DuendeSoftware · brockallen · Sep 15, 2023 · Aug 30, 2023 · Aug 30, 2023 · Sep 6, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -32,7 +32,7 @@ jobs:
       uses: actions/setup-dotnet@v2
       with:
         dotnet-version: |
-          8.0.100-preview.6.23330.14
+          8.0.100-preview.7.23376.3
 
     - run: dotnet --info
 

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -41,7 +41,7 @@ jobs:
       uses: actions/setup-dotnet@v2
       with:
         dotnet-version: |
-          8.0.100-preview.6.23330.14
+          8.0.100-preview.7.23376.3
 
     - run: dotnet --info
 

diff --git a/Directory.Build.targets b/Directory.Build.targets
@@ -15,10 +15,10 @@
     </PropertyGroup>-->
 
     <PropertyGroup Condition=" '$(TargetFramework)' == 'net8.0'">
-        <FrameworkVersion>8.0.0-preview.6.23329.11</FrameworkVersion>
-        <ExtensionsVersion>8.0.0-preview.6.23329.7</ExtensionsVersion>
-        <EntityFrameworkVersion>8.0.0-preview.6.23329.4</EntityFrameworkVersion>
-        <WilsonVersion>6.15.1</WilsonVersion>
+        <FrameworkVersion>8.0.0-preview.7.23375.9</FrameworkVersion>
+        <ExtensionsVersion>8.0.0-preview.7.23375.6</ExtensionsVersion>
+        <EntityFrameworkVersion>8.0.0-preview.7.23375.4</EntityFrameworkVersion>
+        <WilsonVersion>7.0.0</WilsonVersion>
     </PropertyGroup>
 
     <ItemGroup>

diff --git a/global.json b/global.json
@@ -1,6 +1,6 @@
 {
   "sdk": {
-    "version": "8.0.100-preview.6.23330.14",
+    "version": "8.0.100-preview.7.23376.3",
     "rollForward": "latestMajor",
     "allowPrerelease": true
   }

diff --git a/hosts/AspNetIdentity/GlobalSuppressions.cs b/hosts/AspNetIdentity/GlobalSuppressions.cs
@@ -13,9 +13,8 @@
 [assembly: SuppressMessage("Design", "CA1054:URI-like parameters should not be strings", Justification = "Consistent with the IdentityServer APIs")]
 [assembly: SuppressMessage("Design", "CA1056:URI-like properties should not be strings", Justification = "Consistent with the IdentityServer APIs")]
 [assembly: SuppressMessage("Naming", "CA1716:Identifiers should not match keywords", Justification = "This namespace is just for organization, and won't be referenced elsewhere", Scope = "namespace", Target = "~N:IdentityServerHost.Pages.Error")]
-[assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Namespaces of pages are not likely to be used elsewhere, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Pages.Ciba.Consent")]
 [assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Namespaces of pages are not likely to be used elsewhere, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Pages.Extensions")]
-[assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Resources is only used for initalization, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Configuration.Resources")]
+[assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Resources is only used for initialization, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Configuration.Resources")]
 [assembly: SuppressMessage("Performance", "CA1805:Do not initialize unnecessarily", Justification = "This is for clarity and consistency with the surrounding code", Scope = "member", Target = "~F:IdentityServerHost.Pages.Logout.LogoutOptions.AutomaticRedirectAfterSignOut")]
 [assembly: SuppressMessage("Reliability", "CA2007:Consider calling ConfigureAwait on the awaited task", Justification = "No need for ConfigureAwait in ASP.NET Core application code, as there is no SynchronizationContext.")]
 
diff --git a/hosts/Configuration/GlobalSuppressions.cs b/hosts/Configuration/GlobalSuppressions.cs
@@ -16,7 +16,7 @@
 [assembly: SuppressMessage("Naming", "CA1716:Identifiers should not match keywords", Justification = "This namespace is just for organization, and won't be referenced elsewhere", Scope = "namespace", Target = "~N:IdentityServerHost.Pages.Error")]
 [assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Namespaces of pages are not likely to be used elsewhere, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Pages.Ciba.Consent")]
 [assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Namespaces of pages are not likely to be used elsewhere, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Pages.Extensions")]
-[assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Resources is only used for initalization, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Configuration.Resources")]
+[assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Resources is only used for initialization, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Configuration.Resources")]
 [assembly: SuppressMessage("Performance", "CA1805:Do not initialize unnecessarily", Justification = "This is for clarity and consistency with the surrounding code", Scope = "member", Target = "~F:IdentityServerHost.Pages.Logout.LogoutOptions.AutomaticRedirectAfterSignOut")]
 [assembly: SuppressMessage("Reliability", "CA2007:Consider calling ConfigureAwait on the awaited task", Justification = "No need for ConfigureAwait in ASP.NET Core application code, as there is no SynchronizationContext.")]
 [assembly: SuppressMessage("Performance", "CA1812:Avoid uninstantiated internal classes", Justification = "CustomClientRegistrationProcessor is created through DI", Scope = "type", Target = "~T:IdentityServerHost.CustomClientRegistrationProcessor")]

