public async Task AuthorizationCodeTooLong() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var options = new IdentityServerOptions(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var longCode = "x".Repeat(options.InputLengthRestrictions.AuthorizationCode + 1); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, longCode); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant); }
public async Task Different_RedirectUri_Between_Authorize_And_Token_Request() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server1/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server2/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.UnauthorizedClient); }
public async Task Client_Trying_To_Request_Token_Using_Another_Clients_Code() { var client1 = await _clients.FindClientByIdAsync("codeclient"); var client2 = await _clients.FindClientByIdAsync("codeclient_restricted"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client1, IsOpenId = true, RedirectUri = "https://server/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client2); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.InvalidGrant); }
public async Task Client_Not_Authorized_For_AuthorizationCode_Flow() { var client = await _clients.FindClientByIdAsync("implicitclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = new Uri("https://server/cb"), }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.TokenErrors.UnauthorizedClient, result.Error); }
public async Task Expired_AuthorizationCode() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server/cb", CreationTime = DateTimeOffset.UtcNow.AddSeconds(-100) }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.InvalidGrant); }
public async Task Unknown_Grant_Type() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "unknown"); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.UnsupportedGrantType); }
public async Task Valid_Code_Request() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Subject = IdentityServerPrincipal.Create("123", "bob"), Client = client, RedirectUri = "https://server/cb", RequestedScopes = new List <Scope> { new Scope { Name = "openid" } } }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeFalse(); }
public async Task Parameters_Null() { var store = new InMemoryAuthorizationCodeStore(); var validator = Factory.CreateTokenValidator( authorizationCodeStore: store); var result = await validator.ValidateRequestAsync(null, null); }
public void Parameters_Null() { var store = new InMemoryAuthorizationCodeStore(); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); Func <Task> act = () => validator.ValidateRequestAsync(null, null); act.ShouldThrow <ArgumentNullException>(); }
public async Task Client_Null() { var store = new InMemoryAuthorizationCodeStore(); var validator = Factory.CreateTokenValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, null); }
public static IdentityServerServiceFactory Create( string issuerUri, string siteName, string publicHostAddress = "") { var settings = new LocalTestCoreSettings(issuerUri, siteName, publicHostAddress); var codeStore = new InMemoryAuthorizationCodeStore(); var tokenStore = new InMemoryTokenHandleStore(); var consent = new InMemoryConsentService(); var scopes = new InMemoryScopeService(LocalTestScopes.Get()); var clients = new InMemoryClientService(LocalTestClients.Get()); var logger = new TraceLogger(); var users = new InMemoryUser[] { new InMemoryUser { Subject = "alice", Username = "******", Password = "******", Claims = new Claim[] { new Claim(Constants.ClaimTypes.GivenName, "Alice"), new Claim(Constants.ClaimTypes.FamilyName, "Smith"), new Claim(Constants.ClaimTypes.Email, "*****@*****.**"), } }, new InMemoryUser { Subject = "bob", Username = "******", Password = "******", Claims = new Claim[] { new Claim(Constants.ClaimTypes.GivenName, "Bob"), new Claim(Constants.ClaimTypes.FamilyName, "Smith"), new Claim(Constants.ClaimTypes.Email, "*****@*****.**"), } }, }; var userSvc = new InMemoryUserService(users); var fact = new IdentityServerServiceFactory { Logger = () => logger, UserService = () => userSvc, AuthorizationCodeStore = () => codeStore, TokenHandleStore = () => tokenStore, CoreSettings = () => settings, ConsentService = () => consent, ScopeService = () => scopes, ClientService = () => clients }; return(fact); }
public async Task Reused_AuthorizationCode() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Subject = IdentityServerPrincipal.Create("123", "bob"), Client = client, IsOpenId = true, RedirectUri = "https://server/cb", RequestedScopes = new List <Scope> { new Scope { Name = "openid" } } }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store, customRequestValidator: new DefaultCustomRequestValidator()); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); // request first time var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeFalse(); // request second time validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store, customRequestValidator: new DefaultCustomRequestValidator()); result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant); }
