Merge branch 'main' into release/is-7.3-rtm

Author: khalidabuhakmeh

astro.config.mjs

@@ -37,6 +37,7 @@ export default defineConfig({
   integrations: [
     starlight({
       customCss: ["./src/styles/custom.css"],
+      routeMiddleware: ["./src/plugins/search-topic-middleware.ts"],
       plugins: [
         starlightLlmsTxt(),
         starlightHeadingBadges(),
@@ -120,7 +121,7 @@ export default defineConfig({
         {
           icon: "rss",
           label: "Blog",
-          href: "https://blog.duendesoftware.com/",
+          href: "https://duendesoftware.com/blog",
         },
       ],
       components: {

package-lock.json

@@ -25,35 +25,35 @@
     "postinstall": "patch-package"
   },
   "dependencies": {
-    "@astrojs/markdown-remark": "^6.3.1",
-    "@astrojs/starlight": "^0.34.3",
+    "@astrojs/markdown-remark": "^6.3.2",
+    "@astrojs/starlight": "^0.34.4",
     "@astrojs/ts-plugin": "^1.10.4",
-    "@fontsource/roboto": "^5.2.5",
+    "@fontsource/roboto": "^5.2.6",
     "@pasqal-io/starlight-client-mermaid": "^0.1.0",
     "@resvg/resvg-js": "^2.6.2",
-    "astro": "^5.7.13",
-    "astro-opengraph-images": "^1.12.2",
+    "astro": "^5.10.1",
+    "astro-opengraph-images": "^1.13.1",
     "astro-redirect-from": "^1.3.3",
     "astro-rehype-relative-markdown-links": "^0.18.1",
     "jsdom": "^26.0.0",
     "patch-package": "^8.0.0",
     "react": "^19.0.0",
     "rehype-external-links": "^3.0.0",
-    "satori": "^0.13.1",
-    "sharp": "^0.34.1",
-    "starlight-auto-sidebar": "^0.1.1",
+    "satori": "^0.15.2",
+    "sharp": "^0.34.2",
+    "starlight-auto-sidebar": "^0.1.2",
     "starlight-giscus": "^0.6.1",
     "starlight-heading-badges": "^0.5.0",
-    "starlight-links-validator": "^0.16.0",
+    "starlight-links-validator": "^0.17.0",
     "starlight-llms-txt": "^0.5.0",
     "tw-to-css": "^0.0.12"
   },
   "devDependencies": {
     "@types/jsdom": "^21.1.7",
-    "@types/node": "^22.15.18",
-    "@types/react": "^19.1.4",
+    "@types/node": "^22.15.33",
+    "@types/react": "^19.1.8",
     "node-fetch": "^3.3.2",
-    "prettier": "3.5.3",
+    "prettier": "3.6.2",
     "prettier-plugin-astro": "^0.14.1"
   },
   "volta": {

package.json

@@ -11,11 +11,18 @@ if (!banner) {
 }
 ---
 
-{banner && <div class="sl-banner" set:html={banner.content} />}
+{
+  banner && (
+    <div class="sl-banner" data-pagefind-ignore set:html={banner.content} />
+  )
+}
 
 <style>
   .sl-banner {
-    --__sl-banner-text: var(--sl-color-banner-text, var(--sl-color-text-invert));
+    --__sl-banner-text: var(
+      --sl-color-banner-text,
+      var(--sl-color-text-invert)
+    );
     padding: var(--sl-nav-pad-y) var(--sl-nav-pad-x);
     background-color: var(--sl-color-banner-bg, var(--sl-color-bg-accent));
     color: var(--__sl-banner-text);
@@ -27,4 +34,4 @@ if (!banner) {
   .sl-banner :global(a) {
     color: var(--__sl-banner-text);
   }
-</style>
+</style>

patches/astro+5.7.13.patch renamed to patches/astro+5.10.1.patch

@@ -24,6 +24,7 @@ import { Icon } from "@astrojs/starlight/components";
     font-size: var(--sl-text-3xl);
     font-weight: 500;
     svg {
+      margin-top: 0.5rem;
       margin-right: 0.5rem;
     }
   }

src/components/Banner.astro

@@ -25,7 +25,7 @@ import Default from '@astrojs/starlight/components/Pagination.astro'
     a {
       gap: 0.5rem;
       align-items: center;
-      text-decoration: none;
+      text-decoration: underline;
       color: var(--sl-color-gray-3);
     }
     a:hover {

