Remove the members obsoleted in OpenIddict 7.x

src/OpenIddict.Abstractions/Primitives/OpenIddictMessage.cs

@@ -177,37 +177,6 @@ public OpenIddictMessage(IEnumerable<KeyValuePair<string, ImmutableArray<string?
         }
     }
 
-    /// <summary>
-    /// Initializes a new OpenIddict message.
-    /// </summary>
-    /// <param name="parameters">The message parameters.</param>
-    /// <remarks>Parameters with a null or empty key are always ignored.</remarks>
-    [Obsolete("This constructor is obsolete and will be removed in a future version.")]
-    public OpenIddictMessage(IEnumerable<KeyValuePair<string, ImmutableArray<string?>?>> parameters)
-    {
-        ArgumentNullException.ThrowIfNull(parameters);
-
-        foreach (var parameter in parameters)
-        {
-            // Ignore parameters whose name is null or empty.
-            if (string.IsNullOrEmpty(parameter.Key))
-            {
-                continue;
-            }
-
-            // Note: the core OAuth 2.0 specification requires that request parameters
-            // not be present more than once but derived specifications like the
-            // token exchange specification deliberately allow specifying multiple
-            // parameters with the same name to represent a multi-valued parameter.
-            AddParameter(parameter.Key, parameter.Value switch
-            {
-                  null or { IsDefaultOrEmpty: true } => default,
-                          [string value]             => new OpenIddictParameter(value),
-                           [..] values               => new OpenIddictParameter(values)
-            });
-        }
-    }
-
     /// <summary>
     /// Initializes a new OpenIddict message.
     /// </summary>

src/OpenIddict.Abstractions/Primitives/OpenIddictRequest.cs

@@ -85,17 +85,6 @@ public OpenIddictRequest(IEnumerable<KeyValuePair<string, ImmutableArray<string?
     {
     }
 
-    /// <summary>
-    /// Initializes a new OpenIddict request.
-    /// </summary>
-    /// <param name="parameters">The request parameters.</param>
-    /// <remarks>Parameters with a null or empty key are always ignored.</remarks>
-    [Obsolete("This constructor is obsolete and will be removed in a future version.")]
-    public OpenIddictRequest(IEnumerable<KeyValuePair<string, ImmutableArray<string?>?>> parameters)
-        : base(parameters)
-    {
-    }
-
     /// <summary>
     /// Initializes a new OpenIddict request.
     /// </summary>

src/OpenIddict.Abstractions/Primitives/OpenIddictResponse.cs

@@ -84,17 +84,6 @@ public OpenIddictResponse(IEnumerable<KeyValuePair<string, ImmutableArray<string
     {
     }
 
-    /// <summary>
-    /// Initializes a new OpenIddict response.
-    /// </summary>
-    /// <param name="parameters">The response parameters.</param>
-    /// <remarks>Parameters with a null or empty key are always ignored.</remarks>
-    [Obsolete("This constructor is obsolete and will be removed in a future version.")]
-    public OpenIddictResponse(IEnumerable<KeyValuePair<string, ImmutableArray<string?>?>> parameters)
-        : base(parameters)
-    {
-    }
-
     /// <summary>
     /// Initializes a new OpenIddict response.
     /// </summary>

src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpBuilder.cs

@@ -9,7 +9,6 @@
 using System.Net.Http.Headers;
 using System.Net.Mail;
 using System.Reflection;
-using System.Security.Cryptography.X509Certificates;
 using OpenIddict.Client;
 using OpenIddict.Client.SystemNetHttp;
 using Polly;
@@ -287,50 +286,6 @@ public OpenIddictClientSystemNetHttpBuilder SetProductInformation(Assembly assem
             productVersion: assembly.GetName().Version!.ToString()));
     }
 
