public async Task AuthorizationCodeTooLong()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var options = new IdentityServerOptions();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = "https://server/cb",
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var longCode = "x".Repeat(options.InputLengthRestrictions.AuthorizationCode + 1);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode);
parameters.Add(OidcConstants.TokenRequest.Code, longCode);
parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant);
}
public async Task Different_RedirectUri_Between_Authorize_And_Token_Request()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = "https://server1/cb",
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode);
parameters.Add(OidcConstants.TokenRequest.Code, "valid");
parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server2/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.TokenErrors.UnauthorizedClient);
}
public async Task Client_Trying_To_Request_Token_Using_Another_Clients_Code()
{
var client1 = await _clients.FindClientByIdAsync("codeclient");
var client2 = await _clients.FindClientByIdAsync("codeclient_restricted");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client1,
IsOpenId = true,
RedirectUri = "https://server/cb",
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client2);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.InvalidGrant);
}
public async Task Client_Not_Authorized_For_AuthorizationCode_Flow()
{
var client = await _clients.FindClientByIdAsync("implicitclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.TokenErrors.UnauthorizedClient, result.Error);
}
public async Task Expired_AuthorizationCode()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = "https://server/cb",
CreationTime = DateTimeOffset.UtcNow.AddSeconds(-100)
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.InvalidGrant);
}
public async Task Unknown_Grant_Type()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = "https://server/cb",
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "unknown");
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.UnsupportedGrantType);
}
public async Task Valid_Code_Request()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Subject = IdentityServerPrincipal.Create("123", "bob"),
Client = client,
RedirectUri = "https://server/cb",
RequestedScopes = new List <Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeFalse();
}
public async Task Parameters_Null()
{
var store = new InMemoryAuthorizationCodeStore();
var validator = Factory.CreateTokenValidator(
authorizationCodeStore: store);
var result = await validator.ValidateRequestAsync(null, null);
}
public void Parameters_Null()
{
var store = new InMemoryAuthorizationCodeStore();
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
Func <Task> act = () => validator.ValidateRequestAsync(null, null);
act.ShouldThrow <ArgumentNullException>();
}
public async Task Client_Null()
{
var store = new InMemoryAuthorizationCodeStore();
var validator = Factory.CreateTokenValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, null);
}
public static IdentityServerServiceFactory Create(
string issuerUri, string siteName, string publicHostAddress = "")
{
var settings = new LocalTestCoreSettings(issuerUri, siteName, publicHostAddress);
var codeStore = new InMemoryAuthorizationCodeStore();
var tokenStore = new InMemoryTokenHandleStore();
var consent = new InMemoryConsentService();
var scopes = new InMemoryScopeService(LocalTestScopes.Get());
var clients = new InMemoryClientService(LocalTestClients.Get());
var logger = new TraceLogger();
var users = new InMemoryUser[]
{
new InMemoryUser {
Subject = "alice", Username = "******", Password = "******",
Claims = new Claim[]
{
new Claim(Constants.ClaimTypes.GivenName, "Alice"),
new Claim(Constants.ClaimTypes.FamilyName, "Smith"),
new Claim(Constants.ClaimTypes.Email, "*****@*****.**"),
}
},
new InMemoryUser {
