Merge branch 'develop' into SMARTv2ScopeExpander

JoeShook · Sep 19, 2023 · 64ced30 · 64ced30
2 parents dedd467 + 9f260ef
commit 64ced30
Show file tree

Hide file tree

Showing 43 changed files with 243 additions and 190 deletions.
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -8,22 +8,22 @@
     <PackageVersion Include="brianpos.Fhir.R4B.WebApi.AspNetCore" Version="4.3.0-beta2" />
     <PackageVersion Include="Google.Cloud.SecretManager.V1" Version="2.1.0" />
     <PackageVersion Include="Google.Cloud.Storage.V1" Version="4.6.0" />
-    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="[6.0.16,7.0.5]" />
+    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="[6.0.22,7.0.11]" />
     <PackageVersion Include="AspNetCoreRateLimit" Version="5.0.0" />
-    <PackageVersion Include="Hl7.Fhir.Specification.R4B" Version="4.3.0" />
-    <PackageVersion Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="[6.0.21,7.0.10]" />
+    <PackageVersion Include="Hl7.Fhir.Specification.R4B" Version="5.3.0" />
+    <PackageVersion Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="[6.0.22,7.0.11]" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="7.0.1" />
-    <PackageVersion Include="IdentityModel" Version="6.1.0" />
     <PackageVersion Include="MSTest.TestAdapter" Version="2.2.10" />
     <PackageVersion Include="MSTest.TestFramework" Version="2.2.10" />
+    <PackageVersion Include="IdentityModel" Version="6.2.0" />
     <PackageVersion Include="System.Text.Json" Version="[6.0.7,7.0.3]" />
     <PackageVersion Include="AutoMapper" Version="12.0.1" />
-    <PackageVersion Include="Duende.IdentityServer" Version="6.3.3" />
-    <PackageVersion Include="Duende.IdentityServer.AspNetIdentity" Version="6.3.3" />
-    <PackageVersion Include="Duende.IdentityServer.EntityFramework.Storage" Version="6.3.3" />
+    <PackageVersion Include="Duende.IdentityServer" Version="6.3.4" />
+    <PackageVersion Include="Duende.IdentityServer.AspNetIdentity" Version="6.3.4" />
+    <PackageVersion Include="Duende.IdentityServer.EntityFramework.Storage" Version="6.3.4" />
     <PackageVersion Include="IdentityModel.AspNetCore.OAuth2Introspection" Version="6.2.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Mvc" Version="2.2.0" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="7.0.10" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="7.0.11" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="7.0.10" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.10" />
     <PackageVersion Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
@@ -33,18 +33,18 @@
     <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="[6.0.0,7.0.1]" />
     <PackageVersion Include="Microsoft.Extensions.Options" Version="7.0.1" />
     <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="7.0.0" />
-    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.2" />
+    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.0" />
     <PackageVersion Include="Microsoft.IdentityModel.Tokens" Version="[6.10.0,6.30.0]" />
-    <PackageVersion Include="OpenTelemetry" Version="1.5.1" />
-    <PackageVersion Include="OpenTelemetry.Exporter.Console" Version="1.5.1" />
-    <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.5.1" />
-    <PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.5.1" />
+    <PackageVersion Include="OpenTelemetry" Version="1.6.0" />
+    <PackageVersion Include="OpenTelemetry.Exporter.Console" Version="1.6.0" />
+    <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.6.0" />
+    <PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.6.0" />
     <PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.0.0-rc9.14" />
     <PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.0.0-rc9.14" />
     <PackageVersion Include="OpenTelemetry.Instrumentation.SqlClient" Version="1.0.0-rc9.14" />
     <PackageVersion Include="Serilog.AspNetCore" Version="[6.1.0,7.0.0]" />
     <PackageVersion Include="Serilog.Extensions.Logging" Version="[3.1.0,7.0.0]" />
     <PackageVersion Include="Portable.BouncyCastle" Version="1.9.0" />
-    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="6.32.1" />
+    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="7.0.0" />
   </ItemGroup>
 </Project>
diff --git a/Udap.Client/Rest/FhirClientWithUrlProvider.cs b/Udap.Client/Rest/FhirClientWithUrlProvider.cs
@@ -10,12 +10,8 @@ namespace Udap.Client.Rest;
 public class FhirClientWithUrlProvider : FhirClient
 {
     public FhirClientWithUrlProvider(IBaseUrlProvider baseUrlProvider, HttpClient httpClient, FhirClientSettings? settings = null, IStructureDefinitionSummaryProvider? provider = null)
-         : base(baseUrlProvider.GetBaseUrl(), httpClient, settings, provider)
+         : base(baseUrlProvider.GetBaseUrl(), httpClient, settings)
     {
-        var requester = new HttpClientRequester(baseUrlProvider.GetBaseUrl(), Settings, httpClient);
-        Requester = requester;
-
-        // Expose default request headers to user.
-        RequestHeaders = requester.Client.DefaultRequestHeaders;
+
     }
 }
diff --git a/Udap.Model/Registration/UdapCertificationAndEndorsementDocument.cs b/Udap.Model/Registration/UdapCertificationAndEndorsementDocument.cs
@@ -9,6 +9,7 @@
 
