Merge branch 'dev'

IdentityServer · Dec 20, 2015 · 4398f56 · 4398f56
2 parents 65d2327 + 7794a15
commit 4398f56
Show file tree

Hide file tree

Showing 101 changed files with 1,934 additions and 393 deletions.
diff --git a/default.ps1 b/default.ps1
@@ -11,7 +11,7 @@ properties {
 	$nuget_path = "$src_directory\.nuget\nuget.exe"
 
 	$buildNumber = 0;
-	$version = "2.2.3.0"
+	$version = "2.3.0.0"
 	$preRelease = $null
 }
 

diff --git a/source/Core/Configuration/AppBuilderExtensions/ConfigureIdentityServerBaseUrlExtension.cs b/source/Core/Configuration/AppBuilderExtensions/ConfigureIdentityServerBaseUrlExtension.cs
@@ -14,7 +14,6 @@
  * limitations under the License.
  */
 
-using System;
 using IdentityServer3.Core.Extensions;
 
 namespace Owin

diff --git a/source/Core/Configuration/AuthenticationSessionStoreWrapper.cs b/source/Core/Configuration/AuthenticationSessionStoreWrapper.cs
@@ -1,9 +1,8 @@
 namespace IdentityServer3.Core.Configuration
 {
-    using System.Threading.Tasks;
-
     using Microsoft.Owin.Security;
     using Microsoft.Owin.Security.Cookies;
+    using System.Threading.Tasks;
 
     internal class AuthenticationSessionStoreWrapper : IAuthenticationSessionStore
     {

diff --git a/source/Core/Configuration/AuthenticationTicketModel.cs b/source/Core/Configuration/AuthenticationTicketModel.cs
@@ -1,10 +1,9 @@
 namespace IdentityServer3.Core.Configuration
 {
+    using Microsoft.Owin.Security;
     using System.Collections.Generic;
     using System.Security.Claims;
 
-    using Microsoft.Owin.Security;
-
     /// <summary>
     /// A model class represending an authentication ticket
     /// </summary>

diff --git a/source/Core/Configuration/DiscoveryOptions.cs b/source/Core/Configuration/DiscoveryOptions.cs
@@ -0,0 +1,83 @@
+using System.Collections.Generic;
+
+namespace IdentityServer3.Core.Configuration
+{
+    /// <summary>
+    /// Options class to configure discovery endpoint
+    /// </summary>
+    public class DiscoveryOptions
+    {
+        /// <summary>
+        /// Show endpoints
+        /// </summary>
+        public bool ShowEndpoints { get; set; }
+
+        /// <summary>
+        /// Show signing keys
+        /// </summary>
+        public bool ShowKeySet { get; set; }
+
+        /// <summary>
+        /// Show identity scopes
+        /// </summary>
+        public bool ShowIdentityScopes { get; set; }
+
+        /// <summary>
+        /// Show resource scopes
+        /// </summary>
+        public bool ShowResourceScopes { get; set; }
+
+        /// <summary>
+        /// Show identity claims
+        /// </summary>
+        public bool ShowClaims { get; set; }
+
+        /// <summary>
+        /// Show response types
+        /// </summary>
+        public bool ShowResponseTypes { get; set; }
+
+        /// <summary>
+        /// Show response modes
+        /// </summary>
+        public bool ShowResponseModes { get; set; }
+
+        /// <summary>
+        /// Show standard grant types
+        /// </summary>
+        public bool ShowGrantTypes { get; set; }
+
+        /// <summary>
+        /// Show custom grant types
+        /// </summary>
+        public bool ShowCustomGrantTypes { get; set; }
+
+        /// <summary>
+        /// Show token endpoint authentication methods
+        /// </summary>
+        public bool ShowTokenEndpointAuthenticationMethods { get; set; }
+
+        /// <summary>
+        /// Adds custom entries to the discovery document
+        /// </summary>
+        public Dictionary<string, object> CustomEntries { get; set; }
+
+        /// <summary>
+        /// Initializes with default values
+        /// </summary>
+        public DiscoveryOptions()
+        {
+            ShowEndpoints = true;
+            ShowKeySet = true;
+            ShowIdentityScopes = true;
+            ShowResourceScopes = true;
+            ShowClaims = true;
+            ShowResponseTypes = true;
+            ShowResponseModes = true;
+            ShowGrantTypes = true;
+            ShowCustomGrantTypes = true;
+            ShowTokenEndpointAuthenticationMethods = true;
+            CustomEntries = new Dictionary<string, object>();
+        }
+    }
+}
diff --git a/source/Core/Configuration/Hosting/AutoFacConfig.cs b/source/Core/Configuration/Hosting/AutoFacConfig.cs
@@ -60,16 +60,26 @@ public static IContainer Configure(IdentityServerOptions options)
 
