Rename the device, cryptography, logout and verification endpoints and the associated events/event handlers

gen/OpenIddict.Client.WebIntegration.Generators/OpenIddictClientWebIntegrationGenerator.cs

@@ -1037,8 +1037,8 @@ public static partial void ConfigureProvider(OpenIddictClientRegistration regist
                     TokenEndpoint = new Uri($""{{ environment.configuration.token_endpoint | string.replace '\'' '""' }}"", UriKind.Absolute),
                     {{~ end ~}}
 
-                    {{~ if environment.configuration.userinfo_endpoint ~}}
-                    UserinfoEndpoint = new Uri($""{{ environment.configuration.userinfo_endpoint | string.replace '\'' '""' }}"", UriKind.Absolute),
+                    {{~ if environment.configuration.user_info_endpoint ~}}
+                    UserInfoEndpoint = new Uri($""{{ environment.configuration.user_info_endpoint | string.replace '\'' '""' }}"", UriKind.Absolute),
                     {{~ end ~}}
 
                     CodeChallengeMethodsSupported =
@@ -1157,7 +1157,7 @@ public static partial void ConfigureProvider(OpenIddictClientRegistration regist
                                     IntrospectionEndpoint = (string?) configuration.Attribute("IntrospectionEndpoint"),
                                     RevocationEndpoint = (string?) configuration.Attribute("RevocationEndpoint"),
                                     TokenEndpoint = (string?) configuration.Attribute("TokenEndpoint"),
-                                    UserinfoEndpoint = (string?) configuration.Attribute("UserinfoEndpoint"),
+                                    UserInfoEndpoint = (string?) configuration.Attribute("UserInfoEndpoint"),
 
                                     CodeChallengeMethodsSupported = configuration.Elements("CodeChallengeMethod").ToList() switch
                                     {

sandbox/OpenIddict.Sandbox.AspNet.Client/Controllers/AuthenticationController.cs

@@ -96,7 +96,7 @@ public async Task<ActionResult> LogOut(string returnUrl)
         context.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
 
         // Extract the client registration identifier and retrieve the associated server configuration.
-        // If the provider is known to support remote sign-out, ask OpenIddict to initiate a logout request.
+        // If the provider is known to support remote sign-out, ask OpenIddict to initiate a end session request.
         if (identity.FindFirst(Claims.Private.RegistrationId)?.Value is string identifier &&
             await _service.GetServerConfigurationByRegistrationIdAsync(identifier) is { EndSessionEndpoint: Uri })
         {

sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/AuthorizationController.cs

@@ -309,8 +309,8 @@ public ActionResult Deny()
         return new EmptyResult();
     }
 
-    [HttpGet, Route("~/connect/logout")]
-    public ActionResult Logout() => View(new AuthorizeViewModel
+    [HttpGet, Route("~/connect/endsession")]
+    public ActionResult EndSession() => View(new AuthorizeViewModel
     {
         // Flow the request parameters so they can be received by the Accept/Reject actions.
         Parameters = string.Equals(Request.HttpMethod, "POST", StringComparison.OrdinalIgnoreCase) ?
@@ -322,8 +322,8 @@ from value in Request.QueryString.GetValues(name)
             select new KeyValuePair<string, string>(name, value)
     });
 
-    [ActionName(nameof(Logout)), HttpPost, Route("~/connect/logout"), ValidateAntiForgeryToken]
-    public ActionResult LogoutPost()
+    [ActionName(nameof(EndSession)), HttpPost, Route("~/connect/endsession"), ValidateAntiForgeryToken]
+    public ActionResult EndSessionPost()
     {
         var context = HttpContext.GetOwinContext();
         context.Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

sandbox/OpenIddict.Sandbox.AspNet.Server/Startup.cs

@@ -86,24 +86,22 @@ public void Configuration(IAppBuilder app)
             // Register the OpenIddict server components.
             .AddServer(options =>
             {
-                // Enable the authorization, device, introspection,
-                // logout, token, userinfo and verification endpoints.
+                // Enable the flows that will be used by the client applications.
                 options.SetAuthorizationEndpointUris("connect/authorize")
-                       .SetDeviceEndpointUris("connect/device")
+                       .SetDeviceAuthorizationEndpointUris("connect/device")
+                       .SetEndSessionEndpointUris("connect/endsession")
+                       .SetEndUserVerificationEndpointUris("connect/verify")
                        .SetIntrospectionEndpointUris("connect/introspect")
-                       .SetLogoutEndpointUris("connect/logout")
                        .SetTokenEndpointUris("connect/token")
-                       .SetUserinfoEndpointUris("connect/userinfo")
-                       .SetVerificationEndpointUris("connect/verify");
+                       .SetUserInfoEndpointUris("connect/userinfo");
 
