Consent and logo

.config/dotnet-tools.json

@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "dotnet-ef": {
-      "version": "8.0.2",
+      "version": "8.0.4",
       "commands": [
         "dotnet-ef"
       ]

.gitignore

@@ -223,3 +223,4 @@ examples/clients/UdapEd/Client/wwwroot/temp/MudBlazor.min.js
 examples/clients/UdapEd/Client/wwwroot/temp/MudBlazor.min.css
 .tye/docker_store
 /examples/Udap.Proxy.Server/CertStore/issued/fhirLabsApiClientLocalhostCert.pfx
+/examples/Udap.Proxy.Server/CertStore/issued/gfhirlabs.healthcare.client.pfx

Directory.Packages.props

@@ -12,21 +12,22 @@
     <PackageVersion Include="Hl7.Fhir.Specification.R4B" Version="5.3.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.2" />
     <PackageVersion Include="Microsoft.AspNetCore.DataProtection.Abstractions" Version="8.0.2" />
-    <PackageVersion Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="8.0.3" />
+    <PackageVersion Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="8.0.4" />
     <PackageVersion Include="Microsoft.Extensions.Hosting.Abstractions" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
-    <PackageVersion Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.4.1" />
+    <PackageVersion Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.5.1" />
+    <PackageVersion Include="Microsoft.IdentityModel.Tokens" Version="7.5.1" />
     <PackageVersion Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageVersion Include="MSTest.TestFramework" Version="3.1.1" />
-    <PackageVersion Include="IdentityModel" Version="6.2.0" />
-    <PackageVersion Include="System.Text.Json" Version="[6.0.7,7.0.3]" />
+    <PackageVersion Include="IdentityModel" Version="7.0.0" />
+    <!-- <PackageVersion Include="System.Text.Json" Version="[6.0.7,8.0.3]" /> -->
     <PackageVersion Include="AutoMapper" Version="13.0.1" />
-    <PackageVersion Include="Duende.IdentityServer" Version="7.0.3" />
-    <PackageVersion Include="Duende.IdentityServer.AspNetIdentity" Version="7.0.3" />
-    <PackageVersion Include="Duende.IdentityServer.EntityFramework.Storage" Version="7.0.3" />
+    <PackageVersion Include="Duende.IdentityServer" Version="7.0.4" />
+    <PackageVersion Include="Duende.IdentityServer.AspNetIdentity" Version="7.0.4" />
+    <PackageVersion Include="Duende.IdentityServer.EntityFramework.Storage" Version="7.0.4" />
     <PackageVersion Include="IdentityModel.AspNetCore.OAuth2Introspection" Version="6.2.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Mvc" Version="2.2.0" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="8.0.3" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="8.0.4" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="[7.0.13,8.0.1]" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="[7.0.13,8.0.0]" />
     <PackageVersion Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
@@ -36,8 +37,7 @@
     <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="[6.0.0,7.0.1]" />
     <PackageVersion Include="Microsoft.Extensions.Options" Version="8.0.2" />
     <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
-    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.5.0" />
-    <PackageVersion Include="Microsoft.IdentityModel.Tokens" Version="[6.10.0,6.30.0]" />
+    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.5.1" />
     <PackageVersion Include="OpenTelemetry" Version="1.7.0" />
     <PackageVersion Include="OpenTelemetry.Exporter.Console" Version="1.7.0" />
     <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.7.0" />
@@ -48,7 +48,7 @@
     <PackageVersion Include="Serilog.AspNetCore" Version="[6.1.0,7.0.0]" />
     <PackageVersion Include="Serilog.Extensions.Logging" Version="[3.1.0,7.0.0]" />
     <PackageVersion Include="Portable.BouncyCastle" Version="1.9.0" />
-    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="7.5.0" />
+    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="7.5.1" />
     <PackageVersion Include="Udap.Metadata.Server" Version="0.3.24" />
     <PackageVersion Include="Yarp.ReverseProxy" Version="2.1.0" />
   </ItemGroup>