             builder.RegisterDefaultInstance<IConsentStore, InMemoryConsentStore>(fact.ConsentStore);
             builder.RegisterDefaultInstance<ICorsPolicyService, DefaultCorsPolicyService>(fact.CorsPolicyService);
-
+            
             builder.RegisterDefaultType<IClaimsProvider, DefaultClaimsProvider>(fact.ClaimsProvider);
             builder.RegisterDefaultType<ITokenService, DefaultTokenService>(fact.TokenService);
-            builder.RegisterDefaultType<IRefreshTokenService, DefaultRefreshTokenService>(fact.RefreshTokenService);
-            builder.RegisterDefaultType<ITokenSigningService, DefaultTokenSigningService>(fact.TokenSigningService);
+            builder.RegisterDefaultType<IRefreshTokenService, DefaultRefreshTokenService>(fact.RefreshTokenService);            
             builder.RegisterDefaultType<ICustomRequestValidator, DefaultCustomRequestValidator>(fact.CustomRequestValidator);
             builder.RegisterDefaultType<IExternalClaimsFilter, NopClaimsFilter>(fact.ExternalClaimsFilter);
             builder.RegisterDefaultType<ICustomTokenValidator, DefaultCustomTokenValidator>(fact.CustomTokenValidator);
             builder.RegisterDefaultType<IConsentService, DefaultConsentService>(fact.ConsentService);
 
+            // todo remove in next major version
+            if (fact.TokenSigningService != null)
+            {
+                builder.Register(fact.TokenSigningService);
+            }
+            else
+            {
+                builder.Register(new Registration<ITokenSigningService>(r => new DefaultTokenSigningService(r.Resolve<ISigningKeyService>())));
+            }
+
+            builder.RegisterDefaultType<ISigningKeyService, DefaultSigningKeyService>(fact.SigningKeyService);
             builder.RegisterDecoratorDefaultType<IEventService, EventServiceDecorator, DefaultEventService>(fact.EventService);
 
             builder.RegisterDefaultType<IRedirectUriValidator, DefaultRedirectUriValidator>(fact.RedirectUriValidator);
@@ -90,8 +100,9 @@ public static IContainer Configure(IdentityServerOptions options)
                 builder.RegisterType<NopCustomGrantValidator>().As<ICustomGrantValidator>();
             }
 
-            // register secret validation plumbing
-            builder.RegisterType<ClientSecretValidator>();
+            // register secret parsing/validation plumbing
+            builder.RegisterType<SecretValidator>();
+            builder.RegisterType<SecretParser>();
 
             foreach (var parser in fact.SecretParsers)
             {
@@ -136,13 +147,15 @@ public static IContainer Configure(IdentityServerOptions options)
             builder.RegisterType<TokenRevocationRequestValidator>();
             builder.RegisterType<IntrospectionRequestValidator>();
             builder.RegisterType<ScopeSecretValidator>();
+            builder.RegisterType<ClientSecretValidator>();
 
             // processors
             builder.RegisterType<TokenResponseGenerator>();
             builder.RegisterType<AuthorizeResponseGenerator>();
             builder.RegisterType<AuthorizeInteractionResponseGenerator>();
             builder.RegisterType<UserInfoResponseGenerator>();
             builder.RegisterType<EndSessionResponseGenerator>();
+            builder.RegisterType<IntrospectionResponseGenerator>();
 
             // for authentication
             var authenticationOptions = options.AuthenticationOptions ?? new AuthenticationOptions();

diff --git a/source/Core/Configuration/Hosting/ClientListCookie.cs b/source/Core/Configuration/Hosting/ClientListCookie.cs
@@ -17,7 +17,6 @@
 using IdentityServer3.Core.Extensions;
 using Microsoft.Owin;
 using Newtonsoft.Json;
-using Newtonsoft.Json.Linq;
 using System;
 using System.Collections.Generic;
 using System.Linq;

diff --git a/source/Core/Configuration/IdentityServerOptions.cs b/source/Core/Configuration/IdentityServerOptions.cs
@@ -45,6 +45,7 @@ public IdentityServerOptions()
             this.EventsOptions = new EventsOptions();
             this.EnableWelcomePage = true;
             this.InputLengthRestrictions = new InputLengthRestrictions();
+            this.DiscoveryOptions = new DiscoveryOptions();
         }
 
         internal void Validate()
@@ -141,6 +142,14 @@ internal void Validate()
         /// </value>
         public EndpointOptions Endpoints { get; set; }
 