-                // Note: this sample uses the code, device code, password and refresh token flows, but you
-                // can enable the other flows if you need to support implicit or client credentials.
+                // Enable the flows that will be used by the client applications.
                 options.AllowAuthorizationCodeFlow()
-                       .AllowDeviceCodeFlow()
+                       .AllowDeviceAuthorizationFlow()
                        .AllowPasswordFlow()
                        .AllowRefreshTokenFlow();
 
-                // Mark the "email", "profile", "roles" and "demo_api" scopes as supported scopes.
+                // Register the public scopes that will be exposed by the configuration endpoint.
                 options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles, "demo_api");
 
                 // Register the signing and encryption credentials.
@@ -116,7 +114,7 @@ public void Configuration(IAppBuilder app)
                 // Register the OWIN host and configure the OWIN-specific options.
                 options.UseOwin()
                        .EnableAuthorizationEndpointPassthrough()
-                       .EnableLogoutEndpointPassthrough()
+                       .EnableEndSessionEndpointPassthrough()
                        .EnableTokenEndpointPassthrough();
             })
 
@@ -221,7 +219,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor
                     Permissions =
                     {
                         Permissions.Endpoints.Authorization,
-                        Permissions.Endpoints.Logout,
+                        Permissions.Endpoints.EndSession,
                         Permissions.Endpoints.Token,
                         Permissions.GrantTypes.AuthorizationCode,
                         Permissions.GrantTypes.RefreshToken,
@@ -254,7 +252,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor
                     Permissions =
                     {
                         Permissions.Endpoints.Authorization,
-                        Permissions.Endpoints.Device,
+                        Permissions.Endpoints.DeviceAuthorization,
                         Permissions.Endpoints.Token,
                         Permissions.GrantTypes.AuthorizationCode,
                         Permissions.GrantTypes.DeviceCode,

sandbox/OpenIddict.Sandbox.AspNet.Server/Views/Authorization/Logout.cshtml → sandbox/OpenIddict.Sandbox.AspNet.Server/Views/Authorization/EndSession.cshtml

@@ -8,7 +8,7 @@
     {
         @Html.AntiForgeryToken()
 
-        @* Flow the request parameters so they can be received by the LogoutPost action: *@
+        @* Flow the request parameters so they can be received by the EndSessionPost action: *@
         foreach (var parameter in Model.Parameters)
         {
             <input type="hidden" name="@parameter.Key" value="@parameter.Value" />

sandbox/OpenIddict.Sandbox.AspNetCore.Client/Controllers/AuthenticationController.cs

@@ -92,7 +92,7 @@ public async Task<ActionResult> LogOut(string returnUrl)
         await HttpContext.SignOutAsync();
 
         // Extract the client registration identifier and retrieve the associated server configuration.
-        // If the provider is known to support remote sign-out, ask OpenIddict to initiate a logout request.
+        // If the provider is known to support remote sign-out, ask OpenIddict to initiate a end session request.
         if (identity.FindFirst(Claims.Private.RegistrationId)?.Value is string identifier &&
             await _service.GetServerConfigurationByRegistrationIdAsync(identifier) is { EndSessionEndpoint: Uri })
         {

sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs

@@ -312,7 +312,7 @@ public async Task<IActionResult> Accept()
     #endregion
 
     #region Device flow
-    // Note: to support the device flow, you must provide your own verification endpoint action:
+    // Note: to support the device authorization flow, you must provide your own verification endpoint action:
     [Authorize, HttpGet("~/connect/verify"), IgnoreAntiforgeryToken]
     public async Task<IActionResult> Verify()
     {
@@ -411,15 +411,15 @@ public IActionResult VerifyDeny() => Forbid(
         });
     #endregion
 
-    #region Logout support for interactive flows like code and implicit
-    // Note: the logout action is only useful when implementing interactive
+    #region End session support for interactive flows like code and implicit
+    // Note: the end session action is only useful when implementing interactive
     // flows like the authorization code flow or the implicit flow.
 
-    [HttpGet("~/connect/logout")]
-    public IActionResult Logout() => View();
+    [HttpGet("~/connect/endsession")]
+    public IActionResult EndSession() => View();
 
-    [ActionName(nameof(Logout)), HttpPost("~/connect/logout"), ValidateAntiForgeryToken]
-    public async Task<IActionResult> LogoutPost()
+    [ActionName(nameof(EndSession)), HttpPost("~/connect/endsession"), ValidateAntiForgeryToken]
+    public async Task<IActionResult> EndSessionPost()
     {
         // Ask ASP.NET Core Identity to delete the local and external cookies created
         // when the user agent is redirected from the external identity provider

sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/UserinfoController.cs

@@ -9,17 +9,17 @@
 
 namespace OpenIddict.Sandbox.AspNetCore.Server.Controllers;
 
