Support ASP.NET Core 3.0 (#348)

* Update providers to ASP.NET Core 3.0

Update all providers to ASP.NET Core 3.0, using preview 6.

* Remove KoreBuild

Remove usage of KoreBuild as it is obsolete and no longer supports .NET Core 3.0 after preview 5.
Add code coverage to test project.

* Add shopify provider (#326)

* Add shopify provider

* Revert sln changes

* Apply code review

* Fix second core review

* Fix ChallentAsync param comment

* Fix scope summary

* Done pull request review #3

* Revert whitespace

* Update ShopifyLoopbackRedirectHandler.cs

* Update ShopifyAuthenticationExtensions.cs

* Update ShopifyAuthenticationHandler.cs

* Update ShopifyAuthenticationOptions.cs

* Update ShopifyTests.cs

* Update README.md

* Update README.md

* Update coverlet and ReportGenerator

Update to the latest releases of coverlet and ReportGenerator for code coverage metrics.

* Shopify - Fix TokenEndpoint format (#330)

Fix TokenEndpoint format

* Gitlab (#329)

* Added gitlab oauth

* Fixed some minor typos & restored wildcard include

* Applied suggested changes from code review

* Added missing version var to tests

* Added missing release build config

* Added Gitlab back to solution

* Fix VS auto resolving the references

* Revert weird bundle exclude

* Update GitLab for ASP.NET Core 3.0

Update the GitLab provider to support ASP.NET Core 3.0.

* Update to ASP.NET Core 3.0 preview 7

Update to preview 7 of ASP.NET Core 3.0.
Update NuGet packages to latest versions.
Fix code coverage output path.
Remove premature disposal in the Zalo provider.

* Use latest macOS image

Use the latest macOS image.

* Add UseAuthorization()

Add UseAuthorization() to the README for ASP.NET Core 3.0.

* Update to ASP.NET Core 3.0 preview 8

Update to preview 8 of ASP.NET Core 3.0.

* Update dependencies

Update NuGet packages to their latest versions.

* Use Arcade for build (#335)

* Use Arcade for build

Switch to Arcade to build the project
Addresses #321.

* Update LICENSE

Fix Arcade error from non-compliant license text.

* Add +x to scripts

* Update appveyor.yml

Update packages location.
Update version.
Disable PR publish.
Disabe test discovery.

* Move eng to solution items

Move the eng folder in the solution to be under Solution Items.

* Use newer test SDK

Use the latest stable version of the test SDK.

* Add files for Visual Studio Code

Add assets to build and run tests in Visual Studio Code.

* Generate AppVeyor build numbers

Generate Arcade "official build Ids" in AppVeyor

* Update appveyor.yml

Collect test results and upload to AppVeyor.

* Update to ASP.NET Core 3.0 preview 9

Update to preview 9 of ASP.NET Core 3.0.

* Remove PackageIconUrl

Use PackageIcon instead of PackageIconUrl as described by https://github.com/NuGet/Home/wiki/Packaging-Icon-within-the-nupkg as it is considered obsolete.

* Update .gitignore

Ignore .coverage files from Visual Studio code coverage.

* Merge from dev (#339)

* Add shopify provider (#326)

* Add shopify provider

* Revert sln changes

* Apply code review

* Fix second core review

* Fix ChallentAsync param comment

* Fix scope summary

* Done pull request review #3

* Revert whitespace

* Update ShopifyLoopbackRedirectHandler.cs

* Update ShopifyAuthenticationExtensions.cs

* Update ShopifyAuthenticationHandler.cs

* Update ShopifyAuthenticationOptions.cs

* Update ShopifyTests.cs

* Update README.md

* Update README.md

* Shopify - Fix TokenEndpoint format (#330)

Fix TokenEndpoint format

* Gitlab (#329)

* Added gitlab oauth

* Fixed some minor typos & restored wildcard include

* Applied suggested changes from code review

* Added missing version var to tests

* Added missing release build config

* Added Gitlab back to solution

* Fix VS auto resolving the references

* Revert weird bundle exclude

* incorrect LoginPath

In this startup file, it previously said "login", but in AuthenticationController the route is defined as "signin"

* Add MyGet publish step

Add step to publish packages to MyGet again.

