chore: Update package references to their latest version and enabled ClientCredential Flow support in Sample server

Author: Thomas Duft

build/Program.cs

@@ -101,12 +101,12 @@ public static async Task Main(string[] args)
       Run("dotnet", $"clean {solution} -c Release -v m --nologo");
     });
 
-    Target(Targets.Build, DependsOn(Targets.CleanBuildOutput), () =>
+    Target(Targets.Build, dependsOn: [Targets.CleanBuildOutput], () =>
     {
       Run("dotnet", $"build {solution} -c Release --nologo");
     });
 
-    Target(Targets.Test, DependsOn(Targets.Build), () =>
+    Target(Targets.Test, dependsOn: [Targets.Build], () =>
     {
       Run("dotnet", $"test {solution} -c Release --no-build --nologo");
     });
@@ -125,7 +125,7 @@ public static async Task Main(string[] args)
       Run("git", $"commit -am \"Committing changelog changes for v'{version}'\"");
     });
 
-    Target(Targets.Release, DependsOn(Targets.RestoreTools, Targets.Test, Targets.UpdateChangelog), () =>
+    Target(Targets.Release, dependsOn: [Targets.RestoreTools, Targets.Test, Targets.UpdateChangelog], () =>
     {
       if (string.IsNullOrWhiteSpace(version))
       {
@@ -149,7 +149,7 @@ public static async Task Main(string[] args)
       }
     });
 
-    Target(Targets.Pack, DependsOn(Targets.Build, Targets.CleanPackOutput), () =>
+    Target(Targets.Pack, dependsOn: [Targets.Build, Targets.CleanPackOutput], () =>
     {
       if (string.IsNullOrWhiteSpace(version))
       {
@@ -176,7 +176,7 @@ public static async Task Main(string[] args)
       }
     });
 
-    Target(Targets.Deploy, DependsOn(Targets.RestoreTools, Targets.Test, Targets.Pack), () =>
+    Target(Targets.Deploy, dependsOn: [Targets.RestoreTools, Targets.Test, Targets.Pack], () =>
     {
       if (string.IsNullOrWhiteSpace(key))
       {

build/targets.csproj

@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Bullseye" Version="5.0.0" />
+    <PackageReference Include="Bullseye" Version="6.0.0" />
     <PackageReference Include="SimpleExec" Version="12.0.0" />
   </ItemGroup>
 </Project>

samples/Api/Api.csproj

@@ -6,9 +6,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="7.3.1" />
-    <PackageReference Include="OpenIddict.Validation.AspNetCore" Version="6.1.1" />
-    <PackageReference Include="OpenIddict.Validation.SystemNetHttp" Version="6.1.1" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="9.0.3" />
+    <PackageReference Include="OpenIddict.Validation.AspNetCore" Version="7.0.0" />
+    <PackageReference Include="OpenIddict.Validation.SystemNetHttp" Version="7.0.0" />
   </ItemGroup>
 
 </Project>

samples/Server/ConfigureServices.cs

@@ -74,17 +74,17 @@ string environmentName
       });
     }
 
-    services.AddOpenIddict()
-      // Register the OpenIddict core components.
+    services.AddOpenIddict()
+      // Register the OpenIddict core components.
       .AddCore(options =>
       {
         options.UseEntityFrameworkCore();
         if (!Helpers.Constants.IsTestingEnvironment(environmentName))
         {
           options.UseQuartz();
         }
-      })
-      // Register the OpenIddict server components.
+      })
+      // Register the OpenIddict server components.
       .AddServer(options =>
       {
         options.SetIssuer(new Uri("https://localhost:5001/"));
@@ -99,7 +99,8 @@ string environmentName
         // Note: this sample uses the code, device, password and refresh token flows, but you
         // can enable the other flows if you need to support implicit or client credentials.
         options.AllowAuthorizationCodeFlow()
-               .AllowRefreshTokenFlow();
+               .AllowRefreshTokenFlow()
+               .AllowClientCredentialsFlow();
 
         // Mark the "email", "profile", "roles" and "demo_api" scopes as supported scopes.
         options.RegisterScopes(
@@ -139,17 +140,17 @@ string environmentName
         {
           options.DisableAccessTokenEncryption();
         }
-      })
-      // Register the OpenIddict validation components.
+      })
+      // Register the OpenIddict validation components.
       .AddValidation(options =>
       {
         // Import the configuration from the local OpenIddict server instance.
         options.UseLocalServer();
 
