Support server options configuration (#18)

.vscode/launch.json

@@ -0,0 +1,36 @@
+{
+   // Use IntelliSense to find out which attributes exist for C# debugging
+   // Use hover for the description of the existing attributes
+   // For further information visit https://github.com/OmniSharp/omnisharp-vscode/blob/master/debugger-launchjson.md
+   "version": "0.2.0",
+   "configurations": [
+        {
+            "name": ".NET Core Launch (web)",
+            "type": "coreclr",
+            "request": "launch",
+            "preLaunchTask": "build",
+            // If you have changed target frameworks, make sure to update the program path.
+            "program": "${workspaceFolder}/src/bin/Debug/netcoreapp3.1/OpenIdConnectServerMock.dll",
+            "args": [],
+            "cwd": "${workspaceFolder}/src",
+            "stopAtEntry": false,
+            // Enable launching a web browser when ASP.NET Core starts. For more information: https://aka.ms/VSCode-CS-LaunchJson-WebBrowser
+            "serverReadyAction": {
+                "action": "openExternally",
+                "pattern": "^\\s*Now listening on:\\s+(https?://\\S+)"
+            },
+            "env": {
+                "ASPNETCORE_ENVIRONMENT": "Development"
+            },
+            "sourceFileMap": {
+                "/Views": "${workspaceFolder}/Views"
+            }
+        },
+        {
+            "name": ".NET Core Attach",
+            "type": "coreclr",
+            "request": "attach",
+            "processId": "${command:pickProcess}"
+        }
+    ]
+}

.vscode/tasks.json

@@ -0,0 +1,42 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "build",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "build",
+                "${workspaceFolder}/src/OpenIdConnectServerMock.csproj",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary"
+            ],
+            "problemMatcher": "$msCompile"
+        },
+        {
+            "label": "publish",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "publish",
+                "${workspaceFolder}/src/OpenIdConnectServerMock.csproj",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary"
+            ],
+            "problemMatcher": "$msCompile"
+        },
+        {
+            "label": "watch",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "watch",
+                "run",
+                "${workspaceFolder}/src/OpenIdConnectServerMock.csproj",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary"
+            ],
+            "problemMatcher": "$msCompile"
+        }
+    ]
+}

README.md

@@ -16,6 +16,13 @@ This is the sample of using the server in `docker-compose` configuration:
         - "4011:80"
       environment:
         ASPNETCORE_ENVIRONMENT: Development
+        SERVER_OPTIONS_INLINE: |
+          {
+            "AccessTokenJwtType": "JWT",
+            "Discovery": {
+              "ShowKeySet": true
+            }
+          }
         API_SCOPES_INLINE: |
           [
             "some-app-scope-1",
@@ -94,5 +101,21 @@ When `clients-config.json` is as following:
 
 Clients configuration should be provided. Test user configuration is optional (used for implicit flow only).
 
-There are two ways to provide configuration for supported scopes, clients and users. You can either provide it inline as environment variable (`USERS_CONFIGURATION_INLINE` / `CLIENTS_CONFIGURATION_INLINE` / `API_RESOURCES_INLINE`) or mount volume and provide the path to configuration json as environment variable (`USERS_CONFIGURATION_PATH` / `CLIENTS_CONFIGURATION_PATH` / `API_RESOURCES_PATH`).
+There are two ways to provide configuration for supported scopes, clients and users. You can either provide it inline as environment variable:
+
+  * `SERVER_OPTIONS_INLINE`
+  * `API_SCOPES_INLINE`
+  * `USERS_CONFIGURATION_INLINE`
+  * `CLIENTS_CONFIGURATION_INLINE`
+  * `API_RESOURCES_INLINE`
+  * `IDENTITY_RESOURCES_INLINE`
+
+   or mount volume and provide the path to configuration json as environment variable:
+
+  * `SERVER_OPTIONS_PATH`
+  * `API_SCOPES_PATH`
+  * `USERS_CONFIGURATION_PATH`
+  * `CLIENTS_CONFIGURATION_PATH`
+  * `API_RESOURCES_PATH`
+  * `IDENTITY_RESOURCES_PATH`
 

