-
Notifications
You must be signed in to change notification settings - Fork 219
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Jennyf/scopes roles #1742
Jennyf/scopes roles #1742
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome!
Thanks @jennyf19
I've left a few suggestions.
src/Microsoft.Identity.Web/Policy/IAuthRequiredScopeOrAppPermissionMetadata.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.Identity.Web/Policy/IAuthRequiredScopeOrAppPermissionMetadata.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.Identity.Web/Policy/IAuthRequiredScopeOrAppPermissionMetadata.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.Identity.Web/Policy/IAuthRequiredScopeOrAppPermissionMetadata.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.Identity.Web/Policy/RequiredScopeOrAppPermissionAttribute.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.Identity.Web/Policy/RequiredScopeOrAppPermissionAttribute.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.Identity.Web/Policy/RequiredScopeOrAppPermissionAttribute.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.Identity.Web/Policy/RequiredScopeOrAppPermissionExtensions.cs
Outdated
Show resolved
Hide resolved
* update xml (#1719) * update lab cert thumbprint (#1718) * changelog 1.24.1 (#1720) * Create TokenAcquisitionAppTokenCredential.cs (#1722) Extends Azure ADK support to include requesting tokens as the app. This is a copy of TokenAcquisitionTokenCredential.cs with changes to class name and changes to use _tokenAcquisition.GetAuthenticationResultForAppAsync() instead of GetAuthenticationResultForUserAsync(). * fix build, add using (#1729) * fix build, add using * add header in test * Adding support for .net 6 simplified templates apps (#1736) * Jennyf/scopes roles (#1742) * initial commit for app permissions * add test coverage * remove IEnumerable and use string[] * PR comments * IJwtBearerMiddlewareDiagnostics from singleton to transient (#1741) * fix tests after merge from fork (#1744) * fix for 1738 (#1743) * changelog for 1.25 (#1747) * update testing files to 1.25 (#1748) * update to wilson 6.19 (#1749) * fix: include StatusCode in HttpRequestException for .NET 5 (#1750) * update XML (#1751) * try 5.0.0 for config.binder in OWIN to resolve issue * don't build owin sample * add condition * remove release mode Co-authored-by: Chris Brooks <[email protected]> Co-authored-by: Jean-Marc Prieur <[email protected]> Co-authored-by: sciocoder <[email protected]> Co-authored-by: Herman Jensen <[email protected]>
I've tested it with Sample 4-1 and it works fine. I will be creating a PR with corresponding update soon |
We now need a HttpContext Extension that does the same programmatically (ScopesOrRolesRequiredHttpContextExtensions) like ScopesRequiredHttpContextExtensions.cs plus RolesRequiredHttpContextExtensions.cs |
|
* Initial version. Needs a few updates to unit tests * Updating the tests. * - Adding a plain dotnet token acquisition host. - AddTokenAcquisition now callable from net462 - AddGraph calllable from net462 - Adding a daemon sample using Id.Web. * - Adding a plain dotnet token acquisition host. - AddTokenAcquisition now callable from net462 - AddGraph calllable from net462 - Adding a daemon sample using Id.Web. * Add a daemon-net6 sample / test * Moving ITokenAcquirer and TokenAcquisitionOptions to Microsoft.Identity.Web.TokenAcquisition.Abstractions * Update * Update * - Simplifying the experience for the .NET 46x case (remove the need for specifying "OpendIdConnect" as an auth scheme, which didn't make sense. - Fixing MergeOptions.Instance (was not set) - Addressing PR feedback - Adding missing XML comments - Updaring tests now that there is a new interface (ITokenAcquirer) * Updarting the OWIN sample * Merging the OWIN implementation (only for web APIs for the moment) * Solving build issues * Supporting several authentication schemes in the same controller action / request #1560 * Supporting several authentication schemes in the same controller action / request #1560 * Adding a new assembly Microsoft.Identity.Web.TokenAcquisition Moving types from Id.Web to the new assembly CONS: - a lot of friend relationships. - some constants should be split between id.web.tokenacquisition and Id.Web * Fixing warnings * Update dotnetcore.yml * Update dotnetcore.yml * Update dotnetcore.yml * Update Microsoft.Identity.Web.sln * Avoid building the OWIN