RockSolidKnowledge · SeanFarrow-RSK · Feb 20, 2025 · Feb 20, 2025 · Feb 20, 2025 · Feb 20, 2025
diff --git a/.gitignore b/.gitignore
@@ -197,7 +197,6 @@ ClientBin/
 *.dbmdl
 *.dbproj.schemaview
 *.jfm
-*.pfx
 *.publishsettings
 orleans.codegen.cs
 

diff --git a/DuendeIdentityServer/DuendeDynamicProviders/DuendeDynamicProviders.csproj b/DuendeIdentityServer/DuendeDynamicProviders/DuendeDynamicProviders.csproj
@@ -7,8 +7,8 @@
     <Compile Include="..\..\LicenseKey.cs" Link="LicenseKey.cs" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Duende.IdentityServer" Version="7.0.0" />
-    <PackageReference Include="Rsk.Saml" Version="9.0.0" />
+    <PackageReference Include="Duende.IdentityServer" Version="7.1.0" />
+    <PackageReference Include="Rsk.Saml" Version="10.0.0" />
     <PackageReference Include="Rsk.Saml.DuendeIdentityServer" Version="9.0.0" />
     <PackageReference Include="Serilog.AspNetCore" Version="8.0.1" />
   </ItemGroup>

diff --git a/DuendeIdentityServer/DuendeDynamicProviders/Pages/Account/Logout/Index.cshtml.cs b/DuendeIdentityServer/DuendeDynamicProviders/Pages/Account/Logout/Index.cshtml.cs
@@ -1,7 +1,7 @@
+using Duende.IdentityModel;
 using Duende.IdentityServer.Events;
 using Duende.IdentityServer.Extensions;
 using Duende.IdentityServer.Services;
-using IdentityModel;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

diff --git a/DuendeIdentityServer/DuendeDynamicProviders/Pages/Consent/Index.cshtml.cs b/DuendeIdentityServer/DuendeDynamicProviders/Pages/Consent/Index.cshtml.cs
@@ -1,9 +1,9 @@
+using Duende.IdentityModel;
 using Duende.IdentityServer.Events;
 using Duende.IdentityServer.Extensions;
 using Duende.IdentityServer.Models;
 using Duende.IdentityServer.Services;
 using Duende.IdentityServer.Validation;
-using IdentityModel;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;

diff --git a/DuendeIdentityServer/DuendeDynamicProviders/Pages/Diagnostics/ViewModel.cs b/DuendeIdentityServer/DuendeDynamicProviders/Pages/Diagnostics/ViewModel.cs
@@ -1,11 +1,9 @@
 // Copyright (c) Duende Software. All rights reserved.
 // See LICENSE in the project root for license information.
-
-
-using IdentityModel;
 using Microsoft.AspNetCore.Authentication;
 using System.Text;
 using System.Text.Json;
+using Duende.IdentityModel;
 
 namespace DuendeDynamicProviders.Pages.Diagnostics;
 

diff --git a/DuendeIdentityServer/DuendeDynamicProviders/Pages/ExternalLogin/Callback.cshtml.cs b/DuendeIdentityServer/DuendeDynamicProviders/Pages/ExternalLogin/Callback.cshtml.cs
@@ -1,9 +1,9 @@
 using System.Security.Claims;
+using Duende.IdentityModel;
 using Duende.IdentityServer;
 using Duende.IdentityServer.Events;
 using Duende.IdentityServer.Services;
 using Duende.IdentityServer.Test;
-using IdentityModel;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

diff --git a/DuendeIdentityServer/DuendeDynamicProviders/Pages/TestUsers.cs b/DuendeIdentityServer/DuendeDynamicProviders/Pages/TestUsers.cs
@@ -1,10 +1,9 @@
 // Copyright (c) Duende Software. All rights reserved.
 // See LICENSE in the project root for license information.
 
