upgrade identity server 4 to v4 (#842)

* upgrade identity server 4 to v4 * remove script ref
2025-07-04 01:22:50 -05:00 · 2020-07-30 17:00:13 -04:00
parent 22eb8316f2
commit 623cd36bd4
20 changed files with 432 additions and 107 deletions
--- a/src/Identity/Controllers/AccountController.cs
+++ b/src/Identity/Controllers/AccountController.cs
@ -7,6 +7,7 @@ using Bit.Core.Models.Table;
 using Bit.Core.Repositories;
 using Bit.Identity.Models;
 using IdentityModel;
+using IdentityServer4;
 using IdentityServer4.Services;
 using IdentityServer4.Stores;
 using Microsoft.AspNetCore.Authentication;
@ -132,8 +133,12 @@ namespace Bit.Identity.Controllers
            ProcessLoginCallbackForOidc(result, additionalLocalClaims, localSignInProps);

            // issue authentication cookie for user
-            await HttpContext.SignInAsync(user.Id.ToString(), user.Email, provider,
-                localSignInProps, additionalLocalClaims.ToArray());
+            await HttpContext.SignInAsync(new IdentityServerUser(user.Id.ToString())
+            {
+                DisplayName = user.Email,
+                IdentityProvider = provider,
+                AdditionalClaims = additionalLocalClaims.ToArray()
+            }, localSignInProps);

            // delete temporary cookie used during external authentication
            await HttpContext.SignOutAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
@ -144,7 +149,7 @@ namespace Bit.Identity.Controllers
            var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
            if (context != null)
            {
-                if (await IsPkceClientAsync(context.ClientId))
+                if (await IsPkceClientAsync(context.Client.ClientId))
                {
                    // if the client is PKCE then we assume it's native, so this change in how to
                    // return the response is for better UX for the end user.
--- a/src/Identity/Startup.cs
+++ b/src/Identity/Startup.cs
@ -65,6 +65,19 @@ namespace Bit.Identity
                services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
            }

+            // Cookies
+            if (Environment.IsDevelopment())
+            {
+                services.Configure<CookiePolicyOptions>(options =>
+                {
+                    options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
+                    options.OnAppendCookie = ctx =>
+                    {
+                        ctx.CookieOptions.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
+                    };
+                });
+            }
+
            JwtSecurityTokenHandler.DefaultMapInboundClaims = false;

            // Authentication
@ -133,6 +146,12 @@ namespace Bit.Identity
                app.UseForwardedHeaders(globalSettings);
            }

+            if (env.IsDevelopment())
+            {
+                app.UseDeveloperExceptionPage();
+                app.UseCookiePolicy();
+            }
+
            // Add static files to the request pipeline.
            app.UseStaticFiles();

@ -172,9 +191,14 @@ namespace Bit.Identity
                    options.Endpoints.EnableTokenRevocationEndpoint = false;
                    options.IssuerUri = $"{issuerUri.Scheme}://{issuerUri.Host}";
                    options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0);
+                    if(env.IsDevelopment())
+                    {
+                        options.Authentication.CookieSameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
+                    }
                })
                .AddInMemoryCaching()
                .AddInMemoryApiResources(ApiResources.GetApiResources())
+                .AddInMemoryApiScopes(ApiScopes.GetApiScopes())
                .AddClientStoreCache<ClientStore>()
                .AddCustomTokenRequestValidator<CustomTokenRequestValidator>()
                .AddProfileService<ProfileService>()