public async Task <IEndpointResult> ProcessAsync(HttpContext context)
{
_logger.LogTrace("Processing discovery request.");
// validate HTTP
if (context.Request.Method != "GET")
{
_logger.LogWarning("Discovery endpoint only supports GET requests");
return(new StatusCodeResult(HttpStatusCode.MethodNotAllowed));
}
_logger.LogDebug("Start discovery request");
if (!_options.Endpoints.EnableDiscoveryEndpoint)
{
_logger.LogInformation("Discovery endpoint disabled. 404.");
return(new StatusCodeResult(HttpStatusCode.NotFound));
}
var baseUrl = context.GetIdentityServerBaseUrl().EnsureTrailingSlash();
var issuerUri = context.GetIdentityServerIssuerUri();
// generate response
_logger.LogTrace("Calling into discovery response generator: {type}", _responseGenerator.GetType().FullName);
var response = await _responseGenerator.CreateDiscoveryDocumentAsync(baseUrl, issuerUri);
return(new DiscoveryDocumentResult(response, _options.Discovery.ResponseCacheInterval));
}
public Task <IEndpointResult> ProcessAsync(HttpContext context)
{
_logger.LogTrace("Processing discovery request.");
// validate HTTP
if (!HttpMethods.IsGet(context.Request.Method))
{
_logger.LogWarning("Discovery endpoint only supports GET requests");
return(Task.FromResult((IEndpointResult) new StatusCodeResult(HttpStatusCode.MethodNotAllowed)));
}
if (!_options.Endpoints.EnableDiscoveryEndpoint)
{
_logger.LogInformation("Discovery endpoint disabled. 404.");
return(Task.FromResult((IEndpointResult) new StatusCodeResult(HttpStatusCode.NotFound)));
}
var baseUrl = context.GetIdentityServerBaseUri();
var issuerUri = context.GetIdentityServerIssuerUri();
// generate response
_logger.LogTrace("Calling into discovery response generator: {type}", _responseGenerator.GetType().FullName);
var response = _responseCache.GetOrAdd(1, _ => _responseGenerator.CreateDiscoveryDocumentAsync(baseUrl, issuerUri).GetAwaiter().GetResult());
_logger.LogTrace("Discovery request completed. Return DiscoveryDocumentResult");
return(Task.FromResult((IEndpointResult) new DiscoveryDocumentResult(response, _options.Discovery.ResponseCacheInterval)));
}
public async Task <IEndpointResult> ProcessAsync(HttpContext context)
{
using var activity = Tracing.BasicActivitySource.StartActivity(Constants.EndpointNames.Discovery + "Endpoint");
_logger.LogTrace("Processing discovery request.");
// validate HTTP
if (!HttpMethods.IsGet(context.Request.Method))
{
_logger.LogWarning("Discovery endpoint only supports GET requests");
return(new StatusCodeResult(HttpStatusCode.MethodNotAllowed));
}
_logger.LogDebug("Start discovery request");
if (!_options.Endpoints.EnableDiscoveryEndpoint)
{
_logger.LogInformation("Discovery endpoint disabled. 404.");
return(new StatusCodeResult(HttpStatusCode.NotFound));
}
var baseUrl = _urls.BaseUrl;
var issuerUri = await _issuerNameService.GetCurrentAsync();
// generate response
_logger.LogTrace("Calling into discovery response generator: {type}", _responseGenerator.GetType().FullName);
var response = await _responseGenerator.CreateDiscoveryDocumentAsync(baseUrl, issuerUri);
return(new DiscoveryDocumentResult(response, _options.Discovery.ResponseCacheInterval));
}
private async Task <IEndpointResult> ExecuteDiscoDocAsync(HttpContext context)
{
_logger.LogDebug("Start discovery request");
if (!_options.Endpoints.EnableDiscoveryEndpoint)
{
_logger.LogInformation("Discovery endpoint disabled. 404.");
return(new StatusCodeResult(HttpStatusCode.NotFound));
}
var baseUrl = context.GetIdentityServerBaseUrl().EnsureTrailingSlash();
var issuerUri = context.GetIdentityServerIssuerUri();
var response = await _responseGenerator.CreateDiscoveryDocumentAsync(baseUrl, issuerUri);
return(new DiscoveryDocumentResult(response));
}
/// <summary>
/// Creates the discovery document.