-
-using IdentityModel;
 using System.Security.Claims;
 using System.Text.Json;
+using Duende.IdentityModel;
 using Duende.IdentityServer;
 using Duende.IdentityServer.Test;
 

diff --git a/DuendeIdentityServer/DuendeIdP/DuendeIdP.csproj b/DuendeIdentityServer/DuendeIdP/DuendeIdP.csproj
@@ -10,9 +10,9 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Duende.IdentityServer" Version="7.0.0" />
-    <PackageReference Include="Rsk.Saml" Version="9.0.0" />
-    <PackageReference Include="Rsk.Saml.DuendeIdentityServer" Version="9.0.0" />
+    <PackageReference Include="Duende.IdentityServer" Version="7.1.0" />
+    <PackageReference Include="Rsk.Saml" Version="10.0.0" />
+    <PackageReference Include="Rsk.Saml.DuendeIdentityServer" Version="10.0.0" />
 
     <PackageReference Include="Serilog.AspNetCore" Version="8.0.1" />
   </ItemGroup>

diff --git a/DuendeIdentityServer/DuendeIdP/Pages/Account/Logout/Index.cshtml.cs b/DuendeIdentityServer/DuendeIdP/Pages/Account/Logout/Index.cshtml.cs
@@ -1,7 +1,7 @@
+using Duende.IdentityModel;
 using Duende.IdentityServer.Events;
 using Duende.IdentityServer.Extensions;
 using Duende.IdentityServer.Services;
-using IdentityModel;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

diff --git a/DuendeIdentityServer/DuendeIdP/Pages/Consent/Index.cshtml.cs b/DuendeIdentityServer/DuendeIdP/Pages/Consent/Index.cshtml.cs
@@ -1,9 +1,9 @@
+using Duende.IdentityModel;
 using Duende.IdentityServer.Events;
 using Duende.IdentityServer.Extensions;
 using Duende.IdentityServer.Models;
 using Duende.IdentityServer.Services;
 using Duende.IdentityServer.Validation;
-using IdentityModel;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;

diff --git a/DuendeIdentityServer/DuendeIdP/Pages/Diagnostics/ViewModel.cs b/DuendeIdentityServer/DuendeIdP/Pages/Diagnostics/ViewModel.cs
@@ -2,10 +2,10 @@
 // See LICENSE in the project root for license information.
 
 
-using IdentityModel;
 using Microsoft.AspNetCore.Authentication;
 using System.Text;
 using System.Text.Json;
+using Duende.IdentityModel;
 
 namespace DuendeIdP.Pages.Diagnostics;
 

diff --git a/DuendeIdentityServer/DuendeIdP/Pages/ExternalLogin/Callback.cshtml.cs b/DuendeIdentityServer/DuendeIdP/Pages/ExternalLogin/Callback.cshtml.cs
@@ -1,9 +1,9 @@
 using System.Security.Claims;
+using Duende.IdentityModel;
 using Duende.IdentityServer;
 using Duende.IdentityServer.Events;
 using Duende.IdentityServer.Services;
 using Duende.IdentityServer.Test;
-using IdentityModel;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

diff --git a/DuendeIdentityServer/DuendeIdP/Pages/TestUsers.cs b/DuendeIdentityServer/DuendeIdP/Pages/TestUsers.cs
@@ -2,9 +2,9 @@
 // See LICENSE in the project root for license information.
 
 
-using IdentityModel;
 using System.Security.Claims;
 using System.Text.Json;
+using Duende.IdentityModel;
 using Duende.IdentityServer;
 using Duende.IdentityServer.Test;
 

diff --git a/DuendeIdentityServer/SLO/SamlOidcSLO/IdentityServer/Config.cs b/DuendeIdentityServer/SLO/SamlOidcSLO/IdentityServer/Config.cs
@@ -1,7 +1,7 @@
 using System.Security.Cryptography.X509Certificates;
+using Duende.IdentityModel;
 using Duende.IdentityServer;
 using Duende.IdentityServer.Models;
-using IdentityModel;
 using Rsk.Saml;
 using Rsk.Saml.Models;
 using ServiceProvider = Rsk.Saml.Models.ServiceProvider;

diff --git a/DuendeIdentityServer/SLO/SamlOidcSLO/IdentityServer/IdentityServer.csproj b/DuendeIdentityServer/SLO/SamlOidcSLO/IdentityServer/IdentityServer.csproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="AspNetCore.ReCaptcha" Version="1.8.1" />
-    <PackageReference Include="Duende.IdentityServer.EntityFramework" Version="7.0.0" />
+    <PackageReference Include="Duende.IdentityServer.EntityFramework" Version="7.1.0" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.WsFederation" Version="8.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="8.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="8.0.1" />
@@ -15,8 +15,8 @@
     <PackageReference Include="Microsoft.Extensions.Caching.StackExchangeRedis" Version="8.0.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Oracle.ManagedDataAccess.Core" Version="3.21.130" />
-    <PackageReference Include="Rsk.Saml.DuendeIdentityServer" Version="9.0.0" />
-    <PackageReference Include="Rsk.Saml.DuendeIdentityServer.EntityFramework" Version="9.0.0" />
+    <PackageReference Include="Rsk.Saml.DuendeIdentityServer" Version="10.0.0" />
+    <PackageReference Include="Rsk.Saml.DuendeIdentityServer.EntityFramework" Version="10.0.0" />
     <PackageReference Include="Serilog.AspNetCore" Version="8.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="8.0.1" />
     <PackageReference Include="Serilog.Settings.Configuration" Version="8.0.0" />

