Cleanup deprecated code and TODOs

src/IdentityServer/Configuration/DependencyInjection/BuilderExtensions/Additional.cs

@@ -415,7 +415,6 @@ public static IIdentityServerBuilder AddBackChannelLogoutService<T>(this IIdenti
         return builder;
     }
 
-    // todo: check with later previews of ASP.NET Core if this is still required
     /// <summary>
     /// Adds configuration for the HttpClient used for back-channel logout notifications.
     /// </summary>
@@ -451,8 +450,6 @@ public static IHttpClientBuilder AddBackChannelLogoutHttpClient(this IIdentitySe
         return httpBuilder;
     }
 
-
-    // todo: check with later previews of ASP.NET Core if this is still required
     /// <summary>
     /// Adds configuration for the HttpClient used for JWT request_uri requests.
     /// </summary>

src/IdentityServer/Configuration/DependencyInjection/Options/InputLengthRestrictions.cs

@@ -167,10 +167,4 @@ public class InputLengthRestrictions
     /// Max length for DPoP proof token
     /// </summary>
     public int DPoPProofToken { get; set; } = 4000;
-
-    //// todo: review this default
-    ///// <summary>
-    ///// Max value allowed for requested_expiry
-    ///// </summary>
-    //public TimeSpan RequestedExpiry { get; set; } = TimeSpan.FromMinutes(15);
 }

src/IdentityServer/Constants.cs

@@ -202,8 +202,6 @@ public static class DefaultRoutePaths
     public static class EnvironmentKeys
     {
         public const string IdentityServerBasePath = "idsvr:IdentityServerBasePath";
-        [Obsolete("The IdentityServerOrigin constant is obsolete.")]
-        public const string IdentityServerOrigin = "idsvr:IdentityServerOrigin"; // todo: deprecate
         public const string SignOutCalled = "idsvr:IdentityServerSignOutCalled";
     }
 

src/IdentityServer/Events/UserLoginSuccessEvent.cs

@@ -10,8 +10,6 @@ namespace Duende.IdentityServer.Events;
 /// <seealso cref="Event" />
 public class UserLoginSuccessEvent : Event
 {
-    // todo: consolidate ctors in 3.0
-
     /// <summary>
     /// Initializes a new instance of the <see cref="UserLoginSuccessEvent"/> class.
     /// </summary>

src/IdentityServer/Extensions/HttpContextExtensions.cs

@@ -7,11 +7,9 @@
 using System;
 using System.Threading.Tasks;
 using System.Linq;
-using Duende.IdentityServer.Configuration;
 using Duende.IdentityServer.Models;
 using Duende.IdentityServer.Services;
 using Duende.IdentityServer.Stores;
-using Microsoft.AspNetCore.Authentication;
 using static Duende.IdentityServer.IdentityServerConstants;
 
 #pragma warning disable 1591
@@ -20,50 +18,6 @@ namespace Duende.IdentityServer.Extensions;
 
 public static class HttpContextExtensions
 {
-    [Obsolete("For a replacement, use IAuthenticationHandlerProvider.GetHandlerAsync and check if the handler implements IAuthenticationSignOutHandler.")]
-    public static async Task<bool> GetSchemeSupportsSignOutAsync(this HttpContext context, string scheme)
-    {
-        var provider = context.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
-        var handler = await provider.GetHandlerAsync(context, scheme);
-        return (handler is IAuthenticationSignOutHandler);
-    }
-
-    [Obsolete("Use IServerUrls.Origin instead.")]
-    public static void SetIdentityServerOrigin(this HttpContext context, string value)
-    {
-        if (context == null) throw new ArgumentNullException(nameof(context));
-        context.RequestServices.GetRequiredService<IServerUrls>().Origin = value;
-    }
-
-    [Obsolete("Use IServerUrls.BasePath instead.")]
-    public static void SetIdentityServerBasePath(this HttpContext context, string value)
-    {
-        if (context == null) throw new ArgumentNullException(nameof(context));
-        context.RequestServices.GetRequiredService<IServerUrls>().BasePath = value;
-    }
-
-    [Obsolete("Use IIssuerNameService instead.")]
-    public static string GetIdentityServerOrigin(this HttpContext context)
-    {
-        var options = context.RequestServices.GetRequiredService<IdentityServerOptions>();
-        var request = context.Request;
-
-        if (options.MutualTls.Enabled && options.MutualTls.DomainName.IsPresent())
-        {
-            if (!options.MutualTls.DomainName.Contains("."))
-            {
-                if (request.Host.Value.StartsWith(options.MutualTls.DomainName, StringComparison.OrdinalIgnoreCase))
-                {
-                    return request.Scheme + "://" +
-                           request.Host.Value.Substring(options.MutualTls.DomainName.Length + 1);
-                }
-            }
-        }
-
-        return request.Scheme + "://" + request.Host.Value;
-    }
-
-
     internal static void SetSignOutCalled(this HttpContext context)
     {
         if (context == null) throw new ArgumentNullException(nameof(context));
@@ -75,64 +29,6 @@ internal static bool GetSignOutCalled(this HttpContext context)
         return context.Items.ContainsKey(Constants.EnvironmentKeys.SignOutCalled);
     }
 
