bitwarden-server/test/Identity.IntegrationTest/openid-configuration.json

{
  "issuer": "http://localhost",
  "jwks_uri": "http://localhost:33656/.well-known/openid-configuration/jwks",
  "authorization_endpoint": "http://localhost:33656/connect/authorize",
  "token_endpoint": "http://localhost:33656/connect/token",
  "device_authorization_endpoint": "http://localhost:33656/connect/deviceauthorization",
  "backchannel_authentication_endpoint": "http://localhost:33656/connect/ciba",
  "scopes_supported": [
    "api",
    "api.push",
    "api.licensing",
    "api.organization",
    "api.installation",
    "internal",
    "api.secrets",
    "offline_access"
  ],
  "claims_supported": [
    "name",
    "email",
    "email_verified",
    "sstamp",
    "premium",
    "device",
    "orgowner",
    "orgadmin",
    "orgmanager",
    "orguser",
    "orgcustom",
    "providerprovideradmin",
    "providerserviceuser",
    "accesssecretsmanager",
    "sub",
    "organization"
  ],
  "grant_types_supported": [
    "authorization_code",
    "client_credentials",
    "refresh_token",
    "implicit",
    "password",
    "urn:ietf:params:oauth:grant-type:device_code",
    "urn:openid:params:grant-type:ciba",
    "webauthn"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "response_modes_supported": ["form_post", "query", "fragment"],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "id_token_signing_alg_values_supported": ["RS256"],
  "subject_types_supported": ["public"],
  "code_challenge_methods_supported": ["plain", "S256"],
  "request_parameter_supported": true,
  "request_object_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES384",
    "ES512",
    "HS256",
    "HS384",
    "HS512"
  ],
  "authorization_response_iss_parameter_supported": true,
  "backchannel_token_delivery_modes_supported": ["poll"],
  "backchannel_user_code_parameter_supported": true
}
[BEEEP] Integration tests (#1945) * Add api integration tests * Add some stuff * Make program mockable * Work on IntegrationTests for Identity * Formatting * Update packages.lock.json * Update more packages.lock.json * Update all packages.lock.json * Fix InMemory configuration * Actually fix test configuration * Fix tests for CI * Fix event service * Force EF EventRepository * Add client_credentials test * Remove Api.IntegrationTest * Remove Api Program changes * Cleanup * Add more Auth-Email tests * Run formatting * Address some PR feedback * Move integration stuff to it's own common project * Ran linter * Add shared project to test solution * Remove sln changes * Clean usings * Add more coverage * Address PR feedback 2022-05-20 21:24:59 +02:00			`{`
			`"issuer": "http://localhost",`
			`"jwks_uri": "http://localhost:33656/.well-known/openid-configuration/jwks",`
			`"authorization_endpoint": "http://localhost:33656/connect/authorize",`
			`"token_endpoint": "http://localhost:33656/connect/token",`
			`"device_authorization_endpoint": "http://localhost:33656/connect/deviceauthorization",`
[PM-3569] Upgrade to Duende.Identity (#3185) * Upgrade to Duende.Identity * Linting * Get rid of last IdentityServer4 package * Fix identity test since Duende returns additional configuration * Use Configure PostConfigure is ran after ASP.NET's PostConfigure so ConfigurationManager was already configured and our HttpHandler wasn't being respected. * Regenerate lockfiles * Move to 6.0.4 for patches * fixes with testing * Add additional grant type supported in 6.0.4 and beautify * Lockfile refresh * Reapply lockfiles * Apply change to new WebAuthn logic * When automated merging fails me --------- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com> 2023-11-20 22:32:23 +01:00			`"backchannel_authentication_endpoint": "http://localhost:33656/connect/ciba",`
[BEEEP] Integration tests (#1945) * Add api integration tests * Add some stuff * Make program mockable * Work on IntegrationTests for Identity * Formatting * Update packages.lock.json * Update more packages.lock.json * Update all packages.lock.json * Fix InMemory configuration * Actually fix test configuration * Fix tests for CI * Fix event service * Force EF EventRepository * Add client_credentials test * Remove Api.IntegrationTest * Remove Api Program changes * Cleanup * Add more Auth-Email tests * Run formatting * Address some PR feedback * Move integration stuff to it's own common project * Ran linter * Add shared project to test solution * Remove sln changes * Clean usings * Add more coverage * Address PR feedback 2022-05-20 21:24:59 +02:00			`"scopes_supported": [`
