diff --git a/Directory.Packages.props b/Directory.Packages.props
index 9ad06a0..8ef032d 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -1,38 +1,38 @@
+ that doesn't give us a transitive dependency on a vulnerable package. -->
8.0.1
8.0.0
7.1.2
- 9.0.0-rc.2.24474.3
- 9.0.0-rc.2.24473.5
+ that doesn't give us a transitive dependency on a vulnerable package. -->
+ 9.0.0
+ 9.0.0
8.0.1
-
-
+
+
-
+
-
-
-
+
+
+
-
-
-
+
+
+
-
-
-
+
+
+
\ No newline at end of file
diff --git a/src/AspNetCore.Authentication.JwtBearer/AspNetCore.Authentication.JwtBearer.csproj b/src/AspNetCore.Authentication.JwtBearer/AspNetCore.Authentication.JwtBearer.csproj
index 0df2f5f..3d3a972 100644
--- a/src/AspNetCore.Authentication.JwtBearer/AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/AspNetCore.Authentication.JwtBearer/AspNetCore.Authentication.JwtBearer.csproj
@@ -27,7 +27,7 @@
-
+
all
runtime; build; native; contentfiles; analyzers; buildtransitive
diff --git a/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPExtensions.cs b/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPExtensions.cs
index 2c73a85..fdf3b45 100644
--- a/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPExtensions.cs
+++ b/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPExtensions.cs
@@ -1,9 +1,8 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
-using System.Diagnostics.CodeAnalysis;
using System.Text.Json;
-using IdentityModel;
+using Duende.IdentityModel;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;
using Microsoft.IdentityModel.Tokens;
diff --git a/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPJwtBearerEvents.cs b/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPJwtBearerEvents.cs
index 0f1f7b8..aacf5a6 100644
--- a/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPJwtBearerEvents.cs
+++ b/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPJwtBearerEvents.cs
@@ -3,14 +3,14 @@
using System.Diagnostics.CodeAnalysis;
using System.Text;
-using IdentityModel;
+using Duende.IdentityModel;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.JsonWebTokens;
using Microsoft.Net.Http.Headers;
-using static IdentityModel.OidcConstants;
+using static Duende.IdentityModel.OidcConstants;
namespace Duende.AspNetCore.Authentication.JwtBearer.DPoP;
diff --git a/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPProofValidatonResult.cs b/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPProofValidatonResult.cs
index d2aad83..606d785 100644
--- a/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPProofValidatonResult.cs
+++ b/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPProofValidatonResult.cs
@@ -1,7 +1,7 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
-using IdentityModel;
+using Duende.IdentityModel;
namespace Duende.AspNetCore.Authentication.JwtBearer.DPoP;
@@ -49,7 +49,7 @@ public class DPoPProofValidationResult
/// The SHA256 hash of the jti value read from the payload.
///
public string? TokenIdHash { get; set; }
-
+
///
/// The ath value read from the payload.
///
diff --git a/src/AspNetCore.Authentication.JwtBearer/DPoP/DefaultDPoPProofValidator.cs b/src/AspNetCore.Authentication.JwtBearer/DPoP/DefaultDPoPProofValidator.cs
index 96c1a5f..5af9829 100644
--- a/src/AspNetCore.Authentication.JwtBearer/DPoP/DefaultDPoPProofValidator.cs
+++ b/src/AspNetCore.Authentication.JwtBearer/DPoP/DefaultDPoPProofValidator.cs
@@ -4,7 +4,7 @@
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
-using IdentityModel;
+using Duende.IdentityModel;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
@@ -43,22 +43,22 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator
/// Provides the options for DPoP proof validation.
///
protected readonly IOptionsMonitor OptionsMonitor;
-
+
///
/// Protects and unprotects nonce values.
///
protected readonly IDataProtector DataProtector;
-
+
///
/// Caches proof tokens to detect replay.
///
protected readonly IReplayCache ReplayCache;
-
+
///
/// Clock for checking proof expiration.
///
protected readonly TimeProvider TimeProvider;
-
+
///
/// The logger.
