private async Task CreateControlClientDocmentAsync(LoginUpParty loginUpParty) { Console.WriteLine("Creating control client"); Console.Write("Add localhost test domain to enable local development [y/n] (default no): "); var addLocalhostDomain = Console.ReadKey(); Console.WriteLine(string.Empty); var controlClientRedirectUris = new List <string>(); var controlClientAllowCorsOrigins = new List <string>(); controlClientRedirectUris.AddRange(GetControlClientRedirectUris(settings.FoxIDsMasterControlClientEndpoint)); controlClientAllowCorsOrigins.Add(settings.FoxIDsMasterControlClientEndpoint.TrimEnd('/')); if (char.ToLower(addLocalhostDomain.KeyChar) == 'y') { controlClientRedirectUris.AddRange(GetControlClientRedirectUris("https://localhost:44332")); controlClientAllowCorsOrigins.Add("https://localhost:44332"); } var controlClientDownParty = new OidcDownParty { Name = controlClientName }; await controlClientDownParty.SetIdAsync(new Party.IdKey { TenantName = settings.MasterTenant, TrackName = settings.MasterTrack, PartyName = controlClientName }); controlClientDownParty.AllowUpParties = new List <UpPartyLink> { new UpPartyLink { Name = loginUpParty.Name, Type = loginUpParty.Type } }; controlClientDownParty.Client = new OidcDownClient { RedirectUris = controlClientRedirectUris, ResourceScopes = new List <OAuthDownResourceScope> { new OAuthDownResourceScope { Resource = controlApiResourceName, Scopes = new[] { controlApiResourceMasterScope, controlApiResourceTenantScope }.ToList() } }, ResponseTypes = new[] { "code" }.ToList(), Scopes = GetControlClientScopes(), RequirePkce = true, AuthorizationCodeLifetime = 30, IdTokenLifetime = 1800, // 30 minutes AccessTokenLifetime = 1800, // 30 minutes RefreshTokenLifetime = 86400, // 24 hours RefreshTokenAbsoluteLifetime = 86400, // 24 hours RefreshTokenUseOneTime = true, RefreshTokenLifetimeUnlimited = false, RequireLogoutIdTokenHint = true, }; controlClientDownParty.SetTenantPartitionId(); await simpleTenantRepository.SaveAsync(controlClientDownParty); Console.WriteLine("Control client document created and saved in Cosmos DB"); }
private async Task CreatePortalClientDocmentAsync(LoginUpParty loginUpParty) { Console.WriteLine("Creating portal client"); Console.Write("Add localhost test domain to enable local development [y/n] (default no): "); var addLocalhostDomain = Console.ReadKey(); Console.WriteLine(string.Empty); var portalClientRedirectUris = new List <string>(); portalClientRedirectUris.Add(settings.FoxIDsPortalAuthResponseEndpoint); if (char.ToLower(addLocalhostDomain.KeyChar) == 'y') { portalClientRedirectUris.Add("https://localhost:44332"); } var portalClientDownParty = new OidcDownParty(); await portalClientDownParty.SetIdAsync(new Party.IdKey { TenantName = settings.MasterTenant, TrackName = settings.MasterTrack, PartyName = portalClientName }); portalClientDownParty.AllowUpParties = new List <UpPartyLink> { new UpPartyLink { Name = loginUpParty.Name, Type = loginUpParty.Type } }; portalClientDownParty.Client = new OidcDownClient { RedirectUris = portalClientRedirectUris.ToList(), ResourceScopes = new List <OAuthDownResourceScope> { new OAuthDownResourceScope { Resource = apiResourceName, Scopes = new[] { "foxids_tenant" }.ToList() } }, ResponseTypes = new[] { "code", "id_token", "token" }.ToList(), AuthorizationCodeLifetime = 10, IdTokenLifetime = 1800, // 30 minutes AccessTokenLifetime = 1800, // 30 minutes RefreshTokenLifetime = 86400, // 24 hours RefreshTokenAbsoluteLifetime = 86400, // 24 hours RefreshTokenUseOneTime = true, RefreshTokenLifetimeUnlimited = false, RequireLogoutIdTokenHint = true, }; (var secret, var oauthClientSecret) = await CreateSecretAsync(); portalClientDownParty.Client.Secrets = new List <OAuthClientSecret> { oauthClientSecret }; portalClientDownParty.SetPartitionId(); await simpleTenantRepository.SaveAsync(portalClientDownParty); Console.WriteLine("Portal client document created and saved in Cosmos DB"); Console.WriteLine($"Portal client secret is: {secret}"); }