 using System;
 using System.IdentityModel.Tokens.Jwt;
+using System.Text.Json;
 using System.Text.Json.Serialization;
 using IdentityModel;
 using Microsoft.IdentityModel.Tokens;
@@ -249,17 +250,15 @@ public UdapCertificationAndEndorsementDocument(string certificationName)
     /// Serializes this instance to JSON.
     /// </summary>
     /// <returns>This instance as JSON.</returns>
-    /// <remarks>Use <see cref="System.IdentityModel.Tokens.Jwt.JsonExtensions.Serializer"/> to customize JSON serialization.</remarks>
     public virtual string SerializeToJson()
     {
-        return JsonExtensions.SerializeToJson(this);
+        return JsonSerializer.Serialize(this);
     }
 
     /// <summary>
     /// Encodes this instance as Base64UrlEncoded JSON.
     /// </summary>
     /// <returns>Base64UrlEncoded JSON.</returns>
-    /// <remarks>Use <see cref="System.IdentityModel.Tokens.Jwt.JsonExtensions.Serializer"/> to customize JSON serialization.</remarks>
     public virtual string Base64UrlEncode()
     {
         return Base64UrlEncoder.Encode(SerializeToJson());

diff --git a/Udap.Model/Registration/UdapDynamicClientRegistrationDocument.cs b/Udap.Model/Registration/UdapDynamicClientRegistrationDocument.cs
@@ -625,7 +625,7 @@ internal IList<string> GetIListClaims(string claimType)
         }
         else
         {
-            claimValues.Add(JsonExtensions.SerializeToJson(value));
+            claimValues.Add(JsonSerializer.Serialize(value));
         }
 
         return claimValues;
@@ -647,7 +647,7 @@ internal IList<string> GetIListClaims(string claimType)
                 }
             }
 
-            return JsonExtensions.SerializeToJson(value);
+            return JsonSerializer.Serialize(value);
         }
 
         return null;
@@ -715,17 +715,15 @@ internal static object GetClaimValueUsingValueType(Claim claim)
     /// Serializes this instance to JSON.
     /// </summary>
     /// <returns>This instance as JSON.</returns>
-    /// <remarks>Use <see cref="System.IdentityModel.Tokens.Jwt.JsonExtensions.Serializer"/> to customize JSON serialization.</remarks>
     public virtual string SerializeToJson()
     {
-        return JsonExtensions.SerializeToJson(this);
+        return JsonSerializer.Serialize(this);
     }
 
     /// <summary>
     /// Encodes this instance as Base64UrlEncoded JSON.
     /// </summary>
     /// <returns>Base64UrlEncoded JSON.</returns>
-    /// <remarks>Use <see cref="System.IdentityModel.Tokens.Jwt.JsonExtensions.Serializer"/> to customize JSON serialization.</remarks>
     public virtual string Base64UrlEncode()
     {
         return Base64UrlEncoder.Encode(SerializeToJson());

diff --git a/Udap.Model/UdapAuthenticationExtensions/B2BAuthorizationExtension.cs b/Udap.Model/UdapAuthenticationExtensions/B2BAuthorizationExtension.cs
@@ -24,7 +24,7 @@ public class B2BAuthorizationExtension : Dictionary<string, object>
     private string? _subjectId;
     private string? _subjectRole;
     private string? _organizationName;
-    private Uri _organizationId = default!;
+    private string? _organizationId = default!;
     private ICollection<string> _purposeOfUse = new HashSet<string>();
     private ICollection<string>? _consentPolicy;
     private ICollection<string>? _consentReference;
@@ -104,21 +104,21 @@ public string? OraganizationName
     }
 
     [JsonPropertyName(UdapConstants.B2BAuthorizationExtension.OrganizationId)]
-    public Uri OrganizationId
+    public string? OrganizationId
     {
         get
         {
-            if (Uri.TryCreate(GetStandardClaim(UdapConstants.RegistrationDocumentValues.ClientUri), UriKind.Absolute, out var value))
+            if (_organizationId == null)
             {
-                _organizationId = value;
+                _organizationId = GetStandardClaim(UdapConstants.B2BAuthorizationExtension.OrganizationId);
             }
 
             return _organizationId;
         }
         set
         {
             _organizationId = value;
-            this[UdapConstants.B2BAuthorizationExtension.OrganizationId] = value;
+            if (value != null) this[UdapConstants.B2BAuthorizationExtension.OrganizationId] = value;
         }
     }
 