Subject = "bob", Username = "******", Password = "******",
Claims = new Claim[]
{
new Claim(Constants.ClaimTypes.GivenName, "Bob"),
new Claim(Constants.ClaimTypes.FamilyName, "Smith"),
new Claim(Constants.ClaimTypes.Email, "*****@*****.**"),
}
},
};
var userSvc = new InMemoryUserService(users);
var fact = new IdentityServerServiceFactory
{
Logger = () => logger,
UserService = () => userSvc,
AuthorizationCodeStore = () => codeStore,
TokenHandleStore = () => tokenStore,
CoreSettings = () => settings,
ConsentService = () => consent,
ScopeService = () => scopes,
ClientService = () => clients
};
return(fact);
}
public async Task Reused_AuthorizationCode()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Subject = IdentityServerPrincipal.Create("123", "bob"),
Client = client,
IsOpenId = true,
RedirectUri = "https://server/cb",
RequestedScopes = new List <Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store,
customRequestValidator: new DefaultCustomRequestValidator());
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode);
parameters.Add(OidcConstants.TokenRequest.Code, "valid");
parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb");
// request first time
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeFalse();
// request second time
validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store,
customRequestValidator: new DefaultCustomRequestValidator());
result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant);
}
public void Client_Null()
{
var store = new InMemoryAuthorizationCodeStore();
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
Func <Task> act = () => validator.ValidateRequestAsync(parameters, null);
act.ShouldThrow <ArgumentNullException>();
}
public async Task Reused_AuthorizationCode()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
RequestedScopes = new List <Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store,
customRequestValidator: new DefaultCustomRequestValidator());
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
// request first time
var result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsFalse(result.IsError);
// request second time
validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store,
customRequestValidator: new DefaultCustomRequestValidator());
result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error);
}
public async Task Valid_Code_Request_With_CodeVerifier_Sha256()
{
var client = await _clients.FindClientByIdAsync("codewithproofkeyclient");
var store = new InMemoryAuthorizationCodeStore();
var options = new IdentityServerOptions();
var codeVerifier = "x".Repeat(options.InputLengthRestrictions.CodeChallengeMinLength);
var codeVerifierBytes = Encoding.ASCII.GetBytes(codeVerifier);
var hashedBytes = codeVerifierBytes.Sha256();
var codeChallenge = Base64Url.Encode(hashedBytes);
var code = new AuthorizationCode
{
Client = client,
Subject = IdentityServerPrincipal.Create("123", "bob"),
RedirectUri = "https://server/cb",
CodeChallenge = codeChallenge.Sha256(),
CodeChallengeMethod = Constants.CodeChallengeMethods.SHA_256,
RequestedScopes = new List <Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
parameters.Add(Constants.TokenRequest.CodeVerifier, codeVerifier);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeFalse();
}
public async Task Code_Request_with_disabled_User()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var mock = new Mock <IUserService>();
mock.Setup(u => u.IsActiveAsync(It.IsAny <IsActiveContext>())).Callback <IsActiveContext>(ctx =>
{
ctx.IsActive = false;
}).Returns(Task.FromResult(0));
var code = new AuthorizationCode
{
Client = client,
Subject = IdentityServerPrincipal.Create("123", "bob"),
RedirectUri = "https://server/cb",
RequestedScopes = new List <Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store,
userService: mock.Object);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
}
public async Task Code_Request_PKCE_Transformed_CodeVerifier_Doesnt_Match_CodeChallenge_Sha256(string clientId)