public void Client_Null() { var store = new InMemoryAuthorizationCodeStore(); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); Func <Task> act = () => validator.ValidateRequestAsync(parameters, null); act.ShouldThrow <ArgumentNullException>(); }
public async Task Reused_AuthorizationCode() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = new Uri("https://server/cb"), RequestedScopes = new List <Scope> { new Scope { Name = "openid" } } }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store, customRequestValidator: new DefaultCustomRequestValidator()); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); // request first time var result = await validator.ValidateRequestAsync(parameters, client); Assert.IsFalse(result.IsError); // request second time validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store, customRequestValidator: new DefaultCustomRequestValidator()); result = await validator.ValidateRequestAsync(parameters, client); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error); }
public async Task Valid_Code_Request_With_CodeVerifier_Sha256() { var client = await _clients.FindClientByIdAsync("codewithproofkeyclient"); var store = new InMemoryAuthorizationCodeStore(); var options = new IdentityServerOptions(); var codeVerifier = "x".Repeat(options.InputLengthRestrictions.CodeChallengeMinLength); var codeVerifierBytes = Encoding.ASCII.GetBytes(codeVerifier); var hashedBytes = codeVerifierBytes.Sha256(); var codeChallenge = Base64Url.Encode(hashedBytes); var code = new AuthorizationCode { Client = client, Subject = IdentityServerPrincipal.Create("123", "bob"), RedirectUri = "https://server/cb", CodeChallenge = codeChallenge.Sha256(), CodeChallengeMethod = Constants.CodeChallengeMethods.SHA_256, RequestedScopes = new List <Scope> { new Scope { Name = "openid" } } }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); parameters.Add(Constants.TokenRequest.CodeVerifier, codeVerifier); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeFalse(); }
public async Task Code_Request_with_disabled_User() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var mock = new Mock <IUserService>(); mock.Setup(u => u.IsActiveAsync(It.IsAny <IsActiveContext>())).Callback <IsActiveContext>(ctx => { ctx.IsActive = false; }).Returns(Task.FromResult(0)); var code = new AuthorizationCode { Client = client, Subject = IdentityServerPrincipal.Create("123", "bob"), RedirectUri = "https://server/cb", RequestedScopes = new List <Scope> { new Scope { Name = "openid" } } }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store, userService: mock.Object); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); }
public async Task Code_Request_PKCE_Transformed_CodeVerifier_Doesnt_Match_CodeChallenge_Sha256(string clientId) { var client = await _clients.FindClientByIdAsync(clientId); var store = new InMemoryAuthorizationCodeStore(); var options = new IdentityServerOptions(); var code = new AuthorizationCode { Client = client, Subject = IdentityServerPrincipal.Create("123", "bob"), RedirectUri = "https://server/cb", CodeChallenge = "x".Repeat(options.InputLengthRestrictions.CodeChallengeMinLength), CodeChallengeMethod = Constants.CodeChallengeMethods.SHA_256, RequestedScopes = new List <Scope> { new Scope { Name = "openid" } } }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); parameters.Add(Constants.TokenRequest.CodeVerifier, "x".Repeat(options.InputLengthRestrictions.CodeVerifierMinLength) + "doesntmatch"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.InvalidGrant); }
public async Task Valid_Code_Request_with_Refresh_Token() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, RedirectUri = new Uri("https://server/cb"), RequestedScopes = new List <Scope> { new Scope { Name = "openid" }, new Scope { Name = "offline_access" } } }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); Assert.IsFalse(result.IsError); }
public async Task Code_Request_with_disabled_User() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, Subject = IdentityServerPrincipal.Create("123", "bob"), RedirectUri = "https://server/cb", RequestedScopes = new List <Scope> { new Scope { Name = "openid" } } }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store, profile: new TestProfileService(shouldBeActive: false)); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.InvalidRequest); }
