Add additional metadata parameters to OpenIdConnectConfiguration

src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Configuration/OpenIdConnectConfiguration.cs

@@ -23,6 +23,9 @@ public class OpenIdConnectConfiguration : BaseConfiguration
         // these are used to lazy create
         private Dictionary<string, object> _additionalData;
         private ICollection<string> _acrValuesSupported;
+        private ICollection<string> _authorizationEncryptionAlgValuesSupported;
+        private ICollection<string> _authorizationEncryptionEncValuesSupported;
+        private ICollection<string> _authorizationSigningAlgValuesSupported;
         private ICollection<string> _backchannelAuthenticationRequestSigningAlgValuesSupported;
         private ICollection<string> _backchannelTokenDeliveryModesSupported;
         private ICollection<string> _claimsSupported;
@@ -146,6 +149,24 @@ public OpenIdConnectConfiguration(string json)
 #endif
         public string AuthorizationEndpoint { get; set; }
 
+        /// <summary>
+        /// Gets the collection of 'authorization_encryption_alg_values_supported'
+        /// </summary>
+        [JsonPropertyName(OpenIdProviderMetadataNames.AuthorizationEncryptionAlgValuesSupported)]
+        public ICollection<string> AuthorizationEncryptionAlgValuesSupported =>
+            _authorizationEncryptionAlgValuesSupported ??
+            Interlocked.CompareExchange(ref _authorizationEncryptionAlgValuesSupported, new Collection<string>(), null) ??
+            _authorizationEncryptionAlgValuesSupported;
+
+        /// <summary>
+        /// Gets the collection of 'authorization_encryption_enc_values_supported'
+        /// </summary>
+        [JsonPropertyName(OpenIdProviderMetadataNames.AuthorizationEncryptionEncValuesSupported)]
+        public ICollection<string> AuthorizationEncryptionEncValuesSupported =>
+            _authorizationEncryptionEncValuesSupported ??
+            Interlocked.CompareExchange(ref _authorizationEncryptionEncValuesSupported, new Collection<string>(), null) ??
+            _authorizationEncryptionEncValuesSupported;
+
         /// <summary>
         /// Gets or sets the 'authorization_response_iss_parameter_supported'
         /// </summary>
@@ -155,6 +176,15 @@ public OpenIdConnectConfiguration(string json)
 #endif
         public bool AuthorizationResponseIssParameterSupported { get; set; }
 
+        /// <summary>
+        /// Gets the collection of 'authorization_signing_alg_values_supported'
+        /// </summary>
+        [JsonPropertyName(OpenIdProviderMetadataNames.AuthorizationSigningAlgValuesSupported)]
+        public ICollection<string> AuthorizationSigningAlgValuesSupported =>
+            _authorizationSigningAlgValuesSupported ??
+            Interlocked.CompareExchange(ref _authorizationSigningAlgValuesSupported, new Collection<string>(), null) ??
+            _authorizationSigningAlgValuesSupported;
+
         /// <summary>
         /// Gets or sets the 'backchannel_authentication_endpoint'.
         /// </summary>
@@ -622,6 +652,15 @@ public OpenIdConnectConfiguration(string json)
             Interlocked.CompareExchange(ref _tokenEndpointAuthSigningAlgValuesSupported, new Collection<string>(), null) ??
             _tokenEndpointAuthSigningAlgValuesSupported;
 
+        /// <summary>
+        /// Gets or sets the 'tls_client_certificate_bound_access_tokens'
+        /// </summary>
+        [JsonPropertyName(OpenIdProviderMetadataNames.TlsClientCertificateBoundAccessTokens)]
+#if NET6_0_OR_GREATER
+        [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)]
+#endif
+        public bool TlsClientCertificateBoundAccessTokens { get; set; }
+
         /// <summary>
         /// Gets the collection of 'ui_locales_supported'
         /// </summary>
@@ -681,6 +720,39 @@ public bool ShouldSerializeAcrValuesSupported()
             return AcrValuesSupported.Count > 0;
         }
 
