[PM-7335] [deps] Auth: Update Duende.IdentityServer to v7 (#3709)

* [deps] Auth: Update Duende.IdentityServer to v7

* Fixes for upgrade incompatibility

* Update configuration file used in a test

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>

bitwarden_license/src/Sso/Controllers/AccountController.cs

@@ -19,7 +19,6 @@ using Bit.Core.Utilities;
 using Bit.Sso.Models;
 using Bit.Sso.Utilities;
 using Duende.IdentityServer;
-using Duende.IdentityServer.Extensions;
 using Duende.IdentityServer.Services;
 using Duende.IdentityServer.Stores;
 using IdentityModel;
@@ -704,8 +703,10 @@ public class AccountController : Controller
             var idp = User.FindFirst(JwtClaimTypes.IdentityProvider)?.Value;
             if (idp != null && idp != IdentityServerConstants.LocalIdentityProvider)
             {
-                var providerSupportsSignout = await HttpContext.GetSchemeSupportsSignOutAsync(idp);
-                if (providerSupportsSignout)
+                var provider = HttpContext.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
+                var handler = await provider.GetHandlerAsync(HttpContext, idp);
+
+                if (handler is IAuthenticationSignOutHandler)
                 {
                     if (logoutId == null)
                     {

bitwarden_license/src/Sso/Startup.cs

@@ -6,7 +6,7 @@ using Bit.Core.Settings;
 using Bit.Core.Utilities;
 using Bit.SharedWeb.Utilities;
 using Bit.Sso.Utilities;
-using Duende.IdentityServer.Extensions;
+using Duende.IdentityServer.Services;
 using Microsoft.IdentityModel.Logging;
 using Stripe;
 
@@ -108,7 +108,7 @@ public class Startup
             var uri = new Uri(globalSettings.BaseServiceUri.Sso);
             app.Use(async (ctx, next) =>
             {
-                ctx.SetIdentityServerOrigin($"{uri.Scheme}://{uri.Host}");
+                ctx.RequestServices.GetRequiredService<IServerUrls>().Origin = $"{uri.Scheme}://{uri.Host}";
                 await next();
             });
         }

src/Core/Core.csproj

@@ -48,7 +48,7 @@
     <PackageReference Include="Serilog.Extensions.Logging" Version="8.0.0" />
     <PackageReference Include="Serilog.Extensions.Logging.File" Version="3.0.0" />
     <PackageReference Include="Sentry.Serilog" Version="3.41.4" />
-    <PackageReference Include="Duende.IdentityServer" Version="6.3.7" />
+    <PackageReference Include="Duende.IdentityServer" Version="7.0.4" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Serilog.Sinks.SyslogMessages" Version="3.0.2" />
     <PackageReference Include="AspNetCoreRateLimit" Version="5.0.0" />

src/Identity/Startup.cs

@@ -11,7 +11,7 @@ using Bit.Core.Utilities;
 using Bit.Identity.Utilities;
 using Bit.SharedWeb.Swagger;
 using Bit.SharedWeb.Utilities;
-using Duende.IdentityServer.Extensions;
+using Duende.IdentityServer.Services;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.IdentityModel.Logging;
 using Microsoft.OpenApi.Models;
@@ -178,7 +178,7 @@ public class Startup
             var uri = new Uri(globalSettings.BaseServiceUri.Identity);
             app.Use(async (ctx, next) =>
             {
-                ctx.SetIdentityServerOrigin($"{uri.Scheme}://{uri.Host}");
+                ctx.RequestServices.GetRequiredService<IServerUrls>().Origin = $"{uri.Scheme}://{uri.Host}";
                 await next();
             });
         }

test/Identity.IntegrationTest/openid-configuration.json

@@ -5,6 +5,8 @@
   "token_endpoint": "http://localhost:33656/connect/token",
   "device_authorization_endpoint": "http://localhost:33656/connect/deviceauthorization",
   "backchannel_authentication_endpoint": "http://localhost:33656/connect/ciba",
+  "pushed_authorization_request_endpoint": "http://localhost:33656/connect/par",
+  "require_pushed_authorization_requests": false,
   "scopes_supported": [
     "api",
     "api.push",