Merge pull request #23 from JoeShook/main

Develop Tiered OAuth: Full dynamic registration
udap-tools · Nov 3, 2023 · ada14f2 · ada14f2
2 parents 93db961 + 6f9d888
commit ada14f2
Show file tree

Hide file tree

Showing 116 changed files with 2,802 additions and 1,615 deletions.
diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "dotnet-ef": {
-      "version": "7.0.11",
+      "version": "7.0.13",
       "commands": [
         "dotnet-ef"
       ]

diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -4,12 +4,13 @@
   </PropertyGroup>
   <ItemGroup>
     <!-- https://learn.microsoft.com/en-us/nuget/concepts/package-versioning#version-ranges -->
+    <PackageVersion Include="Duende.IdentityServer.Storage" Version="6.3.5" />
     <PackageVersion Include="Google.Cloud.SecretManager.V1" Version="2.1.0" />
     <PackageVersion Include="Google.Cloud.Storage.V1" Version="4.6.0" />
-    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="[6.0.22,7.0.11]" />
+    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="[6.0.23,7.0.12]" />
     <PackageVersion Include="AspNetCoreRateLimit" Version="5.0.0" />
     <PackageVersion Include="Hl7.Fhir.Specification.R4B" Version="5.3.0" />
-    <PackageVersion Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="[6.0.22,7.0.11]" />
+    <PackageVersion Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="[6.0.23,7.0.13]" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="7.0.1" />
     <PackageVersion Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageVersion Include="MSTest.TestFramework" Version="3.1.1" />
@@ -21,17 +22,17 @@
     <PackageVersion Include="Duende.IdentityServer.EntityFramework.Storage" Version="6.3.5" />
     <PackageVersion Include="IdentityModel.AspNetCore.OAuth2Introspection" Version="6.2.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Mvc" Version="2.2.0" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="7.0.11" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="7.0.11" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.11" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="7.0.13" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="7.0.13" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.13" />
     <PackageVersion Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="7.0.11" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="7.0.13" />
     <PackageVersion Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="[6.0.0,7.0.0]" />
     <PackageVersion Include="Microsoft.Extensions.Configuration" Version="7.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="[6.0.0,7.0.1]" />
     <PackageVersion Include="Microsoft.Extensions.Options" Version="7.0.1" />
     <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="7.0.0" />
-    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.2" />
+    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
     <PackageVersion Include="Microsoft.IdentityModel.Tokens" Version="[6.10.0,6.30.0]" />
     <PackageVersion Include="OpenTelemetry" Version="1.6.0" />
     <PackageVersion Include="OpenTelemetry.Exporter.Console" Version="1.6.0" />
@@ -43,6 +44,6 @@
     <PackageVersion Include="Serilog.AspNetCore" Version="[6.1.0,7.0.0]" />
     <PackageVersion Include="Serilog.Extensions.Logging" Version="[3.1.0,7.0.0]" />
     <PackageVersion Include="Portable.BouncyCastle" Version="1.9.0" />
-    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="7.0.2" />
+    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="7.0.3" />
   </ItemGroup>
 </Project>
diff --git a/Udap.Client/Client/Extensions/HttpClientTokenRequestExtensions.cs b/Udap.Client/Client/Extensions/HttpClientTokenRequestExtensions.cs
@@ -110,12 +110,12 @@ internal static async Task<TokenResponse> RequestTokenAsync(this HttpMessageInvo
     /// </summary>
     /// <param name="client">The client.</param>
     /// <param name="request">The request.</param>
-    /// <param name="tokenRequest">The cancellation token.</param>
+    /// <param name="cancellationToken">The cancellation token.</param>
     /// <returns><see cref="OAuthTokenResponse"/></returns>
     public static async Task<OAuthTokenResponse> ExchangeCodeForAuthTokenResponse(
         this HttpMessageInvoker client, 
         AuthorizationCodeTokenRequest request, 
-        CancellationToken tokenRequest = default)
+        CancellationToken cancellationToken = default)
     {
         var clone = request.Clone();
 
@@ -136,9 +136,9 @@ public static async Task<OAuthTokenResponse> ExchangeCodeForAuthTokenResponse(
         clone.Prepare();
         clone.Method = HttpMethod.Post;
 
-        var response = await client.SendAsync(clone, tokenRequest);
+        var response = await client.SendAsync(clone, cancellationToken);
 
-        var body = await response.Content.ReadAsStringAsync(tokenRequest);
+        var body = await response.Content.ReadAsStringAsync(cancellationToken);
 
         return response.IsSuccessStatusCode switch
         {

diff --git a/Udap.Client/Client/IUdapClient.cs b/Udap.Client/Client/IUdapClient.cs
@@ -25,21 +25,24 @@ public interface IUdapClient : IUdapClientEvents
     Task<UdapDiscoveryDocumentResponse> ValidateResource(
         string baseUrl,
         string? community = null,
-        DiscoveryPolicy? discoveryPolicy = null);
+        DiscoveryPolicy? discoveryPolicy = null,
+        CancellationToken token = default);
 