+        /// <summary>
+        /// Gets or sets the discovery endpoint configuration.
+        /// </summary>
+        /// <value>
+        /// The discovery endpoint configuration.
+        /// </value>
+        public DiscoveryOptions DiscoveryOptions { get; set; }
+
         /// <summary>
         /// Gets or sets the authentication options.
         /// </summary>

diff --git a/source/Core/Configuration/IdentityServerServiceFactory.cs b/source/Core/Configuration/IdentityServerServiceFactory.cs
@@ -67,7 +67,7 @@ public IdentityServerServiceFactory()
             {
                 new Registration<ISecretParser, BasicAuthenticationSecretParser>(),
                 new Registration<ISecretParser, PostBodySecretParser>(),
-                new Registration<ISecretParser, X509CertificateSecretParser>(),
+                new Registration<ISecretParser, X509CertificateSecretParser>()
             };
 
             // register default secret validators
@@ -307,6 +307,14 @@ public void Register<T>(Registration<T> registration)
         /// </value>
         public Registration<ICorsPolicyService> CorsPolicyService { get; set; }
 
+        /// <summary>
+        /// Gets or sets the signing key service.
+        /// </summary>
+        /// <value>
+        /// The signing key service.
+        /// </value>
+        public Registration<ISigningKeyService> SigningKeyService { get; set; }
+
         internal void Validate()
         {
             if (UserService == null) LogAndStop("UserService not configured");
@@ -326,4 +334,4 @@ private void LogAndStop(string message)
             throw new InvalidOperationException(message);
         }
     }
-}
+}
diff --git a/source/Core/Configuration/InputLengthRestrictions.cs b/source/Core/Configuration/InputLengthRestrictions.cs
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
- 
+
 namespace IdentityServer3.Core.Configuration
 {
     /// <summary>

diff --git a/source/Core/Constants.cs b/source/Core/Constants.cs
@@ -81,6 +81,7 @@ public static class TokenRequest
             public const string ClientId     = "client_id";
             public const string ClientSecret = "client_secret";
             public const string ClientAssertion = "client_assertion";
+            public const string ClientAssertionType = "client_assertion_type";
             public const string Assertion    = "assertion";
             public const string Code         = "code";
             public const string RefreshToken = "refresh_token";
@@ -583,19 +584,22 @@ public static class ParsedSecretTypes
         {
             public const string SharedSecret = "SharedSecret";
             public const string X509Certificate = "X509Certificate";
+            public const string JwtBearer = "urn:ietf:params:oauth:grant-type:jwt-bearer";
         }
 
         public static class SecretTypes
         {
             public const string SharedSecret              = "SharedSecret";
             public const string X509CertificateThumbprint = "X509Thumbprint";
             public const string X509CertificateName       = "X509Name";
+            public const string X509CertificateBase64 = "X509CertificateBase64";
         }
 
         public static class TokenEndpointAuthenticationMethods
         {
             public const string PostBody = "client_secret_post";
             public const string BasicAuthentication = "client_secret_basic";
+            public const string PrivateKeyJwt = "private_key_jwt";
         }
 
