From 0183521b0f127a214aa28cfb8385acfef8c4aa22 Mon Sep 17 00:00:00 2001 From: joegoldman2 <147369450+joegoldman2@users.noreply.github.com> Date: Wed, 19 Jun 2024 15:02:46 +0000 Subject: [PATCH] Add additional metadata parameters to OpenIdConnectConfiguration (#2646) Co-authored-by: joegoldman2 <147369450+joegoldman@users.noreply.github.com> --- .../OpenIdConnectConfiguration.cs | 72 +++++++++++++++++++ .../OpenIdConnectConfigurationSerializer.cs | 40 +++++++++++ .../OpenIdProviderMetadataNames.cs | 8 +++ .../OpenIdConfigData.cs | 8 +++ .../OpenIdConnectConfigurationTests.cs | 15 +++- .../OpenIdConnectMetadata.json | 4 ++ 6 files changed, 145 insertions(+), 2 deletions(-) diff --git a/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Configuration/OpenIdConnectConfiguration.cs b/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Configuration/OpenIdConnectConfiguration.cs index 36fb436a61..c513056b7d 100644 --- a/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Configuration/OpenIdConnectConfiguration.cs +++ b/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Configuration/OpenIdConnectConfiguration.cs @@ -23,6 +23,9 @@ public class OpenIdConnectConfiguration : BaseConfiguration // these are used to lazy create private Dictionary _additionalData; private ICollection _acrValuesSupported; + private ICollection _authorizationEncryptionAlgValuesSupported; + private ICollection _authorizationEncryptionEncValuesSupported; + private ICollection _authorizationSigningAlgValuesSupported; private ICollection _backchannelAuthenticationRequestSigningAlgValuesSupported; private ICollection _backchannelTokenDeliveryModesSupported; private ICollection _claimsSupported; @@ -146,6 +149,24 @@ public OpenIdConnectConfiguration(string json) #endif public string AuthorizationEndpoint { get; set; } + /// + /// Gets the collection of 'authorization_encryption_alg_values_supported' + /// + [JsonPropertyName(OpenIdProviderMetadataNames.AuthorizationEncryptionAlgValuesSupported)] + public ICollection AuthorizationEncryptionAlgValuesSupported => + _authorizationEncryptionAlgValuesSupported ?? + Interlocked.CompareExchange(ref _authorizationEncryptionAlgValuesSupported, new Collection(), null) ?? + _authorizationEncryptionAlgValuesSupported; + + /// + /// Gets the collection of 'authorization_encryption_enc_values_supported' + /// + [JsonPropertyName(OpenIdProviderMetadataNames.AuthorizationEncryptionEncValuesSupported)] + public ICollection AuthorizationEncryptionEncValuesSupported => + _authorizationEncryptionEncValuesSupported ?? + Interlocked.CompareExchange(ref _authorizationEncryptionEncValuesSupported, new Collection(), null) ?? + _authorizationEncryptionEncValuesSupported; + /// /// Gets or sets the 'authorization_response_iss_parameter_supported' /// @@ -155,6 +176,15 @@ public OpenIdConnectConfiguration(string json) #endif public bool AuthorizationResponseIssParameterSupported { get; set; } + /// + /// Gets the collection of 'authorization_signing_alg_values_supported' + /// + [JsonPropertyName(OpenIdProviderMetadataNames.AuthorizationSigningAlgValuesSupported)] + public ICollection AuthorizationSigningAlgValuesSupported => + _authorizationSigningAlgValuesSupported ?? + Interlocked.CompareExchange(ref _authorizationSigningAlgValuesSupported, new Collection(), null) ?? + _authorizationSigningAlgValuesSupported; + /// /// Gets or sets the 'backchannel_authentication_endpoint'. /// @@ -622,6 +652,15 @@ public OpenIdConnectConfiguration(string json) Interlocked.CompareExchange(ref _tokenEndpointAuthSigningAlgValuesSupported, new Collection(), null) ?? _tokenEndpointAuthSigningAlgValuesSupported; + /// + /// Gets or sets the 'tls_client_certificate_bound_access_tokens' + /// + [JsonPropertyName(OpenIdProviderMetadataNames.TlsClientCertificateBoundAccessTokens)] +#if