public async Task CreateMasterControlClientDocmentAsync(string tenantName, string controlClientBaseUri, LoginUpParty loginUpParty, bool includeMasterTenantScope = false) { var mControlClientDownParty = new OidcDownParty { Name = Constants.ControlClient.ClientId }; await mControlClientDownParty.SetIdAsync(new Party.IdKey { TenantName = tenantName?.ToLower(), TrackName = Constants.Routes.MasterTrackName, PartyName = Constants.ControlClient.ClientId }); mControlClientDownParty.AllowUpParties = new List <UpPartyLink> { new UpPartyLink { Name = loginUpParty.Name?.ToLower(), Type = loginUpParty.Type } }; mControlClientDownParty.AllowCorsOrigins = GetControlClientAllowCorsOrigins(controlClientBaseUri); var scopes = new List <string> { Constants.ControlApi.Scope.Tenant }; if (includeMasterTenantScope) { scopes.Add(Constants.ControlApi.Scope.Master); } mControlClientDownParty.Client = new OidcDownClient { RedirectUris = GetControlClientRedirectUris(tenantName?.ToLower(), controlClientBaseUri).ToList(), ResourceScopes = new List <OAuthDownResourceScope> { new OAuthDownResourceScope { Resource = Constants.ControlApi.ResourceName, Scopes = scopes } }, ResponseTypes = new[] { "code" }.ToList(), Scopes = GetControlClientScopes(), Claims = GetControlClientClaims(), RequirePkce = true, AuthorizationCodeLifetime = 30, IdTokenLifetime = 3600, // 1 hours AccessTokenLifetime = 3600, // 1 hours RefreshTokenLifetime = 7200, // 2 hours RefreshTokenAbsoluteLifetime = 21600, // 6 hours RefreshTokenUseOneTime = true, RefreshTokenLifetimeUnlimited = false, RequireLogoutIdTokenHint = false, }; await tenantRepository.CreateAsync(mControlClientDownParty); }
public async Task UpdateOidcDownPartyAsync(OidcDownParty party) => await PutAsync(oidcApiUri, party);
public async Task CreateOidcDownPartyAsync(OidcDownParty party) => await PostAsync(oidcApiUri, party);
private OidcDownPartyViewModel ToViewModel(GeneralOidcDownPartyViewModel generalOidcDownParty, OidcDownParty oidcDownParty, List <OAuthClientSecretResponse> oidcDownSecrets) { return(oidcDownParty.Map <OidcDownPartyViewModel>(afterMap => { if (afterMap.Client == null) { generalOidcDownParty.EnableClientTab = false; } else { generalOidcDownParty.EnableClientTab = true; afterMap.Client.ExistingSecrets = oidcDownSecrets.Select(s => new OAuthClientSecretViewModel { Name = s.Name, Info = s.Info }).ToList(); var defaultResourceScopeIndex = afterMap.Client.ResourceScopes.FindIndex(r => r.Resource.Equals(generalOidcDownParty.Name, StringComparison.Ordinal)); if (defaultResourceScopeIndex > -1) { afterMap.Client.DefaultResourceScope = true; var defaultResourceScope = afterMap.Client.ResourceScopes[defaultResourceScopeIndex]; if (defaultResourceScope.Scopes?.Count() > 0) { foreach (var scope in defaultResourceScope.Scopes) { afterMap.Client.DefaultResourceScopeScopes.Add(scope); } } afterMap.Client.ResourceScopes.RemoveAt(defaultResourceScopeIndex); } else { afterMap.Client.DefaultResourceScope = false; } afterMap.Client.ScopesViewModel = afterMap.Client.Scopes.Map <List <OidcDownScopeViewModel> >() ?? new List <OidcDownScopeViewModel>(); } if (afterMap.Resource == null) { generalOidcDownParty.EnableResourceTab = false; } else { generalOidcDownParty.EnableResourceTab = true; } if (afterMap.ClaimTransforms?.Count > 0) { afterMap.ClaimTransforms = afterMap.ClaimTransforms.MapClaimTransforms(); } })); }
private async Task CreateBlazorOidcAuthCodePkceSampleDownPartyAsync() { Func <string, Task> getAction = async(name) => { _ = await foxIDsApiClient.GetOidcDownPartyAsync(name); }; Func <string, Task> postAction = async(name) => { var baseUrl = "https://localhost:44345"; var oidcDownParty = new OidcDownParty { Name = name, AllowCorsOrigins = new[] { baseUrl }, AllowUpPartyNames = new[] { loginName, aspNetCoreSamlIdPSampleUpPartyName, identityserverOidcOpUpPartyName /*, "foxids_oidcpkce", "adfs_saml_idp"*/ }, Client = new OidcDownClient { ResourceScopes = new[] { // Scope to the application it self. //new OAuthDownResourceScope { Resource = name }, // Scope to API1. new OAuthDownResourceScope { Resource = "aspnetcore_api1_sample", Scopes = new [] { "admin", "some_access" } } }, Scopes = new[] { new OidcDownScope { Scope = "offline_access" }, new OidcDownScope { Scope = "profile", VoluntaryClaims = new[] { new OidcDownClaim { Claim = JwtClaimTypes.Name, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.FamilyName, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.GivenName, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.MiddleName, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.Nickname }, new OidcDownClaim { Claim = JwtClaimTypes.PreferredUsername }, new OidcDownClaim { Claim = JwtClaimTypes.Profile }, new OidcDownClaim { Claim = JwtClaimTypes.Picture }, new OidcDownClaim { Claim = JwtClaimTypes.Website }, new OidcDownClaim { Claim = JwtClaimTypes.Gender }, new OidcDownClaim { Claim = JwtClaimTypes.Birthdate }, new OidcDownClaim { Claim = JwtClaimTypes.Zoneinfo }, new OidcDownClaim { Claim = JwtClaimTypes.Locale }, new OidcDownClaim { Claim = JwtClaimTypes.UpdatedAt } } }, new OidcDownScope { Scope = "email", VoluntaryClaims = new[] { new OidcDownClaim { Claim = JwtClaimTypes.Email, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.EmailVerified } } }, new OidcDownScope { Scope = "address", VoluntaryClaims = new[] { new OidcDownClaim { Claim = JwtClaimTypes.Address, InIdToken = true } } }, new OidcDownScope { Scope = "phone", VoluntaryClaims = new[] { new OidcDownClaim { Claim = JwtClaimTypes.PhoneNumber, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.PhoneNumberVerified }, } }, }, Claims = new[] { new OidcDownClaim { Claim = JwtClaimTypes.Email, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.Name, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.FamilyName, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.GivenName, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.Role, InIdToken = true } }, ResponseTypes = new[] { "code" }, RedirectUris = new[] { UrlCombine.Combine(baseUrl, "authentication/login-callback"), UrlCombine.Combine(baseUrl, "authentication/logout-callback") }, RequirePkce = true, RequireLogoutIdTokenHint = true, AuthorizationCodeLifetime = 30, // 30 seconds IdTokenLifetime = 600, // 10 minutes AccessTokenLifetime = 600, // 10 minutes RefreshTokenLifetime = 900, // 15 minutes RefreshTokenAbsoluteLifetime = 1200, // 20 minutes RefreshTokenUseOneTime = false, RefreshTokenLifetimeUnlimited = false } }; await foxIDsApiClient.PostOidcDownPartyAsync(oidcDownParty); var secret = RandomGenerator.Generate(32); await foxIDsApiClient.PostOidcClientSecretDownPartyAsync(new OAuthClientSecretRequest { PartyName = oidcDownParty.Name, Secrets = new string[] { secret }, }); Console.WriteLine($"\t'{name}' client secret is: {secret}"); }; await CreateIfNotExistsAsync(blazorOidcAuthCodePkceSampleDownPartyName, getAction, postAction); }
private async Task CreateAspNetCoreOidcImplicitSampleDownPartyAsync() { Func <string, Task> getAction = async(name) => { _ = await foxIDsApiClient.GetOidcDownPartyAsync(name); }; Func <string, Task> postAction = async(name) => { var baseUrl = "https://localhost:44341"; var oidcDownParty = new OidcDownParty { Name = name, AllowCorsOrigins = new[] { baseUrl }, AllowUpPartyNames = new[] { loginName, aspNetCoreSamlIdPSampleUpPartyName, identityserverOidcOpUpPartyName /*, "foxids_oidcpkce", "adfs_saml_idp"*/ }, Client = new OidcDownClient { ResourceScopes = new[] { // Scope to the application it self. new OAuthDownResourceScope { Resource = name } }, Scopes = new[] { new OidcDownScope { Scope = "profile", VoluntaryClaims = new[] { new OidcDownClaim { Claim = JwtClaimTypes.Name, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.FamilyName, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.GivenName, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.MiddleName, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.Nickname }, new OidcDownClaim { Claim = JwtClaimTypes.PreferredUsername }, new OidcDownClaim { Claim = JwtClaimTypes.Profile }, new OidcDownClaim { Claim = JwtClaimTypes.Picture }, new OidcDownClaim { Claim = JwtClaimTypes.Website }, new OidcDownClaim { Claim = JwtClaimTypes.Gender }, new OidcDownClaim { Claim = JwtClaimTypes.Birthdate }, new OidcDownClaim { Claim = JwtClaimTypes.Zoneinfo }, new OidcDownClaim { Claim = JwtClaimTypes.Locale }, new OidcDownClaim { Claim = JwtClaimTypes.UpdatedAt } } }, new OidcDownScope { Scope = "email", VoluntaryClaims = new[] { new OidcDownClaim { Claim = JwtClaimTypes.Email, InIdToken = true }, new OidcDownClaim { Claim = JwtClaimTypes.EmailVerified } } }, }, Claims = new[] { new OidcDownClaim { Claim = JwtClaimTypes.Role, InIdToken = true } }, ResponseTypes = new[] { "id_token token", "id_token" }, RedirectUris = new[] { UrlCombine.Combine(baseUrl, "signin-oidc"), UrlCombine.Combine(baseUrl, "signout-callback-oidc") }, RequirePkce = false, RequireLogoutIdTokenHint = true, IdTokenLifetime = 3600, // 60 minutes AccessTokenLifetime = 3600 // 60 minutes } }; await foxIDsApiClient.PostOidcDownPartyAsync(oidcDownParty); }; await CreateIfNotExistsAsync(aspNetCoreOidcImplicitSampleDownPartyName, getAction, postAction); }
public async Task <OidcDownParty> UpdateOidcDownPartyAsync(OidcDownParty party) => await PutResponseAsync <OidcDownParty, OidcDownParty>(oidcApiUri, party);