private static async Task CreateScopesAsync(IServiceScope scope, CancellationToken cancellationToken) { HashSet <string> scopes = new HashSet <string> { "account.api", "client.api", "artisan.api" }; var manager = scope.ServiceProvider.GetRequiredService <IOpenIddictScopeManager>(); foreach (string s in scopes) { if (await manager.FindByNameAsync(s, cancellationToken) != null) { continue; } var descriptor = new OpenIddictScopeDescriptor { Name = s, Resources = { s } }; await manager.CreateAsync(descriptor, cancellationToken); } }
private static async Task RegisterScopesAsync(IServiceProvider provider) { var manager = provider.GetRequiredService <IOpenIddictScopeManager>(); if (await manager.FindByNameAsync("server_scope") is null) { await manager.CreateAsync(new OpenIddictScopeDescriptor { Name = "server_scope", DisplayName = "Server scope access", Resources = { "server" } }); } if (await manager.FindByNameAsync("api_scope") == null) { var descriptor = new OpenIddictScopeDescriptor { Name = "api_scope", DisplayName = "API Scope access", Resources = { "api_service" } }; await manager.CreateAsync(descriptor); } }
private async Task InitializeAsync(IServiceProvider services) { using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope()) { var context = scope.ServiceProvider.GetRequiredService <AuthorizationDbContext>(); await context.Database.EnsureCreatedAsync(); await CreateApplicationsAsync(); await CreateScopesAsync(); async Task CreateApplicationsAsync() { var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >(); if (await manager.FindByClientIdAsync("angular-app") == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = "angular-app", DisplayName = "Angular app client application", PostLogoutRedirectUris = { new Uri("https://localhost:44382/bye") }, RedirectUris = { new Uri("https://localhost:44382/auth-callback"), new Uri("https://localhost:44382/silentrefresh") }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Logout, OpenIddictConstants.Permissions.GrantTypes.Implicit, OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Scopes.Profile, OpenIddictConstants.Permissions.Scopes.Roles, OpenIddictConstants.Permissions.Prefixes.Scope + "api1" } }; await manager.CreateAsync(descriptor); } } async Task CreateScopesAsync() { var manager = scope.ServiceProvider.GetRequiredService <OpenIddictScopeManager <OpenIddictScope> >(); if (await manager.FindByNameAsync("api1") == null) { var descriptor = new OpenIddictScopeDescriptor { Name = "api1", Resources = { "resource-server-1" } }; await manager.CreateAsync(descriptor); } } } }
public ImmutableScope(string id, OpenIddictScopeDescriptor descriptor) { Id = id; Description = descriptor.Description; Descriptions = descriptor.Descriptions.ToImmutableDictionary(); Name = descriptor.Name; DisplayName = descriptor.DisplayName; DisplayNames = descriptor.DisplayNames.ToImmutableDictionary(); Properties = descriptor.Properties.ToImmutableDictionary(); Resources = descriptor.Resources.ToImmutableArray(); }
/// <summary> /// Creates a new scope based on the specified descriptor. /// </summary> /// <param name="descriptor">The scope descriptor.</param> /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param> /// <returns> /// A <see cref="ValueTask"/> that can be used to monitor the asynchronous operation, whose result returns the scope. /// </returns> public virtual async ValueTask <TScope> CreateAsync( OpenIddictScopeDescriptor descriptor, CancellationToken cancellationToken = default) { if (descriptor is null) { throw new ArgumentNullException(nameof(descriptor)); } var scope = await Store.InstantiateAsync(cancellationToken) ?? throw new InvalidOperationException(SR.GetResourceString(SR.ID0223)); await PopulateAsync(scope, descriptor, cancellationToken); await CreateAsync(scope, cancellationToken); return(scope); }
public Task <TScope> CreateAsync(OpenIddictScopeDescriptor descriptor, CancellationToken cancellationToken) { throw new NotImplementedException(); }
