Review1 changes (#2694)

* Add built-in support for Confirmation (cnf) (#2440)

* add confirmation object to pipeline

* Add test validator

* fixing NRE

* Switching to string for cnf

* move test validator to test project

* revert client config change

* add try/catch in JSON logic

* added notes that CNF string must be a JSON object

* added test

* Move default payload creation to extension method - closes #2299

* Update README.md

* Scrub id_token_hint from authorize logs

* use constant instead of string

* add refresh_token to scrub list in token request logger

* move is4.csproj to top-level src folder, move host

* fix XML comment

* updating for july

* update ignore

* rework to use IdentityServerUser

* rework folder names

* rework using new storage abstractions

* remove cors service

* make EndSession public #2469

* add null check when unprotecting data #2504

* use GetIdentityServerBasePath instead of Request.PathBase #2446

* reorg default impls and interfaces for consistency

* nuget updates in test projects

* Documentation: Added claimsaction to map website claim (#1) (#2377)

* Make AddScriptCspHeaders and AddStyleCspHeaders public #2513

* Add more strict cache control headers when softer headers are already added by HttpContext.SignInAsync #2514

* add better/more error descriptions to authorize response validator #2218 (#2515)

* add invalid uri scheme validation (#2506)

* add invalid uri scheme validation

* move uri redirect uri prefix validation to client configuration validator

* add option to explicitly configure the cookie auth scheme for interactive users #2489 (#2516)

* Add parameters to IntrospectionRequestValidationResult - #2388 (#2512)

* Update refresh_tokens.rst (#2316)

Adapt text to indicate refresh tokens still expire according to the sliding refresh token timeline.

* "update"

* fix validation bug on config; better config logs for authN schemes

* Remove unused ctor (#2524)

* enable default client validator by default (#2525)

* Fixes 404 (#2527)

* CorsService doesn't handle null for origin #2523

* DistributedCacheStateDataFormatter should handle failed Unprotect workflows #2533

* 2.3.0-preview1

* resolve login/logout url, et al from named options (#2540)

* resolve login/logout url, et al from named options #2532

* log effective login, et al. paths

* preview1-update1

* bug in consent when user denies

* add Securing Angular Apps with OpenID and OAuth2

* Migrate tests to new IdentityModel style (1)

* Migrate tests to new IdentityModel style (2)

* Migrate tests to new IdentityModel style (3)

* Migrate tests to new IdentityModel style (4)

* remove unused handler

* Migrate tests to new IdentityModel style (5)

* Migrate tests to new IdentityModel style (6)

* Finished integration clients with new idm style

* added SO CC-BY-SA info and links

* Renamed Client -> BackChannelClient

* Update client authentication tests

* Migrated PKCE tests

* Migrated introspection tests

* Migrated revocation tests

* Found missing introspection test

* Migrated DiscoveryEndpointTests

* Merge fixes

* Matched PR to new IdentityServer project structure

* Switched to new device flow store

* Moved in-memory device flow store to singleton

* 6_aspnet_identity.rst (#2570)

Incorrectly states "which replaces the call to UseIdentity" instead of "which replaces the call to UseAuthentication".

* Added DeviceFlowCodeService to handle hashing codes and handle generation

* update preview version

* add new dotnet tool based build script

* Add alternative dotnet tool based build file for bash

* update bash

* update ignore file

* switch to new cake (#2593)

* august sponsor update

* Add strong name (#2597)

* add strong name

* update references to strongly named packages

* updated ignore

* Create jwk document when signing with JsonWebKey (#2604)

* Update introspection.rst (#2606)

Was referring to scope secrets. Reused sentence from https://github.com/IdentityServer/IdentityServer4/blob/release/docs/topics/reference_tokens.rst

* Update secrets.rst (#2611)

* add issue templates

* Update issue templates

* Update Feature_request.md

* Delete feature_request.md

* Delete bug_report.md

* Update Bug_report.md

* add NoBuild to build file

* fix build - again

* Create SECURITY.MD

* update to new build/versioning

* update bash script

* update bash script

* Switched validator to use code service instead of store

* recursion ftw

* Initial working device flow consent

* Changing cake file to skip versioning on non-Windows (#2637)

Changing cake file to skip versioning on non-Windows

* update bash script

* remove hard-coded versions

* disable source link support because of problems with msbuild task

* Update to new IdM docs

* update endpoint docs to use new IdentityModel style

* fix links

* change color coding style

* update from september

* update to IdentityModel 3.10

* add source link back

* Make some internal types public to facilitate custom service implementations (#2545)

* Make TokenCreationRequest.Validate() public so it can be invoked by custom impl of ITokenService

* Make ClientExtensions public so they can be reused by custom IClientSecretValidator impl

* move AccessTokenAudience to public constants for reuse in custom ITokenService impl

* Change: Made DefaultUserSession.AuthenticateAsync overrideable so that (#2607)

it will be easier to support user impersonation.