src/components/Newsletter.astro

@@ -1,3 +1,3 @@
 label: 'Advanced'
-order: 4
+order: 10
 collapsed: true

src/components/Pagination.astro

@@ -0,0 +1,144 @@
+---
+title: Client Assertions
+description: Learn how to use client assertions instead of shared secrets for token client authentication in Duende.AccessTokenManagement.
+sidebar:
+  label: Client Assertions
+  order: 30
+redirect_from:
+  - /foss/accesstokenmanagement/advanced/client_assertions/
+---
+import { Code } from "@astrojs/starlight/components";
+import { Tabs, TabItem } from "@astrojs/starlight/components";
+
+If your token client is using a client assertion instead of a shared secret, you can provide the assertion in two ways:
+
+* Use the request parameter mechanism to pass a client assertion to the management
+* Implement the `IClientAssertionService` interface to centralize client assertion creation
+
+Here's a sample client assertion service using the Microsoft JWT library:
+
+{/* prettier-ignore */}
+<Tabs syncKey="atmVersion">
+  {/* prettier-ignore */}
+  <TabItem label="V4">
+      <Code
+          lang="csharp"
+          title="ClientAssertionService.cs"
+          code={`using Duende.AccessTokenManagement;
+using Duende.IdentityModel;
+using Duende.IdentityModel.Client;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.JsonWebTokens;
+using Microsoft.IdentityModel.Tokens;
+
+public class ClientAssertionService(IOptionsSnapshot<ClientCredentialsClient> options)
+    : IClientAssertionService
+{
+    public Task<ClientAssertion?> GetClientAssertionAsync(
+    ClientCredentialsClientName? clientName = null, TokenRequestParameters? parameters = null)
+    {
+        if (clientName == "invoice")
+        {
+            var options1 = options.Get(clientName);
+
+            var descriptor = new SecurityTokenDescriptor
+            {
+                Issuer = options1.ClientId,
+                Audience = options1.TokenEndpoint,
+                Expires = DateTime.UtcNow.AddMinutes(1),
+                SigningCredentials = GetSigningCredential(),
+
+                Claims = new Dictionary<string, object>
+                {
+                    { JwtClaimTypes.JwtId, Guid.NewGuid().ToString() },
+                    { JwtClaimTypes.Subject, options1.ClientId! },
+                    { JwtClaimTypes.IssuedAt, DateTime.UtcNow.ToEpochTime() }
+                },
+
+                AdditionalHeaderClaims = new Dictionary<string, object>
+                {
+                    { JwtClaimTypes.TokenType, "client-authentication+jwt" }
+                }
+            };
+
+            var handler = new JsonWebTokenHandler();
+            var jwt = handler.CreateToken(descriptor);
+
+            return Task.FromResult<ClientAssertion?>(new ClientAssertion
+            {
+                Type = OidcConstants.ClientAssertionTypes.JwtBearer,
+                Value = jwt
+            });
+        }
+
+        return Task.FromResult<ClientAssertion?>(null);
+    }
+
+    private SigningCredentials GetSigningCredential()
+    {
+        throw new NotImplementedException();
+    }
+}`}/>
+  </TabItem>
+  <TabItem label="V3">
+
+    <Code
+        lang="csharp"
+        title="ClientAssertionService.cs"
+        code={`using Duende.AccessTokenManagement;
+using Duende.IdentityModel;
+using Duende.IdentityModel.Client;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.JsonWebTokens;
+using Microsoft.IdentityModel.Tokens;
+
+public class ClientAssertionService(IOptionsSnapshot<ClientCredentialsClient> options)
+    : IClientAssertionService
+{
+    public Task<ClientAssertion?> GetClientAssertionAsync(
+    string? clientName = null, TokenRequestParameters? parameters = null)
+    {
+        if (clientName == "invoice")
+        {
+            var options1 = options.Get(clientName);
+
+            var descriptor = new SecurityTokenDescriptor
+            {
+                Issuer = options1.ClientId,
+                Audience = options1.TokenEndpoint,
+                Expires = DateTime.UtcNow.AddMinutes(1),
+                SigningCredentials = GetSigningCredential(),
+
+                Claims = new Dictionary<string, object>
+                {
+                    { JwtClaimTypes.JwtId, Guid.NewGuid().ToString() },
+                    { JwtClaimTypes.Subject, options1.ClientId! },
+                    { JwtClaimTypes.IssuedAt, DateTime.UtcNow.ToEpochTime() }
+                },
+
+                AdditionalHeaderClaims = new Dictionary<string, object>
+                {
+                    { JwtClaimTypes.TokenType, "client-authentication+jwt" }
+                }
+            };
+
+            var handler = new JsonWebTokenHandler();
+            var jwt = handler.CreateToken(descriptor);
+
+            return Task.FromResult<ClientAssertion?>(new ClientAssertion
+            {
+                Type = OidcConstants.ClientAssertionTypes.JwtBearer,
+                Value = jwt
+            });
+        }
+
+        return Task.FromResult<ClientAssertion?>(null);
+    }
+
+    private SigningCredentials GetSigningCredential()
+    {
+        throw new NotImplementedException();
+    }
+}`}/>
+    </TabItem>
+</Tabs>