private async Task InitializeAsync(IServiceProvider services) { // Create a new service scope to ensure the database context is correctly disposed when this methods returns. using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope()) { var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>(); await context.Database.EnsureCreatedAsync(); await CreateApplicationsAsync(); await CreateScopesAsync(); async Task CreateApplicationsAsync() { var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >(); if (await manager.FindByClientIdAsync("aurelia") == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = "aurelia", DisplayName = "Aurelia client application", PostLogoutRedirectUris = { new Uri("http://localhost:9000/signout-oidc") }, RedirectUris = { new Uri("http://localhost:9000/signin-oidc") }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Logout, OpenIddictConstants.Permissions.GrantTypes.Implicit, OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Scopes.Profile, OpenIddictConstants.Permissions.Scopes.Roles, OpenIddictConstants.Permissions.Prefixes.Scope + "api1", OpenIddictConstants.Permissions.Prefixes.Scope + "api2" } }; await manager.CreateAsync(descriptor); } if (await manager.FindByClientIdAsync("resource-server-1") == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = "resource-server-1", ClientSecret = "846B62D0-DEF9-4215-A99D-86E6B8DAB342", Permissions = { OpenIddictConstants.Permissions.Endpoints.Introspection } }; await manager.CreateAsync(descriptor); } if (await manager.FindByClientIdAsync("resource-server-2") == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = "resource-server-2", ClientSecret = "C744604A-CD05-4092-9CF8-ECB7DC3499A2", Permissions = { OpenIddictConstants.Permissions.Endpoints.Introspection } }; await manager.CreateAsync(descriptor); } } async Task CreateScopesAsync() { var manager = scope.ServiceProvider.GetRequiredService <OpenIddictScopeManager <OpenIddictScope> >(); if (await manager.FindByNameAsync("api1") == null) { var descriptor = new OpenIddictScopeDescriptor { Name = "api1", Resources = { "resource-server-1" } }; await manager.CreateAsync(descriptor); } if (await manager.FindByNameAsync("api2") == null) { var descriptor = new OpenIddictScopeDescriptor { Name = "api2", Resources = { "resource-server-2" } }; await manager.CreateAsync(descriptor); } } } }
private async Task InitializeAsync(IServiceProvider services) { using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope()) { var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>(); await context.Database.EnsureCreatedAsync(); await CreateApplicationsAsync(); await CreateScopesAsync(); async Task CreateApplicationsAsync() { var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >(); if (await manager.FindByClientIdAsync("angular6") == null) { var application = new OpenIddictApplicationDescriptor { ClientId = "angular6", DisplayName = "Angular SPA", PostLogoutRedirectUris = { new Uri("http://localhost:9000/account/sign-out") }, RedirectUris = { new Uri("http://localhost:9000/account/sign-in") }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Logout, OpenIddictConstants.Permissions.GrantTypes.Implicit, OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Scopes.Profile, OpenIddictConstants.Permissions.Scopes.Roles, OpenIddictConstants.Permissions.Prefixes.Scope + "api1" } }; await manager.CreateAsync(application); } if (await manager.FindByClientIdAsync("resources") == null) { var application = new OpenIddictApplicationDescriptor { ClientId = "resources", ClientSecret = "77be52c7-06a2-4830-90bc-715b03b97119", Permissions = { OpenIddictConstants.Permissions.Endpoints.Introspection } }; await manager.CreateAsync(application); } } async Task CreateScopesAsync() { var manager = scope.ServiceProvider.GetRequiredService <OpenIddictScopeManager <OpenIddictScope> >(); if (await manager.FindByNameAsync("api1") == null) { var descriptor = new OpenIddictScopeDescriptor { Name = "api1", Resources = { "resources" } }; await manager.CreateAsync(descriptor); } } } }