{
var client = await _clients.FindClientByIdAsync(clientId);
var store = new InMemoryAuthorizationCodeStore();
var options = new IdentityServerOptions();
var code = new AuthorizationCode
{
Client = client,
Subject = IdentityServerPrincipal.Create("123", "bob"),
RedirectUri = "https://server/cb",
CodeChallenge = "x".Repeat(options.InputLengthRestrictions.CodeChallengeMinLength),
CodeChallengeMethod = Constants.CodeChallengeMethods.SHA_256,
RequestedScopes = new List <Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
parameters.Add(Constants.TokenRequest.CodeVerifier, "x".Repeat(options.InputLengthRestrictions.CodeVerifierMinLength) + "doesntmatch");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.InvalidGrant);
}
public async Task Valid_Code_Request_with_Refresh_Token()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
RedirectUri = new Uri("https://server/cb"),
RequestedScopes = new List <Scope>
{
new Scope
{
Name = "openid"
},
new Scope
{
Name = "offline_access"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsFalse(result.IsError);
}
public async Task Code_Request_with_disabled_User()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
Subject = IdentityServerPrincipal.Create("123", "bob"),
RedirectUri = "https://server/cb",
RequestedScopes = new List <Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store,
profile: new TestProfileService(shouldBeActive: false));
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode);
parameters.Add(OidcConstants.TokenRequest.Code, "valid");
parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.TokenErrors.InvalidRequest);
}
public static IContainer Configure(IdentityServerOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
if (options.Factory == null)
{
throw new InvalidOperationException("null factory");
}
IdentityServerServiceFactory fact = options.Factory;
fact.Validate();
var builder = new ContainerBuilder();
builder.RegisterInstance(options).AsSelf();
// mandatory from factory
builder.Register(fact.UserService);
builder.Register(fact.ScopeStore);
builder.Register(fact.ClientStore);
// optional from factory
if (fact.AuthorizationCodeStore != null)
{
builder.Register(fact.AuthorizationCodeStore);
}
else
{
var inmemCodeStore = new InMemoryAuthorizationCodeStore();
builder.RegisterInstance(inmemCodeStore).As <IAuthorizationCodeStore>();
}
if (fact.TokenHandleStore != null)
{
builder.Register(fact.TokenHandleStore);
}
else
{
var inmemTokenHandleStore = new InMemoryTokenHandleStore();
builder.RegisterInstance(inmemTokenHandleStore).As <ITokenHandleStore>();
}
if (fact.RefreshTokenStore != null)
{
builder.Register(fact.RefreshTokenStore);
}
else
{
var inmemRefreshTokenStore = new InMemoryRefreshTokenStore();
builder.RegisterInstance(inmemRefreshTokenStore).As <IRefreshTokenStore>();
}
if (fact.ConsentStore != null)
{
builder.Register(fact.ConsentStore);
}
else
{
var inmemConsentStore = new InMemoryConsentStore();
builder.RegisterInstance(inmemConsentStore).As <IConsentStore>();
}
if (fact.ClaimsProvider != null)
{
builder.Register(fact.ClaimsProvider);
}
else
{
builder.RegisterType <DefaultClaimsProvider>().As <IClaimsProvider>();
}
if (fact.TokenService != null)
{
builder.Register(fact.TokenService);
}
else
{
builder.RegisterType <DefaultTokenService>().As <ITokenService>();
}
if (fact.RefreshTokenService != null)
{
builder.Register(fact.RefreshTokenService);
}
else
{
builder.RegisterType <DefaultRefreshTokenService>().As <IRefreshTokenService>();
}
if (fact.TokenSigningService != null)
{
builder.Register(fact.TokenSigningService);
}
else
{
builder.RegisterType <DefaultTokenSigningService>().As <ITokenSigningService>();
}
if (fact.CustomRequestValidator != null)
{
builder.Register(fact.CustomRequestValidator);
}
else
{
builder.RegisterType <DefaultCustomRequestValidator>().As <ICustomRequestValidator>();
}
if (fact.AssertionGrantValidator != null)
{