-    /// <summary>
-    /// Gets the host name of IdentityServer.
-    /// </summary>
-    /// <param name="context">The context.</param>
-    /// <returns></returns>
-    [Obsolete("Use IServerUrls.Origin instead.")]
-    public static string GetIdentityServerHost(this HttpContext context)
-    {
-        return context.RequestServices.GetRequiredService<IServerUrls>().Origin;
-    }
-
-    /// <summary>
-    /// Gets the base path of IdentityServer.
-    /// </summary>
-    /// <param name="context">The context.</param>
-    /// <returns></returns>
-    [Obsolete("Use IServerUrls.BasePath instead.")]
-    public static string GetIdentityServerBasePath(this HttpContext context)
-    {
-        return context.RequestServices.GetRequiredService<IServerUrls>().BasePath;
-    }
-
-    /// <summary>
-    /// Gets the public base URL for IdentityServer.
-    /// </summary>
-    /// <param name="context">The context.</param>
-    /// <returns></returns>
-    [Obsolete("Use IServerUrls.BaseUrl instead.")]
-    public static string GetIdentityServerBaseUrl(this HttpContext context)
-    {
-        return context.RequestServices.GetRequiredService<IServerUrls>().BaseUrl;
-    }
-
-    /// <summary>
-    /// Gets the identity server relative URL.
-    /// </summary>
-    /// <param name="context">The context.</param>
-    /// <param name="path">The path.</param>
-    /// <returns></returns>
-    [Obsolete("Use IServerUrls.GetIdentityServerRelativeUrl instead.")]
-    public static string GetIdentityServerRelativeUrl(this HttpContext context, string path)
-    {
-        return context.RequestServices.GetRequiredService<IServerUrls>().GetIdentityServerRelativeUrl(path);
-    }
-
-    /// <summary>
-    /// Gets the identity server issuer URI.
-    /// </summary>
-    /// <param name="context">The context.</param>
-    /// <returns></returns>
-    /// <exception cref="System.ArgumentNullException">context</exception>
-    [Obsolete("Use the IIssuerNameService instead.")]
-    public static string GetIdentityServerIssuerUri(this HttpContext context)
-    {
-        if (context == null) throw new ArgumentNullException(nameof(context));
-        return context.RequestServices.GetRequiredService<IIssuerNameService>().GetCurrentAsync().GetAwaiter().GetResult();
-    }
-
     internal static async Task<string> GetIdentityServerSignoutFrameCallbackUrlAsync(this HttpContext context, LogoutMessage logoutMessage = null)
     {
         var userSession = context.RequestServices.GetRequiredService<IUserSession>();

src/IdentityServer/Extensions/HttpResponseExtensions.cs

@@ -82,13 +82,6 @@ public static async Task WriteHtmlAsync(this HttpResponse response, string html)
         await response.Body.FlushAsync();
     }
 
-    [Obsolete("Use IServerUrls.GetAbsoluteUrl instead.")]
-    public static void RedirectToAbsoluteUrl(this HttpResponse response, string url)
-    {
-        url = response.HttpContext.RequestServices.GetRequiredService<IServerUrls>().GetAbsoluteUrl(url);
-        response.Redirect(url);
-    }
-
     public static void AddScriptCspHeaders(this HttpResponse response, CspOptions options, string hash)
     {
         var csp1part = options.Level == CspLevel.One ? "'unsafe-inline' " : string.Empty;

src/IdentityServer/Extensions/PrincipalExtensions.cs

@@ -81,18 +81,6 @@ public static string GetSubjectId(this IIdentity identity)
         return claim.Value;
     }
 
-    /// <summary>
-    /// Gets the name.
-    /// </summary>
-    /// <param name="principal">The principal.</param>
-    /// <returns></returns>
-    [DebuggerStepThrough]
-    [Obsolete("This method will be removed in a future version. Use GetDisplayName instead.")]
-    public static string GetName(this IPrincipal principal)
-    {
-        return principal.Identity.GetName();
-    }
-
     /// <summary>
     /// Gets the name.
     /// </summary>
@@ -110,23 +98,6 @@ public static string GetDisplayName(this ClaimsPrincipal principal)
         return string.Empty;
     }
 
-    /// <summary>
-    /// Gets the name.
-    /// </summary>
-    /// <param name="identity">The identity.</param>
-    /// <returns></returns>
-    /// <exception cref="System.InvalidOperationException">name claim is missing</exception>
-    [DebuggerStepThrough]
-    [Obsolete("This method will be removed in a future version. Use GetDisplayName instead.")]
-    public static string GetName(this IIdentity identity)
-    {
-        var id = identity as ClaimsIdentity;
-        var claim = id.FindFirst(JwtClaimTypes.Name);
-
-        if (claim == null) throw new InvalidOperationException("name claim is missing");
-        return claim.Value;
-    }
-
     /// <summary>
     /// Gets the authentication method.
     /// </summary>

src/IdentityServer/ResponseHandling/Default/AuthorizeResponseGenerator.cs

@@ -264,7 +264,7 @@ protected virtual async Task<AuthorizationCode> CreateCodeAsync(ValidatedAuthori
 