+        /// <summary>
+        /// Gets a bool that determines if the 'authorization_encryption_alg_values_supported' (AuthorizationEncryptionAlgValuesSupported) property should be serialized.
+        /// This is used by Json.NET in order to conditionally serialize properties.
+        /// </summary>
+        /// <return>true if 'authorization_encryption_alg_values_supported' (AuthorizationEncryptionAlgValuesSupported) is not empty; otherwise, false.</return>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public bool ShouldSerializeAuthorizationEncryptionAlgValuesSupported()
+        {
+            return AuthorizationEncryptionAlgValuesSupported.Count > 0;
+        }
+
+        /// <summary>
+        /// Gets a bool that determines if the 'authorization_encryption_enc_values_supported' (AuthorizationEncryptionEncValuesSupported) property should be serialized.
+        /// This is used by Json.NET in order to conditionally serialize properties.
+        /// </summary>
+        /// <return>true if 'authorization_encryption_enc_values_supported' (AuthorizationEncryptionEncValuesSupported) is not empty; otherwise, false.</return>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public bool ShouldSerializeAuthorizationEncryptionEncValuesSupported()
+        {
+            return AuthorizationEncryptionEncValuesSupported.Count > 0;
+        }
+
+        /// <summary>
+        /// Gets a bool that determines if the 'authorization_signing_alg_values_supported' (AuthorizationSigningAlgValuesSupported) property should be serialized.
+        /// This is used by Json.NET in order to conditionally serialize properties.
+        /// </summary>
+        /// <return>true if 'authorization_signing_alg_values_supported' (AuthorizationSigningAlgValuesSupported) is not empty; otherwise, false.</return>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public bool ShouldSerializeAuthorizationSigningAlgValuesSupported()
+        {
+            return AuthorizationSigningAlgValuesSupported.Count > 0;
+        }
+
         /// <summary>
         /// Gets a bool that determines if the 'backchannel_token_delivery_modes_supported' (BackchannelTokenDeliveryModesSupported) property should be serialized.
         /// This is used by Json.NET in order to conditionally serialize properties.

src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Json/OpenIdConnectConfigurationSerializer.cs

@@ -39,7 +39,10 @@ public static readonly
         {
             "ACR_VALUES_SUPPORTED",
             "AUTHORIZATION_ENDPOINT",
+            "AUTHORIZATION_ENCRYPTION_ALG_VALUES_SUPPORTED",
+            "AUTHORIZATION_ENCRYPTION_ENC_VALUES_SUPPORTED",
             "AUTHORIZATION_RESPONSE_ISS_PARAMETER_SUPPORTED",
+            "AUTHORIZATION_SIGNING_ALG_VALUES_SUPPORTED",
             "BACKCHANNEL_AUTHENTICATION_ENDPOINT",
             "BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG_VALUES_SUPPORTED",
             "BACKCHANNEL_TOKEN_DELIVERY_MODES_SUPPORTED",
@@ -91,6 +94,7 @@ public static readonly
             "TOKEN_ENDPOINT",
             "TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED",
             "TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED",
+            "TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS",
             "UI_LOCALES_SUPPORTED",
             "USERINFO_ENDPOINT",
             "USERINFO_ENCRYPTION_ALG_VALUES_SUPPORTED",
@@ -162,9 +166,18 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
                     else if (reader.ValueTextEquals(Utf8Bytes.AuthorizationEndpoint))
                         config.AuthorizationEndpoint = JsonPrimitives.ReadString(ref reader, MetadataName.AuthorizationEndpoint, ClassName, true);
 
+                    else if (reader.ValueTextEquals(Utf8Bytes.AuthorizationEncryptionAlgValuesSupported))
+                        JsonPrimitives.ReadStrings(ref reader, config.AuthorizationEncryptionAlgValuesSupported, MetadataName.AuthorizationEncryptionAlgValuesSupported, ClassName, true);
+
+                    else if (reader.ValueTextEquals(Utf8Bytes.AuthorizationEncryptionEncValuesSupported))
+                        JsonPrimitives.ReadStrings(ref reader, config.AuthorizationEncryptionEncValuesSupported, MetadataName.AuthorizationEncryptionEncValuesSupported, ClassName, true);
+
                     else if (reader.ValueTextEquals(Utf8Bytes.AuthorizationResponseIssParameterSupported))
                         config.AuthorizationResponseIssParameterSupported = JsonPrimitives.ReadBoolean(ref reader, MetadataName.AuthorizationResponseIssParameterSupported, ClassName, true);
 
+                    else if (reader.ValueTextEquals(Utf8Bytes.AuthorizationSigningAlgValuesSupported))
+                        JsonPrimitives.ReadStrings(ref reader, config.AuthorizationSigningAlgValuesSupported, MetadataName.AuthorizationSigningAlgValuesSupported, ClassName, true);
+
                     else if (reader.ValueTextEquals(Utf8Bytes.BackchannelAuthenticationEndpoint))
                         config.BackchannelAuthenticationEndpoint = JsonPrimitives.ReadString(ref reader, MetadataName.BackchannelAuthenticationEndpoint, ClassName, true);
 
