/// <summary>
/// Updates the consent asynchronous.
/// </summary>
/// <param name="client">The client.</param>
/// <param name="subject">The subject.</param>
/// <param name="scopes">The scopes.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">
/// client
/// or
/// subject
/// </exception>
public virtual async Task UpdateConsentAsync(ClaimsPrincipal subject, Client client, IEnumerable <string> scopes)
{
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
if (subject == null)
{
throw new ArgumentNullException(nameof(subject));
}
if (client.AllowRememberConsent)
{
var subjectId = subject.GetSubjectId();
var clientId = client.ClientId;
if (scopes != null && scopes.Any())
{
var consent = new Consent
{
SubjectId = subjectId,
ClientId = clientId,
Scopes = scopes
};
await _userConsentStore.StoreUserConsentAsync(consent);
}
else
{
await _userConsentStore.RemoveUserConsentAsync(subjectId, clientId);
}
}
}
public async Task StoreUserConsentAsync_should_persist_grant()
{
var consent1 = new Consent()
{
ClientId = "client",
SubjectId = "123",
Scopes = new string[] { "foo", "bar" }
};
await _userConsent.StoreUserConsentAsync(consent1);
var consent2 = await _userConsent.GetUserConsentAsync("123", "client");
consent2.ClientId.Should().Be(consent1.ClientId);
consent2.SubjectId.Should().Be(consent1.SubjectId);
consent2.Scopes.ShouldBeEquivalentTo(new string[] { "bar", "foo" });
}
/// <summary>
/// Updates the consent asynchronous.
/// </summary>
/// <param name="client">The client.</param>
/// <param name="subject">The subject.</param>
/// <param name="parsedScopes">The parsed scopes.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">
/// client
/// or
/// subject
/// </exception>
public virtual async Task UpdateConsentAsync(ClaimsPrincipal subject, Client client, IEnumerable <ParsedScopeValue> parsedScopes)
{
using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultConsentService.UpdateConsent");
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
if (subject == null)
{
throw new ArgumentNullException(nameof(subject));
}
if (client.AllowRememberConsent)
{
var subjectId = subject.GetSubjectId();
var clientId = client.ClientId;
var scopes = parsedScopes?.Select(x => x.RawValue).ToArray();
if (scopes != null && scopes.Any())
{
Logger.LogDebug("Client allows remembering consent, and consent given. Updating consent store for subject: {subject}", subject.GetSubjectId());
var consent = new Consent
{
CreationTime = Clock.UtcNow.UtcDateTime,
SubjectId = subjectId,
ClientId = clientId,
Scopes = scopes
};
if (client.ConsentLifetime.HasValue)
{
consent.Expiration = consent.CreationTime.AddSeconds(client.ConsentLifetime.Value);
}
await UserConsentStore.StoreUserConsentAsync(consent);
}
else
{
Logger.LogDebug("Client allows remembering consent, and no scopes provided. Removing consent from consent store for subject: {subject}", subject.GetSubjectId());
await UserConsentStore.RemoveUserConsentAsync(subjectId, clientId);
}
}
}
/// <summary>
/// Updates the consent asynchronous.
/// </summary>
/// <param name="client">The client.</param>
/// <param name="subject">The subject.</param>
/// <param name="scopes">The scopes.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">
/// client
/// or
/// subject
/// </exception>
public virtual async Task UpdateConsentAsync(ClaimsPrincipal subject, Client client, IEnumerable <string> scopes)
{
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
if (subject == null)
{
throw new ArgumentNullException(nameof(subject));
}
if (client.AllowRememberConsent)
{
var subjectId = subject.GetSubjectId();
var clientId = client.ClientId;
if (scopes != null && scopes.Any())
{
Logger.LogDebug("Client allows remembering consent, and consent given. Updating consent store for subject: {subject}", subject.GetSubjectId());
var consent = new Consent
{
CreationTime = Clock.UtcNow.UtcDateTime,
SubjectId = subjectId,
ClientId = clientId,
Scopes = scopes
};
if (client.ConsentLifetime.HasValue)
{
consent.Expiration = consent.CreationTime.AddSeconds(client.ConsentLifetime.Value);
}
await UserConsentStore.StoreUserConsentAsync(consent);
}
else
{
Logger.LogDebug("Client allows remembering consent, and no scopes provided. Removing consent from consent store for subject: {subject}", subject.GetSubjectId());
await UserConsentStore.RemoveUserConsentAsync(subjectId, clientId);
}
}
}
/// <summary>
/// Updates the consent asynchronous.
