Add additional metadata parameters to OpenIdConnectConfiguration

AzureAD · Jun 17, 2024 · d0131d5 · d0131d5
1 parent 78236a0
commit d0131d5
Show file tree

Hide file tree

Showing 7 changed files with 308 additions and 145 deletions.
diff --git a/...crosoft.IdentityModel.Protocols.OpenIdConnect/Configuration/OpenIdConnectConfiguration.cs b/...crosoft.IdentityModel.Protocols.OpenIdConnect/Configuration/OpenIdConnectConfiguration.cs
@@ -28,6 +28,7 @@ public class OpenIdConnectConfiguration : BaseConfiguration
         private ICollection<string> _claimsSupported;
         private ICollection<string> _claimsLocalesSupported;
         private ICollection<string> _claimTypesSupported;
+        private ICollection<string> _codeChallengeMethodsSupported;
         private ICollection<string> _displayValuesSupported;
         private ICollection<string> _dPoPSigningAlgValuesSupported;
         private ICollection<string> _grantTypesSupported;
@@ -42,6 +43,8 @@ public class OpenIdConnectConfiguration : BaseConfiguration
         private ICollection<string> _requestObjectSigningAlgValuesSupported;
         private ICollection<string> _responseModesSupported;
         private ICollection<string> _responseTypesSupported;
+        private ICollection<string> _revocationEndpointAuthMethodsSupported;
+        private ICollection<string> _revocationEndpointAuthSigningAlgValuesSupported;
         private ICollection<string> _scopesSupported;
         private ICollection<string> _subjectTypesSupported;
         private ICollection<string> _tokenEndpointAuthMethodsSupported;
@@ -233,6 +236,24 @@ public OpenIdConnectConfiguration(string json)
             Interlocked.CompareExchange(ref _claimTypesSupported, new Collection<string>(), null) ??
             _claimTypesSupported;
 
+        /// <summary>
+        /// Gets the collection of 'code_challenge_methods_supported'
+        /// </summary>
+        [JsonPropertyName(OpenIdProviderMetadataNames.CodeChallengeMethodsSupported)]
+        public ICollection<string> CodeChallengeMethodsSupported =>
+            _codeChallengeMethodsSupported ??
+            Interlocked.CompareExchange(ref _codeChallengeMethodsSupported, new Collection<string>(), null) ??
+            _codeChallengeMethodsSupported;
+
+        /// <summary>
+        /// Gets or sets the 'device_authorization_endpoint'.
+        /// </summary>
+        [JsonPropertyName(OpenIdProviderMetadataNames.DeviceAuthorizationEndpoint)]
+#if NET6_0_OR_GREATER
+        [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+#endif
+        public string DeviceAuthorizationEndpoint { get; set; }
+
         /// <summary>
         /// Gets the collection of 'display_values_supported'
         /// </summary>
@@ -374,7 +395,7 @@ public OpenIdConnectConfiguration(string json)
         /// Gets or sets the <see cref="JsonWebKeySet"/>
         /// </summary>
         [JsonIgnore]
-        public JsonWebKeySet JsonWebKeySet {get; set;}
+        public JsonWebKeySet JsonWebKeySet { get; set; }
 
         /// <summary>
         /// Boolean value specifying whether the OP can pass a sid (session ID) query parameter to identify the RP session at the OP when the logout_uri is used. Dafault Value is false.
@@ -508,6 +529,33 @@ public OpenIdConnectConfiguration(string json)
             Interlocked.CompareExchange(ref _responseTypesSupported, new Collection<string>(), null) ??
             _responseTypesSupported;
 
+        /// <summary>
+        /// Gets or sets the 'revocation_endpoint'
+        /// </summary>
+        [JsonPropertyName(OpenIdProviderMetadataNames.RevocationEndpoint)]
+#if NET6_0_OR_GREATER
+        [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+#endif
+        public string RevocationEndpoint { get; set; }
+
+        /// <summary>
+        /// Gets the collection of 'revocation_endpoint_auth_methods_supported'.
+        /// </summary>
+        [JsonPropertyName(OpenIdProviderMetadataNames.RevocationEndpointAuthMethodsSupported)]
+        public ICollection<string> RevocationEndpointAuthMethodsSupported =>
+            _revocationEndpointAuthMethodsSupported ??
+            Interlocked.CompareExchange(ref _revocationEndpointAuthMethodsSupported, new Collection<string>(), null) ??
+            _revocationEndpointAuthMethodsSupported;
+
+        /// <summary>
+        /// Gets the collection of 'revocation_endpoint_auth_signing_alg_values_supported'.
+        /// </summary>
+        [JsonPropertyName(OpenIdProviderMetadataNames.RevocationEndpointAuthSigningAlgValuesSupported)]
+        public ICollection<string> RevocationEndpointAuthSigningAlgValuesSupported =>
+            _revocationEndpointAuthSigningAlgValuesSupported ??
+            Interlocked.CompareExchange(ref _revocationEndpointAuthSigningAlgValuesSupported, new Collection<string>(), null) ??
+            _revocationEndpointAuthSigningAlgValuesSupported;
+
         /// <summary>
         /// Gets or sets the 'service_documentation'
         /// </summary>
@@ -688,6 +736,17 @@ public bool ShouldSerializeClaimTypesSupported()
             return ClaimTypesSupported.Count > 0;
         }
 
