build(csproj): enable multi-targeting for .NET 9 (+ .NET 8) and minor updates

Author: engineering87

README.md

@@ -8,27 +8,40 @@
 [![Language - C#](https://img.shields.io/static/v1?label=Language&message=C%23&color=blueviolet)](https://dotnet.microsoft.com/it-it/languages/csharp)
 [![stars - pdnd-client-assertion-generator](https://img.shields.io/github/stars/italia/pdnd-client-assertion-generator?style=social)](https://github.com/italia/pdnd-client-assertion-generator)
 
-.NET implementation of **OAuth2** authentication for **PDND** service with client assertion generation.
+A .NET implementation of **OAuth 2.0** client authentication for **PDND** (Piattaforma Digitale Nazionale Dati), including client assertion (JWT) generation and voucher retrieval.
 
 ## Contents
-- [PDND](#pdnd)
+- [What is PDND?](#what-is-pdnd)
 - [Voucher](#voucher)
 - [Requesting a Voucher](#requesting-a-voucher)
 - [How to Use the Client Assertion Generator](#how-to-use-the-client-assertion-generator)
-- [Licensee](#licensee)
+- [Voucher Flow for Interoperability APIs](#voucher-flow-for-interoperability-apis)
+- [Security Notes](#security-notes)
+- [License](#license)
 - [Contact](#contact)
 
-## PDND
+## What is PDND?
 The **[Piattaforma Digitale Nazionale Dati (PDND)](https://developers.italia.it/it/pdnd/)** is an Italian digital infrastructure designed to facilitate **data interoperability** and exchange between public administrations and private entities. The platform aims to simplify the sharing of public data by providing a secure, standardized, and centralized system for data integration, access, and management. PDND promotes digital transformation within the public sector by ensuring data is accessible, reliable, and reusable, enabling more efficient public services, enhancing transparency, and supporting **data-driven decision-making** for both government and citizens.
 
 ## Voucher
-Vouchers are simple JWT tokens. The implemented authentication flow is OAuth 2.0, which refers to [**RFC6750**](https://datatracker.ietf.org/doc/html/rfc6750) for the use of Bearer tokens and to [**RFC7521**](https://datatracker.ietf.org/doc/html/rfc7521) for client authorization via client assertion.
+A **voucher** is a JWT used as a Bearer token to access PDND Interoperability APIs.
+
+This library implements the OAuth 2.0 flow with:
+
+- [**RFC6750**](https://datatracker.ietf.org/doc/html/rfc6750) (Bearer tokens)
+- [**RFC7521**](https://datatracker.ietf.org/doc/html/rfc7521) (client authorization via client assertion)
+
+To request a voucher, the client must:
+1. Register at least one public key on the PDND client.
+2. Create a client assertion (JWT) and sign it with the corresponding private key.
+3. Exchange the assertion for a voucher at the authorization endpoint.
 
 ## Requesting a Voucher
 To obtain a valid voucher, you must first upload at least one public key to an interop API client. The first step is to create a valid client assertion and sign it with your private key (which must match the public key registered with the client on PDND Interoperabilità). The client assertion consists of a header and a payload.
 
 ## Voucher Flow for Interoperability APIs
-The user requests a voucher. Once obtained, they include it as an authorization header in subsequent calls to the PDND Interoperability APIs.
+1. Your system requests a voucher using a signed client assertion.
+2. On success, include the returned voucher in the Authorization: Bearer <token> header when calling PDND Interoperability APIs.
 