diff --git a/hosts/EntityFramework/Pages/Admin/ApiScopes/ApiScopeRepository.cs b/hosts/EntityFramework/Pages/Admin/ApiScopes/ApiScopeRepository.cs
@@ -82,7 +82,12 @@ public async Task CreateAsync(ApiScopeModel model)
             scope.UserClaims = claims.ToList();
         }
 
+#pragma warning disable CA1849 // Call async methods when in an async method
+// CA1849 Suppressed because AddAsync is only needed for value generators that
+// need async database access (e.g., HiLoValueGenerator), and we don't use those
+// generators
         _context.ApiScopes.Add(scope.ToEntity());
+#pragma warning restore CA1849 // Call async methods when in an async method
         await _context.SaveChangesAsync();
     }
 

diff --git a/hosts/EntityFramework/Pages/Admin/Clients/ClientRepository.cs b/hosts/EntityFramework/Pages/Admin/Clients/ClientRepository.cs
@@ -137,7 +137,12 @@ public async Task CreateAsync(CreateClientModel model)
             client.AllowOfflineAccess = true;
         }
 
+#pragma warning disable CA1849 // Call async methods when in an async method
+// CA1849 Suppressed because AddAsync is only needed for value generators that
+// need async database access (e.g., HiLoValueGenerator), and we don't use those
+// generators
         _context.Clients.Add(client.ToEntity());
+#pragma warning restore CA1849 // Call async methods when in an async method
         await _context.SaveChangesAsync();
     }
 

diff --git a/hosts/EntityFramework/Pages/Admin/IdentityScopes/IdentityScopeRepository.cs b/hosts/EntityFramework/Pages/Admin/IdentityScopes/IdentityScopeRepository.cs
@@ -81,8 +81,12 @@ public async Task CreateAsync(IdentityScopeModel model)
         {
             scope.UserClaims = claims.ToList();
         }
-
+#pragma warning disable CA1849 // Call async methods when in an async method
+// CA1849 Suppressed because AddAsync is only needed for value generators that
+// need async database access (e.g., HiLoValueGenerator), and we don't use those
+// generators
         _context.IdentityResources.Add(scope.ToEntity());
+#pragma warning restore CA1849
         await _context.SaveChangesAsync();
     }
 

diff --git a/hosts/main/GlobalSuppressions.cs b/hosts/main/GlobalSuppressions.cs
@@ -16,7 +16,7 @@
 [assembly: SuppressMessage("Naming", "CA1716:Identifiers should not match keywords", Justification = "This namespace is just for organization, and won't be referenced elsewhere", Scope = "namespace", Target = "~N:IdentityServerHost.Pages.Error")]
 [assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Namespaces of pages are not likely to be used elsewhere, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Pages.Ciba.Consent")]
 [assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Namespaces of pages are not likely to be used elsewhere, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Pages.Extensions")]
-[assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Resources is only used for initalization, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Configuration.Resources")]
+[assembly: SuppressMessage("Naming", "CA1724:Type names should not match namespaces", Justification = "Resources is only used for initialization, so there is little chance of confusion", Scope = "type", Target = "~T:IdentityServerHost.Configuration.Resources")]
 [assembly: SuppressMessage("Performance", "CA1805:Do not initialize unnecessarily", Justification = "This is for clarity and consistency with the surrounding code", Scope = "member", Target = "~F:IdentityServerHost.Pages.Logout.LogoutOptions.AutomaticRedirectAfterSignOut")]
 [assembly: SuppressMessage("Reliability", "CA2007:Consider calling ConfigureAwait on the awaited task", Justification = "No need for ConfigureAwait in ASP.NET Core application code, as there is no SynchronizationContext.")]
 
