public async Task OpenIdApplicationCanBeParsed(string recipeName, OpenIdApplicationDescriptor expected)
{
// Arrange
OpenIdApplicationDescriptor actual = null;
var appManagerMock = new Mock <IOpenIdApplicationManager>(MockBehavior.Strict);
appManagerMock.Setup(m =>
m.FindByClientIdAsync(
It.IsAny <string>(),
It.IsAny <CancellationToken>()))
.Returns(
new ValueTask <object>(actual));
appManagerMock.Setup(m =>
m.CreateAsync(
It.IsAny <OpenIdApplicationDescriptor>(),
It.IsAny <CancellationToken>()))
.Callback <object, CancellationToken>((app, c) =>
actual = (OpenIdApplicationDescriptor)app)
.Returns(
new ValueTask <object>(actual));
var step = new OpenIdApplicationStep(appManagerMock.Object);
var recipe = JObject.Parse(GetRecipeFileContent(recipeName));
var context = new RecipeExecutionContext
{
Name = recipe.Property("steps").Value.First.Value <string>("name"),
Step = (JObject)recipe.Property("steps").Value.First,
};
// Act
await step.ExecuteAsync(context);
// Assert
appManagerMock.Verify(m =>
m.FindByClientIdAsync(
It.Is <string>(ci => ci == expected.ClientId),
It.IsAny <CancellationToken>()));
appManagerMock.Verify(m =>
m.CreateAsync(
It.IsAny <OpenIdApplicationDescriptor>(),
It.IsAny <CancellationToken>()));
Assert.Equal(expected.ClientId, actual.ClientId);
Assert.Equal(expected.ClientSecret, actual.ClientSecret);
Assert.Equal(expected.ConsentType, actual.ConsentType);
Assert.Equal(expected.DisplayName, actual.DisplayName);
Assert.Equal(expected.Type, actual.Type);
Assert.Equal(expected.Permissions, actual.Permissions);
Assert.Equal(expected.PostLogoutRedirectUris, actual.PostLogoutRedirectUris);
Assert.Equal(expected.RedirectUris, actual.RedirectUris);
Assert.Equal(expected.Roles, actual.Roles);
}
public async Task <IActionResult> Edit(EditOpenIdApplicationViewModel model, string returnUrl = null)
{
if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications))
{
return(Unauthorized());
}
var application = await _applicationManager.FindByPhysicalIdAsync(model.Id);
if (application == null)
{
return(NotFound());
}
// If the application was a public client and is now a confidential client, ensure a client secret was provided.
if (string.IsNullOrEmpty(model.ClientSecret) &&
!string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase) &&
await _applicationManager.IsPublicAsync(application))
{
ModelState.AddModelError(nameof(model.ClientSecret), T["Setting a new client secret is required."]);
}
if (!string.IsNullOrEmpty(model.ClientSecret) &&
string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelError(nameof(model.ClientSecret), T["No client secret can be set for public applications."]);
}
if (ModelState.IsValid)
{
var other = await _applicationManager.FindByClientIdAsync(model.ClientId);
if (other != null && !string.Equals(
await _applicationManager.GetIdAsync(other),
await _applicationManager.GetIdAsync(application), StringComparison.Ordinal))
{
ModelState.AddModelError(nameof(model.ClientId), T["The client identifier is already taken by another application."]);
}
}
if (!ModelState.IsValid)
{
ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync();
ViewData["ReturnUrl"] = returnUrl;
return(View(model));
}
var descriptor = new OpenIdApplicationDescriptor();
await _applicationManager.PopulateAsync(descriptor, application);
descriptor.ClientId = model.ClientId;
descriptor.ConsentType = model.ConsentType;
descriptor.DisplayName = model.DisplayName;
descriptor.Type = model.Type;
if (!string.IsNullOrEmpty(model.ClientSecret))
{
descriptor.ClientSecret = model.ClientSecret;
}
if (string.Equals(descriptor.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.ClientSecret = null;
}
if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout);
}
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
if (model.AllowClientCredentialsFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow ||
model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Token);
}
descriptor.Roles.Clear();
foreach (string selectedRole in (model.RoleEntries
.Where(role => role.Selected)
.Select(role => role.Name)))
{
descriptor.Roles.Add(selectedRole);
}
descriptor.PostLogoutRedirectUris.Clear();
foreach (Uri uri in
(from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.PostLogoutRedirectUris.Add(uri);
}
descriptor.RedirectUris.Clear();
foreach (Uri uri in
(from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.RedirectUris.Add(uri);
}
await _applicationManager.UpdateAsync(application, descriptor);
if (string.IsNullOrEmpty(returnUrl))
{
return(RedirectToAction("Index"));
}
return(LocalRedirect(returnUrl));
}
public async Task <IActionResult> Create(CreateOpenIdApplicationViewModel model, string returnUrl = null)
{
if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications))
{
return(Unauthorized());
}
if (!string.IsNullOrEmpty(model.ClientSecret) &&