@@ -328,6 +341,9 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
                     else if (reader.ValueTextEquals(Utf8Bytes.TokenEndpointAuthSigningAlgValuesSupported))
                         JsonPrimitives.ReadStrings(ref reader, config.TokenEndpointAuthSigningAlgValuesSupported, MetadataName.TokenEndpointAuthSigningAlgValuesSupported, ClassName, true);
 
+                    else if (reader.ValueTextEquals(Utf8Bytes.TlsClientCertificateBoundAccessTokens))
+                        config.TlsClientCertificateBoundAccessTokens = JsonPrimitives.ReadBoolean(ref reader, MetadataName.TlsClientCertificateBoundAccessTokens, ClassName, true);
+
                     else if (reader.ValueTextEquals(Utf8Bytes.UILocalesSupported))
                         JsonPrimitives.ReadStrings(ref reader, config.UILocalesSupported, MetadataName.UILocalesSupported, ClassName, true);
 
@@ -366,9 +382,18 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
                             else if (propertyName.Equals(MetadataName.AuthorizationEndpoint, StringComparison.OrdinalIgnoreCase))
                                 config.AuthorizationEndpoint = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);
 
+                            else if (propertyName.Equals(MetadataName.AuthorizationEncryptionAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
+                                JsonPrimitives.ReadStrings(ref reader, config.AuthorizationEncryptionAlgValuesSupported, propertyName, ClassName);
+
+                            else if (propertyName.Equals(MetadataName.AuthorizationEncryptionEncValuesSupported, StringComparison.OrdinalIgnoreCase))
+                                JsonPrimitives.ReadStrings(ref reader, config.AuthorizationEncryptionEncValuesSupported, propertyName, ClassName);
+
                             else if (propertyName.Equals(MetadataName.AuthorizationResponseIssParameterSupported, StringComparison.OrdinalIgnoreCase))
                                 config.AuthorizationResponseIssParameterSupported = JsonPrimitives.ReadBoolean(ref reader, propertyName, ClassName);
 
+                            else if (propertyName.Equals(MetadataName.AuthorizationSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
+                                JsonPrimitives.ReadStrings(ref reader, config.AuthorizationSigningAlgValuesSupported, propertyName, ClassName);
+
                             else if (propertyName.Equals(MetadataName.BackchannelAuthenticationEndpoint, StringComparison.OrdinalIgnoreCase))
                                 config.BackchannelAuthenticationEndpoint = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);
 
@@ -533,6 +558,9 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
                             else if (propertyName.Equals(MetadataName.TokenEndpointAuthSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
                                 JsonPrimitives.ReadStrings(ref reader, config.TokenEndpointAuthSigningAlgValuesSupported, propertyName, ClassName);
 
+                            else if (propertyName.Equals(MetadataName.TlsClientCertificateBoundAccessTokens, StringComparison.OrdinalIgnoreCase))
+                                config.TlsClientCertificateBoundAccessTokens = JsonPrimitives.ReadBoolean(ref reader, propertyName, ClassName);
+
                             else if (propertyName.Equals(MetadataName.UILocalesSupported, StringComparison.OrdinalIgnoreCase))
                                 JsonPrimitives.ReadStrings(ref reader, config.UILocalesSupported, propertyName, ClassName);
 
@@ -592,9 +620,18 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c
             if (!string.IsNullOrEmpty(config.AuthorizationEndpoint))
                 writer.WriteString(Utf8Bytes.AuthorizationEndpoint, config.AuthorizationEndpoint);
 
+            if (config.AuthorizationEncryptionAlgValuesSupported.Count > 0)
+                JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.AuthorizationEncryptionAlgValuesSupported, config.AuthorizationEncryptionAlgValuesSupported);
+
+            if (config.AuthorizationEncryptionEncValuesSupported.Count > 0)
+                JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.AuthorizationEncryptionEncValuesSupported, config.AuthorizationEncryptionEncValuesSupported);
+
             if (config.AuthorizationResponseIssParameterSupported)
                 writer.WriteBoolean(Utf8Bytes.AuthorizationResponseIssParameterSupported, config.AuthorizationResponseIssParameterSupported);
 
+            if (config.AuthorizationSigningAlgValuesSupported.Count > 0)
+                JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.AuthorizationSigningAlgValuesSupported, config.AuthorizationSigningAlgValuesSupported);
+
             if (!string.IsNullOrEmpty(config.BackchannelAuthenticationEndpoint))
                 writer.WriteString(Utf8Bytes.BackchannelAuthenticationEndpoint, config.BackchannelAuthenticationEndpoint);
 
@@ -745,6 +782,9 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c
             if (config.TokenEndpointAuthSigningAlgValuesSupported.Count > 0)
                 JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.TokenEndpointAuthSigningAlgValuesSupported, config.TokenEndpointAuthSigningAlgValuesSupported);
 
