-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Added parameter iss return from Authorization endpoint * Added Resource Indicators support * Bump-up nuget refs * Fix some suggestions from Sonar
- Loading branch information
1 parent
006e08d
commit fade652
Showing
58 changed files
with
1,806 additions
and
218 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,6 +21,7 @@ | |
// [email protected] | ||
|
||
using Abblix.Jwt; | ||
using Abblix.Oidc.Server.Common.Constants; | ||
using Abblix.Oidc.Server.Features.ClientInformation; | ||
using Abblix.Oidc.Server.Model; | ||
|
||
|
@@ -41,7 +42,7 @@ public record OidcOptions | |
|
||
/// <summary> | ||
/// Represents the unique identifier of the OIDC server. | ||
/// It is recommended to use a URL that is controlled by the entity operating the OIDC server, and it should be | ||
/// It is recommended to use a URL controlled by the entity operating the OIDC server, and it should be | ||
/// consistent across different environments to maintain trust with client applications. | ||
/// </summary> | ||
public string? Issuer { get; set; } | ||
|
@@ -100,7 +101,7 @@ public record OidcOptions | |
/// <summary> | ||
/// The collection of JSON Web Keys (JWK) used for signing tokens issued by the OIDC server. | ||
/// Signing tokens is a critical security measure that ensures the integrity and authenticity of the tokens. | ||
/// These keys are used to digitally sign ID tokens, access tokens, and other JWTs issued by the server, | ||
/// These keys are used to digitally sign ID tokens, access tokens, and other JWT tokens issued by the server, | ||
/// allowing clients to verify that the tokens have not been tampered with and were indeed issued by this server. | ||
/// It is recommended to rotate these keys periodically to maintain the security of the token signing process. | ||
/// </summary> | ||
|
@@ -129,9 +130,9 @@ public record OidcOptions | |
/// <summary> | ||
/// The collection of JSON Web Keys (JWK) used for encrypting tokens or sensitive information sent to the clients. | ||
/// Encryption is essential for protecting sensitive data within tokens, especially when tokens are passed through | ||
/// less secure channels or when storing tokens at the client side. These keys are utilized to encrypt ID tokens and, | ||
/// optionally, access tokens when the OIDC server sends them to clients. Clients use the corresponding public keys | ||
/// to decrypt the tokens and access the contained claims. | ||
/// less secure channels or when storing tokens on the client side. | ||
/// These keys are used to encrypt ID tokens and, optionally, access tokens when the OIDC server sends them to clients. | ||
/// Clients use the corresponding public keys to decrypt the tokens and access the contained claims. | ||
/// </summary> | ||
public IReadOnlyCollection<JsonWebKey> EncryptionKeys { get; set; } = Array.Empty<JsonWebKey>(); | ||
|
||
|
@@ -146,12 +147,33 @@ public record OidcOptions | |
/// <summary> | ||
/// A JWT used for licensing and configuration validation of the OIDC service. This token contains claims that the | ||
/// OIDC service uses to validate its configuration, features, and licensing status, ensuring the service operates | ||
/// within its licensed capabilities. Proper validation of this token is crucial for the service's legal and functional | ||
/// compliance. | ||
/// within its licensed capabilities. Proper validation of this token is crucial for the service's legal and | ||
/// functional compliance. | ||
/// </summary> | ||
public string? LicenseJwt { get; set; } | ||
|
||
/// <summary> | ||
/// The standard length of the authorization code generated by the server. | ||
/// </summary> | ||
public int AuthorizationCodeLength { get; set; } = 64; | ||
|
||
/// <summary> | ||
/// The standard length of the request URI generated by the server for Pushed Authorization Requests (PAR). | ||
/// </summary> | ||
public int RequestUriLength { get; set; } = 64; | ||
|
||
/// <summary> | ||
/// The supported scopes and their respective claim types, which outline the access permissions and associated data | ||
/// that clients can request. | ||
/// This setting determines what information and operations are available to different clients based on the scopes | ||
/// they request during authorization. | ||
/// </summary> | ||
public ScopeDefinition[]? Scopes { get; set; } | ||
|
||
/// <summary> | ||
/// The resource definitions supported by the OIDC server. This setting outlines the resources that clients | ||
/// can request access to during authorization, ensuring the OIDC server can enforce access control policies | ||
/// and permissions based on these definitions. | ||
/// </summary> | ||
public ResourceDefinition[]? Resources { get; set; } | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
// Abblix OIDC Server Library | ||
// Copyright (c) Abblix LLP. All rights reserved. | ||
// | ||
// DISCLAIMER: This software is provided 'as-is', without any express or implied | ||
// warranty. Use at your own risk. Abblix LLP is not liable for any damages | ||
// arising from the use of this software. | ||
// | ||
// LICENSE RESTRICTIONS: This code may not be modified, copied, or redistributed | ||
// in any form outside of the official GitHub repository at: | ||
// https://github.com/Abblix/OIDC.Server. All development and modifications | ||
// must occur within the official repository and are managed solely by Abblix LLP. | ||
// | ||
// Unauthorized use, modification, or distribution of this software is strictly | ||
// prohibited and may be subject to legal action. | ||
// | ||
// For full licensing terms, please visit: | ||
// | ||
// https://oidc.abblix.com/license | ||
// | ||
// CONTACT: For license inquiries or permissions, contact Abblix LLP at | ||
// [email protected] | ||
|
||
namespace Abblix.Oidc.Server.Common.Constants; | ||
|
||
/// <summary> | ||
/// Represents a resource with associated scopes, defining the permissions and access levels within an application. | ||
/// This record is typically used to configure and enforce authorization policies based on resource identifiers | ||
/// and their corresponding scopes. | ||
/// </summary> | ||
/// <param name="Resource">The identifier for the resource, often a unique name or URL representing the resource.</param> | ||
/// <param name="Scopes">A variable number of scope definitions associated with the resource. Each scope definition | ||
/// specifies a scope and its related claims, detailing the access levels and permissions granted.</param> | ||
public record ResourceDefinition(Uri Resource, params ScopeDefinition[] Scopes); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.