string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelError(nameof(model.ClientSecret), T["No client secret can be set for public applications."]);
}
else if (string.IsNullOrEmpty(model.ClientSecret) &&
string.Equals(model.Type, OpenIddictConstants.ClientTypes.Confidential, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelError(nameof(model.ClientSecret), T["The client secret is required for confidential applications."]);
}
if (!string.IsNullOrEmpty(model.ClientId) && await _applicationManager.FindByClientIdAsync(model.ClientId) != null)
{
ModelState.AddModelError(nameof(model.ClientId), T["The client identifier is already taken by another application."]);
}
if (!ModelState.IsValid)
{
ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync();
ViewData["ReturnUrl"] = returnUrl;
return(View(model));
}
var descriptor = new OpenIdApplicationDescriptor
{
ClientId = model.ClientId,
ClientSecret = model.ClientSecret,
ConsentType = model.ConsentType,
DisplayName = model.DisplayName,
Type = model.Type
};
if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout);
}
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
if (model.AllowClientCredentialsFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow ||
model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}
descriptor.PostLogoutRedirectUris.UnionWith(
from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute));
descriptor.RedirectUris.UnionWith(
from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute));
descriptor.Roles.UnionWith(model.RoleEntries
.Where(role => role.Selected)
.Select(role => role.Name));
await _applicationManager.CreateAsync(descriptor);
if (string.IsNullOrEmpty(returnUrl))
{
return(RedirectToAction("Index"));
}
return(LocalRedirect(returnUrl));
}
public static async Task UpdateDescriptorFromSettings(this IOpenIdApplicationManager _applicationManager, OpenIdApplicationSettings model, object application = null)
{
var descriptor = new OpenIdApplicationDescriptor();
if (application != null)
{
await _applicationManager.PopulateAsync(descriptor, application);
}
descriptor.ClientId = model.ClientId;
descriptor.ConsentType = model.ConsentType;
descriptor.DisplayName = model.DisplayName;
descriptor.Type = model.Type;
if (!string.IsNullOrEmpty(model.ClientSecret))
{
descriptor.ClientSecret = model.ClientSecret;
}
if (string.Equals(descriptor.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.ClientSecret = null;
}
if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout);
}
if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
if (model.AllowClientCredentialsFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
if (model.AllowHybridFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow ||
model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Token);
}
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Code);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken);
if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
if (model.AllowHybridFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);
if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
descriptor.Roles.Clear();
foreach (var role in model.Roles)
{
descriptor.Roles.Add(role);
}
descriptor.Permissions.RemoveWhere(permission => permission.StartsWith(OpenIddictConstants.Permissions.Prefixes.Scope));
foreach (var scope in model.Scopes)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Prefixes.Scope + scope);
}
descriptor.PostLogoutRedirectUris.Clear();
foreach (Uri uri in
(from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.PostLogoutRedirectUris.Add(uri);
}
descriptor.RedirectUris.Clear();
foreach (Uri uri in
(from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.RedirectUris.Add(uri);
}
if (application == null)
{
await _applicationManager.CreateAsync(descriptor);
}
else
{
await _applicationManager.UpdateAsync(application, descriptor);
}
}
public async Task OpenIdApplicationCanBeUpdated()
{
// Arrange
var recipeName = "app-recipe3";
var clientId = "a1";
var expected = new OpenIdApplicationDescriptor
{
ClientId = clientId,
DisplayName = "Expected Name"
};
expected.RedirectUris.UnionWith(new[] { new Uri("https://localhost/redirect") });
var actual = new OpenIdApplicationDescriptor
{
ClientId = clientId,
DisplayName = "Actual Name"
};
actual.RedirectUris.UnionWith(new[] { new Uri("https://localhost/x") });
actual.Roles.UnionWith(new[] { "x" });
actual.Permissions.UnionWith(new[] { $"{Permissions.Prefixes.Scope}x" });
var actualDb = new OpenIdApplication
{
ClientId = actual.ClientId,
DisplayName = actual.DisplayName,
RedirectUris = actual.RedirectUris.Select(u => u.AbsoluteUri).ToImmutableArray(),
Roles = actual.Roles.ToImmutableArray(),
Permissions = actual.Permissions.ToImmutableArray()
};
