diff --git a/gen/OpenIddict.Client.WebIntegration.Generators/OpenIddictClientWebIntegrationGenerator.cs b/gen/OpenIddict.Client.WebIntegration.Generators/OpenIddictClientWebIntegrationGenerator.cs index 58071800d..bfaee57b5 100644 --- a/gen/OpenIddict.Client.WebIntegration.Generators/OpenIddictClientWebIntegrationGenerator.cs +++ b/gen/OpenIddict.Client.WebIntegration.Generators/OpenIddictClientWebIntegrationGenerator.cs @@ -1037,8 +1037,8 @@ public static partial void ConfigureProvider(OpenIddictClientRegistration regist TokenEndpoint = new Uri($""{{ environment.configuration.token_endpoint | string.replace '\'' '""' }}"", UriKind.Absolute), {{~ end ~}} - {{~ if environment.configuration.userinfo_endpoint ~}} - UserinfoEndpoint = new Uri($""{{ environment.configuration.userinfo_endpoint | string.replace '\'' '""' }}"", UriKind.Absolute), + {{~ if environment.configuration.user_info_endpoint ~}} + UserInfoEndpoint = new Uri($""{{ environment.configuration.user_info_endpoint | string.replace '\'' '""' }}"", UriKind.Absolute), {{~ end ~}} CodeChallengeMethodsSupported = @@ -1157,7 +1157,7 @@ public static partial void ConfigureProvider(OpenIddictClientRegistration regist IntrospectionEndpoint = (string?) configuration.Attribute("IntrospectionEndpoint"), RevocationEndpoint = (string?) configuration.Attribute("RevocationEndpoint"), TokenEndpoint = (string?) configuration.Attribute("TokenEndpoint"), - UserinfoEndpoint = (string?) configuration.Attribute("UserinfoEndpoint"), + UserInfoEndpoint = (string?) configuration.Attribute("UserInfoEndpoint"), CodeChallengeMethodsSupported = configuration.Elements("CodeChallengeMethod").ToList() switch { diff --git a/sandbox/OpenIddict.Sandbox.AspNet.Client/Controllers/AuthenticationController.cs b/sandbox/OpenIddict.Sandbox.AspNet.Client/Controllers/AuthenticationController.cs index 14d4c2813..bf14e2d2e 100644 --- a/sandbox/OpenIddict.Sandbox.AspNet.Client/Controllers/AuthenticationController.cs +++ b/sandbox/OpenIddict.Sandbox.AspNet.Client/Controllers/AuthenticationController.cs @@ -96,7 +96,7 @@ public async Task LogOut(string returnUrl) context.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType); // Extract the client registration identifier and retrieve the associated server configuration. - // If the provider is known to support remote sign-out, ask OpenIddict to initiate a logout request. + // If the provider is known to support remote sign-out, ask OpenIddict to initiate a end session request. if (identity.FindFirst(Claims.Private.RegistrationId)?.Value is string identifier && await _service.GetServerConfigurationByRegistrationIdAsync(identifier) is { EndSessionEndpoint: Uri }) { diff --git a/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/AuthorizationController.cs b/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/AuthorizationController.cs index 808f4b4d1..ed0880da1 100644 --- a/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/AuthorizationController.cs +++ b/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/AuthorizationController.cs @@ -309,8 +309,8 @@ public ActionResult Deny() return new EmptyResult(); } - [HttpGet, Route("~/connect/logout")] - public ActionResult Logout() => View(new AuthorizeViewModel + [HttpGet, Route("~/connect/endsession")] + public ActionResult EndSession() => View(new AuthorizeViewModel { // Flow the request parameters so they can be received by the Accept/Reject actions. Parameters = string.Equals(Request.HttpMethod, "POST", StringComparison.OrdinalIgnoreCase) ? @@ -322,8 +322,8 @@ from value in Request.QueryString.GetValues(name) select new KeyValuePair(name, value) }); - [ActionName(nameof(Logout)), HttpPost, Route("~/connect/logout"), ValidateAntiForgeryToken] - public ActionResult LogoutPost() + [ActionName(nameof(EndSession)), HttpPost, Route("~/connect/endsession"), ValidateAntiForgeryToken] + public ActionResult EndSessionPost() { var context = HttpContext.GetOwinContext(); context.Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie); diff --git a/sandbox/OpenIddict.Sandbox.AspNet.Server/Startup.cs b/sandbox/OpenIddict.Sandbox.AspNet.Server/Startup.cs index c0baedd41..47d8ceedb 100644 --- a/sandbox/OpenIddict.Sandbox.AspNet.Server/Startup.cs +++ b/sandbox/OpenIddict.Sandbox.AspNet.Server/Startup.cs @@ -86,24 +86,22 @@ public void Configuration(IAppBuilder app) // Register the OpenIddict server components. .AddServer(options => { - // Enable the authorization, device, introspection, - // logout, token, userinfo and verification endpoints. + // Enable the flows that will be used by the client applications. options.SetAuthorizationEndpointUris("connect/authorize") - .SetDeviceEndpointUris("connect/device") + .SetDeviceAuthorizationEndpointUris("connect/device") + .SetEndSessionEndpointUris("connect/endsession") + .SetEndUserVerificationEndpointUris("connect/verify") .SetIntrospectionEndpointUris("connect/introspect") - .SetLogoutEndpointUris("connect/logout") .SetTokenEndpointUris("connect/token") - .SetUserinfoEndpointUris("connect/userinfo") - .SetVerificationEndpointUris("connect/verify"); + .SetUserInfoEndpointUris("connect/userinfo"); - // Note: this sample uses the code, device code, password and refresh token flows, but you - // can enable the other flows if you need to support implicit or client credentials. + // Enable the flows that will be used by the client applications. options.AllowAuthorizationCodeFlow() - .AllowDeviceCodeFlow() + .AllowDeviceAuthorizationFlow() .AllowPasswordFlow() .AllowRefreshTokenFlow(); - // Mark the "email", "profile", "roles" and "demo_api" scopes as supported scopes. + // Register the public scopes that will be exposed by the configuration endpoint. options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles, "demo_api"); // Register the signing and encryption credentials. @@ -116,7 +114,7 @@ public void Configuration(IAppBuilder app) // Register the OWIN host and configure the OWIN-specific options. options.UseOwin() .EnableAuthorizationEndpointPassthrough() - .EnableLogoutEndpointPassthrough() + .EnableEndSessionEndpointPassthrough() .EnableTokenEndpointPassthrough(); }) @@ -221,7 +219,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Logout, + Permissions.Endpoints.EndSession, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.RefreshToken, @@ -254,7 +252,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Device, + Permissions.Endpoints.DeviceAuthorization, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.DeviceCode, diff --git a/sandbox/OpenIddict.Sandbox.AspNet.Server/Views/Authorization/Logout.cshtml b/sandbox/OpenIddict.Sandbox.AspNet.Server/Views/Authorization/EndSession.cshtml similarity index 94% rename from sandbox/OpenIddict.Sandbox.AspNet.Server/Views/Authorization/Logout.cshtml rename to sandbox/OpenIddict.Sandbox.AspNet.Server/Views/Authorization/EndSession.cshtml index 0f79ec3d0..2c8e1058a 100644 --- a/sandbox/OpenIddict.Sandbox.AspNet.Server/Views/Authorization/Logout.cshtml +++ b/sandbox/OpenIddict.Sandbox.AspNet.Server/Views/Authorization/EndSession.cshtml @@ -8,7 +8,7 @@ { @Html.AntiForgeryToken() - @* Flow the request parameters so they can be received by the LogoutPost action: *@ + @* Flow the request parameters so they can be received by the EndSessionPost action: *@ foreach (var parameter in Model.Parameters) { diff --git a/sandbox/OpenIddict.Sandbox.AspNetCore.Client/Controllers/AuthenticationController.cs b/sandbox/OpenIddict.Sandbox.AspNetCore.Client/Controllers/AuthenticationController.cs index d52c17309..de3ec8ef3 100644 --- a/sandbox/OpenIddict.Sandbox.AspNetCore.Client/Controllers/AuthenticationController.cs +++ b/sandbox/OpenIddict.Sandbox.AspNetCore.Client/Controllers/AuthenticationController.cs @@ -92,7 +92,7 @@ public async Task LogOut(string returnUrl) await HttpContext.SignOutAsync(); // Extract the client registration identifier and retrieve the associated server configuration. - // If the provider is known to support remote sign-out, ask OpenIddict to initiate a logout request. + // If the provider is known to support remote sign-out, ask OpenIddict to initiate a end session request. if (identity.FindFirst(Claims.Private.RegistrationId)?.Value is string identifier && await _service.GetServerConfigurationByRegistrationIdAsync(identifier) is { EndSessionEndpoint: Uri }) { diff --git a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs index fddda6ed4..418042314 100644 --- a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs +++ b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs @@ -312,7 +312,7 @@ public async Task Accept() #endregion #region Device flow - // Note: to support the device flow, you must provide your own verification endpoint action: + // Note: to support the device authorization flow, you must provide your own verification endpoint action: [Authorize, HttpGet("~/connect/verify"), IgnoreAntiforgeryToken] public async Task Verify() { @@ -411,15 +411,15 @@ public IActionResult VerifyDeny() => Forbid( }); #endregion - #region Logout support for interactive flows like code and implicit - // Note: the logout action is only useful when implementing interactive + #region End session support for interactive flows like code and implicit + // Note: the end session action is only useful when implementing interactive // flows like the authorization code flow or the implicit flow. - [HttpGet("~/connect/logout")] - public IActionResult Logout() => View(); + [HttpGet("~/connect/endsession")] + public IActionResult EndSession() => View(); - [ActionName(nameof(Logout)), HttpPost("~/connect/logout"), ValidateAntiForgeryToken] - public async Task LogoutPost() + [ActionName(nameof(EndSession)), HttpPost("~/connect/endsession"), ValidateAntiForgeryToken] + public async Task EndSessionPost() { // Ask ASP.NET Core Identity to delete the local and external cookies created // when the user agent is redirected from the external identity provider diff --git a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/UserinfoController.cs b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/UserinfoController.cs index a418bb21e..b27873aec 100644 --- a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/UserinfoController.cs +++ b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/UserinfoController.cs @@ -9,17 +9,17 @@ namespace OpenIddict.Sandbox.AspNetCore.Server.Controllers; -public class UserinfoController : Controller +public class UserInfoController : Controller { private readonly UserManager _userManager; - public UserinfoController(UserManager userManager) + public UserInfoController(UserManager userManager) => _userManager = userManager; [Authorize(AuthenticationSchemes = OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)] [HttpGet("~/connect/userinfo"), HttpPost("~/connect/userinfo")] [IgnoreAntiforgeryToken, Produces("application/json")] - public async Task Userinfo() + public async Task UserInfo() { var user = await _userManager.FindByIdAsync(User.GetClaim(Claims.Subject)); if (user is null) diff --git a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs index 91f16852a..d3b832d16 100644 --- a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs +++ b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs @@ -100,28 +100,26 @@ public void ConfigureServices(IServiceCollection services) // Register the OpenIddict server components. .AddServer(options => { - // Enable the authorization, device, introspection, logout, - // token, revocation, userinfo and verification endpoints. + // Enable the endpoints that will be used by the client applications. options.SetAuthorizationEndpointUris("connect/authorize") - .SetDeviceEndpointUris("connect/device") + .SetDeviceAuthorizationEndpointUris("connect/device") + .SetEndSessionEndpointUris("connect/endsession") + .SetEndUserVerificationEndpointUris("connect/verify") .SetIntrospectionEndpointUris("connect/introspect") - .SetLogoutEndpointUris("connect/logout") .SetRevocationEndpointUris("connect/revoke") .SetTokenEndpointUris("connect/token") - .SetUserinfoEndpointUris("connect/userinfo") - .SetVerificationEndpointUris("connect/verify"); + .SetUserInfoEndpointUris("connect/userinfo"); - // Note: this sample enables all the supported flows but - // you can restrict the list of enabled flows if necessary. + // Enable the flows that will be used by the client applications. options.AllowAuthorizationCodeFlow() - .AllowDeviceCodeFlow() + .AllowDeviceAuthorizationFlow() .AllowHybridFlow() .AllowImplicitFlow() .AllowNoneFlow() .AllowPasswordFlow() .AllowRefreshTokenFlow(); - // Mark the "email", "profile", "roles" and "demo_api" scopes as supported scopes. + // Register the public scopes that will be exposed by the configuration endpoint. options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles, "demo_api"); // Register the signing and encryption credentials. @@ -135,10 +133,10 @@ public void ConfigureServices(IServiceCollection services) options.UseAspNetCore() .EnableStatusCodePagesIntegration() .EnableAuthorizationEndpointPassthrough() - .EnableLogoutEndpointPassthrough() + .EnableEndSessionEndpointPassthrough() + .EnableEndUserVerificationEndpointPassthrough() .EnableTokenEndpointPassthrough() - .EnableUserinfoEndpointPassthrough() - .EnableVerificationEndpointPassthrough(); + .EnableUserInfoEndpointPassthrough(); // Note: if you don't want to specify a client_id when sending // a token or revocation request, uncomment the following line: diff --git a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Views/Authorization/Logout.cshtml b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Views/Authorization/EndSession.cshtml similarity index 84% rename from sandbox/OpenIddict.Sandbox.AspNetCore.Server/Views/Authorization/Logout.cshtml rename to sandbox/OpenIddict.Sandbox.AspNetCore.Server/Views/Authorization/EndSession.cshtml index 0f892ec13..3e1070f7e 100644 --- a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Views/Authorization/Logout.cshtml +++ b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Views/Authorization/EndSession.cshtml @@ -4,8 +4,8 @@

Log out

Are you sure you want to sign out?