diff --git a/DuendeIdentityServer/SLO/SamlOidcSLO/IdentityServer/Pages/Account/Logout/Index.cshtml.cs b/DuendeIdentityServer/SLO/SamlOidcSLO/IdentityServer/Pages/Account/Logout/Index.cshtml.cs
@@ -1,8 +1,8 @@
 using System.Threading.Tasks;
+using Duende.IdentityModel;
 using Duende.IdentityServer.Events;
 using Duende.IdentityServer.Extensions;
 using Duende.IdentityServer.Services;
-using IdentityModel;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

diff --git a/DuendeIdentityServer/SLO/SamlOidcSLO/IdentityServer/Pages/Consent/Index.cshtml.cs b/DuendeIdentityServer/SLO/SamlOidcSLO/IdentityServer/Pages/Consent/Index.cshtml.cs
@@ -2,12 +2,12 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Duende.IdentityModel;
 using Duende.IdentityServer.Events;
 using Duende.IdentityServer.Extensions;
 using Duende.IdentityServer.Models;
 using Duende.IdentityServer.Services;
 using Duende.IdentityServer.Validation;
-using IdentityModel;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;

diff --git a/DuendeIdentityServer/SLO/SamlOidcSLO/IdentityServer/Pages/TestUsers.cs b/DuendeIdentityServer/SLO/SamlOidcSLO/IdentityServer/Pages/TestUsers.cs
@@ -2,10 +2,10 @@
 // See LICENSE in the project root for license information.
 
 
-using IdentityModel;
 using System.Collections.Generic;
 using System.Security.Claims;
 using System.Text.Json;
+using Duende.IdentityModel;
 using Duende.IdentityServer;
 using Duende.IdentityServer.Test;
 

diff --git a/DuendeIdentityServer/SLO/SamlOidcSLO/WebClient.OIDC/WebClient.OIDC.csproj b/DuendeIdentityServer/SLO/SamlOidcSLO/WebClient.OIDC/WebClient.OIDC.csproj
@@ -10,7 +10,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.1" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.3.0" />
-    <PackageReference Include="Rsk.Saml" Version="9.0.0" />
+    <PackageReference Include="Rsk.Saml" Version="10.0.0" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/DuendeIdentityServer/SLO/SamlOidcSLO/WebClient.SAML.1/WebClient.SAML.1.csproj b/DuendeIdentityServer/SLO/SamlOidcSLO/WebClient.SAML.1/WebClient.SAML.1.csproj
@@ -9,7 +9,7 @@
     <Compile Include="..\..\..\..\LicenseKey.cs" Link="LicenseKey.cs" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Rsk.Saml" Version="9.0.0" />
+    <PackageReference Include="Rsk.Saml" Version="10.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.1" />
   </ItemGroup>
   <ItemGroup>

diff --git a/DuendeIdentityServer/SLO/SamlOidcSLO/WebClient.SAML.1/testclient.pfx b/DuendeIdentityServer/SLO/SamlOidcSLO/WebClient.SAML.1/testclient.pfx
diff --git a/DuendeIdentityServer/SLO/SamlOidcSLO/WebClient.SAML.2/WebClient.SAML.2.csproj b/DuendeIdentityServer/SLO/SamlOidcSLO/WebClient.SAML.2/WebClient.SAML.2.csproj
@@ -9,7 +9,7 @@
     <Compile Include="..\..\..\..\LicenseKey.cs" Link="LicenseKey.cs" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Rsk.Saml" Version="9.0.0" />
+    <PackageReference Include="Rsk.Saml" Version="10.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.1" />
   </ItemGroup>
   <ItemGroup>

