dlmelendez / identityserver4-azurestorage Goto Github PK

FindIdentityResourcesByScopeNameAsync() is querying by resource.name instead of by scope name(s) as expected.

Below is what was logged. If I submit the exact same request without the offline_access scope, the error does not occur.

2024-02-27 16:27:39.914 [Serilog] [Error] [30] [Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware]
[Serilog] An unhandled exception has occurred while executing the request.
[Serilog] System.ArgumentNullException: Value cannot be null. (Parameter 'PartitionKey')
   at Azure.Core.Argument.AssertNotNull[T](T value, String name)
   at Azure.Data.Tables.TableClient.UpsertEntityAsync[T](T entity, TableUpdateMode mode, CancellationToken cancellationToken)
   at ElCamino.IdentityServer.AzureStorage.Stores.PersistedGrantStore.StoreAsync(PersistedGrant grant, CancellationToken cancellationToken)
   at Duende.IdentityServer.Stores.DefaultGrantStore`1.StoreItemByHashedKeyAsync(String hashedKey, T item, String clientId, String subjectId, String sessionId, String description, DateTime created, Nullable`1 expiration, Nullable`1 consumedTime) in /_/src/IdentityServer/Stores/Default/DefaultGrantStore.cs:line 231
   at Duende.IdentityServer.Stores.DefaultGrantStore`1.CreateItemAsync(T item, String clientId, String subjectId, String sessionId, String description, DateTime created, Int32 lifetime) in /_/src/IdentityServer/Stores/Default/DefaultGrantStore.cs:line 177
   at Duende.IdentityServer.Stores.DefaultRefreshTokenStore.StoreRefreshTokenAsync(RefreshToken refreshToken) in /_/src/IdentityServer/Stores/Default/DefaultRefreshTokenStore.cs:line 43
   at Duende.IdentityServer.Services.DefaultRefreshTokenService.CreateRefreshTokenAsync(RefreshTokenCreationRequest request) in /_/src/IdentityServer/Services/Default/DefaultRefreshTokenService.cs:line 222
   at Duende.IdentityServer.ResponseHandling.TokenResponseGenerator.CreateAccessTokenAsync(ValidatedTokenRequest request) in /_/src/IdentityServer/ResponseHandling/Default/TokenResponseGenerator.cs:line 453
   at Duende.IdentityServer.ResponseHandling.TokenResponseGenerator.ProcessTokenRequestAsync(TokenRequestValidationResult validationResult) in /_/src/IdentityServer/ResponseHandling/Default/TokenResponseGenerator.cs:line 335
   at Duende.IdentityServer.ResponseHandling.TokenResponseGenerator.ProcessAsync(TokenRequestValidationResult request) in /_/src/IdentityServer/ResponseHandling/Default/TokenResponseGenerator.cs:line 107
   at Duende.IdentityServer.Endpoints.TokenEndpoint.ProcessTokenRequestAsync(HttpContext context) in /_/src/IdentityServer/Endpoints/TokenEndpoint.cs:line 133
   at Duende.IdentityServer.Endpoints.TokenEndpoint.ProcessAsync(HttpContext context) in /_/src/IdentityServer/Endpoints/TokenEndpoint.cs:line 81
   at Duende.IdentityServer.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IdentityServerOptions options, IEndpointRouter router, IUserSession userSession, IEventService events, IIssuerNameService issuerNameService, ISessionCoordinationService sessionCoordinationService) in /_/src/IdentityServer/Hosting/IdentityServerMiddleware.cs:line 106
   at Duende.IdentityServer.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IdentityServerOptions options, IEndpointRouter router, IUserSession userSession, IEventService events, IIssuerNameService issuerNameService, ISessionCoordinationService sessionCoordinationService) in /_/src/IdentityServer/Hosting/IdentityServerMiddleware.cs:line 128
   at Duende.IdentityServer.Hosting.MutualTlsEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes) in /_/src/IdentityServer/Hosting/MutualTlsEndpointMiddleware.cs:line 95
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Duende.IdentityServer.Hosting.DynamicProviders.DynamicSchemeAuthenticationMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/DynamicProviders/DynamicSchemes/DynamicSchemeAuthenticationMiddleware.cs:line 51
   at Duende.IdentityServer.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/BaseUrlMiddleware.cs:line 27

Hi,

I'm getting the following exception:

