mirror of
https://github.com/bitwarden/server
synced 2025-12-16 00:03:54 +00:00
43d753dcb1
**feat**: create `SendGrantValidator` and initial `SendPasswordValidator` for Send access grants **feat**: add feature flag to toggle Send grant validation logic **feat**: add Send client to Identity and update `ApiClient` to generic `Client` **feat**: register Send services in DI pipeline **feat**: add claims management support to `ProfileService` **feat**: distinguish between invalid grant and invalid request in `SendAccessGrantValidator` **fix**: update parsing of `send_id` from request **fix**: add early return when feature flag is disabled **fix**: rename and organize Send access scope and grant type **fix**: dotnet format **test**: add unit and integration tests for `SendGrantValidator` **test**: update OpenID configuration and API resource claims **doc**: move documentation to interfaces and update inline comments **chore**: add TODO for future support of `CustomGrantTypes`
99 lines
2.4 KiB
JSON
99 lines
2.4 KiB
JSON
{
|
|
"issuer": "http://localhost",
|
|
"jwks_uri": "http://localhost:33656/.well-known/openid-configuration/jwks",
|
|
"authorization_endpoint": "http://localhost:33656/connect/authorize",
|
|
"token_endpoint": "http://localhost:33656/connect/token",
|
|
"device_authorization_endpoint": "http://localhost:33656/connect/deviceauthorization",
|
|
"backchannel_authentication_endpoint": "http://localhost:33656/connect/ciba",
|
|
"pushed_authorization_request_endpoint": "http://localhost:33656/connect/par",
|
|
"require_pushed_authorization_requests": false,
|
|
"scopes_supported": [
|
|
"api",
|
|
"api.push",
|
|
"api.licensing",
|
|
"api.organization",
|
|
"api.installation",
|
|
"internal",
|
|
"api.secrets",
|
|
"api.send.access",
|
|
"offline_access"
|
|
],
|
|
"claims_supported": [
|
|
"name",
|
|
"email",
|
|
"email_verified",
|
|
"sstamp",
|
|
"premium",
|
|
"device",
|
|
"devicetype",
|
|
"orgowner",
|
|
"orgadmin",
|
|
"orguser",
|
|
"orgcustom",
|
|
"providerprovideradmin",
|
|
"providerserviceuser",
|
|
"accesssecretsmanager",
|
|
"sub",
|
|
"send_id",
|
|
"organization"
|
|
],
|
|
"grant_types_supported": [
|
|
"authorization_code",
|
|
"client_credentials",
|
|
"refresh_token",
|
|
"implicit",
|
|
"password",
|
|
"urn:ietf:params:oauth:grant-type:device_code",
|
|
"urn:openid:params:grant-type:ciba",
|
|
"webauthn",
|
|
"send_access"
|
|
],
|
|
"response_types_supported": [
|
|
"code",
|
|
"token",
|
|
"id_token",
|
|
"id_token token",
|
|
"code id_token",
|
|
"code token",
|
|
"code id_token token"
|
|
],
|
|
"response_modes_supported": ["form_post", "query", "fragment"],
|
|
"token_endpoint_auth_methods_supported": [
|
|
"client_secret_basic",
|
|
"client_secret_post"
|
|
],
|
|
"id_token_signing_alg_values_supported": ["RS256"],
|
|
"subject_types_supported": ["public"],
|
|
"code_challenge_methods_supported": ["plain", "S256"],
|
|
"request_parameter_supported": true,
|
|
"request_object_signing_alg_values_supported": [
|
|
"RS256",
|
|
"RS384",
|
|
"RS512",
|
|
"PS256",
|
|
"PS384",
|
|
"PS512",
|
|
"ES256",
|
|
"ES384",
|
|
"ES512",
|
|
"HS256",
|
|
"HS384",
|
|
"HS512"
|
|
],
|
|
"prompt_values_supported": ["none", "login", "consent", "select_account"],
|
|
"authorization_response_iss_parameter_supported": true,
|
|
"backchannel_token_delivery_modes_supported": ["poll"],
|
|
"backchannel_user_code_parameter_supported": true,
|
|
"dpop_signing_alg_values_supported": [
|
|
"RS256",
|
|
"RS384",
|
|
"RS512",
|
|
"PS256",
|
|
"PS384",
|
|
"PS512",
|
|
"ES256",
|
|
"ES384",
|
|
"ES512"
|
|
]
|
|
}
|