+        /// <summary>
+        /// Gets a bool that determines if the 'code_challenge_methods_supported' (CodeChallengeMethodsSupported) property should be serialized.
+        /// This is used by Json.NET in order to conditionally serialize properties.
+        /// </summary>
+        /// <return>true if 'code_challenge_methods_supported' (CodeChallengeMethodsSupported) is not empty; otherwise, false.</return>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public bool ShouldSerializeCodeChallengeMethodsSupported()
+        {
+            return CodeChallengeMethodsSupported.Count > 0;
+        }
+
         /// <summary>
         /// Gets a bool that determines if the 'display_values_supported' (DisplayValuesSupported) property should be serialized.
         /// This is used by Json.NET in order to conditionally serialize properties.
@@ -842,6 +901,28 @@ public bool ShouldSerializeResponseTypesSupported()
             return ResponseTypesSupported.Count > 0;
         }
 
+        /// <summary>
+        /// Gets a bool that determines if the 'revocation_endpoint_auth_methods_supported' (RevocationEndpointAuthMethodsSupported) property should be serialized.
+        /// This is used by Json.NET in order to conditionally serialize properties.
+        /// </summary>
+        /// <return>true if 'revocation_endpoint_auth_methods_supported' (RevocationEndpointAuthMethodsSupported) is not empty; otherwise, false.</return>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public bool ShouldSerializeRevocationEndpointAuthMethodsSupported()
+        {
+            return RevocationEndpointAuthMethodsSupported.Count > 0;
+        }
+
+        /// <summary>
+        /// Gets a bool that determines if the 'revocation_endpoint_auth_signing_alg_values_supported' (RevocationEndpointAuthSigningAlgValuesSupported) property should be serialized.
+        /// This is used by Json.NET in order to conditionally serialize properties.
+        /// </summary>
+        /// <return>true if 'revocation_endpoint_auth_signing_alg_values_supported' (RevocationEndpointAuthSigningAlgValuesSupported) is not empty; otherwise, false.</return>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public bool ShouldSerializeRevocationEndpointAuthSigningAlgValuesSupported()
+        {
+            return RevocationEndpointAuthSigningAlgValuesSupported.Count > 0;
+        }
+
         /// <summary>
         /// Gets a bool that determines if the 'SigningKeys' property should be serialized.
         /// This is used by Json.NET in order to conditionally serialize properties.

diff --git a/...rosoft.IdentityModel.Protocols.OpenIdConnect/Json/OpenIdConnectConfigurationSerializer.cs b/...rosoft.IdentityModel.Protocols.OpenIdConnect/Json/OpenIdConnectConfigurationSerializer.cs
@@ -40,7 +40,9 @@ internal static class OpenIdConnectConfigurationSerializer
             "CLAIMS_PARAMETER_SUPPORTED",
             "CLAIMS_SUPPORTED",
             "CLAIM_TYPES_SUPPORTED",
+            "CODE_CHALLENGE_METHODS_SUPPORTED",
             ".WELL-KNOWN/OPENID-CONFIGURATION",
+            "DEVICE_AUTHORIZATION_ENDPOINT",
             "DISPLAY_VALUES_SUPPORTED",
             "DPOP_SIGNING_ALG_VALUES_SUPPORTED",
             "END_SESSION_ENDPOINT",
@@ -71,6 +73,9 @@ internal static class OpenIdConnectConfigurationSerializer
             "REQUIRE_REQUEST_URI_REGISTRATION",
             "RESPONSE_MODES_SUPPORTED",
             "RESPONSE_TYPES_SUPPORTED",
+            "REVOCATION_ENDPOINT",
+            "REVOCATION_ENDPOINT_AUTH_METHODS_SUPPORTED",
+            "REVOCATION_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED",
             "SERVICE_DOCUMENTATION",
             "SCOPES_SUPPORTED",
             "SUBJECT_TYPES_SUPPORTED",
@@ -97,7 +102,7 @@ public static OpenIdConnectConfiguration Read(string json, OpenIdConnectConfigur
             {
                 return Read(ref reader, config);
             }
-            catch(JsonException ex)
+            catch (JsonException ex)
             {
                 if (ex.GetType() == typeof(JsonException))
                     throw;
@@ -131,7 +136,7 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
                         LogHelper.MarkAsNonPII(reader.CurrentDepth),
                         LogHelper.MarkAsNonPII(reader.BytesConsumed))));
 