web API in any CPU config * Adding a TokenAcquirerFactory and a specialization for OWIN. * Adding a factory from the configuration and services * Updating the interfaces based on the discussions * Adding the IDowstreamRestApi * Update POC with master (#1752) * update xml (#1719) * update lab cert thumbprint (#1718) * changelog 1.24.1 (#1720) * Create TokenAcquisitionAppTokenCredential.cs (#1722) Extends Azure ADK support to include requesting tokens as the app. This is a copy of TokenAcquisitionTokenCredential.cs with changes to class name and changes to use _tokenAcquisition.GetAuthenticationResultForAppAsync() instead of GetAuthenticationResultForUserAsync(). * fix build, add using (#1729) * fix build, add using * add header in test * Adding support for .net 6 simplified templates apps (#1736) * Jennyf/scopes roles (#1742) * initial commit for app permissions * add test coverage * remove IEnumerable and use string[] * PR comments * IJwtBearerMiddlewareDiagnostics from singleton to transient (#1741) * fix tests after merge from fork (#1744) * fix for 1738 (#1743) * changelog for 1.25 (#1747) * update testing files to 1.25 (#1748) * update to wilson 6.19 (#1749) * fix: include StatusCode in HttpRequestException for .NET 5 (#1750) * update XML (#1751) * try 5.0.0 for config.binder in OWIN to resolve issue * don't build owin sample * add condition * remove release mode Co-authored-by: Chris Brooks <[email protected]> Co-authored-by: Jean-Marc Prieur <[email protected]> Co-authored-by: sciocoder <[email protected]> Co-authored-by: Herman Jensen <[email protected]> * Update names and provide a class diagram * Addressing Brent's feedback * Taking into account the discussions Brent/Jm from 6/13 * Attempt to reconcile ClaimsPrincipal and S2SAuthenticationTicket * Improving the CredentialDescription. Splitting ApplicationIdentityOptions and AadIdentityOptions * Renaming TokenAcquirerOptions to AcquireTokenOptions * Renaming agreed with Brent * Adressing more feedback * Update based on decisions made with Brent 6/17 * Fixing XML comments and adding folders in TokenAcquisition.Abstractions * Renamings + clean-up abstractions * Moving the MicrosotAuthenticationTicket and MicrosoftClaimsIdentity classes to Ms.Id.Web.TokenAcquisition (out of the abstraction) and enabling the real SecurityToken type * Adding Graph extensibility * Update Microsoft.Identity.Web.Certificate to be backwards compatible in 2.0 with 1.x * add Owin web app (#1753) * add Owin web app * fix build error due to package ref * update package reference * update web.Config * fix pckg ref * update web.config * remove from release * update new dlls with directory.build.props (#1807) * update new dlls with directory.build.props * Updating the Web.Config assembly bindings in the ASP.NET OWIN Web app * Updating the folder name for the daemon app * PR feedback Co-authored-by: Jean-Marc Prieur <[email protected]> * ID.Web.MicrosoftGraph now eferences Id.Web.TokenAcqusition (and not Id.Web) (#1810) * - In AuthenticationOptions and MicrosoftAuthenticationOptions, move properties were they should have been in the first place (when AAD specific) - Move LoggingOptions to Ms.Id.Web.TokenAcquisition - MicrosoftIdentityBaseAuthenticationBuilder and MicrosoftIdentityAppCallingWebApiAuthenticationBuilder move to Ms.Id.Web.TokenAcquisition - Session methods of MicrosoftIdentityAppCallingWebApiAuthenticationBuilder move to an extension method - TokenAcquisitionAspNetCore inherits from TokenAcquisition instead of being a partial class implementation (Could move to another assembly if we choose to) - AddTokenAcquisition now register ITokenAcquirer (And only this one in the case of framework others than .NET Core) * - OwinWebApi now is 472 - OwinWebApp updates to Web.Config and project - Ms.Id.Web.MicrosoftGraph now references Ms.Id.Web.TokenAcquisition (no longer Ms.Id.Web) * PR review * Adressing PR comment * address PR comments * small edits * PR feedback and renaming * fix build issues * address governance issues GHSA-5crp-9r3c-p9vr Co-authored-by: jennyf19 <[email protected]> Co-authored-by: Chris Brooks <[email protected]> Co-authored-by: sciocoder <[email protected]> Co-authored-by: Herman Jensen <[email protected]>
#1641
Adds
RequiredScopeOrAppPermissionAttribute(string[] acceptedScopes, string[] acceptedAppPermissions)
and the associated handler, requirement etc ...Additional todo to plan: