Enable PAR by default when it is supported by the provider

josephdecock · josephdecock · commit 1887bfada0b6 · 2024-04-03T15:51:14.000-05:00
diff --git a/clients/ConsoleClientWithBrowser/Program.cs b/clients/ConsoleClientWithBrowser/Program.cs
@@ -47,8 +47,6 @@ private static async Task SignIn()
                 Browser = browser,
                 IdentityTokenValidator = new JwtHandlerIdentityTokenValidator(),
                 RefreshTokenInnerHttpHandler = new SocketsHttpHandler(),
-
-                UsePushedAuthorization = true
             };
 
             var serilog = new LoggerConfiguration()
diff --git a/clients/ConsoleClientWithBrowserAndDPoP/Program.cs b/clients/ConsoleClientWithBrowserAndDPoP/Program.cs
@@ -47,8 +47,7 @@ private static async Task SignIn()
                 RedirectUri = redirectUri,
                 Scope = "openid profile api offline_access",
                 FilterClaims = false,
-                Browser = browser,
-                UsePushedAuthorization = true
+                Browser = browser
             };
 
             options.ConfigureDPoP(proofKey); 
diff --git a/src/OidcClient/AuthorizeClient.cs b/src/OidcClient/AuthorizeClient.cs
@@ -105,8 +105,10 @@ public async Task<AuthorizeState> CreateAuthorizeStateAsync(Parameters frontChan
                 CodeVerifier = pkce.CodeVerifier,
             };
 
-            if(_options.UsePushedAuthorization)
+            if(_options.ProviderInformation.PushedAuthorizationRequestEndpoint.IsPresent() &&
+                !_options.DisablePushedAuthorization)
             {
+                _logger.LogDebug("The IdentityProvider contains a pushed authorization request endpoint. Automatically pushing authorization parameters. Use DisablePushedAuthorization to opt out.");
                 var parResponse = await PushAuthorizationRequestAsync(state.State, pkce.CodeChallenge, frontChannelParameters);
                 if(parResponse.IsError)
                 {
diff --git a/src/OidcClient/OidcClientOptions.cs b/src/OidcClient/OidcClientOptions.cs
@@ -245,8 +245,10 @@ public class OidcClientOptions
         };
 
         /// <summary>
-        /// Gets or sets a flag to enable Pushed Authorization Requests (PAR).
+        /// Gets or sets a flag to disable Pushed Authorization Requests (PAR).
+        /// By default, we use PAR when there is a configured PAR endpoint or
+        /// when the discovery endpoint indicates that it supports PAR.
         /// </summary>
-        public bool UsePushedAuthorization { get; set; }
+        public bool DisablePushedAuthorization { get; set; } = false;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -105,8 +105,10 @@ public async Task<AuthorizeState> CreateAuthorizeStateAsync(Parameters frontChan`
`105`	`105`	`CodeVerifier = pkce.CodeVerifier,`
`106`	`106`	`};`
`107`	`107`
`108`		`- if(_options.UsePushedAuthorization)`
	`108`	`+ if(_options.ProviderInformation.PushedAuthorizationRequestEndpoint.IsPresent() &&`
	`109`	`+ !_options.DisablePushedAuthorization)`
`109`	`110`	`{`
	`111`	`+ _logger.LogDebug("The IdentityProvider contains a pushed authorization request endpoint. Automatically pushing authorization parameters. Use DisablePushedAuthorization to opt out.");`
`110`	`112`	`var parResponse = await PushAuthorizationRequestAsync(state.State, pkce.CodeChallenge, frontChannelParameters);`
`111`	`113`	`if(parResponse.IsError)`
`112`	`114`	`{`
Original file line number	Diff line number	Diff line change
`@@ -245,8 +245,10 @@ public class OidcClientOptions`
`245`	`245`	`};`
`246`	`246`
`247`	`247`	`/// <summary>`
`248`		`- /// Gets or sets a flag to enable Pushed Authorization Requests (PAR).`
	`248`	`+ /// Gets or sets a flag to disable Pushed Authorization Requests (PAR).`
	`249`	`+ /// By default, we use PAR when there is a configured PAR endpoint or`
	`250`	`+ /// when the discovery endpoint indicates that it supports PAR.`
`249`	`251`	`/// </summary>`
`250`		`- public bool UsePushedAuthorization { get; set; }`
	`252`	`+ public bool DisablePushedAuthorization { get; set; } = false;`
`251`	`253`	`}`
`252`	`254`	`}`