* Change prerelease label

Change the prerelease label to preview 9.

* Fix assembly copyrights

Apply fix to assembly copyright as-per openiddict/openiddict-core#797.

* Update to ASP.NET Core 3.0 RC1

Update to release candidate 1 of ASP.NET Core 3.0.

* Add Sign in with Apple provider (#343)

* Add shopify provider (#326)

* Add shopify provider

* Revert sln changes

* Apply code review

* Fix second core review

* Fix ChallentAsync param comment

* Fix scope summary

* Done pull request review #3

* Revert whitespace

* Update ShopifyLoopbackRedirectHandler.cs

* Update ShopifyAuthenticationExtensions.cs

* Update ShopifyAuthenticationHandler.cs

* Update ShopifyAuthenticationOptions.cs

* Update ShopifyTests.cs

* Update README.md

* Update README.md

* Shopify - Fix TokenEndpoint format (#330)

Fix TokenEndpoint format

* Gitlab (#329)

* Added gitlab oauth

* Fixed some minor typos & restored wildcard include

* Applied suggested changes from code review

* Added missing version var to tests

* Added missing release build config

* Added Gitlab back to solution

* Fix VS auto resolving the references

* Revert weird bundle exclude

* incorrect LoginPath

In this startup file, it previously said "login", but in AuthenticationController the route is defined as "signin"

* Basic Apple provider

Add a very basic Sign In with Apple provider based on currently available information.

* Implement Apple provider

Fully implement the provider for Sign In with Apple based on current available functionality.

* Enable Sign In with Apple

Enable Sign In with Apple in the MVC sample app without hard-coding secrets.

* Update tests

Update the tests for the updated provider implementation.
Fix incorrect test method name.

* Enable token lifetime validation

Enable the validation of token lifetimes.

* Add null annotations

Add [NotNull] attributes to relevant methods.

* Improve exception handling

Pre-validate the ID token has a value.
Change catch clause to improve logging.

* Extend integration tests

Extend the integration tests for additional scenarios such as no validation, invalid tokens and using a configured client secret.

* Move expiry period to options

Move the configured lifetime for generated client secrets to the options class.

* Add ClientSecretExpiresAfter validation

Add validation for the value of ClientSecretExpiresAfter.

* Add tests for options validation

Add unit tests for options validation.
Improve exception type.
Fix incorrect if condition that meant not all values were validated correctly.

* Add unit tests for client secret

Add unit tests for the generated client secret's format.

* Make KeyId required

Make the KeyId option required if GenerateClientSecret is true.

* Fix test

Fix the expiry not being set.

* Fix Linux and macOS secret generation

Work around platform differences between Windows and Linux/macOS by supporting .p12/.pfx certificates for Linux/macOS and using p8 for Windows.
.NET Core 3.0 adds support for .p8 on both platforms.

* Add password option for pfx files

Add an option for specifying a password for PFX files.
Add a test private key that has a password for use on macOS.

* Fix flaky test

Fix flaky test by setting the expiry to 2 seconds to eliminate rounding issues.

* Add UsePrivateKey() method

Add UsePrivateKey() extension method that configures a private key file to use to auto-generate client secrets.

* Bump System.IdentityModel.Tokens.Jwt

Bump System.IdentityModel.Tokens.Jwt to 5.3.0 to ensure that incompatibility with .NET Standard 1.4 doesn't affect consumers.

* Set response_mode to form_post

React to changes Apple have made to the sign-in service, and use form_post as the response mode.
This requires reimplementing HandleRemoteAuthenticateAsync() by using either for Form or Query based on whether it is an HTTP POST.

* Use latest C# version

Fix the build by enabling the latest version of C#.

* Retrieve user details after sign-in

Get the user's name and email address, if available, as claims after signing in with an Apple ID. These details are only available the first time the user signs in; if they are not persisted they cannot currently be obtained again.

* Update branding

Use "Sign in with Apple" instead of "Sign In with Apple".

* Access events via options

Use the same approach as the other OAuth handlers and access the Events property via the Options property.

* Resolve logging TODO

Remove TODO comment.
Check whether Trace logging is enabled before logging the Apple token response.