 ## How to Use the Client Assertion Generator
 To properly set up and use the Client Assertion Generator in your ASP.NET Core application, follow these steps:
@@ -39,14 +52,14 @@ To properly set up and use the Client Assertion Generator in your ASP.NET Core a
     "ServerUrl": "https://test-server-url.com",
     "KeyId": "ZmYxZGE2YjQtMzY2Yy00NWI5LThjNGItMDJmYmQyZGIyMmZh",
     "Algorithm": "RS256",
-    "Type": "at+jwt",
+    "Type": "JWT",
     "ClientId": "9b361d49-33f4-4f1e-a88b-4e12661f2309",
     "Issuer": "interop.pagopa.it",
     "Subject": "9b361d49-33f4-4f1e-a88b-4e12661f2309",
     "Audience": "https://erogatore.example/ente-example/v1",
     "PurposeId": "1b361d49-33f4-4f1e-a88b-4e12661f2300",
     "KeyPath": "C:/Keys/private.pem",
-    "Duration": "600"
+    "Duration": "600" // Duration is expressed in milliseconds
   },
   ```
 
@@ -81,7 +94,13 @@ If you'd like to contribute, please fork, fix, commit and send a pull request fo
  * [Fork the repository](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo)
  * [Open an issue](https://github.com/italia/pdnd-client-assertion-generator/issues) if you encounter a bug or have a suggestion for improvements/features
 
-## Licensee
+## Security Notes
+- Never commit private keys or secrets to the repository.
+- Prefer environment variables or secret stores for sensitive values.
+- Rotate keys regularly and restrict file permissions on KeyPath.
+- Validate token lifetimes appropriate to your risk profile.
+
+## License
 Repository source code is available under MIT License, see license in the source.
 
 ## Contact

src/PDNDClientAssertionGenerator.Api/PDNDClientAssertionGenerator.Api.csproj

@@ -8,12 +8,12 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.8" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.8" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.8" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="9.0.8" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.8" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="9.0.3" />
+    <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.9" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="9.0.4" />
   </ItemGroup>
 
   <ItemGroup>

src/PDNDClientAssertionGenerator.Api/appsettings.json

@@ -3,7 +3,7 @@
     "ServerUrl": "https://test-server-url.com",
     "KeyId": "ZmYxZGE2YjQtMzY2Yy00NWI5LThjNGItMDJmYmQyZGIyMmZh",
     "Algorithm": "RS256",
-    "Type": "at+jwt",
+    "Type": "JWT",
     "ClientId": "9b361d49-33f4-4f1e-a88b-4e12661f2309",
     "Issuer": "interop.pagopa.it",
     "Subject": "9b361d49-33f4-4f1e-a88b-4e12661f2309",

src/PDNDClientAssertionGenerator/PDNDClientAssertionGenerator.csproj

@@ -1,21 +1,31 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <!-- Multi-targeting: build for both .NET 8 (LTS) and .NET 9 (STS) -->
+    <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
+
+    <!-- Enable modern C# conveniences and nullable reference types -->
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
+
+    <!-- NuGet package metadata -->
     <Description>.NET Client Assertion Generator for PDND Service API </Description>
     <PackageProjectUrl>https://github.com/italia/pdnd-client-assertion-generator</PackageProjectUrl>
     <RepositoryUrl>https://github.com/italia/pdnd-client-assertion-generator</RepositoryUrl>
     <PackageLicenseFile>LICENSE</PackageLicenseFile>
     <GeneratePackageOnBuild>True</GeneratePackageOnBuild>
     <Title>.NET Client Assertion Generator for PDND Service API</Title>
     <PackageReadmeFile>README.md</PackageReadmeFile>
-	<Version>1.0.4</Version>
-    <AssemblyVersion></AssemblyVersion>
+    <Version>1.0.4</Version>
+
+    <!-- Optional: set AssemblyVersion explicitly or remove the element -->
+    <!-- <AssemblyVersion>1.0.4.0</AssemblyVersion> -->
+
+    <!-- Package author(s) -->
     <Authors>Francesco Del Re</Authors>
   </PropertyGroup>
 
+  <!-- Package assets to include in the NuGet package root -->
   <ItemGroup>
     <None Include="..\..\LICENSE">
       <Pack>True</Pack>
@@ -27,17 +37,42 @@
     </None>
   </ItemGroup>
 
-  <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.8" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.8" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="9.0.8" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="9.0.8" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="9.0.8" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.8" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.8" />
+  <!-- Dependencies for .NET 8 -->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <!-- Microsoft.Extensions stack aligned to .NET 8 -->
+    <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.9" />
+
+    <!-- IdentityModel packages (same versions across TFMs for consistency) -->
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.14.0" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.14.0" />
-    <PackageReference Include="System.Text.Json" Version="9.0.8" />
+
+    <!-- System.Text.Json aligned to .NET 8 -->
+    <PackageReference Include="System.Text.Json" Version="9.0.9" />
+  </ItemGroup>
+
+  <!-- Dependencies for .NET 9 -->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net9.0'">
+    <!-- Microsoft.Extensions stack aligned to .NET 9 -->
+    <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.9" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.9" />
+
+    <!-- IdentityModel packages (same versions across TFMs for consistency) -->
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.14.0" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.14.0" />
+
+    <!-- System.Text.Json aligned to .NET 9 -->
+    <PackageReference Include="System.Text.Json" Version="9.0.9" />
   </ItemGroup>
 
-</Project>
+</Project>

src/PDNDClientAssertionGenerator/Services/OAuth2Service.cs

@@ -40,7 +40,7 @@ public async Task<string> GenerateClientAssertionAsync(CancellationToken ct = de
 
             // Define the current UTC time and the token expiration time.
             DateTime issuedAt = DateTime.UtcNow;
-            DateTime expiresAt = issuedAt.AddMinutes(_config.Duration);
+            DateTime expiresAt = issuedAt.AddSeconds(_config.Duration);
 
             // Define JWT header as a dictionary of key-value pairs.
             Dictionary<string, string> headers = new()