public async Task OpenIdApplicationCanBeParsed(string recipeName, OpenIdApplicationDescriptor expected) { // Arrange OpenIdApplicationDescriptor actual = null; var appManagerMock = new Mock <IOpenIdApplicationManager>(MockBehavior.Strict); appManagerMock.Setup(m => m.FindByClientIdAsync( It.IsAny <string>(), It.IsAny <CancellationToken>())) .Returns( new ValueTask <object>(actual)); appManagerMock.Setup(m => m.CreateAsync( It.IsAny <OpenIdApplicationDescriptor>(), It.IsAny <CancellationToken>())) .Callback <object, CancellationToken>((app, c) => actual = (OpenIdApplicationDescriptor)app) .Returns( new ValueTask <object>(actual)); var step = new OpenIdApplicationStep(appManagerMock.Object); var recipe = JObject.Parse(GetRecipeFileContent(recipeName)); var context = new RecipeExecutionContext { Name = recipe.Property("steps").Value.First.Value <string>("name"), Step = (JObject)recipe.Property("steps").Value.First, }; // Act await step.ExecuteAsync(context); // Assert appManagerMock.Verify(m => m.FindByClientIdAsync( It.Is <string>(ci => ci == expected.ClientId), It.IsAny <CancellationToken>())); appManagerMock.Verify(m => m.CreateAsync( It.IsAny <OpenIdApplicationDescriptor>(), It.IsAny <CancellationToken>())); Assert.Equal(expected.ClientId, actual.ClientId); Assert.Equal(expected.ClientSecret, actual.ClientSecret); Assert.Equal(expected.ConsentType, actual.ConsentType); Assert.Equal(expected.DisplayName, actual.DisplayName); Assert.Equal(expected.Type, actual.Type); Assert.Equal(expected.Permissions, actual.Permissions); Assert.Equal(expected.PostLogoutRedirectUris, actual.PostLogoutRedirectUris); Assert.Equal(expected.RedirectUris, actual.RedirectUris); Assert.Equal(expected.Roles, actual.Roles); }
public async Task <IActionResult> Edit(EditOpenIdApplicationViewModel model, string returnUrl = null) { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications)) { return(Unauthorized()); } var application = await _applicationManager.FindByPhysicalIdAsync(model.Id); if (application == null) { return(NotFound()); } // If the application was a public client and is now a confidential client, ensure a client secret was provided. if (string.IsNullOrEmpty(model.ClientSecret) && !string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase) && await _applicationManager.IsPublicAsync(application)) { ModelState.AddModelError(nameof(model.ClientSecret), T["Setting a new client secret is required."]); } if (!string.IsNullOrEmpty(model.ClientSecret) && string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { ModelState.AddModelError(nameof(model.ClientSecret), T["No client secret can be set for public applications."]); } if (ModelState.IsValid) { var other = await _applicationManager.FindByClientIdAsync(model.ClientId); if (other != null && !string.Equals( await _applicationManager.GetIdAsync(other), await _applicationManager.GetIdAsync(application), StringComparison.Ordinal)) { ModelState.AddModelError(nameof(model.ClientId), T["The client identifier is already taken by another application."]); } } if (!ModelState.IsValid) { ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync(); ViewData["ReturnUrl"] = returnUrl; return(View(model)); } var descriptor = new OpenIdApplicationDescriptor(); await _applicationManager.PopulateAsync(descriptor, application); descriptor.ClientId = model.ClientId; descriptor.ConsentType = model.ConsentType; descriptor.DisplayName = model.DisplayName; descriptor.Type = model.Type; if (!string.IsNullOrEmpty(model.ClientSecret)) { descriptor.ClientSecret = model.ClientSecret; } if (string.Equals(descriptor.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { descriptor.ClientSecret = null; } if (model.AllowLogoutEndpoint) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout); } if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } if (model.AllowClientCredentialsFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Implicit); } if (model.AllowPasswordFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Password); } if (model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Authorization); } if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Token); } descriptor.Roles.Clear(); foreach (string selectedRole in (model.RoleEntries .Where(role => role.Selected) .Select(role => role.Name))) { descriptor.Roles.Add(selectedRole); } descriptor.PostLogoutRedirectUris.Clear(); foreach (Uri uri in (from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute))) { descriptor.PostLogoutRedirectUris.Add(uri); } descriptor.RedirectUris.Clear(); foreach (Uri uri in (from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute))) { descriptor.RedirectUris.Add(uri); } await _applicationManager.UpdateAsync(application, descriptor); if (string.IsNullOrEmpty(returnUrl)) { return(RedirectToAction("Index")); } return(LocalRedirect(returnUrl)); }