diff --git a/src/Configuration/Extensions/ConfigurationEndpointExtensions.cs b/src/Configuration/Extensions/ConfigurationEndpointExtensions.cs
@@ -36,7 +36,7 @@ internal static void CheckLicense(this IEndpointRouteBuilder endpoints)
             var loggerFactory = endpoints.ServiceProvider.GetRequiredService<ILoggerFactory>();
             var options = endpoints.ServiceProvider.GetRequiredService<IOptions<IdentityServerConfigurationOptions>>().Value;
 
-            ConfigurationLicenseValidator.Instance.Initalize(loggerFactory, options);
+            ConfigurationLicenseValidator.Instance.Initialize(loggerFactory, options);
         }
 
         _licenseChecked = true;

diff --git a/src/Configuration/Licensing/ConfigurationLicense.cs b/src/Configuration/Licensing/ConfigurationLicense.cs
@@ -23,12 +23,12 @@ public ConfigurationLicense()
     // for testing
     internal ConfigurationLicense(params Claim[] claims)
     {
-        Initalize(new ClaimsPrincipal(new ClaimsIdentity(claims)));
+        Initialize(new ClaimsPrincipal(new ClaimsIdentity(claims)));
     }
 
-    internal override void Initalize(ClaimsPrincipal claims)
+    internal override void Initialize(ClaimsPrincipal claims)
     {
-        base.Initalize(claims);
+        base.Initialize(claims);
 
         ConfigApiFeature = claims.HasClaim("feature", "config_api");
         switch (Edition)

diff --git a/src/Configuration/Licensing/ConfigurationLicenseValidator.cs b/src/Configuration/Licensing/ConfigurationLicenseValidator.cs
@@ -15,9 +15,9 @@ internal class ConfigurationLicenseValidator : LicenseValidator<ConfigurationLic
 {
     internal readonly static ConfigurationLicenseValidator Instance = new ConfigurationLicenseValidator();
 
-    public void Initalize(ILoggerFactory loggerFactory, IdentityServerConfigurationOptions options)
+    public void Initialize(ILoggerFactory loggerFactory, IdentityServerConfigurationOptions options)
     {
-        Initalize(loggerFactory, "IdentityServer.Configuration", options.LicenseKey);
+        Initialize(loggerFactory, "IdentityServer.Configuration", options.LicenseKey);
         ValidateLicense();
     }
 

diff --git a/src/Configuration/Licensing/License.cs b/src/Configuration/Licensing/License.cs
@@ -25,7 +25,7 @@ protected License()
     /// <summary>
     /// Initializes the license from the claims in the key.
     /// </summary>
-    internal virtual void Initalize(ClaimsPrincipal claims)
+    internal virtual void Initialize(ClaimsPrincipal claims)
     {
         Claims = claims;
 

diff --git a/src/Configuration/Licensing/LicenseValidator.cs b/src/Configuration/Licensing/LicenseValidator.cs
@@ -37,12 +37,12 @@ public T GetLicense()
         if (_copy == null && License != null)
         {
             _copy = new T();
-            _copy.Initalize(License.Claims.Clone());
+            _copy.Initialize(License.Claims.Clone());
         }
         return _copy;
     }
 
-    protected void Initalize(ILoggerFactory loggerFactory, string productName, string key)
+    protected void Initialize(ILoggerFactory loggerFactory, string productName, string key)
     {
         Logger = loggerFactory.CreateLogger($"Duende.{productName}.License");
 
@@ -166,11 +166,11 @@ internal T ValidateKey(string licenseKey)
                 ValidateLifetime = false
             };
 
-            var validateResult = handler.ValidateToken(licenseKey, parms);
+            var validateResult = handler.ValidateTokenAsync(licenseKey, parms).Result;
             if (validateResult.IsValid)
             {
                 var license = new T();
-                license.Initalize(new ClaimsPrincipal(validateResult.ClaimsIdentity));
+                license.Initialize(new ClaimsPrincipal(validateResult.ClaimsIdentity));
                 return license;
             }
             else

diff --git a/src/IdentityServer/Configuration/IdentityServerApplicationBuilderExtensions.cs b/src/IdentityServer/Configuration/IdentityServerApplicationBuilderExtensions.cs
@@ -76,7 +76,7 @@ internal static void Validate(this IApplicationBuilder app)
 
             var options = serviceProvider.GetRequiredService<IdentityServerOptions>();
             var env = serviceProvider.GetRequiredService<IHostEnvironment>();
-            IdentityServerLicenseValidator.Instance.Initalize(loggerFactory, options, env.IsDevelopment());
+            IdentityServerLicenseValidator.Instance.Initialize(loggerFactory, options, env.IsDevelopment());
 
