public ApplicationController(
IShapeFactory shapeFactory,
ISiteService siteService,
IStringLocalizer <ApplicationController> stringLocalizer,
IAuthorizationService authorizationService,
IRoleProvider roleProvider,
IOpenIdApplicationManager applicationManager,
UserManager <IUser> userManager,
IOptions <IdentityOptions> identityOptions,
IHtmlLocalizer <ApplicationController> htmlLocalizer,
INotifier notifier,
ShellDescriptor shellDescriptor)
{
_shapeFactory = shapeFactory;
_siteService = siteService;
T = stringLocalizer;
H = htmlLocalizer;
_authorizationService = authorizationService;
_applicationManager = applicationManager;
_roleProvider = roleProvider;
_notifier = notifier;
_shellDescriptor = shellDescriptor;
_userManager = userManager;
_identityOptions = identityOptions;
}
public AccessController(
IOpenIdApplicationManager applicationManager,
IOpenIdAuthorizationManager authorizationManager,
IOpenIdScopeManager scopeManager,
ShellSettings shellSettings)
{
_applicationManager = applicationManager;
_authorizationManager = authorizationManager;
_scopeManager = scopeManager;
_shellSettings = shellSettings;
}
public AccessController(
IOpenIdApplicationManager applicationManager,
IOpenIdAuthorizationManager authorizationManager,
IStringLocalizer <AccessController> localizer,
IOpenIdScopeManager scopeManager,
ShellSettings shellSettings,
IOpenIdServerService serverService)
{
S = localizer;
_applicationManager = applicationManager;
_authorizationManager = authorizationManager;
_scopeManager = scopeManager;
_shellSettings = shellSettings;
}
public ApplicationController(
IShapeFactory shapeFactory,
ISiteService siteService,
IStringLocalizer <ApplicationController> stringLocalizer,
IAuthorizationService authorizationService,
IOpenIdApplicationManager applicationManager,
IHtmlLocalizer <ApplicationController> htmlLocalizer,
INotifier notifier,
ShellDescriptor shellDescriptor)
{
New = shapeFactory;
_siteService = siteService;
T = stringLocalizer;
H = htmlLocalizer;
_authorizationService = authorizationService;
_applicationManager = applicationManager;
_notifier = notifier;
_shellDescriptor = shellDescriptor;
}
public AccessController(
IOpenIdApplicationManager applicationManager,
IOpenIdAuthorizationManager authorizationManager,
IOptions <IdentityOptions> identityOptions,
IStringLocalizer <AccessController> localizer,
IOpenIdScopeManager scopeManager,
ShellSettings shellSettings,
IOpenIdServerService serverService,
RoleManager <IRole> roleManager,
SignInManager <IUser> signInManager,
UserManager <IUser> userManager)
{
T = localizer;
_applicationManager = applicationManager;
_authorizationManager = authorizationManager;
_scopeManager = scopeManager;
_shellSettings = shellSettings;
_identityOptions = identityOptions;
_signInManager = signInManager;
_userManager = userManager;
_roleManager = roleManager;
}
public static async Task UpdateDescriptorFromSettings(this IOpenIdApplicationManager _applicationManager, OpenIdApplicationSettings model, object application = null)
{
var descriptor = new OpenIdApplicationDescriptor();
if (application != null)
{
await _applicationManager.PopulateAsync(descriptor, application);
}
descriptor.ClientId = model.ClientId;
descriptor.ConsentType = model.ConsentType;
descriptor.DisplayName = model.DisplayName;
descriptor.Type = model.Type;
if (!string.IsNullOrEmpty(model.ClientSecret))
{
descriptor.ClientSecret = model.ClientSecret;
}
if (string.Equals(descriptor.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.ClientSecret = null;
}
if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout);
}
if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
if (model.AllowClientCredentialsFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
if (model.AllowHybridFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow ||
model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Token);
}
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Code);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken);
if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
if (model.AllowHybridFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);
if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
descriptor.Roles.Clear();
foreach (var role in model.Roles)
{
descriptor.Roles.Add(role);
}
descriptor.Permissions.RemoveWhere(permission => permission.StartsWith(OpenIddictConstants.Permissions.Prefixes.Scope));
foreach (var scope in model.Scopes)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Prefixes.Scope + scope);
}
descriptor.PostLogoutRedirectUris.Clear();
foreach (Uri uri in
(from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.PostLogoutRedirectUris.Add(uri);
}
descriptor.RedirectUris.Clear();
foreach (Uri uri in
(from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.RedirectUris.Add(uri);
}
if (application == null)
{
await _applicationManager.CreateAsync(descriptor);
}
else
{
await _applicationManager.UpdateAsync(application, descriptor);
}
}
/// <summary>
/// This recipe step adds an OpenID Connect app.
/// </summary>
public OpenIdApplicationStep(IOpenIdApplicationManager applicationManager)
{
_applicationManager = applicationManager;
}
public OpenIdApplicationRoleRemovedEventHandler(IOpenIdApplicationManager manager) => _manager = manager;