/// </summary>
/// <param name="baseUrl">The base URL.</param>
/// <param name="issuerUri">The issuer URI.</param>
public async Task <Dictionary <string, object> > CreateDiscoveryDocumentAsync(string baseUrl, string issuerUri)
{
var entries = await _inner.CreateDiscoveryDocumentAsync(baseUrl, issuerUri);
// response modes
if (_options.Discovery.ShowResponseModes)
{
if (entries.ContainsKey(IdentityModel.OidcConstants.Discovery.ResponseModesSupported))
{
var response_modes = (string[])entries[IdentityModel.OidcConstants.Discovery.ResponseModesSupported];
if (!response_modes.Any(rm => rm == OidcConstants.ResponseModes.Json))
{
entries[IdentityModel.OidcConstants.Discovery.ResponseModesSupported] = new List <string>(response_modes)
{
OidcConstants.ResponseModes.Json
}
.ToArray();
}
}
}
// claims
if (_anonIdsrvOptions.AlwaysIncludeAnonymousIdInProfile && _options.Discovery.ShowClaims)
{
if (entries.ContainsKey(IdentityModel.OidcConstants.Discovery.ClaimsSupported))
{
var claims = (string[])entries[IdentityModel.OidcConstants.Discovery.ClaimsSupported];
if (!claims.Any(rm => rm == JwtClaimTypes.AnonymousId))
{
entries[IdentityModel.OidcConstants.Discovery.ClaimsSupported] = new List <string>(claims)
{
JwtClaimTypes.AnonymousId
}
.ToArray();
}
}
}
return(entries);
}
public async Task <ActionResult> GetConfig()
{
var context = this.Request.HttpContext;
var baseUrl = EnsureTrailingSlash(context.GetIdentityServerBaseUrl());
var issuerUri = context.GetIdentityServerIssuerUri();
Dictionary <string, object> response = await _responseGenerator.CreateDiscoveryDocumentAsync(baseUrl, issuerUri);
// if the document is being accessed via the initernal docker hostname then rewrite the urls
// used in client side browser redirects to use the base url exposed by docker to the host OS
string browserAccessibleBaseUrl = _config.GetValue <string>("IdentityServerIssuerUri");
if (!string.IsNullOrWhiteSpace(browserAccessibleBaseUrl))
{
response["authorization_endpoint"] = $"{browserAccessibleBaseUrl}/connect/authorize";
response["check_session_iframe"] = $"{browserAccessibleBaseUrl}/connect/checksession";
response["end_session_endpoint"] = $"{browserAccessibleBaseUrl}/connect/endsession";
}
return(Json(response));
}
public async Task <IEndpointResult> ProcessAsync(HttpContext context)
{
if (!HttpMethods.IsGet(context.Request.Method))
{
_logger.LogWarning("Discovery endpoint only supports GET requests");
return(new StatusCodeResult(HttpStatusCode.MethodNotAllowed));
}
_logger.LogDebug("Start discovery request");
if (!_options.Endpoints.EnableDiscoveryEndpoint)
{
_logger.LogInformation("Discovery endpoint disabled. 404.");
return(new StatusCodeResult(HttpStatusCode.NotFound));
}
String baseUrl = context.GetPolicyServerBaseUrl().EnsureTrailingSlash();
String issuerUri = context.GetPolicyServerIssuerUri();
Dictionary <String, Object> response = await _responseGenerator.CreateDiscoveryDocumentAsync(baseUrl, issuerUri);
return(new DiscoveryDocumentResult(response, _options.Discovery.ResponseCacheInterval));
}
private async Task <Dictionary <string, string> > FetchDiscoveryData(HttpContext httpContext)
{
if (_endpointDictionary == null)
{
var baseUrl = httpContext.GetIdentityServerBaseUrl().EnsureTrailingSlash();
var issuerUri = httpContext.GetIdentityServerIssuerUri();
var index = issuerUri.IndexOf("://") + 3;
var runningUri = issuerUri.Substring(index);
index = runningUri.IndexOf('/');
var baseUrlSegment = index >= 0?runningUri.Substring(index):"";
// generate response
_logger.LogTrace("Calling into discovery response generator: {type}",
_responseGenerator.GetType().FullName);
var response = await _responseGenerator.CreateDiscoveryDocumentAsync(baseUrl, issuerUri);
var issuer = response["issuer"] as string;
_endpointDictionary = new Dictionary <string, string>
{
{
"discovery",
$"{baseUrlSegment}/.well-known/openid-configuration"
},
{
"jwks_uri",
$"{baseUrlSegment}{(response["jwks_uri"] as string).Substring(issuer.Length)}"
},
{
"authorization_endpoint",
$"{baseUrlSegment}{(response["authorization_endpoint"] as string).Substring(issuer.Length)}"
},
{
"token_endpoint",
$"{baseUrlSegment}{(response["token_endpoint"] as string).Substring(issuer.Length)}"
},
{
"userinfo_endpoint",
$"{baseUrlSegment}{(response["userinfo_endpoint"] as string).Substring(issuer.Length)}"
},
{
"end_session_endpoint",
$"{baseUrlSegment}{(response["end_session_endpoint"] as string).Substring(issuer.Length)}"
},
{
"check_session_iframe",
$"{baseUrlSegment}{(response["check_session_iframe"] as string).Substring(issuer.Length)}"
},
{
"revocation_endpoint",
$"{baseUrlSegment}{(response["revocation_endpoint"] as string).Substring(issuer.Length)}"
},
{
"introspection_endpoint",
$"{baseUrlSegment}{(response["introspection_endpoint"] as string).Substring(issuer.Length)}"
}
};
}
return(_endpointDictionary);
}
/// <summary>
/// Registers the asynchronous.
