public static OpenIddictServerBuilder ConfigureSigningKey(this OpenIddictServerBuilder builder, IConfiguration configuration) { return(builder .AddSigningKey(GetSigningKey(configuration, "signing.rsaparams")) .AddEncryptionKey(GetSigningKey(configuration, "encrypting.rsaparams"))); }
public static void AddCustomGrantTypes(this OpenIddictServerBuilder options) { foreach (var grantType in All) { options.AllowCustomFlow(grantType); } }
/// <summary> /// Registers the OpenIddict ASP.NET Core Data Protection server services in the DI container /// and configures OpenIddict to validate and issue ASP.NET Data Protection-based tokens. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <remarks>This extension can be safely called multiple times.</remarks> /// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns> public static OpenIddictServerDataProtectionBuilder UseDataProtection(this OpenIddictServerBuilder builder) { if (builder is null) { throw new ArgumentNullException(nameof(builder)); } builder.Services.AddDataProtection(); // Register the built-in server event handlers used by the OpenIddict Data Protection components. // Note: the order used here is not important, as the actual order is set in the options. builder.Services.TryAdd(OpenIddictServerDataProtectionHandlers.DefaultHandlers.Select(descriptor => descriptor.ServiceDescriptor)); // Register the built-in filters used by the default OpenIddict Data Protection event handlers. builder.Services.TryAddSingleton <RequireDataProtectionTokenFormat>(); // Note: TryAddEnumerable() is used here to ensure the initializers are registered only once. builder.Services.TryAddEnumerable(new[] { ServiceDescriptor.Singleton <IConfigureOptions <OpenIddictServerOptions>, OpenIddictServerDataProtectionConfiguration>(), ServiceDescriptor.Singleton <IPostConfigureOptions <OpenIddictServerDataProtectionOptions>, OpenIddictServerDataProtectionConfiguration>() }); return(new OpenIddictServerDataProtectionBuilder(builder.Services)); }
public void Configure_RegistersModelMetadataDetailsProviders() { // Arrange var services = new ServiceCollection(); services.AddOptions(); var builder = new OpenIddictServerBuilder(services); // Act builder.UseMvc(); var options = services.BuildServiceProvider().GetRequiredService <IOptions <MvcOptions> >(); // Assert Assert.Contains( options.Value.ModelMetadataDetailsProviders.OfType <BindingSourceMetadataProvider>(), provider => provider.Type == typeof(OpenIdConnectRequest) && provider.BindingSource == BindingSource.Special); Assert.Contains( options.Value.ModelMetadataDetailsProviders.OfType <BindingSourceMetadataProvider>(), provider => provider.Type == typeof(OpenIdConnectResponse) && provider.BindingSource == BindingSource.Special); Assert.Contains( options.Value.ModelMetadataDetailsProviders.OfType <SuppressChildValidationMetadataProvider>(), provider => provider.Type == typeof(OpenIdConnectRequest)); Assert.Contains( options.Value.ModelMetadataDetailsProviders.OfType <SuppressChildValidationMetadataProvider>(), provider => provider.Type == typeof(OpenIdConnectResponse)); }
public static OpenIddictServerBuilder AddCertificate(this OpenIddictServerBuilder options, String thumbprint, IConfiguration configuration) { var cert = Load(thumbprint, configuration); options.AddEncryptionCertificate(cert); options.AddSigningCertificate(cert); return(options); }
public static OpenIddictServerBuilder UseCustomTokenEndpoint( this OpenIddictServerBuilder builder) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } return(builder.AddEventHandler <OpenIddictServerEvents.HandleTokenRequest>( notification => { var request = notification.Context.Request; if (!request.IsPasswordGrantType()) { return Task.CompletedTask; } // Validate the user credentials. // Note: to mitigate brute force attacks, you SHOULD strongly consider // applying a key derivation function like PBKDF2 to slow down // the password validation process. You SHOULD also consider // using a time-constant comparer to prevent timing attacks. if (request.Username != "*****@*****.**" || request.Password != "P@ssw0rd") { notification.Context.Reject( error: OpenIdConnectConstants.Errors.InvalidGrant, description: "The specified credentials are invalid."); return Task.CompletedTask; } // Create a new ClaimsIdentity holding the user identity. var identity = new ClaimsIdentity( notification.Context.Scheme.Name, OpenIdConnectConstants.Claims.Name, OpenIdConnectConstants.Claims.Role); // Add a "sub" claim containing the user identifier, and attach // the "access_token" destination to allow OpenIddict to store it // in the access token, so it can be retrieved from your controllers. identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "71346D62-9BA5-4B6D-9ECA-755574D628D8", OpenIdConnectConstants.Destinations.AccessToken); identity.AddClaim(OpenIdConnectConstants.Claims.Name, "Alice", OpenIdConnectConstants.Destinations.AccessToken); // ... add other claims, if necessary. var principal = new ClaimsPrincipal(identity); notification.Context.Validate(principal); return Task.CompletedTask; })); }