var appManagerMock = new Mock <IOpenIdApplicationManager>(MockBehavior.Strict);
appManagerMock.Setup(m =>
m.FindByClientIdAsync(
It.IsAny <string>(),
It.IsAny <CancellationToken>()))
.Returns(
new ValueTask <object>(actualDb));
appManagerMock.Setup(m =>
m.PopulateAsync(
It.IsAny <OpenIddictApplicationDescriptor>(),
It.IsAny <object>(),
It.IsAny <CancellationToken>()))
.Returns(
new ValueTask());
appManagerMock.Setup(m =>
m.UpdateAsync(
It.IsAny <object>(),
It.IsAny <OpenIdApplicationDescriptor>(),
It.IsAny <CancellationToken>()))
.Callback <object, OpenIddictApplicationDescriptor, CancellationToken>((app, desc, c) =>
actual = (OpenIdApplicationDescriptor)desc)
.Returns(
new ValueTask());
var step = new OpenIdApplicationStep(appManagerMock.Object);
var recipe = JObject.Parse(GetRecipeFileContent(recipeName));
var context = new RecipeExecutionContext
{
Name = recipe.Property("steps").Value.First.Value <string>("name"),
Step = (JObject)recipe.Property("steps").Value.First,
};
// Act
await step.ExecuteAsync(context);
// Assert
appManagerMock.Verify(m =>
m.FindByClientIdAsync(
It.Is <string>(ci => ci == expected.ClientId),
It.IsAny <CancellationToken>()));
appManagerMock.Verify(m =>
m.UpdateAsync(
It.IsAny <object>(),
It.IsAny <OpenIdApplicationDescriptor>(),
It.IsAny <CancellationToken>()));
Assert.Equal(expected.ClientId, actual.ClientId);
Assert.Equal(expected.ClientSecret, actual.ClientSecret);
Assert.Equal(expected.ConsentType, actual.ConsentType);
Assert.Equal(expected.DisplayName, actual.DisplayName);
Assert.Equal(expected.Type, actual.Type);
Assert.Equal(expected.Permissions, actual.Permissions);
Assert.Equal(expected.PostLogoutRedirectUris, actual.PostLogoutRedirectUris);
Assert.Equal(expected.RedirectUris, actual.RedirectUris);
Assert.Equal(expected.Roles, actual.Roles);
}
public async Task ExecuteAsync(RecipeExecutionContext context)
{
if (!string.Equals(context.Name, "OpenIdApplication", StringComparison.OrdinalIgnoreCase))
{
return;
}
var model = context.Step.ToObject <CreateOpenIdApplicationViewModel>();
var descriptor = new OpenIdApplicationDescriptor
{
ClientId = model.ClientId,
ClientSecret = model.ClientSecret,
ConsentType = model.ConsentType,
DisplayName = model.DisplayName,
Type = model.Type
};
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
if (model.AllowClientCredentialsFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow ||
model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}
descriptor.PostLogoutRedirectUris.UnionWith(
from uri in model.PostLogoutRedirectUris?.Split(' ', StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute));
descriptor.RedirectUris.UnionWith(
from uri in model.RedirectUris?.Split(' ', StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute));
descriptor.Roles.UnionWith(model.RoleEntries
.Where(role => role.Selected)
.Select(role => role.Name));
await _applicationManager.CreateAsync(descriptor);
}
public async Task ExecuteAsync(RecipeExecutionContext context)
{
if (!string.Equals(context.Name, "OpenIdApplication", StringComparison.OrdinalIgnoreCase))
{
return;
}
var model = context.Step.ToObject <OpenIdApplicationStepModel>();
var app = await _applicationManager.FindByClientIdAsync(model.ClientId);
var descriptor = new OpenIdApplicationDescriptor();
var isNew = true;
if (app != null)
{
isNew = false;
await _applicationManager.PopulateAsync(app, descriptor);
}
descriptor.ClientId = model.ClientId;
descriptor.ClientSecret = model.ClientSecret;
descriptor.ConsentType = model.ConsentType;
descriptor.DisplayName = model.DisplayName;
descriptor.Type = model.Type;
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
if (model.AllowClientCredentialsFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow ||
model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken);
if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
}
if (model.AllowHybridFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);
if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
}
if (!string.IsNullOrWhiteSpace(model.PostLogoutRedirectUris))
{
descriptor.PostLogoutRedirectUris.UnionWith(
model.PostLogoutRedirectUris
.Split(' ', StringSplitOptions.RemoveEmptyEntries)
.Select(u => new Uri(u, UriKind.Absolute)));
}
if (!string.IsNullOrWhiteSpace(model.RedirectUris))
{
descriptor.RedirectUris.UnionWith(
model.RedirectUris
.Split(' ', StringSplitOptions.RemoveEmptyEntries)
.Select(u => new Uri(u, UriKind.Absolute)));
}
if (model.RoleEntries != null)
{
descriptor.Roles.UnionWith(
model.RoleEntries
.Select(role => role.Name));
}
if (model.ScopeEntries != null)
{
descriptor.Permissions.UnionWith(
model.ScopeEntries
.Select(scope => OpenIddictConstants.Permissions.Prefixes.Scope + scope.Name));
}
if (isNew)
{
await _applicationManager.CreateAsync(descriptor);
}
else
{
await _applicationManager.UpdateAsync(app, descriptor);
}
}
