diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 09ffe12d..4b7189a7 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -31,15 +31,6 @@ updates:
labels:
- "dependencies"
- "npm"
- # Only security updates for npm since they're dev dependencies
- # for build scripts and not critical for library functionality
- allow:
- - dependency-type: "direct"
- update-type: "version-update:semver-patch"
- - dependency-type: "direct"
- update-type: "version-update:semver-minor"
- - dependency-type: "indirect"
- update-type: "security-update"
- package-ecosystem: "github-actions"
directory: "/"
diff --git a/src/Auth0.AspNetCore.Authentication/Auth0.AspNetCore.Authentication.csproj b/src/Auth0.AspNetCore.Authentication/Auth0.AspNetCore.Authentication.csproj
index 603e4159..07def8e3 100644
--- a/src/Auth0.AspNetCore.Authentication/Auth0.AspNetCore.Authentication.csproj
+++ b/src/Auth0.AspNetCore.Authentication/Auth0.AspNetCore.Authentication.csproj
@@ -6,10 +6,11 @@
-
-
+
+
+
diff --git a/src/Auth0.AspNetCore.Authentication/PushedAuthorizationRequest/PushedAuthorizationRequestHandler.cs b/src/Auth0.AspNetCore.Authentication/PushedAuthorizationRequest/PushedAuthorizationRequestHandler.cs
index 69ab1adb..fe340554 100644
--- a/src/Auth0.AspNetCore.Authentication/PushedAuthorizationRequest/PushedAuthorizationRequestHandler.cs
+++ b/src/Auth0.AspNetCore.Authentication/PushedAuthorizationRequest/PushedAuthorizationRequestHandler.cs
@@ -24,11 +24,20 @@ public static async Task HandleAsync(RedirectContext context, OpenIdConnectOptio
var oidcConfiguration =
await oidcOptions.ConfigurationManager?.GetConfigurationAsync(default)!;
- object? rawParEndpoint = string.Empty;
- oidcConfiguration?.AdditionalData.TryGetValue("pushed_authorization_request_endpoint", out rawParEndpoint);
- string? parEndpoint = rawParEndpoint as string;
+ // Trying to get the PAR endpoint from the property first, fallback to AdditionalData for older configs.
+ string? parEndpoint = null;
+ if (oidcConfiguration != null)
+ {
+ parEndpoint = oidcConfiguration?.PushedAuthorizationRequestEndpoint;
+ if (string.IsNullOrEmpty(parEndpoint))
+ {
+ object? rawParEndpoint = string.Empty;
+ oidcConfiguration.AdditionalData?.TryGetValue("pushed_authorization_request_endpoint", out rawParEndpoint);
+ parEndpoint = rawParEndpoint as string;
+ }
+ }
- // If PAR was enabled in the options, but no `pushed_authorization_request_endpoint` value is find
+ // If PAR was enabled in the options, but no `pushed_authorization_request_endpoint` value is found
// in the OIDC configuration, we will throw an error.
if (string.IsNullOrEmpty(parEndpoint))
{
diff --git a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/Auth0.AspNetCore.Authentication.IntegrationTests.csproj b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/Auth0.AspNetCore.Authentication.IntegrationTests.csproj
index c71bce84..8c776de6 100644
--- a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/Auth0.AspNetCore.Authentication.IntegrationTests.csproj
+++ b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/Auth0.AspNetCore.Authentication.IntegrationTests.csproj
@@ -1,7 +1,7 @@
- net6.0
+ net8.0
@@ -24,18 +24,17 @@
-
-
-
-
-
-
-
+
+
+
+
+
+
all
runtime; build; native; contentfiles; analyzers; buildtransitive
-
+
all
runtime; build; native; contentfiles; analyzers; buildtransitive
diff --git a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/Auth0MiddlewareTests.cs b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/Auth0MiddlewareTests.cs
index 52e35930..073c744a 100644
--- a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/Auth0MiddlewareTests.cs
+++ b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/Auth0MiddlewareTests.cs
@@ -19,6 +19,7 @@
using System.Security.Cryptography;
using System.Linq;
using Auth0.AspNetCore.Authentication.Exceptions;
+using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
namespace Auth0.AspNetCore.Authentication.IntegrationTests
@@ -951,12 +952,13 @@ public async Task Should_Throw_When_Organization_Provided_But_Claim_Missing()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().Be("Organization claim (org_id) must be a string present in the ID token.");
}
}
@@ -1007,12 +1009,13 @@ public async Task Should_Throw_When_Organization_Provided_But_Claim_Mismatch()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().Be("Organization claim (org_id) mismatch in the ID token; expected \"org_123\", found \"org_456\".");
}
}