@@ -210,7 +210,7 @@ internal IList<string> GetIListClaims(string claimType)
         }
         else
         {
-            claimValues.Add(JsonExtensions.SerializeToJson(value));
+            claimValues.Add(JsonSerializer.Serialize(value));
         }
 
         return claimValues;
@@ -231,7 +231,7 @@ internal IList<string> GetIListClaims(string claimType)
                 }
             }
 
-            return JsonExtensions.SerializeToJson(value);
+            return JsonSerializer.Serialize(value);
         }
 
         return null;

diff --git a/Udap.Model/UdapConstants.cs b/Udap.Model/UdapConstants.cs
@@ -187,7 +187,7 @@ public static class B2BAuthorizationExtension
     public static class JwtClaimTypes
     {
         public static string Extensions = "extensions";
-        public static string FhirUser = "hl7_identifier";
+        public static string Hl7Identifier = "hl7_identifier";
     }
 
     public static class TokenRequest

diff --git a/Udap.Server/Models/UdapIdentityResources.cs b/Udap.Server/Models/UdapIdentityResources.cs
@@ -30,7 +30,32 @@ public FhirUser()
             Name = UdapConstants.StandardScopes.FhirUser;
             DisplayName = "FHIR resource representation of the current user.";
             Required = false;
-            UserClaims.Add("hl7_identifier");
+            UserClaims.Add(UdapConstants.JwtClaimTypes.Hl7Identifier);
+        }
+    }
+
+    /// <summary>
+    /// Models the standard openid scope
+    /// </summary>
+    /// <seealso cref="IdentityServer.Models.IdentityResource" />
+    public class Profile : IdentityResource
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="Profile"/> class.
+        /// </summary>
+        public Profile()
+        {
+            var profile = new IdentityResources.Profile();
+            Name = profile.Name;
+            DisplayName = profile.DisplayName;
+            Required = profile.Required;
+            UserClaims = profile.UserClaims;
+            //
+            // Ensure HL7Identifier is included in the profile scope when the profile scope is requested
+            // http://build.fhir.org/ig/HL7/fhir-identity-matching-ig/digital-identity.html 
+            // http://hl7.org/fhir/smart-app-launch/1.0.0/scopes-and-launch-context/index.html
+            //
+            UserClaims.Add(UdapConstants.JwtClaimTypes.Hl7Identifier);
         }
     }
 

diff --git a/Udap.Server/Registration/UdapDynamicClientRegistrationValidator.cs b/Udap.Server/Registration/UdapDynamicClientRegistrationValidator.cs
@@ -18,18 +18,14 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
-using System.Text.Json;
 using Duende.IdentityServer.Models;
 using Duende.IdentityServer.Services;
-using Hl7.Fhir.Utility;
 using IdentityModel;
-using IdentityModel.Client;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.IdentityModel.Tokens;
-using Newtonsoft.Json.Linq;
 using Udap.Common;
 using Udap.Common.Certificates;
 using Udap.Common.Extensions;
@@ -648,7 +644,7 @@ private bool ValidateChain(
         return false;
     }
 
-    private readonly string[]? _x5cArray = null;
+    private string[]? _x5cArray = null;
 
     //Todo duplicate code
     private string[]? Getx5c(JwtHeader jwtHeader)
@@ -660,13 +656,15 @@ private bool ValidateChain(
             return null;
         }
 
-        var x5cArray = JsonSerializer.Deserialize<string[]>(jwtHeader.X5c);
-        
-        if (x5cArray != null && !x5cArray.Any())
+        var certificates = jwtHeader["x5c"] as List<object>;
+
+        if (certificates == null)
         {
             return null;
         }
 
-        return x5cArray;
+        _x5cArray = certificates.Select(c => c.ToString()).ToArray()!;
+
+        return _x5cArray;
     }
 }
diff --git a/Udap.Server/ResponseHandling/UdapTokenResponseGenerator.cs b/Udap.Server/ResponseHandling/UdapTokenResponseGenerator.cs
@@ -17,6 +17,8 @@
 using Microsoft.Extensions.Logging;
 using Udap.Server.Validation;
 using Udap.Util.Extensions;
+using Udap.Model;
+
 
 namespace Udap.Server.ResponseHandling;
 public class UdapTokenResponseGenerator : TokenResponseGenerator
@@ -121,7 +123,7 @@ private void AugmentClaims(Token idToken, ValidatedRequest validationResult)
             validationResult.Subject!,
             validationResult.Client,
             IdentityServerConstants.ProfileDataCallers.UserInfoEndpoint,
-            new List<string>() { "hl7_identifier" });
+            new List<string>() { UdapConstants.JwtClaimTypes.Hl7Identifier });
         // context.RequestedResources = validatedResources;
 