e2e/kubernetes/oidc-server-mock.yaml

@@ -16,6 +16,14 @@ spec:
         image: soluto/oidc-server-mock
         imagePullPolicy: Never
         env:
+          - name: SERVER_OPTIONS_INLINE
+            value: |
+              {
+                "AccessTokenJwtType": "JWT",
+                "Discovery": {
+                  "ShowKeySet": true
+                }
+              }
           - name: API_SCOPES_INLINE
             value: |
               [

e2e/package.json

@@ -8,14 +8,14 @@
   "dependencies": {
     "axios": "0.19.2",
     "chai": "4.2.0",
-    "jsonwebtoken": "^8.5.1",
+    "jws": "^4.0.0",
     "querystring": "0.2.0",
     "wait-on": "4.0.2"
   },
   "devDependencies": {
     "@types/axios": "^0.14.0",
     "@types/chai": "4.2.11",
-    "@types/jsonwebtoken": "^8.3.9",
+    "@types/jws": "^3.2.2",
     "@types/mocha": "7.0.2",
     "@types/node": "^12.12.37",
     "@types/wait-on": "^4.0.0",

e2e/tests/test.spec.ts

@@ -1,7 +1,7 @@
 import axios from "axios";
 import { expect } from "chai";
 import * as querystring from "querystring";
-import * as jwt from "jsonwebtoken";
+import { decode } from "jws";
 
 describe("Test", () => {
     it("should work", async () => {
@@ -19,9 +19,14 @@ describe("Test", () => {
         expect(response).to.exist;
         // tslint:disable-next-line:no-unused-expression
         expect(response.data.access_token).to.exist;
-        const token = jwt.decode(response.data.access_token);
-        expect(token['scope']).to.deep.equal([ 'user-service-scope' ])
-        expect(token['string_claim']).to.equal('string_claim_value');
-        expect(token['json_claim']).to.deep.equal(['value1', 'value2']);
+        const token = decode(response.data.access_token);
+
+        expect(token.header.typ).to.equal('JWT');
+        expect(token.payload['iss']).to.equal('http://oidc-server-mock');
+        expect(token.payload['aud']).to.equal('user-service');
+        expect(token.payload['scope']).to.deep.equal([ 'user-service-scope' ])
+        expect(token.payload['client_id']).to.equal('e2e-client-id');
+        expect(token.payload['string_claim']).to.equal('string_claim_value');
+        expect(token.payload['json_claim']).to.deep.equal(['value1', 'value2']);
     });
 });

e2e/yarn.lock

@@ -70,10 +70,10 @@
   resolved "https://registry.yarnpkg.com/@types/chai/-/chai-4.2.11.tgz#d3614d6c5f500142358e6ed24e1bf16657536c50"
   integrity sha512-t7uW6eFafjO+qJ3BIV2gGUyZs27egcNRkUdalkud+Qa3+kg//f129iuOFivHDXQ+vnU3fDXuwgv0cqMCbcE8sw==
 
-"@types/jsonwebtoken@^8.3.9":
-  version "8.3.9"
-  resolved "https://registry.yarnpkg.com/@types/jsonwebtoken/-/jsonwebtoken-8.3.9.tgz#48da9a49997e4eb046733e6878f583d7448f0594"
-  integrity sha512-00rI8GbOKuRtoYxltFSRTVUXCRLbuYwln2/nUMPtFU9JGS7if+nnmLjeoFGmqsNCmblPLAaeQ/zMLVsHr6T5bg==
+"@types/jws@^3.2.2":
+  version "3.2.2"
+  resolved "https://registry.yarnpkg.com/@types/jws/-/jws-3.2.2.tgz#f659fbede6ffd5532fe892fd4448e13a5e96c01e"
+  integrity sha512-S0ohSSX8ioT65zu8KbG99xKyFV3InIjbM3c8roYqWy4+5HpYPyUHLYykfhM6MEI5B/3s7KSZPGFyCzCrZ2TOZA==
   dependencies:
     "@types/node" "*"
 