     Task<UdapDiscoveryDocumentResponse> ValidateResource(
         string baseUrl,
         ITrustAnchorStore? trustAnchorStore,
         string? community = null,
-        DiscoveryPolicy? discoveryPolicy = null);
+        DiscoveryPolicy? discoveryPolicy = null,
+        CancellationToken token = default);
 
     UdapMetadata? UdapDynamicClientRegistrationDocument { get; set; }
     UdapMetadata? UdapServerMetaData { get; set; }
 
-        
+
     /// <summary>
     /// Register a TieredClient in the Authorization Server.
-    /// Currently it is not SAN and Community aware.  It picks the first SAN.
+    /// Currently it is not SAN aware.  It picks the first SAN.
+    /// To pick a different community the client can add a community query parameter to the .
     /// </summary>
     /// <param name="redirectUrl"></param>
     /// <param name="certificates"></param>
@@ -51,7 +54,79 @@ Task<UdapDynamicClientRegistrationDocument> RegisterTieredClient(string redirect
         string scopes,
         CancellationToken token = default);
 
+    /// <summary>
+    /// Register a UdapClient in the Authorization Server with authorization_code flow.
+    /// </summary>
+    /// <param name="certificates"></param>
+    /// <param name="scopes"></param>
+    /// <param name="logo"></param>
+    /// <param name="redirectUrl"></param>
+    /// <param name="issuer">If issuer is supplied it will match try to match to a valid URI based subject alternative name from the X509Certificate</param>
+    /// <param name="token"></param>
+    /// <returns></returns>
+    Task<UdapDynamicClientRegistrationDocument> RegisterAuthCodeClient(
+        IEnumerable<X509Certificate2> certificates,
+        string scopes,
+        string logo,
+        ICollection<string> redirectUrl,
+        string? issuer = null, 
+        CancellationToken token = default);
+
+    /// <summary>
+    /// Register a UdapClient in the Authorization Server with authorization_code flow.
+    /// </summary>
+    /// <param name="certificate"></param>
+    /// <param name="scopes"></param>
+    /// <param name="logo">optional</param>
+    /// <param name="redirectUrl"></param>
+    /// <param name="issuer">If issuer is supplied it will match try to match to a valid URI based subject alternative name from the X509Certificate</param>
+    /// <param name="token"></param>
+    /// <returns></returns>
+    Task<UdapDynamicClientRegistrationDocument> RegisterAuthCodeClient(
+        X509Certificate2 certificate,
+        string scopes,
+        string logo,
+        ICollection<string> redirectUrl,
+        string? issuer = null,
+        CancellationToken token = default);
+
+    /// <summary>
+    /// Register a UdapClient in the Authorization Server with client_credentials flow.
+    /// </summary>
+    /// <param name="certificates"></param>
+    /// <param name="scopes"></param>
+    /// <param name="logo"></param>
+    /// <param name="issuer">If issuer is supplied it will match try to match to a valid URI based subject alternative name from the X509Certificate</param>
+    /// <param name="token"></param>
+    /// <returns></returns>
+    Task<UdapDynamicClientRegistrationDocument> RegisterClientCredentialsClient(
+        IEnumerable<X509Certificate2> certificates,
+        string scopes,
+        string? issuer = null,
+        string? logo = null,
+        CancellationToken token = default);
+
+    /// <summary>
+    /// Register a UdapClient in the Authorization Server with client_credentials flow.
+    /// </summary>
+    /// <param name="certificate"></param>
+    /// <param name="scopes"></param>
+    /// <param name="logo">optional</param>
+    /// <param name="issuer">If issuer is supplied it will match try to match to a valid URI based subject alternative name from the X509Certificate</param>
+    /// <param name="token"></param>
+    /// <returns></returns>
+    Task<UdapDynamicClientRegistrationDocument> RegisterClientCredentialsClient(
+        X509Certificate2 certificate,
+        string scopes,
+        string? issuer = null,
+        string? logo = null,
+        CancellationToken token = default);
+
+    Task<TokenResponse> ExchangeCodeForTokenResponse(UdapAuthorizationCodeTokenRequest tokenRequest, CancellationToken token = default);
+
     Task<OAuthTokenResponse> ExchangeCodeForAuthTokenResponse(UdapAuthorizationCodeTokenRequest tokenRequest, CancellationToken token = default);
 
     Task<IEnumerable<SecurityKey>?> ResolveJwtKeys(DiscoveryDocumentRequest? request = null, CancellationToken cancellationToken = default);
+
+    Task<DiscoveryDocumentResponse?> ResolveOpenIdConfig(DiscoveryDocumentRequest? request = null, CancellationToken cancellationToken = default);
 }