Udap.Client/Client/Messages/UdapDiscoveryDocumentResponse.cs

@@ -78,10 +78,10 @@ protected override Task InitializeAsync(object? initializationData = null)
     public string? RegistrationEndpoint => TryGetString(UdapConstants.Discovery.RegistrationEndpoint);
 
     // generic
-    public JsonElement TryGetValue(string name) => Json.TryGetValue(name);
-    public string? TryGetString(string name) => Json.TryGetString(name);
-    public bool? TryGetBoolean(string name) => Json.TryGetBoolean(name);
-    public IEnumerable<string> TryGetStringArray(string name) => Json.TryGetStringArray(name);
+    public JsonElement? TryGetValue(string name) => Json?.TryGetValue(name);
+    public string? TryGetString(string name) => Json?.TryGetString(name);
+    public bool? TryGetBoolean(string name) => Json?.TryGetBoolean(name);
+    public IEnumerable<string>? TryGetStringArray(string name) => Json?.TryGetStringArray(name);
 
     private string Validate(DiscoveryPolicy policy)
     {
@@ -97,10 +97,13 @@ private string Validate(DiscoveryPolicy policy)
             }
         }
 
-        var error = ValidateEndpoints(Json, policy);
-        if (error.IsPresent())
+        if (Json.HasValue)
         {
-            return error;
+            var error = ValidateEndpoints(Json.Value, policy);
+            if (error.IsPresent())
+            {
+                return error;
+            }
         }
 
         return string.Empty;

Udap.Client/Client/UdapClient.cs

@@ -314,7 +314,7 @@ private async Task<UdapDiscoveryDocumentResponse> InternalValidateResource(
 
                 if (disco.HttpStatusCode == HttpStatusCode.OK && !disco.IsError)
                 {
-                    UdapServerMetaData = disco.Json.Deserialize<UdapMetadata>();
+                    UdapServerMetaData = disco.Json?.Deserialize<UdapMetadata>();
                     _logger.LogDebug(UdapServerMetaData?.SerializeToJson());
 
                     if (!await _clientDiscoveryValidator.ValidateJwtToken(UdapServerMetaData!, baseUrl))

Udap.Client/Client/UdapClientMessageHandler.cs

@@ -105,7 +105,7 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
 
         if (disco.HttpStatusCode == HttpStatusCode.OK && !disco.IsError)
         {
-            _clientDiscoveryValidator.UdapServerMetaData = disco.Json.Deserialize<UdapMetadata>();
+            _clientDiscoveryValidator.UdapServerMetaData = disco.Json?.Deserialize<UdapMetadata>();
             _logger.LogDebug(_clientDiscoveryValidator.UdapServerMetaData?.SerializeToJson());
 
             if (!await _clientDiscoveryValidator.ValidateJwtToken(_clientDiscoveryValidator.UdapServerMetaData!, baseUrl!))

Udap.Client/Udap.Client.csproj

@@ -15,6 +15,7 @@
     <PackageIcon>UDAP_Ecosystem_Gears 48X48.jpg</PackageIcon>
     <PackageTags>UDAP;FHIR;HL7</PackageTags>
     <Description>Package is a part of the UDAP reference implementation for .NET.</Description>
+
   </PropertyGroup>
 
 
@@ -25,19 +26,12 @@
   </ItemGroup>
 
 
-
-  <ItemGroup Condition="'$(TargetFramework)' == 'net6.0'">
-    <PackageReference Include="IdentityModel" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" />
-  </ItemGroup>
-
-  <ItemGroup Condition="'$(TargetFramework)' == 'net7.0'">
+  <ItemGroup >
     <PackageReference Include="IdentityModel" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" />
   </ItemGroup>
 
 
-   <!-- <ItemGroup>  -->
+  <!-- <ItemGroup>  -->
    <!--   <FrameworkReference Include="Microsoft.AspNetCore.App" />  -->
    <!-- </ItemGroup>  -->
 