@@ -743,22 +743,6 @@ json-stringify-safe@~5.0.1:
   resolved "https://registry.yarnpkg.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"
   integrity sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=
 
-jsonwebtoken@^8.5.1:
-  version "8.5.1"
-  resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz#00e71e0b8df54c2121a1f26137df2280673bcc0d"
-  integrity sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==
-  dependencies:
-    jws "^3.2.2"
-    lodash.includes "^4.3.0"
-    lodash.isboolean "^3.0.3"
-    lodash.isinteger "^4.0.4"
-    lodash.isnumber "^3.0.3"
-    lodash.isplainobject "^4.0.6"
-    lodash.isstring "^4.0.1"
-    lodash.once "^4.0.0"
-    ms "^2.1.1"
-    semver "^5.6.0"
-
 jsprim@^1.2.2:
   version "1.4.1"
   resolved "https://registry.yarnpkg.com/jsprim/-/jsprim-1.4.1.tgz#313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"
@@ -769,21 +753,21 @@ jsprim@^1.2.2:
     json-schema "0.2.3"
     verror "1.10.0"
 
-jwa@^1.4.1:
-  version "1.4.1"
-  resolved "https://registry.yarnpkg.com/jwa/-/jwa-1.4.1.tgz#743c32985cb9e98655530d53641b66c8645b039a"
-  integrity sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==
+jwa@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/jwa/-/jwa-2.0.0.tgz#a7e9c3f29dae94027ebcaf49975c9345593410fc"
+  integrity sha512-jrZ2Qx916EA+fq9cEAeCROWPTfCwi1IVHqT2tapuqLEVVDKFDENFw1oL+MwrTvH6msKxsd1YTDVw6uKEcsrLEA==
   dependencies:
     buffer-equal-constant-time "1.0.1"
     ecdsa-sig-formatter "1.0.11"
     safe-buffer "^5.0.1"
 
-jws@^3.2.2:
-  version "3.2.2"
-  resolved "https://registry.yarnpkg.com/jws/-/jws-3.2.2.tgz#001099f3639468c9414000e99995fa52fb478304"
-  integrity sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==
+jws@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/jws/-/jws-4.0.0.tgz#2d4e8cf6a318ffaa12615e9dec7e86e6c97310f4"
+  integrity sha512-KDncfTmOZoOMTFG4mBlG0qUIOlc03fmzH+ru6RgYVZhPkyiy/92Owlt/8UEN+a4TXR1FQetfIpJE8ApdvdVxTg==
   dependencies:
-    jwa "^1.4.1"
+    jwa "^2.0.0"
     safe-buffer "^5.0.1"
 
 locate-path@^3.0.0:
@@ -794,41 +778,6 @@ locate-path@^3.0.0:
     p-locate "^3.0.0"
     path-exists "^3.0.0"
 
