Support ASP.NET 5.0 (#515)

* Update to ASP.NET 5

Updates to support ASP.NET 5, using preview 6.
Remove obsolete members.

* Update to ASP.NET 5 preview 7

Update to preview 5 of ASP.NET 5.

* Update to ASP.NET 5 preview 8

Update to preview 8 of ASP.NET 5.

* Align with AspNetCore previews

Update the version metadata to align with ASP.NET Core, so we generate prerelease labels like "preview.8." or "rc.1.".

* Update to ASP.NET 5 RC1

Update to RC1 of ASP.NET 5.

* Use HashData() and ToHexString() methods

Use new HashData() methods for SHA256 and MD5.
Use Convert.ToHexString().

* Fix sign out in sample

Fix sign out in the sample not working as it was overriding a method that is decorated with [NonAction].

* Use <DebugType>portable</DebugType> to avoid embedding the PDBs in the assemblies

* Handle user cancelling LinkedIn sign in

Handle the user cancelling login or denying permissions during LinkedIn sign in.
Resolves #480.

* Add Kloudless provider (#479)

* WIP : Add kloudless provider

* Add kloudless provider

* Add entry in readme

* Add commented example

* Add more unit tests. Explicit error

* Fix exception usage

* Add missing punctuation

* Add kloudless doc. Specify default scope and add possible scopes.

* remove example in MVC project

* Fix convention issue on constant. Add comment.

* Update Kloudless provider to .NET 5

Updates to the Kloudless provider to support .NET 5.

* Update to ASP.NET 5 RC2

Update to RC2 of ASP.NET 5.

* Use IMemoryCache for Apple client secrets

Use an IMemoryCache for Apple client secrets to support multiple keys in use at once for a mult-tenant application.

Co-Authored-By: SeongChan Lee <[email protected]>

* Add unit test for key caching

Add a unit test to verify that keys are cached according to their options and vary according to different client/team/key Ids.

* Use structured logging

Use structured logging if client secret generation fails.

* Remove JwtSecurityTokenHandler from DI

Remove the configuration of JwtSecurityTokenHandler from the DI container and instead make it a property on AppleAuthenticationOptions.

* Do not overlap with existing CryptoProviderFactory

Rather than using an existing CryptoProviderFactory if one is registered with DI, which could potentially create a conflict between other usage and ours, explicitly use a custom implementation that ensures the cache is disabled.

* Move JwtSecurityTokenHandler setup to post-configure

Setup the JwtSecurityTokenHandler as a post-configure options implementation, rather than null-checking each time it's used.

* Move Apple provider's services out of DI

Move the services for the Apple provider out of DI and instead make them options on the AppleAuthenticationOptions class instead.

* Remove !

Remove ! as it doesn't trigger a compiler error anymore since RC2.

* Update staging subdomain for SuperOffice (#490)

Co-authored-by: SuperOfficeDevNet <[email protected]>

* Add email claim for Yahoo provider (#488)

Email is a mandatory claim. Add it by default to claims.

* Add email to Yahoo tests

Add a test for the email claim for the Yahoo provider.
Relates to #488.

* Add KakaoTalk provider (#493)

Add KakaoTalk provider and unit tests

* Update KakaoTalk provider for .NET 5

Update the KakaoTalk provider to support .NET 5.

* Use new syntax to set environment variable

Use new syntax to set environment variable value.
See https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable.

* Use Write-Output

Use Write-Output instead of Write-Host.

* Use GITHUB_ENV not GITHUB_PATH

That's what happens when the example of how to do one thing is in the section about how to do something else.

* Update to ASP.NET 5

Update to the final release of ASP.NET 5.
Update NuGet packages to their latest versions.

* Bump version to 5.0.1

Bump version to 5.0.1 for next release.
Revert prerelease label to preview.

* Add UnionId claim for QQ provider (#509)

* Add claim for 'UnionId' of QQ platform, and other optimizations for details

* Update unittest&doc

* Update unitest for UnionID

* Fix doc & code style by suggestions of review

* Use built-in SDK analyzers

Use the code analyzers built into the .NET 5.0 SDK.