* Corrected value for parsed secret type (#2658)

* update csproj

* update csproj

* disable same-site for external cookie #2595

* remove redundant call  #2582

* make EndSessionRequestValidator public #2560

* set cookies to IsEssential #2554

* nuget update

* code comments

* support idp:local as idp hint #2641

* add logic to enfore client's user sso lifetime #2609

* Fixed access denied logic. Made use of new IdentityModel constants

* Reviewed TODOs

* Moved user code generator to correct folder

* Basic retry policy for response generator. Updated some comments and class name

* Added retry limit handling

* Update unpredictable test

* More IdentityModel constants

* Redacted device code from logging

* Updated IdentityServer4.Storage

* Thread safety for InMemoryDeviceFlowStore

* Ctrl+Shift+D

.github/ISSUE_TEMPLATE.md → .github/ISSUE_TEMPLATE/Bug_report.md

@@ -1,3 +1,9 @@
+---
+name: Bug report
+about: Create a report to help us improve
+
+---
+
 Please only use the issue tracker for bug reports and/or feature requests. For general security questions, or free or commercial support options do __not__ use the issue tracker and instead see [here](https://identityserver4.readthedocs.io/en/release/intro/support.html) for more details.
 
 For bug reports,  include the relevant log files related to your issue. See here how to enable [logging](https://identityserver4.readthedocs.io/en/release/topics/logging.html). Delete this line once you have.

.github/ISSUE_TEMPLATE/Feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.gitignore

@@ -1,6 +1,7 @@
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
 
+
 # User-specific files
 *.suo
 *.user
@@ -25,7 +26,7 @@ bld/
 # Visual Studio 2015 cache/options directory
 .vs/
 project.lock.json
-nuget.exe
+
 
 # MSTest test Results
 [Tt]est[Rr]esult*/
@@ -198,11 +199,15 @@ FakesAssemblies/
 docs/_build/
 
 # Cake Build Related
-tools/Cake/
-tools/packages.config.md5sum
+tools/
+.dotnet
+
+# Rider
 .idea
 
 # Visual Studio Code workspace options
 .vscode
+
+# IdentityServer temp files
 identityserver4_log.txt
-tempkey.rsa
+tempkey.rsa

GitVersion.yml

@@ -0,0 +1,8 @@
+mode: ContinuousDelivery
+branches:
+  master:
+    increment: none
+  develop:
+    tag: 'dev'
+ignore:
+  sha: []

IdentityServer4.sln

@@ -14,9 +14,9 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{45C22EDD-91B1-4AEF-8620-77F4E3E7C544}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "IdentityServer4", "src\IdentityServer4\IdentityServer4.csproj", "{407C030E-60E6-41F7-AF43-0AC48EDCC17D}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "IdentityServer4", "src\IdentityServer4.csproj", "{407C030E-60E6-41F7-AF43-0AC48EDCC17D}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Host", "src\Host\Host.csproj", "{784B3C88-30FA-415D-B99E-584063064508}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Host", "host\Host.csproj", "{784B3C88-30FA-415D-B99E-584063064508}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "IdentityServer.UnitTests", "test\IdentityServer.UnitTests\IdentityServer.UnitTests.csproj", "{4291820C-735F-4776-8BC4-6527433BC683}"
 EndProject

README.md

@@ -16,6 +16,7 @@ IdentityServer4 consists of multiple repositories (in addition to this repositor
 * [Quickstart UI](https://github.com/IdentityServer/IdentityServer4.Quickstart.UI)
 * [ASP.NET Identity integration](https://github.com/IdentityServer/IdentityServer4.AspNetIdentity)
 * [EntityFramework integration](https://github.com/IdentityServer/IdentityServer4.EntityFramework)
+* [Templates](https://github.com/IdentityServer/IdentityServer4.Templates)
 
 If you encounter issues or find bugs, please open an issue in this repo here first.
 
@@ -46,6 +47,8 @@ Auth0 is an easy to implement authentication and identity management SaaS based
 
 [Thinktecture AG](https://www.thinktecture.com)  
 [Ritter Insurance Marketing](https://www.ritterim.com)  
+[Alcidion Corporation](https://www.alcidion.com)  
+[Intuit](https://www.intuit.com)  
 
 You can see a list of our current sponsors [here](https://github.com/IdentityServer/IdentityServer4/blob/release/SPONSORS.md) - and for companies we have some nice advertisement options as well.
 

