// clients want to access resources (aka scopes)
public IEnumerable <Client> UserClients()
{
// Determine the ClientApp's URI from the config file
var webClientOrigin = _clientResolver.Resolve().WithoutTrailingSlash();
// return the Application Client Web App
yield return(new Client
{
ClientId = Constants.WebClientName,
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = { $"{webClientOrigin}/sign-in-callback", $"{webClientOrigin}/assets/silent-refresh-callback.html" },
PostLogoutRedirectUris = { $"{webClientOrigin}/welcome" },
AllowedCorsOrigins = { webClientOrigin },
RequireConsent = false,
AccessTokenLifetime = 60 * 60 * 24 * (_config?.WebClientAccessTokenLifetimeInDays ?? ClientApplicationsOptions.DefaultAccessTokenLifetimeInDays),
AlwaysIncludeUserClaimsInIdToken = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
Constants.ApiResourceName
},
});
}
private IActionResult OnSignIn(string returnUrl)
{
if (returnUrl != null)
{
// This url most likely came from identity server
return(LocalRedirect(returnUrl));
}
else
{
// Redirect to the root of the web app
var url = _resolver.Resolve();
return(Redirect(url));
}
}
private IActionResult OnSignIn(string returnUrl)
{
if (returnUrl != null && Url.IsLocalUrl(returnUrl))
{
// This url most likely came from identity server
return(LocalRedirect(returnUrl));
}
else
{
// Redirect to the root of the web app
var webAppUrl = _resolver.Resolve();
if (returnUrl != null && returnUrl.StartsWith(webAppUrl))
{
// If the returnUrl takes the user to the client app
return(Redirect(returnUrl));
}
else
{
// If we could not recognize the returnUrl
return(Redirect(webAppUrl));
}
}
}
// clients want to access resources (aka scopes)
private IEnumerable <Client> GetClients()
{
// Determine the ClientApp's URI from the config file
var webClientOrigin = _clientResolver.Resolve().WithoutTrailingSlash();
// return the Application Client Web App
yield return(new Client
{
ClientId = "WebClient",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = { $"{webClientOrigin}/sign-in-callback", $"{webClientOrigin}/assets/silent-refresh-callback.html" },
PostLogoutRedirectUris = { $"{webClientOrigin}/welcome" },
AllowedCorsOrigins = { webClientOrigin },
RequireConsent = false,
AccessTokenLifetime = 60 * 60 * 24 * (_config?.WebClientAccessTokenLifetimeInDays ?? ClientApplicationsOptions.DEFAULT_ACCESS_TOKEN_LIFETIME_IN_DAYS),
AlwaysIncludeUserClaimsInIdToken = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
Constants.ApiResourceName
},
});
/// TODO: Mobile Client App
//yield return new Client {
// ClientId = "MobileClient",
// AllowedGrantTypes = GrantTypes.Code,
// RequirePkce = true,
//};
}
public Task <bool> IsOriginAllowedAsync(string origin)
{
var webClientOrigin = _resolver.Resolve().WithoutTrailingSlash();
return(Task.FromResult(origin == webClientOrigin));
}