-    /// <summary>
-    /// Sets the delegate called by OpenIddict when trying to resolve the self-signed
-    /// TLS client authentication certificate that will be used for OAuth 2.0
-    /// mTLS-based client authentication (self_signed_tls_client_auth), if applicable.
-    /// </summary>
-    /// <param name="selector">The selector delegate.</param>
-    /// <remarks>
-    /// If no value is explicitly set, OpenIddict automatically tries to resolve the
-    /// X.509 certificate from the signing credentials attached to the client registration
-    /// (in this case, the X.509 certificate MUST include the digital signature and
-    /// client authentication key usages to be automatically selected by OpenIddict).
-    /// </remarks>
-    /// <returns>The <see cref="OpenIddictClientSystemNetHttpBuilder"/> instance.</returns>
-    [Obsolete("This option is no longer supported and will be removed in a future version.")]
-    public OpenIddictClientSystemNetHttpBuilder SetSelfSignedTlsClientAuthenticationCertificateSelector(
-        Func<OpenIddictClientRegistration, X509Certificate2?> selector)
-    {
-        ArgumentNullException.ThrowIfNull(selector);
-
-        return Configure(options => options.SelfSignedTlsClientAuthenticationCertificateSelector = selector);
-    }
-
-    /// <summary>
-    /// Sets the delegate called by OpenIddict when trying to resolve the
-    /// TLS client authentication certificate that will be used for OAuth 2.0
-    /// mTLS-based client authentication (tls_client_auth), if applicable.
-    /// </summary>
-    /// <param name="selector">The selector delegate.</param>
-    /// <remarks>
-    /// If no value is explicitly set, OpenIddict automatically tries to resolve the
-    /// X.509 certificate from the signing credentials attached to the client registration
-    /// (in this case, the X.509 certificate MUST include the digital signature and
-    /// client authentication key usages to be automatically selected by OpenIddict).
-    /// </remarks>
-    /// <returns>The <see cref="OpenIddictClientSystemNetHttpBuilder"/> instance.</returns>
-    [Obsolete("This option is no longer supported and will be removed in a future version.")]
-    public OpenIddictClientSystemNetHttpBuilder SetTlsClientAuthenticationCertificateSelector(
-        Func<OpenIddictClientRegistration, X509Certificate2?> selector)
-    {
-        ArgumentNullException.ThrowIfNull(selector);
-
-        return Configure(options => options.TlsClientAuthenticationCertificateSelector = selector);
-    }
-
     /// <inheritdoc/>
     [EditorBrowsable(EditorBrowsableState.Never)]
     public override bool Equals(object? obj) => base.Equals(obj);

src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpConfiguration.cs

@@ -25,8 +25,7 @@ namespace OpenIddict.Client.SystemNetHttp;
 [EditorBrowsable(EditorBrowsableState.Advanced)]
 public sealed class OpenIddictClientSystemNetHttpConfiguration : IConfigureOptions<OpenIddictClientOptions>,
                                                                  IConfigureNamedOptions<HttpClientFactoryOptions>,
-                                                                 IPostConfigureOptions<HttpClientFactoryOptions>,
-                                                                 IPostConfigureOptions<OpenIddictClientSystemNetHttpOptions>
+                                                                 IPostConfigureOptions<HttpClientFactoryOptions>
 {
     private readonly IServiceProvider _provider;
 
@@ -217,9 +216,4 @@ public void PostConfigure(string? name, HttpClientFactoryOptions options)
             handler.UseCookies = false;
         });
     }
-
-    /// <inheritdoc/>
-    [Obsolete("This method is no longer supported and will be removed in a future version.")]
-    public void PostConfigure(string? name, OpenIddictClientSystemNetHttpOptions options)
-        => throw new NotSupportedException(SR.GetResourceString(SR.ID0403));
 }

src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.cs

@@ -32,138 +32,6 @@ public static partial class OpenIddictClientSystemNetHttpHandlers
         .. UserInfo.DefaultHandlers
     ];
 