/// </summary>
/// <param name="registration">The client registration.</param>
/// <param name="httpContext">The HTTP context.</param>
/// <returns></returns>
public async Task <ClientRegisteration> RegisterAsync(ClientRegisteration registration, HttpContext httpContext)
{
var uri = $"{httpContext.Request.Scheme}://{httpContext.Request.Host}/";
var discovery = await _discoveryResponseGenerator.CreateDiscoveryDocumentAsync(uri, uri).ConfigureAwait(false);
ValidateCaller(registration, httpContext);
Validate(registration, discovery);
var clientName = registration.ClientNames?.FirstOrDefault(n => n.Culture == null)?.Value ??
registration.ClientNames?.FirstOrDefault()?.Value ?? Guid.NewGuid().ToString();
var existing = await _clientStore.GetAsync(clientName, null).ConfigureAwait(false);
registration.Id = existing != null?Guid.NewGuid().ToString() : clientName;
registration.Id = registration.Id.Contains(' ') ? Guid.NewGuid().ToString() : registration.Id;
var secret = Guid.NewGuid().ToString();
var serializerSettings = new JsonSerializerSettings
{
NullValueHandling = NullValueHandling.Ignore
};
var jwkKeys = registration.Jwks?.Keys;
var sercretList = jwkKeys != null?jwkKeys.Select(k => new ClientSecret
{
Id = Guid.NewGuid().ToString(),
Type = IdentityServer4.IdentityServerConstants.SecretTypes.JsonWebKey,
Value = JsonConvert.SerializeObject(k, serializerSettings)
}).ToList() : new List <ClientSecret>();
sercretList.Add(new ClientSecret
{
Id = Guid.NewGuid().ToString(),
Type = IdentityServer4.IdentityServerConstants.SecretTypes.SharedSecret,
Value = secret
});
var client = new Client
{
AllowedGrantTypes = registration.GrantTypes.Select(grant => new ClientGrantType
{
Id = Guid.NewGuid().ToString(),
GrantType = grant
}).ToList(),
AccessTokenLifetime = _defaultValues.AccessTokenLifetime,
AbsoluteRefreshTokenLifetime = _defaultValues.AbsoluteRefreshTokenLifetime,
AccessTokenType = (int)_defaultValues.AccessTokenType,
AllowOfflineAccess = registration.ApplicationType == "web" && registration.GrantTypes.Contains("refresh_token"),
AllowAccessTokensViaBrowser = registration.ApplicationType == "web",
AllowedScopes = new List <ClientScope> {
new ClientScope
{
Id = Guid.NewGuid().ToString(),
Scope = "openid"
},
new ClientScope
{
Id = Guid.NewGuid().ToString(),
Scope = "profile"
},
new ClientScope
{
Id = Guid.NewGuid().ToString(),
Scope = "address"
},
new ClientScope
{
Id = Guid.NewGuid().ToString(),
Scope = "email"
},
new ClientScope
{
Id = Guid.NewGuid().ToString(),
Scope = "phone"
}
},
AllowRememberConsent = _defaultValues.AllowRememberConsent,
AllowPlainTextPkce = _defaultValues.AllowPlainTextPkce,
AlwaysIncludeUserClaimsInIdToken = _defaultValues.AlwaysIncludeUserClaimsInIdToken,
AlwaysSendClientClaims = _defaultValues.AlwaysSendClientClaims,
AuthorizationCodeLifetime = _defaultValues.AuthorizationCodeLifetime,
BackChannelLogoutSessionRequired = !string.IsNullOrEmpty(_defaultValues.BackChannelLogoutUri),
BackChannelLogoutUri = _defaultValues.BackChannelLogoutUri,
ClientClaimsPrefix = _defaultValues.ClientClaimsPrefix,
ClientName = clientName,
ClientSecrets = sercretList,
ClientUri = registration.ClientUris?.FirstOrDefault(u => u.Culture == null)?.Value ?? registration.ClientUris?.FirstOrDefault()?.Value,
ConsentLifetime = _defaultValues.ConsentLifetime,
Description = _defaultValues.Description,
DeviceCodeLifetime = _defaultValues.DeviceCodeLifetime,
Enabled = true,
EnableLocalLogin = _defaultValues.EnableLocalLogin,
FrontChannelLogoutSessionRequired = !string.IsNullOrEmpty(_defaultValues.FrontChannelLogoutUri),