diff --git a/DuendeIdentityServer/SLO/SamlOidcSLO/WebClient.SAML.2/testclient.pfx b/DuendeIdentityServer/SLO/SamlOidcSLO/WebClient.SAML.2/testclient.pfx
diff --git a/OpenIddict/OpenIddictIdP/Controllers/AuthorizationController.cs b/OpenIddict/OpenIddictIdP/Controllers/AuthorizationController.cs
@@ -62,13 +62,13 @@ public async Task<IActionResult> Authorize()
         //  - If prompt=login was specified by the client application.
         //  - If a max_age parameter was provided and the authentication cookie is not considered "fresh" enough.
         var result = await HttpContext.AuthenticateAsync(IdentityConstants.ApplicationScheme);
-        if (result == null || !result.Succeeded || request.HasPrompt(Prompts.Login) ||
+        if (result == null || !result.Succeeded || request.HasPromptValue(PromptValues.Login) ||
            request.MaxAge != null && result.Properties?.IssuedUtc != null &&
             DateTimeOffset.UtcNow - result.Properties.IssuedUtc > TimeSpan.FromSeconds(request.MaxAge.Value))
         {
             // If the client application requested promptless authentication,
             // return an error indicating that the user is not logged in.
-            if (request.HasPrompt(Prompts.None))
+            if (request.HasPromptValue(PromptValues.None))
             {
                 return Forbid(
                     authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
@@ -81,7 +81,7 @@ public async Task<IActionResult> Authorize()
 
             // To avoid endless login -> authorization redirects, the prompt=login flag
             // is removed from the authorization request payload before redirecting the user.
-            var prompt = string.Join(" ", request.GetPrompts().Remove(Prompts.Login));
+            var prompt = string.Join(" ", request.GetPromptValues().Remove(PromptValues.Login));
 
             var parameters = Request.HasFormContentType ?
                 Request.Form.Where(parameter => parameter.Key != Parameters.Prompt).ToList() :
@@ -142,7 +142,7 @@ public async Task<IActionResult> Authorize()
             // return an authorization response without displaying the consent form.
             case ConsentTypes.Implicit:
             case ConsentTypes.External when authorizations.Any():
-            case ConsentTypes.Explicit when authorizations.Any() && !request.HasPrompt(Prompts.Consent):
+            case ConsentTypes.Explicit when authorizations.Any() && !request.HasPromptValue(PromptValues.Consent):
                 // Create the claims-based identity that will be used by OpenIddict to generate tokens.
                 var identity = new ClaimsIdentity(
                         authenticationType: TokenValidationParameters.DefaultAuthenticationType,
@@ -178,8 +178,8 @@ public async Task<IActionResult> Authorize()
 
             // At this point, no authorization was found in the database and an error must be returned
             // if the client application specified prompt=none in the authorization request.
-            case ConsentTypes.Explicit when request.HasPrompt(Prompts.None):
-            case ConsentTypes.Systematic when request.HasPrompt(Prompts.None):
+            case ConsentTypes.Explicit when request.HasPromptValue(PromptValues.None):
+            case ConsentTypes.Systematic when request.HasPromptValue(PromptValues.None):
                 return Forbid(
                     authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                     properties: new AuthenticationProperties(new Dictionary<string, string>

diff --git a/OpenIddict/OpenIddictIdP/JwtClaimTypes.cs b/OpenIddict/OpenIddictIdP/JwtClaimTypes.cs
@@ -0,0 +1,9 @@
+namespace openiddictidp;
+
+public class JwtClaimTypes
+{
+    public const string Subject = "sub";
+    public const string Name = "name";
+    public const string  Role = "role";
+    public const string Email = "email";
+}
diff --git a/OpenIddict/OpenIddictIdP/OpenIddictIdP.csproj b/OpenIddict/OpenIddictIdP/OpenIddictIdP.csproj
@@ -7,22 +7,22 @@
     <Compile Include="..\..\LicenseKey.cs" Link="LicenseKey.cs" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Rsk.Saml.OpenIddict.AspNetCore.Identity" Version="9.0.0" />
+    <PackageReference Include="Rsk.Saml.OpenIddict.AspNetCore.Identity" Version="10.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="8.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="8.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="8.0.1" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.1" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="8.0.1" />
-    <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.1" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="OpenIddict.Quartz" Version="5.1.0" />
+    <PackageReference Include="OpenIddict.Quartz" Version="6.0.0" />
     <PackageReference Include="Quartz.Extensions.Hosting" Version="3.8.0" />
-    <PackageReference Include="Rsk.Saml.OpenIddict" Version="9.0.0" />
-    <PackageReference Include="Rsk.Saml.OpenIddict.EntityFrameworkCore" Version="9.0.0" />
-    <PackageReference Include="Rsk.Saml.OpenIddict.Quartz" Version="9.0.0" />
+    <PackageReference Include="Rsk.Saml.OpenIddict" Version="10.0.0" />
+    <PackageReference Include="Rsk.Saml.OpenIddict.EntityFrameworkCore" Version="10.0.0" />
+    <PackageReference Include="Rsk.Saml.OpenIddict.Quartz" Version="10.0.0" />
   </ItemGroup>
   <ItemGroup>
     <None Update="Resources\idsrv3test.cer">