Udap.Server/Configuration/ServerSettings.cs

@@ -45,6 +45,8 @@ public class ServerSettings
 
 
     public bool AlwaysIncludeUserClaimsInIdToken { get; set; }
+
+    public bool RequireConsent { get; set; } = true;
 }
 
 

Udap.Server/DbContexts/UdapDbContext.cs

@@ -7,10 +7,13 @@
 // */
 #endregion
 
+using Duende.IdentityServer.EntityFramework.DbContexts;
 using Duende.IdentityServer.EntityFramework.Entities;
 using Microsoft.AspNetCore.DataProtection.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Infrastructure;
+using System.Reflection.Emit;
+using Duende.IdentityServer.EntityFramework.Extensions;
 using Udap.Server.Entities;
 using Udap.Server.Extensions;
 using Udap.Server.Options;
@@ -136,7 +139,129 @@ protected override void OnModelCreating(ModelBuilder modelBuilder)
             modelBuilder.Entity<ClientScope>().ToTable("ClientScopes");
         }
 
+
+        base.OnModelCreating(modelBuilder);
+
+        if (Database.ProviderName == "Npgsql.EntityFrameworkCore.PostgreSQL")
+        {
+            modelBuilder.HasDefaultSchema("udap");
+
+            foreach (var entity in modelBuilder.Model.GetEntityTypes())
+            {
+                // Replace table names
+                entity.SetTableName(entity.GetTableName()?.ToSnakeCase());
+
+                // Replace column names            
+                foreach (var property in entity.GetProperties())
+                {
+                    property.SetColumnName(property.GetColumnName().ToSnakeCase());
+                }
+
+                foreach (var key in entity.GetKeys())
+                {
+                    key.SetName(key.GetName()?.ToSnakeCase());
+                }
+
+                foreach (var key in entity.GetForeignKeys())
+                {
+                    key.SetConstraintName(key.GetConstraintName()?.ToSnakeCase());
+                }
+
+                foreach (var index in entity.GetIndexes())
+                {
+                    index.SetDatabaseName(index.GetDatabaseName()?.ToSnakeCase());
+                }
+            }
+        }
+    }
+
+}
+
+/// <summary>
+/// Override naming conventions of the base ConfigurationDbContext during OnModelCreating
+/// </summary>
+public class NpgsqlConfigurationDbContext : ConfigurationDbContext<NpgsqlConfigurationDbContext>
+{
+    public NpgsqlConfigurationDbContext(DbContextOptions<NpgsqlConfigurationDbContext> options) : base(options)
+    {
+    }
+
+    protected override void OnModelCreating(ModelBuilder modelBuilder)
+    {
         base.OnModelCreating(modelBuilder);
+
+        modelBuilder.HasDefaultSchema("udap");
+
+        foreach (var entity in modelBuilder.Model.GetEntityTypes())
+        {
+            // Replace table names
+            entity.SetTableName(entity.GetTableName()?.ToSnakeCase());
+
+            // Replace column names            
+            foreach (var property in entity.GetProperties())
+            {
+                property.SetColumnName(property.GetColumnName().ToSnakeCase());
+            }
+
+            foreach (var key in entity.GetKeys())
+            {
+                key.SetName(key.GetName()?.ToSnakeCase());
+            }
+
+            foreach (var key in entity.GetForeignKeys())
+            {
+                key.SetConstraintName(key.GetConstraintName()?.ToSnakeCase());
+            }
+
+            foreach (var index in entity.GetIndexes())
+            {
+                index.SetDatabaseName(index.GetDatabaseName()?.ToSnakeCase());
+            }
+        }
     }
 }
 