@@ -1070,12 +1073,13 @@ public async Task Should_Allow_Custom_Token_Validation()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().Be("Triggered Custom Validation.");
}
}
diff --git a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/BackchannelLogoutTests.cs b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/BackchannelLogoutTests.cs
index 1c7b7891..f30df969 100644
--- a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/BackchannelLogoutTests.cs
+++ b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/BackchannelLogoutTests.cs
@@ -38,7 +38,7 @@ public async Task Should_Return_405_If_Not_Post()
using var client = server.CreateClient();
var res = await client.SendAsync($"{TestServerBuilder.Host}/backchannel-logout");
- res.StatusCode.Should().Be(405);
+ res.StatusCode.Should().Be((HttpStatusCode)405);
}
[Fact]
@@ -67,7 +67,7 @@ public async Task Should_return_400_when_not_form_urlencoded()
var content = await response.Content.ReadAsStringAsync();
var error = ApiError.Parse(content);
- response.StatusCode.Should().Be(400);
+ response.StatusCode.Should().Be((HttpStatusCode)400);
error.Message.Should().Be("Only application/x-www-form-urlencoded is allowed.");
}
@@ -99,7 +99,7 @@ public async Task Should_return_400_when_no_logout_token()
var content = await response.Content.ReadAsStringAsync();
var error = ApiError.Parse(content);
- response.StatusCode.Should().Be(400);
+ response.StatusCode.Should().Be((HttpStatusCode)400);
error.Message.Should().Be("Missing logout_token.");
}
@@ -139,7 +139,7 @@ public async Task Should_Validate_Signature_On_Backchannel_Logout()
var content = await response.Content.ReadAsStringAsync();
var error = ApiError.Parse(content);
- response.StatusCode.Should().Be(400);
+ response.StatusCode.Should().Be((HttpStatusCode)400);
error.Message.Should().Contain("Signature validation failed.");
}
@@ -177,7 +177,7 @@ public async Task Should_Validate_Issuer_On_Backchannel_Logout()
var content = await response.Content.ReadAsStringAsync();
var error = ApiError.Parse(content);
- response.StatusCode.Should().Be(400);
+ response.StatusCode.Should().Be((HttpStatusCode)400);
error.Message.Should().Contain("Issuer validation failed.");
}
@@ -216,7 +216,7 @@ public async Task Should_Validate_Audience_On_Backchannel_Logout()
var content = await response.Content.ReadAsStringAsync();
var error = ApiError.Parse(content);
- response.StatusCode.Should().Be(400);
+ response.StatusCode.Should().Be((HttpStatusCode)400);
error.Message.Should().Contain("Audience validation failed.");
}
@@ -254,7 +254,7 @@ public async Task Should_Validate_Sid_On_Backchannel_Logout()
var content = await response.Content.ReadAsStringAsync();
var error = ApiError.Parse(content);
- response.StatusCode.Should().Be(400);
+ response.StatusCode.Should().Be((HttpStatusCode)400);
error.Message.Should().Contain("Session Id (sid) claim must be a string present in the logout token.");
}
@@ -295,7 +295,7 @@ public async Task Should_Validate_Nonce_On_Backchannel_Logout()
var content = await response.Content.ReadAsStringAsync();
var error = ApiError.Parse(content);
- response.StatusCode.Should().Be(400);
+ response.StatusCode.Should().Be((HttpStatusCode)400);
error.Message.Should().Contain("Nonce (nonce) claim must not be present in the logout token.");
}
@@ -333,7 +333,7 @@ public async Task Should_Validate_Events_When_Missing_On_Backchannel_Logout()
var content = await response.Content.ReadAsStringAsync();
var error = ApiError.Parse(content);
- response.StatusCode.Should().Be(400);
+ response.StatusCode.Should().Be((HttpStatusCode)400);
error.Message.Should().Contain("Events (events) claim must be present in the logout token.");
}
@@ -372,7 +372,7 @@ public async Task Should_Validate_Events_When_Missing_Property_Backchannel_Logou
var content = await response.Content.ReadAsStringAsync();
var error = ApiError.Parse(content);
- response.StatusCode.Should().Be(400);
+ response.StatusCode.Should().Be((HttpStatusCode)400);
error.Message.Should().Contain("Events (events) claim must contain a 'http://schemas.openid.net/event/backchannel-logout' property in the logout token.");
}
@@ -408,7 +408,7 @@ public async Task Should_Pass_Validation_On_Backchannel_Logout()
req.Content = new FormUrlEncodedContent(formData);
using var response = await client.SendAsync(req);
- response.StatusCode.Should().Be(200);
+ response.StatusCode.Should().Be((HttpStatusCode)200);
}
[Fact]
diff --git a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/TokenValidationTests.cs b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/TokenValidationTests.cs
