feat: push autorization request

src/Aguacongas.TheIdServer.Duende/SeedData.cs

@@ -8,6 +8,7 @@
 using IdentityModel;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
+using Serilog;
 using System.Security.Claims;
 using System.Text.Json;
 using Entity = Aguacongas.IdentityServer.Store.Entity;
@@ -527,7 +528,18 @@ private static void SeedClients(IConfiguration configuration, IServiceProvider p
                         SlidingRefreshTokenLifetime = client.SlidingRefreshTokenLifetime,
                         UpdateAccessTokenClaimsOnRefresh = client.UpdateAccessTokenClaimsOnRefresh,
                         UserCodeType = client.UserCodeType,
-                        UserSsoLifetime = client.UserSsoLifetime
+                        UserSsoLifetime = client.UserSsoLifetime,
+                        AllowedIdentityTokenSigningAlgorithms = client.AllowedIdentityTokenSigningAlgorithms.Select(a => new Entity.ClientAllowedIdentityTokenSigningAlgorithm
+                        {
+                            Algorithm = a
+                        }).ToArray(),
+                        CibaLifetime = client.CibaLifetime,
+                        CoordinateLifetimeWithUserSession = client.CoordinateLifetimeWithUserSession,
+                        PollingInterval = client.PollingInterval,
+                        RequireRequestObject = client.RequireRequestObject,
+                        RequireDPoP = client.RequireDPoP,
+                        PushedAuthorizationLifetime = client.PushedAuthorizationLifetime,
+                        RequirePushedAuthorization = client.RequirePushedAuthorization
                     }).GetAwaiter().GetResult();
                 }
                 catch (ArgumentException)

src/BlazorApp/Aguacongas.TheIdServer.BlazorApp.Components/Aguacongas.TheIdServer.BlazorApp.Components.csproj

@@ -26,4 +26,9 @@
 	<ItemGroup>
 	  <None Include="package-icon.png" Pack="true" PackagePath="" />
 	</ItemGroup>
+	<ItemGroup>
+	  <Content Update="Form\AuthorizeNumber.razor">
+	    <ExcludeFromSingleFile>true</ExcludeFromSingleFile>
+	  </Content>
+	</ItemGroup>
 </Project>

src/BlazorApp/Aguacongas.TheIdServer.BlazorApp.Components/Form/AuthorizeNumber.razor

@@ -0,0 +1,13 @@
+@typeparam T
+@inherits InputNumber<T>
+<AuthorizeView Policy="@SharedConstants.WRITERPOLICY">
+    <Authorized>
+        <InputNumber id="@Id" class="form-control" max="@Max" min="@Min"
+                   ValueExpression="@ValueExpression" Value="@Value" ValueChanged="ValueChanged" />
+    </Authorized>
+    <NotAuthorized>
+        <div id="@Id" class="col-form-label">
+            @Value
+        </div>
+    </NotAuthorized>
+</AuthorizeView>

src/BlazorApp/Aguacongas.TheIdServer.BlazorApp.Components/Form/AuthorizeNumber.razor.cs

@@ -0,0 +1,20 @@
+// Project: Aguafrommars/TheIdServer
+// Copyright (c) 2023 @Olivier Lefebvre
+using Microsoft.AspNetCore.Components;
+
+namespace Aguacongas.TheIdServer.BlazorApp.Components.Form
+{
+    public partial class AuthorizeNumber<T>
+    {
+        [Parameter]
+        public string Id { get; set; }
+        [Parameter]
+        public string Placeholder { get; set; }
+
+        [Parameter]
+        public int? Max { get; set; }
+
+        [Parameter]
+        public int? Min { get; set; }
+    }
+}

