Upgrade to Openiddict 6.0.0.

Directory.Packages.props

@@ -120,11 +120,11 @@
     <PackageVersion Include="NUglify" Version="1.21.0" />
     <PackageVersion Include="Nullable" Version="1.3.1" />
     <PackageVersion Include="Octokit" Version="9.0.0" />
-    <PackageVersion Include="OpenIddict.Abstractions" Version="5.5.0" />
-    <PackageVersion Include="OpenIddict.Core" Version="5.5.0" />
-    <PackageVersion Include="OpenIddict.Server.AspNetCore" Version="5.5.0" />
-    <PackageVersion Include="OpenIddict.Validation.AspNetCore" Version="5.5.0" />
-    <PackageVersion Include="OpenIddict.Validation.ServerIntegration" Version="5.5.0" />
+    <PackageVersion Include="OpenIddict.Abstractions" Version="6.0.0-preview1.24504.78" />
+    <PackageVersion Include="OpenIddict.Core" Version="6.0.0-preview1.24504.78" />
+    <PackageVersion Include="OpenIddict.Server.AspNetCore" Version="6.0.0-preview1.24504.78" />
+    <PackageVersion Include="OpenIddict.Validation.AspNetCore" Version="6.0.0-preview1.24504.78" />
+    <PackageVersion Include="OpenIddict.Validation.ServerIntegration" Version="6.0.0-preview1.24504.78" />
     <PackageVersion Include="Oracle.EntityFrameworkCore" Version="8.23.40" />
     <PackageVersion Include="Polly" Version="8.2.0" />
     <PackageVersion Include="Polly.Extensions.Http" Version="3.0.0" />

modules/openiddict/app/OpenIddict.Demo.Client.BlazorWASM/Pages/Index.razor

@@ -21,9 +21,9 @@ Welcome to your new app.
 
 @if (_claims.Count() > 0)
 {
-    <p>
+    <textarea style="width: -webkit-fill-available; height: 300px">
         @_accessToken
-    </p>
+    </textarea>
 
     <ul>
         @foreach (var claim in _claims)

modules/openiddict/app/OpenIddict.Demo.Client.BlazorWASM/Program.cs

@@ -15,7 +15,7 @@
     options.ProviderOptions.ClientId = "AbpBlazorWASMApp";
     options.ProviderOptions.ResponseType = "code";
 
-    options.UserOptions.NameClaim = JwtClaimTypes.Name;
+    options.UserOptions.NameClaim = JwtClaimTypes.PreferredUserName;
     options.UserOptions.RoleClaim = JwtClaimTypes.Role;
 
     options.ProviderOptions.DefaultScopes.Add("roles");

modules/openiddict/app/OpenIddict.Demo.Server/EntityFrameworkCore/ServerDataSeedContributor.cs

@@ -67,10 +67,10 @@ await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor
                 {
                     OpenIddictConstants.Permissions.Endpoints.Authorization,
                     OpenIddictConstants.Permissions.Endpoints.Token,
-                    OpenIddictConstants.Permissions.Endpoints.Device,
+                    OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization,
                     OpenIddictConstants.Permissions.Endpoints.Introspection,
                     OpenIddictConstants.Permissions.Endpoints.Revocation,
-                    OpenIddictConstants.Permissions.Endpoints.Logout,
+                    OpenIddictConstants.Permissions.Endpoints.EndSession,
 
                     OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
                     OpenIddictConstants.Permissions.GrantTypes.Implicit,
@@ -125,10 +125,10 @@ await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor
                 {
                     OpenIddictConstants.Permissions.Endpoints.Authorization,
                     OpenIddictConstants.Permissions.Endpoints.Token,
-                    OpenIddictConstants.Permissions.Endpoints.Device,
+                    OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization,
                     OpenIddictConstants.Permissions.Endpoints.Introspection,
                     OpenIddictConstants.Permissions.Endpoints.Revocation,
-                    OpenIddictConstants.Permissions.Endpoints.Logout,
+                    OpenIddictConstants.Permissions.Endpoints.EndSession,
 
                     OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
                     OpenIddictConstants.Permissions.GrantTypes.Implicit,

modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20240829013142_Initial.cs → modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20241005085943_Initial.cs

