private static async Task CreateScopesAsync(IServiceScope scope, CancellationToken cancellationToken)
{
HashSet <string> scopes = new HashSet <string>
{
"account.api",
"client.api",
"artisan.api"
};
var manager = scope.ServiceProvider.GetRequiredService <IOpenIddictScopeManager>();
foreach (string s in scopes)
{
if (await manager.FindByNameAsync(s, cancellationToken) != null)
{
continue;
}
var descriptor = new OpenIddictScopeDescriptor
{
Name = s,
Resources = { s }
};
await manager.CreateAsync(descriptor, cancellationToken);
}
}
private static async Task RegisterScopesAsync(IServiceProvider provider)
{
var manager = provider.GetRequiredService <IOpenIddictScopeManager>();
if (await manager.FindByNameAsync("server_scope") is null)
{
await manager.CreateAsync(new OpenIddictScopeDescriptor
{
Name = "server_scope",
DisplayName = "Server scope access",
Resources =
{
"server"
}
});
}
if (await manager.FindByNameAsync("api_scope") == null)
{
var descriptor = new OpenIddictScopeDescriptor
{
Name = "api_scope",
DisplayName = "API Scope access",
Resources =
{
"api_service"
}
};
await manager.CreateAsync(descriptor);
}
}
private async Task InitializeAsync(IServiceProvider services)
{
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <AuthorizationDbContext>();
await context.Database.EnsureCreatedAsync();
await CreateApplicationsAsync();
await CreateScopesAsync();
async Task CreateApplicationsAsync()
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await manager.FindByClientIdAsync("angular-app") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "angular-app",
DisplayName = "Angular app client application",
PostLogoutRedirectUris = { new Uri("https://localhost:44382/bye") },
RedirectUris = { new Uri("https://localhost:44382/auth-callback"), new Uri("https://localhost:44382/silentrefresh") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.GrantTypes.Implicit,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles,
OpenIddictConstants.Permissions.Prefixes.Scope + "api1"
}
};
await manager.CreateAsync(descriptor);
}
}
async Task CreateScopesAsync()
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictScopeManager <OpenIddictScope> >();
if (await manager.FindByNameAsync("api1") == null)
{
var descriptor = new OpenIddictScopeDescriptor
{
Name = "api1",
Resources = { "resource-server-1" }
};
await manager.CreateAsync(descriptor);
}
}
}
}
public ImmutableScope(string id, OpenIddictScopeDescriptor descriptor)
{
Id = id;
Description = descriptor.Description;
Descriptions = descriptor.Descriptions.ToImmutableDictionary();
Name = descriptor.Name;
DisplayName = descriptor.DisplayName;
DisplayNames = descriptor.DisplayNames.ToImmutableDictionary();
Properties = descriptor.Properties.ToImmutableDictionary();
Resources = descriptor.Resources.ToImmutableArray();
}
/// <summary>
/// Creates a new scope based on the specified descriptor.
/// </summary>
/// <param name="descriptor">The scope descriptor.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
/// <returns>
/// A <see cref="ValueTask"/> that can be used to monitor the asynchronous operation, whose result returns the scope.
/// </returns>
public virtual async ValueTask <TScope> CreateAsync(
OpenIddictScopeDescriptor descriptor, CancellationToken cancellationToken = default)
{
if (descriptor is null)
{
throw new ArgumentNullException(nameof(descriptor));
}
var scope = await Store.InstantiateAsync(cancellationToken) ??
throw new InvalidOperationException(SR.GetResourceString(SR.ID0223));
await PopulateAsync(scope, descriptor, cancellationToken);
await CreateAsync(scope, cancellationToken);
return(scope);
}
public Task <TScope> CreateAsync(OpenIddictScopeDescriptor descriptor, CancellationToken cancellationToken)
{
throw new NotImplementedException();
}
private async Task InitializeAsync(IServiceProvider services)
{
// Create a new service scope to ensure the database context is correctly disposed when this methods returns.
