public async Task <IActionResult> CreateClient([FromBody] CreateClientRequest request)
{
var client = CreateForType(request.ClientType, _generalSettings.Authority, request);
_configurationDbContext.Clients.Add(client);
_configurationDbContext.ClientUsers.Add(new ClientUser {
Client = client,
UserId = UserId
});
await _configurationDbContext.SaveChangesAsync();
var response = new ClientInfo {
ClientId = client.ClientId,
ClientName = client.ClientName,
ClientUri = client.ClientUri,
Description = client.Description,
AllowRememberConsent = client.AllowRememberConsent,
Enabled = client.Enabled,
LogoUri = client.LogoUri,
RequireConsent = client.RequireConsent
};
if (_apiEndpointsOptions.CanRaiseEvents)
{
await _eventService.Raise(new ClientCreatedEvent(response));
}
return(CreatedAtAction(nameof(GetClient), new { clientId = client.ClientId }, response));
}
/// <summary>
/// Creates default client configuration based on <see cref="ClientType"/>.
/// </summary>
/// <param name="clientType">The type of the client.</param>
/// <param name="authorityUri">The IdentityServer instance URI.</param>
/// <param name="clientRequest">Client information provided by the user.</param>
private Entities.Client CreateForType(ClientType clientType, string authorityUri, CreateClientRequest clientRequest) {
var client = new Entities.Client {
ClientId = clientRequest.ClientId,
ClientName = clientRequest.ClientName,
Description = clientRequest.Description,
ClientUri = clientRequest.ClientUri,
LogoUri = clientRequest.LogoUri,
RequireConsent = clientRequest.RequireConsent,
BackChannelLogoutSessionRequired = true,
AllowedScopes = clientRequest.IdentityResources.Union(clientRequest.ApiResources).Select(scope => new ClientScope {
Scope = scope
})
.ToList()
};
if (!string.IsNullOrEmpty(clientRequest.RedirectUri)) {
client.RedirectUris = new List<ClientRedirectUri> {
new ClientRedirectUri {
RedirectUri = clientRequest.RedirectUri
}
};
}
if (!string.IsNullOrEmpty(clientRequest.PostLogoutRedirectUri)) {
client.PostLogoutRedirectUris = new List<ClientPostLogoutRedirectUri> {
new ClientPostLogoutRedirectUri {
PostLogoutRedirectUri = clientRequest.PostLogoutRedirectUri
}
};
}
if (clientRequest.Secrets.Any()) {
client.ClientSecrets = clientRequest.Secrets.Select(x => new ClientSecret {
Type = $"{x.Type}",
Description = x.Description,
Expiration = x.Expiration,
Value = x.Value.ToSha256()
})
.ToList();
}
switch (clientType) {
case ClientType.SPA:
client.AllowedGrantTypes = new List<ClientGrantType> {
new ClientGrantType {
GrantType = GrantType.AuthorizationCode
}
};
client.RequirePkce = true;
client.RequireClientSecret = false;
client.AllowedCorsOrigins = new List<ClientCorsOrigin> {
new ClientCorsOrigin {
Origin = clientRequest.ClientUri ?? authorityUri
}
};
break;
case ClientType.WebApp:
client.AllowedGrantTypes = new List<ClientGrantType> {
new ClientGrantType {
GrantType = GrantType.Hybrid
}
};
client.RequirePkce = true;
break;
case ClientType.Native:
client.AllowedGrantTypes = new List<ClientGrantType> {
new ClientGrantType {
GrantType = GrantType.AuthorizationCode
}
};
client.RequirePkce = true;
client.RequireClientSecret = false;
break;
case ClientType.Machine:
client.AllowedGrantTypes = new List<ClientGrantType> {
new ClientGrantType {
GrantType = GrantType.ClientCredentials
}
};
client.RequireConsent = false;
break;
case ClientType.Device:
client.AllowedGrantTypes = new List<ClientGrantType> {
new ClientGrantType {
GrantType = GrantType.DeviceFlow
}
};
break;
case ClientType.SPALegacy:
client.AllowedGrantTypes = new List<ClientGrantType> {
new ClientGrantType {
GrantType = GrantType.Implicit
}
};
client.RequirePkce = false;
client.RequireClientSecret = false;
client.AllowAccessTokensViaBrowser = true;
client.AllowedCorsOrigins = new List<ClientCorsOrigin> {
new ClientCorsOrigin {
Origin = clientRequest.ClientUri ?? authorityUri
}
};
break;
default:
throw new ArgumentNullException(nameof(clientType), "Cannot determine the type of the client.");
}
return client;
}