@@ -232,9 +232,11 @@ protected override void Up(MigrationBuilder migrationBuilder)
                     TenantId = table.Column<Guid>(type: "uniqueidentifier", nullable: true),
                     UserId = table.Column<Guid>(type: "uniqueidentifier", nullable: false),
                     ClientId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
-                    IpAddresses = table.Column<string>(type: "nvarchar(256)", maxLength: 256, nullable: true),
+                    IpAddresses = table.Column<string>(type: "nvarchar(2048)", maxLength: 2048, nullable: true),
                     SignedIn = table.Column<DateTime>(type: "datetime2", nullable: false),
-                    LastAccessed = table.Column<DateTime>(type: "datetime2", nullable: true)
+                    LastAccessed = table.Column<DateTime>(type: "datetime2", nullable: true),
+                    ExtraProperties = table.Column<string>(type: "nvarchar(max)", nullable: false),
+                    ConcurrencyStamp = table.Column<string>(type: "nvarchar(40)", maxLength: 40, nullable: false)
                 },
                 constraints: table =>
                 {

modules/openiddict/app/OpenIddict.Demo.Server/Migrations/ServerDbContextModelSnapshot.cs

@@ -19,7 +19,7 @@ protected override void BuildModel(ModelBuilder modelBuilder)
 #pragma warning disable 612, 618
             modelBuilder
                 .HasAnnotation("_Abp_DatabaseProvider", EfCoreDatabaseProvider.SqlServer)
-                .HasAnnotation("ProductVersion", "8.0.4")
+                .HasAnnotation("ProductVersion", "9.0.0-rc.1.24451.1")
                 .HasAnnotation("Relational:MaxIdentifierLength", 128);
 
             SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder);
@@ -391,6 +391,13 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                         .HasMaxLength(64)
                         .HasColumnType("nvarchar(64)");
 
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .IsRequired()
+                        .HasMaxLength(40)
+                        .HasColumnType("nvarchar(40)")
+                        .HasColumnName("ConcurrencyStamp");
+
                     b.Property<string>("Device")
                         .IsRequired()
                         .HasMaxLength(64)
@@ -400,9 +407,14 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                         .HasMaxLength(64)
                         .HasColumnType("nvarchar(64)");
 
+                    b.Property<string>("ExtraProperties")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(max)")
+                        .HasColumnName("ExtraProperties");
+
                     b.Property<string>("IpAddresses")
-                        .HasMaxLength(256)
-                        .HasColumnType("nvarchar(256)");
+                        .HasMaxLength(2048)
+                        .HasColumnType("nvarchar(2048)");
 
                     b.Property<DateTime?>("LastAccessed")
                         .HasColumnType("datetime2");

modules/openiddict/app/OpenIddict.Demo.Server/OpenIddictServerModule.cs

@@ -89,24 +89,7 @@ public override void PreConfigureServices(ServiceConfigurationContext context)
 
         PreConfigure<OpenIddictServerBuilder>(builder =>
         {
-            //https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
-            using (var algorithm = RSA.Create(keySizeInBits: 2048))
-            {
-                var subject = new X500DistinguishedName("CN=Fabrikam Encryption Certificate");
-                var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
-                request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
-                var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(2));
-                builder.AddSigningCertificate(certificate);
-            }
-
-            using (var algorithm = RSA.Create(keySizeInBits: 2048))
-            {
-                var subject = new X500DistinguishedName("CN=Fabrikam Signing Certificate");
-                var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
-                request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment, critical: true));
-                var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(2));
-                builder.AddEncryptionCertificate(certificate);
-            }
+            builder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "00000000-0000-0000-0000-000000000000");
 
             builder.Configure(openIddictServerOptions =>
             {

modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs

@@ -62,13 +62,13 @@ private void AddOpenIddictServer(IServiceCollection services)
                     //.SetConfigurationEndpointUris()
                     // .well-known/jwks
                     //.SetCryptographyEndpointUris()
-                    .SetDeviceEndpointUris("device")
+                    .SetDeviceAuthorizationEndpointUris("device")
                     .SetIntrospectionEndpointUris("connect/introspect")
-                    .SetLogoutEndpointUris("connect/logout")
+                    .SetEndSessionEndpointUris("connect/endsession")
                     .SetRevocationEndpointUris("connect/revocat")
                     .SetTokenEndpointUris("connect/token")
-                    .SetUserinfoEndpointUris("connect/userinfo")
-                    .SetVerificationEndpointUris("connect/verify");
+                    .SetUserInfoEndpointUris("connect/userinfo")
+                    .SetEndUserVerificationEndpointUris("connect/verify");
 