* Use new ReadAs*() overloads

Use new overloads for reading content which take a CancellationToken.

* Add amoCRM provider (#507)

* Add amoCRM provider

* - Rename constants;
- Change exception message;
- Add test for surnamt claim type.

* README change

* Add amocrm.md

* amoCRM required props description.

* Add Lichess provider (#511)

* Add Lichess Provider

* Fixed indentation issue with documentation

* Adding refresh token and accurate expires_in to bundle.json

* Fixed PreferencesWrite scope name

* Reverted to original Tests project definition

* Fixed naming issue

* Cleaned up code formatting issue

* Updated documentation to reflect correct property type for Scope

Co-authored-by: Martin Costello <[email protected]>

* Renamed payloadEmail to emailPayload

Co-authored-by: Martin Costello <[email protected]>

* Comment casing typo corrected

Co-authored-by: Martin Costello <[email protected]>

* Changed comment regarding backchannel request

Co-authored-by: Martin Costello <[email protected]>

* Added Async to name of asynchronous method

Co-authored-by: Martin Costello <[email protected]>

* Code formatting fix

Co-authored-by: Martin Costello <[email protected]>

* Added nuget link to README

* Renamed LichessAuthenticationConstants

* Corrected one remaining CHANGEME reference

* Fixed issues from renaming from suggestions

* Fixed test reference

Co-authored-by: Martin Costello <[email protected]>

* Update amoCrm and Lichess providers to .NET 5

Update the amoCRM and Lichess providers to support .NET 5.0.

* Add missing XML documentation

For completeness, add missing XML documentation to the Lichess handler.

* Fix parameter name

Change "schema" to "scheme".

* Stop using NuGet's Central Package Version Management feature

* Add UnionId claim for QQ provider (#509)

* Add claim for 'UnionId' of QQ platform, and other optimizations for details

* Update unittest&doc

* Update unitest for UnionID

* Fix doc & code style by suggestions of review

* Fix incorrect type

Document the scopes as a collection, not a single string.

* Update Pull Request template

* Add note about package ownership for new providers.
* Add note that creating issues for pull requests is optional.

Co-authored-by: Kévin Chalet <[email protected]>
Co-authored-by: Yann <[email protected]>
Co-authored-by: SeongChan Lee <[email protected]>
Co-authored-by: Anthony Yates <[email protected]>
Co-authored-by: SuperOfficeDevNet <[email protected]>
Co-authored-by: Faraj Farook <[email protected]>
Co-authored-by: Donghyeon Kim <[email protected]>
Co-authored-by: LeaFrock <[email protected]>
Co-authored-by: Denis Ivanov <[email protected]>
Co-authored-by: tanczosm <[email protected]>

Author: 11 people

AspNet.Security.OAuth.Providers.ruleset

@@ -2,6 +2,7 @@
 <RuleSet Name="AspNet.Security.OAuth.Providers Rules" Description="This rule set contains rules for the AspNet.Security.OAuth.Providers solution." ToolsVersion="16.0">
   <IncludeAll Action="Warning" />
   <Rules AnalyzerId="Microsoft.Analyzers.ManagedCodeAnalysis" RuleNamespace="Microsoft.Rules.Managed">
+    <Rule Id="CA1014" Action="None" />
     <Rule Id="CA1031" Action="None" />
     <Rule Id="CA1034" Action="None" />
     <Rule Id="CA1044" Action="None" />
@@ -13,6 +14,7 @@
     <Rule Id="CA1724" Action="None" />
     <Rule Id="CA1812" Action="None" />
     <Rule Id="CA2007" Action="None" />
+    <Rule Id="CA2201" Action="None" />
     <Rule Id="CA2208" Action="None" />
     <Rule Id="CA2234" Action="None" />
   </Rules>

Directory.Build.props

@@ -57,13 +57,11 @@
   </PropertyGroup>
 
   <PropertyGroup>
+    <AnalysisMode>AllEnabledByDefault</AnalysisMode>
     <CodeAnalysisRuleSet>$(MSBuildThisFileDirectory)AspNet.Security.OAuth.Providers.ruleset</CodeAnalysisRuleSet>
+    <EnableNETAnalyzers>true</EnableNETAnalyzers>
   </PropertyGroup>
 