             IsOpenId = request.IsOpenIdRequest,
             RequestedScopes = request.ValidatedResources.RawScopeValues,
-            RequestedResourceIndicators = request.RequestedResourceIndiators,
+            RequestedResourceIndicators = request.RequestedResourceIndicators,
             RedirectUri = request.RedirectUri,
             Nonce = request.Nonce,
             StateHash = stateHash,

src/IdentityServer/Services/Default/DefaultTokenService.cs

@@ -5,7 +5,6 @@
 using IdentityModel;
 using Duende.IdentityServer.Extensions;
 using Duende.IdentityServer.Stores;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Generic;
@@ -27,12 +26,6 @@ public class DefaultTokenService : ITokenService
     /// </summary>
     protected readonly ILogger Logger;
 
-    // TODO: unused, so remove in 7.0?
-    /// <summary>
-    /// The HTTP context accessor
-    /// </summary>
-    protected readonly IHttpContextAccessor ContextAccessor;
-
     /// <summary>
     /// The claims provider
     /// </summary>
@@ -69,7 +62,6 @@ public class DefaultTokenService : ITokenService
     /// <param name="claimsProvider">The claims provider.</param>
     /// <param name="referenceTokenStore">The reference token store.</param>
     /// <param name="creationService">The signing service.</param>
-    /// <param name="contextAccessor">The HTTP context accessor.</param>
     /// <param name="clock">The clock.</param>
     /// <param name="keyMaterialService"></param>
     /// <param name="options">The IdentityServer options</param>
@@ -78,13 +70,11 @@ public DefaultTokenService(
         IClaimsService claimsProvider,
         IReferenceTokenStore referenceTokenStore,
         ITokenCreationService creationService,
-        IHttpContextAccessor contextAccessor,
         IClock clock,
         IKeyMaterialService keyMaterialService,
         IdentityServerOptions options,
         ILogger<DefaultTokenService> logger)
     {
-        ContextAccessor = contextAccessor;
         ClaimsProvider = claimsProvider;
         ReferenceTokenStore = referenceTokenStore;
         CreationService = creationService;

src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs

@@ -478,7 +478,7 @@ private async Task<AuthorizeRequestValidationResult> ValidateScopeAndResourceAsy
             return Invalid(request, OidcConstants.AuthorizeErrors.InvalidTarget, "Resource indicators not allowed for response_type 'token'.");
         }
 
-        request.RequestedResourceIndiators = resourceIndicators;
+        request.RequestedResourceIndicators = resourceIndicators;
 
         //////////////////////////////////////////////////////////
         // check if scopes are valid/supported and check for resource scopes
@@ -631,10 +631,8 @@ private async Task<AuthorizeRequestValidationResult> ValidateOptionalParametersA
             }
             else
             {
-                // TODO: change to error in a major release?
-                // https://github.com/DuendeSoftware/IdentityServer/issues/845#issuecomment-1405377531
-                // https://openid.net/specs/openid-connect-prompt-create-1_0.html#name-authorization-request
-                _logger.LogDebug("Unsupported suppressed_prompt mode - ignored: " + prompt);
+                LogError("Unsupported prompt mode.", request);
+                return Invalid(request, description: "Invalid prompt");
             }
         }
 

src/IdentityServer/Validation/Default/EndSessionRequestValidator.cs

@@ -9,7 +9,6 @@
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
 using System;
 using Duende.IdentityServer.Configuration;
 using Duende.IdentityServer.Logging.Models;
@@ -59,16 +58,9 @@ public class EndSessionRequestValidator : IEndSessionRequestValidator
     /// </summary>
     protected readonly IMessageStore<LogoutNotificationContext> EndSessionMessageStore;
 
-    /// <summary>
-    /// The HTTP context accessor.
-    /// </summary>
-    [Obsolete("Unused. Will remove in a future release.")]
-    protected readonly IHttpContextAccessor Context;
-
     /// <summary>
     /// Creates a new instance of the EndSessionRequestValidator.
     /// </summary>
-    /// <param name="context"></param>
     /// <param name="options"></param>
     /// <param name="tokenValidator"></param>
     /// <param name="uriValidator"></param>
@@ -77,7 +69,6 @@ public class EndSessionRequestValidator : IEndSessionRequestValidator
     /// <param name="endSessionMessageStore"></param>
     /// <param name="logger"></param>
     public EndSessionRequestValidator(
-        IHttpContextAccessor context,
         IdentityServerOptions options,
         ITokenValidator tokenValidator,
         IRedirectUriValidator uriValidator,
@@ -86,9 +77,6 @@ public EndSessionRequestValidator(
         IMessageStore<LogoutNotificationContext> endSessionMessageStore,
         ILogger<EndSessionRequestValidator> logger)
     {
-#pragma warning disable CS0618 // Type or member is obsolete
-        Context = context;
-#pragma warning restore CS0618 // Type or member is obsolete
         Options = options;
         TokenValidator = tokenValidator;
         UriValidator = uriValidator;