			`"api",`
			`"api.push",`
			`"api.licensing",`
			`"api.organization",`
			`"api.installation",`
			`"internal",`
[SM-394] Secrets Manager (#2164) Long lived feature branch for Secrets Manager Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> 2023-01-13 15:02:53 +01:00			`"api.secrets",`
[BEEEP] Integration tests (#1945) * Add api integration tests * Add some stuff * Make program mockable * Work on IntegrationTests for Identity * Formatting * Update packages.lock.json * Update more packages.lock.json * Update all packages.lock.json * Fix InMemory configuration * Actually fix test configuration * Fix tests for CI * Fix event service * Force EF EventRepository * Add client_credentials test * Remove Api.IntegrationTest * Remove Api Program changes * Cleanup * Add more Auth-Email tests * Run formatting * Address some PR feedback * Move integration stuff to it's own common project * Ran linter * Add shared project to test solution * Remove sln changes * Clean usings * Add more coverage * Address PR feedback 2022-05-20 21:24:59 +02:00			`"offline_access"`
			`],`
			`"claims_supported": [`
			`"name",`
			`"email",`
			`"email_verified",`
			`"sstamp",`
			`"premium",`
			`"device",`
			`"orgowner",`
			`"orgadmin",`
			`"orgmanager",`
			`"orguser",`
			`"orgcustom",`
			`"providerprovideradmin",`
			`"providerserviceuser",`
[SM-378] Enable SM on a user basis (#2590) * Add support for giving individual users access to secrets manager 2023-01-31 18:38:53 +01:00			`"accesssecretsmanager",`
[SM-394] Secrets Manager (#2164) Long lived feature branch for Secrets Manager Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> 2023-01-13 15:02:53 +01:00			`"sub",`
			`"organization"`
[BEEEP] Integration tests (#1945) * Add api integration tests * Add some stuff * Make program mockable * Work on IntegrationTests for Identity * Formatting * Update packages.lock.json * Update more packages.lock.json * Update all packages.lock.json * Fix InMemory configuration * Actually fix test configuration * Fix tests for CI * Fix event service * Force EF EventRepository * Add client_credentials test * Remove Api.IntegrationTest * Remove Api Program changes * Cleanup * Add more Auth-Email tests * Run formatting * Address some PR feedback * Move integration stuff to it's own common project * Ran linter * Add shared project to test solution * Remove sln changes * Clean usings * Add more coverage * Address PR feedback 2022-05-20 21:24:59 +02:00			`],`
			`"grant_types_supported": [`
			`"authorization_code",`
			`"client_credentials",`
			`"refresh_token",`
			`"implicit",`
			`"password",`
[PM-2032] Server endpoints to support authentication with a passkey (#3361) * [PM-2032] feat: add assertion options tokenable * [PM-2032] feat: add request and response models * [PM-2032] feat: implement `assertion-options` identity endpoint * [PM-2032] feat: implement authentication with passkey * [PM-2032] chore: rename to `WebAuthnGrantValidator` * [PM-2032] fix: add missing subsitute * [PM-2032] feat: start adding builder * [PM-2032] feat: add support for KeyConnector * [PM-2032] feat: add first version of TDE * [PM-2032] chore: refactor WithSso * [PM-2023] feat: add support for TDE feature flag * [PM-2023] feat: add support for approving devices * [PM-2023] feat: add support for hasManageResetPasswordPermission * [PM-2032] feat: add support for hasAdminApproval * [PM-2032] chore: don't supply device if not necessary * [PM-2032] chore: clean up imports * [PM-2023] feat: extract interface * [PM-2023] chore: add clarifying comment * [PM-2023] feat: use new builder in production code * [PM-2032] feat: add support for PRF * [PM-2032] chore: clean-up todos * [PM-2023] chore: remove token which is no longer used * [PM-2032] chore: remove todo * [PM-2032] feat: improve assertion error handling * [PM-2032] fix: linting