-
Notifications
You must be signed in to change notification settings - Fork 4k
Review1 changes #2694
Review1 changes #2694
Conversation
* add confirmation object to pipeline * Add test validator * fixing NRE * Switching to string for cnf * move test validator to test project * revert client config change * add try/catch in JSON logic * added notes that CNF string must be a JSON object * added test
… added by HttpContext.SignInAsync IdentityServer#2514
* add invalid uri scheme validation * move uri redirect uri prefix validation to client configuration validator
Adapt text to indicate refresh tokens still expire according to the sliding refresh token timeline.
This PR looks a bit extreme. Did I do something dumb? |
@leastprivilege could you merge dev into the device-flow branch? I should be able to do a clean PR then |
I tried - getting a merge conflict...maybe you do that yourself ;) |
Okay, I tried a fresh PR of just the merge and the fixes. It's the merge which is causing the crazy commit length. I think merging this is fine. |
I merged the store -- so perhaps update here to use the latest nuget from the dev feed. Let me know when this massive thing is ready to merge. Thanks :) |
You're a massive thing... |
I think GitHub is not the right place for humour. |
Okay, that's all the changes for the core repo done. The solution for the thread safety of the InMemoryDeviceFlowStore was to just "put a lock around it". I've addressed the possibility for user code collisions using a retry policy and scrubbed the device code from the logs. |
I'd add another TODO: Add code comments for every |
sorted |
ok, here goes.... |
whew, looks like it worked. |
oh wait -- this wasn't into dev... so where should or do we want this merged? |
It’s gone to #2284. That’ll need merging into dev |
Yea, well, that has conflicts now. |
* Add constants for device flow grant type * add constants, endpoint options and discovery * Add device flow authorize request validator (#2306) * Added models and interfaces for device authorization request validator * Added device authorization request validator * Validator tests (#2391) * Switched to underscores... * Reworked Device Authoirzation Request Validator to be more inline with Authorization Request Validator * Added tests for device authorization request validator * Added client secret to device flow test client * Response generator & tests (#2395) * Added user code generation * Added device flow options * Initial implementation of device authorization response generator & stores * Started response generator unit tests * Completed device authorization response generator tests * Store tests * Device Flow Authorization Endpoint (#2403) * Started device authorization endpoint * Made scope parameter optional * Device authorization endpoint tests. Added events. Added default interval * Device Flow Response Validator (#2422) * Initial device code validation * Device code token request tests * Initial throttling service. TODO: tests & IDistributedCache dependency * Added dependency for IDistributedCache. Improved tests * Throttling service tests and fixes * Added device code grant to TokenResponseGenerator * Initial working device flow end to end (#2449) * Review1 changes (#2694) * Add built-in support for Confirmation (cnf) (#2440) * add confirmation object to pipeline * Add test validator * fixing NRE * Switching to string for cnf * move test validator to test project * revert client config change * add try/catch in JSON logic * added notes that CNF string must be a JSON object * added test * Move default payload creation to extension method - closes #2299 * Update README.md * Scrub id_token_hint from authorize logs * use constant instead of string * add refresh_token to scrub list in token request logger * move is4.csproj to top-level src folder, move host * fix XML comment * updating for july * update ignore * rework to use IdentityServerUser * rework folder names * rework using new storage abstractions * remove cors service * make EndSession public #2469 * add null check when unprotecting data #2504 * use GetIdentityServerBasePath instead of Request.PathBase #2446 * reorg default impls and interfaces for consistency * nuget updates in test projects * Documentation: Added claimsaction to map website claim (#1) (#2377) * Make AddScriptCspHeaders and AddStyleCspHeaders public #2513 * Add more strict cache control headers when softer headers are already added by HttpContext.SignInAsync #2514 * add better/more error descriptions to authorize response validator #2218 (#2515) * add invalid uri scheme validation (#2506) * add invalid uri scheme validation * move uri redirect uri prefix validation to client configuration validator * add option to explicitly configure the