NET6_0_OR_GREATER + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)] +#endif + public bool TlsClientCertificateBoundAccessTokens { get; set; } + /// /// Gets the collection of 'ui_locales_supported' /// @@ -681,6 +720,39 @@ public bool ShouldSerializeAcrValuesSupported() return AcrValuesSupported.Count > 0; } + /// + /// Gets a bool that determines if the 'authorization_encryption_alg_values_supported' (AuthorizationEncryptionAlgValuesSupported) property should be serialized. + /// This is used by Json.NET in order to conditionally serialize properties. + /// + /// true if 'authorization_encryption_alg_values_supported' (AuthorizationEncryptionAlgValuesSupported) is not empty; otherwise, false. + [EditorBrowsable(EditorBrowsableState.Never)] + public bool ShouldSerializeAuthorizationEncryptionAlgValuesSupported() + { + return AuthorizationEncryptionAlgValuesSupported.Count > 0; + } + + /// + /// Gets a bool that determines if the 'authorization_encryption_enc_values_supported' (AuthorizationEncryptionEncValuesSupported) property should be serialized. + /// This is used by Json.NET in order to conditionally serialize properties. + /// + /// true if 'authorization_encryption_enc_values_supported' (AuthorizationEncryptionEncValuesSupported) is not empty; otherwise, false. + [EditorBrowsable(EditorBrowsableState.Never)] + public bool ShouldSerializeAuthorizationEncryptionEncValuesSupported() + { + return AuthorizationEncryptionEncValuesSupported.Count > 0; + } + + /// + /// Gets a bool that determines if the 'authorization_signing_alg_values_supported' (AuthorizationSigningAlgValuesSupported) property should be serialized. + /// This is used by Json.NET in order to conditionally serialize properties. + /// + /// true if 'authorization_signing_alg_values_supported' (AuthorizationSigningAlgValuesSupported) is not empty; otherwise, false. + [EditorBrowsable(EditorBrowsableState.Never)] + public bool ShouldSerializeAuthorizationSigningAlgValuesSupported() + { + return AuthorizationSigningAlgValuesSupported.Count > 0; + } + /// /// Gets a bool that determines if the 'backchannel_token_delivery_modes_supported' (BackchannelTokenDeliveryModesSupported) property should be serialized. /// This is used by Json.NET in order to conditionally serialize properties. diff --git a/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Json/OpenIdConnectConfigurationSerializer.cs b/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Json/OpenIdConnectConfigurationSerializer.cs index 9e99a0899d..cffe63744f 100644 --- a/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Json/OpenIdConnectConfigurationSerializer.cs +++ b/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Json/OpenIdConnectConfigurationSerializer.cs @@ -39,7 +39,10 @@ public static readonly { "ACR_VALUES_SUPPORTED", "AUTHORIZATION_ENDPOINT", + "AUTHORIZATION_ENCRYPTION_ALG_VALUES_SUPPORTED", + "AUTHORIZATION_ENCRYPTION_ENC_VALUES_SUPPORTED", "AUTHORIZATION_RESPONSE_ISS_PARAMETER_SUPPORTED", + "AUTHORIZATION_SIGNING_ALG_VALUES_SUPPORTED", "BACKCHANNEL_AUTHENTICATION_ENDPOINT", "BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG_VALUES_SUPPORTED", "BACKCHANNEL_TOKEN_DELIVERY_MODES_SUPPORTED", @@ -91,6 +94,7 @@ public static readonly "TOKEN_ENDPOINT", "TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED", "TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED", + "TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS", "UI_LOCALES_SUPPORTED", "USERINFO_ENDPOINT", "USERINFO_ENCRYPTION_ALG_VALUES_SUPPORTED", @@ -162,9 +166,18 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC else if (reader.ValueTextEquals(Utf8Bytes.AuthorizationEndpoint)) config.AuthorizationEndpoint = JsonPrimitives.ReadString(ref reader, MetadataName.AuthorizationEndpoint, ClassName, true); + else if (reader.ValueTextEquals(Utf8Bytes.AuthorizationEncryptionAlgValuesSupported)) + JsonPrimitives.ReadStrings(ref reader, config.AuthorizationEncryptionAlgValuesSupported, MetadataName.AuthorizationEncryptionAlgValuesSupported, ClassName, true); + + else if (reader.ValueTextEquals(Utf8Bytes.AuthorizationEncryptionEncValuesSupported)) + JsonPrimitives.ReadStrings(ref reader, config.AuthorizationEncryptionEncValuesSupported, MetadataName.AuthorizationEncryptionEncValuesSupported, ClassName, true); + else if (reader.ValueTextEquals(Utf8Bytes.AuthorizationResponseIssParameterSupported)) config.AuthorizationResponseIssParameterSupported = JsonPrimitives.ReadBoolean(ref reader, MetadataName.AuthorizationResponseIssParameterSupported, ClassName, true); + else if (reader.ValueTextEquals(Utf8Bytes.AuthorizationSigningAlgValuesSupported)) + JsonPrimitives.ReadStrings(ref reader, config.AuthorizationSigningAlgValuesSupported, MetadataName.AuthorizationSigningAlgValuesSupported, ClassName, true); + else if (reader.ValueTextEquals(Utf8Bytes.BackchannelAuthenticationEndpoint)) config.BackchannelAuthenticationEndpoint = JsonPrimitives.ReadString(ref reader, MetadataName.BackchannelAuthenticationEndpoint, ClassName, true); @@ -328,6 +341,9 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC else if (reader.ValueTextEquals(Utf8Bytes.TokenEndpointAuthSigningAlgValuesSupported)) JsonPrimitives.ReadStrings(ref reader, config.TokenEndpointAuthSigningAlgValuesSupported, MetadataName.TokenEndpointAuthSigningAlgValuesSupported, ClassName, true); + else if (reader.ValueTextEquals(Utf8Bytes.TlsClientCertificateBoundAccessTokens)) + config.TlsClientCertificateBoundAccessTokens = JsonPrimitives.ReadBoolean(ref reader, MetadataName.TlsClientCertificateBoundAccessTokens, ClassName, true); + else if (reader.ValueTextEquals(Utf8Bytes.UILocalesSupported)) JsonPrimitives.ReadStrings(ref reader, config.UILocalesSupported, MetadataName.UILocalesSupported, ClassName, true); @@ -366,9 +382,18 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC else if (propertyName.Equals(MetadataName.AuthorizationEndpoint, StringComparison.OrdinalIgnoreCase)) config.AuthorizationEndpoint = JsonPrimitives.ReadString(ref reader, propertyName, ClassName); + else if (propertyName.Equals(MetadataName.AuthorizationEncryptionAlgValuesSupported, StringComparison.OrdinalIgnoreCase)) + JsonPrimitives.ReadStrings(ref reader, config.AuthorizationEncryptionAlgValuesSupported, propertyName, ClassName); + + else if (propertyName.Equals(MetadataName.AuthorizationEncryptionEncValuesSupported, StringComparison.OrdinalIgnoreCase)) + JsonPrimitives.ReadStrings(ref reader, config.AuthorizationEncryptionEncValuesSupported, propertyName, ClassName); + else if (propertyName.Equals(MetadataName.AuthorizationResponseIssParameterSupported, StringComparison.OrdinalIgnoreCase)) config.AuthorizationResponseIssParameterSupported = JsonPrimitives.ReadBoolean(ref reader, propertyName, ClassName); + else if (propertyName.Equals(MetadataName.AuthorizationSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase)) + JsonPrimitives.ReadStrings(ref reader, config.AuthorizationSigningAlgValuesSupported, propertyName, ClassName); + else if (propertyName.Equals(MetadataName.BackchannelAuthenticationEndpoint, StringComparison.OrdinalIgnoreCase)) config.BackchannelAuthenticationEndpoint = JsonPrimitives.ReadString(ref reader, propertyName, ClassName); @@ -533,6 +558,9 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC else if (propertyName.Equals(MetadataName.TokenEndpointAuthSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase)) JsonPrimitives.ReadStrings(ref reader, config.TokenEndpointAuthSigningAlgValuesSupported, propertyName, ClassName); + else if (propertyName.Equals(MetadataName.TlsClientCertificateBoundAccessTokens, StringComparison.OrdinalIgnoreCase)) + config.TlsClientCertificateBoundAccessTokens = JsonPrimitives.ReadBoolean(ref reader, propertyName, ClassName); + else if (propertyName.Equals(MetadataName.UILocalesSupported, StringComparison.OrdinalIgnoreCase)) JsonPrimitives.ReadStrings(ref reader, config.UILocalesSupported, propertyName, ClassName); @@ -592,9 +620,18 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c if (!string.IsNullOrEmpty(config.AuthorizationEndpoint)) writer.WriteString(Utf8Bytes.AuthorizationEndpoint, config.AuthorizationEndpoint); + if (config.AuthorizationEncryptionAlgValuesSupported.Count > 0) + JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.AuthorizationEncryptionAlgValuesSupported, config.AuthorizationEncryptionAlgValuesSupported); + + if (config.AuthorizationEncryptionEncValuesSupported.Count > 0) + JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.AuthorizationEncryptionEncValuesSupported, config.AuthorizationEncryptionEncValuesSupported); + if (config.AuthorizationResponseIssParameterSupported) writer.WriteBoolean(Utf8Bytes.AuthorizationResponseIssParameterSupported, config.AuthorizationResponseIssParameterSupported); + if (config.AuthorizationSigningAlgValuesSupported.Count > 0) + JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.AuthorizationSigningAlgValuesSupported, config.AuthorizationSigningAlgValuesSupported); + if (!string.IsNullOrEmpty(config.BackchannelAuthenticationEndpoint)) writer.WriteString(Utf8Bytes.BackchannelAuthenticationEndpoint, config.BackchannelAuthenticationEndpoint); @@ -745,6 +782,9 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c if (config.TokenEndpointAuthSigningAlgValuesSupported.Count > 0) JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.TokenEndpointAuthSigningAlgValuesSupported, config.TokenEndpointAuthSigningAlgValuesSupported); + if (config.TlsClientCertificateBoundAccessTokens) + writer.WriteBoolean(Utf8Bytes.TlsClientCertificateBoundAccessTokens, config.TlsClientCertificateBoundAccessTokens); + if (config.UILocalesSupported.Count > 0) JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.UILocalesSupported, config.UILocalesSupported); diff --git a/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdProviderMetadataNames.cs b/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdProviderMetadataNames.cs index 62f15637c6..b5c802d3dd 100644 --- a/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdProviderMetadataNames.cs +++ b/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdProviderMetadataNames.cs @@ -14,7 +14,10 @@ public static class OpenIdProviderMetadataNames #pragma warning disable 1591 public const string AcrValuesSupported = "acr_values_supported"; public const string AuthorizationEndpoint = "authorization_endpoint"; + public const string AuthorizationEncryptionAlgValuesSupported = "authorization_encryption_alg_values_supported"; + public const string AuthorizationEncryptionEncValuesSupported = "authorization_encryption_enc_values_supported"; public const string AuthorizationResponseIssParameterSupported = "authorization_response_iss_parameter_supported"; + public const string AuthorizationSigningAlgValuesSupported = "authorization_signing_alg_values_supported"; public const string BackchannelAuthenticationEndpoint = "backchannel_authentication_endpoint"; public const string BackchannelAuthenticationRequestSigningAlgValuesSupported = "backchannel_authentication_request_signing_alg_values_supported"; public const string BackchannelTokenDeliveryModesSupported = "backchannel_token_delivery_modes_supported"; @@ -68,6 +71,7 @@ public static class OpenIdProviderMetadataNames public const string TokenEndpointAuthMethodsSupported = "token_endpoint_auth_methods_supported"; public const string TokenEndpointAuthSigningAlgValuesSupported = "token_endpoint_auth_signing_alg_values_supported"; public const string