public async Task <IActionResult> PostPermission([FromBody] EditApplicationPermissionViewModel req, [FromRoute] string aid) { var permValueMustUnique = fun((OpenIddictEntityFrameworkCoreApplication app, string permValue) => { var listPermissions = JsonConvert.DeserializeObject <System.Collections.Generic.HashSet <string> >(app.Permissions); if (listPermissions.Any(x => x == permValue)) { return(Fail <Error, (OpenIddictEntityFrameworkCoreApplication application, string availListP)>( $"Permission {permValue} does exist in application")); } listPermissions.Add(permValue); return(Success <Error, (OpenIddictEntityFrameworkCoreApplication application, string availListP)>((app, JsonConvert.SerializeObject(listPermissions)))); }); return(await(await GetExistApplicationById(aid), ShouldNotNullOrEmpty(req.Name), Functions.GetPermissionPrefix(req.Prefix)) .Apply((application, permName, permPrefix) => (app: application, permValue: $"{permPrefix}{permName}")) .Bind(x => permValueMustUnique(x.app, x.permValue)) .MatchAsync(async res => { res.application.Permissions = res.availListP; await _oidApplicationManager.UpdateAsync(res.application); return Success <Error, string>( $"Did modify new value {res.availListP} to permission field of application {res.application.DisplayName}"); }, errors => Fail <Error, string>(errors.Join())) .ToActionResultAsync()); }
public async Task <ActionResult <OpenIddictApplicationDescriptor> > SaveAsync(OpenIddictApplicationDescriptor descriptor) { descriptor.Permissions.Clear(); descriptor.Permissions.AddRange(_defaultPermissions); var app = await _manager.FindByClientIdAsync(descriptor.ClientId); if (app == null) {// create app = await _manager.CreateAsync(descriptor); await _manager.PopulateAsync(descriptor, app); } else {// update //prevent changing client secret descriptor.ClientSecret = app.ClientSecret; await _manager.PopulateAsync(app, descriptor); await _manager.UpdateAsync(app); } descriptor.ClientSecret = app.ClientSecret; return(descriptor); }
public async Task UpdateAsync(ApplicationClient update, CancellationToken cancellationToken) { var entity = await _applicationManager.FindByIdAsync(update.ClientId ?? update.Id.ToString(), cancellationToken); if (entity != null) { UpdateProperties(update, entity); await _applicationManager.UpdateAsync(entity, update.ClientSecret ?? "", cancellationToken); } }
public async Task UpdateAsync(ApplicationParam model) { if (string.IsNullOrWhiteSpace(model.Id)) { throw new InvalidOperationException(nameof(model.Id)); } var entity = await _manager.FindByIdAsync(model.Id); SimpleMapper.Map(model, entity); HandleCustomProperties(model, entity); await _manager.UpdateAsync(entity, model.ClientSecret); }
public async Task UpdateAsync(ApplicationParam model) { if (string.IsNullOrWhiteSpace(model.Id)) { throw new ArgumentNullException(nameof(model.Id)); } var entity = await _manager.FindByIdAsync(model.Id); SimpleMapper.Map <ApplicationParam, OpenIddictEntityFrameworkCoreApplication>(model, entity); HandleCustomProperties(model, entity); await _manager.UpdateAsync(entity, entity.ClientSecret); }
public async Task <IActionResult> Edit(EditOpenIdApplicationViewModel model, string returnUrl = null) { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageOpenIdApplications)) { return(Unauthorized()); } if (model.Type == ClientType.Public && !string.IsNullOrEmpty(model.ClientSecret)) { ModelState.AddModelError(nameof(model.ClientSecret), T["No client secret can be set for public applications."]); } else if (model.UpdateClientSecret) { var user = await _userManager.FindByNameAsync(User.Identity.Name); await ValidateClientSecretAsync(user, model.ClientSecret, (key, message) => ModelState.AddModelError(key, message)); } OpenIdApplication application = null; if (ModelState.IsValid) { application = await _applicationManager.FindByIdAsync(model.Id, HttpContext.RequestAborted); if (application == null) { return(NotFound()); } if (application.Type == ClientType.Public && model.Type == ClientType.Confidential && !model.UpdateClientSecret) { ModelState.AddModelError(nameof(model.UpdateClientSecret), T["Setting a new client secret is required"]); } } if (!ModelState.IsValid) { var openIdSettings = await _openIdService.GetOpenIdSettingsAsync(); if (!