diff --git a/OpenIddict/OpenIddictIdP/Startup.cs b/OpenIddict/OpenIddictIdP/Startup.cs
@@ -1,5 +1,4 @@
 using Rsk.Saml.OpenIddict.Quartz.Configuration.DependencyInjection;
-using IdentityModel;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Identity;
@@ -15,6 +14,7 @@
 using Rsk.Saml.OpenIddict.EntityFrameworkCore.Configuration.DependencyInjection;
 using Rsk.Saml.Samples;
 using static OpenIddict.Abstractions.OpenIddictConstants;
+using Microsoft.Extensions.Options;
 
 namespace openiddictidp;
 
@@ -92,9 +92,9 @@ public void ConfigureServices(IServiceCollection services)
 
                 // Enable the authorization, logout, token and userinfo endpoints.
                 options.SetAuthorizationEndpointUris("connect/authorize")
-                       .SetLogoutEndpointUris("connect/logout")
+                       .SetEndSessionEndpointUris("connect/logout")
                        .SetTokenEndpointUris("connect/token")
-                       .SetUserinfoEndpointUris("connect/userinfo");
+                       .SetUserInfoEndpointUris("connect/userinfo");
 
                 // Mark the "email", "profile" and "roles" scopes as supported scopes.
                 options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles);
@@ -110,9 +110,9 @@ public void ConfigureServices(IServiceCollection services)
                 // Register the ASP.NET Core host and configure the ASP.NET Core-specific options.
                 options.UseAspNetCore()
                     .EnableAuthorizationEndpointPassthrough()
-                       .EnableLogoutEndpointPassthrough()
+                       .EnableEndSessionEndpointPassthrough()
                        .EnableTokenEndpointPassthrough()
-                       .EnableUserinfoEndpointPassthrough()
+                       .EnableUserInfoEndpointPassthrough()
                        .EnableStatusCodePagesIntegration();
 
                 options.AddSamlPlugin(builder =>
@@ -122,18 +122,9 @@ public void ConfigureServices(IServiceCollection services)
 
                     //Already added the DbContext above
                     builder.UseSamlEntityFrameworkCore()
-                        .AddSamlMessageDbContext(optionsBuilder =>
-                        {
-                            //Configure the database provider to use.
-                            optionsBuilder.UseSqlServer(defaultConnectionString, x =>x.MigrationsAssembly(typeof(Startup).Assembly.FullName));
-                        })
-                        .AddSamlConfigurationDbContext(optionsBuilder =>
-                        {
-                            //Configure the database provider to use.
-                            optionsBuilder.UseSqlServer(defaultConnectionString,
-                                x => x.MigrationsAssembly(typeof(Startup).Assembly.FullName));
-                        });
-
+                        .AddSamlDbContexts(optionsBuilder => optionsBuilder.UseSqlServer(defaultConnectionString,
+                            x => x.MigrationsAssembly(typeof(Startup).Assembly.FullName)));
+
                     builder.ConfigureSamlOpenIddictServerOptions(serverOptions =>
                         {
                             serverOptions.HostOptions = new SamlHostUserInteractionOptions()
@@ -202,4 +193,4 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             endpoints.MapRazorPages();
         });
     }
-}
+}
diff --git a/OpenIddict/OpenIddictIdP/Worker.cs b/OpenIddict/OpenIddictIdP/Worker.cs
@@ -154,7 +154,7 @@ private Task CreateMvcClientIfNotExists(IServiceScope scope)
             ocd.Permissions.UnionWith(new[]
             {
                 Permissions.Endpoints.Authorization,
-                Permissions.Endpoints.Logout,
+                Permissions.Endpoints.EndSession,
                 Permissions.Endpoints.Token,
                 Permissions.GrantTypes.AuthorizationCode,
                 Permissions.ResponseTypes.Code,
-Original file line number
+Diff line change
@@ Expand Up / @@ -197,7 +197,6 @@ ClientBin/ @@
     *.dbmdl
     *.dbproj.schemaview
     *.jfm
-    *.pfx
     *.publishsettings
     orleans.codegen.cs
@@ Expand Down @@