* Comment out Apple option

Comment out the Apple provider as it causes the application to fail to start if the values aren't set and/or the key file does not exist.

* Update Sign in with Apple provider for ASP.NET Core 3.0

Update the Sign in with Apple provider to support ASP.NET Core 3.0.
Update the .NET Core test SDK version.
Fix-up Startup warnings.

* Add Nextcloud provider (#325)

* Add Nextcloud provider and unit test

* updated according to suggestions

* Change ClaimTypes.Name to Claims.Username

* Update Nextcloud for ASP.NET Core 3.0

Update the Nextcloud provider to support ASP.NET Core 3.0.

* Add missing usings

Add missing usings to request and response in GitLab handler.

* Use LangVersion latest

Stop using preview versions of C# now that C# 8 is the default for the .NET Core 3.0 SDK.

* Update to ASP.NET Core 3.0

Update to ASP.NET Core 3.0 final packages and SDK.

* Remove additional NuGet feeds

Remove extra NuGet feeds not needed now 3.0.0 packages are in NuGet.org.

* Add authorization

Add authorization middleware.

Author: martincostello

.gitignore

@@ -1,4 +1,4 @@
-## Ignore Visual Studio temporary files, build results, and 
+## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
 
 # VS 14 temporary folder
@@ -16,7 +16,11 @@ project.lock.json
 
 # Build results
 
+.dotnet/
+.dotnetcli/
 artifacts/
+coverage/
+coverage.*
 [Dd]ebug/
 [Rr]elease/
 x64/
@@ -29,6 +33,7 @@ x64/
 # MSTest test Results
 [Tt]est[Rr]esult*/
 [Bb]uild[Ll]og.*
+*.coverage
 
 *_i.c
 *_p.c

.travis.yml

@@ -18,6 +18,5 @@ env:
 os:
   - linux
   - osx
-osx_image: xcode8.3
 script:
-  - ./build.sh
+  - ./eng/common/cibuild.sh -configuration Release -prepareMachine

.vscode/launch.json

@@ -0,0 +1,18 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Run tests",
+      "type": "coreclr",
+      "request": "launch",
+      "preLaunchTask": "build",
+      "program": "dotnet",
+      "args": [
+        "test"
+      ],
+      "cwd": "${workspaceFolder}/test/AspNet.Security.OAuth.Providers.Tests",
+      "console": "internalConsole",
+      "stopAtEntry": false
+    }
+  ]
+}

.vscode/tasks.json

@@ -0,0 +1,30 @@
+{
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "label": "build",
+      "command": "dotnet",
+      "type": "process",
+      "args": [
+        "build",
+        "${workspaceFolder}/test/AspNet.Security.OAuth.Providers.Tests/AspNet.Security.OAuth.Providers.Tests.csproj",
+        "/property:GenerateFullPaths=true",
+        "/consoleloggerparameters:NoSummary"
+      ],
+      "problemMatcher": "$msCompile"
+    },
+    {
+      "label": "watch",
+      "command": "dotnet",
+      "type": "process",
+      "args": [
+        "watch",
+        "run",
+        "${workspaceFolder}/test/AspNet.Security.OAuth.Providers.Tests/AspNet.Security.OAuth.Providers.Tests.csproj",
+        "/property:GenerateFullPaths=true",
+        "/consoleloggerparameters:NoSummary"
+      ],
+      "problemMatcher": "$msCompile"
+    }
+  ]
+}

