ac 100644 --- a/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs +++ b/source/AccessTokenValidation/Plumbing/DiscoveryDocumentIssuerSecurityTokenProvider.cs @@ -137,6 +137,13 @@ private void RetrieveMetadata() try { var result = AsyncHelper.RunSync(async () => await _configurationManager.GetConfigurationAsync()); + + if (result.JsonWebKeySet == null) + { + _logger.WriteError("Discovery document has no configured signing key. aborting."); + throw new InvalidOperationException("Discovery document has no configured signing key. aborting."); + } + var tokens = from key in result.JsonWebKeySet.Keys select new X509SecurityToken(new X509Certificate2(Convert.FromBase64String(key.X5c.First()))); From 3a05fe081274c01329a1e0ef70031fd42853551e Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Sun, 26 Jul 2015 13:03:07 +0200 Subject: [PATCH 20/24] Renamed ValidationMode enums --- ...IdentityServerBearerTokenValidationAppBuilderExtensions.cs | 4 ++-- source/AccessTokenValidation/ValidationMode.cs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs b/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs index 4d35ebc..3bfa289 100644 --- a/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs +++ b/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs @@ -45,13 +45,13 @@ public static IAppBuilder UseIdentityServerBearerTokenAuthentication(this IAppBu var middlewareOptions = new IdentityServerOAuthBearerAuthenticationOptions(); if (options.ValidationMode == ValidationMode.Both || - options.ValidationMode == ValidationMode.LocalOnly) + options.ValidationMode == ValidationMode.Local) { middlewareOptions.LocalValidationOptions = ConfigureLocalValidation(options, loggerFactory); } if (options.ValidationMode == ValidationMode.Both || - options.ValidationMode == ValidationMode.ValidationEndpointOnly) + options.ValidationMode == ValidationMode.ValidationEndpoint) { middlewareOptions.EndpointValidationOptions = ConfigureEndpointValidation(options, loggerFactory); } diff --git a/source/AccessTokenValidation/ValidationMode.cs b/source/AccessTokenValidation/ValidationMode.cs index b03e2ae..6af8c23 100644 --- a/source/AccessTokenValidation/ValidationMode.cs +++ b/source/AccessTokenValidation/ValidationMode.cs @@ -29,11 +29,11 @@ public enum ValidationMode /// /// Use local validation oly (only suitable for JWT tokens) /// - LocalOnly, + Local, /// /// Use the validation endpoint only (works for both JWT and reference tokens) /// - ValidationEndpointOnly + ValidationEndpoint } } \ No newline at end of file From fdc6ba185158d1ddd9068f081e600de4b7ece297 Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Sun, 26 Jul 2015 13:03:14 +0200 Subject: [PATCH 21/24] added comments --- ...tyServerBearerTokenValidationMiddleware.cs | 13 +++++++++ ...yServerOAuthBearerAuthenticationOptions.cs | 22 +++++++++++++++ .../Plumbing/ContextTokenProvider.cs | 28 +++++++++++++++++++ .../ScopeRequirementMiddleware.cs | 13 +++++++++ 4 files changed, 76 insertions(+) diff --git a/source/AccessTokenValidation/IdentityServerBearerTokenValidationMiddleware.cs b/source/AccessTokenValidation/IdentityServerBearerTokenValidationMiddleware.cs index 975aa85..006a4d2 100644 --- a/source/AccessTokenValidation/IdentityServerBearerTokenValidationMiddleware.cs +++ b/source/AccessTokenValidation/IdentityServerBearerTokenValidationMiddleware.cs @@ -26,6 +26,9 @@ namespace IdentityServer3.AccessTokenValidation { + /// + /// Middleware for validating identityserver access tokens + /// public class IdentityServerBearerTokenValidationMiddleware { private readonly AppFunc _next; @@ -33,6 +36,11 @@ public class IdentityServerBearerTokenValidationMiddleware private readonly AppFunc _endpointValidationFunc; private IdentityServerOAuthBearerAuthenticationOptions _options; + /// + /// Initializes a new instance of the class. + /// + /// The next middleware. + /// The options. public IdentityServerBearerTokenValidationMiddleware(AppFunc next, IdentityServerOAuthBearerAuthenticationOptions options) { _next = next; @@ -57,6 +65,11 @@ public IdentityServerBearerTokenValidationMiddleware(AppFunc next, IdentityServe } } + /// + /// Invokes the middleware. + /// + /// The environment. + /// public async Task Invoke(IDictionary environment) { var context = new OwinContext(environment); diff --git a/source/AccessTokenValidation/IdentityServerOAuthBearerAuthenticationOptions.cs b/source/AccessTokenValidation/IdentityServerOAuthBearerAuthenticationOptions.cs index ec501af..3d3c0f3 100644 --- a/source/AccessTokenValidation/IdentityServerOAuthBearerAuthenticationOptions.cs +++ b/source/AccessTokenValidation/IdentityServerOAuthBearerAuthenticationOptions.cs @@ -18,11 +18,33 @@ namespace IdentityServer3.AccessTokenValidation { + /// + /// Options that wraps OAuth2BearerAuthenticationOptions for local and remote token validation + /// public class IdentityServerOAuthBearerAuthenticationOptions { + /// + /// Gets or sets the token provider (set this if the access token is NOT on the authorization header using a Bearer scheme. + /// + /// + /// The token provider. + /// public IOAuthBearerAuthenticationProvider TokenProvider { get; set; } + /// + /// Gets or sets the local validation options. + /// + /// + /// The local validation options. + /// public OAuthBearerAuthenticationOptions LocalValidationOptions { get; set; } + + /// + /// Gets or sets the endpoint validation options. + /// + /// + /// The endpoint validation options. + /// public OAuthBearerAuthenticationOptions EndpointValidationOptions { get; set; } } } \ No newline at end of file diff --git a/source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs b/source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs index f0b1742..871ceda 100644 --- a/source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs +++ b/source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs @@ -19,19 +19,47 @@ namespace IdentityServer3.AccessTokenValidation { + /// + /// Token provider that returns the token already found by the identityserver token middleware + /// public class ContextTokenProvider : IOAuthBearerAuthenticationProvider { + /// + /// Called each time a challenge is being sent to the client. By implementing this method the application + /// may modify the challenge as needed. + /// + /// Contains the default challenge. + /// + /// A representing the completed operation. + /// + /// public Task ApplyChallenge(OAuthChallengeContext context) { throw new NotImplementedException(); } + /// + /// Invoked before the is created. Gives the application an + /// opportunity to find the identity from a different location, adjust, or reject the token. + /// + /// Contains the token string. + /// + /// A representing the completed operation. + /// public Task RequestToken(OAuthRequestTokenContext context) { context.Token = context.OwinContext.Get("idsrv:tokenvalidation:token"); return Task.FromResult(0); } + /// + /// Called each time a request identity has been validated by the middleware. By implementing this method the + /// application may alter or reject the identity which has arrived with the request. + /// + /// Contains information about the login session as well as the user . + /// + /// A representing the completed operation. + /// public Task ValidateIdentity(OAuthValidateIdentityContext context) { return Task.FromResult(0); diff --git a/source/AccessTokenValidation/ScopeRequirementMiddleware.cs b/source/AccessTokenValidation/ScopeRequirementMiddleware.cs index f096ebe..907021d 100644 --- a/source/AccessTokenValidation/ScopeRequirementMiddleware.cs +++ b/source/AccessTokenValidation/ScopeRequirementMiddleware.cs @@ -23,17 +23,30 @@ namespace IdentityServer3.AccessTokenValidation { + /// + /// Middleware to check for scope claims in access token + /// public class ScopeRequirementMiddleware { private readonly AppFunc _next; private readonly IEnumerable _scopes; + /// + /// Initializes a new instance of the class. + /// + /// The next midleware. + /// The scopes. public ScopeRequirementMiddleware(AppFunc next, IEnumerable scopes) { _next = next; _scopes = scopes; } + /// + /// Invokes the middleware. + /// + /// The OWIN environment. + /// public async Task Invoke(IDictionary env) { var context = new OwinContext(env); From 102f83a708a4271edfdd1a03125e4eb6c7933dd1 Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Wed, 29 Jul 2015 11:12:37 +0200 Subject: [PATCH 22/24] removed throw --- .../Plumbing/ValidationEndpointTokenProvider.