///
@@ -198,7 +198,7 @@ protected virtual Task ValidateHeader(
Logger.LogDebug("Null cnf value in DPoP access token.");
result.SetError("Invalid 'cnf' value.");
return Task.CompletedTask;
- }
+ }
else if (cnfJson.TryGetValue(JwtClaimTypes.ConfirmationMethods.JwkThumbprint, out var jktJson))
{
var accessTokenJkt = jktJson.ToString();
@@ -274,7 +274,7 @@ protected virtual async Task ValidateSignature(
///
protected virtual async Task ValidatePayload(DPoPProofValidationContext context, DPoPProofValidationResult result, CancellationToken cancellationToken = default)
{
- if(result.Payload is null )
+ if (result.Payload is null)
{
result.SetError("Missing payload");
return;
@@ -443,7 +443,7 @@ protected virtual Task ValidateIat(
CancellationToken _ = default)
{
// iat is required by an earlier validation, so result.IssuedAt will not be null
- if (IsExpired(context, result, result.IssuedAt!.Value, ExpirationValidationMode.IssuedAt))
+ if (IsExpired(context, result, result.IssuedAt!.Value, ExpirationValidationMode.IssuedAt))
{
result.SetError("Invalid 'iat' value.");
}
@@ -524,12 +524,12 @@ protected virtual bool IsExpired(DPoPProofValidationContext context, DPoPProofVa
{
var dpopOptions = OptionsMonitor.Get(context.Scheme);
var validityDuration = dpopOptions.ProofTokenValidityDuration;
- var skew = mode == ExpirationValidationMode.Nonce ? dpopOptions.ServerClockSkew
+ var skew = mode == ExpirationValidationMode.Nonce ? dpopOptions.ServerClockSkew
: dpopOptions.ClientClockSkew;
return IsExpired(validityDuration, skew, time);
}
-
+
internal bool IsExpired(TimeSpan validityDuration, TimeSpan clockSkew, long time)
{
var now = TimeProvider.GetUtcNow().ToUnixTimeSeconds();
diff --git a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/AccessTokenCnfTests.cs b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/AccessTokenCnfTests.cs
index 68f1978..ec9616a 100644
--- a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/AccessTokenCnfTests.cs
+++ b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/AccessTokenCnfTests.cs
@@ -4,7 +4,7 @@
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text.Json;
-using IdentityModel;
+using Duende.IdentityModel;
using Microsoft.IdentityModel.Tokens;
using Shouldly;
diff --git a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/AssertionExtensions.cs b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/AssertionExtensions.cs
index 825a1b3..d23719e 100644
--- a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/AssertionExtensions.cs
+++ b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/AssertionExtensions.cs
@@ -1,7 +1,7 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
-using IdentityModel;
+using Duende.IdentityModel;
using NSubstitute;
using Shouldly;
diff --git a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/DPoPProofValidatorTestBase.cs b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/DPoPProofValidatorTestBase.cs
index 8d58e4d..928a850 100644
--- a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/DPoPProofValidatorTestBase.cs
+++ b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/DPoPProofValidatorTestBase.cs
@@ -5,7 +5,7 @@
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
-using IdentityModel;
+using Duende.IdentityModel;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.JsonWebTokens;
using Microsoft.IdentityModel.Tokens;
diff --git a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/FreshnessTests.cs b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/FreshnessTests.cs
index ef7fbc0..686a1ae 100644
--- a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/FreshnessTests.cs
+++ b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/FreshnessTests.cs
@@ -1,7 +1,7 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
-using IdentityModel;
+using Duende.IdentityModel;
using Microsoft.AspNetCore.DataProtection;
using Shouldly;
diff --git a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/PayloadTests.cs b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/PayloadTests.cs
index 97c31bf..78a3a80 100644
--- a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/PayloadTests.cs
+++ b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/PayloadTests.cs
@@ -1,7 +1,7 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
-using IdentityModel;
+using Duende.IdentityModel;
using Shouldly;
namespace Duende.AspNetCore.Authentication.JwtBearer.DPoP;
diff --git a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/ReplayTests.cs b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/ReplayTests.cs
index 81084df..e60505b 100644
--- a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/ReplayTests.cs
+++ b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoP/ReplayTests.cs
@@ -1,7 +1,7 @@
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
-using IdentityModel;
+using Duende.IdentityModel;
using NSubstitute;
using Shouldly;
diff --git a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoPIntegrationTests.cs b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoPIntegrationTests.cs
index 274c804..9c83c10 100644
--- a/test/AspNetCore.Authentication.JwtBearer.Tests/DPoPIntegrationTests.cs
+++ b/test/AspNetCore.Authentication.JwtBearer.Tests/DPoPIntegrationTests.cs
@@ -10,8 +10,8 @@
using Duende.AspNetCore.Authentication.JwtBearer.DPoP;
using Duende.AspNetCore.TestFramework;
using Duende.IdentityServer.Models;
-using IdentityModel;
-using IdentityModel.Client;
+using Duende.IdentityModel;
+using Duende.IdentityModel.Client;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.Logging.Abstractions;
using Microsoft.IdentityModel.Tokens;
diff --git a/test/TestFramework/AppHost.cs b/test/TestFramework/AppHost.cs
index bc9b552..f29c6de 100644
--- a/test/TestFramework/AppHost.cs
+++ b/test/TestFramework/AppHost.cs
@@ -4,7 +4,7 @@
using System.Net;
using System.Web;
using Duende.AccessTokenManagement.OpenIdConnect;
-using IdentityModel;
+using Duende.IdentityModel;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;