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>();
await context.Database.EnsureCreatedAsync();
await CreateApplicationsAsync();
await CreateScopesAsync();
async Task CreateApplicationsAsync()
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await manager.FindByClientIdAsync("aurelia") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "aurelia",
DisplayName = "Aurelia client application",
PostLogoutRedirectUris = { new Uri("http://localhost:9000/signout-oidc") },
RedirectUris = { new Uri("http://localhost:9000/signin-oidc") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.GrantTypes.Implicit,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles,
OpenIddictConstants.Permissions.Prefixes.Scope + "api1",
OpenIddictConstants.Permissions.Prefixes.Scope + "api2"
}
};
await manager.CreateAsync(descriptor);
}
if (await manager.FindByClientIdAsync("resource-server-1") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "resource-server-1",
ClientSecret = "846B62D0-DEF9-4215-A99D-86E6B8DAB342",
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Introspection
}
};
await manager.CreateAsync(descriptor);
}
if (await manager.FindByClientIdAsync("resource-server-2") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "resource-server-2",
ClientSecret = "C744604A-CD05-4092-9CF8-ECB7DC3499A2",
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Introspection
}
};
await manager.CreateAsync(descriptor);
}
}
async Task CreateScopesAsync()
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictScopeManager <OpenIddictScope> >();
if (await manager.FindByNameAsync("api1") == null)
{
var descriptor = new OpenIddictScopeDescriptor
{
Name = "api1",
Resources = { "resource-server-1" }
};
await manager.CreateAsync(descriptor);
}
if (await manager.FindByNameAsync("api2") == null)
{
var descriptor = new OpenIddictScopeDescriptor
{
Name = "api2",
Resources = { "resource-server-2" }
};
await manager.CreateAsync(descriptor);
}
}
}
}
private async Task InitializeAsync(IServiceProvider services)
{
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>();
await context.Database.EnsureCreatedAsync();
await CreateApplicationsAsync();
await CreateScopesAsync();
async Task CreateApplicationsAsync()
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await manager.FindByClientIdAsync("angular6") == null)
{
var application = new OpenIddictApplicationDescriptor
{
ClientId = "angular6",
DisplayName = "Angular SPA",
PostLogoutRedirectUris = { new Uri("http://localhost:9000/account/sign-out") },
RedirectUris = { new Uri("http://localhost:9000/account/sign-in") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.GrantTypes.Implicit,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles,
OpenIddictConstants.Permissions.Prefixes.Scope + "api1"
}
};
await manager.CreateAsync(application);
}
if (await manager.FindByClientIdAsync("resources") == null)
{
var application = new OpenIddictApplicationDescriptor
{
ClientId = "resources",
ClientSecret = "77be52c7-06a2-4830-90bc-715b03b97119",
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Introspection
}
};
await manager.CreateAsync(application);
}
}
async Task CreateScopesAsync()
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictScopeManager <OpenIddictScope> >();
if (await manager.FindByNameAsync("api1") == null)
{
var descriptor = new OpenIddictScopeDescriptor
{
Name = "api1",
Resources = { "resources" }
};
await manager.CreateAsync(descriptor);
}
}
}
}
public async Task InitializeAsync(IServiceProvider services)
{
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>();
await context.Database.EnsureCreatedAsync();
await CreateApplicationsAsync();
await CreateScopesAsync();
async Task CreateApplicationsAsync()
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await manager.FindByClientIdAsync("Angular") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "Angular",
DisplayName = "Angular Clinet App",
PostLogoutRedirectUris = { new Uri("http://localhost:8899/logout") },
RedirectUris = { new Uri("http://localhost:8899/login") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.GrantTypes.Implicit,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles,
OpenIddictConstants.Permissions.Prefixes.Scope + "api",
}
};
await manager.CreateAsync(descriptor);
}
if (await manager.FindByClientIdAsync("micro-social-media-core") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "micro-social-media-core",
ClientSecret = "Hh3123-231kjUE-32uUIhS-JSD2sFvb",
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Introspection,
}
};
await manager.CreateAsync(descriptor);
}
}
async Task CreateScopesAsync()
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictScopeManager <OpenIddictScope> >();
if (await manager.FindByNameAsync("api") == null)
{
var descriptor = new OpenIddictScopeDescriptor
{
Name = "api",
Resources = { "micro-social-media-core" }
};
await manager.CreateAsync(descriptor);
}
}
}
}
private async Task InitializeAsync(IServiceProvider service)
{
//!TODO : Create Client for SPA application.
using (var scope = service.CreateScope())
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication <int> > >();
var scopeManager = scope.ServiceProvider.GetRequiredService <OpenIddictScopeManager <OpenIddictScope <int> > >();
var clientApp = await manager.FindByClientIdAsync("HasTextileWebCore");
if (clientApp == null)
{
OpenIddictApplicationDescriptor customApp = new OpenIddictApplicationDescriptor
{
ClientId = "HasTextileWebCore",
ClientSecret = "123456",
DisplayName = "Has Textile Core Web Application",
PostLogoutRedirectUris = { new Uri("http://localhost:55467/signout-callback-oidc"), new Uri("http://localhost:55467/Home/Index") },