             TestService(serviceProvider, typeof(IPersistedGrantStore), logger, "No storage mechanism for grants specified. Use the 'AddInMemoryPersistedGrants' extension method to register a development version.");
             TestService(serviceProvider, typeof(IClientStore), logger, "No storage mechanism for clients specified. Use the 'AddInMemoryClients' extension method to register a development version.");

diff --git a/src/IdentityServer/Hosting/LocalApiAuthentication/LocalApiAuthenticationHandler.cs b/src/IdentityServer/Hosting/LocalApiAuthentication/LocalApiAuthenticationHandler.cs
@@ -255,9 +255,14 @@ protected override Task HandleChallengeAsync(AuthenticationProperties properties
 
         if (sb.Length > 0)
         {
-            Response.Headers.Add(HeaderNames.WWWAuthenticate, sb.ToString());
+            if(Response.Headers.ContainsKey(HeaderNames.WWWAuthenticate))
+            {
+
+                throw new InvalidOperationException("Attempted to set the WWW-Authenticate header when it is already set");
+            }
+            Response.Headers[HeaderNames.WWWAuthenticate] = sb.ToString();
         }
 
         return Task.CompletedTask;
     }
-}
+} 
diff --git a/src/IdentityServer/Licensing/IdentityServerLicense.cs b/src/IdentityServer/Licensing/IdentityServerLicense.cs
@@ -24,12 +24,12 @@ public IdentityServerLicense()
     // for testing
     internal IdentityServerLicense(params Claim[] claims)
     {
-        Initalize(new ClaimsPrincipal(new ClaimsIdentity(claims)));
+        Initialize(new ClaimsPrincipal(new ClaimsIdentity(claims)));
     }
 
-    internal override void Initalize(ClaimsPrincipal claims)
+    internal override void Initialize(ClaimsPrincipal claims)
     {
-        base.Initalize(claims);
+        base.Initialize(claims);
 
         RedistributionFeature = claims.HasClaim("feature", "isv") || claims.HasClaim("feature", "redistribution");
 

diff --git a/src/IdentityServer/Licensing/IdentityServerLicenseValidator.cs b/src/IdentityServer/Licensing/IdentityServerLicenseValidator.cs
@@ -22,11 +22,11 @@ internal class IdentityServerLicenseValidator : LicenseValidator<IdentityServerL
     ConcurrentDictionary<string, byte> _clientIds = new ConcurrentDictionary<string, byte>();
     ConcurrentDictionary<string, byte> _issuers = new ConcurrentDictionary<string, byte>();
 
-    public void Initalize(ILoggerFactory loggerFactory, IdentityServerOptions options, bool isDevelopment = false)
+    public void Initialize(ILoggerFactory loggerFactory, IdentityServerOptions options, bool isDevelopment = false)
     {
         _options = options;
 
-        Initalize(loggerFactory, "IdentityServer", options.LicenseKey);
+        Initialize(loggerFactory, "IdentityServer", options.LicenseKey);
 
         if (License?.RedistributionFeature == true && !isDevelopment)
         {

diff --git a/src/IdentityServer/Licensing/License.cs b/src/IdentityServer/Licensing/License.cs
@@ -26,7 +26,7 @@ protected License()
     /// <summary>
     /// Initializes the license from the claims in the key.
     /// </summary>
-    internal virtual void Initalize(ClaimsPrincipal claims)
+    internal virtual void Initialize(ClaimsPrincipal claims)
     {
         Claims = claims;
 

diff --git a/src/IdentityServer/Licensing/LicenseValidator.cs b/src/IdentityServer/Licensing/LicenseValidator.cs
@@ -40,12 +40,12 @@ public T GetLicense()
         if (_copy == null && License != null)
         {
             _copy = new T();
-            _copy.Initalize(License.Claims.Clone());
+            _copy.Initialize(License.Claims.Clone());
         }
         return _copy;
     }
 
-    protected void Initalize(ILoggerFactory loggerFactory, string productName, string key)
+    protected void Initialize(ILoggerFactory loggerFactory, string productName, string key)
     {
         //if (Logger != null) throw new InvalidOperationException("LicenseValidator already initialized.");
 
@@ -171,11 +171,11 @@ internal T ValidateKey(string licenseKey)
                 ValidateLifetime = false
             };
 