-            while(true)
+            while (true)
             {
                 #region Check property name using ValueTextEquals
                 // https://datatracker.ietf.org/doc/html/rfc7517#section-4, does not require that we reject JSON with duplicate member names.
@@ -174,6 +179,12 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
                     else if (reader.ValueTextEquals(Utf8Bytes.ClaimTypesSupported))
                         JsonPrimitives.ReadStrings(ref reader, config.ClaimTypesSupported, MetadataName.ClaimTypesSupported, ClassName, true);
 
+                    else if (reader.ValueTextEquals(Utf8Bytes.CodeChallengeMethodsSupported))
+                        JsonPrimitives.ReadStrings(ref reader, config.CodeChallengeMethodsSupported, MetadataName.CodeChallengeMethodsSupported, ClassName, true);
+
+                    else if (reader.ValueTextEquals(Utf8Bytes.DeviceAuthorizationEndpoint))
+                        config.DeviceAuthorizationEndpoint = JsonPrimitives.ReadString(ref reader, MetadataName.DeviceAuthorizationEndpoint, ClassName, true);
+
                     else if (reader.ValueTextEquals(Utf8Bytes.DisplayValuesSupported))
                         JsonPrimitives.ReadStrings(ref reader, config.DisplayValuesSupported, MetadataName.DisplayValuesSupported, ClassName, true);
 
@@ -277,14 +288,20 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
                     else if (reader.ValueTextEquals(Utf8Bytes.ResponseTypesSupported))
                         JsonPrimitives.ReadStrings(ref reader, config.ResponseTypesSupported, MetadataName.ResponseTypesSupported, ClassName, true);
 
-                    else if (reader.ValueTextEquals(Utf8Bytes.ScopesSupported))
-                        JsonPrimitives.ReadStrings(ref reader, config.ScopesSupported, MetadataName.ScopesSupported, ClassName, true);
+                    else if (reader.ValueTextEquals(Utf8Bytes.RevocationEndpoint))
+                        config.RevocationEndpoint = JsonPrimitives.ReadString(ref reader, MetadataName.RevocationEndpoint, ClassName, true);
+
+                    else if (reader.ValueTextEquals(Utf8Bytes.RevocationEndpointAuthMethodsSupported))
+                        JsonPrimitives.ReadStrings(ref reader, config.RevocationEndpointAuthMethodsSupported, MetadataName.RevocationEndpointAuthMethodsSupported, ClassName, true);
+
+                    else if (reader.ValueTextEquals(Utf8Bytes.RevocationEndpointAuthSigningAlgValuesSupported))
+                        JsonPrimitives.ReadStrings(ref reader, config.RevocationEndpointAuthSigningAlgValuesSupported, MetadataName.RevocationEndpointAuthSigningAlgValuesSupported, ClassName, true);
 
                     else if (reader.ValueTextEquals(Utf8Bytes.ServiceDocumentation))
-                        config.ServiceDocumentation = JsonPrimitives.ReadString(ref reader, MetadataName.ScopesSupported, ClassName, true);
+                        config.ServiceDocumentation = JsonPrimitives.ReadString(ref reader, MetadataName.ServiceDocumentation, ClassName, true);
 
-                    else if (reader.ValueTextEquals(Utf8Bytes.SubjectTypesSupported))
-                        JsonPrimitives.ReadStrings(ref reader, config.SubjectTypesSupported, MetadataName.SubjectTypesSupported, ClassName, true);
+                    else if (reader.ValueTextEquals(Utf8Bytes.ScopesSupported))
+                        JsonPrimitives.ReadStrings(ref reader, config.ScopesSupported, MetadataName.ScopesSupported, ClassName, true);
 
                     else if (reader.ValueTextEquals(Utf8Bytes.SubjectTypesSupported))
                         JsonPrimitives.ReadStrings(ref reader, config.SubjectTypesSupported, MetadataName.SubjectTypesSupported, ClassName, true);
@@ -366,6 +383,12 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
                             else if (propertyName.Equals(MetadataName.ClaimTypesSupported, StringComparison.OrdinalIgnoreCase))
                                 JsonPrimitives.ReadStrings(ref reader, config.ClaimTypesSupported, propertyName, ClassName);
 
+                            else if (propertyName.Equals(MetadataName.CodeChallengeMethodsSupported, StringComparison.OrdinalIgnoreCase))
+                                JsonPrimitives.ReadStrings(ref reader, config.CodeChallengeMethodsSupported, propertyName, ClassName);
+
+                            else if (propertyName.Equals(MetadataName.DeviceAuthorizationEndpoint, StringComparison.OrdinalIgnoreCase))
+                                config.DeviceAuthorizationEndpoint = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);
+
                             else if (propertyName.Equals(MetadataName.DisplayValuesSupported, StringComparison.OrdinalIgnoreCase))
                                 JsonPrimitives.ReadStrings(ref reader, config.DisplayValuesSupported, propertyName, ClassName);
 