builder.Register(fact.AssertionGrantValidator);
}
else
{
builder.RegisterType <DefaultAssertionGrantValidator>().As <IAssertionGrantValidator>();
}
if (fact.ExternalClaimsFilter != null)
{
builder.Register(fact.ExternalClaimsFilter);
}
else
{
builder.RegisterType <DefaultExternalClaimsFilter>().As <IExternalClaimsFilter>();
}
if (fact.CustomTokenValidator != null)
{
builder.Register(fact.CustomTokenValidator);
}
else
{
builder.RegisterType <DefaultCustomTokenValidator>().As <ICustomTokenValidator>();
}
if (fact.ConsentService != null)
{
builder.Register(fact.ConsentService);
}
else
{
builder.RegisterType <DefaultConsentService>().As <IConsentService>();
}
if (fact.ViewService != null)
{
builder.Register(fact.ViewService);
}
else
{
builder.RegisterType <EmbeddedAssetsViewService>().As <IViewService>();
}
// validators
builder.RegisterType <TokenRequestValidator>();
builder.RegisterType <AuthorizeRequestValidator>();
builder.RegisterType <ClientValidator>();
builder.RegisterType <TokenValidator>();
// processors
builder.RegisterType <TokenResponseGenerator>();
builder.RegisterType <AuthorizeResponseGenerator>();
builder.RegisterType <AuthorizeInteractionResponseGenerator>();
builder.RegisterType <UserInfoResponseGenerator>();
// general services
builder.RegisterType <CookieMiddlewareTrackingCookieService>().As <ITrackingCookieService>();
// for authentication
var authenticationOptions = options.AuthenticationOptions ?? new AuthenticationOptions();
builder.RegisterInstance(authenticationOptions).AsSelf();
// load core controller
builder.RegisterApiControllers(typeof(AuthorizeEndpointController).Assembly);
// add any additional dependencies from hosting application
foreach (var registration in fact.Registrations)
{
builder.Register(registration);
}
return(builder.Build());
}
public static IContainer Configure(IdentityServerOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
if (options.Factory == null)
{
throw new InvalidOperationException("null factory");
}
IdentityServerServiceFactory fact = options.Factory;
fact.Validate();
var builder = new ContainerBuilder();
builder.RegisterInstance(options).AsSelf();
// mandatory from factory
builder.Register(fact.UserService, "inner");
builder.RegisterDecorator <IUserService>((s, inner) =>
{
var filter = s.Resolve <IExternalClaimsFilter>();
return(new ExternalClaimsFilterUserService(filter, inner));
}, "inner");
builder.Register(fact.ScopeStore);
builder.Register(fact.ClientStore);
// optional from factory
if (fact.AuthorizationCodeStore != null)
{
builder.Register(fact.AuthorizationCodeStore, "inner");
}
else
{
var inmemCodeStore = new InMemoryAuthorizationCodeStore();
builder.RegisterInstance(inmemCodeStore).Named <IAuthorizationCodeStore>("inner");
}
builder.RegisterDecorator <IAuthorizationCodeStore>((s, inner) =>
{
return(new KeyHashingAuthorizationCodeStore(inner));
}, "inner");
if (fact.TokenHandleStore != null)
{
builder.Register(fact.TokenHandleStore, "inner");
}
else
{
var inmemTokenHandleStore = new InMemoryTokenHandleStore();
builder.RegisterInstance(inmemTokenHandleStore).Named <ITokenHandleStore>("inner");
}
builder.RegisterDecorator <ITokenHandleStore>((s, inner) =>
{
return(new KeyHashingTokenHandleStore(inner));
}, "inner");
if (fact.RefreshTokenStore != null)
{
builder.Register(fact.RefreshTokenStore, "inner");
}
else
{
var inmemRefreshTokenStore = new InMemoryRefreshTokenStore();
builder.RegisterInstance(inmemRefreshTokenStore).Named <IRefreshTokenStore>("inner");
}
builder.RegisterDecorator <IRefreshTokenStore>((s, inner) =>
{
return(new KeyHashingRefreshTokenStore(inner));
}, "inner");
if (fact.ConsentStore != null)
{
builder.Register(fact.ConsentStore);
}
else
{
var inmemConsentStore = new InMemoryConsentStore();
builder.RegisterInstance(inmemConsentStore).As <IConsentStore>();
}
if (fact.ClaimsProvider != null)
{
builder.Register(fact.ClaimsProvider);
}
else
{
builder.RegisterType <DefaultClaimsProvider>().As <IClaimsProvider>();