+
+/// <summary>
+/// Override naming conventions of the base PersistedGrantDbContext during OnModelCreating
+/// </summary>
+public class NpgsqlPersistedGrantDbContext : PersistedGrantDbContext<NpgsqlPersistedGrantDbContext>
+{
+    public NpgsqlPersistedGrantDbContext(DbContextOptions<NpgsqlPersistedGrantDbContext> options) : base(options)
+    {
+    }
+
+    protected override void OnModelCreating(ModelBuilder modelBuilder)
+    {
+        base.OnModelCreating(modelBuilder);
+
+        modelBuilder.HasDefaultSchema("udap");
+
+        foreach (var entity in modelBuilder.Model.GetEntityTypes())
+        {
+            // Replace table names
+            entity.SetTableName(entity.GetTableName()?.ToSnakeCase());
+
+            // Replace column names            
+            foreach (var property in entity.GetProperties())
+            {
+                property.SetColumnName(property.GetColumnName().ToSnakeCase());
+            }
+
+            foreach (var key in entity.GetKeys())
+            {
+                key.SetName(key.GetName()?.ToSnakeCase());
+            }
+
+            foreach (var key in entity.GetForeignKeys())
+            {
+                key.SetConstraintName(key.GetConstraintName()?.ToSnakeCase());
+            }
+
+            foreach (var index in entity.GetIndexes())
+            {
+                index.SetDatabaseName(index.GetDatabaseName()?.ToSnakeCase());
+            }
+        }
+    }
+}

Udap.Server/Extensions/StringExtensions.cs

@@ -8,6 +8,7 @@
 #endregion
 
 using System.Diagnostics;
+using System.Text.RegularExpressions;
 
 namespace Udap.Server.Extensions;
 
@@ -46,4 +47,14 @@ internal static class StringExtensions
     // {
     //     return string.IsNullOrWhiteSpace(value);
     // }
+
+
+    public static string ToSnakeCase(this string input)
+    {
+        if (string.IsNullOrEmpty(input)) { return input; }
+
+        var startUnderscores = Regex.Match(input, @"^_+");
+        return startUnderscores + Regex.Replace(input, @"([a-z0-9])([A-Z])", "$1_$2").ToLower();
+    }
+
 }

Udap.Server/Registration/UdapDynamicClientRegistrationValidator.cs

@@ -285,7 +285,8 @@ IEnumerable<Anchor> anchors
         {
             //TODO: Maybe inject a component to generate the clientID so a user can use their own technique.
             ClientId = CryptoRandom.CreateUniqueId(),
-            AlwaysIncludeUserClaimsInIdToken = _serverSettings.AlwaysIncludeUserClaimsInIdToken
+            AlwaysIncludeUserClaimsInIdToken = _serverSettings.AlwaysIncludeUserClaimsInIdToken,
+            RequireConsent = _serverSettings.RequireConsent
         };
 
         _logger.LogDebug($"Validating chain for ClientId: {client.ClientId}. x5c {jwtHeader.X5c}");
@@ -380,14 +381,18 @@ IEnumerable<Anchor> anchors
         //
         if (client.AllowedGrantTypes.Contains(OidcConstants.GrantTypes.AuthorizationCode))
         {
+            var (successFlag, errorResult) = await ValidateLogoUri(document);
+
             if (_serverSettings.LogoRequired)
             {
-                var (successFlag, errorResult) = await ValidateLogoUri(document);
                 if (!successFlag)
                 {
                     return errorResult!;
                 }
+            }
 
+            if (successFlag)
+            {
                 client.LogoUri = document.LogoUri;
             }
 

Udap.Server/Stores/UdapClientRegistrationStore.cs

@@ -79,6 +79,8 @@ public async Task<bool> UpsertClient(Duende.IdentityServer.Models.Client client,
                 existingClient.AllowedGrantTypes = client.ToEntity().AllowedGrantTypes;
                 existingClient.AllowOfflineAccess = client.AllowOfflineAccess;
                 existingClient.RequirePkce = client.RequirePkce;
+                existingClient.LogoUri = client.LogoUri;
+
                 await _dbContext.SaveChangesAsync(token);
                 _logger.LogInformation("Updated client: {Id}", existingClient.Id);
                 return true;