issues * [PM-2032] fix: revert changes to `launchSettings.json` * [PM-2023] chore: clean up assertion endpoint * [PM-2032] feat: bypass 2FA * [PM-2032] fix: rename prf option to singular * [PM-2032] fix: lint * [PM-2032] fix: typo * [PM-2032] chore: improve builder tests Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> * [PM-2032] chore: clarify why we don't require 2FA * [PM-2023] feat: move `identityProvider` constant to common class * [PM-2032] fix: lint * [PM-2023] fix: move `IdentityProvider` to core.Constants * [PM-2032] fix: missing import * [PM-2032] chore: refactor token timespan to use `TimeSpan` * [PM-2032] chore: make `StartWebAuthnLoginAssertion` sync * [PM-2032] chore: use `FromMinutes` * [PM-2032] fix: change to 17 minutes to cover webauthn assertion * [PM-2032] chore: do not use `async void` * [PM-2032] fix: comment saying wrong amount of minutes * [PM-2032] feat: put validator behind feature flag * [PM-2032] fix: lint --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> 2023-11-20 15:55:31 +01:00			`"urn:ietf:params:oauth:grant-type:device_code",`
[PM-3569] Upgrade to Duende.Identity (#3185) * Upgrade to Duende.Identity * Linting * Get rid of last IdentityServer4 package * Fix identity test since Duende returns additional configuration * Use Configure PostConfigure is ran after ASP.NET's PostConfigure so ConfigurationManager was already configured and our HttpHandler wasn't being respected. * Regenerate lockfiles * Move to 6.0.4 for patches * fixes with testing * Add additional grant type supported in 6.0.4 and beautify * Lockfile refresh * Reapply lockfiles * Apply change to new WebAuthn logic * When automated merging fails me --------- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com> 2023-11-20 22:32:23 +01:00			`"urn:openid:params:grant-type:ciba",`
[PM-2032] Server endpoints to support authentication with a passkey (#3361) * [PM-2032] feat: add assertion options tokenable * [PM-2032] feat: add request and response models * [PM-2032] feat: implement `assertion-options` identity endpoint * [PM-2032] feat: implement authentication with passkey * [PM-2032] chore: rename to `WebAuthnGrantValidator` * [PM-2032] fix: add missing subsitute * [PM-2032] feat: start adding builder * [PM-2032] feat: add support for KeyConnector * [PM-2032] feat: add first version of TDE * [PM-2032] chore: refactor WithSso * [PM-2023] feat: add support for TDE feature flag * [PM-2023] feat: add support for approving devices * [PM-2023] feat: add support for hasManageResetPasswordPermission * [PM-2032] feat: add support for hasAdminApproval * [PM-2032] chore: don't supply device if not necessary * [PM-2032] chore: clean up imports * [PM-2023] feat: extract interface * [PM-2023] chore: add clarifying comment * [PM-2023] feat: use new builder in production code * [PM-2032] feat: add support for PRF * [PM-2032] chore: clean-up todos * [PM-2023] chore: remove token which is no longer used * [PM-2032] chore: remove todo * [PM-2032] feat: improve assertion error handling * [PM-2032] fix: linting issues * [PM-2032] fix: revert changes to `launchSettings.json` * [PM-2023] chore: clean up assertion endpoint * [PM-2032] feat: bypass 2FA * [PM-2032] fix: rename prf option to singular * [PM-2032] fix: lint * [PM-2032] fix: typo * [PM-2032] chore: improve builder tests Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> * [PM-2032] chore: clarify why we don't require 2FA * [PM-2023] feat: move `identityProvider` constant to common class * [PM-2032] fix: lint * [PM-2023] fix: move `IdentityProvider` to core.Constants * [PM-2032] fix: missing import * [PM-2032] chore: refactor token timespan to use `TimeSpan` * [PM-2032] chore: make `StartWebAuthnLoginAssertion` sync * [PM-2032] chore: use `FromMinutes` * [PM-2032] fix: change to 17 minutes to cover webauthn assertion * [PM-2032] chore: do not use `async void` * [PM-2032] fix: comment saying wrong amount of minutes * [PM-2032] feat: put validator behind feature flag * [PM-2032] fix: lint --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> 2023-11-20 15:55:31 +01:00			`"webauthn"`