-
- @* Flow the request parameters so they can be received by the LogoutPost action: *@ + + @* Flow the request parameters so they can be received by the EndSessionPost action: *@ @foreach (var parameter in Context.Request.HasFormContentType ? (IEnumerable>) Context.Request.Form : Context.Request.Query) { diff --git a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Worker.cs b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Worker.cs index 07e738000..6ad635fcf 100644 --- a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Worker.cs +++ b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Worker.cs @@ -74,9 +74,9 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Device, + Permissions.Endpoints.DeviceAuthorization, Permissions.Endpoints.Introspection, - Permissions.Endpoints.Logout, + Permissions.Endpoints.EndSession, Permissions.Endpoints.Revocation, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, @@ -127,7 +127,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Logout, + Permissions.Endpoints.EndSession, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.RefreshToken, @@ -188,7 +188,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Logout, + Permissions.Endpoints.EndSession, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.RefreshToken, @@ -229,7 +229,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Logout, + Permissions.Endpoints.EndSession, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.RefreshToken, @@ -270,7 +270,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Logout, + Permissions.Endpoints.EndSession, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.RefreshToken, @@ -329,7 +329,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor Permissions = { Permissions.Endpoints.Authorization, - Permissions.Endpoints.Device, + Permissions.Endpoints.DeviceAuthorization, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.DeviceCode, diff --git a/sandbox/OpenIddict.Sandbox.Console.Client/Program.cs b/sandbox/OpenIddict.Sandbox.Console.Client/Program.cs index 124484b63..12dab54ed 100644 --- a/sandbox/OpenIddict.Sandbox.Console.Client/Program.cs +++ b/sandbox/OpenIddict.Sandbox.Console.Client/Program.cs @@ -40,7 +40,7 @@ // you can restrict the list of enabled flows if necessary. options.AllowAuthorizationCodeFlow() .AllowClientCredentialsFlow() - .AllowDeviceCodeFlow() + .AllowDeviceAuthorizationFlow() .AllowHybridFlow() .AllowImplicitFlow() .AllowNoneFlow() diff --git a/sandbox/OpenIddict.Sandbox.Maui.Client/MainPage.xaml.cs b/sandbox/OpenIddict.Sandbox.Maui.Client/MainPage.xaml.cs index f2c07ba6b..c861f4b01 100644 --- a/sandbox/OpenIddict.Sandbox.Maui.Client/MainPage.xaml.cs +++ b/sandbox/OpenIddict.Sandbox.Maui.Client/MainPage.xaml.cs @@ -108,7 +108,7 @@ private async Task LogOutAsync(string provider, Dictionary ListAsync( /// The application. /// The URI that should be compared to one of the post_logout_redirect_uri stored in the database. /// The that can be used to abort the operation. - /// Note: if no client_id parameter is specified in logout requests, this method may not be called. + /// Note: if no client_id parameter is specified in end session requests, this method may not be called. /// /// A that can be used to monitor the asynchronous operation, /// whose result returns a boolean indicating whether the post_logout_redirect_uri was valid. diff --git a/src/OpenIddict.Abstractions/OpenIddictConstants.cs b/src/OpenIddict.Abstractions/OpenIddictConstants.cs index 79f718fd6..728a42bf3 100644 --- a/src/OpenIddict.Abstractions/OpenIddictConstants.cs +++ b/src/OpenIddict.Abstractions/OpenIddictConstants.cs @@ -160,7 +160,7 @@ public static class ClaimRequestMembers { public const string Essential = "essential"; public const string IdToken = "id_token"; - public const string Userinfo = "userinfo"; + public const string UserInfo = "userinfo"; public const string Value = "value"; public const string Values = "values"; } @@ -310,10 +310,10 @@ public static class Metadata public const string TokenEndpointAuthMethodsSupported = "token_endpoint_auth_methods_supported"; public const string TokenEndpointAuthSigningAlgValuesSupported = "token_endpoint_auth_signing_alg_values_supported"; public const string UiLocalesSupported = "ui_locales_supported"; - public const string UserinfoEncryptionAlgValuesSupported = "userinfo_encryption_alg_values_supported"; - public const string UserinfoEncryptionEncValuesSupported = "userinfo_encryption_enc_values_supported"; - public const string UserinfoEndpoint = "userinfo_endpoint"; - public const string UserinfoSigningAlgValuesSupported = "userinfo_signing_alg_values_supported"; + public const string UserInfoEncryptionAlgValuesSupported = "userinfo_encryption_alg_values_supported"; + public const string UserInfoEncryptionEncValuesSupported = "userinfo_encryption_enc_values_supported"; + public const string UserInfoEndpoint = "userinfo_endpoint"; + public const string UserInfoSigningAlgValuesSupported = "userinfo_signing_alg_values_supported"; } public static class Parameters @@ -379,9 +379,9 @@ public static class Permissions public static class Endpoints { public const string Authorization = "ept:authorization"; - public const string Device = "ept:device"; + public const string DeviceAuthorization = "ept:device_authorization"; + public const string EndSession = "ept:end_session"; public const string Introspection = "ept:introspection"; - public const string Logout = "ept:logout"; public const string Revocation = "ept:revocation"; public const string Token = "ept:token"; } @@ -552,7 +552,7 @@ public static class TokenTypeHints public const string IdToken = "id_token"; public const string RefreshToken = "refresh_token"; public const string StateToken = "state_token"; - public const string UserinfoToken = "userinfo_token"; + public const string UserInfoToken = "userinfo_token"; public const string UserCode = "user_code"; } diff --git a/src/OpenIddict.Abstractions/OpenIddictResources.resx b/src/OpenIddict.Abstractions/OpenIddictResources.resx index a1f5c4488..442e7c8ef 100644 --- a/src/OpenIddict.Abstractions/OpenIddictResources.resx +++ b/src/OpenIddict.Abstractions/OpenIddictResources.resx @@ -219,39 +219,39 @@ To apply authorization responses, create a class implementing 'IOpenIddictServer The device request was not correctly extracted. -To extract device requests, create a class implementing 'IOpenIddictServerHandler<ExtractDeviceRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. +To extract device requests, create a class implementing 'IOpenIddictServerHandler<ExtractDeviceAuthorizationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The client application details cannot be found in the database. - The device response was not correctly applied. -To apply device responses, create a class implementing 'IOpenIddictServerHandler<ApplyDeviceResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. + The device authorization response was not correctly applied. +To apply device authorization responses, create a class implementing 'IOpenIddictServerHandler<ApplyDeviceAuthorizationResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. - The verification request was not correctly extracted. -To extract verification requests, create a class implementing 'IOpenIddictServerHandler<ExtractVerificationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. + The end-user verification request was not correctly extracted. +To extract end-user verification requests, create a class implementing 'IOpenIddictServerHandler<ExtractEndUserVerificationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. - The verification request was not handled. -To handle verification requests in a controller, create a custom action with the same route as the verification endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'services.AddOpenIddict().AddServer().UseAspNetCore().EnableVerificationEndpointPassthrough()'. -Alternatively, create a class implementing 'IOpenIddictServerHandler<HandleVerificationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. + The end-user verification request was not handled. +To handle end-user verification requests in a controller, create a custom action with the same route as the end-user verification endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'services.AddOpenIddict().AddServer().UseAspNetCore().EnableVerificationEndpointPassthrough()'. +Alternatively, create a class implementing 'IOpenIddictServerHandler<HandleEndUserVerificationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. - The verification response was not correctly applied. -To apply verification responses, create a class implementing 'IOpenIddictServerHandler<ApplyVerificationResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. + The end-user verification response was not correctly applied. +To apply end-user verification responses, create a class implementing 'IOpenIddictServerHandler<ApplyEndUserVerificationResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The configuration request was not correctly extracted. To extract configuration requests, create a class implementing 'IOpenIddictServerHandler<ExtractConfigurationRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. - The cryptography request was not correctly extracted. -To extract configuration requests, create a class implementing 'IOpenIddictServerHandler<ExtractCryptographyRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. + The JSON Web Key Set request was not correctly extracted. +To extract configuration requests, create a class implementing 'IOpenIddictServerHandler<ExtractJsonWebKeySetRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. - The cryptography response was not correctly applied. -To apply cryptography responses, create a class implementing 'IOpenIddictServerHandler<ApplyCryptographyResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. + The JSON Web Key Set response was not correctly applied. +To apply JSON Web Key Set responses, create a class implementing 'IOpenIddictServerHandler<ApplyJsonWebKeySetResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The token request was not correctly extracted. @@ -292,25 +292,25 @@ To extract revocation requests, create a class implementing 'IOpenIddictServerHa To apply revocation responses, create a class implementing 'IOpenIddictServerHandler<ApplyRevocationResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. - The logout request was not correctly extracted. -To extract logout requests, create a class implementing 'IOpenIddictServerHandler<ExtractLogoutRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. + The end session request was not correctly extracted. +To extract end session requests, create a class implementing 'IOpenIddictServerHandler<ExtractEndSessionRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. - The logout request was not handled. -To handle logout requests in a controller, create a custom controller action with the same route as the logout endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'services.AddOpenIddict().AddServer().UseAspNetCore().EnableLogoutEndpointPassthrough()'. -Alternatively, create a class implementing 'IOpenIddictServerHandler<HandleLogoutRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. + The end session request was not handled. +To handle end session requests in a controller, create a custom controller action with the same route as the end session endpoint and enable the pass-through mode in the server ASP.NET Core or OWIN options using 'services.AddOpenIddict().AddServer().UseAspNetCore().EnableLogoutEndpointPassthrough()'. +Alternatively, create a class implementing 'IOpenIddictServerHandler<HandleEndSessionRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. - The logout response was not correctly applied. -To apply logout responses, create a class implementing 'IOpenIddictServerHandler<ApplyLogoutResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. + The end session response was not correctly applied. +To apply end session responses, create a class implementing 'IOpenIddictServerHandler<ApplyEndSessionResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The userinfo request was not correctly extracted. -To extract userinfo requests, create a class implementing 'IOpenIddictServerHandler<ExtractUserinfoRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. +To extract userinfo requests, create a class implementing 'IOpenIddictServerHandler<ExtractUserInfoRequestContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The userinfo response was not correctly applied. -To apply userinfo responses, create a class implementing 'IOpenIddictServerHandler<ApplyUserinfoResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. +To apply userinfo responses, create a class implementing 'IOpenIddictServerHandler<ApplyUserInfoResponseContext>' and register it using 'services.AddOpenIddict().AddServer().AddEventHandler()'. The asymmetric encryption key doesn't contain the required private key. @@ -381,13 +381,13 @@ Consider using 'options.AddSigningCredentials(SigningCredentials)' instead.The authorization endpoint must be enabled to use the authorization code and implicit flows. - The device endpoint must be enabled to use the device flow. + The device authorization endpoint must be enabled to use the device authorization flow. The token endpoint must be enabled to use the authorization code, client credentials, device, password and refresh token flows. - The verification endpoint must be enabled to use the device flow. + The end-user verification endpoint must be enabled to use the device authorization flow. Endpoint URIs cannot start with '{0}'. @@ -400,7 +400,7 @@ To enable DI support, call 'services.AddQuartz(options => options.UseMicrosof Reference tokens cannot be used when disabling token storage. - The device grant must be allowed when enabling the device endpoint. + The device grant must be allowed when enabling the device authorization endpoint. At least one encryption key must be registered in the OpenIddict server options. @@ -422,13 +422,13 @@ To use key rollover, register both the new certificate and the old one in the cr No custom authorization request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateAuthorizationRequestContext>' must be implemented to validate authorization requests (e.g to ensure the client_id and redirect_uri are valid). - No custom device request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateDeviceRequestContext>' (or 'IOpenIddictServerHandler<ProcessAuthenticationContext>') must be implemented to validate device requests (e.g to ensure the client_id and client_secret are valid). + No custom device request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateDeviceAuthorizationRequestContext>' (or 'IOpenIddictServerHandler<ProcessAuthenticationContext>') must be implemented to validate device requests (e.g to ensure the client_id and client_secret are valid). No custom introspection request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateIntrospectionRequestContext>' (or 'IOpenIddictServerHandler<ProcessAuthenticationContext>') must be implemented to validate introspection requests (e.g to ensure the client_id and client_secret are valid). - No custom logout request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateLogoutRequestContext>' must be implemented to validate logout requests (e.g to ensure the post_logout_redirect_uri is valid). + No custom end session request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateEndSessionRequestContext>' must be implemented to validate end session requests (e.g to ensure the post_logout_redirect_uri is valid). No custom revocation request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateRevocationRequestContext>' (or 'IOpenIddictServerHandler<ProcessAuthenticationContext>') must be implemented to validate revocation requests (e.g to ensure the client_id and client_secret are valid). @@ -437,7 +437,7 @@ To use key rollover, register both the new certificate and the old one in the cr No custom token request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateTokenRequestContext>' (or 'IOpenIddictServerHandler<ProcessAuthenticationContext>') must be implemented to validate token requests (e.g to ensure the client_id and client_secret are valid). - No custom verification request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateVerificationRequestContext>' must be implemented to validate verification requests (e.g to ensure the user_code is valid). + No custom end-user verification request validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateEndUserVerificationRequestContext>' must be implemented to validate verification requests (e.g to ensure the user_code is valid). No custom token validation handler was found. When enabling the degraded mode, a custom 'IOpenIddictServerHandler<ValidateTokenContext>' must be implemented to handle device and user codes (e.g by retrieving them from a database). @@ -512,7 +512,7 @@ To register the default in-memory distributed cache implementation, reference th The authorization request payload is malformed. - The logout request payload is malformed. + The end session request payload is malformed. The OpenIddict OWIN server handler cannot be used as an active authentication handler. @@ -608,7 +608,7 @@ To register the OpenIddict core services, reference the 'OpenIddict.Core' packag The server configuration couldn't be retrieved. - The JWKS URI couldn't be resolved from the provider metadata. + The JSON Web Key Set URI couldn't be resolved from the provider metadata. The server JSON Web Key set couldn't be retrieved. @@ -638,25 +638,25 @@ To register the OpenIddict core services, reference the 'OpenIddict.Core' packag Error URI: {2} - An error occurred while preparing the cryptography request. + An error occurred while preparing the JSON Web Key Set request. Error: {0} Error description: {1} Error URI: {2} - An error occurred while sending the cryptography request. + An error occurred while sending the JSON Web Key Set request. Error: {0} Error description: {1} Error URI: {2} - An error occurred while extracting the cryptography response. + An error occurred while extracting the JSON Web Key Set response. Error: {0} Error description: {1} Error URI: {2} - An error occurred while handling the cryptography response. + An error occurred while handling the JSON Web Key Set response. Error: {0} Error description: {1} Error URI: {2} @@ -1777,7 +1777,7 @@ To apply post-logout redirection responses, create a class implementing 'IOpenId The specified user code is no longer valid. - The client application is not allowed to use the device code flow. + The client application is not allowed to use the device authorization flow. The '{0}' parameter is not supported. @@ -1864,7 +1864,7 @@ To apply post-logout redirection responses, create a class implementing 'IOpenId The specified client credentials are invalid. - This client application is not allowed to use the device endpoint. + This client application is not allowed to use the device authorization endpoint. The '{0}' or '{1}' parameter must be specified when using the client credentials grant. @@ -1993,19 +1993,19 @@ To apply post-logout redirection responses, create a class implementing 'IOpenId The issuer returned in the server configuration doesn't match the value set in the validation options. - No JWKS endpoint could be found in the server configuration. + No JSON Web Key Set endpoint could be found in the server configuration. A server configuration containing an invalid '{0}' URI was returned. - The JWKS document didn't contain a valid '{0}' node with at least one key. + The JSON Web Key Set document didn't contain a valid '{0}' node with at least one key. - A JWKS response containing an unsupported key was returned. + A JSON Web Key Set response containing an unsupported key was returned. - A JWKS response containing an invalid key was returned. + A JSON Web Key Set response containing an invalid key was returned. The mandatory '{0}' parameter couldn't be found in the introspection response. @@ -2113,7 +2113,7 @@ To apply post-logout redirection responses, create a class implementing 'IOpenId The specified state token has already been redeemed. - This client application is not allowed to use the logout endpoint. + This client application is not allowed to use the end session endpoint. The client application is not allowed to use the specified identity token hint. @@ -2128,7 +2128,7 @@ To apply post-logout redirection responses, create a class implementing 'IOpenId The configuration request was rejected by the remote server. - The cryptography request was rejected by the remote server. + The JSON Web Key Set request was rejected by the remote server. The introspection request was rejected by the remote server. @@ -2418,7 +2418,7 @@ The principal used to create the token contained the following claims: {Claims}. The device request was rejected because invalid scopes were specified: {Scopes}. - The device request was rejected because the application '{ClientId}' was not allowed to use the device endpoint. + The device request was rejected because the application '{ClientId}' was not allowed to use the device authorization endpoint. The device request was rejected because the application '{ClientId}' was not allowed to use the scope {Scope}. @@ -2436,19 +2436,19 @@ The principal used to create the token contained the following claims: {Claims}. The configuration request was successfully validated. - The cryptography request was successfully extracted: {Request}. + The JSON Web Key Set request was successfully extracted: {Request}. - The cryptography request was successfully validated. + The JSON Web Key Set request was successfully validated. A JSON Web Key was excluded from the key set because it didn't contain the mandatory '{Parameter}' parameter. - An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA and ECDSA asymmetric security keys can be exposed via the JWKS endpoint. + An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA and ECDSA asymmetric security keys can be exposed via the JSON Web Key Set endpoint. - An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA asymmetric security keys can be exposed via the JWKS endpoint. + An unsupported signing key of type '{Type}' was ignored and excluded from the key set. Only RSA asymmetric security keys can be exposed via the JSON Web Key Set endpoint. A signing key of type '{Type}' was ignored because its RSA public parameters couldn't be extracted. @@ -2547,7 +2547,7 @@ The principal used to create the token contained the following claims: {Claims}. The revocation request was rejected because the received token was of an unsupported type. - The device request was rejected because the application '{ClientId}' was not allowed to use the device code flow. + The device request was rejected because the application '{ClientId}' was not allowed to use the device authorization flow. The revocation request was rejected because the access token was issued to a different client or for another resource server. @@ -2565,19 +2565,19 @@ The principal used to create the token contained the following claims: {Claims}. The token '{Identifier}' was not revoked because it couldn't be found. - The logout request was successfully extracted: {Request}. + The end session request was successfully extracted: {Request}. - The logout request was successfully validated. + The end session request was successfully validated. - The logout request was rejected because the '{Parameter}' parameter wasn't a valid absolute URI: {PostLogoutRedirectUri}. + The end session request was rejected because the '{Parameter}' parameter wasn't a valid absolute URI: {PostLogoutRedirectUri}. - The logout request was rejected because the '{Parameter}' contained a URI fragment: {PostLogoutRedirectUri}. + The end session request was rejected because the '{Parameter}' contained a URI fragment: {PostLogoutRedirectUri}. - The logout request was rejected because the specified post_logout_redirect_uri was invalid: {PostLogoutRedirectUri}. + The end session request was rejected because the specified post_logout_redirect_uri was invalid: {PostLogoutRedirectUri}. The userinfo request was successfully extracted: {Request}. @@ -2643,10 +2643,10 @@ The principal used to create the token contained the following claims: {Claims}. The authorization response was successfully returned to '{RedirectUri}' using the fragment response mode: {Response}. - The logout request was rejected because an unknown or invalid '{Parameter}' was specified. + The end session request was rejected because an unknown or invalid '{Parameter}' was specified. - The logout response was successfully returned to '{PostLogoutRedirectUri}': {Response}. + The end session response was successfully returned to '{PostLogoutRedirectUri}': {Response}. The ASP.NET Core Data Protection token '{Token}' was successfully validated and the following claims could be extracted: {Claims}. @@ -2755,10 +2755,10 @@ This may indicate that the hashed entry is corrupted or malformed. The configuration response returned by {Uri} was successfully extracted: {Response}. - The cryptography request was successfully sent to {Uri}: {Request}. + The JSON Web Key Set request was successfully sent to {Uri}: {Request}. - The cryptography response returned by {Uri} was successfully extracted: {Response}. + The JSON Web Key Set response returned by {Uri} was successfully extracted: {Response}. The introspection request was successfully sent to {Uri}: {Request}. @@ -2782,7 +2782,7 @@ This may indicate that the hashed entry is corrupted or malformed. The authorization request was rejected because the identity token used as a hint was issued to a different client. - The logout request was rejected because the identity token used as a hint was issued to a different client. + The end session request was rejected because the identity token used as a hint was issued to a different client. The post-logout redirection request was successfully extracted: {Request}. @@ -2797,7 +2797,7 @@ This may indicate that the hashed entry is corrupted or malformed. The configuration request was rejected by the remote authorization server: {Response}. - The cryptography request was rejected by the remote authorization