public void Configure(OpenIddictServerOptions options)
{
var settings = GetServerSettingsAsync().GetAwaiter().GetResult();
if (settings == null)
{
return;
}
options.IgnoreScopePermissions = true;
options.Issuer = settings.Authority;
options.DisableAccessTokenEncryption = settings.DisableAccessTokenEncryption;
options.UseRollingRefreshTokens = settings.UseRollingRefreshTokens;
options.UseReferenceAccessTokens = settings.UseReferenceAccessTokens;
foreach (var key in _serverService.GetEncryptionKeysAsync().GetAwaiter().GetResult())
{
options.EncryptionCredentials.Add(new EncryptingCredentials(key,
SecurityAlgorithms.RsaOAEP, SecurityAlgorithms.Aes256CbcHmacSha512));
}
foreach (var key in _serverService.GetSigningKeysAsync().GetAwaiter().GetResult())
{
options.SigningCredentials.Add(new SigningCredentials(key, SecurityAlgorithms.RsaSha256));
}
if (settings.AuthorizationEndpointPath.HasValue)
{
options.AuthorizationEndpointUris.Add(new Uri(settings.AuthorizationEndpointPath.Value, UriKind.Relative));
}
if (settings.LogoutEndpointPath.HasValue)
{
options.LogoutEndpointUris.Add(new Uri(settings.LogoutEndpointPath.Value, UriKind.Relative));
}
if (settings.TokenEndpointPath.HasValue)
{
options.TokenEndpointUris.Add(new Uri(settings.TokenEndpointPath.Value, UriKind.Relative));
}
if (settings.UserinfoEndpointPath.HasValue)
{
options.UserinfoEndpointUris.Add(new Uri(settings.UserinfoEndpointPath.Value, UriKind.Relative));
}
options.GrantTypes.UnionWith(settings.GrantTypes);
options.Scopes.Add(Scopes.Email);
options.Scopes.Add(Scopes.Phone);
options.Scopes.Add(Scopes.Profile);
options.Scopes.Add(Scopes.Roles);
}
public void Configure(OpenIddictServerOptions options)
{
var settings = GetServerSettingsAsync().GetAwaiter().GetResult();
if (settings == null)
{
return;
}
options.Issuer = settings.Authority;
options.DisableAccessTokenEncryption = settings.DisableAccessTokenEncryption;
options.DisableRollingRefreshTokens = settings.DisableRollingRefreshTokens;
options.UseReferenceAccessTokens = settings.UseReferenceAccessTokens;
foreach (var key in _serverService.GetEncryptionKeysAsync().GetAwaiter().GetResult())
{
options.EncryptionCredentials.Add(new EncryptingCredentials(key,
SecurityAlgorithms.RsaOAEP, SecurityAlgorithms.Aes256CbcHmacSha512));
}
foreach (var key in _serverService.GetSigningKeysAsync().GetAwaiter().GetResult())
{
options.SigningCredentials.Add(new SigningCredentials(key, SecurityAlgorithms.RsaSha256));
}
if (settings.AuthorizationEndpointPath.HasValue)
{
options.AuthorizationEndpointUris.Add(new Uri(settings.AuthorizationEndpointPath.Value, UriKind.Relative));
}
if (settings.LogoutEndpointPath.HasValue)
{
options.LogoutEndpointUris.Add(new Uri(settings.LogoutEndpointPath.Value, UriKind.Relative));
}
if (settings.TokenEndpointPath.HasValue)
{
options.TokenEndpointUris.Add(new Uri(settings.TokenEndpointPath.Value, UriKind.Relative));
}
if (settings.UserinfoEndpointPath.HasValue)
{
options.UserinfoEndpointUris.Add(new Uri(settings.UserinfoEndpointPath.Value, UriKind.Relative));
}
if (settings.IntrospectionEndpointPath.HasValue)
{
options.IntrospectionEndpointUris.Add(new Uri(settings.IntrospectionEndpointPath.Value, UriKind.Relative));
}
if (settings.RevocationEndpointPath.HasValue)
{
options.RevocationEndpointUris.Add(new Uri(settings.RevocationEndpointPath.Value, UriKind.Relative));
}
// For now, response types and response modes are not directly
// configurable and are inferred from the selected flows.
if (settings.AllowAuthorizationCodeFlow)
{
options.CodeChallengeMethods.Add(CodeChallengeMethods.Sha256);
options.GrantTypes.Add(GrantTypes.AuthorizationCode);
options.ResponseModes.Add(ResponseModes.FormPost);
options.ResponseModes.Add(ResponseModes.Fragment);
options.ResponseModes.Add(ResponseModes.Query);
options.ResponseTypes.Add(ResponseTypes.Code);
}
if (settings.AllowClientCredentialsFlow)
{
options.GrantTypes.Add(GrantTypes.ClientCredentials);
}
if (settings.AllowHybridFlow)
{
options.CodeChallengeMethods.Add(CodeChallengeMethods.Sha256);
options.GrantTypes.Add(GrantTypes.AuthorizationCode);
options.GrantTypes.Add(GrantTypes.Implicit);
options.ResponseModes.Add(ResponseModes.FormPost);
options.ResponseModes.Add(ResponseModes.Fragment);
options.ResponseTypes.Add(ResponseTypes.Code + ' ' + ResponseTypes.IdToken);
options.ResponseTypes.Add(ResponseTypes.Code + ' ' + ResponseTypes.IdToken + ' ' + ResponseTypes.Token);
options.ResponseTypes.Add(ResponseTypes.Code + ' ' + ResponseTypes.Token);
}
if (settings.AllowImplicitFlow)
{
options.GrantTypes.Add(GrantTypes.Implicit);
options.ResponseModes.Add(ResponseModes.FormPost);
options.ResponseModes.Add(ResponseModes.Fragment);
options.ResponseTypes.Add(ResponseTypes.IdToken);
options.ResponseTypes.Add(ResponseTypes.IdToken + ' ' + ResponseTypes.Token);
options.ResponseTypes.Add(ResponseTypes.Token);
}
if (settings.AllowPasswordFlow)
{
options.GrantTypes.Add(GrantTypes.Password);
}
if (settings.AllowRefreshTokenFlow)
{
options.GrantTypes.Add(GrantTypes.RefreshToken);
options.Scopes.Add(Scopes.OfflineAccess);
}
options.RequireProofKeyForCodeExchange = settings.RequireProofKeyForCodeExchange;
options.Scopes.Add(Scopes.Email);
options.Scopes.Add(Scopes.Phone);
options.Scopes.Add(Scopes.Profile);
options.Scopes.Add(Scopes.Roles);
}