@@ -407,7 +430,7 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
                             else if (propertyName.Equals(MetadataName.IdTokenEncryptionEncValuesSupported, StringComparison.OrdinalIgnoreCase))
                                 JsonPrimitives.ReadStrings(ref reader, config.IdTokenEncryptionEncValuesSupported, propertyName, ClassName);
 
-                            else if (propertyName.Equals(MetadataName.IdTokenSigningAlgValuesSupported , StringComparison.OrdinalIgnoreCase))
+                            else if (propertyName.Equals(MetadataName.IdTokenSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
                                 JsonPrimitives.ReadStrings(ref reader, config.IdTokenSigningAlgValuesSupported, propertyName, ClassName);
 
                             else if (propertyName.Equals(MetadataName.IntrospectionEndpoint, StringComparison.OrdinalIgnoreCase))
@@ -470,6 +493,15 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
                             else if (propertyName.Equals(MetadataName.ResponseTypesSupported, StringComparison.OrdinalIgnoreCase))
                                 JsonPrimitives.ReadStrings(ref reader, config.ResponseTypesSupported, propertyName, ClassName);
 
+                            else if (propertyName.Equals(MetadataName.RevocationEndpoint, StringComparison.OrdinalIgnoreCase))
+                                config.RevocationEndpoint = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);
+
+                            else if (propertyName.Equals(MetadataName.RevocationEndpointAuthMethodsSupported, StringComparison.OrdinalIgnoreCase))
+                                JsonPrimitives.ReadStrings(ref reader, config.RevocationEndpointAuthMethodsSupported, propertyName, ClassName);
+
+                            else if (propertyName.Equals(MetadataName.RevocationEndpointAuthSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
+                                JsonPrimitives.ReadStrings(ref reader, config.RevocationEndpointAuthSigningAlgValuesSupported, propertyName, ClassName);
+
                             else if (propertyName.Equals(MetadataName.ScopesSupported, StringComparison.OrdinalIgnoreCase))
                                 JsonPrimitives.ReadStrings(ref reader, config.ScopesSupported, propertyName, ClassName);
 
@@ -577,6 +609,12 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c
             if (config.ClaimTypesSupported.Count > 0)
                 JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.ClaimTypesSupported, config.ClaimTypesSupported);
 
+            if (config.CodeChallengeMethodsSupported.Count > 0)
+                JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.CodeChallengeMethodsSupported, config.CodeChallengeMethodsSupported);
+
+            if (!string.IsNullOrEmpty(config.DeviceAuthorizationEndpoint))
+                writer.WriteString(Utf8Bytes.DeviceAuthorizationEndpoint, config.DeviceAuthorizationEndpoint);
+
             if (config.DisplayValuesSupported.Count > 0)
                 JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.DisplayValuesSupported, config.DisplayValuesSupported);
 
@@ -638,7 +676,7 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c
                 writer.WriteString(Utf8Bytes.PushedAuthorizationRequestEndpoint, config.PushedAuthorizationRequestEndpoint);
 
             if (!string.IsNullOrEmpty(config.RegistrationEndpoint))
-                 writer.WriteString(Utf8Bytes.RegistrationEndpoint, config.RegistrationEndpoint);
+                writer.WriteString(Utf8Bytes.RegistrationEndpoint, config.RegistrationEndpoint);
 
             if (config.RequestObjectEncryptionAlgValuesSupported.Count > 0)
                 JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.RequestObjectEncryptionAlgValuesSupported, config.RequestObjectEncryptionAlgValuesSupported);
@@ -670,6 +708,15 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c
             if (config.ScopesSupported.Count > 0)
                 JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.ScopesSupported, config.ScopesSupported);
 
+            if (!string.IsNullOrEmpty(config.RevocationEndpoint))
+                writer.WriteString(Utf8Bytes.RevocationEndpoint, config.RevocationEndpoint);
+
+            if (config.RevocationEndpointAuthMethodsSupported.Count > 0)
+                JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.RevocationEndpointAuthMethodsSupported, config.RevocationEndpointAuthMethodsSupported);
+
+            if (config.RevocationEndpointAuthSigningAlgValuesSupported.Count > 0)
+                JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.RevocationEndpointAuthSigningAlgValuesSupported, config.RevocationEndpointAuthSigningAlgValuesSupported);
+
             if (!string.IsNullOrEmpty(config.ServiceDocumentation))
                 writer.WriteString(Utf8Bytes.ServiceDocumentation, config.ServiceDocumentation);
 
@@ -708,4 +755,3 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c
         #endregion
     }
 }
-