-  <ItemGroup>
-    <PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" PrivateAssets="All" />
-  </ItemGroup>
-
   <ItemGroup>
     <AdditionalFiles Include="$(MSBuildThisFileDirectory)stylecop.json" Link="stylecop.json" />
     <PackageReference Include="StyleCop.Analyzers" PrivateAssets="All" />

docs/sign-in-with-apple.md

@@ -77,11 +77,15 @@ Below are links to a number of other documentation sources, blog posts and sampl
 | Property Name | Property Type | Description | Default Value |
 |:--|:--|:--|:--|
 | `ClientSecretExpiresAfter` | `TimeSpan` | The period of time after which generated client secrets expire if `GenerateClientSecret` is set to `true`. | 6 months |
+| `ClientSecretGenerator` | `AppleClientSecretGenerator` | A service that generates client secrets for Sign In with Apple. | _An internal implementation_ |
 | `GenerateClientSecret` | `bool` | Whether to automatically generate a client secret. | `false` |
+| `JwtSecurityTokenHandler` | `JwtSecurityTokenHandler` | The handler to use to validate JSON Web Keys. | `new JwtSecurityTokenHandler()` |
 | `KeyId` | `string?` | The optional ID for your Sign in with Apple private key. | `null` |
+| `KeyStore` | `AppleKeyStore` | A service that loads private keys to use with Sign In with Apple. | _An internal implementation_ |
 | `PublicKeyCacheLifetime` | `TimeSpan` | The default period of time to cache Apple public key(s) for. | `TimeSpan.FromMinutes(15)` |
 | `PublicKeyEndpoint` | `string` | The URI to use to retrieve the Apple public keys. | `AppleAuthenticationDefaults.PublicKeyEndpoint` |
 | `PrivateKeyBytes` | `Func<string, Task<byte[]>>?` | An optional delegate to use to get the raw bytes of the client's private key in PKCS #8 format. | `null` |
 | `TeamId` | `string` | The Team ID for your Apple Developer account. | `""` |
 | `TokenAudience` | `string` | The audience used for tokens. | `AppleAuthenticationConstants.Audience` |
+| `TokenValidator` | `AppleIdTokenValidator` | A service that validates Apple ID tokens. | `An internal implementation` |
 | `ValidateTokens` | `bool` | Whether to validate tokens using Apple's public key. | `true` |

eng/Versions.props

@@ -1,13 +1,17 @@
 <Project>
 
   <PropertyGroup>
-    <MajorVersion>3</MajorVersion>
-    <MinorVersion>1</MinorVersion>
-    <PatchVersion>7</PatchVersion>
+    <MajorVersion>5</MajorVersion>
+    <MinorVersion>0</MinorVersion>
+    <PatchVersion>1</PatchVersion>
     <VersionPrefix>$(MajorVersion).$(MinorVersion).$(PatchVersion)</VersionPrefix>
     <PreReleaseVersionLabel>preview</PreReleaseVersionLabel>
+    <PreReleaseVersionIteration></PreReleaseVersionIteration>
+    <PreReleaseBrandingLabel>Preview $(PreReleaseVersionIteration)</PreReleaseBrandingLabel>
     <StabilizePackageVersion Condition="'$(StabilizePackageVersion)' == ''">false</StabilizePackageVersion>
     <DotNetFinalVersionKind Condition="'$(StabilizePackageVersion)' == 'true'">release</DotNetFinalVersionKind>
+    <IncludePreReleaseLabelInPackageVersion>true</IncludePreReleaseLabelInPackageVersion>
+    <IncludePreReleaseLabelInPackageVersion Condition=" '$(DotNetFinalVersionKind)' == 'release' ">false</IncludePreReleaseLabelInPackageVersion>
   </PropertyGroup>
 
 </Project>

global.json

@@ -1,6 +1,6 @@
 {
   "tools": {
-    "dotnet": "3.1.401"
+    "dotnet": "5.0.100"
   },
 