[BEEEP] Integration tests (#1945) * Add api integration tests * Add some stuff * Make program mockable * Work on IntegrationTests for Identity * Formatting * Update packages.lock.json * Update more packages.lock.json * Update all packages.lock.json * Fix InMemory configuration * Actually fix test configuration * Fix tests for CI * Fix event service * Force EF EventRepository * Add client_credentials test * Remove Api.IntegrationTest * Remove Api Program changes * Cleanup * Add more Auth-Email tests * Run formatting * Address some PR feedback * Move integration stuff to it's own common project * Ran linter * Add shared project to test solution * Remove sln changes * Clean usings * Add more coverage * Address PR feedback 2022-05-20 21:24:59 +02:00			`],`
			`"response_types_supported": [`
			`"code",`
			`"token",`
			`"id_token",`
			`"id_token token",`
			`"code id_token",`
			`"code token",`
			`"code id_token token"`
			`],`
[PM-2032] Server endpoints to support authentication with a passkey (#3361) * [PM-2032] feat: add assertion options tokenable * [PM-2032] feat: add request and response models * [PM-2032] feat: implement `assertion-options` identity endpoint * [PM-2032] feat: implement authentication with passkey * [PM-2032] chore: rename to `WebAuthnGrantValidator` * [PM-2032] fix: add missing subsitute * [PM-2032] feat: start adding builder * [PM-2032] feat: add support for KeyConnector * [PM-2032] feat: add first version of TDE * [PM-2032] chore: refactor WithSso * [PM-2023] feat: add support for TDE feature flag * [PM-2023] feat: add support for approving devices * [PM-2023] feat: add support for hasManageResetPasswordPermission * [PM-2032] feat: add support for hasAdminApproval * [PM-2032] chore: don't supply device if not necessary * [PM-2032] chore: clean up imports * [PM-2023] feat: extract interface * [PM-2023] chore: add clarifying comment * [PM-2023] feat: use new builder in production code * [PM-2032] feat: add support for PRF * [PM-2032] chore: clean-up todos * [PM-2023] chore: remove token which is no longer used * [PM-2032] chore: remove todo * [PM-2032] feat: improve assertion error handling * [PM-2032] fix: linting issues * [PM-2032] fix: revert changes to `launchSettings.json` * [PM-2023] chore: clean up assertion endpoint * [PM-2032] feat: bypass 2FA * [PM-2032] fix: rename prf option to singular * [PM-2032] fix: lint * [PM-2032] fix: typo * [PM-2032] chore: improve builder tests Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> * [PM-2032] chore: clarify why we don't require 2FA * [PM-2023] feat: move `identityProvider` constant to common class * [PM-2032] fix: lint * [PM-2023] fix: move `IdentityProvider` to core.Constants * [PM-2032] fix: missing import * [PM-2032] chore: refactor token timespan to use `TimeSpan` * [PM-2032] chore: make `StartWebAuthnLoginAssertion` sync * [PM-2032] chore: use `FromMinutes` * [PM-2032] fix: change to 17 minutes to cover webauthn assertion * [PM-2032] chore: do not use `async void` * [PM-2032] fix: comment saying wrong amount of minutes * [PM-2032] feat: put validator behind feature flag * [PM-2032] fix: lint --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> 2023-11-20 15:55:31 +01:00			`"response_modes_supported": ["form_post", "query", "fragment"],`
[BEEEP] Integration tests (#1945) * Add api integration tests * Add some stuff * Make program mockable * Work on IntegrationTests for Identity * Formatting * Update packages.lock.json * Update more packages.lock.json * Update all packages.lock.json * Fix InMemory configuration * Actually fix test configuration * Fix tests for CI * Fix event service * Force EF EventRepository * Add client_credentials test * Remove Api.IntegrationTest * Remove Api Program changes * Cleanup * Add more Auth-Email tests * Run formatting * Address some PR feedback * Move integration stuff to it's own common project * Ran linter * Add shared project to test solution * Remove sln changes * Clean usings * Add more coverage * Address PR feedback 2022-05-20 21:24:59 +02:00			`"token_endpoint_auth_methods_supported": [`
			`"client_secret_basic",`
			`"client_secret_post"`
			`],`
