Merge branch 'master' into feature/add-jsonwebkey-converter

scottbrady91 · Mar 30, 2024 · 753c2d3 · 753c2d3
2 parents aa7e987 + 7c36b09
commit 753c2d3
Show file tree

Hide file tree

Showing 70 changed files with 959 additions and 5,357 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -2,7 +2,7 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [master]
+    branches: [ master, v3 ]
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [master]
@@ -25,25 +25,25 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
         fetch-depth: 2
 
     - name: Setup .NET 6.0
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: '6.0.x'
 
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
+    - name: Setup .NET 8.0
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: '8.0.x'
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/dotnetcore.yml b/.github/workflows/dotnetcore.yml
@@ -2,7 +2,7 @@ name: .NET Core
 
 on:
   push:
-    branches: [ master, v2 ]
+    branches: [ master, v2, v3 ]
   pull_request:
     branches: [ master ]
 
@@ -15,11 +15,15 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Setup .NET 6.0
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: '6.0.x'
+        dotnet-version: '8.0.x'
+    - name: Setup .NET 8.0
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: '8.0.x'
     - name: Fix Windows VM bug
       shell: bash
       if: matrix.os == 'windows-latest'
@@ -36,7 +40,7 @@ jobs:
       run: dotnet pack -c Release
     - name: Publish artifact
       if: matrix.os == 'ubuntu-latest'
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
         name: nupkg
         path: '**/*.nupkg'
diff --git a/README.md b/README.md
@@ -5,17 +5,18 @@
 Helper libraries for tokens and cryptography in .NET.
 
 - EdDSA support for JWTs (Ed25519 and Ed448)
-- Branca tokens with JWT style validation
-- PASETO (v1.public & v2.public) with JWT style validation
 - Base16 (hex) and Base62 encoders
 - `passwordrule` attribute support for ASP.NET Identity
 - [Samples](https://github.com/scottbrady91/IdentityModel/tree/master/samples/ScottBrady.IdentityModel.Samples.AspNetCore) in ASP.NET Core
+- ~~Branca tokens with JWT style validation~~ (deprecated due to low usage of Branca)
+- ~~PASETO (v1.public & v2.public) with JWT style validation~~ (deprecated due to low usage of PASETO)
 
 **Feature requests welcome. Please see SECURITY.md for responsible disclosure policy.**
 
 ## EdDSA support
 
-EdDSA is a modern signing algorithm, not yet supported out of the box in .NET. This library provides some useful abstractions around the Bouncy Castle (software) implementation of EdDSA.
+EdDSA is a modern signing algorithm that is not yet supported out of the box in .NET.
+This library provides some useful abstractions around the Bouncy Castle (software) implementation of EdDSA.
 
 ```csharp
 // create EdDSA new key pair
@@ -29,9 +30,30 @@ EdDsa.Create(new EdDsaParameters(ExtendedSecurityAlgorithms.Curves.Ed25519)
 new EdDsaSecurityKey(EdDsa.Create(ExtendedSecurityAlgorithms.Curves.Ed25519))
 ```
 
-## Branca Tokens
+## Base16 (hex) Encoding
+
+Base16 allows you to encode and decode hexadecimal strings.
+
+```csharp
+var plaintext = "hello world"; // encoded = 68656c6c6f20776f726c64
+string encoded = Base16.Encode(Encoding.UTF8.GetBytes(plaintext));
+```
 
-[Branca](https://branca.io/) is token construct suitable for internal systems. The payload is encrypted using XChaCha20-Poly1305, using a 32-byte symmetric key.
+## Base62 Encoding
+
+Base62 encoding uses the `0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz` character set.
+
+```csharp
+var plaintext = "hello world"; // encoded = AAwf93rvy4aWQVw
+string encoded = Base62.Encode(Encoding.UTF8.GetBytes(plaintext));
+```
+
+## JWT alternatives (deprecated)
+
+### Branca Tokens
+
+[Branca](https://branca.io/) is a token construct suitable for internal systems.
+The payload is encrypted using XChaCha20-Poly1305, using a 32-byte symmetric key.
 
 This library supports the creation of Branca tokens with an arbitrary payload or using a JWT-style payload.
 