-lodash.includes@^4.3.0:
-  version "4.3.0"
-  resolved "https://registry.yarnpkg.com/lodash.includes/-/lodash.includes-4.3.0.tgz#60bb98a87cb923c68ca1e51325483314849f553f"
-  integrity sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8=
-
-lodash.isboolean@^3.0.3:
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz#6c2e171db2a257cd96802fd43b01b20d5f5870f6"
-  integrity sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY=
-
-lodash.isinteger@^4.0.4:
-  version "4.0.4"
-  resolved "https://registry.yarnpkg.com/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz#619c0af3d03f8b04c31f5882840b77b11cd68343"
-  integrity sha1-YZwK89A/iwTDH1iChAt3sRzWg0M=
-
-lodash.isnumber@^3.0.3:
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz#3ce76810c5928d03352301ac287317f11c0b1ffc"
-  integrity sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w=
-
-lodash.isplainobject@^4.0.6:
-  version "4.0.6"
-  resolved "https://registry.yarnpkg.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz#7c526a52d89b45c45cc690b88163be0497f550cb"
-  integrity sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=
-
-lodash.isstring@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/lodash.isstring/-/lodash.isstring-4.0.1.tgz#d527dfb5456eca7cc9bb95d5daeaf88ba54a5451"
-  integrity sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=
-
-lodash.once@^4.0.0:
-  version "4.1.1"
-  resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac"
-  integrity sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=
-
 lodash@^4.17.15:
   version "4.17.15"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548"
@@ -1134,11 +1083,6 @@ semver@^5.3.0, semver@^5.7.0:
   resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.0.tgz#790a7cf6fea5459bac96110b29b60412dc8ff96b"
   integrity sha512-Ya52jSX2u7QKghxeoFGpLwCtGlt7j0oY9DYb5apt9nPlJ42ID+ulTXESnt/qAQcoSERyZ5sl3LDIOw0nAn/5DA==
 
-semver@^5.6.0:
-  version "5.7.1"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7"
-  integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==
-
 set-blocking@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7"

src/Config.cs

@@ -2,16 +2,31 @@
 using System.IO;
 using System.Linq;
 using System.Collections.Generic;
-using IdentityServer4;
+using IdentityServer4.Configuration;
 using IdentityServer4.Models;
 using IdentityServer4.Test;
 using Newtonsoft.Json;
 using OpenIdConnectServer.Utils;
 
 namespace OpenIdConnectServer
 {
-    public static class Config
+  public static class Config
     {
+        public static IdentityServerOptions GetServerOptions()
+        {
+            string serverOptionsStr = Environment.GetEnvironmentVariable("SERVER_OPTIONS_INLINE");
+            if (string.IsNullOrWhiteSpace(serverOptionsStr))
+            {
+                var serverOptionsFilePath = Environment.GetEnvironmentVariable("SERVER_OPTIONS_PATH");
+                if (string.IsNullOrWhiteSpace(serverOptionsFilePath))
+                {
+                    return new IdentityServerOptions();
+                }
+                serverOptionsStr = File.ReadAllText(serverOptionsFilePath);
+            }
+            var serverOptions = JsonConvert.DeserializeObject<IdentityServerOptions>(serverOptionsStr);
+            return serverOptions;
+        }
         public static IEnumerable<ApiScope> GetApiScopes()
         {
             string apiScopesStr = Environment.GetEnvironmentVariable("API_SCOPES_INLINE");

src/Helpers/MergeHelper.cs

@@ -0,0 +1,24 @@
+using System;
+using System.Linq;
+
+namespace OpenIdConnectServer.Helpers
+{
+    public static class MergeHelper
+    {
+        public static void Merge<T>(T source, T target)
+        {
+            Type t = typeof(T);
+
+            var properties = t.GetProperties().Where(prop => prop.CanRead && prop.CanWrite);
+
+            foreach (var prop in properties)
+            {
+                var value = prop.GetValue(source, null);
+                if (value != null)
+                {
+                    prop.SetValue(target, value, null);
+                }
+            }
+        }
+    }
+}

src/Startup.cs

@@ -1,15 +1,12 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
+using OpenIdConnectServer.Helpers;
 
 namespace OpenIdConnectServer
 {
-    public class Startup
+  public class Startup
     {
         // This method gets called by the runtime. Use this method to add services to the container.
         // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
@@ -19,7 +16,8 @@ public void ConfigureServices(IServiceCollection services)
 
             services.AddIdentityServer(options =>
                     {
-                        options.Discovery.ShowKeySet = true;
+                        var configuredOptions = Config.GetServerOptions();
+                        MergeHelper.Merge(configuredOptions, options);
                     })
                     .AddDeveloperSigningCredential()
                     .AddInMemoryIdentityResources(Config.GetIdentityResources())