RedirectUris = { new Uri("http://localhost:55467/signin-oidc") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles,
OpenIddictConstants.Permissions.Prefixes.Scope + "textileApi",
OpenIddictConstants.Permissions.Prefixes.Scope + "textileUserApi",
}
};
await manager.CreateAsync(customApp);
}
var userApi = await manager.FindByClientIdAsync("HasTextileUserAPI");
if (userApi == null)
{
OpenIddictApplicationDescriptor apiClient = new OpenIddictApplicationDescriptor
{
ClientId = "HasTextileUserAPI",
ClientSecret = "159753",
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Introspection,
}
};
await manager.CreateAsync(apiClient);
}
var scopeUser = await scopeManager.FindByNameAsync("textileUserApi");
if (scopeUser == null)
{
var textileApiScope = new OpenIddictScopeDescriptor
{
Name = "textileUserApi",
Resources = { "HasTextileUserAPI" }
};
await scopeManager.CreateAsync(textileApiScope);
}
var resourceApi = await manager.FindByClientIdAsync("HasTextileAPI");
if (resourceApi == null)
{
OpenIddictApplicationDescriptor apiClient = new OpenIddictApplicationDescriptor
{
ClientId = "HasTextileAPI",
ClientSecret = "987654",
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Introspection,
}
};
await manager.CreateAsync(apiClient);
}
var scopeApi = await scopeManager.FindByNameAsync("textileApi");
if (scopeApi == null)
{
var textileApiScope = new OpenIddictScopeDescriptor
{
Name = "textileApi",
Resources = { "HasTextileAPI" }
};
await scopeManager.CreateAsync(textileApiScope);
}
var clientCredentialApp = await manager.FindByClientIdAsync("HaxTextileServerToServer");
if (clientCredentialApp == null)
{
OpenIddictApplicationDescriptor credentialApp = new OpenIddictApplicationDescriptor
{
ClientId = "HaxTextileServerToServer",
ClientSecret = "gq9jeNhQbE6QFQx7Le8f7maB",
DisplayName = "HasTextile Not Living Client",
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.ClientCredentials,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Prefixes.Scope + "textileApi",
OpenIddictConstants.Permissions.Prefixes.Scope + "textileUserApi",
}
};
await manager.CreateAsync(credentialApp);
}
var dashboardSPA = await manager.FindByClientIdAsync("dashboard-web");
if (dashboardSPA == null)
{
OpenIddictApplicationDescriptor spaApp = new OpenIddictApplicationDescriptor()
{
ClientId = "dashboard-web",
//ClientSecret = "HJEyX2xtMHfACm2YKhDZsUNV",
DisplayName = "Dashboard SPA Application",
RedirectUris = { new Uri("http://localhost:4200/login-flow") },
PostLogoutRedirectUris = { new Uri("http://localhost:4200/logout-flow") },
Type = "public",
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.Endpoints.Revocation,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles,
OpenIddictConstants.Permissions.Prefixes.Scope + "textileApi",
OpenIddictConstants.Permissions.Prefixes.Scope + "textileUserApi",
OpenIddictConstants.Permissions.Prefixes.Scope + OpenIddictConstants.Scopes.OfflineAccess,
OpenIddictConstants.Permissions.Prefixes.Scope + OpenIddictConstants.Scopes.OpenId,
}
};
try
{
await manager.CreateAsync(spaApp);
}
catch (Exception ex)
{
throw ex;
}
}
}
}
public async Task StartAsync(CancellationToken cancellationToken)
{
using var scope = _serviceProvider.CreateScope();
var context = scope.ServiceProvider.GetRequiredService <DbContext>();
await context.Database.EnsureCreatedAsync(cancellationToken);
var manager = scope.ServiceProvider.GetRequiredService <IOpenIddictApplicationManager>();
if (await manager.FindByClientIdAsync("postman", cancellationToken) is null)
{
await manager.CreateAsync(new OpenIddictApplicationDescriptor
{
ClientId = "postman",
ClientSecret = "postman-secret", // ìf ClientType = Public => this can be omitted
DisplayName = "Postman",
Type = OpenIddictConstants.ClientTypes.Confidential,
// since we are using Postman for testing purpose.
// The authorization code is sent here after successful authentication.
RedirectUris = { new Uri("https://oauth.pstmn.io/v1/callback") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.GrantTypes.ClientCredentials, // allow client to use Client Credentials Follow
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
// The ultimate job of an OpenID Connect/OAuth token service is to control access to resources.
/*
* The two fundamental resource types in IdentityServer are:
* - identity resources: represent claims about a user like user ID, display name, email address etc…
* - API resources: represent functionality a client wants to access. Typically, they are HTTP-based endpoints (aka APIs), but could be also message queuing endpoints or similar.
*/
OpenIddictConstants.Permissions.Prefixes.Scope + "api", // allow clients to request api scope
OpenIddictConstants.Permissions.Prefixes.Scope + "api1",
OpenIddictConstants.Permissions.Prefixes.Scope + "api2",
OpenIddictConstants.Permissions.ResponseTypes.Code // response type using Authorization Code flow. See https://www.scottbrady91.com/OpenID-Connect/OpenID-Connect-Flows
},
Requirements =
{
OpenIddictConstants.Requirements.Features.ProofKeyForCodeExchange
}
}, cancellationToken);
}
var scopeManager = scope.ServiceProvider.GetRequiredService <IOpenIddictScopeManager>();
if (await scopeManager.FindByNameAsync("api1") == null)
{
var descriptor = new OpenIddictScopeDescriptor
{
Name = "api1",
Resources =
{
"resource_server_1"
}
};
await scopeManager.CreateAsync(descriptor);
}
if (await scopeManager.FindByNameAsync("api2") == null)
{
var descriptor = new OpenIddictScopeDescriptor
{
Name = "api2",
Resources =
{
"resource_server_2"
}
};
await scopeManager.CreateAsync(descriptor);
}
}