         public static class RouteNames

diff --git a/source/Core/Core.csproj b/source/Core/Core.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>IdentityServer3.Core</RootNamespace>
     <AssemblyName>IdentityServer3</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.5.2</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <TargetFrameworkProfile />
   </PropertyGroup>
@@ -24,6 +24,7 @@
     <DocumentationFile>..\..\build\IdentityServer3.xml</DocumentationFile>
     <NoWarn>
     </NoWarn>
+    <LangVersion>5</LangVersion>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
     <DebugType>pdbonly</DebugType>
@@ -55,7 +56,7 @@
       <HintPath>..\packages\Autofac.WebApi2.3.4.0\lib\net45\Autofac.Integration.WebApi.dll</HintPath>
     </Reference>
     <Reference Include="IdentityModel.Net45, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
-      <HintPath>..\packages\IdentityModel.1.2.1\lib\net45\IdentityModel.Net45.dll</HintPath>
+      <HintPath>..\packages\IdentityModel.1.3.0\lib\net45\IdentityModel.Net45.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.CSharp" />
@@ -135,6 +136,7 @@
     <Compile Include="Configuration\AuthenticationSessionStoreWrapper.cs" />
     <Compile Include="Configuration\AuthenticationTicketModel.cs" />
     <Compile Include="Configuration\CookieSecureMode.cs" />
+    <Compile Include="Configuration\DiscoveryOptions.cs" />
     <Compile Include="Configuration\EventsOptions.cs" />
     <Compile Include="Configuration\Hosting\ClientListCookie.cs" />
     <Compile Include="Configuration\InputLengthRestrictions.cs" />
@@ -170,6 +172,7 @@
     <Compile Include="Extensions\IClientStoreExtensions.cs" />
     <Compile Include="Extensions\IContainerExtensions.cs" />
     <Compile Include="Extensions\IdentityServerOptionsExtensions.cs" />
+    <Compile Include="Extensions\JwtSecurityTokenExtensions.cs" />
     <Compile Include="Extensions\LoginPageLinkExtensions.cs" />
     <Compile Include="Extensions\OwinEnvironmentExtensions.cs" />
     <Compile Include="Extensions\X509Certificate2Extensions.cs" />
@@ -223,32 +226,41 @@
       <DesignTime>True</DesignTime>
       <DependentUpon>T4resx.tt</DependentUpon>
     </Compile>
+    <Compile Include="ResponseHandling\IntrospectionResponseGenerator.cs" />
     <Compile Include="Results\CheckSessionResult.cs" />
     <Compile Include="Results\RevocationErrorResult.cs" />
+    <Compile Include="Results\IntrospectionResult.cs" />
     <Compile Include="Results\WelcomeActionResult.cs" />
     <Compile Include="Services\Caching\CachingClientStore.cs" />
     <Compile Include="Services\Caching\CachingUserService.cs" />
     <Compile Include="Services\Caching\CachingScopeStore.cs" />
     <Compile Include="Services\DefaultViewService\DefaultViewServiceOptions.cs" />
     <Compile Include="Services\DefaultViewService\DefaultViewServiceRegistration.cs" />
+    <Compile Include="Services\Default\DefaultSigningKeyService.cs" />
     <Compile Include="Services\Default\DefaultTokenSigningService.cs" />
+    <Compile Include="Services\ISigningKeyService.cs" />
     <Compile Include="Validation\BasicAuthenticationSecretParser.cs" />
     <Compile Include="Validation\IntrospectionRequestValidationResult.cs" />
     <Compile Include="Validation\IntrospectionRequestValidator.cs" />
     <Compile Include="Validation\ScopeSecretValidationResult.cs" />
     <Compile Include="Validation\ScopeSecretValidator.cs" />
+    <Compile Include="Validation\ClientAssertionSecretParser.cs" />
     <Compile Include="Validation\ClientSecretValidator.cs" />
     <Compile Include="Services\Default\DefaultCache.cs" />
     <Compile Include="Services\Default\AutofacDependencyResolver.cs" />
     <Compile Include="Services\Default\DefaultCorsPolicyService.cs" />
     <Compile Include="Services\Default\DefaultCustomGrantValidator.cs" />
+    <Compile Include="Validation\EmbeddedCertificateJwtSecurityTokenHandler.cs" />
     <Compile Include="Validation\HashedSharedSecretValidator.cs" />
     <Compile Include="Services\Default\EventServiceDecorator.cs" />
     <Compile Include="Services\Default\DefaultLocalizationService.cs" />
     <Compile Include="Services\Default\DefaultRedirectUriValidator.cs" />
+    <Compile Include="Validation\PrivateKeyJwtSecretValidator.cs" />
     <Compile Include="Validation\PlainTextSharedSecretValidator.cs" />
     <Compile Include="Validation\PostBodySecretParser.cs" />
     <Compile Include="Services\Default\UserServiceBase.cs" />
+    <Compile Include="Validation\SecretParser.cs" />
+    <Compile Include="Validation\SecretValidator.cs" />
     <Compile Include="Validation\X509CertificateThumbprintSecretValidator.cs" />
     <Compile Include="Services\ICache.cs" />
     <Compile Include="Services\ICorsPolicyService.cs" />

diff --git a/source/Core/Endpoints/ClientPermissionsController.cs b/source/Core/Endpoints/ClientPermissionsController.cs
@@ -16,7 +16,6 @@
 
 using IdentityServer3.Core.Configuration;
 using IdentityServer3.Core.Configuration.Hosting;
-using IdentityServer3.Core.Events;
 using IdentityServer3.Core.Extensions;
 using IdentityServer3.Core.Logging;
 using IdentityServer3.Core.Models;