AspNet.Security.OAuth.Providers.sln

@@ -3,15 +3,6 @@ Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 16
 VisualStudioVersion = 16.0.28803.156
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "build", "build", "{8DCAEA78-86AE-4183-93C0-41C7F8850AAA}"
-	ProjectSection(SolutionItems) = preProject
-		build\common.props = build\common.props
-		build\dependencies.props = build\dependencies.props
-		build\key.snk = build\key.snk
-		build\packages.props = build\packages.props
-		build\version.props = build\version.props
-	EndProjectSection
-EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "samples", "samples", "{BAC7067D-88FE-4385-8AC9-1A325FFBDE69}"
@@ -122,19 +113,17 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		.gitattributes = .gitattributes
 		.gitignore = .gitignore
 		.travis.yml = .travis.yml
+		appveyor.yml = appveyor.yml
 		build.cmd = build.cmd
 		build.ps1 = build.ps1
 		build.sh = build.sh
 		CODE_OF_CONDUCT.md = CODE_OF_CONDUCT.md
+		Directory.Build.props = Directory.Build.props
+		Directory.Build.targets = Directory.Build.targets
 		global.json = global.json
-		korebuild-lock.txt = korebuild-lock.txt
-		korebuild.json = korebuild.json
 		LICENSE = LICENSE
 		NuGet.config = NuGet.config
 		README.md = README.md
-		run.cmd = run.cmd
-		run.ps1 = run.ps1
-		run.sh = run.sh
 	EndProjectSection
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".github", ".github", "{3FA3F7B5-5373-4E43-8F45-8EC18249E526}"
@@ -167,6 +156,19 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Mvc.Client", "samples\Mvc.C
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.GitLab", "src\AspNet.Security.OAuth.GitLab\AspNet.Security.OAuth.GitLab.csproj", "{FACB1C2F-3BF7-4DD3-958B-E471E69E214A}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "eng", "eng", "{5D188043-25D9-4110-BAFA-7C47E6E0DDB6}"
+	ProjectSection(SolutionItems) = preProject
+		eng\Signing.props = eng\Signing.props
+		eng\Version.Details.xml = eng\Version.Details.xml
+		eng\Versions.props = eng\Versions.props
+	EndProjectSection
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".vscode", ".vscode", "{ED9006DA-AF38-4629-97F2-DE54395A8A9C}"
+	ProjectSection(SolutionItems) = preProject
+		.vscode\launch.json = .vscode\launch.json
+		.vscode\tasks.json = .vscode\tasks.json
+	EndProjectSection
+EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Apple", "src\AspNet.Security.OAuth.Apple\AspNet.Security.OAuth.Apple.csproj", "{DC80AFEC-EFB4-4B21-BF79-44DEA6E1FE26}"
 EndProject
 Global
@@ -471,6 +473,8 @@ Global
 		{112F6B50-0FD3-45AA-992E-72D7B873BF00} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{140A6CAD-FC84-4A09-A939-8A5692DF0C7C} = {BAC7067D-88FE-4385-8AC9-1A325FFBDE69}
 		{FACB1C2F-3BF7-4DD3-958B-E471E69E214A} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
+		{5D188043-25D9-4110-BAFA-7C47E6E0DDB6} = {E9DAB098-A902-4EF5-9AEE-CF735DF31E35}
+		{ED9006DA-AF38-4629-97F2-DE54395A8A9C} = {E9DAB098-A902-4EF5-9AEE-CF735DF31E35}
 		{DC80AFEC-EFB4-4B21-BF79-44DEA6E1FE26} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution

Directory.Build.props

@@ -0,0 +1,60 @@
+<Project>
+  <Import Project="Sdk.props" Sdk="Microsoft.DotNet.Arcade.Sdk" />
+  <PropertyGroup>
+    <LangVersion>latest</LangVersion>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <DebugSymbols>true</DebugSymbols>
+    <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)\eng\key.snk</AssemblyOriginatorKeyFile>
+    <SignAssembly>true</SignAssembly>
+    <PublicSign Condition=" '$(OS)' != 'Windows_NT' ">true</PublicSign>
+  </PropertyGroup>
+  <!--
+    Arcade only allows the revision to contain up to two characters, and AppVeyor does not roll-over
+    build numbers every day like Azure DevOps does. To balance these two requirements, set the official
+    build ID to be the same format as the built-in default from Arcade, except with the revision number
+    being the number of the quarter hour of the current time of day (24 * 4 = 96, which is less than 100).
+    So a build between 00:00 and 00:14 would have a revision of 1, and a build between 23:45 and 23:59:59
+    would have a revision of 97.
+  -->
+  <PropertyGroup Condition=" '$(APPVEYOR)' == 'True' AND '$(APPVEYOR_PULL_REQUEST_NUMBER)' == '' ">
+    <_Hours>$([MSBuild]::Multiply($([System.DateTime]::Now.ToString(HH)), 4))</_Hours>
+    <_QuarterHours>$([MSBuild]::Divide($([System.DateTime]::Now.ToString(mm)), 15))</_QuarterHours>
+    <_QuarterHours>$([System.Math]::Floor($(_QuarterHours)))</_QuarterHours>
+    <_AppVeyorBuildRevision>$([MSBuild]::Add($(_Hours), $(_QuarterHours)))</_AppVeyorBuildRevision>
+    <_AppVeyorBuildRevision>$([MSBuild]::Add($(_AppVeyorBuildRevision), 1))</_AppVeyorBuildRevision>
+    <OfficialBuild>true</OfficialBuild>
+    <OfficialBuildId Condition=" '$(OfficialBuild)' == 'true' ">$([System.DateTime]::Now.ToString(yyyyMMdd)).$(_AppVeyorBuildRevision)</OfficialBuildId>
+  </PropertyGroup>
+  <PropertyGroup>
+    <Product>aspnet-contrib</Product>
+    <Company>$(Authors)</Company>
+    <_ProjectCopyright>© AspNet.Security.OAuth.Providers contributors. All rights reserved.</_ProjectCopyright>
+    <PackageIcon>package-icon.png</PackageIcon>
+    <PackageProjectUrl>https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers</PackageProjectUrl>
+    <PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>
+    <RepositoryType>git</RepositoryType>
+    <RepositoryUrl>git://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers</RepositoryUrl>
+  </PropertyGroup>
+  <PropertyGroup>
+    <RepoRelativeProjectDir>$([MSBuild]::MakeRelative($(RepoRoot), $(MSBuildProjectDirectory)))</RepoRelativeProjectDir>
+    <WarnOnPackingNonPackableProject>false</WarnOnPackingNonPackableProject>
+  </PropertyGroup>
+  <PropertyGroup Condition=" $(RepoRelativeProjectDir.Contains('src')) ">
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <IncludeSource>true</IncludeSource>
+    <IncludeSymbols>true</IncludeSymbols>
+    <IsPackable>true</IsPackable>
+    <IsShipping>true</IsShipping>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(IsPackable)' == 'true' ">
+    <None Include="$(MSBuildThisFileDirectory)package-icon.png" Pack="True" PackagePath="" />
+  </ItemGroup>
+  <ItemGroup Condition=" '$(OS)' != 'Windows_NT' ">
+    <PackageReference Include="Microsoft.NETFramework.ReferenceAssemblies" PrivateAssets="All" Version="1.0.0-preview.2" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectCapability Include="DynamicDependentFile" />
+    <ProjectCapability Include="DynamicFileNesting" />
+  </ItemGroup>
+</Project>

Directory.Build.targets

@@ -0,0 +1,14 @@
+<Project>
+  <Import Project="Sdk.targets" Sdk="Microsoft.DotNet.Arcade.Sdk" />
+
+  <!--
+    Note: Arcade automatically replaces copyrights defined in .props or .csproj files
+    with the default Microsoft copyright. To ensure this doesn't happen, the replaced
+    copyright is restored in this .targets file using the private variable set in .props.
+  -->
+
+  <PropertyGroup>
+    <Copyright>$(_ProjectCopyright)</Copyright>
+  </PropertyGroup>
+
+</Project>

LICENSE

@@ -1,3 +1,4 @@
+
                                  Apache License
                            Version 2.0, January 2004
                         http://www.apache.org/licenses/
@@ -186,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2015 https://github.com/aspnet-contrib
+   Copyright [yyyy] [name of copyright owner]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

NuGet.config

@@ -2,5 +2,8 @@
 <configuration>
   <packageSources>
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
+    <add key="arcade" value="https://dotnetfeed.blob.core.windows.net/dotnet-tools-internal/index.json" />
+    <add key="dotnet-core" value="https://dotnetfeed.blob.core.windows.net/dotnet-core/index.json" />
+    <add key="azureadwebstacknightly" value="https://www.myget.org/F/azureadwebstacknightly/api/v3/index.json" />
   </packageSources>
 </configuration>

README.md

@@ -27,6 +27,7 @@ public void ConfigureServices(IServiceCollection services)
 public void Configure(IApplicationBuilder app)
 {
     app.UseAuthentication();
+    app.UseAuthorization();
 }
 ```