public async Task <ActionResult> Index(PagerParameters pagerParameters)
{
if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications))
{
return(Unauthorized());
}
var siteSettings = await _siteService.GetSiteSettingsAsync();
var pager = new Pager(pagerParameters, siteSettings.PageSize);
var count = await _applicationManager.CountAsync();
var model = new OpenIdApplicationsIndexViewModel
{
Pager = (await New.Pager(pager)).TotalItemCount(count)
};
foreach (var application in await _applicationManager.ListAsync(pager.PageSize, pager.GetStartIndex()))
{
model.Applications.Add(new OpenIdApplicationEntry
{
DisplayName = await _applicationManager.GetDisplayNameAsync(application),
Id = await _applicationManager.GetPhysicalIdAsync(application)
});
}
return(View(model));
}
private async Task <IActionResult> ExchangeClientCredentialsGrantType(OpenIddictRequest request)
{
// Note: client authentication is always enforced by OpenIddict before this action is invoked.
var application = await _applicationManager.FindByClientIdAsync(request.ClientId) ??
throw new InvalidOperationException("The application details cannot be found.");
var identity = new ClaimsIdentity(
OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
Claims.Name, Claims.Role);
identity.AddClaim(OpenIdConstants.Claims.EntityType, OpenIdConstants.EntityTypes.Application,
Destinations.AccessToken, Destinations.IdentityToken);
identity.AddClaim(Claims.Subject, request.ClientId,
Destinations.AccessToken, Destinations.IdentityToken);
identity.AddClaim(Claims.Name,
await _applicationManager.GetDisplayNameAsync(application),
Destinations.AccessToken, Destinations.IdentityToken);
// If the role service is available, add all the role claims
// associated with the application roles in the database.
var roleService = HttpContext.RequestServices.GetService <IRoleService>();
foreach (var role in await _applicationManager.GetRolesAsync(application))
{
identity.AddClaim(identity.RoleClaimType, role,
Destinations.AccessToken, Destinations.IdentityToken);
if (roleService != null)
{
foreach (var claim in await roleService.GetRoleClaimsAsync(role))
{
identity.AddClaim(claim.SetDestinations(Destinations.AccessToken, Destinations.IdentityToken));
}
}
}
var principal = new ClaimsPrincipal(identity);
principal.SetResources(await GetResourcesAsync(request.GetScopes()));
return(SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme));
}
public async Task <IActionResult> Authorize(OpenIdConnectRequest request)
{
// Retrieve the claims stored in the authentication cookie.
// If they can't be extracted, redirect the user to the login page.
var result = await HttpContext.AuthenticateAsync();
if (result == null || !result.Succeeded || request.HasPrompt(OpenIddictConstants.Prompts.Login))
{
return(RedirectToLoginPage(request));
}
// If a max_age parameter was provided, ensure that the cookie is not too old.
// If it's too old, automatically redirect the user agent to the login page.
if (request.MaxAge != null && result.Properties.IssuedUtc != null &&
DateTimeOffset.UtcNow - result.Properties.IssuedUtc > TimeSpan.FromSeconds(request.MaxAge.Value))
{
return(RedirectToLoginPage(request));
}
var application = await _applicationManager.FindByClientIdAsync(request.ClientId);
if (application == null)
{
return(View("Error", new ErrorViewModel
{
Error = OpenIddictConstants.Errors.InvalidClient,
ErrorDescription = T["The specified 'client_id' parameter is invalid."]
}));
}
var authorizations = await _authorizationManager.FindAsync(
subject : _userManager.GetUserId(result.Principal),
client : await _applicationManager.GetIdAsync(application),
status : OpenIddictConstants.Statuses.Valid,
type : OpenIddictConstants.AuthorizationTypes.Permanent,
scopes : ImmutableArray.CreateRange(request.GetScopes()));
switch (await _applicationManager.GetConsentTypeAsync(application))
{
case OpenIddictConstants.ConsentTypes.External when authorizations.IsEmpty:
return(RedirectToClient(new OpenIdConnectResponse
{
Error = OpenIddictConstants.Errors.ConsentRequired,
ErrorDescription = T["The logged in user is not allowed to access this client application."]
}));
case OpenIddictConstants.ConsentTypes.Implicit:
case OpenIddictConstants.ConsentTypes.External when authorizations.Any():
case OpenIddictConstants.ConsentTypes.Explicit when authorizations.Any() &&
!request.HasPrompt(OpenIddictConstants.Prompts.Consent):
return(await IssueTokensAsync(result.Principal, request, application, authorizations.LastOrDefault()));
case OpenIddictConstants.ConsentTypes.Explicit when request.HasPrompt(OpenIddictConstants.Prompts.None):
return(RedirectToClient(new OpenIdConnectResponse
{
Error = OpenIddictConstants.Errors.ConsentRequired,
ErrorDescription = T["Interactive user consent is required."]
}));
default:
return(View(new AuthorizeViewModel
{
ApplicationName = await _applicationManager.GetDisplayNameAsync(application),
RequestId = request.RequestId,
Scope = request.Scope
}));
}
}