-    /// <summary>
-    /// Contains the logic responsible for negotiating the best token endpoint client
-    /// authentication method supported by both the client and the authorization server.
-    /// </summary>
-    [Obsolete("This class is obsolete and will be removed in a future version.")]
-    public sealed class AttachNonDefaultTokenEndpointClientAuthenticationMethod : IOpenIddictClientHandler<ProcessAuthenticationContext>
-    {
-        /// <summary>
-        /// Gets the default descriptor definition assigned to this handler.
-        /// </summary>
-        public static OpenIddictClientHandlerDescriptor Descriptor { get; }
-            = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessAuthenticationContext>()
-                .AddFilter<RequireTokenRequest>()
-                .UseSingletonHandler<AttachNonDefaultTokenEndpointClientAuthenticationMethod>()
-                .SetOrder(AttachTokenEndpointClientAuthenticationMethod.Descriptor.Order - 500)
-                .SetType(OpenIddictClientHandlerType.BuiltIn)
-                .Build();
-
-        /// <inheritdoc/>
-        public ValueTask HandleAsync(ProcessAuthenticationContext context) => ValueTask.CompletedTask;
-    }
-
-    /// <summary>
-    /// Contains the logic responsible for negotiating the best token binding
-    /// methods supported by both the client and the authorization server.
-    /// </summary>
-    [Obsolete("This class is obsolete and will be removed in a future version.")]
-    public sealed class AttachNonDefaultUserInfoEndpointTokenBindingMethods : IOpenIddictClientHandler<ProcessAuthenticationContext>
-    {
-        /// <summary>
-        /// Gets the default descriptor definition assigned to this handler.
-        /// </summary>
-        public static OpenIddictClientHandlerDescriptor Descriptor { get; }
-            = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessAuthenticationContext>()
-                .AddFilter<RequireUserInfoRequest>()
-                .UseSingletonHandler<AttachNonDefaultUserInfoEndpointTokenBindingMethods>()
-                .SetOrder(AttachUserInfoEndpointTokenBindingMethods.Descriptor.Order - 500)
-                .SetType(OpenIddictClientHandlerType.BuiltIn)
-                .Build();
-
-        /// <inheritdoc/>
-        public ValueTask HandleAsync(ProcessAuthenticationContext context) => ValueTask.CompletedTask;
-    }
-
-    /// <summary>
-    /// Contains the logic responsible for negotiating the best device authorization endpoint
-    /// client authentication method supported by both the client and the authorization server.
-    /// </summary>
-    [Obsolete("This class is obsolete and will be removed in a future version.")]
-    public sealed class AttachNonDefaultDeviceAuthorizationEndpointClientAuthenticationMethod : IOpenIddictClientHandler<ProcessChallengeContext>
-    {
-        /// <summary>
-        /// Gets the default descriptor definition assigned to this handler.
-        /// </summary>
-        public static OpenIddictClientHandlerDescriptor Descriptor { get; }
-            = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
-                .AddFilter<RequireDeviceAuthorizationRequest>()
-                .UseSingletonHandler<AttachNonDefaultDeviceAuthorizationEndpointClientAuthenticationMethod>()
-                .SetOrder(AttachDeviceAuthorizationEndpointClientAuthenticationMethod.Descriptor.Order - 500)
-                .SetType(OpenIddictClientHandlerType.BuiltIn)
-                .Build();
-
-        /// <inheritdoc/>
-        public ValueTask HandleAsync(ProcessChallengeContext context) => ValueTask.CompletedTask;
-    }
-
-    /// <summary>
-    /// Contains the logic responsible for negotiating the best pushed authorization endpoint