index 706d01bd..6e6c6e4c 100644
--- a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/TokenValidationTests.cs
+++ b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/TokenValidationTests.cs
@@ -11,6 +11,7 @@
using Auth0.AspNetCore.Authentication.IntegrationTests.Extensions;
using Auth0.AspNetCore.Authentication.IntegrationTests.Infrastructure;
using Auth0.AspNetCore.Authentication.IntegrationTests.Utils;
+using Microsoft.AspNetCore.Authentication;
using Microsoft.IdentityModel.Tokens;
namespace Auth0.AspNetCore.Authentication.IntegrationTests
@@ -69,7 +70,8 @@ public async Task Should_Throw_When_Missing_Issuer()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
@@ -123,7 +125,8 @@ public async Task Should_Throw_When_Invalid_Issuer()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
@@ -177,12 +180,13 @@ public async Task Should_Throw_When_Missing_Subject()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().Be("Subject (sub) claim must be a string present in the ID token.");
}
}
@@ -232,7 +236,8 @@ public async Task Should_Throw_When_Missing_Audience()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
@@ -286,7 +291,8 @@ public async Task Should_Throw_When_Invalid_Audience()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
@@ -340,7 +346,8 @@ public async Task Should_Throw_When_Expired()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
@@ -394,12 +401,13 @@ public async Task Should_Throw_When_Missing_Azp_And_Multiple_Audiences()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().Be("Authorized Party (azp) claim must be a string present in the ID token when Audiences (aud) claim has multiple values.");
}
}
@@ -449,12 +457,13 @@ public async Task Should_Throw_When_Invalid_Azp_And_Multiple_Audiences()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().Be("Authorized Party (azp) claim mismatch in the ID token; expected \"123\", found \"789\".");
}
}
@@ -505,12 +514,13 @@ public async Task Should_Throw_When_Max_Age_Exists_And_Auth_Time_Does_Not()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().Be("Authentication Time (auth_time) claim must be an integer present in the ID token when MaxAge specified.");
}
}
@@ -561,12 +571,13 @@ public async Task Should_Throw_When_Max_Age_Exists_And_Auth_Time_Is_Invalid()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().StartWith("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication.");
}
}
@@ -644,12 +655,13 @@ public async Task Should_Throw_When_Missing_OrgId()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().Be("Organization claim (org_id) must be a string present in the ID token.");
}
}
@@ -699,12 +711,13 @@ public async Task Should_Throw_When_OrgId_Mismatch()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().Be($"Organization claim (org_id) mismatch in the ID token; expected \"org_123\", found \"org_abc\".");
}
}
@@ -795,12 +808,13 @@ public async Task Should_Throw_When_Missing_OrgName()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().Be("Organization claim (org_name) must be a string present in the ID token.");
}
}
@@ -850,12 +864,13 @@ public async Task Should_Throw_When_OrgName_Mismatch()
var innerException = act
.Should()
- .Throw()
+ .ThrowAsync()
+ .Result
.And.InnerException;
innerException
.Should()
- .BeOfType()
+ .BeOfType()
.Which.Message.Should().Be($"Organization claim (org_name) mismatch in the ID token; expected \"organizationa\", found \"organizationb\".");
}
}
diff --git a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/wellknownconfig.json b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/wellknownconfig.json
index 85502474..5a07f904 100644
--- a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/wellknownconfig.json
+++ b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/wellknownconfig.json
@@ -60,5 +60,5 @@
"picture",
"sub"
],
- "request_uri_parameter_supported": "false"
+ "request_uri_parameter_supported": false
}
\ No newline at end of file
diff --git a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/wellknownconfig_without_par.json b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/wellknownconfig_without_par.json
index 70e44ecf..1e478b8c 100644
--- a/tests/Auth0.AspNetCore.Authentication.IntegrationTests/wellknownconfig_without_par.json
+++ b/tests/Auth0.AspNetCore.Authentication.IntegrationTests/wellknownconfig_without_par.json
@@ -59,5 +59,5 @@
"picture",
"sub"
],
- "request_uri_parameter_supported": "false"
+ "request_uri_parameter_supported": false
}
\ No newline at end of file