[20:04:45 FTL] Unhandled exception: The type initializer for 'ElCamino.IdentityServer4.AzureStorage.Mappers.PersistedGrantMappers' threw an exception.
System.TypeInitializationException: The type initializer for 'ElCamino.IdentityServer4.AzureStorage.Mappers.PersistedGrantMappers' threw an exception.
---> System.MissingMethodException: Method not found: 'AutoMapper.IMappingExpression2<!0,!1> AutoMapper.IMappingExpression2.ConstructUsing(System.Linq.Expressions.Expression1<System.Func2<!0,!1>>)'.
at ElCamino.IdentityServer4.AzureStorage.Mappers.PersistedGrantMappers.<>c.<.cctor>b__10_0(IMapperConfigurationExpression cfg)
at AutoMapper.MapperConfiguration.Build(Action1 configure) at AutoMapper.MapperConfiguration..ctor(Action1 configure)
at ElCamino.IdentityServer4.AzureStorage.Mappers.PersistedGrantMappers..cctor()
--- End of inner exception stack trace ---
at ElCamino.IdentityServer4.AzureStorage.Mappers.PersistedGrantMappers.ToEntities(PersistedGrant persistedGrant)
at ElCamino.IdentityServer4.AzureStorage.Stores.PersistedGrantStore.StoreAsync(PersistedGrant grant)
at IdentityServer4.Stores.DefaultGrantStore1.StoreItemAsync(String key, T item, String clientId, String subjectId, String sessionId, String description, DateTime created, Nullable1 expiration, Nullable1 consumedTime) at IdentityServer4.Stores.DefaultGrantStore1.CreateItemAsync(T item, String clientId, String subjectId, String sessionId, String description, DateTime created, Int32 lifetime)
at IdentityServer4.Stores.DefaultRefreshTokenStore.StoreRefreshTokenAsync(RefreshToken refreshToken)
at IdentityServer4.Services.DefaultRefreshTokenService.CreateRefreshTokenAsync(ClaimsPrincipal subject, Token accessToken, Client client)
at IdentityServer4.ResponseHandling.TokenResponseGenerator.CreateAccessTokenAsync(ValidatedTokenRequest request)
at IdentityServer4.ResponseHandling.TokenResponseGenerator.ProcessTokenRequestAsync(TokenRequestValidationResult validationResult)
at IdentityServer4.ResponseHandling.TokenResponseGenerator.ProcessAsync(TokenRequestValidationResult request)
at IdentityServer4.Endpoints.TokenEndpoint.ProcessTokenRequestAsync(HttpContext context)
at IdentityServer4.Endpoints.TokenEndpoint.ProcessAsync(HttpContext context)
at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events, IBackChannelLogoutService backChannelLogoutService)

Do you have any hints what I may be missing?

Using ElCamino.IdentityServer4.AzureStorage 2.0.1
and IdentityServer4 4.1.1

Thanks!

add support for .net 5

I can see the api resource stored in the blob container ("idsrv4apiresources")

If I add 'api' as allowed scopes in client, token end point returns 'invalid_scope'.

ResourceStore.FindApiResourcesByScopeAsync returns no result. and hence the validation fails.

If I use In memory resources (identity and api) instead of AddResourceStore, it works fine.

Currently facing issue with a mapping exception:
Method not found: '!!0 AutoMapper.IMapper.Map(System.Object)'.
System.MissingMethodException: Method not found: '!!0 AutoMapper.IMapper.Map(System.Object)'. ToEntity(...
Any plan to support the newest version of Automapper?
I'm asking this because I had to pull down the sources and update Automapper to 10.1.1 version to make it work in my solution.
Thanks a lot.

Hi,

First of all thank you very much for that project!
Unfortunately it seems that it is not compatible with the newest version of IdentityServer. It looks like IPersistedGrantStore did change.
Do you plan to update the project?

Thanks and best regards

Support for LTS releases.

The AllowedIdentityTokenSigningAlgorithms Property is type of ICollection in IdentityServer4. Without this fix the property turns into a string of the type and not a string containg the type.

Here is a before and after (JSON)

Before:

{
...
"AllowedIdentityTokenSigningAlgorithms": "System.Collections.Generic.HashSet`1[System.String]",
...
}
After:

{
...
"AllowedIdentityTokenSigningAlgorithms": "item1,item2",
...
}

need to ref service as IResourceStore and then cast to ResourceStore

Hi David,

This is a neat idea for storage and I'm taking a look at it for a little hobby project I have coming up, thanks so much!

I notice your readme says "Use the unit tests as a guide to seeding operational and configuration data.". I've written a little class that just takes the data from Identity Server's Config class (most folks implementing IS4 are probably familiar with this already) and inserts it into the table storage. It's not much, but it might make things a little easier for the next implementer.

Would you be interested in reviewing/including this if I make a PR?

Check for 404 BlobNotFound instead of Blob.Exists(). Performance improvement.