                 builder
                     .AllowAuthorizationCodeFlow()
@@ -77,7 +77,7 @@ private void AddOpenIddictServer(IServiceCollection services)
                     .AllowPasswordFlow()
                     .AllowClientCredentialsFlow()
                     .AllowRefreshTokenFlow()
-                    .AllowDeviceCodeFlow()
+                    .AllowDeviceAuthorizationFlow()
                     .AllowNoneFlow();
 
                 builder.RegisterScopes(new[]
@@ -94,9 +94,9 @@ private void AddOpenIddictServer(IServiceCollection services)
                 builder.UseAspNetCore()
                     .EnableAuthorizationEndpointPassthrough()
                     .EnableTokenEndpointPassthrough()
-                    .EnableUserinfoEndpointPassthrough()
-                    .EnableLogoutEndpointPassthrough()
-                    .EnableVerificationEndpointPassthrough()
+                    .EnableUserInfoEndpointPassthrough()
+                    .EnableEndSessionEndpointPassthrough()
+                    .EnableEndUserVerificationEndpointPassthrough()
                     .EnableStatusCodePagesIntegration();
 
                 if (builderOptions.AddDevelopmentEncryptionAndSigningCertificate)

modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs

@@ -30,11 +30,11 @@ public virtual async Task<IActionResult> HandleAsync()
 
         // If prompt=login was specified by the client application,
         // immediately return the user agent to the login page.
-        if (request.HasPrompt(OpenIddictConstants.Prompts.Login))
+        if (request.HasPrompt(OpenIddictConstants.PromptValues.Login))
         {
             // To avoid endless login -> authorization redirects, the prompt=login flag
             // is removed from the authorization request payload before redirecting the user.
-            var prompt = string.Join(" ", request.GetPrompts().Remove(OpenIddictConstants.Prompts.Login));
+            var prompt = string.Join(" ", request.GetPrompts().Remove(OpenIddictConstants.PromptValues.Login));
 
             var parameters = Request.HasFormContentType ?
                 Request.Form.Where(parameter => parameter.Key != OpenIddictConstants.Parameters.Prompt).ToList() :
@@ -59,7 +59,7 @@ public virtual async Task<IActionResult> HandleAsync()
         {
             // If the client application requested promptless authentication,
             // return an error indicating that the user is not logged in.
-            if (request.HasPrompt(OpenIddictConstants.Prompts.None))
+            if (request.HasPrompt(OpenIddictConstants.PromptValues.None))
             {
                 return Forbid(
                     authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
@@ -137,7 +137,7 @@ public virtual async Task<IActionResult> HandleAsync()
             // return an authorization response without displaying the consent form.
             case OpenIddictConstants.ConsentTypes.Implicit:
             case OpenIddictConstants.ConsentTypes.External when authorizations.Any():
-            case OpenIddictConstants.ConsentTypes.Explicit when authorizations.Any() && !request.HasPrompt(OpenIddictConstants.Prompts.Consent):
+            case OpenIddictConstants.ConsentTypes.Explicit when authorizations.Any() && !request.HasPrompt(OpenIddictConstants.PromptValues.Consent):
                 var principal = await SignInManager.CreateUserPrincipalAsync(user);
 
                 if (result.Properties != null && result.Properties.IsPersistent)
@@ -173,8 +173,8 @@ public virtual async Task<IActionResult> HandleAsync()
 