public void UseMvc_ThrowsAnExceptionForNullConfiguration() { // Arrange var services = new ServiceCollection(); var builder = new OpenIddictServerBuilder(services); // Act and assert var exception = Assert.Throws <ArgumentNullException>(() => builder.UseMvc(configuration: null)); Assert.Equal("configuration", exception.ParamName); }
public void UseQuartz_RegistersJobService() { // Arrange var services = new ServiceCollection(); var builder = new OpenIddictServerBuilder(services); // Act builder.UseQuartz(); // Assert Assert.Contains(services, service => service.ServiceType == typeof(OpenIddictServerQuartzJob) && service.ImplementationType == typeof(OpenIddictServerQuartzJob) && service.Lifetime == ServiceLifetime.Transient); }
public void UseQuartz_RegistersTriggerDetails() { // Arrange var services = new ServiceCollection(); var builder = new OpenIddictServerBuilder(services); // Act builder.UseQuartz(); // Assert Assert.Contains(services, service => service.ServiceType == typeof(ITrigger) && service.ImplementationInstance is ITrigger trigger && trigger.JobKey.Equals(OpenIddictServerQuartzJob.Identity)); }
public static OpenIddictServerBuilder AddCustomClaims(this OpenIddictServerBuilder options) { options.RegisterClaims(Claims.NotBefore); options.AddEventHandler <ProcessSignInContext>(builder => { // Make this event handler run just before GenerateIdentityModelAccessToken builder.SetOrder(GenerateIdentityModelAccessToken.Descriptor.Order - 1) // Only run the event handler if an access token was generated .AddFilter <RequireAccessTokenGenerated>() .SetType(OpenIddict.Server.OpenIddictServerHandlerType.Custom) .UseInlineHandler(context => { ClaimsIdentity ci = context.AccessTokenPrincipal.Identity as ClaimsIdentity; ci.AddClaim(Claims.NotBefore, EpochTime.GetIntDate(DateTime.UtcNow).ToString()); return(default);
public void UseMvc_RegistersConfiguration() { // Arrange var services = new ServiceCollection(); services.AddOptions(); var builder = new OpenIddictServerBuilder(services); // Act builder.UseMvc(); // Assert Assert.Contains(services, service => service.ServiceType == typeof(IConfigureOptions <MvcOptions>) && service.ImplementationType == typeof(OpenIddictMvcConfiguration)); }
/// <summary> /// Registers the OpenIddict server services for ASP.NET Core in the DI container. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="configuration">The configuration delegate used to configure the server services.</param> /// <remarks>This extension can be safely called multiple times.</remarks> /// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns> public static OpenIddictServerBuilder UseAspNetCore( this OpenIddictServerBuilder builder, Action <OpenIddictServerAspNetCoreBuilder> configuration) { if (builder is null) { throw new ArgumentNullException(nameof(builder)); } if (configuration is null) { throw new ArgumentNullException(nameof(configuration)); } configuration(builder.UseAspNetCore()); return(builder); }
public void Configure_RegistersModelBinderProvider() { // Arrange var services = new ServiceCollection(); services.AddOptions(); var builder = new OpenIddictServerBuilder(services); // Act builder.UseMvc(); var options = services.BuildServiceProvider().GetRequiredService <IOptions <MvcOptions> >(); // Assert Assert.Contains(options.Value.ModelBinderProviders, binder => binder is OpenIddictMvcBinderProvider); }
/// <summary> /// Registers the OpenIddict server services for ASP.NET Core in the DI container. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <remarks>This extension can be safely called multiple times.</remarks> /// <returns>The <see cref="OpenIddictServerAspNetCoreBuilder"/>.</returns> public static OpenIddictServerAspNetCoreBuilder UseAspNetCore(this OpenIddictServerBuilder builder) { if (builder is null) { throw new ArgumentNullException(nameof(builder)); } builder.Services.AddAuthentication(); builder.Services.TryAddScoped <OpenIddictServerAspNetCoreHandler>(); // Register the built-in event handlers used by the OpenIddict ASP.NET Core server components. // Note: the order used here is not important, as the actual order is set in the options. builder.Services.TryAdd(OpenIddictServerAspNetCoreHandlers.DefaultHandlers.Select(descriptor => descriptor.ServiceDescriptor)); // Register the built-in filters used by the default OpenIddict ASP.NET Core server event handlers. builder.Services.TryAddSingleton <RequireAuthorizationRequestCachingEnabled>(); builder.Services.TryAddSingleton <RequireAuthorizationEndpointPassthroughEnabled>(); builder.Services.TryAddSingleton <RequireErrorPassthroughEnabled>(); builder.Services.TryAddSingleton <RequireHttpRequest>(); builder.Services.TryAddSingleton <RequireLogoutRequestCachingEnabled>(); builder.Services.TryAddSingleton <RequireLogoutEndpointPassthroughEnabled>(); builder.Services.TryAddSingleton <RequireTransportSecurityRequirementEnabled>(); builder.Services.TryAddSingleton <RequireStatusCodePagesIntegrationEnabled>(); builder.Services.TryAddSingleton <RequireTokenEndpointPassthroughEnabled>(); builder.Services.TryAddSingleton <RequireUserinfoEndpointPassthroughEnabled>(); builder.Services.TryAddSingleton <RequireVerificationEndpointPassthroughEnabled>(); // Register the option initializer used by the OpenIddict ASP.NET Core server integration services. // Note: TryAddEnumerable() is used here to ensure the initializers are only registered once. builder.Services.TryAddEnumerable(new[] { ServiceDescriptor.Singleton <IConfigureOptions <AuthenticationOptions>, OpenIddictServerAspNetCoreConfiguration>(), ServiceDescriptor.Singleton <IPostConfigureOptions <AuthenticationOptions>, OpenIddictServerAspNetCoreConfiguration>(), ServiceDescriptor.Singleton <IConfigureOptions <OpenIddictServerOptions>, OpenIddictServerAspNetCoreConfiguration>(), ServiceDescriptor.Singleton <IPostConfigureOptions <OpenIddictServerAspNetCoreOptions>, OpenIddictServerAspNetCoreConfiguration>() }); return(new OpenIddictServerAspNetCoreBuilder(builder.Services)); }
public void UseQuartz_CanBeSafelyInvokedMultipleTimes() { // Arrange var services = new ServiceCollection(); var builder = new OpenIddictServerBuilder(services); // Act builder.UseQuartz(); builder.UseQuartz(); builder.UseQuartz(); // Assert Assert.Single(services, service => service.ServiceType == typeof(IJobDetail) && service.ImplementationInstance is IJobDetail job && job.Key.Equals(OpenIddictServerQuartzJob.Identity)); Assert.Single(services, service => service.ServiceType == typeof(ITrigger) && service.ImplementationInstance is ITrigger trigger && trigger.JobKey.Equals(OpenIddictServerQuartzJob.Identity)); }
/// <summary> /// Registers the OpenIddict server services for OWIN in the DI container. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <remarks>This extension can be safely called multiple times.</remarks> /// <returns>The <see cref="OpenIddictServerOwinBuilder"/>.</returns> public static OpenIddictServerOwinBuilder UseOwin(this OpenIddictServerBuilder builder) { if (builder is null) { throw new ArgumentNullException(nameof(builder)); } builder.Services.AddWebEncoders(); // Note: unlike regular OWIN middleware, the OpenIddict server middleware is registered // as a scoped service in the DI container. This allows containers that support middleware // resolution (like Autofac) to use it without requiring additional configuration. builder.Services.TryAddScoped <OpenIddictServerOwinMiddleware>(); // Register the built-in event handlers used by the OpenIddict OWIN server components. // Note: the order used here is not important, as the actual order is set in the options. builder.Services.TryAdd(OpenIddictServerOwinHandlers.DefaultHandlers.Select(descriptor => descriptor.ServiceDescriptor)); // Register the built-in filters used by the default OpenIddict OWIN server event handlers. builder.Services.TryAddSingleton <RequireAuthorizationRequestCachingEnabled>(); builder.Services.TryAddSingleton <RequireAuthorizationEndpointPassthroughEnabled>(); builder.Services.TryAddSingleton <RequireErrorPassthroughEnabled>(); builder.Services.TryAddSingleton <RequireLogoutRequestCachingEnabled>(); builder.Services.TryAddSingleton <RequireLogoutEndpointPassthroughEnabled>(); builder.Services.TryAddSingleton <RequireTransportSecurityRequirementEnabled>(); builder.Services.TryAddSingleton <RequireOwinRequest>(); builder.Services.TryAddSingleton <RequireTokenEndpointPassthroughEnabled>(); builder.Services.TryAddSingleton <RequireUserinfoEndpointPassthroughEnabled>(); builder.Services.TryAddSingleton <RequireVerificationEndpointPassthroughEnabled>(); // Register the option initializers used by the OpenIddict OWIN server integration services. // Note: TryAddEnumerable() is used here to ensure the initializers are only registered once. builder.Services.TryAddEnumerable(new[] { ServiceDescriptor.Singleton <IConfigureOptions <OpenIddictServerOptions>, OpenIddictServerOwinConfiguration>(), ServiceDescriptor.Singleton <IPostConfigureOptions <OpenIddictServerOwinOptions>, OpenIddictServerOwinConfiguration>() }); return(new OpenIddictServerOwinBuilder(builder.Services)); }
public static OpenIddictServerBuilder ConfigureSigningKey(this OpenIddictServerBuilder builder, IConfiguration configuration) { var file = Path.Combine(configuration.GetDataDir(), "rsaparams"); RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(2048); RsaSecurityKey key = null; if (File.Exists(file)) { RSA.FromXmlString2(File.ReadAllText(file)); } else { var contents = RSA.ToXmlString2(true); File.WriteAllText(file, contents); } RSAParameters KeyParam = RSA.ExportParameters(true); key = new RsaSecurityKey(KeyParam); return(builder.AddSigningKey(key)); }
public static OpenIddictServerBuilder ConfigureSigningKey(this OpenIddictServerBuilder builder, IConfiguration configuration) { return(builder.AddSigningKey(GetSigningKey(configuration))); }