Skip to content

Handle mTLS and DPoP Used Together #2084

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
josephdecock merged 3 commits into from
Jul 1, 2025

Updated PAR validation to handle case where client authenticated with…

f6b3471
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Merged

Handle mTLS and DPoP Used Together #2084

Updated PAR validation to handle case where client authenticated with…
f6b3471
Select commit
Loading
Failed to load commit list.
GitHub Actions / Test Report - test/EntityFramework.Storage.UnitTests succeeded Jul 1, 2025 in 1s

56 passed, 0 failed and 0 skipped

Tests passed successfully

✅ identity-server/test/EntityFramework.Storage.UnitTests/TestResults/test/EntityFramework.Storage.UnitTests-tests.trx

56 tests were completed in 5s with 56 passed, 0 failed and 0 skipped.

Test suite Passed Failed Skipped Time
EntityFramework.Storage.UnitTests.Mappers.ApiResourceMappersTests 5✅ 36ms
EntityFramework.Storage.UnitTests.Mappers.ClientMappersTests 7✅ 124ms
EntityFramework.Storage.UnitTests.Mappers.IdentityProviderMappersTests 4✅ 85ms
EntityFramework.Storage.UnitTests.Mappers.IdentityResourcesMappersTests 3✅ 20ms
EntityFramework.Storage.UnitTests.Mappers.PersistedGrantMappersTests 3✅ 14ms
EntityFramework.Storage.UnitTests.Mappers.PushedAuthorizationRequestMappersTests 3✅ 2ms
EntityFramework.Storage.UnitTests.Mappers.ScopesMappersTests 4✅ 87ms
UnitTests.Validation.IsLocalUrlTests 27✅ 26ms

✅ EntityFramework.Storage.UnitTests.Mappers.ApiResourceMappersTests

✅ Can_Map
✅ mapping_entity_to_model_maps_all_properties
✅ mapping_model_to_entity_maps_all_properties
✅ missing_values_should_use_defaults
✅ Properties_Map

✅ EntityFramework.Storage.UnitTests.Mappers.ClientMappersTests

✅ Can_Map
✅ duplicates_properties_in_db_map
✅ forgetting_to_map_properties_is_checked_by_tests
✅ mapping_entity_to_model_maps_all_properties
✅ mapping_model_to_entity_maps_all_properties
✅ missing_values_should_use_defaults
✅ Properties_Map

✅ EntityFramework.Storage.UnitTests.Mappers.IdentityProviderMappersTests

✅ CanMapIdp
✅ mapping_entity_to_model_maps_all_properties
✅ mapping_model_to_entity_maps_all_properties
✅ Properties_Map

✅ EntityFramework.Storage.UnitTests.Mappers.IdentityResourcesMappersTests

✅ CanMapIdentityResources
✅ mapping_entity_to_model_maps_all_properties
✅ mapping_model_to_entity_maps_all_properties

✅ EntityFramework.Storage.UnitTests.Mappers.PersistedGrantMappersTests

✅ CanMap
✅ mapping_entity_to_model_maps_all_properties
✅ mapping_model_to_entity_maps_all_properties

✅ EntityFramework.Storage.UnitTests.Mappers.PushedAuthorizationRequestMappersTests

✅ CanMapPushedAuthorizationRequest
✅ mapping_entity_to_model_maps_all_properties
✅ mapping_model_to_entity_maps_all_properties

✅ EntityFramework.Storage.UnitTests.Mappers.ScopesMappersTests

✅ CanMapScope
✅ mapping_entity_to_model_maps_all_properties
✅ mapping_model_to_entity_maps_all_properties
✅ Properties_Map

✅ UnitTests.Validation.IsLocalUrlTests

✅ IsLocalUrl(returnUrl: "/   \t/evil.com/connect/authorize/callback?client_"···, expected: False)
✅ IsLocalUrl(returnUrl: "/  \t/evil.com/connect/authorize/callback?client_i"···, expected: False)
✅ IsLocalUrl(returnUrl: "/ \t/evil.com/connect/authorize/callback?client_id"···, expected: False)
✅ IsLocalUrl(returnUrl: "//evil.com/?client_id=mvc.code&redirect_uri=https%"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\n/evil.com/?client_id=mvc.code&redirect_uri=http"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\n/evil.com\t/?client_id=mvc.code&redirect_uri=ht"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\n\n/evil.com/?client_id=mvc.code&redirect_uri=ht"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\n\n/evil.com\t/?client_id=mvc.code&redirect_uri="···, expected: False)
✅ IsLocalUrl(returnUrl: "/\r/evil.com/?client_id=mvc.code&redirect_uri=http"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\r/evil.com\t/?client_id=mvc.code&redirect_uri=ht"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\r\n/evil.com/?client_id=mvc.code&redirect_uri=ht"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\r\n/evil.com\t/?client_id=mvc.code&redirect_uri="···, expected: False)
✅ IsLocalUrl(returnUrl: "/\r\n\r\n/evil.com/?client_id=mvc.code&redirect_ur"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\r\n\r\n/evil.com\t/?client_id=mvc.code&redirect_"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\r\r/evil.com/?client_id=mvc.code&redirect_uri=ht"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\r\r/evil.com\t/?client_id=mvc.code&redirect_uri="···, expected: False)
✅ IsLocalUrl(returnUrl: "/\t   /evil.com/connect/authorize/callback?client_"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\t  /evil.com/connect/authorize/callback?client_i"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\t /evil.com/connect/authorize/callback?client_id"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\t/evil.com/connect/authorize/callback?client_id="···, expected: False)
✅ IsLocalUrl(returnUrl: "/\t\n/evil.com/?client_id=mvc.code&redirect_uri=ht"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\t\n\n/evil.com/?client_id=mvc.code&redirect_uri="···, expected: False)
✅ IsLocalUrl(returnUrl: "/\t\r/evil.com/?client_id=mvc.code&redirect_uri=ht"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\t\r\n/evil.com/?client_id=mvc.code&redirect_uri="···, expected: False)
✅ IsLocalUrl(returnUrl: "/\t\r\n\r\n/evil.com/?client_id=mvc.code&redirect_"···, expected: False)
✅ IsLocalUrl(returnUrl: "/\t\r\r/evil.com/?client_id=mvc.code&redirect_uri="···, expected: False)
✅ IsLocalUrl(returnUrl: "/connect/authorize/callback?client_id=mvc.code&red"···, expected: True)
View more details on GitHub Actions