-public class UserinfoController : Controller
+public class UserInfoController : Controller
 {
     private readonly UserManager<ApplicationUser> _userManager;
 
-    public UserinfoController(UserManager<ApplicationUser> userManager)
+    public UserInfoController(UserManager<ApplicationUser> userManager)
         => _userManager = userManager;
 
     [Authorize(AuthenticationSchemes = OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)]
     [HttpGet("~/connect/userinfo"), HttpPost("~/connect/userinfo")]
     [IgnoreAntiforgeryToken, Produces("application/json")]
-    public async Task<IActionResult> Userinfo()
+    public async Task<IActionResult> UserInfo()
     {
         var user = await _userManager.FindByIdAsync(User.GetClaim(Claims.Subject));
         if (user is null)

sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs

@@ -100,28 +100,26 @@ public void ConfigureServices(IServiceCollection services)
             // Register the OpenIddict server components.
             .AddServer(options =>
             {
-                // Enable the authorization, device, introspection, logout,
-                // token, revocation, userinfo and verification endpoints.
+                // Enable the endpoints that will be used by the client applications.
                 options.SetAuthorizationEndpointUris("connect/authorize")
-                       .SetDeviceEndpointUris("connect/device")
+                       .SetDeviceAuthorizationEndpointUris("connect/device")
+                       .SetEndSessionEndpointUris("connect/endsession")
+                       .SetEndUserVerificationEndpointUris("connect/verify")
                        .SetIntrospectionEndpointUris("connect/introspect")
-                       .SetLogoutEndpointUris("connect/logout")
                        .SetRevocationEndpointUris("connect/revoke")
                        .SetTokenEndpointUris("connect/token")
-                       .SetUserinfoEndpointUris("connect/userinfo")
-                       .SetVerificationEndpointUris("connect/verify");
+                       .SetUserInfoEndpointUris("connect/userinfo");
 
-                // Note: this sample enables all the supported flows but
-                // you can restrict the list of enabled flows if necessary.
+                // Enable the flows that will be used by the client applications.
                 options.AllowAuthorizationCodeFlow()
-                       .AllowDeviceCodeFlow()
+                       .AllowDeviceAuthorizationFlow()
                        .AllowHybridFlow()
                        .AllowImplicitFlow()
                        .AllowNoneFlow()
                        .AllowPasswordFlow()
                        .AllowRefreshTokenFlow();
 
-                // Mark the "email", "profile", "roles" and "demo_api" scopes as supported scopes.
+                // Register the public scopes that will be exposed by the configuration endpoint.
                 options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles, "demo_api");
 
                 // Register the signing and encryption credentials.
@@ -135,10 +133,10 @@ public void ConfigureServices(IServiceCollection services)
                 options.UseAspNetCore()
                        .EnableStatusCodePagesIntegration()
                        .EnableAuthorizationEndpointPassthrough()
-                       .EnableLogoutEndpointPassthrough()
+                       .EnableEndSessionEndpointPassthrough()
+                       .EnableEndUserVerificationEndpointPassthrough()
                        .EnableTokenEndpointPassthrough()
-                       .EnableUserinfoEndpointPassthrough()
-                       .EnableVerificationEndpointPassthrough();
+                       .EnableUserInfoEndpointPassthrough();
 
                 // Note: if you don't want to specify a client_id when sending
                 // a token or revocation request, uncomment the following line:

sandbox/OpenIddict.Sandbox.AspNetCore.Server/Views/Authorization/Logout.cshtml → sandbox/OpenIddict.Sandbox.AspNetCore.Server/Views/Authorization/EndSession.cshtml

@@ -4,8 +4,8 @@
     <h1>Log out</h1>
     <p class="lead text-left">Are you sure you want to sign out?</p>
 
-    <form asp-controller="Authorization" asp-action="Logout" method="post">
-        @* Flow the request parameters so they can be received by the LogoutPost action: *@
+    <form asp-controller="Authorization" asp-action="EndSession" method="post">
+        @* Flow the request parameters so they can be received by the EndSessionPost action: *@
         @foreach (var parameter in Context.Request.HasFormContentType ?
            (IEnumerable<KeyValuePair<string, StringValues>>) Context.Request.Form : Context.Request.Query)
         {