SECURITY.MD

@@ -0,0 +1,7 @@
+# Reporting Security Issues
+
+If you discover a security issue in IdentityServer, please report it by sending an email to [email protected]
+
+This will allow us to assess the risk, and make a fix available before we add a bug report to the GitHub repository.
+
+Thanks!

SPONSORS.md

@@ -11,11 +11,13 @@ We thank those who [support](https://www.patreon.com/identityserver) IdentitySer
 ### Gold
 
 [Thinktecture AG](https://www.thinktecture.com)   ([@Thinktecture](https://twitter.com/thinktecture))  
-[Ritter Insurance Marketing](https://www.ritterim.com) ([@RitterIM](https://twitter.com/ritterim))
+[Ritter Insurance Marketing](https://www.ritterim.com) ([@RitterIM](https://twitter.com/ritterim))   
+[Alcidion Corporation](https://www.alcidion.com) ([@Alcidion](https://twitter.com/alcidion))  
+[Intuit](https://www.intuit.com) ([@IntuitDev](https://twitter.com/IntuitDev))  
+
 
 ### Silver
 
-Green Elephant IT Consulting ([@Schwamster](https://twitter.com/Schwamster))  
 Jacobus Roos  
 Tomer Dvir  
 Steinar	Noem  
@@ -39,7 +41,6 @@ James Roberts
 Chris Simmons ([@netchrisdotcom](https://twitter.com/netchrisdotcom))  
 Shawn Wildermuth  
 Thomas C  
-黃嘉華  
 David Christiansen ([@dotnetopenauth](https://twitter.com/dotnetopenauth))  
 Christian Riedl  
 Ben	Cull  
@@ -58,3 +59,9 @@ Clinton Rocksmith
 Giuseppe Turitto  
 Mauricio Schneider  
 Norman L Covington  
+Henning Støverud  ([@henningst](https://twitter.com/henningst))  
+Ryan Mendoza  ([@elryry](https://twitter.com/elryry))  
+Colin Blair  
+Erik Gulbrandsen  
+Olga Klimova  
+Alexandru Puiu  

build.cake

@@ -1,15 +1,92 @@
+#tool "nuget:https://api.nuget.org/v3/index.json?package=GitVersion.CommandLine"
+
 var target          = Argument("target", "Default");
 var configuration   = Argument<string>("configuration", "Release");
 
+// call e.g. .\build.ps1 --release=1.0.0 --pre=beta1
+// call e.g. .\build.ps1 --release=1.0.0
+ var versionOverride = Argument<string>("release", "");
+ var suffixOverride = Argument<string>("pre", "");
+
 ///////////////////////////////////////////////////////////////////////////////
 // GLOBAL VARIABLES
 ///////////////////////////////////////////////////////////////////////////////
-var packPath            = Directory("./src/IdentityServer4");
-var buildArtifacts      = Directory("./artifacts/packages");
+var packPath            = Directory("./src");
+var buildArtifacts      = Directory("./artifacts");
 
 var isAppVeyor          = AppVeyor.IsRunningOnAppVeyor;
+var isVsts              = TFBuild.IsRunningOnVSTS;
 var isWindows           = IsRunningOnWindows();
 