+            if (config.TlsClientCertificateBoundAccessTokens)
+                writer.WriteBoolean(Utf8Bytes.TlsClientCertificateBoundAccessTokens, config.TlsClientCertificateBoundAccessTokens);
+
             if (config.UILocalesSupported.Count > 0)
                 JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.UILocalesSupported, config.UILocalesSupported);
 

src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdProviderMetadataNames.cs

@@ -14,7 +14,10 @@ public static class OpenIdProviderMetadataNames
 #pragma warning disable 1591
         public const string AcrValuesSupported = "acr_values_supported";
         public const string AuthorizationEndpoint = "authorization_endpoint";
+        public const string AuthorizationEncryptionAlgValuesSupported = "authorization_encryption_alg_values_supported";
+        public const string AuthorizationEncryptionEncValuesSupported = "authorization_encryption_enc_values_supported";
         public const string AuthorizationResponseIssParameterSupported = "authorization_response_iss_parameter_supported";
+        public const string AuthorizationSigningAlgValuesSupported = "authorization_signing_alg_values_supported";
         public const string BackchannelAuthenticationEndpoint = "backchannel_authentication_endpoint";
         public const string BackchannelAuthenticationRequestSigningAlgValuesSupported = "backchannel_authentication_request_signing_alg_values_supported";
         public const string BackchannelTokenDeliveryModesSupported = "backchannel_token_delivery_modes_supported";
@@ -68,6 +71,7 @@ public static class OpenIdProviderMetadataNames
         public const string TokenEndpointAuthMethodsSupported = "token_endpoint_auth_methods_supported";
         public const string TokenEndpointAuthSigningAlgValuesSupported = "token_endpoint_auth_signing_alg_values_supported";
         public const string UILocalesSupported = "ui_locales_supported";
+        public const string TlsClientCertificateBoundAccessTokens = "tls_client_certificate_bound_access_tokens";
         public const string UserInfoEndpoint = "userinfo_endpoint";
         public const string UserInfoEncryptionAlgValuesSupported = "userinfo_encryption_alg_values_supported";
         public const string UserInfoEncryptionEncValuesSupported = "userinfo_encryption_enc_values_supported";
@@ -84,7 +88,10 @@ internal static class OpenIdProviderMetadataUtf8Bytes
     {
         public static ReadOnlySpan<byte> AcrValuesSupported => "acr_values_supported"u8;
         public static ReadOnlySpan<byte> AuthorizationEndpoint => "authorization_endpoint"u8;
+        public static ReadOnlySpan<byte> AuthorizationEncryptionAlgValuesSupported => "authorization_encryption_alg_values_supported"u8;
+        public static ReadOnlySpan<byte> AuthorizationEncryptionEncValuesSupported => "authorization_encryption_enc_values_supported"u8;
         public static ReadOnlySpan<byte> AuthorizationResponseIssParameterSupported => "authorization_response_iss_parameter_supported"u8;
+        public static ReadOnlySpan<byte> AuthorizationSigningAlgValuesSupported => "authorization_signing_alg_values_supported"u8;
         public static ReadOnlySpan<byte> BackchannelAuthenticationEndpoint => "backchannel_authentication_endpoint"u8;
         public static ReadOnlySpan<byte> BackchannelAuthenticationRequestSigningAlgValuesSupported => "backchannel_authentication_request_signing_alg_values_supported"u8;
         public static ReadOnlySpan<byte> BackchannelTokenDeliveryModesSupported => "backchannel_token_delivery_modes_supported"u8;
@@ -137,6 +144,7 @@ internal static class OpenIdProviderMetadataUtf8Bytes
         public static ReadOnlySpan<byte> TokenEndpoint => "token_endpoint"u8;
         public static ReadOnlySpan<byte> TokenEndpointAuthMethodsSupported => "token_endpoint_auth_methods_supported"u8;
         public static ReadOnlySpan<byte> TokenEndpointAuthSigningAlgValuesSupported => "token_endpoint_auth_signing_alg_values_supported"u8;
+        public static ReadOnlySpan<byte> TlsClientCertificateBoundAccessTokens => "tls_client_certificate_bound_access_tokens"u8;
         public static ReadOnlySpan<byte> UILocalesSupported => "ui_locales_supported"u8;
         public static ReadOnlySpan<byte> UserInfoEndpoint => "userinfo_endpoint"u8;
         public static ReadOnlySpan<byte> UserInfoEncryptionAlgValuesSupported => "userinfo_encryption_alg_values_supported"u8;