             // At this point, no authorization was found in the database and an error must be returned
             // if the client application specified prompt=none in the authorization request.
-            case OpenIddictConstants.ConsentTypes.Explicit when request.HasPrompt(OpenIddictConstants.Prompts.None):
-            case OpenIddictConstants.ConsentTypes.Systematic when request.HasPrompt(OpenIddictConstants.Prompts.None):
+            case OpenIddictConstants.ConsentTypes.Explicit when request.HasPrompt(OpenIddictConstants.PromptValues.None):
+            case OpenIddictConstants.ConsentTypes.Systematic when request.HasPrompt(OpenIddictConstants.PromptValues.None):
                 return Forbid(
                     authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                     properties: new AuthenticationProperties(new Dictionary<string, string>

modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/LogoutController.cs → modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/EndSessionController.cs

@@ -1,11 +1,10 @@
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Mvc;
 using OpenIddict.Server.AspNetCore;
 
 namespace Volo.Abp.OpenIddict.Controllers;
 
-[Route("connect/logout")]
+[Route("connect/endsession")]
 [ApiExplorerSettings(IgnoreApi = true)]
 public class LogoutController : AbpOpenIdDictControllerBase
 {

modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateAuthorizedParty.cs

@@ -5,10 +5,10 @@
 
 namespace Volo.Abp.OpenIddict.WildcardDomains;
 
-public class AbpValidateAuthorizedParty : AbpOpenIddictWildcardDomainBase<AbpValidateAuthorizedParty, OpenIddictServerHandlers.Session.ValidateAuthorizedParty, OpenIddictServerEvents.ValidateLogoutRequestContext>
+public class AbpValidateAuthorizedParty : AbpOpenIddictWildcardDomainBase<AbpValidateAuthorizedParty, OpenIddictServerHandlers.Session.ValidateAuthorizedParty, OpenIddictServerEvents.ValidateEndSessionRequestContext>
 {
     public static OpenIddictServerHandlerDescriptor Descriptor { get; }
-        = OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ValidateLogoutRequestContext>()
+        = OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ValidateEndSessionRequestContext>()
             .UseScopedHandler<AbpValidateAuthorizedParty>()
             .SetOrder(OpenIddictServerHandlers.Session.ValidateEndpointPermissions.Descriptor.Order + 1_000)
             .SetType(OpenIddictServerHandlerType.BuiltIn)
@@ -22,7 +22,7 @@ public AbpValidateAuthorizedParty(
         OriginalHandler = new OpenIddictServerHandlers.Session.ValidateAuthorizedParty(applicationManager);
     }
 
-    public async override ValueTask HandleAsync(OpenIddictServerEvents.ValidateLogoutRequestContext context)
+    public async override ValueTask HandleAsync(OpenIddictServerEvents.ValidateEndSessionRequestContext context)
     {
         Check.NotNull(context, nameof(context));
 

modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientPostLogoutRedirectUri.cs

@@ -5,10 +5,10 @@
 
 namespace Volo.Abp.OpenIddict.WildcardDomains;
 
-public class AbpValidateClientPostLogoutRedirectUri : AbpOpenIddictWildcardDomainBase<AbpValidateClientPostLogoutRedirectUri, OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri, OpenIddictServerEvents.ValidateLogoutRequestContext>
+public class AbpValidateClientPostLogoutRedirectUri : AbpOpenIddictWildcardDomainBase<AbpValidateClientPostLogoutRedirectUri, OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri, OpenIddictServerEvents.ValidateEndSessionRequestContext>
 {
     public static OpenIddictServerHandlerDescriptor Descriptor { get; }
-        = OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ValidateLogoutRequestContext>()
+        = OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ValidateEndSessionRequestContext>()
             .AddFilter<OpenIddictServerHandlerFilters.RequireDegradedModeDisabled>()
             .AddFilter<OpenIddictServerHandlerFilters.RequirePostLogoutRedirectUriParameter>()
             .UseScopedHandler<AbpValidateClientPostLogoutRedirectUri>()
@@ -24,7 +24,7 @@ public AbpValidateClientPostLogoutRedirectUri(
         OriginalHandler = new OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri(applicationManager);
     }
 
-    public async override ValueTask HandleAsync(OpenIddictServerEvents.ValidateLogoutRequestContext context)
+    public async override ValueTask HandleAsync(OpenIddictServerEvents.ValidateEndSessionRequestContext context)
     {
         Check.NotNull(context, nameof(context));
         Check.NotNullOrEmpty(context.PostLogoutRedirectUri, nameof(context.PostLogoutRedirectUri));