/// </summary>
/// <param name="client">The client.</param>
/// <param name="subject">The subject.</param>
/// <param name="scopes">The scopes.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">
/// client
/// or
/// subject
/// </exception>
public virtual async Task UpdateConsentAsync(ClaimsPrincipal subject, Client client, IEnumerable <string> scopes)
{
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
if (subject == null)
{
throw new ArgumentNullException(nameof(subject));
}
if (client.AllowRememberConsent)
{
var subjectId = subject.GetSubjectId();
var clientId = client.ClientId;
if (scopes != null && scopes.Any())
{
var consent = new Consent
{
CreationTime = _options.UtcNow,
SubjectId = subjectId,
ClientId = clientId,
Scopes = scopes
};
if (client.ConsentLifetime.HasValue)
{
consent.Expiration = consent.CreationTime.AddSeconds(client.ConsentLifetime.Value);
}
await _userConsentStore.StoreUserConsentAsync(consent);
}
else
{
await _userConsentStore.RemoveUserConsentAsync(subjectId, clientId);
}
}
}
public async Task GetAllGrantsAsync_should_return_all_grants()
{
await _userConsent.StoreUserConsentAsync(new Consent()
{
CreationTime = DateTime.UtcNow,
ClientId = "client1",
SubjectId = "123",
Scopes = new string[] { "foo1", "foo2" }
});
await _userConsent.StoreUserConsentAsync(new Consent()
{
CreationTime = DateTime.UtcNow,
ClientId = "client2",
SubjectId = "123",
Scopes = new string[] { "foo3" }
});
await _userConsent.StoreUserConsentAsync(new Consent()
{
CreationTime = DateTime.UtcNow,
ClientId = "client1",
SubjectId = "456",
Scopes = new string[] { "foo3" }
});
var handle1 = await _referenceTokens.StoreReferenceTokenAsync(new Token()
{
ClientId = "client1",
Audiences = { "aud" },
CreationTime = DateTime.UtcNow,
Type = "type",
Claims = new List <Claim>
{
new Claim("sub", "123"),
new Claim("scope", "bar1"),
new Claim("scope", "bar2")
}
});
var handle2 = await _referenceTokens.StoreReferenceTokenAsync(new Token()
{
ClientId = "client2",
Audiences = { "aud" },
CreationTime = DateTime.UtcNow,
Type = "type",
Claims = new List <Claim>
{
new Claim("sub", "123"),
new Claim("scope", "bar3")
}
});
var handle3 = await _referenceTokens.StoreReferenceTokenAsync(new Token()
{
ClientId = "client1",
Audiences = { "aud" },
CreationTime = DateTime.UtcNow,
Type = "type",
Claims = new List <Claim>
{
new Claim("sub", "456"),
new Claim("scope", "bar3")
}
});
var handle4 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
CreationTime = DateTime.UtcNow,
Lifetime = 10,
AccessToken = new Token
{
ClientId = "client1",
Audiences = { "aud" },
CreationTime = DateTime.UtcNow,
Type = "type",
Claims = new List <Claim>
{
new Claim("sub", "123"),
new Claim("scope", "baz1"),
new Claim("scope", "baz2")
}
},
Version = 1
});
var handle5 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
CreationTime = DateTime.UtcNow,
Lifetime = 10,
AccessToken = new Token
{
ClientId = "client1",
Audiences = { "aud" },
CreationTime = DateTime.UtcNow,
Type = "type",
Claims = new List <Claim>
{
new Claim("sub", "456"),
new Claim("scope", "baz3")
}
},
Version = 1
});
var handle6 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
CreationTime = DateTime.UtcNow,
Lifetime = 10,
AccessToken = new Token
{
ClientId = "client2",
Audiences = { "aud" },
CreationTime = DateTime.UtcNow,
Type = "type",
Claims = new List <Claim>
{
new Claim("sub", "123"),
new Claim("scope", "baz3")
}
},
Version = 1
});
var handle7 = await _codes.StoreAuthorizationCodeAsync(new AuthorizationCode()
{
ClientId = "client1",
CreationTime = DateTime.UtcNow,
Lifetime = 10,
Subject = _user,
CodeChallenge = "challenge",
RedirectUri = "http://client/cb",
Nonce = "nonce",
RequestedScopes = new string[] { "quux1", "quux2" }
});
var handle8 = await _codes.StoreAuthorizationCodeAsync(new AuthorizationCode()
{
ClientId = "client2",
CreationTime = DateTime.UtcNow,
Lifetime = 10,
Subject = _user,
CodeChallenge = "challenge",
RedirectUri = "http://client/cb",
Nonce = "nonce",
RequestedScopes = new string[] { "quux3" }
});
var handle9 = await _codes.StoreAuthorizationCodeAsync(new AuthorizationCode()
{
ClientId = "client1",
CreationTime = DateTime.UtcNow,
Lifetime = 10,
Subject = new IdentityServerUser("456").CreatePrincipal(),
CodeChallenge = "challenge",
RedirectUri = "http://client/cb",
Nonce = "nonce",
RequestedScopes = new string[] { "quux3" }
});
var grants = await _subject.GetAllGrantsAsync("123");
grants.Count().Should().Be(2);
var grant1 = grants.First(x => x.ClientId == "client1");
grant1.SubjectId.Should().Be("123");
grant1.ClientId.Should().Be("client1");
grant1.Scopes.ShouldBeEquivalentTo(new string[] { "foo1", "foo2", "bar1", "bar2", "baz1", "baz2", "quux1", "quux2" });
var grant2 = grants.First(x => x.ClientId == "client2");
grant2.SubjectId.Should().Be("123");
grant2.ClientId.Should().Be("client2");
grant2.Scopes.ShouldBeEquivalentTo(new string[] { "foo3", "bar3", "baz3", "quux3" });
}