public async Task <IActionResult> Create(CreateOpenIdApplicationViewModel model, string returnUrl = null) { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications)) { return(Unauthorized()); } if (!string.IsNullOrEmpty(model.ClientSecret) && string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { ModelState.AddModelError(nameof(model.ClientSecret), T["No client secret can be set for public applications."]); } else if (string.IsNullOrEmpty(model.ClientSecret) && string.Equals(model.Type, OpenIddictConstants.ClientTypes.Confidential, StringComparison.OrdinalIgnoreCase)) { ModelState.AddModelError(nameof(model.ClientSecret), T["The client secret is required for confidential applications."]); } if (!string.IsNullOrEmpty(model.ClientId) && await _applicationManager.FindByClientIdAsync(model.ClientId) != null) { ModelState.AddModelError(nameof(model.ClientId), T["The client identifier is already taken by another application."]); } if (!ModelState.IsValid) { ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync(); ViewData["ReturnUrl"] = returnUrl; return(View(model)); } var descriptor = new OpenIdApplicationDescriptor { ClientId = model.ClientId, ClientSecret = model.ClientSecret, ConsentType = model.ConsentType, DisplayName = model.DisplayName, Type = model.Type }; if (model.AllowLogoutEndpoint) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout); } if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } if (model.AllowClientCredentialsFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } if (model.AllowPasswordFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } if (model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } descriptor.PostLogoutRedirectUris.UnionWith( from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute)); descriptor.RedirectUris.UnionWith( from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute)); descriptor.Roles.UnionWith(model.RoleEntries .Where(role => role.Selected) .Select(role => role.Name)); await _applicationManager.CreateAsync(descriptor); if (string.IsNullOrEmpty(returnUrl)) { return(RedirectToAction("Index")); } return(LocalRedirect(returnUrl)); }
public static async Task UpdateDescriptorFromSettings(this IOpenIdApplicationManager _applicationManager, OpenIdApplicationSettings model, object application = null) { var descriptor = new OpenIdApplicationDescriptor(); if (application != null) { await _applicationManager.PopulateAsync(descriptor, application); } descriptor.ClientId = model.ClientId; descriptor.ConsentType = model.ConsentType; descriptor.DisplayName = model.DisplayName; descriptor.Type = model.Type; if (!string.IsNullOrEmpty(model.ClientSecret)) { descriptor.ClientSecret = model.ClientSecret; } if (string.Equals(descriptor.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { descriptor.ClientSecret = null; } if (model.AllowLogoutEndpoint) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout); } if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } if (model.AllowClientCredentialsFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } if (model.AllowHybridFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Implicit); } if (model.AllowPasswordFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Password); } if (model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Authorization); } if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow || model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Token); } if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Code); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken); if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken); descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token); } } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token); } if (model.AllowHybridFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken); if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken); descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken); } } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken); } descriptor.Roles.Clear(); foreach (var role in model.Roles) { descriptor.Roles.Add(role); } descriptor.Permissions.RemoveWhere(permission => permission.StartsWith(OpenIddictConstants.Permissions.Prefixes.Scope)); foreach (var scope in model.Scopes) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Prefixes.Scope + scope); } descriptor.PostLogoutRedirectUris.Clear(); foreach (Uri uri in (from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute))) { descriptor.PostLogoutRedirectUris.Add(uri); } descriptor.RedirectUris.Clear(); foreach (Uri uri in (from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute))) { descriptor.RedirectUris.Add(uri); } if (application == null) { await _applicationManager.CreateAsync(descriptor); } else { await _applicationManager.UpdateAsync(application, descriptor); } }
public async Task OpenIdApplicationCanBeUpdated() { // Arrange var recipeName = "app-recipe3"; var clientId = "a1"; var expected = new OpenIdApplicationDescriptor { ClientId = clientId, DisplayName = "Expected Name" }; expected.RedirectUris.UnionWith(new[] { new Uri("https://localhost/redirect") }); var actual = new OpenIdApplicationDescriptor { ClientId = clientId, DisplayName = "Actual Name" }; actual.RedirectUris.UnionWith(new[] { new Uri("https://localhost/x") }); actual.Roles.UnionWith(new[] { "x" }); actual.Permissions.UnionWith(new[] { $"{Permissions.Prefixes.Scope}x" }); var actualDb = new OpenIdApplication { ClientId = actual.ClientId, DisplayName = actual.DisplayName, RedirectUris = actual.RedirectUris.Select(u => u.AbsoluteUri).ToImmutableArray(), Roles = actual.Roles.ToImmutableArray(), Permissions = actual.Permissions.ToImmutableArray() }; var appManagerMock = new Mock <IOpenIdApplicationManager>(MockBehavior.Strict); appManagerMock.Setup(m => m.FindByClientIdAsync( It.IsAny <string>(), It.IsAny <CancellationToken>())) .Returns( new ValueTask <object>(actualDb)); appManagerMock.Setup(m => m.PopulateAsync( It.IsAny <OpenIddictApplicationDescriptor>(), It.IsAny <object>(), It.IsAny <CancellationToken>())) .Returns( new ValueTask()); appManagerMock.Setup(m => m.UpdateAsync( It.IsAny <object>(), It.IsAny <OpenIdApplicationDescriptor>(), It.IsAny <CancellationToken>())) .Callback <object, OpenIddictApplicationDescriptor, CancellationToken>((app, desc, c) => actual = (OpenIdApplicationDescriptor)desc) .Returns( new ValueTask()); var step = new OpenIdApplicationStep(appManagerMock.Object); var recipe = JObject.Parse(GetRecipeFileContent(recipeName)); var context = new RecipeExecutionContext { Name = recipe.Property("steps").Value.First.Value <string>("name"), Step = (JObject)recipe.Property("steps").Value.First, }; // Act await step.ExecuteAsync(context); // Assert appManagerMock.Verify(m => m.FindByClientIdAsync( It.Is <string>(ci => ci == expected.ClientId), It.IsAny <CancellationToken>())); appManagerMock.Verify(m => m.UpdateAsync( It.IsAny <object>(), It.IsAny <OpenIdApplicationDescriptor>(), It.IsAny <CancellationToken>())); Assert.Equal(expected.ClientId, actual.ClientId); Assert.Equal(expected.ClientSecret, actual.ClientSecret); Assert.Equal(expected.ConsentType, actual.ConsentType); Assert.Equal(expected.DisplayName, actual.DisplayName); Assert.Equal(expected.Type, actual.Type); Assert.Equal(expected.Permissions, actual.Permissions); Assert.Equal(expected.PostLogoutRedirectUris, actual.PostLogoutRedirectUris); Assert.Equal(expected.RedirectUris, actual.RedirectUris); Assert.Equal(expected.Roles, actual.Roles); }
public async Task ExecuteAsync(RecipeExecutionContext context) { if (!string.Equals(context.Name, "OpenIdApplication", StringComparison.OrdinalIgnoreCase)) { return; } var model = context.Step.ToObject <CreateOpenIdApplicationViewModel>(); var descriptor = new OpenIdApplicationDescriptor { ClientId = model.ClientId, ClientSecret = model.ClientSecret, ConsentType = model.ConsentType, DisplayName = model.DisplayName, Type = model.Type }; if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } if (model.AllowClientCredentialsFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } if (model.AllowPasswordFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } if (model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } if (model.AllowLogoutEndpoint) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout); } if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } descriptor.PostLogoutRedirectUris.UnionWith( from uri in model.PostLogoutRedirectUris?.Split(' ', StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute)); descriptor.RedirectUris.UnionWith( from uri in model.RedirectUris?.Split(' ', StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute)); descriptor.Roles.UnionWith(model.RoleEntries .Where(role => role.Selected) .Select(role => role.Name)); await _applicationManager.CreateAsync(descriptor); }
public async Task ExecuteAsync(RecipeExecutionContext context) { if (!string.Equals(context.Name, "OpenIdApplication", StringComparison.OrdinalIgnoreCase)) { return; } var model = context.Step.ToObject <OpenIdApplicationStepModel>(); var app = await _applicationManager.FindByClientIdAsync(model.ClientId); var descriptor = new OpenIdApplicationDescriptor(); var isNew = true; if (app != null) { isNew = false; await _applicationManager.PopulateAsync(app, descriptor); } descriptor.ClientId = model.ClientId; descriptor.ClientSecret = model.ClientSecret; descriptor.ConsentType = model.ConsentType; descriptor.DisplayName = model.DisplayName; descriptor.Type = model.Type; if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } if (model.AllowClientCredentialsFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } if (model.AllowPasswordFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } if (model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } if (model.AllowLogoutEndpoint) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout); } if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken); if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken); descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token); } } if (model.AllowHybridFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken); if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken); descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken); } } if (!string.IsNullOrWhiteSpace(model.PostLogoutRedirectUris)) { descriptor.PostLogoutRedirectUris.UnionWith( model.PostLogoutRedirectUris .Split(' ', StringSplitOptions.RemoveEmptyEntries) .Select(u => new Uri(u, UriKind.Absolute))); } if (!string.IsNullOrWhiteSpace(model.RedirectUris)) { descriptor.RedirectUris.UnionWith( model.RedirectUris .Split(' ', StringSplitOptions.RemoveEmptyEntries) .Select(u => new Uri(u, UriKind.Absolute))); } if (model.RoleEntries != null) { descriptor.Roles.UnionWith( model.RoleEntries .Select(role => role.Name)); } if (model.ScopeEntries != null) { descriptor.Permissions.UnionWith( model.ScopeEntries .Select(scope => OpenIddictConstants.Permissions.Prefixes.Scope + scope.Name)); } if (isNew) { await _applicationManager.CreateAsync(descriptor); } else { await _applicationManager.UpdateAsync(app, descriptor); } }