[PM-2032] Server endpoints to support authentication with a passkey (#3361) * [PM-2032] feat: add assertion options tokenable * [PM-2032] feat: add request and response models * [PM-2032] feat: implement `assertion-options` identity endpoint * [PM-2032] feat: implement authentication with passkey * [PM-2032] chore: rename to `WebAuthnGrantValidator` * [PM-2032] fix: add missing subsitute * [PM-2032] feat: start adding builder * [PM-2032] feat: add support for KeyConnector * [PM-2032] feat: add first version of TDE * [PM-2032] chore: refactor WithSso * [PM-2023] feat: add support for TDE feature flag * [PM-2023] feat: add support for approving devices * [PM-2023] feat: add support for hasManageResetPasswordPermission * [PM-2032] feat: add support for hasAdminApproval * [PM-2032] chore: don't supply device if not necessary * [PM-2032] chore: clean up imports * [PM-2023] feat: extract interface * [PM-2023] chore: add clarifying comment * [PM-2023] feat: use new builder in production code * [PM-2032] feat: add support for PRF * [PM-2032] chore: clean-up todos * [PM-2023] chore: remove token which is no longer used * [PM-2032] chore: remove todo * [PM-2032] feat: improve assertion error handling * [PM-2032] fix: linting issues * [PM-2032] fix: revert changes to `launchSettings.json` * [PM-2023] chore: clean up assertion endpoint * [PM-2032] feat: bypass 2FA * [PM-2032] fix: rename prf option to singular * [PM-2032] fix: lint * [PM-2032] fix: typo * [PM-2032] chore: improve builder tests Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> * [PM-2032] chore: clarify why we don't require 2FA * [PM-2023] feat: move `identityProvider` constant to common class * [PM-2032] fix: lint * [PM-2023] fix: move `IdentityProvider` to core.Constants * [PM-2032] fix: missing import * [PM-2032] chore: refactor token timespan to use `TimeSpan` * [PM-2032] chore: make `StartWebAuthnLoginAssertion` sync * [PM-2032] chore: use `FromMinutes` * [PM-2032] fix: change to 17 minutes to cover webauthn assertion * [PM-2032] chore: do not use `async void` * [PM-2032] fix: comment saying wrong amount of minutes * [PM-2032] feat: put validator behind feature flag * [PM-2032] fix: lint --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> 2023-11-20 15:55:31 +01:00			`"id_token_signing_alg_values_supported": ["RS256"],`
			`"subject_types_supported": ["public"],`
			`"code_challenge_methods_supported": ["plain", "S256"],`
[PM-3569] Upgrade to Duende.Identity (#3185) * Upgrade to Duende.Identity * Linting * Get rid of last IdentityServer4 package * Fix identity test since Duende returns additional configuration * Use Configure PostConfigure is ran after ASP.NET's PostConfigure so ConfigurationManager was already configured and our HttpHandler wasn't being respected. * Regenerate lockfiles * Move to 6.0.4 for patches * fixes with testing * Add additional grant type supported in 6.0.4 and beautify * Lockfile refresh * Reapply lockfiles * Apply change to new WebAuthn logic * When automated merging fails me --------- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com> 2023-11-20 22:32:23 +01:00			`"request_parameter_supported": true,`
			`"request_object_signing_alg_values_supported": [`
			`"RS256",`
			`"RS384",`
			`"RS512",`
			`"PS256",`
			`"PS384",`
			`"PS512",`
			`"ES256",`
			`"ES384",`
			`"ES512",`
			`"HS256",`
			`"HS384",`
			`"HS512"`
			`],`
			`"authorization_response_iss_parameter_supported": true,`
			`"backchannel_token_delivery_modes_supported": ["poll"],`
			`"backchannel_user_code_parameter_supported": true`
[BEEEP] Integration tests (#1945) * Add api integration tests * Add some stuff * Make program mockable * Work on IntegrationTests for Identity * Formatting * Update packages.lock.json * Update more packages.lock.json * Update all packages.lock.json * Fix InMemory configuration * Actually fix test configuration * Fix tests for CI * Fix event service * Force EF EventRepository * Add client_credentials test * Remove Api.IntegrationTest * Remove Api Program changes * Cleanup * Add more Auth-Email tests * Run formatting * Address some PR feedback * Move integration stuff to it's own common project * Ran linter * Add shared project to test solution * Remove sln changes * Clean usings * Add more coverage * Address PR feedback 2022-05-20 21:24:59 +02:00			`}`