+DotNetCoreMSBuildSettings msBuildSettings;
+VersionInfo versions;
+
+///////////////////////////////////////////////////////////////////////////////
+// Setup
+///////////////////////////////////////////////////////////////////////////////
+class VersionInfo
+{
+    public string AssemblyVersion { get; set; }
+    public string VersionSuffix { get; set; }
+    public string FileVersion { get; set; }
+    public string InformationalVersion { get; set; }
+    public string BranchName { get; set; }
+    public string PreReleaseLabel { get; set; }
+}
+
+Setup(context =>
+{
+    // only calculate versions if on Windows
+    // due to problems with GitVersion in the current setup - but also since Windows is our release platform anyways
+    if (isWindows)
+    {
+        var gitVersions = Context.GitVersion();
+
+        versions = new VersionInfo
+        {
+            InformationalVersion = gitVersions.InformationalVersion,
+            BranchName = gitVersions.BranchName,
+            PreReleaseLabel = gitVersions.PreReleaseLabel
+        };
+
+        // explicit version has been passed in as argument
+        if (!string.IsNullOrEmpty(versionOverride))
+        {
+            versions.AssemblyVersion = versionOverride;
+            versions.FileVersion = versionOverride;
+
+            if (!string.IsNullOrEmpty(suffixOverride))
+            {
+                versions.VersionSuffix = suffixOverride;
+            }
+        }
+        else
+        {
+            versions.AssemblyVersion = gitVersions.AssemblySemVer;
+            versions.FileVersion = gitVersions.AssemblySemVer;
+
+            if (!string.IsNullOrEmpty(versions.PreReleaseLabel))
+            {
+                versions.VersionSuffix = gitVersions.PreReleaseLabel + gitVersions.CommitsSinceVersionSourcePadded;      
+            }
+
+        }
+
+        Information("branch            : " + versions.BranchName);
+        Information("pre-release label : " + versions.PreReleaseLabel);
+        Information("version           : " + versions.AssemblyVersion);
+        Information("version suffix    : " + versions.VersionSuffix);
+        Information("informational     : " + versions.InformationalVersion);
+
+        msBuildSettings = GetMSBuildSettings();
+    }
+    else
+    {
+        Information("Skipping version calculation because not on Windows.");
+        msBuildSettings = null;
+    }
+});
+
 ///////////////////////////////////////////////////////////////////////////////
 // Clean
 ///////////////////////////////////////////////////////////////////////////////
@@ -28,15 +105,27 @@ Task("Build")
 {
     var settings = new DotNetCoreBuildSettings 
     {
-        Configuration = configuration
+        Configuration = configuration,
+        MSBuildSettings = msBuildSettings
     };
 
     var projects = GetFiles("./src/**/*.csproj");
-
     foreach(var project in projects)
 	{
 	    DotNetCoreBuild(project.GetDirectory().FullPath, settings);
     }
+
+    if (!isWindows)
+    {
+        Information("Not running on Windows - skipping building tests for .NET Framework");
+        settings.Framework = "netcoreapp2.1";
+    }
+
+    var tests = GetFiles("./test/**/*.csproj");
+    foreach(var test in tests)
+	{
+	    DotNetCoreBuild(test.GetDirectory().FullPath, settings);
+    }
 });
 
 ///////////////////////////////////////////////////////////////////////////////
@@ -49,7 +138,8 @@ Task("Test")
 {
     var settings = new DotNetCoreTestSettings
     {
-        Configuration = configuration
+        Configuration = configuration,
+        NoBuild = true
     };
 
     if (!isWindows)
@@ -73,22 +163,58 @@ Task("Pack")
     .IsDependentOn("Build")
     .Does(() =>
 {
+    if (SkipPack()) return;
+
     var settings = new DotNetCorePackSettings
     {
         Configuration = configuration,
-        OutputDirectory = buildArtifacts,
-        ArgumentCustomization = args => args.Append("--include-symbols")
+        MSBuildSettings = msBuildSettings,
+        OutputDirectory = buildArtifacts + Directory("packages"),
+        NoBuild = true
     };
 
-    // add build suffix for CI builds
-    if(isAppVeyor)
+    DotNetCorePack(packPath, settings);
+});
+
+private bool SkipPack()
+{
+    if (!isWindows)
     {
-        settings.VersionSuffix = "build" + AppVeyor.Environment.Build.Number.ToString().PadLeft(5,'0');
+        Information("Skipping pack because not on Windows.");
+        return true;
+    }
+
+    if (String.IsNullOrEmpty(versions.PreReleaseLabel) && versions.BranchName != "master") 
+    {
+        Information("Skipping pack of release version, because not on master.");
+        return true;
     }
 
-    DotNetCorePack(packPath, settings);
-});
+    if (versions.PreReleaseLabel == "PullRequest")
+    {
+        Information("Skipping pack for pull requests.");
+        return true;
+    }
+
+    return false;
+}
+
+private DotNetCoreMSBuildSettings GetMSBuildSettings()
+{
+    var settings = new DotNetCoreMSBuildSettings();
+
+    settings.WithProperty("AssemblyVersion", versions.AssemblyVersion);
+    settings.WithProperty("VersionPrefix", versions.AssemblyVersion);
+    settings.WithProperty("FileVersion", versions.FileVersion);
+    settings.WithProperty("InformationalVersion", versions.InformationalVersion);
+
+    if (!String.IsNullOrEmpty(versions.VersionSuffix))
+    {
+        settings.WithProperty("VersionSuffix", versions.VersionSuffix);
+    }
 
+    return settings;
+}
 
 Task("Default")
   .IsDependentOn("Build")