server: {Response}. + The JSON Web Key Set request was rejected by the remote authorization server: {Response}. The introspection request was rejected by the remote authorization server: {Response}. diff --git a/src/OpenIddict.Abstractions/Primitives/OpenIddictConfiguration.cs b/src/OpenIddict.Abstractions/Primitives/OpenIddictConfiguration.cs index 948c13945..35ea9b0aa 100644 --- a/src/OpenIddict.Abstractions/Primitives/OpenIddictConfiguration.cs +++ b/src/OpenIddict.Abstractions/Primitives/OpenIddictConfiguration.cs @@ -72,7 +72,7 @@ public sealed class OpenIddictConfiguration public JsonWebKeySet? JsonWebKeySet { get; set; } /// - /// Gets or sets the URI of the JWKS endpoint. + /// Gets or sets the URI of the JSON Web Key Set endpoint. /// public Uri? JwksUri { get; set; } @@ -124,5 +124,5 @@ public sealed class OpenIddictConfiguration /// /// Gets or sets the URI of the userinfo endpoint. /// - public Uri? UserinfoEndpoint { get; set; } + public Uri? UserInfoEndpoint { get; set; } } diff --git a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreBuilder.cs b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreBuilder.cs index b14c2faac..e0fe10344 100644 --- a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreBuilder.cs +++ b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreBuilder.cs @@ -112,7 +112,7 @@ public OpenIddictClientAspNetCoreBuilder EnableRedirectionEndpointPassthrough() /// /// Enables error pass-through support, so that the rest of the request processing pipeline is - /// automatically invoked when returning an error from the interactive authorization and logout endpoints. + /// automatically invoked when returning an error from the interactive authorization and end session endpoints. /// When this option is enabled, special logic must be added to these actions to handle errors, that can be /// retrieved using . /// diff --git a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreConstants.cs b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreConstants.cs index 6e42f1f8a..eb933cf89 100644 --- a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreConstants.cs +++ b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreConstants.cs @@ -33,7 +33,7 @@ public static class Properties public const string ResponseType = ".response_type"; public const string Scope = ".scope"; public const string StateTokenPrincipal = ".state_token_principal"; - public const string UserinfoTokenPrincipal = ".userinfo_token_principal"; + public const string UserInfoTokenPrincipal = ".userinfo_token_principal"; } public static class Tokens @@ -47,6 +47,6 @@ public static class Tokens public const string FrontchannelIdentityToken = "frontchannel_id_token"; public const string RefreshToken = "refresh_token"; public const string StateToken = "state_token"; - public const string UserinfoToken = "userinfo_token"; + public const string UserInfoToken = "userinfo_token"; } } diff --git a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandler.cs b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandler.cs index b55a07dda..1e0df7e7d 100644 --- a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandler.cs +++ b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandler.cs @@ -281,13 +281,13 @@ protected override async Task HandleAuthenticateAsync() }); } - if (!string.IsNullOrEmpty(context.UserinfoToken)) + if (!string.IsNullOrEmpty(context.UserInfoToken)) { tokens ??= new(capacity: 1); tokens.Add(new AuthenticationToken { - Name = Tokens.UserinfoToken, - Value = context.UserinfoToken + Name = Tokens.UserInfoToken, + Value = context.UserInfoToken }); } @@ -331,9 +331,9 @@ protected override async Task HandleAuthenticateAsync() properties.SetParameter(Properties.StateTokenPrincipal, context.StateTokenPrincipal); } - if (context.UserinfoTokenPrincipal is not null) + if (context.UserInfoTokenPrincipal is not null) { - properties.SetParameter(Properties.UserinfoTokenPrincipal, context.UserinfoTokenPrincipal); + properties.SetParameter(Properties.UserInfoTokenPrincipal, context.UserInfoTokenPrincipal); } return AuthenticateResult.Success(new AuthenticationTicket( diff --git a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.Session.cs b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.Session.cs index a91a9713b..a42b052f8 100644 --- a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.Session.cs +++ b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.Session.cs @@ -16,7 +16,7 @@ public static class Session { public static ImmutableArray DefaultHandlers { get; } = ImmutableArray.Create([ /* - * Session request processing: + * End session request processing: */ ProcessQueryRequest.Descriptor, @@ -41,16 +41,16 @@ public static class Session ]); /// - /// Contains the logic responsible for processing authorization requests using 302 redirects. + /// Contains the logic responsible for processing end session requests using 302 redirects. /// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core. /// - public sealed class ProcessQueryRequest : IOpenIddictClientHandler + public sealed class ProcessQueryRequest : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .UseSingletonHandler() .SetOrder(250_000) @@ -58,7 +58,7 @@ public sealed class ProcessQueryRequest : IOpenIddictClientHandler - public ValueTask HandleAsync(ApplyLogoutRequestContext context) + public ValueTask HandleAsync(ApplyEndSessionRequestContext context) { if (context is null) { diff --git a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreOptions.cs b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreOptions.cs index e4afdcd64..6c2738235 100644 --- a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreOptions.cs +++ b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreOptions.cs @@ -53,7 +53,7 @@ public sealed class OpenIddictClientAspNetCoreOptions : AuthenticationSchemeOpti /// /// Gets or sets a boolean indicating whether OpenIddict should allow the rest of the request processing pipeline - /// to be invoked when returning an error from the interactive authorization and logout endpoints. + /// to be invoked when returning an error from the interactive authorization and end session endpoints. /// When this option is enabled, special logic must be added to these actions to handle errors, that can be /// retrieved using . /// diff --git a/src/OpenIddict.Client.Owin/OpenIddictClientOwinBuilder.cs b/src/OpenIddict.Client.Owin/OpenIddictClientOwinBuilder.cs index b7dec7685..670b18c89 100644 --- a/src/OpenIddict.Client.Owin/OpenIddictClientOwinBuilder.cs +++ b/src/OpenIddict.Client.Owin/OpenIddictClientOwinBuilder.cs @@ -115,7 +115,7 @@ public OpenIddictClientOwinBuilder EnableRedirectionEndpointPassthrough() /// /// Enables error pass-through support, so that the rest of the request processing pipeline is - /// automatically invoked when returning an error from the interactive authorization and logout endpoints. + /// automatically invoked when returning an error from the interactive authorization and end session endpoints. /// When this option is enabled, special logic must be added to these actions to handle errors, that can be /// retrieved using . /// diff --git a/src/OpenIddict.Client.Owin/OpenIddictClientOwinConstants.cs b/src/OpenIddict.Client.Owin/OpenIddictClientOwinConstants.cs index ec06a6142..e9041dee2 100644 --- a/src/OpenIddict.Client.Owin/OpenIddictClientOwinConstants.cs +++ b/src/OpenIddict.Client.Owin/OpenIddictClientOwinConstants.cs @@ -42,7 +42,7 @@ public static class Properties public const string ResponseType = ".response_type"; public const string Scope = ".scope"; public const string StateTokenPrincipal = ".state_token_principal"; - public const string UserinfoTokenPrincipal = ".userinfo_token_principal"; + public const string UserInfoTokenPrincipal = ".userinfo_token_principal"; } public static class PropertyTypes @@ -64,6 +64,6 @@ public static class Tokens public const string FrontchannelIdentityToken = "frontchannel_id_token"; public const string RefreshToken = "refresh_token"; public const string StateToken = "state_token"; - public const string UserinfoToken = "userinfo_token"; + public const string UserInfoToken = "userinfo_token"; } } diff --git a/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandler.cs b/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandler.cs index fecb5fae7..b6c480d7b 100644 --- a/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandler.cs +++ b/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandler.cs @@ -235,9 +235,9 @@ public override async Task InvokeAsync() properties.Dictionary[Tokens.StateToken] = context.StateToken; } - if (!string.IsNullOrEmpty(context.UserinfoToken)) + if (!string.IsNullOrEmpty(context.UserInfoToken)) { - properties.Dictionary[Tokens.UserinfoToken] = context.UserinfoToken; + properties.Dictionary[Tokens.UserInfoToken] = context.UserInfoToken; } return new AuthenticationTicket(context.MergedPrincipal?.Identity as ClaimsIdentity, properties); diff --git a/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.Session.cs b/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.Session.cs index 67192920f..3b764f02e 100644 --- a/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.Session.cs +++ b/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.Session.cs @@ -15,7 +15,7 @@ public static class Session { public static ImmutableArray DefaultHandlers { get; } = ImmutableArray.Create([ /* - * Session request processing: + * End session request processing: */ ProcessQueryRequest.Descriptor, @@ -39,16 +39,16 @@ public static class Session ]); /// - /// Contains the logic responsible for processing authorization requests using 302 redirects. + /// Contains the logic responsible for processing end session requests using 302 redirects. /// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN. /// - public sealed class ProcessQueryRequest : IOpenIddictClientHandler + public sealed class ProcessQueryRequest : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .UseSingletonHandler() .SetOrder(250_000) @@ -56,7 +56,7 @@ public sealed class ProcessQueryRequest : IOpenIddictClientHandler - public ValueTask HandleAsync(ApplyLogoutRequestContext context) + public ValueTask HandleAsync(ApplyEndSessionRequestContext context) { if (context is null) { diff --git a/src/OpenIddict.Client.Owin/OpenIddictClientOwinOptions.cs b/src/OpenIddict.Client.Owin/OpenIddictClientOwinOptions.cs index d1375e617..9b7adaeab 100644 --- a/src/OpenIddict.Client.Owin/OpenIddictClientOwinOptions.cs +++ b/src/OpenIddict.Client.Owin/OpenIddictClientOwinOptions.cs @@ -60,7 +60,7 @@ public OpenIddictClientOwinOptions() /// /// Gets or sets a boolean indicating whether OpenIddict should allow the rest of the request processing pipeline - /// to be invoked when returning an error from the interactive authorization and logout endpoints. + /// to be invoked when returning an error from the interactive authorization and end session endpoints. /// When this option is enabled, special logic must be added to these actions to handle errors, that can be /// retrieved using . /// diff --git a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationConstants.cs b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationConstants.cs index e8006726f..20c7208db 100644 --- a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationConstants.cs +++ b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationConstants.cs @@ -28,6 +28,6 @@ public static class Tokens public const string FrontchannelIdentityToken = "frontchannel_id_token"; public const string RefreshToken = "refresh_token"; public const string StateToken = "state_token"; - public const string UserinfoToken = "userinfo_token"; + public const string UserInfoToken = "userinfo_token"; } } diff --git a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.Session.cs b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.Session.cs index cef46795c..3b978e655 100644 --- a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.Session.cs +++ b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.Session.cs @@ -45,7 +45,7 @@ public static class Session { public static ImmutableArray DefaultHandlers { get; } = ImmutableArray.Create([ /* - * Logout request processing: + * End session request processing: */ StartASWebAuthenticationSession.Descriptor, LaunchCustomTabsIntent.Descriptor, @@ -70,10 +70,10 @@ public static class Session ]); /// - /// Contains the logic responsible for initiating logout requests using an AS web authentication session. + /// Contains the logic responsible for initiating end session requests using an AS web authentication session. /// Note: this handler is not used when the user session is not interactive. /// - public class StartASWebAuthenticationSession : IOpenIddictClientHandler + public class StartASWebAuthenticationSession : IOpenIddictClientHandler { private readonly OpenIddictClientSystemIntegrationService _service; @@ -84,7 +84,7 @@ public StartASWebAuthenticationSession(OpenIddictClientSystemIntegrationService /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .AddFilter() .UseSingletonHandler() @@ -97,7 +97,7 @@ public