         _profile.GetProfileDataAsync(context);

diff --git a/Udap.Server/Security/Authentication/TieredOAuth/TieredOAuthAuthenticationOptions.cs b/Udap.Server/Security/Authentication/TieredOAuth/TieredOAuthAuthenticationOptions.cs
@@ -10,6 +10,8 @@
 using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
+using IdentityModel;
+using Udap.Model;
 
 namespace Udap.Server.Security.Authentication.TieredOAuth;
 
@@ -26,11 +28,11 @@ public TieredOAuthAuthenticationOptions()
         // TokenEndpoint = TieredOAuthAuthenticationDefaults.TokenEndpoint;
         SignInScheme = TieredOAuthAuthenticationDefaults.AuthenticationScheme;
 
-        // DCR at Tiered OAuth only requires these two scopes. 
-        Scope.Add("openid");
-        Scope.Add("fhirUser");
-        // Scope.Add("email");
-        // Scope.Add("profile");
+        // TODO:  configurable. 
+        Scope.Add(OidcConstants.StandardScopes.OpenId);
+        // Scope.Add(UdapConstants.StandardScopes.FhirUser);
+        Scope.Add(OidcConstants.StandardScopes.Email);
+        Scope.Add(OidcConstants.StandardScopes.Profile);
 
         SecurityTokenValidator = _defaultHandler;
     }

diff --git a/_tests/Directory.Packages.props b/_tests/Directory.Packages.props
@@ -5,31 +5,31 @@
   <ItemGroup>
     <!-- https://learn.microsoft.com/en-us/nuget/concepts/package-versioning#version-ranges -->
     <PackageVersion Include="Duende.IdentityServer" Version="6.3.3" />
-    <PackageVersion Include="Duende.IdentityServer.Storage" Version="6.3.3" />
+    <PackageVersion Include="Duende.IdentityServer.Storage" Version="6.3.4" />
     <PackageVersion Include="Duende.IdentityServer.EntityFramework.Storage" Version="6.3.3" />
-    <PackageVersion Include="Hl7.Fhir.R4B" Version="4.3.0" />
-    <PackageVersion Include="Hl7.Fhir.Specification.R4B" Version="4.3.0" />
+    <PackageVersion Include="Hl7.Fhir.R4B" Version="5.3.0" />
+    <PackageVersion Include="Hl7.Fhir.Specification.R4B" Version="5.3.0" />
     <PackageVersion Include="FluentAssertions" Version="6.12.0" />
-    <PackageVersion Include="FluentAssertions.Analyzers" Version="0.23.1" />
-    <PackageVersion Include="IdentityModel" Version="6.1.0" />
+    <PackageVersion Include="FluentAssertions.Analyzers" Version="0.24.0" />
+    <PackageVersion Include="IdentityModel" Version="6.2.0" />
     <PackageVersion Include="MartinCostello.Logging.XUnit" Version="0.3.0" />
-    <PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="7.0.10" />
+    <PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="7.0.11" />
     <PackageVersion Include="Microsoft.Data.SqlClient" Version="5.1.1" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="7.0.10" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="7.0.10" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.InMemory" Version="7.0.10" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="7.0.10" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="7.0.11" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="7.0.11" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.InMemory" Version="7.0.11" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="7.0.11" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.10" />
     <PackageVersion Include="Microsoft.Extensions.Configuration" Version="7.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="7.0.1" />
     <PackageVersion Include="Microsoft.Extensions.Configuration.UserSecrets" Version="7.0.0" />
-    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.2" />
+    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.0" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageVersion Include="Moq" Version="4.20.69" />
     <PackageVersion Include="Portable.BouncyCastle" Version="1.9.0" />
-    <PackageVersion Include="xunit" Version="2.5.0" />
-    <PackageVersion Include="xunit.runner.visualstudio" Version="2.5.0" />
+    <PackageVersion Include="xunit" Version="2.5.1" />
+    <PackageVersion Include="xunit.runner.visualstudio" Version="2.5.1" />
     <PackageVersion Include="coverlet.collector" Version="6.0.0" />
-    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="6.32.1" />
+    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="7.0.0" />
   </ItemGroup>
 </Project>