UILocalesSupported = "ui_locales_supported"; + public const string TlsClientCertificateBoundAccessTokens = "tls_client_certificate_bound_access_tokens"; public const string UserInfoEndpoint = "userinfo_endpoint"; public const string UserInfoEncryptionAlgValuesSupported = "userinfo_encryption_alg_values_supported"; public const string UserInfoEncryptionEncValuesSupported = "userinfo_encryption_enc_values_supported"; @@ -84,7 +88,10 @@ internal static class OpenIdProviderMetadataUtf8Bytes { public static ReadOnlySpan AcrValuesSupported => "acr_values_supported"u8; public static ReadOnlySpan AuthorizationEndpoint => "authorization_endpoint"u8; + public static ReadOnlySpan AuthorizationEncryptionAlgValuesSupported => "authorization_encryption_alg_values_supported"u8; + public static ReadOnlySpan AuthorizationEncryptionEncValuesSupported => "authorization_encryption_enc_values_supported"u8; public static ReadOnlySpan AuthorizationResponseIssParameterSupported => "authorization_response_iss_parameter_supported"u8; + public static ReadOnlySpan AuthorizationSigningAlgValuesSupported => "authorization_signing_alg_values_supported"u8; public static ReadOnlySpan BackchannelAuthenticationEndpoint => "backchannel_authentication_endpoint"u8; public static ReadOnlySpan BackchannelAuthenticationRequestSigningAlgValuesSupported => "backchannel_authentication_request_signing_alg_values_supported"u8; public static ReadOnlySpan BackchannelTokenDeliveryModesSupported => "backchannel_token_delivery_modes_supported"u8; @@ -137,6 +144,7 @@ internal static class OpenIdProviderMetadataUtf8Bytes public static ReadOnlySpan TokenEndpoint => "token_endpoint"u8; public static ReadOnlySpan TokenEndpointAuthMethodsSupported => "token_endpoint_auth_methods_supported"u8; public static ReadOnlySpan TokenEndpointAuthSigningAlgValuesSupported => "token_endpoint_auth_signing_alg_values_supported"u8; + public static ReadOnlySpan TlsClientCertificateBoundAccessTokens => "tls_client_certificate_bound_access_tokens"u8; public static ReadOnlySpan UILocalesSupported => "ui_locales_supported"u8; public static ReadOnlySpan UserInfoEndpoint => "userinfo_endpoint"u8; public static ReadOnlySpan UserInfoEncryptionAlgValuesSupported => "userinfo_encryption_alg_values_supported"u8; diff --git a/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConfigData.cs b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConfigData.cs index 1f60d43365..75a62b1539 100644 --- a/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConfigData.cs +++ b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConfigData.cs @@ -68,7 +68,10 @@ public static OpenIdConnectConfiguration FullyPopulatedWithKeys public static string JsonAllValues = @"{ ""acr_values_supported"": [""acr_value1"", ""acr_value2"", ""acr_value3""], ""authorization_endpoint"": ""https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/authorize"", + ""authorization_encryption_alg_values_supported"": [""A192KW"", ""A256KW""], + ""authorization_encryption_enc_values_supported"": [""A128CBC-HS256"", ""A256CBC-HS512""], ""authorization_response_iss_parameter_supported"": false, + ""authorization_signing_alg_values_supported"": [""ES384"", ""ES512""], ""backchannel_authentication_endpoint"": ""https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/bc-authorize"", ""backchannel_authentication_request_signing_alg_values_supported"": [""ES384"", ""ES512""], ""backchannel_token_delivery_modes_supported"": [""poll"", ""ping""], @@ -119,6 +122,7 @@ public static OpenIdConnectConfiguration FullyPopulatedWithKeys ""token_endpoint"": ""https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/token"", ""token_endpoint_auth_methods_supported"": [""client_secret_post"", ""private_key_jwt""], ""token_endpoint_auth_signing_alg_values_supported"": [""ES192"", ""ES256""], + ""tls_client_certificate_bound_access_tokens"": true, ""ui_locales_supported"": [""hak-CN"", ""en-us""], ""userinfo_endpoint"": ""https://login.microsoftonline.com/add29489-7269-41f4-8841-b63c95564420/openid/userinfo"", ""userinfo_encryption_alg_values_supported"": [""ECDH-ES+A128KW"", ""ECDH-ES+A192KW""], @@ -610,7 +614,10 @@ private static OpenIdConnectConfiguration SetDefaultConfiguration(OpenIdConnectC { AddToCollection(config.AcrValuesSupported, "acr_value1", "acr_value2", "acr_value3"); config.AuthorizationEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/authorize"; + AddToCollection(config.AuthorizationEncryptionAlgValuesSupported, "A192KW", "A256KW"); + AddToCollection(config.AuthorizationEncryptionEncValuesSupported, "A128CBC-HS256", "A256CBC-HS512"); config.AuthorizationResponseIssParameterSupported = false; + AddToCollection(config.AuthorizationSigningAlgValuesSupported, "ES384", "ES512"); config.BackchannelAuthenticationEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/bc-authorize"; AddToCollection(config.BackchannelAuthenticationRequestSigningAlgValuesSupported, "ES384", "ES512"); AddToCollection(config.BackchannelTokenDeliveryModesSupported, "poll", "ping"); @@ -660,6 +667,7 @@ private static OpenIdConnectConfiguration SetDefaultConfiguration(OpenIdConnectC config.TokenEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/token"; AddToCollection(config.TokenEndpointAuthMethodsSupported, "client_secret_post", "private_key_jwt"); AddToCollection(config.TokenEndpointAuthSigningAlgValuesSupported, "ES192", "ES256"); + config.TlsClientCertificateBoundAccessTokens = true; AddToCollection(config.UILocalesSupported, "hak-CN", "en-us"); config.UserInfoEndpoint = "https://login.microsoftonline.com/add29489-7269-41f4-8841-b63c95564420/openid/userinfo"; AddToCollection(config.UserInfoEndpointEncryptionAlgValuesSupported, "ECDH-ES+A128KW", "ECDH-ES+A192KW"); diff --git a/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConnectConfigurationTests.cs b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConnectConfigurationTests.cs index 9ee0bb7cdb..c31a60b085 100644 --- a/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConnectConfigurationTests.cs +++ b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConnectConfigurationTests.cs @@ -75,6 +75,9 @@ public void Defaults() { OpenIdConnectConfiguration configuration = new OpenIdConnectConfiguration(); Assert.NotNull(configuration.AcrValuesSupported); + Assert.NotNull(configuration.AuthorizationEncryptionAlgValuesSupported); + Assert.NotNull(configuration.AuthorizationEncryptionEncValuesSupported); + Assert.NotNull(configuration.AuthorizationSigningAlgValuesSupported); Assert.False(configuration.AuthorizationResponseIssParameterSupported); Assert.NotNull(configuration.BackchannelAuthenticationRequestSigningAlgValuesSupported); Assert.NotNull(configuration.BackchannelTokenDeliveryModesSupported); @@ -110,6 +113,7 @@ public void Defaults() Assert.NotNull(configuration.SubjectTypesSupported); Assert.NotNull(configuration.TokenEndpointAuthMethodsSupported); Assert.NotNull(configuration.TokenEndpointAuthSigningAlgValuesSupported); + Assert.False(configuration.TlsClientCertificateBoundAccessTokens); Assert.NotNull(configuration.UILocalesSupported); Assert.NotNull(configuration.UserInfoEndpointEncryptionAlgValuesSupported); Assert.NotNull(configuration.UserInfoEndpointEncryptionEncValuesSupported); @@ -141,8 +145,8 @@ public void GetSets() OpenIdConnectConfiguration configuration = new OpenIdConnectConfiguration(); Type type = typeof(OpenIdConnectConfiguration); PropertyInfo[] properties = type.GetProperties(); - if (properties.Length != 63) - Assert.True(false, "Number of properties has changed from 63 to: " + properties.Length + ", adjust tests"); + if (properties.Length != 67) + Assert.True(false, "Number