public async Task InitializeAsync(IServiceProvider services) { using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope()) { var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>(); await context.Database.EnsureCreatedAsync(); await CreateApplicationsAsync(); await CreateScopesAsync(); async Task CreateApplicationsAsync() { var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >(); if (await manager.FindByClientIdAsync("Angular") == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = "Angular", DisplayName = "Angular Clinet App", PostLogoutRedirectUris = { new Uri("http://localhost:8899/logout") }, RedirectUris = { new Uri("http://localhost:8899/login") }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Logout, OpenIddictConstants.Permissions.GrantTypes.Implicit, OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Scopes.Profile, OpenIddictConstants.Permissions.Scopes.Roles, OpenIddictConstants.Permissions.Prefixes.Scope + "api", } }; await manager.CreateAsync(descriptor); } if (await manager.FindByClientIdAsync("micro-social-media-core") == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = "micro-social-media-core", ClientSecret = "Hh3123-231kjUE-32uUIhS-JSD2sFvb", Permissions = { OpenIddictConstants.Permissions.Endpoints.Introspection, } }; await manager.CreateAsync(descriptor); } } async Task CreateScopesAsync() { var manager = scope.ServiceProvider.GetRequiredService <OpenIddictScopeManager <OpenIddictScope> >(); if (await manager.FindByNameAsync("api") == null) { var descriptor = new OpenIddictScopeDescriptor { Name = "api", Resources = { "micro-social-media-core" } }; await manager.CreateAsync(descriptor); } } } }
private async Task InitializeAsync(IServiceProvider service) { //!TODO : Create Client for SPA application. using (var scope = service.CreateScope()) { var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication <int> > >(); var scopeManager = scope.ServiceProvider.GetRequiredService <OpenIddictScopeManager <OpenIddictScope <int> > >(); var clientApp = await manager.FindByClientIdAsync("HasTextileWebCore"); if (clientApp == null) { OpenIddictApplicationDescriptor customApp = new OpenIddictApplicationDescriptor { ClientId = "HasTextileWebCore", ClientSecret = "123456", DisplayName = "Has Textile Core Web Application", PostLogoutRedirectUris = { new Uri("http://localhost:55467/signout-callback-oidc"), new Uri("http://localhost:55467/Home/Index") }, RedirectUris = { new Uri("http://localhost:55467/signin-oidc") }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Logout, OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Scopes.Profile, OpenIddictConstants.Permissions.Scopes.Roles, OpenIddictConstants.Permissions.Prefixes.Scope + "textileApi", OpenIddictConstants.Permissions.Prefixes.Scope + "textileUserApi", } }; await manager.CreateAsync(customApp); } var userApi = await manager.FindByClientIdAsync("HasTextileUserAPI"); if (userApi == null) { OpenIddictApplicationDescriptor apiClient = new OpenIddictApplicationDescriptor { ClientId = "HasTextileUserAPI", ClientSecret = "159753", Permissions = { OpenIddictConstants.Permissions.Endpoints.Introspection, } }; await manager.CreateAsync(apiClient); } var scopeUser = await scopeManager.FindByNameAsync("textileUserApi"); if (scopeUser == null) { var textileApiScope = new OpenIddictScopeDescriptor { Name = "textileUserApi", Resources = { "HasTextileUserAPI" } }; await scopeManager.CreateAsync(textileApiScope); } var resourceApi = await manager.FindByClientIdAsync("HasTextileAPI"); if (resourceApi == null) { OpenIddictApplicationDescriptor apiClient = new OpenIddictApplicationDescriptor { ClientId = "HasTextileAPI", ClientSecret = "987654", Permissions = { OpenIddictConstants.Permissions.Endpoints.Introspection, } }; await manager.CreateAsync(apiClient); } var scopeApi = await scopeManager.FindByNameAsync("textileApi"); if (scopeApi == null) { var textileApiScope = new OpenIddictScopeDescriptor { Name = "textileApi", Resources = { "HasTextileAPI" } }; await scopeManager.CreateAsync(textileApiScope); } var clientCredentialApp = await manager.FindByClientIdAsync("HaxTextileServerToServer"); if (clientCredentialApp == null) { OpenIddictApplicationDescriptor credentialApp = new OpenIddictApplicationDescriptor { ClientId = "HaxTextileServerToServer", ClientSecret = "gq9jeNhQbE6QFQx7Le8f7maB", DisplayName = "HasTextile Not Living Client", Permissions = { OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.GrantTypes.ClientCredentials, OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Prefixes.Scope + "textileApi", OpenIddictConstants.Permissions.Prefixes.Scope + "textileUserApi", } }; await manager.CreateAsync(credentialApp); } var dashboardSPA = await manager.FindByClientIdAsync("dashboard-web"); if (dashboardSPA == null) { OpenIddictApplicationDescriptor spaApp = new OpenIddictApplicationDescriptor() { ClientId = "dashboard-web", //ClientSecret = "HJEyX2xtMHfACm2YKhDZsUNV", DisplayName = "Dashboard SPA Application", RedirectUris = { new Uri("http://localhost:4200/login-flow") }, PostLogoutRedirectUris = { new Uri("http://localhost:4200/logout-flow") }, Type = "public", Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Logout, OpenIddictConstants.Permissions.Endpoints.Revocation, OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, OpenIddictConstants.Permissions.GrantTypes.RefreshToken, OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Scopes.Profile, OpenIddictConstants.Permissions.Scopes.Roles, OpenIddictConstants.Permissions.Prefixes.Scope + "textileApi", OpenIddictConstants.Permissions.Prefixes.Scope + "textileUserApi", OpenIddictConstants.Permissions.Prefixes.Scope + OpenIddictConstants.Scopes.OfflineAccess, OpenIddictConstants.Permissions.Prefixes.Scope + OpenIddictConstants.Scopes.OpenId, } }; try { await manager.CreateAsync(spaApp); } catch (Exception ex) { throw ex; } } } }
public async Task StartAsync(CancellationToken cancellationToken) { using var scope = _serviceProvider.CreateScope(); var context = scope.ServiceProvider.GetRequiredService <DbContext>(); await context.Database.EnsureCreatedAsync(cancellationToken); var manager = scope.ServiceProvider.GetRequiredService <IOpenIddictApplicationManager>(); if (await manager.FindByClientIdAsync("postman", cancellationToken) is null) { await manager.CreateAsync(new OpenIddictApplicationDescriptor { ClientId = "postman", ClientSecret = "postman-secret", // ìf ClientType = Public => this can be omitted DisplayName = "Postman", Type = OpenIddictConstants.ClientTypes.Confidential, // since we are using Postman for testing purpose. // The authorization code is sent here after successful authentication. RedirectUris = { new Uri("https://oauth.pstmn.io/v1/callback") }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.GrantTypes.ClientCredentials, // allow client to use Client Credentials Follow OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, OpenIddictConstants.Permissions.GrantTypes.RefreshToken, // The ultimate job of an OpenID Connect/OAuth token service is to control access to resources. /* * The two fundamental resource types in IdentityServer are: * - identity resources: represent claims about a user like user ID, display name, email address etc… * - API resources: represent functionality a client wants to access. Typically, they are HTTP-based endpoints (aka APIs), but could be also message queuing endpoints or similar. */ OpenIddictConstants.Permissions.Prefixes.Scope + "api", // allow clients to request api scope OpenIddictConstants.Permissions.Prefixes.Scope + "api1", OpenIddictConstants.Permissions.Prefixes.Scope + "api2", OpenIddictConstants.Permissions.ResponseTypes.Code // response type using Authorization Code flow. See https://www.scottbrady91.com/OpenID-Connect/OpenID-Connect-Flows }, Requirements = { OpenIddictConstants.Requirements.Features.ProofKeyForCodeExchange } }, cancellationToken); } var scopeManager = scope.ServiceProvider.GetRequiredService <IOpenIddictScopeManager>(); if (await scopeManager.FindByNameAsync("api1") == null) { var descriptor = new OpenIddictScopeDescriptor { Name = "api1", Resources = { "resource_server_1" } }; await scopeManager.CreateAsync(descriptor); } if (await scopeManager.FindByNameAsync("api2") == null) { var descriptor = new OpenIddictScopeDescriptor { Name = "api2", Resources = { "resource_server_2" } }; await scopeManager.CreateAsync(descriptor); } }