StartASWebAuthenticationSession(OpenIddictClientSystemIntegrationService [SupportedOSPlatform("maccatalyst13.1")] [SupportedOSPlatform("macos10.15")] #pragma warning disable CS1998 - public async ValueTask HandleAsync(ApplyLogoutRequestContext context) + public async ValueTask HandleAsync(ApplyEndSessionRequestContext context) #pragma warning restore CS1998 { if (context is null) @@ -122,7 +122,7 @@ public async ValueTask HandleAsync(ApplyLogoutRequestContext context) var source = new TaskCompletionSource( TaskCreationOptions.RunContinuationsAsynchronously); - // OpenIddict represents the complete interactive logout dance as a two-phase process: + // OpenIddict represents the complete interactive end session dance as a two-phase process: // - The sign-out, during which the user is redirected to the authorization server, either // by launching the system browser or, as in this case, using a web-view-like approach. // @@ -313,16 +313,16 @@ NativeWindow IASWebAuthenticationPresentationContextProviding.GetPresentationAnc } /// - /// Contains the logic responsible for initiating logout requests using a custom tabs intent. + /// Contains the logic responsible for initiating end session requests using a custom tabs intent. /// Note: this handler is not used when the user session is not interactive. /// - public class LaunchCustomTabsIntent : IOpenIddictClientHandler + public class LaunchCustomTabsIntent : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .AddFilter() .UseSingletonHandler() @@ -333,7 +333,7 @@ public class LaunchCustomTabsIntent : IOpenIddictClientHandler [SupportedOSPlatform("android21.0")] #pragma warning disable CS1998 - public async ValueTask HandleAsync(ApplyLogoutRequestContext context) + public async ValueTask HandleAsync(ApplyEndSessionRequestContext context) #pragma warning restore CS1998 { if (context is null) @@ -381,10 +381,10 @@ public async ValueTask HandleAsync(ApplyLogoutRequestContext context) } /// - /// Contains the logic responsible for initiating logout requests using the web authentication broker. + /// Contains the logic responsible for initiating end session requests using the web authentication broker. /// Note: this handler is not used when the user session is not interactive. /// - public class InvokeWebAuthenticationBroker : IOpenIddictClientHandler + public class InvokeWebAuthenticationBroker : IOpenIddictClientHandler { private readonly OpenIddictClientSystemIntegrationService _service; @@ -395,7 +395,7 @@ public InvokeWebAuthenticationBroker(OpenIddictClientSystemIntegrationService se /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .AddFilter() .UseSingletonHandler() @@ -406,7 +406,7 @@ public InvokeWebAuthenticationBroker(OpenIddictClientSystemIntegrationService se /// [SupportedOSPlatform("windows10.0.17763")] #pragma warning disable CS1998 - public async ValueTask HandleAsync(ApplyLogoutRequestContext context) + public async ValueTask HandleAsync(ApplyEndSessionRequestContext context) #pragma warning restore CS1998 { if (context is null) @@ -435,7 +435,7 @@ public async ValueTask HandleAsync(ApplyLogoutRequestContext context) throw new PlatformNotSupportedException(SR.GetResourceString(SR.ID0392)); } - // OpenIddict represents the complete interactive logout dance as a two-phase process: + // OpenIddict represents the complete interactive end session dance as a two-phase process: // - The sign-out, during which the user is redirected to the authorization server, either // by launching the system browser or, as in this case, using a web-view-like approach. // @@ -546,16 +546,16 @@ when Uri.TryCreate(result.ResponseData, UriKind.Absolute, out Uri? uri): } /// - /// Contains the logic responsible for initiating logout requests using the system browser. + /// Contains the logic responsible for initiating end session requests using the system browser. /// Note: this handler is not used when the user session is not interactive. /// - public class LaunchSystemBrowser : IOpenIddictClientHandler + public class LaunchSystemBrowser : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .AddFilter() .UseSingletonHandler() @@ -564,7 +564,7 @@ public class LaunchSystemBrowser : IOpenIddictClientHandler - public async ValueTask HandleAsync(ApplyLogoutRequestContext context) + public async ValueTask HandleAsync(ApplyEndSessionRequestContext context) { if (context is null) { diff --git a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.cs b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.cs index 290b5aede..9e5222ffc 100644 --- a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.cs +++ b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.cs @@ -60,7 +60,7 @@ public static partial class OpenIddictClientSystemIntegrationHandlers RestoreBackchannelIdentityTokenPrincipalFromMarshalledAuthentication.Descriptor, RestoreBackchannelAccessTokenPrincipalFromMarshalledAuthentication.Descriptor, RestoreRefreshTokenPrincipalFromMarshalledAuthentication.Descriptor, - RestoreUserinfoDetailsFromMarshalledAuthentication.Descriptor, + RestoreUserInfoDetailsFromMarshalledAuthentication.Descriptor, RestoreMergedPrincipalFromMarshalledAuthentication.Descriptor, CompleteAuthenticationOperation.Descriptor, @@ -1506,11 +1506,11 @@ OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, o /// Contains the logic responsible for restoring the userinfo details /// from the marshalled authentication context, if applicable. /// - public sealed class RestoreUserinfoDetailsFromMarshalledAuthentication : IOpenIddictClientHandler + public sealed class RestoreUserInfoDetailsFromMarshalledAuthentication : IOpenIddictClientHandler { private readonly OpenIddictClientSystemIntegrationMarshal _marshal; - public RestoreUserinfoDetailsFromMarshalledAuthentication(OpenIddictClientSystemIntegrationMarshal marshal) + public RestoreUserInfoDetailsFromMarshalledAuthentication(OpenIddictClientSystemIntegrationMarshal marshal) => _marshal = marshal ?? throw new ArgumentNullException(nameof(marshal)); /// @@ -1519,8 +1519,8 @@ public RestoreUserinfoDetailsFromMarshalledAuthentication(OpenIddictClientSystem public static OpenIddictClientHandlerDescriptor Descriptor { get; } = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateUserinfoTokenSubject.Descriptor.Order + 500) + .UseSingletonHandler() + .SetOrder(ValidateUserInfoTokenSubject.Descriptor.Order + 500) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); @@ -1534,14 +1534,14 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) Debug.Assert(!string.IsNullOrEmpty(context.Nonce), SR.GetResourceString(SR.ID4019)); - (context.UserinfoResponse, context.UserinfoTokenPrincipal, context.UserinfoToken) = context.EndpointType switch + (context.UserInfoResponse, context.UserInfoTokenPrincipal, context.UserInfoToken) = context.EndpointType switch { // When the authentication context is marshalled, restore the userinfo details from the other instance. OpenIddictClientEndpointType.Unknown when _marshal.TryGetResult(context.Nonce, out var notification) - => (notification.UserinfoResponse, notification.UserinfoTokenPrincipal, notification.UserinfoToken), + => (notification.UserInfoResponse, notification.UserInfoTokenPrincipal, notification.UserInfoToken), // Otherwise, don't alter the current context. - _ => (context.UserinfoResponse, context.UserinfoTokenPrincipal, context.UserinfoToken) + _ => (context.UserInfoResponse, context.UserInfoTokenPrincipal, context.UserInfoToken) }; return default; diff --git a/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.Discovery.cs b/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.Discovery.cs index b301d43f1..e41a321bf 100644 --- a/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.Discovery.cs +++ b/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.Discovery.cs @@ -38,24 +38,24 @@ public static class Discovery /* * Cryptography request processing: */ - CreateHttpClient.Descriptor, - PrepareGetHttpRequest.Descriptor, - AttachHttpVersion.Descriptor, - AttachJsonAcceptHeaders.Descriptor, - AttachUserAgentHeader.Descriptor, - AttachFromHeader.Descriptor, - AttachHttpParameters.Descriptor, - SendHttpRequest.Descriptor, - DisposeHttpRequest.Descriptor, + CreateHttpClient.Descriptor, + PrepareGetHttpRequest.Descriptor, + AttachHttpVersion.Descriptor, + AttachJsonAcceptHeaders.Descriptor, + AttachUserAgentHeader.Descriptor, + AttachFromHeader.Descriptor, + AttachHttpParameters.Descriptor, + SendHttpRequest.Descriptor, + DisposeHttpRequest.Descriptor, /* * Configuration response processing: */ - DecompressResponseContent.Descriptor, - ExtractJsonHttpResponse.Descriptor, - ExtractWwwAuthenticateHeader.Descriptor, - ValidateHttpResponse.Descriptor, - DisposeHttpResponse.Descriptor + DecompressResponseContent.Descriptor, + ExtractJsonHttpResponse.Descriptor, + ExtractWwwAuthenticateHeader.Descriptor, + ValidateHttpResponse.Descriptor, + DisposeHttpResponse.Descriptor ]); } } diff --git a/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.Userinfo.cs b/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.Userinfo.cs index b328a7774..b841a0859 100644 --- a/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.Userinfo.cs +++ b/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.Userinfo.cs @@ -14,52 +14,52 @@ namespace OpenIddict.Client.SystemNetHttp; public static partial class OpenIddictClientSystemNetHttpHandlers { - public static class Userinfo + public static class UserInfo { public static ImmutableArray DefaultHandlers { get; } = ImmutableArray.Create([ /* - * Userinfo request processing: + * UserInfo request processing: */ - CreateHttpClient.Descriptor, - PrepareGetHttpRequest.Descriptor, - AttachHttpVersion.Descriptor, - AttachJsonAcceptHeaders.Descriptor, - AttachUserAgentHeader.Descriptor, - AttachFromHeader.Descriptor, + CreateHttpClient.Descriptor, + PrepareGetHttpRequest.Descriptor, + AttachHttpVersion.Descriptor, + AttachJsonAcceptHeaders.Descriptor, + AttachUserAgentHeader.Descriptor, + AttachFromHeader.Descriptor, AttachBearerAccessToken.Descriptor, - AttachHttpParameters.Descriptor, - SendHttpRequest.Descriptor, - DisposeHttpRequest.Descriptor, + AttachHttpParameters.Descriptor, + SendHttpRequest.Descriptor, + DisposeHttpRequest.Descriptor, /* - * Userinfo response processing: + * UserInfo response processing: */ - DecompressResponseContent.Descriptor, - ExtractUserinfoTokenHttpResponse.Descriptor, - ExtractJsonHttpResponse.Descriptor, - ExtractWwwAuthenticateHeader.Descriptor, - ValidateHttpResponse.Descriptor, - DisposeHttpResponse.Descriptor + DecompressResponseContent.Descriptor, + ExtractUserInfoTokenHttpResponse.Descriptor, + ExtractJsonHttpResponse.Descriptor, + ExtractWwwAuthenticateHeader.Descriptor, + ValidateHttpResponse.Descriptor, + DisposeHttpResponse.Descriptor ]); /// /// Contains the logic responsible for attaching the access token to the HTTP Authorization header. /// - public sealed class AttachBearerAccessToken : IOpenIddictClientHandler + public sealed class AttachBearerAccessToken : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .UseSingletonHandler() - .SetOrder(AttachHttpParameters.Descriptor.Order - 500) + .SetOrder(AttachHttpParameters.Descriptor.Order - 500) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); /// - public ValueTask HandleAsync(PrepareUserinfoRequestContext context) + public ValueTask HandleAsync(PrepareUserInfoRequestContext context) { if (context is null) { @@ -86,21 +86,21 @@ public ValueTask HandleAsync(PrepareUserinfoRequestContext context) /// /// Contains the logic responsible for extracting the response from the userinfo response. /// - public sealed class ExtractUserinfoTokenHttpResponse : IOpenIddictClientHandler + public sealed class ExtractUserInfoTokenHttpResponse : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() - .UseSingletonHandler() - .SetOrder(ExtractJsonHttpResponse.Descriptor.Order - 500) + .UseSingletonHandler() + .SetOrder(ExtractJsonHttpResponse.Descriptor.Order - 500) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); /// - public async ValueTask HandleAsync(ExtractUserinfoResponseContext context) + public async ValueTask HandleAsync(ExtractUserInfoResponseContext context) { if (context is null) { @@ -108,7 +108,7 @@ public async ValueTask HandleAsync(ExtractUserinfoResponseContext context) } // Don't overwrite the response if one was already provided. - if (context.Response is not null || !string.IsNullOrEmpty(context.UserinfoToken)) + if (context.Response is not null || !string.IsNullOrEmpty(context.UserInfoToken)) { return; } @@ -132,7 +132,7 @@ public async ValueTask HandleAsync(ExtractUserinfoResponseContext context) MediaTypes.JsonWebToken, StringComparison.OrdinalIgnoreCase)) { context.Response = new OpenIddictResponse(); - context.UserinfoToken = await response.Content.ReadAsStringAsync(); + context.UserInfoToken = await response.Content.ReadAsStringAsync(); return; } diff --git a/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.cs b/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.cs index 8e6a3d7ae..a6e8e5bb0 100644 --- a/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.cs +++ b/src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.cs @@ -28,7 +28,7 @@ public static partial class OpenIddictClientSystemNetHttpHandlers .. Exchange.DefaultHandlers, .. Introspection.DefaultHandlers, .. Revocation.DefaultHandlers, - .. Userinfo.DefaultHandlers + .. UserInfo.DefaultHandlers ]); /// diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Device.cs b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Device.cs index c74166b81..9a700d084 100644 --- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Device.cs +++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Device.cs @@ -73,9 +73,9 @@ public ValueTask HandleAsync(ExtractDeviceAuthorizationResponseContext context) if (!string.IsNullOrEmpty(context.Response.UserCode) && Uri.TryCreate((string?) context.Response["verification_url"], UriKind.Absolute, out Uri? uri)) { - // Note: the user verification URI returned by Huawei points to an endpoint that always returns + // Note: the end-user verification URI returned by Huawei points to an endpoint that always returns // a JSON error when it is accessed without the "user_code" parameter attached. To ensure the - // user verification URI returned by the OpenIddict client service to the caller can be used + // end-user verification URI returned by the OpenIddict client service to the caller can be used // as-is, both parameters are replaced to always include the user code in the query string. context.Response[Parameters.VerificationUri] = context.Response[Parameters.VerificationUriComplete] = OpenIddictHelpers.AddQueryStringParameter( diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs index 58d5c6bd3..041ed1011 100644 --- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs +++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs @@ -414,10 +414,10 @@ public ValueTask HandleAsync(HandleConfigurationResponseContext context) // limitation, the userinfo endpoint is replaced by the generic /me endpoint URI. if (context.Registration.ProviderType is ProviderTypes.Atlassian) { - context.Configuration.UserinfoEndpoint = new Uri("https://api.atlassian.com/me", UriKind.Absolute); + context.Configuration.UserInfoEndpoint = new Uri("https://api.atlassian.com/me", UriKind.Absolute); } - // While Auth0 exposes an OpenID Connect-compliant logout endpoint, its address is not returned + // While Auth0 exposes an OpenID Connect-compliant end session endpoint, its address is not returned // as part of the configuration document. To ensure RP-initiated logout is supported with Auth0, // "end_session_endpoint" is manually computed using the issuer URI and added to the configuration. else if (context.Registration.ProviderType is ProviderTypes.Auth0) @@ -439,7 +439,7 @@ public ValueTask HandleAsync(HandleConfigurationResponseContext context) // in its configuration document. To work around that, the endpoint URI is manually added here. else if (context.Registration.ProviderType is ProviderTypes.OrangeFrance) { - context.Configuration.UserinfoEndpoint ??= + context.Configuration.UserInfoEndpoint ??= new Uri("https://api.orange.com/openidconnect/fr/v1/userinfo", UriKind.Absolute); } @@ -458,7 +458,7 @@ public ValueTask HandleAsync(HandleConfigurationResponseContext context) new Uri("https://api-m.sandbox.paypal.com/v1/oauth2/revoke", UriKind.Absolute); context.Configuration.TokenEndpoint = new Uri("https://api-m.sandbox.paypal.com/v1/oauth2/token", UriKind.Absolute); - context.Configuration.UserinfoEndpoint = + context.Configuration.UserInfoEndpoint = new Uri("https://api-m.sandbox.paypal.com/v1/oauth2/token/userinfo", UriKind.Absolute); } diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs index ddc67116c..2457a3a82 100644 --- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs +++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs @@ -12,18 +12,18 @@ using static OpenIddict.Client.SystemNetHttp.OpenIddictClientSystemNetHttpConstants; using static OpenIddict.Client.SystemNetHttp.OpenIddictClientSystemNetHttpHandlerFilters; using static OpenIddict.Client.SystemNetHttp.OpenIddictClientSystemNetHttpHandlers; -using static OpenIddict.Client.SystemNetHttp.OpenIddictClientSystemNetHttpHandlers.Userinfo; +using static OpenIddict.Client.SystemNetHttp.OpenIddictClientSystemNetHttpHandlers.UserInfo; using static OpenIddict.Client.WebIntegration.OpenIddictClientWebIntegrationConstants; namespace OpenIddict.Client.WebIntegration; public static partial class OpenIddictClientWebIntegrationHandlers { - public static class Userinfo + public static class UserInfo { public static ImmutableArray DefaultHandlers { get; } = ImmutableArray.Create([ /* - * Userinfo request preparation: + * UserInfo request preparation: */ OverrideHttpMethod.Descriptor, AttachRequestHeaders.Descriptor, @@ -32,31 +32,31 @@ public static class Userinfo AttachNonStandardRequestPayload.Descriptor, /* - * Userinfo response extraction: + * UserInfo response extraction: */ NormalizeContentType.Descriptor, - UnwrapUserinfoResponse.Descriptor, + UnwrapUserInfoResponse.Descriptor, MapNonStandardResponseParameters.Descriptor, ]); /// /// Contains the logic responsible for overriding the HTTP method for the providers that require it. /// - public sealed class OverrideHttpMethod : IOpenIddictClientHandler + public sealed class OverrideHttpMethod : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .UseSingletonHandler() - .SetOrder(PreparePostHttpRequest.Descriptor.Order + 250) + .SetOrder(PreparePostHttpRequest.Descriptor.Order + 250) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); /// - public ValueTask HandleAsync(PrepareUserinfoRequestContext context) + public ValueTask HandleAsync(PrepareUserInfoRequestContext context) { if (context is null) { @@ -89,21 +89,21 @@ public ValueTask HandleAsync(PrepareUserinfoRequestContext context) /// Contains the logic responsible for attaching additional /// headers to the request for the providers that require it. /// - public sealed class AttachRequestHeaders : IOpenIddictClientHandler + public sealed class AttachRequestHeaders : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .UseSingletonHandler() - .SetOrder(AttachUserAgentHeader.Descriptor.Order + 250) + .SetOrder(AttachUserAgentHeader.Descriptor.Order + 250) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); /// - public ValueTask HandleAsync(PrepareUserinfoRequestContext context) + public ValueTask HandleAsync(PrepareUserInfoRequestContext context) { if (context is null) { @@ -144,13 +144,13 @@ public ValueTask HandleAsync(PrepareUserinfoRequestContext context) /// Contains the logic responsible for attaching the access token /// parameter to the request for the providers that require it. /// - public sealed class AttachAccessTokenParameter : IOpenIddictClientHandler + public sealed class AttachAccessTokenParameter : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .UseSingletonHandler() .SetOrder(AttachBearerAccessToken.Descriptor.Order + 250) @@ -158,7 +158,7 @@ public sealed class AttachAccessTokenParameter : IOpenIddictClientHandler - public ValueTask HandleAsync(PrepareUserinfoRequestContext context) + public ValueTask HandleAsync(PrepareUserInfoRequestContext context) { if (context is null) { @@ -209,20 +209,20 @@ public ValueTask HandleAsync(PrepareUserinfoRequestContext context) /// Contains the logic responsible for attaching non-standard /// parameters to the request for the providers that require it. /// - public sealed class AttachNonStandardParameters : IOpenIddictClientHandler + public sealed class AttachNonStandardParameters : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .UseSingletonHandler() - .SetOrder(AttachHttpParameters.Descriptor.Order - 250) + .SetOrder(AttachHttpParameters.Descriptor.Order - 250) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); /// - public ValueTask HandleAsync(PrepareUserinfoRequestContext context) + public ValueTask HandleAsync(PrepareUserInfoRequestContext context) { if (context is null) { @@ -243,21 +243,21 @@ public ValueTask HandleAsync(PrepareUserinfoRequestContext context) /// /// Contains the logic responsible for attaching a non-standard payload for the providers that require it. /// - public sealed class AttachNonStandardRequestPayload : IOpenIddictClientHandler + public sealed class AttachNonStandardRequestPayload : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .UseSingletonHandler() - .SetOrder(AttachHttpParameters.Descriptor.Order + 500) + .SetOrder(AttachHttpParameters.Descriptor.Order + 500) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); /// - public ValueTask HandleAsync(PrepareUserinfoRequestContext context) + public ValueTask HandleAsync(PrepareUserInfoRequestContext context) { if (context is null) { @@ -292,21 +292,21 @@ ProviderTypes.Meetup or ProviderTypes.SubscribeStar /// Contains the logic responsible for normalizing the returned content /// type of userinfo responses for the providers that require it. /// - public sealed class NormalizeContentType : IOpenIddictClientHandler + public sealed class NormalizeContentType : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() .UseSingletonHandler() - .SetOrder(ExtractUserinfoTokenHttpResponse.Descriptor.Order - 250) + .SetOrder(ExtractUserInfoTokenHttpResponse.Descriptor.Order - 250) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); /// - public ValueTask HandleAsync(ExtractUserinfoResponseContext context) + public ValueTask HandleAsync(ExtractUserInfoResponseContext context) { if (context is null) { @@ -358,20 +358,20 @@ ProviderTypes.Wikimedia when string.Equals( /// Contains the logic responsible for extracting the userinfo response /// from nested JSON nodes (e.g "data") for the providers that require it. /// - public sealed class UnwrapUserinfoResponse : IOpenIddictClientHandler + public sealed class UnwrapUserInfoResponse : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() - .UseSingletonHandler() + = OpenIddictClientHandlerDescriptor.CreateBuilder() + .UseSingletonHandler() .SetOrder(int.MaxValue - 50_000) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); /// - public ValueTask HandleAsync(ExtractUserinfoResponseContext context) + public ValueTask HandleAsync(ExtractUserInfoResponseContext context) { if (context is null) { @@ -458,20 +458,20 @@ ProviderTypes.Patreon or ProviderTypes.Pipedrive or ProviderTypes.Twitter /// Contains the logic responsible for mapping non-standard response parameters /// to their standard equivalent for the providers that require it. /// - public sealed class MapNonStandardResponseParameters : IOpenIddictClientHandler + public sealed class MapNonStandardResponseParameters : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } - = OpenIddictClientHandlerDescriptor.CreateBuilder() + = OpenIddictClientHandlerDescriptor.CreateBuilder() .UseSingletonHandler() - .SetOrder(UnwrapUserinfoResponse.Descriptor.Order + 1_000) + .SetOrder(UnwrapUserInfoResponse.Descriptor.Order + 1_000) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); /// - public ValueTask HandleAsync(ExtractUserinfoResponseContext context) + public ValueTask HandleAsync(ExtractUserInfoResponseContext context) { if (context is null) { diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs index 592705c6e..e306ac55c 100644 --- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs +++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs @@ -32,11 +32,11 @@ public static partial class OpenIddictClientWebIntegrationHandlers AdjustRedirectUriInTokenRequest.Descriptor, OverrideValidatedBackchannelTokens.Descriptor, DisableBackchannelIdentityTokenNonceValidation.Descriptor, - OverrideUserinfoEndpoint.Descriptor, - DisableUserinfoRetrieval.Descriptor, - DisableUserinfoValidation.Descriptor, - AttachAdditionalUserinfoRequestParameters.Descriptor, - PopulateUserinfoTokenPrincipalFromTokenResponse.Descriptor, + OverrideUserInfoEndpoint.Descriptor, + DisableUserInfoRetrieval.Descriptor, + DisableUserInfoValidation.Descriptor, + AttachAdditionalUserInfoRequestParameters.Descriptor, + PopulateUserInfoTokenPrincipalFromTokenResponse.Descriptor, MapCustomWebServicesFederationClaims.Descriptor, /* @@ -61,7 +61,7 @@ public static partial class OpenIddictClientWebIntegrationHandlers .. Exchange.DefaultHandlers, .. Protection.DefaultHandlers, .. Revocation.DefaultHandlers, - .. Userinfo.DefaultHandlers + .. UserInfo.DefaultHandlers ]); /// @@ -797,15 +797,15 @@ ProviderTypes.LinkedIn or ProviderTypes.QuickBooksOnline or /// Contains the logic responsible for overriding the address /// of the userinfo endpoint for the providers that require it. /// - public sealed class OverrideUserinfoEndpoint : IOpenIddictClientHandler + public sealed class OverrideUserInfoEndpoint : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } = OpenIddictClientHandlerDescriptor.CreateBuilder() - .UseSingletonHandler() - .SetOrder(ResolveUserinfoEndpoint.Descriptor.Order + 500) + .UseSingletonHandler() + .SetOrder(ResolveUserInfoEndpoint.Descriptor.Order + 500) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); @@ -817,7 +817,7 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) throw new ArgumentNullException(nameof(context)); } - context.UserinfoEndpoint = context.Registration.ProviderType switch + context.UserInfoEndpoint = context.Registration.ProviderType switch { // Dailymotion's userinfo endpoint requires sending the user identifier in the URI path. ProviderTypes.Dailymotion when (string?) context.TokenResponse?