-    /// client authentication method supported by both the client and the authorization server.
-    /// </summary>
-    [Obsolete("This class is obsolete and will be removed in a future version.")]
-    public sealed class AttachNonDefaultPushedAuthorizationEndpointClientAuthenticationMethod : IOpenIddictClientHandler<ProcessChallengeContext>
-    {
-        /// <summary>
-        /// Gets the default descriptor definition assigned to this handler.
-        /// </summary>
-        public static OpenIddictClientHandlerDescriptor Descriptor { get; }
-            = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
-                .AddFilter<RequirePushedAuthorizationRequest>()
-                .UseSingletonHandler<AttachNonDefaultPushedAuthorizationEndpointClientAuthenticationMethod>()
-                .SetOrder(AttachPushedAuthorizationEndpointClientAuthenticationMethod.Descriptor.Order - 500)
-                .SetType(OpenIddictClientHandlerType.BuiltIn)
-                .Build();
-
-        /// <inheritdoc/>
-        public ValueTask HandleAsync(ProcessChallengeContext context) => ValueTask.CompletedTask;
-    }
-
-    /// <summary>
-    /// Contains the logic responsible for negotiating the best introspection endpoint client
-    /// authentication method supported by both the client and the authorization server.
-    /// </summary>
-    [Obsolete("This class is obsolete and will be removed in a future version.")]
-    public sealed class AttachNonDefaultIntrospectionEndpointClientAuthenticationMethod : IOpenIddictClientHandler<ProcessIntrospectionContext>
-    {
-        /// <summary>
-        /// Gets the default descriptor definition assigned to this handler.
-        /// </summary>
-        public static OpenIddictClientHandlerDescriptor Descriptor { get; }
-            = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessIntrospectionContext>()
-                .AddFilter<RequireIntrospectionRequest>()
-                .UseSingletonHandler<AttachNonDefaultIntrospectionEndpointClientAuthenticationMethod>()
-                .SetOrder(AttachIntrospectionEndpointClientAuthenticationMethod.Descriptor.Order - 500)
-                .SetType(OpenIddictClientHandlerType.BuiltIn)
-                .Build();
-
-        /// <inheritdoc/>
-        public ValueTask HandleAsync(ProcessIntrospectionContext context) => ValueTask.CompletedTask;
-    }
-
-    /// <summary>
-    /// Contains the logic responsible for negotiating the best revocation endpoint client
-    /// authentication method supported by both the client and the authorization server.
-    /// </summary>
-    [Obsolete("This class is obsolete and will be removed in a future version.")]
-    public sealed class AttachNonDefaultRevocationEndpointClientAuthenticationMethod : IOpenIddictClientHandler<ProcessRevocationContext>
-    {
-        /// <summary>
-        /// Gets the default descriptor definition assigned to this handler.
-        /// </summary>
-        public static OpenIddictClientHandlerDescriptor Descriptor { get; }
-            = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessRevocationContext>()
-                .AddFilter<RequireRevocationRequest>()
-                .UseSingletonHandler<AttachNonDefaultRevocationEndpointClientAuthenticationMethod>()
-                .SetOrder(AttachRevocationEndpointClientAuthenticationMethod.Descriptor.Order - 500)
-                .SetType(OpenIddictClientHandlerType.BuiltIn)
-                .Build();
-
-        /// <inheritdoc/>
-        public ValueTask HandleAsync(ProcessRevocationContext context) => ValueTask.CompletedTask;
-    }
-
     /// <summary>
     /// Contains the logic responsible for creating and attaching a <see cref="HttpClient"/>.
     /// </summary>