         // Register the ASP.NET Core host.
         options.UseAspNetCore();
-      })
-      // Register the EF based UI Store for OpenIddict related entities.
+      })
+      // Register the EF based UI Store for OpenIddict related entities.
       .AddUIStore(options =>
       {
         options.OpenIddictUIContext = builder =>
@@ -164,8 +165,8 @@ string environmentName
                                     .Name);
             });
         };
-      })
-      // Register the APIs for the EF based UI Store based on OpenIddict.
+      })
+      // Register the APIs for the EF based UI Store based on OpenIddict.
       .AddUIApis(options =>
       {
         // Tell the system about the allowed Permissions it is built/configured for.
@@ -178,15 +179,16 @@ string environmentName
           Permissions.GrantTypes.AuthorizationCode,
           Permissions.GrantTypes.DeviceCode,
           Permissions.GrantTypes.RefreshToken,
+          Permissions.GrantTypes.ClientCredentials,
           Permissions.ResponseTypes.Code,
           Permissions.Scopes.Email,
           Permissions.Scopes.Profile,
           Permissions.Scopes.Roles,
           Permissions.Prefixes.Scope + "server_scope",
           Permissions.Prefixes.Scope + "api_scope"
         ];
-      })
-      // Register the EF based UI Store for the ASP.NET Identity related entities.
+      })
+      // Register the EF based UI Store for the ASP.NET Identity related entities.
       .AddUIIdentityStore<ApplicationUser>(options =>
       {
         options.OpenIddictUIIdentityContext = builder =>
@@ -201,8 +203,8 @@ string environmentName
                                     .Name);
             });
         };
-      })
-      // Register the APIs for the EF based UI Store based on ASP.NET Identity.
+      })
+      // Register the APIs for the EF based UI Store based on ASP.NET Identity.
       .AddUIIdentityApis<ApplicationUser>();
 
     if (!Helpers.Constants.IsTestingEnvironment(environmentName))

samples/Server/Controllers/AuthorizationController.cs

@@ -5,6 +5,7 @@
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Primitives;
+using Microsoft.IdentityModel.Tokens;
 using OpenIddict.Abstractions;
 using OpenIddict.Server.AspNetCore;
 using Server.Helpers;
@@ -370,7 +371,44 @@ public async Task<IActionResult> Exchange()
       return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
     }
 
-    else if (request.IsAuthorizationCodeGrantType() || request.IsDeviceCodeGrantType() || request.IsRefreshTokenGrantType())
+    else if (request.IsClientCredentialsGrantType())
+    {
+      // Note: the client credentials are automatically validated by OpenIddict:
+      // if client_id or client_secret are invalid, this action won't be invoked.
+
+      var application = await _applicationManager.FindByClientIdAsync(request.ClientId!)
+        ?? throw new InvalidOperationException("The application details cannot be found in the database.");
+
+      // Create the claims-based identity that will be used by OpenIddict to generate tokens.
+      var identity = new ClaimsIdentity(
+          authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+          nameType: Claims.Name,
+          roleType: Claims.Role
+      );
+
+      // Add the claims that will be persisted in the tokens (use the client_id as the subject identifier).
+      identity.SetClaim(Claims.Subject, await _applicationManager.GetClientIdAsync(application));
+      identity.SetClaim(Claims.Name, await _applicationManager.GetDisplayNameAsync(application));
+
+      // Note: In the original OAuth 2.0 specification, the client credentials grant
+      // doesn't return an identity token, which is an OpenID Connect concept.
+      //
+      // As a non-standardized extension, OpenIddict allows returning an id_token
+      // to convey information about the client application when the "openid" scope
+      // is granted (i.e specified when calling principal.SetScopes()). When the "openid"
+      // scope is not explicitly set, no identity token is returned to the client application.
+
+      // Set the list of scopes granted to the client application in access_token.
+      identity.SetScopes(request.GetScopes());
+      identity.SetResources(await _scopeManager.ListResourcesAsync(identity.GetScopes()).ToListAsync());
+      identity.SetDestinations(GetDestinations);
+
+      return SignIn(new ClaimsPrincipal(identity), OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
+    }
+
+    else if (request.IsAuthorizationCodeGrantType()
+      || request.IsDeviceCodeGrantType()
+      || request.IsRefreshTokenGrantType())
     {
       // Retrieve the claims principal stored in the authorization code/device code/refresh token.
       var principal = (await HttpContext.AuthenticateAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)).Principal;
@@ -462,4 +500,18 @@ private static IEnumerable<string> GetDestinations(Claim claim, ClaimsPrincipal
         yield break;
     }
   }
+
+  private static IEnumerable<string> GetDestinations(Claim claim)
+  {
+    // Note: by default, claims are NOT automatically included in the access and identity tokens.
+    // To allow OpenIddict to serialize them, you must attach them a destination, that specifies
+    // whether they should be included in access tokens, in identity tokens or in both.
+
+    return claim.Type switch
+    {
+      Claims.Name or Claims.Subject => [Destinations.AccessToken, Destinations.IdentityToken],
+
+      _ => [Destinations.AccessToken],
+    };
+  }
 }

