public async Task <IActionResult> Create(CreateOpenIdApplicationViewModel model, string returnUrl = null)
        {
            if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications))
            {
                return(Forbid());
            }

            if (!string.IsNullOrEmpty(model.ClientSecret) &&
                string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
            {
                ModelState.AddModelError(nameof(model.ClientSecret), S["No client secret can be set for public applications."]);
            }
            else if (string.IsNullOrEmpty(model.ClientSecret) &&
                     string.Equals(model.Type, OpenIddictConstants.ClientTypes.Confidential, StringComparison.OrdinalIgnoreCase))
            {
                ModelState.AddModelError(nameof(model.ClientSecret), S["The client secret is required for confidential applications."]);
            }

            if (!string.IsNullOrEmpty(model.ClientId) && await _applicationManager.FindByClientIdAsync(model.ClientId) != null)
            {
                ModelState.AddModelError(nameof(model.ClientId), S["The client identifier is already taken by another application."]);
            }

            if (!ModelState.IsValid)
            {
                ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync();

                ViewData["ReturnUrl"] = returnUrl;
                return(View(model));
            }

            var settings = new OpenIdApplicationSettings()
            {
                AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow,
                AllowClientCredentialsFlow = model.AllowClientCredentialsFlow,
                AllowHybridFlow            = model.AllowHybridFlow,
                AllowImplicitFlow          = model.AllowImplicitFlow,
                AllowLogoutEndpoint        = model.AllowLogoutEndpoint,
                AllowPasswordFlow          = model.AllowPasswordFlow,
                AllowRefreshTokenFlow      = model.AllowRefreshTokenFlow,
                ClientId               = model.ClientId,
                ClientSecret           = model.ClientSecret,
                ConsentType            = model.ConsentType,
                DisplayName            = model.DisplayName,
                PostLogoutRedirectUris = model.PostLogoutRedirectUris,
                RedirectUris           = model.RedirectUris,
                Roles  = model.RoleEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(),
                Scopes = model.ScopeEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(),
                Type   = model.Type
            };

            await _applicationManager.UpdateDescriptorFromSettings(settings);

            if (string.IsNullOrEmpty(returnUrl))
            {
                return(RedirectToAction(nameof(Index)));
            }

            return(this.LocalRedirect(returnUrl, true));
        }
        public async Task ExecuteAsync(RecipeExecutionContext context)
        {
            if (!string.Equals(context.Name, "OpenIdApplication", StringComparison.OrdinalIgnoreCase))
            {
                return;
            }

            var model = context.Step.ToObject <OpenIdApplicationStepModel>();
            var app   = await _applicationManager.FindByClientIdAsync(model.ClientId);

            var settings = new OpenIdApplicationSettings()
            {
                AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow,
                AllowClientCredentialsFlow = model.AllowClientCredentialsFlow,
                AllowHybridFlow            = model.AllowHybridFlow,
                AllowImplicitFlow          = model.AllowImplicitFlow,
                AllowIntrospectionEndpoint = model.AllowIntrospectionEndpoint,
                AllowLogoutEndpoint        = model.AllowLogoutEndpoint,
                AllowPasswordFlow          = model.AllowPasswordFlow,
                AllowRefreshTokenFlow      = model.AllowRefreshTokenFlow,
                AllowRevocationEndpoint    = model.AllowRevocationEndpoint,
                ClientId               = model.ClientId,
                ClientSecret           = model.ClientSecret,
                ConsentType            = model.ConsentType,
                DisplayName            = model.DisplayName,
                PostLogoutRedirectUris = model.PostLogoutRedirectUris,
                RedirectUris           = model.RedirectUris,
                Roles  = model.RoleEntries.Select(x => x.Name).ToArray(),
                Scopes = model.ScopeEntries.Select(x => x.Name).ToArray(),
                Type   = model.Type,
                RequireProofKeyForCodeExchange = model.RequireProofKeyForCodeExchange,
            };

            await _applicationManager.UpdateDescriptorFromSettings(settings, app);
        }