}
if (fact.TokenService != null)
{
builder.Register(fact.TokenService);
}
else
{
builder.RegisterType <DefaultTokenService>().As <ITokenService>();
}
if (fact.RefreshTokenService != null)
{
builder.Register(fact.RefreshTokenService);
}
else
{
builder.RegisterType <DefaultRefreshTokenService>().As <IRefreshTokenService>();
}
if (fact.TokenSigningService != null)
{
builder.Register(fact.TokenSigningService);
}
else
{
builder.RegisterType <DefaultTokenSigningService>().As <ITokenSigningService>();
}
if (fact.CustomRequestValidator != null)
{
builder.Register(fact.CustomRequestValidator);
}
else
{
builder.RegisterType <DefaultCustomRequestValidator>().As <ICustomRequestValidator>();
}
if (fact.CustomGrantValidator != null)
{
builder.Register(fact.CustomGrantValidator);
}
else
{
builder.RegisterType <DefaultCustomGrantValidator>().As <ICustomGrantValidator>();
}
if (fact.ExternalClaimsFilter != null)
{
builder.Register(fact.ExternalClaimsFilter);
}
else
{
builder.RegisterType <NopClaimsFilter>().As <IExternalClaimsFilter>();
}
if (fact.CustomTokenValidator != null)
{
builder.Register(fact.CustomTokenValidator);
}
else
{
builder.RegisterType <DefaultCustomTokenValidator>().As <ICustomTokenValidator>();
}
if (fact.ConsentService != null)
{
builder.Register(fact.ConsentService);
}
else
{
builder.RegisterType <DefaultConsentService>().As <IConsentService>();
}
if (fact.EventService != null)
{
builder.Register(fact.EventService);
}
else
{
builder.RegisterType <DefaultEventService>().As <IEventService>();
}
if (fact.RedirectUriValidator != null)
{
builder.Register(fact.RedirectUriValidator);
}
else
{
builder.RegisterType <DefaultRedirectUriValidator>().As <IRedirectUriValidator>();
}
// this is more of an internal interface, but maybe we want to open it up as pluggable?
// this is used by the DefaultClientPermissionsService below, or it could be used
// by a custom IClientPermissionsService
builder.Register(ctx =>
{
var consent = ctx.Resolve <IConsentStore>();
var refresh = ctx.Resolve <IRefreshTokenStore>();
var code = ctx.Resolve <IAuthorizationCodeStore>();
var access = ctx.Resolve <ITokenHandleStore>();
return(new AggregatePermissionsStore(
consent,
new TokenMetadataPermissionsStoreAdapter(refresh.GetAllAsync, refresh.RevokeAsync),
new TokenMetadataPermissionsStoreAdapter(code.GetAllAsync, code.RevokeAsync),
new TokenMetadataPermissionsStoreAdapter(access.GetAllAsync, access.RevokeAsync)
));
}).As <IPermissionsStore>();
if (fact.ClientPermissionsService != null)
{
builder.Register(fact.ClientPermissionsService);
}
else
{
builder.RegisterType <DefaultClientPermissionsService>().As <IClientPermissionsService>();
}
if (fact.ViewService != null)
{
builder.Register(fact.ViewService);
}
else
{
builder.RegisterType <DefaultViewService>().As <IViewService>();
}
// hosting services
builder.RegisterType <OwinEnvironmentService>();
// validators
builder.RegisterType <TokenRequestValidator>();
builder.RegisterType <AuthorizeRequestValidator>();
builder.RegisterType <ClientValidator>();
builder.RegisterType <TokenValidator>();
builder.RegisterType <EndSessionRequestValidator>();
builder.RegisterType <BearerTokenUsageValidator>();
builder.RegisterType <ScopeValidator>();
// processors
builder.RegisterType <TokenResponseGenerator>();
builder.RegisterType <AuthorizeResponseGenerator>();
builder.RegisterType <AuthorizeInteractionResponseGenerator>();
builder.RegisterType <UserInfoResponseGenerator>();
builder.RegisterType <EndSessionResponseGenerator>();
// for authentication
var authenticationOptions = options.AuthenticationOptions ?? new AuthenticationOptions();
builder.RegisterInstance(authenticationOptions).AsSelf();
// load core controller
builder.RegisterApiControllers(typeof(AuthorizeEndpointController).Assembly);
// add any additional dependencies from hosting application
foreach (var registration in fact.Registrations)
{
builder.Register(registration);
}
return(builder.Build());
}
