apply changes from main

Author: Erwinvandervalk

access-token-management/samples/WebClientAssertions/Controllers/HomeController.cs

@@ -2,9 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 
 using System.Text.Json;
-using Duende.AccessTokenManagement;
 using Duende.AccessTokenManagement.OpenIdConnect;
-using Duende.IdentityModel.Client;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

access-token-management/src/AccessTokenManagement.OpenIdConnect/Internal/ConfigureOpenIdConnectOptions.cs

@@ -22,11 +22,17 @@ internal class ConfigureOpenIdConnectOptions(
     IHttpContextAccessor httpContextAccessor,
     IOptions<UserTokenManagementOptions> userAccessTokenManagementOptions,
     IAuthenticationSchemeProvider schemeProvider,
-    IClientAssertionService clientAssertionService,
+    IServiceProvider serviceProvider,
     ILoggerFactory loggerFactory) : IConfigureNamedOptions<OpenIdConnectOptions>
 {
+
     private readonly Scheme _configScheme = GetConfigScheme(userAccessTokenManagementOptions.Value, schemeProvider);
 
+    // Normally, we'd resolve this directly from DI in the constructor. However
+    // This would cause a circular dependency since the IClientAssertionService may depend on the OIDC configuration,
+    // which is what we're configuring here.
+    private IClientAssertionService ClientAssertionService => serviceProvider.GetRequiredService<IClientAssertionService>();
+
     private ClientCredentialsClientName ClientName => _configScheme.ToClientName();
 
     private static Scheme GetConfigScheme(UserTokenManagementOptions options, IAuthenticationSchemeProvider schemeProvider)
@@ -120,7 +126,7 @@ async Task Callback(AuthorizationCodeReceivedContext context)
             }
 
             // Automatically send client assertion during code exchange if a service is registered
-            var assertion = await clientAssertionService
+            var assertion = await ClientAssertionService
                 .GetClientAssertionAsync(ClientName, ct: context.HttpContext.RequestAborted)
                 .ConfigureAwait(false);
 
@@ -164,7 +170,7 @@ async Task Callback(PushedAuthorizationContext context)
             await inner.Invoke(context);
 
             // --- Client assertion ---
-            var assertion = await clientAssertionService
+            var assertion = await ClientAssertionService
                 .GetClientAssertionAsync(ClientName, ct: context.HttpContext.RequestAborted)
                 .ConfigureAwait(false);
 

access-token-management/test/AccessTokenManagement.Tests/ClientTokenManagementTests.cs

@@ -16,6 +16,7 @@ namespace Duende.AccessTokenManagement;
 
 public class ClientTokenManagementTests
 {
+    private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
     private readonly ServiceCollection _services = [];
     private readonly MockHttpMessageHandler _mockHttp = new();
 

access-token-management/test/AccessTokenManagement.Tests/PARWithClientAssertionsTests.cs

@@ -1,5 +1,6 @@
 // Copyright (c) Duende Software. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+#if NET9_0_OR_GREATER
 
 using System.Net.Http.Json;
 using Duende.AccessTokenManagement.DPoP;
@@ -12,7 +13,6 @@
 
 namespace Duende.AccessTokenManagement;
 
-#if NET9_0_OR_GREATER
 /// <summary>
 /// Tests that client assertions are sent on Pushed Authorization Requests (PAR).
 /// </summary>

access-token-management/test/AccessTokenManagement.Tests/UserAccessAccessTokenManagerTests.cs

@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 
 using System.Security.Claims;
-using Duende.AccessTokenManagement.OTel;
 using Duende.AccessTokenManagement.OpenIdConnect;
 using Duende.AccessTokenManagement.OpenIdConnect.Internal;
+using Duende.AccessTokenManagement.OTel;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
 

access-token-management/test/AccessTokenManagement.Tests/UserTokenManagementTests.cs

@@ -18,6 +18,7 @@ namespace Duende.AccessTokenManagement;
 
 public class UserTokenManagementTests(ITestOutputHelper output) : IntegrationTestBase(output)
 {
+    private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
     [Fact]
     public async Task Anonymous_user_should_return_user_token_error()
     {

access-token-management/test/AccessTokenManagement.Tests/UserTokenManagementWithDPoPTests.cs

@@ -20,6 +20,7 @@ public class UserTokenManagementWithDPoPTests(ITestOutputHelper output)
         opt.DPoPJsonWebKey = DPoPProofKey.Parse(PrivateJwk);
     })
 {
+    private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
     // (An example jwk from RFC7517)
     private const string PrivateJwk = "{\"kty\":\"RSA\",\"n\":\"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw\",\"e\":\"AQAB\",\"d\":\"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q\",\"p\":\"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs\",\"q\":\"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk\",\"dp\":\"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0\",\"dq\":\"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk\",\"qi\":\"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU\",\"alg\":\"RS256\",\"kid\":\"2011-04-29\"}";
 

identity-model-oidc-client/src/IdentityModel.OidcClient.Extensions/DPoP/ProofTokenMessageHandler.cs

@@ -1,6 +1,6 @@
 // Copyright (c) Duende Software. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
-
+#pragma warning disable IDE0005 // Using directive is unnecessary. Remove unnecessary usings.
 using System.Web;
 using Duende.IdentityModel.Client;
 using Microsoft.Extensions.Logging;
@@ -86,7 +86,7 @@ private void CreateProofToken(HttpRequestMessage request)
         request.SetDPoPProofToken(proof.ProofToken);
     }
 
-    #if NET5_0_OR_GREATER
+#if NET5_0_OR_GREATER
     /// <summary>
     /// Reads the <see cref="ProtocolRequestOptions.ClientAssertionFactory"/> from
     /// <see cref="HttpRequestMessage.Options"/> and, if present, invokes it to obtain a
@@ -149,10 +149,7 @@ private async Task RefreshClientAssertionAsync(HttpRequestMessage request)
             "application/x-www-form-urlencoded");
     }
 #else
-    private Task RefreshClientAssertionAsync(HttpRequestMessage request)
-    {
-        return Task.CompletedTask;
-    }
+    private Task RefreshClientAssertionAsync(HttpRequestMessage request) => Task.CompletedTask;
 #endif
 
 }

identity-model-oidc-client/test/IdentityModel.OidcClient.Tests/DPoP/DPoPTests.cs

@@ -16,6 +16,7 @@ namespace Duende.IdentityModel.OidcClient.DPoP;
 
 public class DPoPTest : IntegrationTestBase
 {
+    private readonly CancellationToken _ct = TestContext.Current.CancellationToken;
     private static readonly string _jwkJson;
     private readonly IDPoPProofTokenFactory _proofTokenFactory;
     private readonly IdentityServer.Models.Client _client;