["uid"] is string identifier @@ -872,7 +872,7 @@ ProviderTypes.Zoho when context.GrantType is GrantTypes.RefreshToken _ => new Uri("https://accounts.zoho.com/oauth/user/info", UriKind.Absolute) }, - _ => context.UserinfoEndpoint + _ => context.UserInfoEndpoint }; return default; @@ -882,15 +882,15 @@ ProviderTypes.Zoho when context.GrantType is GrantTypes.RefreshToken /// /// Contains the logic responsible for disabling the userinfo retrieval for the providers that require it. /// - public sealed class DisableUserinfoRetrieval : IOpenIddictClientHandler + public sealed class DisableUserInfoRetrieval : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } = OpenIddictClientHandlerDescriptor.CreateBuilder() - .UseSingletonHandler() - .SetOrder(EvaluateUserinfoRequest.Descriptor.Order + 250) + .UseSingletonHandler() + .SetOrder(EvaluateUserInfoRequest.Descriptor.Order + 250) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); @@ -902,7 +902,7 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) throw new ArgumentNullException(nameof(context)); } - context.SendUserinfoRequest = context.Registration.ProviderType switch + context.SendUserInfoRequest = context.Registration.ProviderType switch { // Note: ADFS has severe restrictions affecting the ability to access the userinfo endpoint // (e.g the "resource" parameter MUST be null or the "urn:microsoft:userinfo" value MUST be @@ -930,7 +930,7 @@ GrantTypes.DeviceCode or GrantTypes.RefreshToken when context.Scopes.Any(static scope => scope.StartsWith("XboxLive.", StringComparison.OrdinalIgnoreCase)) => false, - _ => context.SendUserinfoRequest + _ => context.SendUserInfoRequest }, // Note: some providers don't allow querying the userinfo endpoint when the "openid" scope @@ -945,10 +945,10 @@ GrantTypes.AuthorizationCode or GrantTypes.Implicit when GrantTypes.DeviceCode or GrantTypes.RefreshToken when !context.Scopes.Contains(Scopes.OpenId) => false, - _ => context.SendUserinfoRequest + _ => context.SendUserInfoRequest }, - _ => context.SendUserinfoRequest + _ => context.SendUserInfoRequest }; return default; @@ -958,15 +958,15 @@ GrantTypes.AuthorizationCode or GrantTypes.Implicit when /// /// Contains the logic responsible for disabling the userinfo validation for the providers that require it. /// - public sealed class DisableUserinfoValidation : IOpenIddictClientHandler + public sealed class DisableUserInfoValidation : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } = OpenIddictClientHandlerDescriptor.CreateBuilder() - .UseSingletonHandler() - .SetOrder(DisableUserinfoRetrieval.Descriptor.Order + 250) + .UseSingletonHandler() + .SetOrder(DisableUserInfoRetrieval.Descriptor.Order + 250) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); @@ -983,12 +983,12 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) // // To ensure OpenIddict can be used with these providers, validation is disabled when necessary. - context.DisableUserinfoValidation = context.Registration.ProviderType switch + context.DisableUserInfoValidation = context.Registration.ProviderType switch { // SuperOffice doesn't offer a standard OpenID Connect userinfo endpoint. ProviderTypes.SuperOffice => true, - _ => context.DisableUserinfoValidation + _ => context.DisableUserInfoValidation }; return default; @@ -999,16 +999,16 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) /// Contains the logic responsible for attaching additional parameters /// to the userinfo request for the providers that require it. /// - public sealed class AttachAdditionalUserinfoRequestParameters : IOpenIddictClientHandler + public sealed class AttachAdditionalUserInfoRequestParameters : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. /// public static OpenIddictClientHandlerDescriptor Descriptor { get; } = OpenIddictClientHandlerDescriptor.CreateBuilder() - .AddFilter() - .UseSingletonHandler() - .SetOrder(AttachUserinfoRequestParameters.Descriptor.Order + 500) + .AddFilter() + .UseSingletonHandler() + .SetOrder(AttachUserInfoRequestParameters.Descriptor.Order + 500) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); @@ -1020,7 +1020,7 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) throw new ArgumentNullException(nameof(context)); } - Debug.Assert(context.UserinfoRequest is not null, SR.GetResourceString(SR.ID4008)); + Debug.Assert(context.UserInfoRequest is not null, SR.GetResourceString(SR.ID4008)); // Dailymotion limits the number of fields returned by the userinfo endpoint // but allows returning additional information using special parameters that @@ -1029,14 +1029,14 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) { var settings = context.Registration.GetDailymotionSettings(); - context.UserinfoRequest["fields"] = string.Join(",", settings.UserFields); + context.UserInfoRequest["fields"] = string.Join(",", settings.UserFields); } // Disqus requires sending the client identifier (called "public // API key" in the documentation) as part of the userinfo request. else if (context.Registration.ProviderType is ProviderTypes.Disqus) { - context.UserinfoRequest["api_key"] = context.Registration.ClientId; + context.UserInfoRequest["api_key"] = context.Registration.ClientId; } // Facebook limits the number of fields returned by the userinfo endpoint @@ -1046,7 +1046,7 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) { var settings = context.Registration.GetFacebookSettings(); - context.UserinfoRequest["fields"] = string.Join(",", settings.Fields); + context.UserInfoRequest["fields"] = string.Join(",", settings.Fields); } // Meetup's userinfo endpoint is a GraphQL implementation that requires @@ -1055,7 +1055,7 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) { var settings = context.Registration.GetMeetupSettings(); - context.UserinfoRequest["query"] = $"query {{ self {{ {string.Join(" ", settings.UserFields)} }} }}"; + context.UserInfoRequest["query"] = $"query {{ self {{ {string.Join(" ", settings.UserFields)} }} }}"; } // Patreon limits the number of fields returned by the userinfo endpoint @@ -1065,7 +1065,7 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) { var settings = context.Registration.GetPatreonSettings(); - context.UserinfoRequest["fields[user]"] = string.Join(",", settings.UserFields); + context.UserInfoRequest["fields[user]"] = string.Join(",", settings.UserFields); } // StackOverflow requires sending an application key and a site parameter @@ -1074,8 +1074,8 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) { var settings = context.Registration.GetStackExchangeSettings(); - context.UserinfoRequest["key"] = settings.ApplicationKey; - context.UserinfoRequest["site"] = settings.Site; + context.UserInfoRequest["key"] = settings.ApplicationKey; + context.UserInfoRequest["site"] = settings.Site; } // SubscribeStar's userinfo endpoint is a GraphQL implementation that requires @@ -1084,20 +1084,20 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) { var settings = context.Registration.GetSubscribeStarSettings(); - context.UserinfoRequest["query"] = $"{{ user {{ {string.Join(", ", settings.UserFields)} }} }}"; + context.UserInfoRequest["query"] = $"{{ user {{ {string.Join(", ", settings.UserFields)} }} }}"; } // Todoist requires sending "sync_token" and "resource_types" parameters. else if (context.Registration.ProviderType is ProviderTypes.Todoist) { - context.UserinfoRequest["sync_token"] = "*"; - context.UserinfoRequest["resource_types"] = "[\"user\"]"; + context.UserInfoRequest["sync_token"] = "*"; + context.UserInfoRequest["resource_types"] = "[\"user\"]"; } // Trakt allows retrieving additional user details via the "extended" parameter. else if (context.Registration.ProviderType is ProviderTypes.Trakt) { - context.UserinfoRequest["extended"] = "full"; + context.UserInfoRequest["extended"] = "full"; } // Twitter limits the number of fields returned by the userinfo endpoint @@ -1107,15 +1107,15 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) { var settings = context.Registration.GetTwitterSettings(); - context.UserinfoRequest["expansions"] = string.Join(",", settings.Expansions); - context.UserinfoRequest["tweet.fields"] = string.Join(",", settings.TweetFields); - context.UserinfoRequest["user.fields"] = string.Join(",", settings.UserFields); + context.UserInfoRequest["expansions"] = string.Join(",", settings.Expansions); + context.UserInfoRequest["tweet.fields"] = string.Join(",", settings.TweetFields); + context.UserInfoRequest["user.fields"] = string.Join(",", settings.UserFields); } // Weibo requires sending the user identifier as part of the userinfo request. else if (context.Registration.ProviderType is ProviderTypes.Weibo) { - context.UserinfoRequest["uid"] = context.TokenResponse?["uid"]; + context.UserInfoRequest["uid"] = context.TokenResponse?["uid"]; } return default; @@ -1126,7 +1126,7 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) /// Contains the logic responsible for creating a userinfo token principal from the custom /// parameters returned in the token response for the providers that require it. /// - public sealed class PopulateUserinfoTokenPrincipalFromTokenResponse : IOpenIddictClientHandler + public sealed class PopulateUserInfoTokenPrincipalFromTokenResponse : IOpenIddictClientHandler { /// /// Gets the default descriptor definition assigned to this handler. @@ -1134,8 +1134,8 @@ public sealed class PopulateUserinfoTokenPrincipalFromTokenResponse : IOpenIddic public static OpenIddictClientHandlerDescriptor Descriptor { get; } = OpenIddictClientHandlerDescriptor.CreateBuilder() .AddFilter() - .UseSingletonHandler() - .SetOrder(ValidateUserinfoToken.Descriptor.Order + 500) + .UseSingletonHandler() + .SetOrder(ValidateUserInfoToken.Descriptor.Order + 500) .SetType(OpenIddictClientHandlerType.BuiltIn) .Build(); @@ -1151,7 +1151,7 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) Debug.Assert(context.TokenResponse is not null, SR.GetResourceString(SR.ID4007)); // Don't overwrite the userinfo token principal if one was already set. - if (context.UserinfoTokenPrincipal is not null) + if (context.UserInfoTokenPrincipal is not null) { return default; } @@ -1216,7 +1216,7 @@ where string.Equals(parameter.Key, "livemode", StringComparison.OrdinalIgnoreCas } } - context.UserinfoTokenPrincipal = new ClaimsPrincipal(identity); + context.UserInfoTokenPrincipal = new ClaimsPrincipal(identity); return default; } @@ -1266,30 +1266,30 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context) context.MergedPrincipal.SetClaim(ClaimTypes.Email, issuer: issuer, value: context.Registration.ProviderType switch { // Basecamp returns the email address as a custom "email_address" node: - ProviderTypes.Basecamp => (string?) context.UserinfoResponse?["email_address"], + ProviderTypes.Basecamp => (string?) context.UserInfoResponse?["email_address"], // Bitly returns one or more email addresses as a custom "emails" node: - ProviderTypes.Bitly => context.UserinfoResponse?["emails"] + ProviderTypes.Bitly => context.UserInfoResponse?["emails"] ?.GetUnnamedParameters() ?.Where(parameter => (bool?) parameter["is_primary"] is true) ?.Select(parameter => (string?) parameter["email"]) ?.FirstOrDefault(), // HubSpot returns the email address as a custom "user" node: - ProviderTypes.HubSpot => (string?) context.UserinfoResponse?["user"], + ProviderTypes.HubSpot => (string?) context.UserInfoResponse?["user"], // Mailchimp returns the email address as a custom "login/login_email" node: - ProviderTypes.Mailchimp => (string?) context.UserinfoResponse?["login"]?["login_email"], + ProviderTypes.Mailchimp => (string?) context.UserInfoResponse?["login"]?["login_email"], // Notion returns the email address as a custom "bot/owner/user/person/email" node // but requires a special capability to access this node, that may not be present: - ProviderTypes.Notion => (string?) context.UserinfoResponse?["bot"]?["owner"]?["user"]?["person"]?["email"], + ProviderTypes.Notion => (string?) context.UserInfoResponse?["bot"]?["owner"]?["user"]?["person"]?["email"], // Patreon returns the email address as a custom "attributes/email" node: - ProviderTypes.Patreon => (string?) context.UserinfoResponse?["attributes"]?["email"], + ProviderTypes.Patreon => (string?) context.UserInfoResponse?["attributes"]?["email"], // ServiceChannel and Zoho return the email address as a custom "Email" node: - ProviderTypes.ServiceChannel or ProviderTypes.Zoho => (string?) context.UserinfoResponse?["Email"], + ProviderTypes.ServiceChannel or ProviderTypes.Zoho => (string?) context.UserInfoResponse?["Email"], // Shopify returns the email address as a custom "associated_user/email" node in token responses: ProviderTypes.Shopify => (string?) context.TokenResponse?["associated_user"]?["email"], @@ -1304,42 +1304,42 @@ ProviderTypes.ArcGisOnline or ProviderTypes.Dailymotion or ProviderTypes.Deviant ProviderTypes.Discord or ProviderTypes.Disqus or ProviderTypes.Kook or ProviderTypes.Lichess or ProviderTypes.Mastodon or ProviderTypes.Mixcloud or ProviderTypes.Trakt or ProviderTypes.WordPress - => (string?) context.UserinfoResponse?