public static IContainer Configure(IdentityServerOptions options) { if (options == null) { throw new ArgumentNullException("options"); } if (options.Factory == null) { throw new InvalidOperationException("null factory"); } IdentityServerServiceFactory fact = options.Factory; fact.Validate(); var builder = new ContainerBuilder(); builder.RegisterInstance(options).AsSelf(); // mandatory from factory builder.Register(fact.UserService); builder.Register(fact.ScopeStore); builder.Register(fact.ClientStore); // optional from factory if (fact.AuthorizationCodeStore != null) { builder.Register(fact.AuthorizationCodeStore); } else { var inmemCodeStore = new InMemoryAuthorizationCodeStore(); builder.RegisterInstance(inmemCodeStore).As <IAuthorizationCodeStore>(); } if (fact.TokenHandleStore != null) { builder.Register(fact.TokenHandleStore); } else { var inmemTokenHandleStore = new InMemoryTokenHandleStore(); builder.RegisterInstance(inmemTokenHandleStore).As <ITokenHandleStore>(); } if (fact.RefreshTokenStore != null) { builder.Register(fact.RefreshTokenStore); } else { var inmemRefreshTokenStore = new InMemoryRefreshTokenStore(); builder.RegisterInstance(inmemRefreshTokenStore).As <IRefreshTokenStore>(); } if (fact.ConsentStore != null) { builder.Register(fact.ConsentStore); } else { var inmemConsentStore = new InMemoryConsentStore(); builder.RegisterInstance(inmemConsentStore).As <IConsentStore>(); } if (fact.ClaimsProvider != null) { builder.Register(fact.ClaimsProvider); } else { builder.RegisterType <DefaultClaimsProvider>().As <IClaimsProvider>(); } if (fact.TokenService != null) { builder.Register(fact.TokenService); } else { builder.RegisterType <DefaultTokenService>().As <ITokenService>(); } if (fact.RefreshTokenService != null) { builder.Register(fact.RefreshTokenService); } else { builder.RegisterType <DefaultRefreshTokenService>().As <IRefreshTokenService>(); } if (fact.TokenSigningService != null) { builder.Register(fact.TokenSigningService); } else { builder.RegisterType <DefaultTokenSigningService>().As <ITokenSigningService>(); } if (fact.CustomRequestValidator != null) { builder.Register(fact.CustomRequestValidator); } else { builder.RegisterType <DefaultCustomRequestValidator>().As <ICustomRequestValidator>(); } if (fact.AssertionGrantValidator != null) { builder.Register(fact.AssertionGrantValidator); } else { builder.RegisterType <DefaultAssertionGrantValidator>().As <IAssertionGrantValidator>(); } if (fact.ExternalClaimsFilter != null) { builder.Register(fact.ExternalClaimsFilter); } else { builder.RegisterType <DefaultExternalClaimsFilter>().As <IExternalClaimsFilter>(); } if (fact.CustomTokenValidator != null) { builder.Register(fact.CustomTokenValidator); } else { builder.RegisterType <DefaultCustomTokenValidator>().As <ICustomTokenValidator>(); } if (fact.ConsentService != null) { builder.Register(fact.ConsentService); } else { builder.RegisterType <DefaultConsentService>().As <IConsentService>(); } if (fact.ViewService != null) { builder.Register(fact.ViewService); } else { builder.RegisterType <EmbeddedAssetsViewService>().As <IViewService>(); } // validators builder.RegisterType <TokenRequestValidator>(); builder.RegisterType <AuthorizeRequestValidator>(); builder.RegisterType <ClientValidator>(); builder.RegisterType <TokenValidator>(); // processors builder.RegisterType <TokenResponseGenerator>(); builder.RegisterType <AuthorizeResponseGenerator>(); builder.RegisterType <AuthorizeInteractionResponseGenerator>(); builder.RegisterType <UserInfoResponseGenerator>(); // general services builder.RegisterType <CookieMiddlewareTrackingCookieService>().As <ITrackingCookieService>(); // for authentication var authenticationOptions = options.AuthenticationOptions ?? new AuthenticationOptions(); builder.RegisterInstance(authenticationOptions).AsSelf(); // load core controller builder.RegisterApiControllers(typeof(AuthorizeEndpointController).Assembly); // add any additional dependencies from hosting application foreach (var registration in fact.Registrations) { builder.Register(registration); } return(builder.Build()); }
public static IContainer Configure(IdentityServerOptions options) { if (options == null) { throw new ArgumentNullException("options"); } if (options.Factory == null) { throw new InvalidOperationException("null factory"); } IdentityServerServiceFactory fact = options.Factory; fact.Validate(); var builder = new ContainerBuilder(); builder.RegisterInstance(options).AsSelf(); // mandatory from factory builder.Register(fact.UserService, "inner"); builder.RegisterDecorator <IUserService>((s, inner) => { var filter = s.Resolve <IExternalClaimsFilter>(); return(new ExternalClaimsFilterUserService(filter, inner)); }, "inner"); builder.Register(fact.ScopeStore); builder.Register(fact.ClientStore); // optional from factory if (fact.AuthorizationCodeStore != null) { builder.Register(fact.AuthorizationCodeStore, "inner"); } else { var inmemCodeStore = new InMemoryAuthorizationCodeStore(); builder.RegisterInstance(inmemCodeStore).Named <IAuthorizationCodeStore>("inner"); } builder.RegisterDecorator <IAuthorizationCodeStore>((s, inner) => { return(new KeyHashingAuthorizationCodeStore(inner)); }, "inner"); if (fact.TokenHandleStore != null) { builder.Register(fact.TokenHandleStore, "inner"); } else { var