src/BlazorApp/Aguacongas.TheIdServer.BlazorApp.Pages.Client/Client.razor

@@ -196,6 +196,24 @@ else
                                     <AuthorizeCheckbox Name="back-channel-logout-uri-required" Label="@Localizer["back channel logout uri required"]" @bind-Value="@Model.BackChannelLogoutSessionRequired" />
                                 </div>
                             </div>
+                            <div class="mb-3 row">
+                                <label class="col col-form-label">
+                                </label>
+                                <div class="col-lg-10 col-sm-12">
+                                    <AuthorizeCheckbox Name="require-push-authorization-request" Label="@Localizer["require push authorization request"]" @bind-Value="@Model.RequirePushedAuthorization" />
+                                </div>
+                            </div>
+                            @if (Model.RequirePushedAuthorization)
+                            {
+                                <div class="mb-3 row">
+                                    <label class="col col-form-label" for="push-authorization-lifetime">
+                                        @Localizer["push authorization lifetime"]
+                                    </label>
+                                    <div class="col-lg-10 col-sm-12">
+                                        <AuthorizeNumber Name="push-authorization-lifetime" @bind-Value="@Model.PushedAuthorizationLifetime" Min="1" />
+                                    </div>
+                                </div>
+                            }
                         }
                         else if (Model.ProtocolType != OIDC)
                         {

src/IdentityServer/Aguacongas.IdentityServer.EntityFramework.Store/AdminStore.cs

@@ -69,10 +69,7 @@ public async Task DeleteAsync(string id, CancellationToken cancellationToken = d
         public async Task<TEntity> CreateAsync(TEntity entity, CancellationToken cancellationToken = default)
         {
             entity = entity ?? throw new ArgumentNullException(nameof(entity));
-            if (entity.Id == null)
-            {
-                entity.Id = Guid.NewGuid().ToString();
-            }
+            entity.Id ??= Guid.NewGuid().ToString();
             if (entity is IAuditable auditable)
             {
                 auditable.CreatedAt = DateTime.UtcNow;

src/IdentityServer/Aguacongas.IdentityServer.EntityFramework.Store/OperationalDbContext.cs

@@ -28,16 +28,18 @@ public OperationalDbContext(DbContextOptions<OperationalDbContext> options):base
 
         public virtual DbSet<OneTimeToken> OneTimeTokens { get; set; }
 
-        public DbSet<DataProtectionKey> DataProtectionKeys { get; set; }
+        public virtual DbSet<DataProtectionKey> DataProtectionKeys { get; set; }
 
-        public DbSet<KeyRotationKey> KeyRotationKeys { get; set; }
+        public virtual DbSet<KeyRotationKey> KeyRotationKeys { get; set; }
 
-        public DbSet<UserSession> UserSessions { get; set; }
+        public virtual DbSet<UserSession> UserSessions { get; set; }
 
-        public DbSet<Saml2PArtifact> Saml2pArtifact { get; set; }
+        public virtual DbSet<Saml2PArtifact> Saml2pArtifact { get; set; }
 
         public virtual DbSet<BackChannelAuthenticationRequest> BackChannelAuthenticationRequests { get; set; }
 
+        public virtual DbSet<PushedAuthorizationRequest> PushedAuthorizationRequests { get; set; }
+
         public override int SaveChanges()
         {
             SetAuditFields();

src/IdentityServer/Aguacongas.IdentityServer.MongoDb.Store/AdminStores/AdminStore.cs

@@ -121,10 +121,7 @@ public async Task DeleteAsync(string id, CancellationToken cancellationToken = d
         public async Task<TEntity> CreateAsync(TEntity entity, CancellationToken cancellationToken = default)
         {
             entity = entity ?? throw new ArgumentNullException(nameof(entity));
-            if (entity.Id == null)
-            {
-                entity.Id = Guid.NewGuid().ToString();
-            }
+            entity.Id ??= Guid.NewGuid().ToString();
             if (entity is IAuditable auditable)
             {
                 auditable.CreatedAt = DateTime.UtcNow;

src/IdentityServer/Aguacongas.IdentityServer.Store/Entity/Client.cs

@@ -389,6 +389,16 @@ public class Client : IAuditable, ICloneable<Client>, ILocalizable<ClientLocaliz
         /// </summary>
         public bool RequireDPoP { get; set; }
 