FrontChannelLogoutUri = _defaultValues.FrontChannelLogoutUri,
Id = registration.Id,
IdentityTokenLifetime = _defaultValues.IdentityTokenLifetime,
IncludeJwtId = _defaultValues.IncludeJwtId,
LogoUri = registration.LogoUris?.FirstOrDefault(u => u.Culture == null)?.Value ?? registration.LogoUris?.FirstOrDefault()?.Value,
NonEditable = false,
PairWiseSubjectSalt = _defaultValues.PairWiseSubjectSalt,
ProtocolType = _defaultValues.ProtocolType,
RedirectUris = registration.RedirectUris.Select(u => new ClientUri
{
Id = Guid.NewGuid().ToString(),
Kind = UriKinds.Cors | UriKinds.Redirect,
Uri = u
}).ToList(),
RefreshTokenExpiration = (int)_defaultValues.RefreshTokenExpiration,
RefreshTokenUsage = (int)_defaultValues.RefreshTokenUsage,
RequireClientSecret = false,
RequireConsent = _defaultValues.RequireConsent,
RequirePkce = false,
Resources = registration.ClientNames.Where(n => n.Culture != null)
.Select(n => new ClientLocalizedResource
{
Id = Guid.NewGuid().ToString(),
CultureId = n.Culture,
ResourceKind = EntityResourceKind.DisplayName,
Value = n.Value
})
.Union(registration.ClientUris != null ? registration.ClientUris.Where(u => u.Culture != null).Select(u => new ClientLocalizedResource
{
Id = Guid.NewGuid().ToString(),
CultureId = u.Culture,
ResourceKind = EntityResourceKind.ClientUri,
Value = u.Value
}) : new List <ClientLocalizedResource>(0))
.Union(registration.LogoUris != null ? registration.LogoUris.Where(u => u.Culture != null).Select(u => new ClientLocalizedResource
{
Id = Guid.NewGuid().ToString(),
CultureId = u.Culture,
ResourceKind = EntityResourceKind.LogoUri,
Value = u.Value
}) : new List <ClientLocalizedResource>(0))
.Union(registration.PolicyUris != null ? registration.PolicyUris.Where(u => u.Culture != null).Select(u => new ClientLocalizedResource
{
Id = Guid.NewGuid().ToString(),
CultureId = u.Culture,
ResourceKind = EntityResourceKind.PolicyUri,
Value = u.Value
}) : new List <ClientLocalizedResource>(0))
.Union(registration.TosUris != null ? registration.TosUris.Where(u => u.Culture != null).Select(u => new ClientLocalizedResource
{
Id = Guid.NewGuid().ToString(),
CultureId = u.Culture,
ResourceKind = EntityResourceKind.TosUri,
Value = u.Value
}) : new List <ClientLocalizedResource>(0))
.ToList(),
Properties = new List <ClientProperty>
{
new ClientProperty
{
Id = Guid.NewGuid().ToString(),
Key = "applicationType",
Value = registration.ApplicationType
}
}.Union(registration.Contacts != null ? new List <ClientProperty>
{
new ClientProperty
{
Id = Guid.NewGuid().ToString(),
Key = "contacts",
Value = string.Join("; ", registration.Contacts)
}
} : new List <ClientProperty>(0))
.ToList(),
SlidingRefreshTokenLifetime = _defaultValues.SlidingRefreshTokenLifetime,
UpdateAccessTokenClaimsOnRefresh = _defaultValues.UpdateAccessTokenClaimsOnRefresh,
UserCodeType = _defaultValues.UserCodeType,
UserSsoLifetime = _defaultValues.UserSsoLifetime,
PolicyUri = registration.TosUris?.FirstOrDefault(u => u.Culture == null)?.Value ?? registration.TosUris?.FirstOrDefault()?.Value,
TosUri = registration.TosUris?.FirstOrDefault(u => u.Culture == null)?.Value ?? registration.TosUris?.FirstOrDefault()?.Value,
};
client.RegistrationToken = Guid.NewGuid();
await _clientStore.CreateAsync(client).ConfigureAwait(false);
registration.RegistrationToken = client.RegistrationToken.ToString();
registration.RegistrationUri = $"{discovery["registration_endpoint"]}/{client.Id}";
registration.JwksUri = discovery["jwks_uri"].ToString();
registration.ClientSecret = secret;
registration.ClientSecretExpireAt = 0;
return(registration);
}