samples/Server/Server.csproj

@@ -10,27 +10,27 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="9.0.2" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="9.0.8" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="9.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="9.0.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="9.0.8" />
 
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.2" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="9.0.2">
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.8" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="9.0.8">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
 
-    <PackageReference Include="Quartz.Extensions.Hosting" Version="3.13.1" />
+    <PackageReference Include="Quartz.Extensions.Hosting" Version="3.15.0" />
 
-    <PackageReference Include="OpenIddict.AspNetCore" Version="6.1.1" />
-    <PackageReference Include="OpenIddict.EntityFrameworkCore" Version="6.1.1" />
-    <PackageReference Include="OpenIddict.Quartz" Version="6.1.1" />
+    <PackageReference Include="OpenIddict.AspNetCore" Version="7.0.0" />
+    <PackageReference Include="OpenIddict.EntityFrameworkCore" Version="7.0.0" />
+    <PackageReference Include="OpenIddict.Quartz" Version="7.0.0" />
 
     <PackageReference Include="Serilog.AspNetCore" Version="9.0.0" />
     <PackageReference Include="Serilog.Settings.Configuration" Version="9.0.0" />
     <PackageReference Include="Serilog.Sinks.Console" Version="6.0.0" />
     <PackageReference Include="Serilog.Sinks.RollingFile" Version="3.3.1-dev-00771" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="7.3.1" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="9.0.3" />
   </ItemGroup>
 
   <ItemGroup>

samples/Server/appsettings.json

@@ -2,7 +2,7 @@
   "ConnectionStrings": {
     "DefaultConnection": "Filename=server.sqlite"
   },
-  "DisableAccessTokenEncryption": false,
+  "DisableAccessTokenEncryption": true,
   "Serilog": {
     "MinimumLevel": {
       "Default": "Information",

src/identity/OpenIddict.UI.Identity.Api/tomware.OpenIddict.UI.Identity.Api.csproj

@@ -9,15 +9,15 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Identity" Version="2.3.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="9.0.2" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.2" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.2" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="9.0.2" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.2" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.2" />
-    <PackageReference Include="Microsoft.Extensions.Identity.Stores" Version="9.0.2" />
-    <PackageReference Include="OpenIddict.AspNetCore" Version="6.1.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity" Version="2.3.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="9.0.8" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.8" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.8" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="9.0.8" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.8" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.8" />
+    <PackageReference Include="Microsoft.Extensions.Identity.Stores" Version="9.0.8" />
+    <PackageReference Include="OpenIddict.AspNetCore" Version="7.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/identity/OpenIddict.UI.Identity.Core/tomware.OpenIddict.UI.Identity.Core.csproj

@@ -9,8 +9,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.2" />
-    <PackageReference Include="Microsoft.Extensions.Identity.Stores" Version="9.0.2" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.8" />
+    <PackageReference Include="Microsoft.Extensions.Identity.Stores" Version="9.0.8" />
   </ItemGroup>
 
   <ItemGroup>

src/identity/OpenIddict.UI.Identity.Infrastructure/tomware.OpenIddict.UI.Identity.Infrastructure.csproj

@@ -9,13 +9,13 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="9.0.2" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.2" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.2" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="9.0.2" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.2" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.2" />
-    <PackageReference Include="OpenIddict.Abstractions" Version="6.1.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="9.0.8" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.8" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.8" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="9.0.8" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.8" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.8" />
+    <PackageReference Include="OpenIddict.Abstractions" Version="7.0.0" />
   </ItemGroup>
 
   <ItemGroup>