inmemTokenHandleStore = new InMemoryTokenHandleStore(); builder.RegisterInstance(inmemTokenHandleStore).Named <ITokenHandleStore>("inner"); } builder.RegisterDecorator <ITokenHandleStore>((s, inner) => { return(new KeyHashingTokenHandleStore(inner)); }, "inner"); if (fact.RefreshTokenStore != null) { builder.Register(fact.RefreshTokenStore, "inner"); } else { var inmemRefreshTokenStore = new InMemoryRefreshTokenStore(); builder.RegisterInstance(inmemRefreshTokenStore).Named <IRefreshTokenStore>("inner"); } builder.RegisterDecorator <IRefreshTokenStore>((s, inner) => { return(new KeyHashingRefreshTokenStore(inner)); }, "inner"); if (fact.ConsentStore != null) { builder.Register(fact.ConsentStore); } else { var inmemConsentStore = new InMemoryConsentStore(); builder.RegisterInstance(inmemConsentStore).As <IConsentStore>(); } if (fact.ClaimsProvider != null) { builder.Register(fact.ClaimsProvider); } else { builder.RegisterType <DefaultClaimsProvider>().As <IClaimsProvider>(); } if (fact.TokenService != null) { builder.Register(fact.TokenService); } else { builder.RegisterType <DefaultTokenService>().As <ITokenService>(); } if (fact.RefreshTokenService != null) { builder.Register(fact.RefreshTokenService); } else { builder.RegisterType <DefaultRefreshTokenService>().As <IRefreshTokenService>(); } if (fact.TokenSigningService != null) { builder.Register(fact.TokenSigningService); } else { builder.RegisterType <DefaultTokenSigningService>().As <ITokenSigningService>(); } if (fact.CustomRequestValidator != null) { builder.Register(fact.CustomRequestValidator); } else { builder.RegisterType <DefaultCustomRequestValidator>().As <ICustomRequestValidator>(); } if (fact.CustomGrantValidator != null) { builder.Register(fact.CustomGrantValidator); } else { builder.RegisterType <DefaultCustomGrantValidator>().As <ICustomGrantValidator>(); } if (fact.ExternalClaimsFilter != null) { builder.Register(fact.ExternalClaimsFilter); } else { builder.RegisterType <NopClaimsFilter>().As <IExternalClaimsFilter>(); } if (fact.CustomTokenValidator != null) { builder.Register(fact.CustomTokenValidator); } else { builder.RegisterType <DefaultCustomTokenValidator>().As <ICustomTokenValidator>(); } if (fact.ConsentService != null) { builder.Register(fact.ConsentService); } else { builder.RegisterType <DefaultConsentService>().As <IConsentService>(); } if (fact.EventService != null) { builder.Register(fact.EventService); } else { builder.RegisterType <DefaultEventService>().As <IEventService>(); } if (fact.RedirectUriValidator != null) { builder.Register(fact.RedirectUriValidator); } else { builder.RegisterType <DefaultRedirectUriValidator>().As <IRedirectUriValidator>(); } // this is more of an internal interface, but maybe we want to open it up as pluggable? // this is used by the DefaultClientPermissionsService below, or it could be used // by a custom IClientPermissionsService builder.Register(ctx => { var consent = ctx.Resolve <IConsentStore>(); var refresh = ctx.Resolve <IRefreshTokenStore>(); var code = ctx.Resolve <IAuthorizationCodeStore>(); var access = ctx.Resolve <ITokenHandleStore>(); return(new AggregatePermissionsStore( consent, new TokenMetadataPermissionsStoreAdapter(refresh.GetAllAsync, refresh.RevokeAsync), new TokenMetadataPermissionsStoreAdapter(code.GetAllAsync, code.RevokeAsync), new TokenMetadataPermissionsStoreAdapter(access.GetAllAsync, access.RevokeAsync) )); }).As <IPermissionsStore>(); if (fact.ClientPermissionsService != null) { builder.Register(fact.ClientPermissionsService); } else { builder.RegisterType <DefaultClientPermissionsService>().As <IClientPermissionsService>(); } if (fact.ViewService != null) { builder.Register(fact.ViewService); } else { builder.RegisterType <DefaultViewService>().As <IViewService>(); } // hosting services builder.RegisterType <OwinEnvironmentService>(); // validators builder.RegisterType <TokenRequestValidator>(); builder.RegisterType <AuthorizeRequestValidator>(); builder.RegisterType <ClientValidator>(); builder.RegisterType <TokenValidator>(); builder.RegisterType <EndSessionRequestValidator>(); builder.RegisterType <BearerTokenUsageValidator>(); builder.RegisterType <ScopeValidator>(); // processors builder.RegisterType <TokenResponseGenerator>(); builder.RegisterType <AuthorizeResponseGenerator>(); builder.RegisterType <AuthorizeInteractionResponseGenerator>(); builder.RegisterType <UserInfoResponseGenerator>(); builder.RegisterType <EndSessionResponseGenerator>(); // for authentication var authenticationOptions = options.AuthenticationOptions ?? new AuthenticationOptions(); builder.RegisterInstance(authenticationOptions).AsSelf(); // load core controller builder.RegisterApiControllers(typeof(AuthorizeEndpointController).Assembly); // add any additional dependencies from hosting application foreach (var registration in fact.Registrations) { builder.Register(registration); } return(builder.Build()); }