private static void ConfigureIdentityServer( IServiceCollection services, IConfiguration configuration, ILogger logger, IHostingEnvironment hostingEnvironment) { if (hostingEnvironment.EnvironmentName != "Development") { throw new NotSupportedException($"The Identity Server configuration is currently only intended for Development environments. Current environment: '{hostingEnvironment.EnvironmentName}'"); } var clientSource = new ConfigurationBasedClientSource(logger); var clients = clientSource.LoadClients(configuration.GetSection("Identity:Clients")) .ToList(); services.AddIdentityServer(options => { options.Endpoints.EnableAuthorizeEndpoint = true; options.Endpoints.EnableTokenEndpoint = true; }) .AddTemporarySigningCredential() // using inbuilt signing cert, but we are explicitly a dev-only service at this point ;-) .AddInMemoryClients(clients) .AddInMemoryIdentityResources(Scopes.GetIdentityResources()) .AddInMemoryApiResources(Scopes.GetApiResources()) .AddExtensionGrantValidator <FacebookUserAccessTokenExtensionGrantValidator>() ; services.AddTransient <IPasswordHasher, PasswordHasher>(); services.AddTransient <IProfileService, StoreBackedProfileService>(); services.AddTransient <IResourceOwnerPasswordValidator, StoreBackedResourceOwnerPasswordValidator>(); services.AddTransient <UserClaimsProvider>(); }
private string GetClientSecretFromJson(string json, string clientId) { var config = LoadConfig(json); var source = new ConfigurationBasedClientSource(NullLogger.Instance); var clientSecret = source.GetClientSecret(config.GetSection("Identity:Clients"), clientId); return(clientSecret); }
private List <Client> GetClientsFromJson( string json, bool addEnvironmentVariables = false, string environmentVariablePrefix = null) { var config = LoadConfig(json, addEnvironmentVariables, environmentVariablePrefix); var source = new ConfigurationBasedClientSource(NullLogger.Instance); var clients = source.LoadClients(config.GetSection("Identity:Clients")) .ToList(); return(clients); }
private static void ConfigureIdentityPlayerMangementClient( IServiceCollection services, IConfiguration configuration, ILogger logger) { if (configuration.Exists("Identity:PlayerManagementClient:wellKnown")) { // register using well-known type var wellKnownType = configuration["Identity:PlayerManagementClient:wellknown"]; var scopedConfiguration = configuration.GetSection("Identity:PlayerManagementClient:properties"); switch (wellKnownType) { case "default": var identityBaseUri = scopedConfiguration["IdentityBaseUrl"]; var apiBaseUri = scopedConfiguration["ApiBaseUrl"]; logger.LogInformation("Identity:PlayerManagementClient: using 'default' client with IdentityBaseUrl '{0}', ApiBaseUrl '{1}'", identityBaseUri, apiBaseUri); // could simplify this by requiring the client secret in the properties for PlayerManagementClient, but that duplicates config var clientSource = new ConfigurationBasedClientSource(logger); var clientSecret = clientSource.GetClientSecret(configuration.GetSection("Identity:Clients"), "nether_identity"); if (string.IsNullOrEmpty(clientSecret)) { throw new Exception("Unable to determine the client secret for nether_identity"); } services.AddSingleton <IIdentityPlayerManagementClient, DefaultIdentityPlayerManagementClient>(serviceProvider => { return(new DefaultIdentityPlayerManagementClient( identityBaseUri, apiBaseUri, clientSecret, serviceProvider.GetRequiredService <ILogger <DefaultIdentityPlayerManagementClient> >() )); }); break; default: throw new Exception($"Unhandled 'wellKnown' type for Identity:PlayerManagementClient: '{wellKnownType}'"); } } else { // fall back to generic "factory"/"implementation" configuration services.AddServiceFromConfiguration <IUserStore>(configuration, logger, "Identity:PlayerManagementClient"); } }
private static void ConfigureIdentityServer( IServiceCollection services, IConfiguration configuration, ILogger logger, IHostingEnvironment hostingEnvironment) { if (!hostingEnvironment.IsDevelopment()) { throw new NotSupportedException($"The Identity Server configuration is currently only intended for Development environments. Current environment: '{hostingEnvironment.EnvironmentName}'"); } var clientSource = new ConfigurationBasedClientSource(logger); var clients = clientSource.LoadClients(configuration.GetSection("Identity:Clients")) .ToList(); var identityServerBuilder = services.AddIdentityServer(options => { options.Endpoints.EnableAuthorizeEndpoint = true; options.Endpoints.EnableTokenEndpoint = true; options.UserInteraction.ErrorUrl = "/account/error"; }) .AddTemporarySigningCredential() // using inbuilt signing cert, but we are explicitly a dev-only service at this point ;-) .AddInMemoryClients(clients) .AddInMemoryIdentityResources(Scopes.GetIdentityResources()) .AddInMemoryApiResources(Scopes.GetApiResources()) ; // Facebook Sign-in method //var facebookUserAccessTokenEnabled = bool.Parse(configuration["Identity:SignInMethods:Facebook:EnableAccessToken"] ?? "false"); //if (facebookUserAccessTokenEnabled) //{ // identityServerBuilder.AddExtensionGrantValidator<FacebookUserAccessTokenExtensionGrantValidator>(); //} identityServerBuilder.AddGrantValidatorIfConfigured <FacebookUserAccessTokenExtensionGrantValidator>("Identity:SignInMethods:Facebook:EnableAccessToken", configuration); identityServerBuilder.AddGrantValidatorIfConfigured <GuestAccessTokenExtensionGrantValidator>("Identity:SignInMethods:GuestAccess:Enabled", configuration); // Guest access token sign-in services.AddTransient <IPasswordHasher, PasswordHasher>(); services.AddTransient <IProfileService, StoreBackedProfileService>(); services.AddTransient <IResourceOwnerPasswordValidator, StoreBackedResourceOwnerPasswordValidator>(); services.AddTransient <UserClaimsProvider>(); services.AddTransient <FacebookGraphService>(); }