+        /// <summary>
+        /// Specifies whether pushed authorization requests are required for this client.
+        /// </summary>
+        public bool RequirePushedAuthorization { get; set; }
+
+        /// <summary>
+        /// Lifetime of pushed authorization requests for this client.
+        /// </summary>
+        public int? PushedAuthorizationLifetime { get; set; }
+
         /// <summary>
         /// Gets or sets the relying.
         /// </summary>

src/IdentityServer/Aguacongas.IdentityServer.Store/Entity/PushedAuthorizationRequest.cs

@@ -0,0 +1,36 @@
+using System;
+
+namespace Aguacongas.IdentityServer.Store.Entity;
+
+/// <summary>
+/// Represents a persisted Pushed Authorization Request.
+/// </summary>
+public class PushedAuthorizationRequest : IEntityId, IAuditable
+{
+    /// <summary>
+    /// Gets the identifier.
+    /// </summary>
+    /// <value>
+    /// The identifier.
+    /// </value>
+    /// <remarks>
+    /// This is the hash
+    /// </remarks>
+    public string Id { get; set; }
+
+    /// <summary>
+    /// Gets the Expires at
+    /// </summary>
+    public DateTime ExpiresAtUtc { get; set; }
+
+    /// <summary>
+    /// Gets the request parameters.
+    /// </summary>
+    public string Parameters { get; set; }
+
+    /// <inheritdoc/>
+    public DateTime CreatedAt { get; set; }
+
+    /// <inheritdoc/>
+    public DateTime? ModifiedAt { get; set; }
+}

src/IdentityServer/Duende/Aguacongas.IdentityServer.Duende/Extensions/EntityExtensions.cs

@@ -108,7 +108,9 @@ public static Client ToClient(this Entity.Client client)
                 CoordinateLifetimeWithUserSession = client.CoordinateLifetimeWithUserSession,
                 PollingInterval = client.PollingInterval,
                 RequireRequestObject = client.RequireRequestObject,
-                RequireDPoP = client.RequireDPoP
+                RequireDPoP = client.RequireDPoP,
+                PushedAuthorizationLifetime = client.PushedAuthorizationLifetime,
+                RequirePushedAuthorization = client.RequirePushedAuthorization,
             };
         }
 

src/IdentityServer/Duende/Aguacongas.IdentityServer.Duende/Store/PushedAuthorizationRequestStore.cs

@@ -6,18 +6,34 @@
 namespace Aguacongas.IdentityServer.Store;
 public class PushedAuthorizationRequestStore : IPushedAuthorizationRequestStore
 {
-    public Task ConsumeByHashAsync(string referenceValueHash)
+    private readonly IAdminStore<Entity.PushedAuthorizationRequest> _store;
+
+    public PushedAuthorizationRequestStore(IAdminStore<Entity.PushedAuthorizationRequest> store)
     {
-        throw new NotImplementedException();
+        ArgumentNullException.ThrowIfNull(store);
+        _store = store;
     }
 
-    public Task<PushedAuthorizationRequest> GetByHashAsync(string referenceValueHash)
+    public Task ConsumeByHashAsync(string referenceValueHash)
+    => _store.DeleteAsync(referenceValueHash);
+
+
+    public async Task<PushedAuthorizationRequest> GetByHashAsync(string referenceValueHash)
     {
-        throw new NotImplementedException();
+        var entity = await _store.GetAsync(referenceValueHash, null).ConfigureAwait(false);
+        return entity is null ? null : new PushedAuthorizationRequest
+        {
+            ExpiresAtUtc = entity.ExpiresAtUtc,
+            Parameters = entity.Parameters,
+            ReferenceValueHash = entity.Id
+        };
     }
 
     public Task StoreAsync(PushedAuthorizationRequest pushedAuthorizationRequest)
+    => _store.CreateAsync(new Entity.PushedAuthorizationRequest
     {
-        throw new NotImplementedException();
-    }
+        ExpiresAtUtc = pushedAuthorizationRequest.ExpiresAtUtc,
+        Id = pushedAuthorizationRequest.ReferenceValueHash,
+        Parameters = pushedAuthorizationRequest.Parameters
+    });
 }

src/IdentityServer/Duende/Aguacongas.IdentityServer.MongoDb.Store.Duende/ServiceCollectionExtensions.cs

