[PM-3569] Upgrade to Duende.Identity (#3185)

* Upgrade to Duende.Identity * Linting * Get rid of last IdentityServer4 package * Fix identity test since Duende returns additional configuration * Use Configure PostConfigure is ran after ASP.NET's PostConfigure so ConfigurationManager was already configured and our HttpHandler wasn't being respected. * Regenerate lockfiles * Move to 6.0.4 for patches * fixes with testing * Add additional grant type supported in 6.0.4 and beautify * Lockfile refresh * Reapply lockfiles * Apply change to new WebAuthn logic * When automated merging fails me --------- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
2025-12-22 19:23:45 +00:00 · 2023-11-20 16:32:23 -05:00
parent 03b9136623
commit 87fd4ad97d
73 changed files with 1104 additions and 1987 deletions
--- a/bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs
+++ b/bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs
@@ -7,9 +7,9 @@ using Bit.Core.Settings;
 using Bit.Core.Utilities;
 using Bit.Sso.Models;
 using Bit.Sso.Utilities;
+using Duende.IdentityServer;
+using Duende.IdentityServer.Infrastructure;
 using IdentityModel;
-using IdentityServer4;
-using IdentityServer4.Infrastructure;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.Extensions.Options;
@@ -34,7 +34,7 @@ public class DynamicAuthenticationSchemeProvider : AuthenticationSchemeProvider
    private readonly Dictionary<string, DynamicAuthenticationScheme> _cachedSchemes;
    private readonly Dictionary<string, DynamicAuthenticationScheme> _cachedHandlerSchemes;
    private readonly SemaphoreSlim _semaphore;
-    private readonly IHttpContextAccessor _httpContextAccessor;
+    private readonly IServiceProvider _serviceProvider;

    private DateTime? _lastSchemeLoad;
    private IEnumerable<DynamicAuthenticationScheme> _schemesCopy = Array.Empty<DynamicAuthenticationScheme>();
@@ -50,7 +50,7 @@ public class DynamicAuthenticationSchemeProvider : AuthenticationSchemeProvider
        ILogger<DynamicAuthenticationSchemeProvider> logger,
        GlobalSettings globalSettings,
        SamlEnvironment samlEnvironment,
-        IHttpContextAccessor httpContextAccessor)
+        IServiceProvider serviceProvider)
        : base(options)
    {
        _oidcPostConfigureOptions = oidcPostConfigureOptions;
@@ -77,7 +77,7 @@ public class DynamicAuthenticationSchemeProvider : AuthenticationSchemeProvider
        _cachedSchemes = new Dictionary<string, DynamicAuthenticationScheme>();
        _cachedHandlerSchemes = new Dictionary<string, DynamicAuthenticationScheme>();
        _semaphore = new SemaphoreSlim(1);
-        _httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
+        _serviceProvider = serviceProvider ?? throw new ArgumentNullException(nameof(serviceProvider));
    }

    private bool CacheIsValid
@@ -324,7 +324,7 @@ public class DynamicAuthenticationSchemeProvider : AuthenticationSchemeProvider
            oidcOptions.Scope.AddIfNotExists(OpenIdConnectScopes.Acr);
        }

-        oidcOptions.StateDataFormat = new DistributedCacheStateDataFormatter(_httpContextAccessor, name);
+        oidcOptions.StateDataFormat = new DistributedCacheStateDataFormatter(_serviceProvider, name);

        // see: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest (acr_values)
        if (!string.IsNullOrWhiteSpace(config.AcrValues))