["username"], + => (string?) context.UserInfoResponse?["username"], // Basecamp and Harvest don't return a username so one is created using the "first_name" and "last_name" nodes: ProviderTypes.Basecamp or ProviderTypes.Harvest - when context.UserinfoResponse?.HasParameter("first_name") is true && - context.UserinfoResponse?.HasParameter("last_name") is true - => $"{(string?) context.UserinfoResponse?["first_name"]} {(string?) context.UserinfoResponse?["last_name"]}", + when context.UserInfoResponse?.HasParameter("first_name") is true && + context.UserInfoResponse?.HasParameter("last_name") is true + => $"{(string?) context.UserInfoResponse?["first_name"]} {(string?) context.UserInfoResponse?["last_name"]}", // FitBit returns the username as a custom "displayName" node: - ProviderTypes.Fitbit => (string?) context.UserinfoResponse?["displayName"], + ProviderTypes.Fitbit => (string?) context.UserInfoResponse?["displayName"], // Huawei returns the username as a custom "display_name" in the backchannel identity token: ProviderTypes.Huawei => context.BackchannelIdentityTokenPrincipal?.GetClaim("display_name"), // HubSpot returns the username as a custom "user" node: - ProviderTypes.HubSpot => (string?) context.UserinfoResponse?["user"], + ProviderTypes.HubSpot => (string?) context.UserInfoResponse?["user"], // Mailchimp returns the username as a custom "accountname" node: - ProviderTypes.Mailchimp => (string?) context.UserinfoResponse?["accountname"], + ProviderTypes.Mailchimp => (string?) context.UserInfoResponse?["accountname"], // Mailchimp returns the username as a custom "sub" node: - ProviderTypes.MusicBrainz => (string?) context.UserinfoResponse?["sub"], + ProviderTypes.MusicBrainz => (string?) context.UserInfoResponse?["sub"], // Nextcloud returns the username as a custom "displayname" or "display-name" node: - ProviderTypes.Nextcloud => (string?) context.UserinfoResponse?["displayname"] ?? - (string?) context.UserinfoResponse?["display-name"], + ProviderTypes.Nextcloud => (string?) context.UserInfoResponse?["displayname"] ?? + (string?) context.UserInfoResponse?["display-name"], // Notion returns the username as a custom "bot/owner/user/name" node but // requires a special capability to access this node, that may not be present: - ProviderTypes.Notion => (string?) context.UserinfoResponse?["bot"]?["owner"]?["user"]?["name"], + ProviderTypes.Notion => (string?) context.UserInfoResponse?["bot"]?["owner"]?["user"]?["name"], // Patreon doesn't return a username and requires using the complete user name as the username: - ProviderTypes.Patreon => (string?) context.UserinfoResponse?["attributes"]?["full_name"], + ProviderTypes.Patreon => (string?) context.UserInfoResponse?["attributes"]?["full_name"], // ServiceChannel returns the username as a custom "UserName" node: - ProviderTypes.ServiceChannel => (string?) context.UserinfoResponse?["UserName"], + ProviderTypes.ServiceChannel => (string?) context.UserInfoResponse?["UserName"], // Shopify doesn't return a username so one is created using the "first_name" and "last_name" nodes: ProviderTypes.Shopify @@ -1349,31 +1349,31 @@ when context.TokenResponse?["associated_user"]?["first_name"] is not null && // Smartsheet doesn't return a username so one is created using the "firstName" and "lastName" nodes: ProviderTypes.Smartsheet - when context.UserinfoResponse?.HasParameter("firstName") is true && - context.UserinfoResponse?.HasParameter("lastName") is true - => $"{(string?) context.UserinfoResponse?["firstName"]} {(string?) context.UserinfoResponse?["lastName"]}", + when context.UserInfoResponse?.HasParameter("firstName") is true && + context.UserInfoResponse?.HasParameter("lastName") is true + => $"{(string?) context.UserInfoResponse?["firstName"]} {(string?) context.UserInfoResponse?["lastName"]}", // These providers return the username as a custom "display_name" node: ProviderTypes.Spotify or ProviderTypes.StackExchange or ProviderTypes.Zoom - => (string?) context.UserinfoResponse?["display_name"], + => (string?) context.UserInfoResponse?["display_name"], // Strava returns the username as a custom "athlete/username" node in token responses: ProviderTypes.Strava => (string?) context.TokenResponse?["athlete"]?["username"], // Streamlabs returns the username as a custom "streamlabs/display_name" node: - ProviderTypes.Streamlabs => (string?) context.UserinfoResponse?["streamlabs"]?["display_name"], + ProviderTypes.Streamlabs => (string?) context.UserInfoResponse?["streamlabs"]?["display_name"], // Todoist returns the username as a custom "full_name" node: - ProviderTypes.Todoist => (string?) context.UserinfoResponse?["full_name"], + ProviderTypes.Todoist => (string?) context.UserInfoResponse?["full_name"], // Trovo returns the username as a custom "userName" node: - ProviderTypes.Trovo => (string?) context.UserinfoResponse?["userName"], + ProviderTypes.Trovo => (string?) context.UserInfoResponse?["userName"], // Typeform returns the username as a custom "alias" node: - ProviderTypes.Typeform => (string?) context.UserinfoResponse?["alias"], + ProviderTypes.Typeform => (string?) context.UserInfoResponse?["alias"], // Zoho returns the username as a custom "Display_Name" node: - ProviderTypes.Zoho => (string?) context.UserinfoResponse?["Display_Name"], + ProviderTypes.Zoho => (string?) context.UserInfoResponse?["Display_Name"], _ => context.MergedPrincipal.GetClaim(ClaimTypes.Name) }); @@ -1383,14 +1383,14 @@ ProviderTypes.Spotify or ProviderTypes.StackExchange or ProviderTypes.Zoom // These providers return the user identifier as a custom "user_id" node: ProviderTypes.Amazon or ProviderTypes.HubSpot or ProviderTypes.StackExchange or ProviderTypes.Typeform - => (string?) context.UserinfoResponse?["user_id"], + => (string?) context.UserInfoResponse?["user_id"], // ArcGIS and Trakt don't return a user identifier and require using the username as the identifier: ProviderTypes.ArcGisOnline or ProviderTypes.Trakt - => (string?) context.UserinfoResponse?["username"], + => (string?) context.UserInfoResponse?["username"], // Atlassian returns the user identifier as a custom "account_id" node: - ProviderTypes.Atlassian => (string?) context.UserinfoResponse?["account_id"], + ProviderTypes.Atlassian => (string?) context.UserInfoResponse?["account_id"], // These providers return the user identifier as a custom "id" node: ProviderTypes.Airtable or ProviderTypes.Basecamp or ProviderTypes.Box or @@ -1402,38 +1402,38 @@ ProviderTypes.Meetup or ProviderTypes.Nextcloud or ProviderTypes.Patreo ProviderTypes.Pipedrive or ProviderTypes.Reddit or ProviderTypes.Smartsheet or ProviderTypes.Spotify or ProviderTypes.SubscribeStar or ProviderTypes.Todoist or ProviderTypes.Twitter or ProviderTypes.Weibo or ProviderTypes.Zoom - => (string?) context.UserinfoResponse?["id"], + => (string?) context.UserInfoResponse?["id"], // Bitbucket returns the user identifier as a custom "uuid" node: - ProviderTypes.Bitbucket => (string?) context.UserinfoResponse?["uuid"], + ProviderTypes.Bitbucket => (string?) context.UserInfoResponse?["uuid"], // Bitly returns the user identifier as a custom "login" node: - ProviderTypes.Bitly => (string?) context.UserinfoResponse?["login"], + ProviderTypes.Bitly => (string?) context.UserInfoResponse?["login"], // Calendly returns the user identifier (formatted as a URI) as a custom "uri" node: - ProviderTypes.Calendly => (string?) context.UserinfoResponse?["uri"], + ProviderTypes.Calendly => (string?) context.UserInfoResponse?["uri"], // DeviantArt returns the user identifier as a custom "userid" node: - ProviderTypes.DeviantArt => (string?) context.UserinfoResponse?["userid"], + ProviderTypes.DeviantArt => (string?) context.UserInfoResponse?["userid"], // Fitbit returns the user identifier as a custom "encodedId" node: - ProviderTypes.Fitbit => (string?) context.UserinfoResponse?["encodedId"], + ProviderTypes.Fitbit => (string?) context.UserInfoResponse?["encodedId"], // Mailchimp returns the user identifier as a custom "login/login_id" node: - ProviderTypes.Mailchimp => (string?) context.UserinfoResponse?["login"]?["login_id"], + ProviderTypes.Mailchimp => (string?) context.UserInfoResponse?["login"]?["login_id"], // Mixcloud returns the user identifier as a custom "key" node: - ProviderTypes.Mixcloud => (string?) context.UserinfoResponse?["key"], + ProviderTypes.Mixcloud => (string?) context.UserInfoResponse?["key"], // MusicBrainz returns the user identifier as a custom "metabrainz_user_id" node: - ProviderTypes.MusicBrainz => (string?) context.UserinfoResponse?["metabrainz_user_id"], + ProviderTypes.MusicBrainz => (string?) context.UserInfoResponse?["metabrainz_user_id"], // Notion returns the user identifier as a custom "bot/owner/user/id" node but // requires a special capability to access this node, that may not be present: - ProviderTypes.Notion => (string?) context.UserinfoResponse?["bot"]?["owner"]?["user"]?["id"], + ProviderTypes.Notion => (string?) context.UserInfoResponse?["bot"]?["owner"]?["user"]?["id"], // ServiceChannel returns the user identifier as a custom "UserId" node: - ProviderTypes.ServiceChannel => (string?) context.UserinfoResponse?["UserId"], + ProviderTypes.ServiceChannel => (string?) context.UserInfoResponse?["UserId"], // Shopify returns the user identifier as a custom "associated_user/id" node in token responses: ProviderTypes.Shopify => (string?) context.TokenResponse?["associated_user"]?["id"], @@ -1445,23 +1445,23 @@ ProviderTypes.Twitter or ProviderTypes.Weibo or ProviderTypes.Zoom ProviderTypes.StripeConnect => (string?) context.TokenResponse?["stripe_user_id"], // Streamlabs returns the user identifier as a custom "streamlabs/id" node: - ProviderTypes.Streamlabs => (string?) context.UserinfoResponse?["streamlabs"]?["id"], + ProviderTypes.Streamlabs => (string?) context.UserInfoResponse?["streamlabs"]?["id"], // Trovo returns the user identifier as a custom "userId" node: - ProviderTypes.Trovo => (string?) context.UserinfoResponse?["userId"], + ProviderTypes.Trovo => (string?) context.UserInfoResponse?["userId"], // Tumblr doesn't return a user identifier and requires using the username as the identifier: - ProviderTypes.Tumblr => (string?) context.UserinfoResponse?["name"], + ProviderTypes.Tumblr => (string?) context.UserInfoResponse?["name"], // Vimeo returns the user identifier as a custom "uri" node, prefixed with "/users/": - ProviderTypes.Vimeo => (string?) context.UserinfoResponse?["uri"] is string uri && + ProviderTypes.Vimeo => (string?) context.UserInfoResponse?["uri"] is string uri && uri.StartsWith("/users/", StringComparison.Ordinal) ? uri["/users/".Length..] : null, // WordPress returns the user identifier as a custom "ID" node: - ProviderTypes.WordPress => (string?) context.UserinfoResponse?["ID"], + ProviderTypes.WordPress => (string?) context.UserInfoResponse?["ID"], // WordPress returns the user identifier as a custom "ZUID" node: - ProviderTypes.Zoho => (string?) context.UserinfoResponse?["ZUID"], + ProviderTypes.Zoho => (string?) context.UserInfoResponse?["ZUID"], _ => context.MergedPrincipal.GetClaim(ClaimTypes.NameIdentifier) }); diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml index 2678093c5..42f5a1ca9 100644 --- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml +++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml @@ -57,7 +57,7 @@ + UserInfoEndpoint="https://api.airtable.com/v0/meta/whoami"> @@ -88,7 +88,7 @@ + UserInfoEndpoint="https://api.amazon.com/user/profile"> @@ -144,7 +144,7 @@ + UserInfoEndpoint="https://www.arcgis.com/sharing/rest/community/self"> @@ -248,7 +248,7 @@ + UserInfoEndpoint="https://launchpad.37signals.com/authorization.json"> @@ -288,7 +288,7 @@ + UserInfoEndpoint="https://api.bitbucket.org/2.0/user"> @@ -308,7 +308,7 @@ + UserInfoEndpoint="https://api-ssl.bitly.com/v4/user"> @@ -328,7 +328,7 @@ + UserInfoEndpoint="https://api.box.com/2.0/users/me"> @@ -350,7 +350,7 @@ IntrospectionEndpoint="https://auth.calendly.com/oauth/introspect" RevocationEndpoint="https://auth.calendly.com/oauth/revoke" TokenEndpoint="https://auth.calendly.com/oauth/token" - UserinfoEndpoint="https://api.calendly.com/users/me"> + UserInfoEndpoint="https://api.calendly.com/users/me"> @@ -479,7 +479,7 @@ + UserInfoEndpoint="https://api.deezer.com/user/me" /> @@ -497,7 +497,7 @@ + UserInfoEndpoint="https://www.deviantart.com/api/v1/oauth2/user/whoami"> @@ -519,7 +519,7 @@ + UserInfoEndpoint="https://discord.com/api/oauth2/@me"> @@ -546,7 +546,7 @@ + UserInfoEndpoint="https://disqus.com/api/3.0/users/details.json"> @@ -612,7 +612,7 @@ + UserInfoEndpoint="{CreateAbsoluteUri(settings.Issuer, 'api/v1/current/Me')}"> @@ -635,7 +635,7 @@ + UserInfoEndpoint="https://graph.facebook.com/v16.0/me"> @@ -676,7 +676,7 @@ + UserInfoEndpoint="https://api.fitbit.com/1/user/-/profile.json"> @@ -704,7 +704,7 @@ + UserInfoEndpoint="https://gitee.com/api/v5/user"> @@ -732,7 +732,7 @@ + UserInfoEndpoint="https://api.github.com/user"> @@ -781,7 +781,7 @@ + UserInfoEndpoint="https://id.getharvest.com/api/v2/accounts"> @@ -892,7 +892,7 @@ + UserInfoEndpoint="https://www.kookapp.cn/api/v3/user/me" />