@@ -57,8 +57,6 @@ private static void AddTheIdServerMongoDbStores(IServiceCollection services, Typ
             var iAdminStoreType = typeof(IAdminStore<>)
                     .MakeGenericType(entityType.GetTypeInfo()).GetTypeInfo();
             services.AddTransient(iAdminStoreType, cacheAdminStoreType);
-
-
         }
 
         private static object GetCollection(Func<IServiceProvider, IMongoDatabase> getDatabase, IServiceProvider provider, Type entityType)

src/IdentityServer/Duende/Aguacongas.IdentityServer.RavenDb.Store.Duende/ServiceCollectionExtensions.cs

@@ -89,6 +89,7 @@ public static IServiceCollection AddTheIdServerRavenDbStores(this IServiceCollec
                 .AddTransient<AdminStore<Entity.RelyingParty>>()
                 .AddTransient<RelyingPartyClaimMappingStore>()
                 .AddTransient<AdminStore<Entity.Saml2PArtifact>>()
+                .AddTransient<AdminStore<Entity.PushedAuthorizationRequest>>()
                 .AddTransient<IAdminStore<Entity.ApiApiScope>, CacheAdminStore<ApiApiScopeStore, Entity.ApiApiScope>>()
                 .AddTransient<IAdminStore<Entity.ApiClaim>, CacheAdminStore<ApiClaimStore, Entity.ApiClaim>>()
                 .AddTransient<IAdminStore<Entity.ApiLocalizedResource>, CacheAdminStore<ApiLocalizedResourceStore, Entity.ApiLocalizedResource>>()
@@ -135,10 +136,11 @@ public static IServiceCollection AddTheIdServerRavenDbStores(this IServiceCollec
                 .AddTransient<IAdminStore<Entity.RelyingParty>, CacheAdminStore<AdminStore<Entity.RelyingParty>, Entity.RelyingParty>>()
                 .AddTransient<IAdminStore<Entity.RelyingPartyClaimMapping>, CacheAdminStore<RelyingPartyClaimMappingStore, Entity.RelyingPartyClaimMapping>>()
                 .AddTransient<IAdminStore<Entity.Saml2PArtifact>, CacheAdminStore<AdminStore<Entity.Saml2PArtifact>, Entity.Saml2PArtifact>>()
+                .AddTransient<IAdminStore<Entity.PushedAuthorizationRequest>, CacheAdminStore<AdminStore<Entity.PushedAuthorizationRequest>, Entity.PushedAuthorizationRequest>>()
                 .AddTransient<CacheAdminStore<AdminStore<Entity.User>, Entity.User>>()
                 .AddTransient<CacheAdminStore<AdminStore<Entity.Role>, Entity.Role>>()
                 .AddTransient<CacheAdminStore<AdminStore<Entity.ExternalProvider>, Entity.ExternalProvider>>()
-                .AddTransient<CacheAdminStore<AdminStore<Entity.Saml2PArtifact>, Entity.Saml2PArtifact>>();                
+                .AddTransient<CacheAdminStore<AdminStore<Entity.Saml2PArtifact>, Entity.Saml2PArtifact>>();
         }
     }
 }

src/IdentityServer/Migrations/Aguacongas.TheIdServer.Migrations.MySql/Aguacongas.TheIdServer.Migrations.MySql.csproj

@@ -27,8 +27,7 @@
 	</ItemGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="8.0.0" />
-		<PackageReference Include="Pomelo.EntityFrameworkCore.MySql" Version="7.0.0" />
+		<PackageReference Include="Pomelo.EntityFrameworkCore.MySql" Version="8.0.0-beta.1" />
 	</ItemGroup>
 
 	<ItemGroup>

src/IdentityServer/Migrations/Aguacongas.TheIdServer.Migrations.PostgreSQL/Aguacongas.TheIdServer.Migrations.PostgreSQL.csproj

@@ -27,10 +27,7 @@
 	</ItemGroup>
 
 	<ItemGroup>
-    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.0" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Abstractions" Version="8.0.0" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="8.0.0" />
-		<PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="7.0.11" />
+		<PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="8.0.0-rc.2" />
 	</ItemGroup>
 
 	<ItemGroup>