src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpOptions.cs

@@ -4,12 +4,10 @@
  * the license and the contributors participating to this project.
  */
 
-using System.ComponentModel;
 using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Net.Mail;
-using System.Security.Cryptography.X509Certificates;
 using Polly;
 using Polly.Extensions.Http;
 
@@ -82,34 +80,4 @@ public sealed class OpenIddictClientSystemNetHttpOptions
     /// instances created by the OpenIddict client/System.Net.Http integration.
     /// </summary>
     public List<Action<OpenIddictClientRegistration, HttpClientHandler>> HttpClientHandlerActions { get; } = [];
-
-    /// <summary>
-    /// Gets or sets the delegate called by OpenIddict when trying to resolve the
-    /// self-signed TLS client authentication certificate that will be used for OAuth 2.0
-    /// mTLS-based client authentication (self_signed_tls_client_auth), if applicable.
-    /// </summary>
-    /// <remarks>
-    /// If no value is explicitly set, OpenIddict automatically tries to resolve the
-    /// X.509 certificate from the signing credentials attached to the client registration
-    /// (in this case, the X.509 certificate MUST include the digital signature and
-    /// client authentication key usages to be automatically selected by OpenIddict).
-    /// </remarks>
-    [EditorBrowsable(EditorBrowsableState.Advanced)]
-    [Obsolete("This option is no longer supported and will be removed in a future version.")]
-    public Func<OpenIddictClientRegistration, X509Certificate2?> SelfSignedTlsClientAuthenticationCertificateSelector { get; set; } = default!;
-
-    /// <summary>
-    /// Gets or sets the delegate called by OpenIddict when trying to resolve the TLS
-    /// client authentication certificate that will be used for OAuth 2.0 mTLS-based
-    /// client authentication (tls_client_auth), if applicable.
-    /// </summary>
-    /// <remarks>
-    /// If no value is explicitly set, OpenIddict automatically tries to resolve the
-    /// X.509 certificate from the signing credentials attached to the client registration
-    /// (in this case, the X.509 certificate MUST include the digital signature and
-    /// client authentication key usages to be automatically selected by OpenIddict).
-    /// </remarks>
-    [EditorBrowsable(EditorBrowsableState.Advanced)]
-    [Obsolete("This option is no longer supported and will be removed in a future version.")]
-    public Func<OpenIddictClientRegistration, X509Certificate2?> TlsClientAuthenticationCertificateSelector { get; set; } = default!;
 }

src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationConfiguration.cs

@@ -6,7 +6,6 @@
 
 using System.ComponentModel;
 using Microsoft.Extensions.Options;
-using OpenIddict.Client.SystemNetHttp;
 
 namespace OpenIddict.Client.WebIntegration;
 
@@ -15,8 +14,7 @@ namespace OpenIddict.Client.WebIntegration;
 /// </summary>
 [EditorBrowsable(EditorBrowsableState.Advanced)]
 public sealed partial class OpenIddictClientWebIntegrationConfiguration : IConfigureOptions<OpenIddictClientOptions>,
-                                                                          IPostConfigureOptions<OpenIddictClientOptions>,
-                                                                          IPostConfigureOptions<OpenIddictClientSystemNetHttpOptions>
+                                                                          IPostConfigureOptions<OpenIddictClientOptions>
 {
     /// <inheritdoc/>
     public void Configure(OpenIddictClientOptions options)
@@ -43,11 +41,6 @@ public void PostConfigure(string? name, OpenIddictClientOptions options)
         }
     }
 
-    /// <inheritdoc/>
-    [Obsolete("This method is no longer supported and will be removed in a future version.")]
-    public void PostConfigure(string? name, OpenIddictClientSystemNetHttpOptions options)
-        => throw new NotSupportedException(SR.GetResourceString(SR.ID0403));
-
     /// <summary>
     /// Amends the registration with the provider-specific configuration logic.
     /// </summary>

src/OpenIddict.Client/OpenIddictClientEvents.cs

@@ -171,12 +171,6 @@ protected BaseExternalContext(OpenIddictClientTransaction transaction)
         /// this peer when communicating with the external endpoint, if applicable.
         /// </summary>
         public X509Certificate2? LocalCertificate { get; set; }
-
-        /// <summary>
-        /// Gets or sets the token binding method used when communicating with the external endpoint, if applicable.
-        /// </summary>
-        [Obsolete("This property is no longer used and will be removed in a future version.")]
-        public HashSet<string> TokenBindingMethods { get; } = new(StringComparer.Ordinal);
     }
 
     /// <summary>
@@ -434,13 +428,6 @@ public OpenIddictRequest Request
         /// </summary>
         public X509Certificate2? UserInfoEndpointClientCertificate { get; set; }
 
-        /// <summary>
-        /// Gets or sets the token binding methods used when
-        /// communicating with the userinfo endpoint, if applicable.
-        /// </summary>
-        [Obsolete("This property is no longer used and will be removed in a future version.")]
-        public HashSet<string> UserInfoEndpointTokenBindingMethods { get; } = new(StringComparer.Ordinal);
-
         /// <summary>
         /// Gets or sets a boolean indicating whether the token entry associated
         /// with the state token should be marked as redeemed in the database.