   "msbuild-sdks": {

samples/Mvc.Client/Controllers/AuthenticationController.cs

@@ -40,7 +40,7 @@ public async Task<IActionResult> SignIn([FromForm] string provider)
 
         [HttpGet("~/signout")]
         [HttpPost("~/signout")]
-        public IActionResult SignOut()
+        public IActionResult SignOutCurrentUser()
         {
             // Instruct the cookies middleware to delete the local cookie created
             // when the user agent is redirected from the external identity provider

samples/Mvc.Client/Mvc.Client.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp3.1</TargetFrameworks>
+    <TargetFrameworks>net5.0</TargetFrameworks>
     <UserSecretsId>AspNet.Security.OAuth.Providers.Mvc.Client</UserSecretsId>
   </PropertyGroup>
 

src/AspNet.Security.OAuth.Amazon/AmazonAuthenticationHandler.cs

@@ -64,19 +64,19 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
                                 "returned a {Status} response with the following payload: {Headers} {Body}.",
                                 /* Status: */ response.StatusCode,
                                 /* Headers: */ response.Headers.ToString(),
-                                /* Body: */ await response.Content.ReadAsStringAsync());
+                                /* Body: */ await response.Content.ReadAsStringAsync(Context.RequestAborted));
 
                 throw new HttpRequestException("An error occurred while retrieving the user profile from Amazon.");
             }
 
-            using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync());
+            using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync(Context.RequestAborted));
 
             var principal = new ClaimsPrincipal(identity);
             var context = new OAuthCreatingTicketContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement);
             context.RunClaimActions();
 
             await Options.Events.CreatingTicket(context);
-            return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
+            return new AuthenticationTicket(context.Principal!, context.Properties, Scheme.Name);
         }
     }
 }

src/AspNet.Security.OAuth.Amazon/AspNet.Security.OAuth.Amazon.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp3.1</TargetFrameworks>
+    <TargetFrameworks>net5.0</TargetFrameworks>
   </PropertyGroup>
 
   <PropertyGroup>

src/AspNet.Security.OAuth.AmoCrm/AmoCrmAuthenticationExtensions.cs

@@ -47,33 +47,33 @@ public static AuthenticationBuilder AddAmoCrm(
         /// <see cref="ApplicationBuilder"/>, which enables amoCRM authentication capabilities.
         /// </summary>
         /// <param name="builder">The authentication builder.</param>
-        /// <param name="schema">The authentication scheme associated with this instance.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
         /// <param name="configuration">The delegate used to configure the amoCRM options.</param>
         /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
         public static AuthenticationBuilder AddAmoCrm(
             [NotNull] this AuthenticationBuilder builder,
-            [NotNull] string schema,
+            [NotNull] string scheme,
             [NotNull] Action<AmoCrmAuthenticationOptions> configuration)
         {
-            return builder.AddAmoCrm(schema, AmoCrmAuthenticationDefaults.DisplayName, configuration);
+            return builder.AddAmoCrm(scheme, AmoCrmAuthenticationDefaults.DisplayName, configuration);
         }
 
         /// <summary>
         /// Adds <see cref="AmoCrmAuthenticationHandler"/> to the specified
         /// <see cref="ApplicationBuilder"/>, which enables amoCRM authentication capabilities.
         /// </summary>
         /// <param name="builder">The authentication builder.</param>
-        /// <param name="schema">The authentication scheme associated with this instance.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
         /// <param name="caption">The optional display name associated with this instance.</param>
         /// <param name="configuration">The delegate used to configure the amoCRM options.</param>
         /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
         public static AuthenticationBuilder AddAmoCrm(
             [NotNull] this AuthenticationBuilder builder,
-            [NotNull] string schema,
+            [NotNull] string scheme,
             [NotNull] string caption,
             [NotNull] Action<AmoCrmAuthenticationOptions> configuration)
         {
-            return builder.AddOAuth<AmoCrmAuthenticationOptions, AmoCrmAuthenticationHandler>(schema, caption, configuration);
+            return builder.AddOAuth<AmoCrmAuthenticationOptions, AmoCrmAuthenticationHandler>(scheme, caption, configuration);
         }
     }
 }