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/AccessTokenValidation/Plumbing/ValidationEndpointTokenProvider.cs b/source/AccessTokenValidation/Plumbing/ValidationEndpointTokenProvider.cs index 6e3f39d..87555aa 100644 --- a/source/AccessTokenValidation/Plumbing/ValidationEndpointTokenProvider.cs +++ b/source/AccessTokenValidation/Plumbing/ValidationEndpointTokenProvider.cs @@ -90,7 +90,7 @@ public override async Task ReceiveAsync(AuthenticationTokenReceiveContext contex catch (Exception ex) { _logger.WriteError("Exception while contacting token validation endpoint: " + ex.ToString()); - throw; + return; } var jsonString = await response.Content.ReadAsStringAsync(); From b88dbf47b2c00b4b93b02d0d39e9160b1fea8efa Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Wed, 29 Jul 2015 13:26:20 +0200 Subject: [PATCH 23/24] removed NotImplementedException --- .../Plumbing/ContextTokenProvider.cs | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs b/source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs index 871ceda..d25a3b6 100644 --- a/source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs +++ b/source/AccessTokenValidation/Plumbing/ContextTokenProvider.cs @@ -13,6 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + using Microsoft.Owin.Security.OAuth; using System; using System.Threading.Tasks; @@ -25,30 +26,30 @@ namespace IdentityServer3.AccessTokenValidation public class ContextTokenProvider : IOAuthBearerAuthenticationProvider { /// - /// Called each time a challenge is being sent to the client. By implementing this method the application - /// may modify the challenge as needed. + /// Invoked before the is created. Gives the application an + /// opportunity to find the identity from a different location, adjust, or reject the token. /// - /// Contains the default challenge. + /// Contains the token string. /// /// A representing the completed operation. /// - /// - public Task ApplyChallenge(OAuthChallengeContext context) + public Task RequestToken(OAuthRequestTokenContext context) { - throw new NotImplementedException(); + context.Token = context.OwinContext.Get("idsrv:tokenvalidation:token"); + return Task.FromResult(0); } /// - /// Invoked before the is created. Gives the application an - /// opportunity to find the identity from a different location, adjust, or reject the token. + /// Called each time a challenge is being sent to the client. By implementing this method the application + /// may modify the challenge as needed. /// - /// Contains the token string. + /// Contains the default challenge. /// /// A representing the completed operation. /// - public Task RequestToken(OAuthRequestTokenContext context) + /// + public Task ApplyChallenge(OAuthChallengeContext context) { - context.Token = context.OwinContext.Get("idsrv:tokenvalidation:token"); return Task.FromResult(0); } From e888a90729662e36a72f694765430d3859935d3d Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Wed, 29 Jul 2015 13:44:24 +0200 Subject: [PATCH 24/24] updated nugets --- .../AccessTokenValidation.Tests.csproj | 21 ++++++++++--------- .../packages.config | 6 +++--- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj b/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj index 3ad96ec..ea6eadd 100644 --- a/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj +++ b/source/AccessTokenValidation.Tests/AccessTokenValidation.Tests.csproj @@ -33,17 +33,17 @@ 4 - - False - ..\packages\FluentAssertions.3.2.2\lib\net45\FluentAssertions.dll + + ..\packages\FluentAssertions.3.4.1\lib\net45\FluentAssertions.dll + True - - False - ..\packages\FluentAssertions.3.2.2\lib\net45\FluentAssertions.Core.dll + + ..\packages\FluentAssertions.3.4.1\lib\net45\FluentAssertions.Core.dll + True - False - ..\packages\IdentityModel.1.0.0-rc8\lib\net45\IdentityModel.Net45.dll + ..\packages\IdentityModel.1.0.0\lib\net45\IdentityModel.Net45.dll + True False @@ -53,8 +53,9 @@ False ..\packages\Microsoft.Owin.Security.3.0.1\lib\net45\Microsoft.Owin.Security.dll - - ..\packages\Moq.4.2.1409.1722\lib\net40\Moq.dll + + ..\packages\Moq.4.2.1507.0118\lib\net40\Moq.dll + True False diff --git a/source/AccessTokenValidation.Tests/packages.config b/source/AccessTokenValidation.Tests/packages.config index 6836752..42d4f8d 100644 --- a/source/AccessTokenValidation.Tests/packages.config +++ b/source/AccessTokenValidation.Tests/packages.config @@ -1,10 +1,10 @@  - - + + - +