@@ -64,11 +86,17 @@ ClaimsPrincipal principal = handler.ValidateToken(
     }, out SecurityToken parsedToken);
 ```
 
-## PASETO
+> [!IMPORTANT]
+> Branca support is now deprecated and only supports Microsoft.IdentityModel 6.35.0.
+> This is due to the low usage of this library and the Branca project as a whole.
+
+### PASETO
 
-[PASETO](https://paseto.io/) is a competing standard to JOSE & JWT that offers a versioned ciphersuite. This library currently implements `v1` and `v2` for the `public` purpose, suitable for zero-trust systems such as an OAuth authorization server.
+[PASETO](https://paseto.io/) is a competing standard to JOSE & JWT that offers a versioned ciphersuite.
+This library currently implements `v1` and `v2` for the `public` purpose, suitable for zero-trust systems such as an OAuth authorization server.
 
-Explicit versioning allows PASETO to side-step [attacks on signature validation](https://www.rfc-editor.org/rfc/rfc8725.html#name-weak-signatures-and-insuffi) found in some JWT libraries. However, it does not mitigate any other attacks. 
+Explicit versioning allows PASETO to side-step [attacks on signature validation](https://www.rfc-editor.org/rfc/rfc8725.html#name-weak-signatures-and-insuffi) found in some JWT libraries.
+However, it does not mitigate any other attacks.
 
 If you are considering using PASETO, I recommend reading [RFC 8725 - JWT Best Current Practices](https://www.rfc-editor.org/rfc/rfc8725.html) and deciding if the interoperable JWT format is still wrong for you.
 
@@ -107,7 +135,11 @@ ClaimsPrincipal principal = handler.ValidateToken(
     }, out SecurityToken parsedToken);
 ```
 
-## API Protection with JWT Style Handler
+> [!IMPORTANT]
+> PASETO support is now deprecated and only supports Microsoft.IdentityModel 6.35.0.
+> This is due to the low usage of this library and the PASETO project as a whole.
+
+### API Protection with JWT Style Handler
 
 The Branca and PASETO token handlers can be used with the ASP.NET Core JWT bearer authentication handler.
 
@@ -122,21 +154,3 @@ services.AddAuthentication()
         options.TokenValidationParameters.ValidAudience = "me";
     })
 ```
-
-## Base16 (hex) Encoding
-
-Base16 allows you to encode and decode hexidecimal strings..
-
-```csharp
-var plaintext = "hello world"; // encoded = 68656c6c6f20776f726c64
-string encoded = Base16.Encode(Encoding.UTF8.GetBytes(plaintext));
-```
-
-## Base62 Encoding
-
-Base62 encoding uses the `0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz` character set.
-
-```csharp
-var plaintext = "hello world"; // encoded = AAwf93rvy4aWQVw
-string encoded = Base62.Encode(Encoding.UTF8.GetBytes(plaintext));
-```
diff --git a/ScottBrady.IdentityModel.sln b/ScottBrady.IdentityModel.sln
@@ -17,10 +17,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ScottBrady.IdentityModel.Sa
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ScottBrady.IdentityModel.AspNetCore", "src\ScottBrady.IdentityModel.AspNetCore\ScottBrady.IdentityModel.AspNetCore.csproj", "{E2F2D4E3-A732-43FE-B082-9FD5ACBEA89B}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ScottBrady.IdentityModel.Tokens.Branca", "src\ScottBrady.IdentityModel.Tokens.Branca\ScottBrady.IdentityModel.Tokens.Branca.csproj", "{E27F8536-728B-4855-A8D5-921297CBD58C}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ScottBrady.IdentityModel.Tokens.Paseto", "src\ScottBrady.IdentityModel.Tokens.Paseto\ScottBrady.IdentityModel.Tokens.Paseto.csproj", "{EA07CA1B-4571-4FD1-9BCE-272A68FB48A6}"
-EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -43,14 +39,6 @@ Global
 		{E2F2D4E3-A732-43FE-B082-9FD5ACBEA89B}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{E2F2D4E3-A732-43FE-B082-9FD5ACBEA89B}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{E2F2D4E3-A732-43FE-B082-9FD5ACBEA89B}.Release|Any CPU.Build.0 = Release|Any CPU
-		{E27F8536-728B-4855-A8D5-921297CBD58C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{E27F8536-728B-4855-A8D5-921297CBD58C}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{E27F8536-728B-4855-A8D5-921297CBD58C}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{E27F8536-728B-4855-A8D5-921297CBD58C}.Release|Any CPU.Build.0 = Release|Any CPU
-		{EA07CA1B-4571-4FD1-9BCE-272A68FB48A6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{EA07CA1B-4571-4FD1-9BCE-272A68FB48A6}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{EA07CA1B-4571-4FD1-9BCE-272A68FB48A6}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{EA07CA1B-4571-4FD1-9BCE-272A68FB48A6}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -60,8 +48,6 @@ Global
 		{B57DDA53-D240-46ED-8275-F19600491681} = {FA25402D-0A81-48F1-9E83-7CA4801E59F9}
 		{B7F49824-C721-4BD1-9BAF-6E442AEAB14D} = {0787B459-DE3E-4296-965C-5C891AE23840}
 		{E2F2D4E3-A732-43FE-B082-9FD5ACBEA89B} = {2CE8E91B-6B6A-4C1F-B6FE-80A1F1199A7A}
-		{E27F8536-728B-4855-A8D5-921297CBD58C} = {2CE8E91B-6B6A-4C1F-B6FE-80A1F1199A7A}
-		{EA07CA1B-4571-4FD1-9BCE-272A68FB48A6} = {2CE8E91B-6B6A-4C1F-B6FE-80A1F1199A7A}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {7ACFEAF2-1A47-419B-989B-75A0A686D710}