sandbox/OpenIddict.Sandbox.AspNetCore.Server/Worker.cs

@@ -74,9 +74,9 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor
                     Permissions =
                     {
                         Permissions.Endpoints.Authorization,
-                        Permissions.Endpoints.Device,
+                        Permissions.Endpoints.DeviceAuthorization,
                         Permissions.Endpoints.Introspection,
-                        Permissions.Endpoints.Logout,
+                        Permissions.Endpoints.EndSession,
                         Permissions.Endpoints.Revocation,
                         Permissions.Endpoints.Token,
                         Permissions.GrantTypes.AuthorizationCode,
@@ -127,7 +127,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor
                     Permissions =
                     {
                         Permissions.Endpoints.Authorization,
-                        Permissions.Endpoints.Logout,
+                        Permissions.Endpoints.EndSession,
                         Permissions.Endpoints.Token,
                         Permissions.GrantTypes.AuthorizationCode,
                         Permissions.GrantTypes.RefreshToken,
@@ -188,7 +188,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor
                     Permissions =
                     {
                         Permissions.Endpoints.Authorization,
-                        Permissions.Endpoints.Logout,
+                        Permissions.Endpoints.EndSession,
                         Permissions.Endpoints.Token,
                         Permissions.GrantTypes.AuthorizationCode,
                         Permissions.GrantTypes.RefreshToken,
@@ -229,7 +229,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor
                     Permissions =
                     {
                         Permissions.Endpoints.Authorization,
-                        Permissions.Endpoints.Logout,
+                        Permissions.Endpoints.EndSession,
                         Permissions.Endpoints.Token,
                         Permissions.GrantTypes.AuthorizationCode,
                         Permissions.GrantTypes.RefreshToken,
@@ -270,7 +270,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor
                     Permissions =
                     {
                         Permissions.Endpoints.Authorization,
-                        Permissions.Endpoints.Logout,
+                        Permissions.Endpoints.EndSession,
                         Permissions.Endpoints.Token,
                         Permissions.GrantTypes.AuthorizationCode,
                         Permissions.GrantTypes.RefreshToken,
@@ -329,7 +329,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor
                     Permissions =
                     {
                         Permissions.Endpoints.Authorization,
-                        Permissions.Endpoints.Device,
+                        Permissions.Endpoints.DeviceAuthorization,
                         Permissions.Endpoints.Token,
                         Permissions.GrantTypes.AuthorizationCode,
                         Permissions.GrantTypes.DeviceCode,

sandbox/OpenIddict.Sandbox.Console.Client/Program.cs

@@ -40,7 +40,7 @@
                 // you can restrict the list of enabled flows if necessary.
                 options.AllowAuthorizationCodeFlow()
                        .AllowClientCredentialsFlow()
-                       .AllowDeviceCodeFlow()
+                       .AllowDeviceAuthorizationFlow()
                        .AllowHybridFlow()
                        .AllowImplicitFlow()
                        .AllowNoneFlow()

sandbox/OpenIddict.Sandbox.Maui.Client/MainPage.xaml.cs

@@ -108,7 +108,7 @@ private async Task LogOutAsync(string provider, Dictionary<string, OpenIddictPar
                 // Ask OpenIddict to initiate the logout flow (typically, by starting the system browser).
                 var result = await _service.SignOutInteractivelyAsync(new()
                 {
-                    AdditionalLogoutRequestParameters = parameters,
+                    AdditionalEndSessionRequestParameters = parameters,
                     CancellationToken = source.Token,
                     ProviderName = provider
                 });

sandbox/OpenIddict.Sandbox.WinForms.Client/MainForm.cs

@@ -152,7 +152,7 @@ private async Task LogOutAsync(string provider, Dictionary<string, OpenIddictPar
                 // Ask OpenIddict to initiate the logout flow (typically, by starting the system browser).
                 var result = await _service.SignOutInteractivelyAsync(new()
                 {
-                    AdditionalLogoutRequestParameters = parameters,
+                    AdditionalEndSessionRequestParameters = parameters,
                     CancellationToken = source.Token,
                     ProviderName = provider
                 });

sandbox/OpenIddict.Sandbox.Wpf.Client/MainWindow.xaml.cs

@@ -113,7 +113,7 @@ private async Task LogOutAsync(string provider, Dictionary<string, OpenIddictPar
                 // Ask OpenIddict to initiate the logout flow (typically, by starting the system browser).
                 var result = await _service.SignOutInteractivelyAsync(new()
                 {
-                    AdditionalLogoutRequestParameters = parameters,
+                    AdditionalEndSessionRequestParameters = parameters,
                     CancellationToken = source.Token,
                     ProviderName = provider
                 });

src/OpenIddict.Abstractions/Managers/IOpenIddictApplicationManager.cs

@@ -502,7 +502,7 @@ IAsyncEnumerable<TResult> ListAsync<TState, TResult>(
     /// <param name="application">The application.</param>
     /// <param name="uri">The URI that should be compared to one of the post_logout_redirect_uri stored in the database.</param>
     /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
-    /// <remarks>Note: if no client_id parameter is specified in logout requests, this method may not be called.</remarks>
+    /// <remarks>Note: if no client_id parameter is specified in end session requests, this method may not be called.</remarks>
     /// <returns>
     /// A <see cref="ValueTask"/> that can be used to monitor the asynchronous operation,
     /// whose result returns a boolean indicating whether the post_logout_redirect_uri was valid.