private async Task CreateControlClientDocmentAsync(LoginUpParty loginUpParty)
{
Console.WriteLine("Creating control client");
Console.Write("Add localhost test domain to enable local development [y/n] (default no): ");
var addLocalhostDomain = Console.ReadKey();
Console.WriteLine(string.Empty);
var controlClientRedirectUris = new List <string>();
var controlClientAllowCorsOrigins = new List <string>();
controlClientRedirectUris.AddRange(GetControlClientRedirectUris(settings.FoxIDsMasterControlClientEndpoint));
controlClientAllowCorsOrigins.Add(settings.FoxIDsMasterControlClientEndpoint.TrimEnd('/'));
if (char.ToLower(addLocalhostDomain.KeyChar) == 'y')
{
controlClientRedirectUris.AddRange(GetControlClientRedirectUris("https://localhost:44332"));
controlClientAllowCorsOrigins.Add("https://localhost:44332");
}
var controlClientDownParty = new OidcDownParty
{
Name = controlClientName
};
await controlClientDownParty.SetIdAsync(new Party.IdKey {
TenantName = settings.MasterTenant, TrackName = settings.MasterTrack, PartyName = controlClientName
});
controlClientDownParty.AllowUpParties = new List <UpPartyLink> {
new UpPartyLink {
Name = loginUpParty.Name, Type = loginUpParty.Type
}
};
controlClientDownParty.Client = new OidcDownClient
{
RedirectUris = controlClientRedirectUris,
ResourceScopes = new List <OAuthDownResourceScope> {
new OAuthDownResourceScope {
Resource = controlApiResourceName, Scopes = new[] { controlApiResourceMasterScope, controlApiResourceTenantScope }.ToList()
}
},
ResponseTypes = new[] { "code" }.ToList(),
Scopes = GetControlClientScopes(),
RequirePkce = true,
AuthorizationCodeLifetime = 30,
IdTokenLifetime = 1800, // 30 minutes
AccessTokenLifetime = 1800, // 30 minutes
RefreshTokenLifetime = 86400, // 24 hours
RefreshTokenAbsoluteLifetime = 86400, // 24 hours
RefreshTokenUseOneTime = true,
RefreshTokenLifetimeUnlimited = false,
RequireLogoutIdTokenHint = true,
};
controlClientDownParty.SetTenantPartitionId();
await simpleTenantRepository.SaveAsync(controlClientDownParty);
Console.WriteLine("Control client document created and saved in Cosmos DB");
}
private async Task CreatePortalClientDocmentAsync(LoginUpParty loginUpParty)
{
Console.WriteLine("Creating portal client");
Console.Write("Add localhost test domain to enable local development [y/n] (default no): ");
var addLocalhostDomain = Console.ReadKey();
Console.WriteLine(string.Empty);
var portalClientRedirectUris = new List <string>();
portalClientRedirectUris.Add(settings.FoxIDsPortalAuthResponseEndpoint);
if (char.ToLower(addLocalhostDomain.KeyChar) == 'y')
{
portalClientRedirectUris.Add("https://localhost:44332");
}
var portalClientDownParty = new OidcDownParty();
await portalClientDownParty.SetIdAsync(new Party.IdKey {
TenantName = settings.MasterTenant, TrackName = settings.MasterTrack, PartyName = portalClientName
});
portalClientDownParty.AllowUpParties = new List <UpPartyLink> {
new UpPartyLink {
Name = loginUpParty.Name, Type = loginUpParty.Type
}
};
portalClientDownParty.Client = new OidcDownClient
{
RedirectUris = portalClientRedirectUris.ToList(),
ResourceScopes = new List <OAuthDownResourceScope> {
new OAuthDownResourceScope {
Resource = apiResourceName, Scopes = new[] { "foxids_tenant" }.ToList()
}
},
ResponseTypes = new[] { "code", "id_token", "token" }.ToList(),
AuthorizationCodeLifetime = 10,
IdTokenLifetime = 1800, // 30 minutes
AccessTokenLifetime = 1800, // 30 minutes
RefreshTokenLifetime = 86400, // 24 hours
RefreshTokenAbsoluteLifetime = 86400, // 24 hours
RefreshTokenUseOneTime = true,
RefreshTokenLifetimeUnlimited = false,
RequireLogoutIdTokenHint = true,
};
(var secret, var oauthClientSecret) = await CreateSecretAsync();
portalClientDownParty.Client.Secrets = new List <OAuthClientSecret> {
oauthClientSecret
};
portalClientDownParty.SetPartitionId();
await simpleTenantRepository.SaveAsync(portalClientDownParty);
Console.WriteLine("Portal client document created and saved in Cosmos DB");
Console.WriteLine($"Portal client secret is: {secret}");
}
public async Task CreateMasterControlClientDocmentAsync(string tenantName, string controlClientBaseUri, LoginUpParty loginUpParty, bool includeMasterTenantScope = false)
{
var mControlClientDownParty = new OidcDownParty
{
Name = Constants.ControlClient.ClientId
};
await mControlClientDownParty.SetIdAsync(new Party.IdKey {
TenantName = tenantName?.ToLower(), TrackName = Constants.Routes.MasterTrackName, PartyName = Constants.ControlClient.ClientId
});
mControlClientDownParty.AllowUpParties = new List <UpPartyLink> {
new UpPartyLink {
Name = loginUpParty.Name?.ToLower(), Type = loginUpParty.Type
}
};
mControlClientDownParty.AllowCorsOrigins = GetControlClientAllowCorsOrigins(controlClientBaseUri);
var scopes = new List <string> {
Constants.ControlApi.Scope.Tenant
};
if (includeMasterTenantScope)
{
scopes.Add(Constants.ControlApi.Scope.Master);
}
mControlClientDownParty.Client = new OidcDownClient
{
RedirectUris = GetControlClientRedirectUris(tenantName?.ToLower(), controlClientBaseUri).ToList(),
ResourceScopes = new List <OAuthDownResourceScope> {
new OAuthDownResourceScope {
Resource = Constants.ControlApi.ResourceName, Scopes = scopes
}
},
ResponseTypes = new[] { "code" }.ToList(),
Scopes = GetControlClientScopes(),
Claims = GetControlClientClaims(),
RequirePkce = true,
AuthorizationCodeLifetime = 30,
IdTokenLifetime = 3600, // 1 hours
AccessTokenLifetime = 3600, // 1 hours
RefreshTokenLifetime = 7200, // 2 hours
RefreshTokenAbsoluteLifetime = 21600, // 6 hours
RefreshTokenUseOneTime = true,
RefreshTokenLifetimeUnlimited = false,
RequireLogoutIdTokenHint = false,
};
await tenantRepository.CreateAsync(mControlClientDownParty);
}