-            var validateResult = handler.ValidateToken(licenseKey, parms);
+            var validateResult = handler.ValidateTokenAsync(licenseKey, parms).Result;
             if (validateResult.IsValid)
             {
                 var license = new T();
-                license.Initalize(new ClaimsPrincipal(validateResult.ClaimsIdentity));
+                license.Initialize(new ClaimsPrincipal(validateResult.ClaimsIdentity));
                 return license;
             }
             else

diff --git a/src/IdentityServer/Validation/Default/DefaultDPoPProofValidator.cs b/src/IdentityServer/Validation/Default/DefaultDPoPProofValidator.cs
@@ -154,7 +154,7 @@ protected virtual Task ValidateHeaderAsync(DPoPProofValidatonContext context, DP
             return Task.CompletedTask;
         }
 
-        if (!token.TryGetHeaderValue<IDictionary<string, object>>(JwtClaimTypes.JsonWebKey, out var jwkValues))
+        if (!token.TryGetHeaderValue<JsonElement>(JwtClaimTypes.JsonWebKey, out var jwkValues))
         {
             result.IsError = true;
             result.ErrorDescription = "Invalid 'jwk' value.";
@@ -193,7 +193,7 @@ protected virtual Task ValidateHeaderAsync(DPoPProofValidatonContext context, DP
     /// <summary>
     /// Validates the signature.
     /// </summary>
-    protected virtual Task ValidateSignatureAsync(DPoPProofValidatonContext context, DPoPProofValidatonResult result)
+    protected virtual async Task ValidateSignatureAsync(DPoPProofValidatonContext context, DPoPProofValidatonResult result)
     {
         Microsoft.IdentityModel.Tokens.TokenValidationResult tokenValidationResult;
 
@@ -209,27 +209,27 @@ protected virtual Task ValidateSignatureAsync(DPoPProofValidatonContext context,
             };
 
             var handler = new JsonWebTokenHandler();
-            tokenValidationResult = handler.ValidateToken(context.ProofToken, tvp);
+            tokenValidationResult = await handler.ValidateTokenAsync(context.ProofToken, tvp);
         }
         catch (Exception ex)
         {
             Logger.LogDebug("Error parsing DPoP token: {error}", ex.Message);
             result.IsError = true;
             result.ErrorDescription = "Invalid signature on DPoP token.";
-            return Task.CompletedTask;
+            return;
         }
 
         if (tokenValidationResult.Exception != null)
         {
             Logger.LogDebug("Error parsing DPoP token: {error}", tokenValidationResult.Exception.Message);
             result.IsError = true;
             result.ErrorDescription = "Invalid signature on DPoP token.";
-            return Task.CompletedTask;
+            return;
         }
 
         result.Payload = tokenValidationResult.Claims;
 
-        return Task.CompletedTask;
+        return;
     }
 
     /// <summary>

diff --git a/src/IdentityServer/Validation/Default/JwtRequestValidator.cs b/src/IdentityServer/Validation/Default/JwtRequestValidator.cs
@@ -179,7 +179,7 @@ protected virtual async Task<JsonWebToken> ValidateJwtAsync(JwtRequestValidation
             tokenValidationParameters.ValidTypes = new[] { JwtClaimTypes.JwtTypes.AuthorizationRequest };
         }
 
-        var result = Handler.ValidateToken(context.JwtTokenString, tokenValidationParameters);
+        var result = await Handler.ValidateTokenAsync(context.JwtTokenString, tokenValidationParameters);
         if (!result.IsValid)
         {
             throw result.Exception;

diff --git a/src/IdentityServer/Validation/Default/PrivateKeyJwtSecretValidator.cs b/src/IdentityServer/Validation/Default/PrivateKeyJwtSecretValidator.cs
@@ -120,7 +120,7 @@ await _issuerNameService.GetCurrentAsync(),
         };
 
         var handler = new JsonWebTokenHandler() { MaximumTokenSizeInBytes = _options.InputLengthRestrictions.Jwt };
-        var result = handler.ValidateToken(jwtTokenString, tokenValidationParameters);
+        var result = await handler.ValidateTokenAsync(jwtTokenString, tokenValidationParameters);
         if (!result.IsValid)
         {
             _logger.LogError(result.Exception, "JWT token validation error");

diff --git a/src/IdentityServer/Validation/Default/TokenValidator.cs b/src/IdentityServer/Validation/Default/TokenValidator.cs
@@ -300,7 +300,7 @@ private async Task<TokenValidationResult> ValidateJwtAsync(string jwtString,
             }
         }
 
-        var result = handler.ValidateToken(jwtString, parameters);
+        var result = await handler.ValidateTokenAsync(jwtString, parameters);
         if (!result.IsValid)
         {
             if (result.Exception is SecurityTokenExpiredException expiredException)