cookie auth scheme for interactive users #2489 (#2516) * Add parameters to IntrospectionRequestValidationResult - #2388 (#2512) * Update refresh_tokens.rst (#2316) Adapt text to indicate refresh tokens still expire according to the sliding refresh token timeline. * "update" * fix validation bug on config; better config logs for authN schemes * Remove unused ctor (#2524) * enable default client validator by default (#2525) * Fixes 404 (#2527) * CorsService doesn't handle null for origin #2523 * DistributedCacheStateDataFormatter should handle failed Unprotect workflows #2533 * 2.3.0-preview1 * resolve login/logout url, et al from named options (#2540) * resolve login/logout url, et al from named options #2532 * log effective login, et al. paths * preview1-update1 * bug in consent when user denies * add Securing Angular Apps with OpenID and OAuth2 * Migrate tests to new IdentityModel style (1) * Migrate tests to new IdentityModel style (2) * Migrate tests to new IdentityModel style (3) * Migrate tests to new IdentityModel style (4) * remove unused handler * Migrate tests to new IdentityModel style (5) * Migrate tests to new IdentityModel style (6) * Finished integration clients with new idm style * added SO CC-BY-SA info and links * Renamed Client -> BackChannelClient * Update client authentication tests * Migrated PKCE tests * Migrated introspection tests * Migrated revocation tests * Found missing introspection test * Migrated DiscoveryEndpointTests * Merge fixes * Matched PR to new IdentityServer project structure * Switched to new device flow store * Moved in-memory device flow store to singleton * 6_aspnet_identity.rst (#2570) Incorrectly states "which replaces the call to UseIdentity" instead of "which replaces the call to UseAuthentication". * Added DeviceFlowCodeService to handle hashing codes and handle generation * update preview version * add new dotnet tool based build script * Add alternative dotnet tool based build file for bash * update bash * update ignore file * switch to new cake (#2593) * august sponsor update * Add strong name (#2597) * add strong name * update references to strongly named packages * updated ignore * Create jwk document when signing with JsonWebKey (#2604) * Update introspection.rst (#2606) Was referring to scope secrets. Reused sentence from https://github.com/IdentityServer/IdentityServer4/blob/release/docs/topics/reference_tokens.rst * Update secrets.rst (#2611) * add issue templates * Update issue templates * Update Feature_request.md * Delete feature_request.md * Delete bug_report.md * Update Bug_report.md * add NoBuild to build file * fix build - again * Create SECURITY.MD * update to new build/versioning * update bash script * update bash script * Switched validator to use code service instead of store * recursion ftw * Initial working device flow consent * Changing cake file to skip versioning on non-Windows (#2637) Changing cake file to skip versioning on non-Windows * update bash script * remove hard-coded versions * disable source link support because of problems with msbuild task * Update to new IdM docs * update endpoint docs to use new IdentityModel style * fix links * change color coding style * update from september * update to IdentityModel 3.10 * add source link back * Make some internal types public to facilitate custom service implementations (#2545) * Make TokenCreationRequest.Validate() public so it can be invoked by custom impl of ITokenService * Make ClientExtensions public so they can be reused by custom IClientSecretValidator impl * move AccessTokenAudience to public constants for reuse in custom ITokenService impl * Change: Made DefaultUserSession.AuthenticateAsync overrideable so that (#2607) it will be easier to support user impersonation. * Corrected value for parsed secret type (#2658) * update csproj * update csproj * disable same-site for external cookie #2595 * remove redundant call #2582 * make EndSessionRequestValidator public #2560 * set cookies to IsEssential #2554 * nuget update * code comments * support idp:local as idp hint #2641 * add logic to enfore client's user sso lifetime #2609 * Fixed access denied logic. Made use of new IdentityModel constants * Reviewed TODOs * Moved user code generator to correct folder * Basic retry policy for response generator. Updated some comments and class name * Added retry limit handling * Update unpredictable test * More IdentityModel constants * Redacted device code from logging * Updated IdentityServer4.Storage * Thread safety for InMemoryDeviceFlowStore * Ctrl+Shift+D * Merge fixes * Cake merge fixes
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Device flow changes after initial review.
Complete:
IDeviceCodeStore
)IDeviceCodeService
)TODO:
InMemoryDeviceFlowStore