public Task<Dictionary<string, object>> ProcessAsync(IntrospectionRequestValidationResult validationResult, Scope scope)
{
_logger.LogVerbose("Creating introspection response");
var response = new Dictionary<string, object>();
if (validationResult.IsActive == false)
{
_logger.LogInformation("Creating introspection response for inactive token.");
response.Add("active", false);
return Task.FromResult(response);
}
if (scope.AllowUnrestrictedIntrospection)
{
_logger.LogInformation("Creating unrestricted introspection response for active token.");
response = validationResult.Claims.ToClaimsDictionary();
response.Add("active", true);
}
else
{
_logger.LogInformation("Creating restricted introspection response for active token.");
response = validationResult.Claims.Where(c => c.Type != JwtClaimTypes.Scope).ToClaimsDictionary();
response.Add("active", true);
response.Add("scope", scope.Name);
}
return Task.FromResult(response);
}
public void CanSerializeAndDeserializeAScope()
{
var s1 = new Scope
{
Name = "email",
Required = true,
Type = ScopeType.Identity,
Emphasize = true,
DisplayName = "email foo",
Description = "desc foo",
Claims = new List<ScopeClaim> {
new ScopeClaim{Name = "email", Description = "email"}
}
};
var s2 = new Scope
{
Name = "read",
Required = true,
Type = ScopeType.Resource,
Emphasize = true,
DisplayName = "foo",
Description = "desc",
};
var converter = new ScopeConverter(new InMemoryScopeStore(new Scope[] { s1, s2 }));
var settings = new JsonSerializerSettings();
settings.Converters.Add(converter);
var json = JsonConvert.SerializeObject(s1, settings);
var result = JsonConvert.DeserializeObject<Scope>(json, settings);
Assert.Same(s1, result);
}
public ScopeViewModel(ILocalizationService localization, Scope scope, bool check)
{
Name = scope.Name;
DisplayName = localization.GetScopeDisplayName(scope.Name) ?? scope.DisplayName;
Description = localization.GetScopeDescription(scope.Name) ?? scope.Description;
Emphasize = scope.Emphasize;
Required = scope.Required;
Checked = check || scope.Required;
}
public void AutomapperConfigurationIsValid()
{
Models.Scope s = new Models.Scope();
var e = Models.MappingExtensions.ToEntity<int>(s);
var s2 = new Scope<int>
{
ScopeClaims = new HashSet<ScopeClaim<int>>()
};
var m = s2.ToModel();
Mapper.AssertConfigurationIsValid();
}
public async Task<IntrospectionRequestValidationResult> ValidateAsync(NameValueCollection parameters, Scope scope)
{
var fail = new IntrospectionRequestValidationResult { IsError = true };
// retrieve required token
var token = parameters.Get("token");
if (token == null)
{
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.MissingToken;
return fail;
}
// validate token
var tokenValidationResult = await _tokenValidator.ValidateAccessTokenAsync(token);
// invalid or unknown token
if (tokenValidationResult.IsError)
{
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidToken;
fail.Token = token;
return fail;
}
// check expected scope
var expectedScope = tokenValidationResult.Claims.FirstOrDefault(
c => c.Type == Constants.ClaimTypes.Scope && c.Value == scope.Name);
// expected scope not present
if (expectedScope == null)
{
fail.IsActive = false;
fail.IsError = true;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidScope;
fail.Token = token;
return fail;
}
// all is good
var success = new IntrospectionRequestValidationResult
{
IsActive = true,
IsError = false,
Token = token,
Claims = tokenValidationResult.Claims
};
return success;
}
public void AutomapperConfigurationIsValid()
{
Models.Scope s = new Models.Scope();
Models.MappingExtensions.ToEntity <int>(s);
var s2 = new Scope <int>
{
ScopeClaims = new HashSet <ScopeClaim <int> >()
};
s2.ToModel();
Mapper.AssertConfigurationIsValid();
}
public ViewResult Submit()
{
Context.Database.EnsureDeleted();
Context.Database.EnsureCreated();
foreach (var field in typeof(Constants.ClaimTypes).GetTypeInfo().DeclaredFields)
{
Context.ClaimDefinitions.Add(new ClaimDefinition<Int32>() { Name = field.Name });
}
Context.SaveChanges();
foreach (var scope in IDS4.StandardScopes.AllAlwaysInclude)
{
_scopeStore.CreateScopeAsync(scope).Wait();
}
_scopeStore.CreateScopeAsync(IDS4.StandardScopes.OfflineAccess).Wait();
_scopeStore.CreateScopeAsync(IDS4.StandardScopes.Roles).Wait();
var ScopeApi1 = new IDS4.Scope
{
Name = "api1",
DisplayName = "API 1",
Description = "API 1 features and data",
Type = IDS4.ScopeType.Resource,
ScopeSecrets = new List<IDS4.Secret>
{
new IDS4.Secret(IDS4.HashExtensions.Sha256("secret"))
},
Claims = new List<IDS4.ScopeClaim>
{
new IDS4. ScopeClaim("role")
}
};
var ScopeApi2 = new IDS4.Scope
{
Name = "api2",
DisplayName = "API 2",
Description = "API 2 features and data, which are better than API 1",
Type = IDS4.ScopeType.Resource
};
_scopeStore.CreateScopeAsync(ScopeApi1).Wait();
_scopeStore.CreateScopeAsync(ScopeApi2).Wait();
///////////////////////////////////////////
// Console Client Credentials Flow Sample
//////////////////////////////////////////
var client = new IDS4.Client
{
ClientId = "client",
ClientSecrets = new List<IDS4.Secret>
{
new IDS4.Secret(IDS4.HashExtensions.Sha256("secret"))
},
Flow = IDS4.Flows.ClientCredentials,
AllowedScopes = new List<String>
{
ScopeApi1.Name,
ScopeApi2.Name
}
};
_clientStore.CreateClientAsync(client).Wait();
///////////////////////////////////////////
// Console Resource Owner Flow Sample
//////////////////////////////////////////
var roclient = new IDS4.Client
{
ClientId = "roclient",
ClientSecrets = new List<IDS4.Secret>
{
new IDS4.Secret(IDS4.HashExtensions.Sha256("secret") )
},
Flow = IDS4.Flows.ResourceOwner,
AllowedScopes = new List<String>
{
IDS4.StandardScopes.OpenId.Name ,
IDS4.StandardScopes.Email.Name ,
IDS4.StandardScopes.OfflineAccess.Name,
ScopeApi1.Name,
ScopeApi2.Name
}
};
_clientStore.CreateClientAsync(roclient).Wait();
///////////////////////////////////////////
// Console Client Credentials Flow Sample
//////////////////////////////////////////
var client_custom = new IDS4.Client
{
ClientId = "client.custom",
ClientSecrets = new List<IDS4.Secret>
{
new IDS4.Secret( IDS4.HashExtensions.Sha256("secret"))
},
Flow = IDS4.Flows.Custom,
AllowedCustomGrantTypes = new List<String>
{
"custom"
},
AllowedScopes = new List<String>
{
ScopeApi1.Name,
ScopeApi2.Name
}
};
_clientStore.CreateClientAsync(client_custom).Wait();
///////////////////////////////////////////
// Introspection Client Sample
//////////////////////////////////////////
var roclient_reference = new IDS4.Client
{
ClientId = "roclient.reference",
ClientSecrets = new List<IDS4.Secret>
{
new IDS4.Secret(IDS4.HashExtensions.Sha256("secret"))
},
Flow = IDS4.Flows.ResourceOwner,
AllowedScopes = new List<String>
{
ScopeApi1.Name,
ScopeApi2.Name
},
AccessTokenType = IDS4.AccessTokenType.Reference
};
_clientStore.CreateClientAsync(roclient_reference).Wait();
///////////////////////////////////////////
// MVC Implicit Flow Samples
//////////////////////////////////////////
var mvc_implicit = new IDS4.Client
{
ClientId = "mvc_implicit",
ClientName = "MVC Implicit",
ClientUri = "http://identityserver.io",
Flow = IDS4.Flows.Implicit,
RedirectUris = new List<String>
{
"http://*****:*****@email.com"),
new SSC.Claim(Constants.ClaimTypes.EmailVerified, "true", SSC.ClaimValueTypes.Boolean),
new SSC.Claim(Constants.ClaimTypes.Role, "Developer"),
new SSC.Claim(Constants.ClaimTypes.Role, "Geek"),
new SSC.Claim(Constants.ClaimTypes.WebSite, "http://bob.com"),
new SSC.Claim(
Constants.ClaimTypes.Address,
@"{ 'street_address': 'One Hacker Way', 'locality': 'Heidelberg', 'postal_code': 69118, 'country': 'Germany' }",
Constants.ClaimValueTypes.Json)
}
).Wait();
_userManager.CreateAsync(BobUser).Wait();
var AliceUser = new User<Int32>
{
Name = "alice",
Password = "******"
};
_userManager.AddClaimsAsync(
AliceUser,
new SSC.Claim[]
{
new SSC.Claim(Constants.ClaimTypes.Name, "Alice Smith"),
new SSC.Claim(Constants.ClaimTypes.GivenName, "Alice") ,
new SSC.Claim(Constants.ClaimTypes.FamilyName, "Smith"),
new SSC.Claim(Constants.ClaimTypes.Email, "*****@*****.**"),
new SSC.Claim(Constants.ClaimTypes.EmailVerified, "true", SSC.ClaimValueTypes.Boolean),
new SSC.Claim(Constants.ClaimTypes.Role, "Admin"),
new SSC.Claim(Constants.ClaimTypes.Role, "Geek"),
new SSC.Claim(Constants.ClaimTypes.WebSite, "http://alice.com"),
new SSC.Claim(
Constants.ClaimTypes.Address,
@"{ 'street_address': 'One Hacker Way', 'locality': 'Heidelberg', 'postal_code': 69118, 'country': 'Germany' }",
Constants.ClaimValueTypes.Json
)
}
).Wait();
_userManager.CreateAsync(AliceUser).Wait();
return View("Home");
}