Example #1
0
        public async Task <Oauth2Client> ApplyClientDefinitionAsync(Oauth2ClientSubmit oauth2ClientSubmit, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
        {
            logger.Debug($"[client.clientId: '{oauth2ClientSubmit.ClientId}']: Applying client definition for client: '{oauth2ClientSubmit.ClientId}'.");
            IdentityServer4.EntityFramework.Entities.Client client = await identityClientRepository.GetByClientIdAsync(oauth2ClientSubmit.ClientId);

            bool newClient = false;

            if (client == null)
            {
                client    = new IdentityServer4.EntityFramework.Entities.Client();
                newClient = true;
            }

            client.AllowOfflineAccess = oauth2ClientSubmit.AllowedOfflineAccess;
            client.ClientId           = oauth2ClientSubmit.ClientId;
            client.ClientName         = oauth2ClientSubmit.Name;

            // The following properties of clients are not externally configurable, but we do need to add them th clients to get the desired behaviour.
            client.UpdateAccessTokenClaimsOnRefresh = true;
            client.AlwaysSendClientClaims           = true;
            client.AlwaysIncludeUserClaimsInIdToken = true;
            client.RequireConsent = false;

            if (oauth2ClientSubmit.AccessTokenLifetime > 0)
            {
                client.AccessTokenLifetime = oauth2ClientSubmit.AccessTokenLifetime;
            }

            if (oauth2ClientSubmit.IdentityTokenLifetime > 0)
            {
                client.IdentityTokenLifetime = oauth2ClientSubmit.IdentityTokenLifetime;
            }

            client.RefreshTokenExpiration = (int)TokenExpiration.Absolute;
            client.RefreshTokenUsage      = (int)TokenUsage.OneTimeOnly;

            ApplyClientAllowedScopes(client, oauth2ClientSubmit);
            ApplyClientAllowedGrantTypes(client, oauth2ClientSubmit);
            ApplyClientSecrets(client, oauth2ClientSubmit);
            ApplyClientRedirectUris(client, oauth2ClientSubmit);
            ApplyClientPostLogoutRedirectUris(client, oauth2ClientSubmit);
            ApplyClientAllowedCorsOrigins(client, oauth2ClientSubmit, dryRun, securityContractDryRunResult);

            if (newClient)
            {
                logger.Debug($"[client.clientId: '{oauth2ClientSubmit.ClientId}']: Client '{oauth2ClientSubmit.ClientId}' does not exist. Creating it.");
                return(mapper.Map <Oauth2Client>(await identityClientRepository.CreateAsync(client)));
            }

            logger.Debug($"[client.clientId: '{oauth2ClientSubmit.ClientId}']: Client '{oauth2ClientSubmit.ClientId}' already exists. Updating it.");
            return(mapper.Map <Oauth2Client>(await identityClientRepository.UpdateAsync(client)));
        }
Example #2
0
 public async Task <Oauth2Client> GetByClientIdAsync(string clientId)
 {
     return(mapper.Map <Oauth2Client>(await identityClientRepository.GetByClientIdAsync(clientId)));
 }
Example #3
0
        public async Task <Oauth2Client> ApplyClientDefinitionAsync(Oauth2ClientSubmit oauth2ClientSubmit)
        {
            logger.Debug($"Applying client definition for client: '{oauth2ClientSubmit.Name}'.");
            IdentityServer4.EntityFramework.Entities.Client client = await identityClientRepository.GetByClientIdAsync(oauth2ClientSubmit.ClientId);

            bool newClient = false;

            if (client == null)
            {
                client    = new IdentityServer4.EntityFramework.Entities.Client();
                newClient = true;
            }

            client.AllowOfflineAccess = oauth2ClientSubmit.AllowedOfflineAccess;
            client.ClientId           = oauth2ClientSubmit.ClientId;
            client.ClientName         = oauth2ClientSubmit.Name;

            // The following properties of clients are not externally configurable, but we do need to add them th clients to get the desired behaviour.
            client.UpdateAccessTokenClaimsOnRefresh = true;
            client.AlwaysSendClientClaims           = true;
            client.AlwaysIncludeUserClaimsInIdToken = true;
            client.RequireConsent = false;

            client.AllowedScopes = new List <ClientScope>();

            foreach (var clientScope in oauth2ClientSubmit.AllowedScopes)
            {
                client.AllowedScopes.Add(new ClientScope {
                    Client = client,
                    Scope  = clientScope
                });
            }

            client.AllowedGrantTypes = new List <ClientGrantType>();

            foreach (var grantType in oauth2ClientSubmit.AllowedGrantTypes)
            {
                client.AllowedGrantTypes.Add(new ClientGrantType
                {
                    Client    = client,
                    GrantType = grantType
                });
            }

            client.ClientSecrets = new List <ClientSecret>();

            if (oauth2ClientSubmit.HashedClientSecrets != null && oauth2ClientSubmit.HashedClientSecrets.Count > 0)
            {
                foreach (var hashedClientSecret in oauth2ClientSubmit.HashedClientSecrets)
                {
                    client.ClientSecrets.Add(new ClientSecret
                    {
                        Client = client,
                        Value  = hashedClientSecret
                    });
                }
            }
            else
            {
                foreach (var clientSecret in oauth2ClientSubmit.ClientSecrets)
                {
                    client.ClientSecrets.Add(new ClientSecret
                    {
                        Client = client,
                        Value  = clientSecret.Sha256()
                    });
                }
            }

            client.RedirectUris = new List <ClientRedirectUri>();

            foreach (var redirectUri in oauth2ClientSubmit.RedirectUris)
            {
                client.RedirectUris.Add(new ClientRedirectUri
                {
                    Client      = client,
                    RedirectUri = redirectUri
                });
            }

            client.PostLogoutRedirectUris = new List <ClientPostLogoutRedirectUri>();

            foreach (var postLogoutRedirectUri in oauth2ClientSubmit.PostLogoutRedirectUris)
            {
                client.PostLogoutRedirectUris.Add(new ClientPostLogoutRedirectUri
                {
                    Client = client,
                    PostLogoutRedirectUri = postLogoutRedirectUri
                });
            }

            client.AllowedCorsOrigins = new List <ClientCorsOrigin>();

            foreach (var corsOrigin in oauth2ClientSubmit.AllowedCorsOrigins)
            {
                client.AllowedCorsOrigins.Add(new ClientCorsOrigin {
                    Client = client,
                    Origin = corsOrigin
                });
            }

            if (newClient)
            {
                logger.Debug($"Client '{oauth2ClientSubmit.Name}' does not exist. Creating it.");
                return(mapper.Map <Oauth2Client>(await identityClientRepository.CreateAsync(client)));
            }

            logger.Debug($"Client '{oauth2ClientSubmit.Name}' already exists. Updating it.");
            return(mapper.Map <Oauth2Client>(await identityClientRepository.UpdateAsync(client)));
        }