public async Task <IActionResult> Edit(EditOpenIdApplicationViewModel model, string returnUrl = null)
{
if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications))
{
return(Forbid());
}
var application = await _applicationManager.FindByPhysicalIdAsync(model.Id);
if (application == null)
{
return(NotFound());
}
// If the application was a public client and is now a confidential client, ensure a client secret was provided.
if (string.IsNullOrEmpty(model.ClientSecret) &&
!string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase) &&
await _applicationManager.IsPublicAsync(application))
{
ModelState.AddModelError(nameof(model.ClientSecret), S["Setting a new client secret is required."]);
}
if (!string.IsNullOrEmpty(model.ClientSecret) &&
string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelError(nameof(model.ClientSecret), S["No client secret can be set for public applications."]);
}
if (ModelState.IsValid)
{
var other = await _applicationManager.FindByClientIdAsync(model.ClientId);
if (other != null && !string.Equals(
await _applicationManager.GetIdAsync(other),
await _applicationManager.GetIdAsync(application), StringComparison.Ordinal))
{
ModelState.AddModelError(nameof(model.ClientId), S["The client identifier is already taken by another application."]);
}
}
if (!ModelState.IsValid)
{
ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync();
ViewData["ReturnUrl"] = returnUrl;
return(View(model));
}
var descriptor = new OpenIdApplicationDescriptor();
await _applicationManager.PopulateAsync(descriptor, application);
descriptor.ClientId = model.ClientId;
descriptor.ConsentType = model.ConsentType;
descriptor.DisplayName = model.DisplayName;
descriptor.Type = model.Type;
if (!string.IsNullOrEmpty(model.ClientSecret))
{
descriptor.ClientSecret = model.ClientSecret;
}
if (string.Equals(descriptor.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.ClientSecret = null;
}
if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout);
}
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
if (model.AllowClientCredentialsFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow ||
model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Token);
}
descriptor.Roles.Clear();
foreach (string selectedRole in (model.RoleEntries
.Where(role => role.Selected)
.Select(role => role.Name)))
{
descriptor.Roles.Add(selectedRole);
}
descriptor.PostLogoutRedirectUris.Clear();
foreach (Uri uri in
(from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.PostLogoutRedirectUris.Add(uri);
}
descriptor.RedirectUris.Clear();
foreach (Uri uri in
(from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.RedirectUris.Add(uri);
}
await _applicationManager.UpdateAsync(application, descriptor);
if (string.IsNullOrEmpty(returnUrl))
{
return(RedirectToAction("Index"));
}
return(LocalRedirect(returnUrl));
}