of properties has changed from 67 to: " + properties.Length + ", adjust tests"); TestUtilities.CallAllPublicInstanceAndStaticPropertyGets(configuration, "OpenIdConnectConfiguration_GetSets"); @@ -152,7 +156,10 @@ public void GetSets() PropertyNamesAndSetGetValue = new List>> { new KeyValuePair>("AuthorizationEndpoint", new List{ (string)null, Guid.NewGuid().ToString(), Guid.NewGuid().ToString() }), + new KeyValuePair>("AuthorizationEncryptionAlgValuesSupported", new List{ false, true, true }), + new KeyValuePair>("AuthorizationEncryptionEncValuesSupported", new List{ false, true, true }), new KeyValuePair>("AuthorizationResponseIssParameterSupported", new List{ false, true, true }), + new KeyValuePair>("AuthorizationSigningAlgValuesSupported", new List{ false, true, true }), new KeyValuePair>("BackchannelAuthenticationEndpoint", new List{ (string)null, Guid.NewGuid().ToString(), Guid.NewGuid().ToString() }), new KeyValuePair>("BackchannelUserCodeParameterSupported", new List{ false, true, true }), new KeyValuePair>("CheckSessionIframe", new List{ (string)null, Guid.NewGuid().ToString(), Guid.NewGuid().ToString() }), @@ -178,6 +185,7 @@ public void GetSets() new KeyValuePair>("RevocationEndpointAuthMethodsSupported", new List{ false, true, true }), new KeyValuePair>("RevocationEndpointAuthSigningAlgValuesSupported", new List{ false, true, true }), new KeyValuePair>("ServiceDocumentation", new List{ (string)null, Guid.NewGuid().ToString(), Guid.NewGuid().ToString() }), + new KeyValuePair>("TlsClientCertificateBoundAccessTokens", new List{ false, true, false }), new KeyValuePair>("TokenEndpoint", new List{ (string)null, Guid.NewGuid().ToString(), Guid.NewGuid().ToString() }), new KeyValuePair>("UserInfoEndpoint", new List{ (string)null, Guid.NewGuid().ToString(), Guid.NewGuid().ToString() }), }, @@ -289,6 +297,9 @@ public void NonemptyCollectionSerialization() var collectionNames = new List { "acr_values_supported", + "authorization_encryption_alg_values_supported", + "authorization_encryption_enc_values_supported", + "authorization_signing_alg_values_supported", "backchannel_authentication_request_signing_alg_values_supported", "backchannel_token_delivery_modes_supported", "claims_supported", diff --git a/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConnectMetadata.json b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConnectMetadata.json index bf10bb1f2c..90af72ef9f 100644 --- a/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConnectMetadata.json +++ b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConnectMetadata.json @@ -1,7 +1,10 @@ { "acr_values_supported": ["acr_value1", "acr_value2", "acr_value3"], "authorization_endpoint": "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/authorize", + "authorization_encryption_alg_values_supported": ["A192KW", "A256KW"], + "authorization_encryption_enc_values_supported": ["A128CBC-HS256", "A256CBC-HS512"], "authorization_response_iss_parameter_supported": false, + "authorization_signing_alg_values_supported": ["ES384", "ES512"], "backchannel_authentication_endpoint": "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/bc-authorize", "backchannel_authentication_request_signing_alg_values_supported": ["ES384", "ES512"], "backchannel_token_delivery_modes_supported": ["poll", "ping"], @@ -52,6 +55,7 @@ "token_endpoint": "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/token", "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt"], "token_endpoint_auth_signing_alg_values_supported": ["ES192", "ES256"], + "tls_client_certificate_bound_access_tokens": true, "ui_locales_supported": ["hak-CN", "en-us"], "userinfo_endpoint": "https://login.microsoftonline.com/add29489-7269-41f4-8841-b63c95564420/openid/userinfo", "userinfo_encryption_alg_values_supported": ["ECDH-ES+A128KW", "ECDH-ES+A192KW"],