_openIdService.IsValidOpenIdSettings(openIdSettings)) { _notifier.Warning(H["OpenID Connect settings are not properly configured."]); } ViewData["OpenIdSettings"] = openIdSettings; ViewData["ReturnUrl"] = returnUrl; return(View(model)); } // If the application was confidential and is now public, the client secret must be reset. if (application.Type == ClientType.Confidential && model.Type == ClientType.Public) { model.UpdateClientSecret = true; model.ClientSecret = null; } application.DisplayName = model.DisplayName; application.RedirectUri = model.RedirectUri; application.LogoutRedirectUri = model.LogoutRedirectUri; application.ClientId = model.ClientId; application.Type = model.Type; application.SkipConsent = model.SkipConsent; application.AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow; application.AllowClientCredentialsFlow = model.AllowClientCredentialsFlow; application.AllowImplicitFlow = model.AllowImplicitFlow; application.AllowPasswordFlow = model.AllowPasswordFlow; application.AllowRefreshTokenFlow = model.AllowRefreshTokenFlow; application.AllowHybridFlow = model.AllowHybridFlow; application.RoleNames = new List <string>(); if (application.Type == ClientType.Confidential && application.AllowClientCredentialsFlow) { application.RoleNames = model.RoleEntries.Where(r => r.Selected).Select(r => r.Name).ToList(); } if (model.UpdateClientSecret) { await _applicationManager.UpdateAsync(application, model.ClientSecret, HttpContext.RequestAborted); } else { await _applicationManager.UpdateAsync(application, HttpContext.RequestAborted); } if (string.IsNullOrEmpty(returnUrl)) { return(RedirectToAction("Index")); } return(LocalRedirect(returnUrl)); }
public async Task InitializeAsync() { //if (await manager.FindByClientIdAsync("react") == null) //{ // var descriptor = new OpenIddictApplicationDescriptor // { // ClientId = "react", // ClientSecret = "react_secret", // DisplayName = "SPA client application", // PostLogoutRedirectUris = { new Uri("http://localhost:3000/signout-callback-oidc") }, // RedirectUris = { new Uri("http://localhost:3000/signin-oidc") }, // Permissions = // { // OpenIddictConstants.Permissions.Endpoints.Authorization, // OpenIddictConstants.Permissions.Endpoints.Logout, // OpenIddictConstants.Permissions.GrantTypes.Implicit // } // }; // await manager.CreateAsync(descriptor); //} var resourceServer = await manager.FindByClientIdAsync("resource_server"); if (resourceServer == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = "resource_server", ClientSecret = "resource_server_secret", Permissions = { OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.GrantTypes.ClientCredentials } }; await manager.CreateAsync(descriptor); } var mvcClient = await manager.FindByClientIdAsync("mvc_client"); if (mvcClient == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = "mvc_client", ClientSecret = "mvc_client_secret", DisplayName = "MVC Client application", PostLogoutRedirectUris = { new Uri($"{configuration["Client:BaseUrl"]}external/logout") }, RedirectUris = { new Uri($"{configuration["Client:BaseUrl"]}external/login") }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Logout, OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, OpenIddictConstants.Permissions.GrantTypes.RefreshToken } }; foreach (var scope in scopes.GetScopes()) { descriptor.Permissions.Add($"scp:{scope}"); } await manager.CreateAsync(descriptor); } else { var permissions = new JArray( OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Logout, OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, OpenIddictConstants.Permissions.GrantTypes.RefreshToken); foreach (var scope in scopes.GetScopes()) { permissions.Add($"scp:{scope}"); } mvcClient.Permissions = JsonConvert.SerializeObject(permissions); await manager.UpdateAsync(mvcClient); } var swagger = await manager.FindByClientIdAsync("swagger"); if (swagger == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = "swagger", DisplayName = "Swagger", RedirectUris = { new Uri(Combine(addressResolver.Resolve(), "/swagger/oauth2-redirect.html")) }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.GrantTypes.Implicit } }; foreach (var scope in scopes.GetScopes()) { descriptor.Permissions.Add($"scp:{scope}"); } await manager.CreateAsync(descriptor); } else { var permissions = new JArray(OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.GrantTypes.Implicit); foreach (var scope in scopes.GetScopes()) { permissions.Add($"scp:{scope}"); } swagger.Permissions = JsonConvert.SerializeObject(permissions); await manager.UpdateAsync(swagger); } }