public OpenIddictController(
[NotNull] OpenIddictManager <TUser, TApplication> manager,
[NotNull] OpenIddictOptions options)
{
Manager = manager;
Options = options;
}
/// <summary>
/// Determines whether the refresh token flow has been enabled.
/// </summary>
/// <param name="options">The OpenIddict options.</param>
/// <returns><c>true</c> if the refresh token flow has been enabled, <c>false</c> otherwise.</returns>
public static bool IsRefreshTokenFlowEnabled([NotNull] this OpenIddictOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
return(options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken));
}
/// <summary>
/// Determines whether the authorization code flow has been enabled.
/// </summary>
/// <param name="options">The OpenIddict options.</param>
/// <returns><c>true</c> if the authorization code flow has been enabled, <c>false</c> otherwise.</returns>
public static bool IsAuthorizationCodeFlowEnabled([NotNull] this OpenIddictOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
return(options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode));
}
public void IsRefreshTokenFlowEnabled_ReturnsAppropriateResult(bool enabled)
{
// Arrange
var options = new OpenIddictOptions();
if (enabled)
{
options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.RefreshToken);
}
// Act and assert
Assert.Equal(enabled, options.IsRefreshTokenFlowEnabled());
}
public AuthorizationController(
UserManager <User> userManager,
IOptionsSnapshot <OpenIddictOptions> openIddictOptions,
SignInManager <User> signInManager,
IOptions <IdentityOptions> identityOptions,
OpenIddictScopeManager <OpenIddictScope> scopeManager,
AuthorizationServerDbContext context)
{
_userManager = userManager;
_signInManager = signInManager;
_scopeManager = scopeManager;
_context = context;
_identityOptions = identityOptions.Value;
_openIddictOptions = openIddictOptions.Get(OpenIdConnectServerDefaults.AuthenticationScheme);
}
public void Configure(string name, OpenIddictOptions options)
{
// Ignore OpenIddict handler instances that don't correspond to the instance managed by the OpenID module.
if (!string.Equals(name, OpenIdConnectServerDefaults.AuthenticationScheme, StringComparison.Ordinal))
{
return;
}
var settings = _openIdService.GetOpenIdSettingsAsync().GetAwaiter().GetResult();
if (!_openIdService.IsValidOpenIdSettings(settings))
{
return;
}
options.ProviderType = typeof(OpenIddictProvider <OpenIdApplication, OpenIdAuthorization, OpenIdScope, OpenIdToken>);
options.DataProtectionProvider = _dataProtectionProvider;
options.RequireClientIdentification = true;
options.EnableRequestCaching = true;
if (settings.AccessTokenFormat == OpenIdSettings.TokenFormat.JWT)
{
options.AccessTokenHandler = new JwtSecurityTokenHandler();
}
if (settings.TestingModeEnabled)
{
options.SigningCredentials.AddEphemeralKey();
options.AllowInsecureHttp = true;
}
else if (settings.CertificateStoreLocation.HasValue && settings.CertificateStoreName.HasValue && !string.IsNullOrEmpty(settings.CertificateThumbPrint))
{
try
{
options.AllowInsecureHttp = false;
options.SigningCredentials.Clear();
options.SigningCredentials.AddCertificate(settings.CertificateThumbPrint, settings.CertificateStoreName.Value, settings.CertificateStoreLocation.Value);
}
catch (Exception exception)
{
_logger.LogError("An error occurred while trying to register a X.509 certificate.", exception);
throw;
}
}
if (settings.EnableAuthorizationEndpoint)
{
options.AuthorizationEndpointPath = "/OrchardCore.OpenId/Access/Authorize";
}
if (settings.EnableTokenEndpoint)
{
options.TokenEndpointPath = "/OrchardCore.OpenId/Access/Token";
}
if (settings.EnableLogoutEndpoint)
{
options.LogoutEndpointPath = "/OrchardCore.OpenId/Access/Logout";
}
if (settings.EnableUserInfoEndpoint)
{
options.UserinfoEndpointPath = "/OrchardCore.OpenId/UserInfo/Me";
}
if (settings.AllowPasswordFlow)
{
options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.Password);
}
if (settings.AllowClientCredentialsFlow)
{
options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.ClientCredentials);
}
if (settings.AllowAuthorizationCodeFlow || settings.AllowHybridFlow)
{
options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.AuthorizationCode);
}
if (settings.AllowRefreshTokenFlow)
{
options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.RefreshToken);
}
if (settings.AllowImplicitFlow || settings.AllowHybridFlow)
{
options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.Implicit);
}
}
public void Configure(OpenIddictOptions options)
{
}
