From 79a4cbaa099f67c8a657b19fa59721e0173a5f51 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 30 Apr 2024 09:50:36 -0700
Subject: [PATCH] [PM-7335] [deps] Auth: Update Duende.IdentityServer to v7
 (#3709)

* [deps] Auth: Update Duende.IdentityServer to v7

* Fixes for upgrade incompatibility

* Update configuration file used in a test

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
---
 bitwarden_license/src/Sso/Controllers/AccountController.cs | 7 ++++---
 bitwarden_license/src/Sso/Startup.cs                       | 4 ++--
 src/Core/Core.csproj                                       | 2 +-
 src/Identity/Startup.cs                                    | 4 ++--
 test/Identity.IntegrationTest/openid-configuration.json    | 2 ++
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/bitwarden_license/src/Sso/Controllers/AccountController.cs b/bitwarden_license/src/Sso/Controllers/AccountController.cs
index f94013828..bbd4143c3 100644
--- a/bitwarden_license/src/Sso/Controllers/AccountController.cs
+++ b/bitwarden_license/src/Sso/Controllers/AccountController.cs
@@ -19,7 +19,6 @@ using Bit.Core.Utilities;
 using Bit.Sso.Models;
 using Bit.Sso.Utilities;
 using Duende.IdentityServer;
-using Duende.IdentityServer.Extensions;
 using Duende.IdentityServer.Services;
 using Duende.IdentityServer.Stores;
 using IdentityModel;
@@ -704,8 +703,10 @@ public class AccountController : Controller
             var idp = User.FindFirst(JwtClaimTypes.IdentityProvider)?.Value;
             if (idp != null && idp != IdentityServerConstants.LocalIdentityProvider)
             {
-                var providerSupportsSignout = await HttpContext.GetSchemeSupportsSignOutAsync(idp);
-                if (providerSupportsSignout)
+                var provider = HttpContext.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
+                var handler = await provider.GetHandlerAsync(HttpContext, idp);
+
+                if (handler is IAuthenticationSignOutHandler)
                 {
                     if (logoutId == null)
                     {
diff --git a/bitwarden_license/src/Sso/Startup.cs b/bitwarden_license/src/Sso/Startup.cs
index 5ed613e15..c0da59ae8 100644
--- a/bitwarden_license/src/Sso/Startup.cs
+++ b/bitwarden_license/src/Sso/Startup.cs
@@ -6,7 +6,7 @@ using Bit.Core.Settings;
 using Bit.Core.Utilities;
 using Bit.SharedWeb.Utilities;
 using Bit.Sso.Utilities;
-using Duende.IdentityServer.Extensions;
+using Duende.IdentityServer.Services;
 using Microsoft.IdentityModel.Logging;
 using Stripe;
 
@@ -108,7 +108,7 @@ public class Startup
             var uri = new Uri(globalSettings.BaseServiceUri.Sso);
             app.Use(async (ctx, next) =>
             {
-                ctx.SetIdentityServerOrigin($"{uri.Scheme}://{uri.Host}");
+                ctx.RequestServices.GetRequiredService<IServerUrls>().Origin = $"{uri.Scheme}://{uri.Host}";
                 await next();
             });
         }
diff --git a/src/Core/Core.csproj b/src/Core/Core.csproj
index 592e85d9d..7346606ca 100644
--- a/src/Core/Core.csproj
+++ b/src/Core/Core.csproj
@@ -48,7 +48,7 @@
     <PackageReference Include="Serilog.Extensions.Logging" Version="8.0.0" />
     <PackageReference Include="Serilog.Extensions.Logging.File" Version="3.0.0" />
     <PackageReference Include="Sentry.Serilog" Version="3.41.4" />
-    <PackageReference Include="Duende.IdentityServer" Version="6.3.7" />
+    <PackageReference Include="Duende.IdentityServer" Version="7.0.4" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Serilog.Sinks.SyslogMessages" Version="3.0.2" />
     <PackageReference Include="AspNetCoreRateLimit" Version="5.0.0" />
diff --git a/src/Identity/Startup.cs b/src/Identity/Startup.cs
index dd6ba42bd..61d3d291d 100644
--- a/src/Identity/Startup.cs
+++ b/src/Identity/Startup.cs
@@ -11,7 +11,7 @@ using Bit.Core.Utilities;
 using Bit.Identity.Utilities;
 using Bit.SharedWeb.Swagger;
 using Bit.SharedWeb.Utilities;
-using Duende.IdentityServer.Extensions;
+using Duende.IdentityServer.Services;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.IdentityModel.Logging;
 using Microsoft.OpenApi.Models;
@@ -178,7 +178,7 @@ public class Startup
             var uri = new Uri(globalSettings.BaseServiceUri.Identity);
             app.Use(async (ctx, next) =>
             {
-                ctx.SetIdentityServerOrigin($"{uri.Scheme}://{uri.Host}");
+                ctx.RequestServices.GetRequiredService<IServerUrls>().Origin = $"{uri.Scheme}://{uri.Host}";
                 await next();
             });
         }
diff --git a/test/Identity.IntegrationTest/openid-configuration.json b/test/Identity.IntegrationTest/openid-configuration.json
index c72a0b10c..8cd464d1d 100644
--- a/test/Identity.IntegrationTest/openid-configuration.json
+++ b/test/Identity.IntegrationTest/openid-configuration.json
@@ -5,6 +5,8 @@
   "token_endpoint": "http://localhost:33656/connect/token",
   "device_authorization_endpoint": "http://localhost:33656/connect/deviceauthorization",
   "backchannel_authentication_endpoint": "http://localhost:33656/connect/ciba",
+  "pushed_authorization_request_endpoint": "http://localhost:33656/connect/par",
+  "require_pushed_authorization_requests": false,
   "scopes_supported": [
     "api",
     "api.push",