public async Task Run(String url, String clientSecretFile, String clientCredsSecretFile) { var clientSecret = clientSecretFile != null?TrimNewLine(File.ReadAllText(clientSecretFile)) : appConfig.DefaultSecret; var clientCredsSecret = clientCredsSecretFile != null?TrimNewLine(File.ReadAllText(clientCredsSecretFile)) : appConfig.DefaultSecret; var scopeMeta = await metadataClient.ScopeAsync(url); var scope = mapper.Map <ApiResourceInput>(scopeMeta); var clientMeta = await metadataClient.ClientAsync(url); var client = mapper.Map <ClientInput>(clientMeta); var clientCredsMeta = await metadataClient.ClientCredentialsAsync(url); var clientCreds = mapper.Map <ClientInput>(clientCredsMeta); await apiResourceRepository.AddOrUpdate(scope); await clientRepository.AddOrUpdateWithSecret(client, clientSecret); await clientRepository.AddOrUpdateWithSecret(clientCreds, clientCredsSecret); logger.LogInformation($"Updated app from '{url}' with latest metadata."); if (clientSecretFile != null) { logger.LogInformation($"Loaded client secret file '{clientSecretFile}'."); } else { logger.LogWarning("Used default client secret. This is not suitable for production. This could allow attackers to grant access tokens for users."); } if (clientCredsSecretFile != null) { logger.LogInformation($"Loaded client creds secret file '{clientCredsSecretFile}'"); } else { logger.LogWarning("Used default client creds secret. This is not suitable for production. This could allow attackers to log in as your client app."); } }
public async Task <ApiResourceMetadataView> FromMetadata([FromQuery] MetadataLookup lookupInfo, [FromServices] IMetadataClient client, [FromServices] IMapper mapper) { return(mapper.Map <ApiResourceMetadataView>(await client.ScopeAsync(lookupInfo.TargetUrl))); }