private static void ConfigureIdentityServer(
IServiceCollection services,
IConfiguration configuration,
ILogger logger,
IHostingEnvironment hostingEnvironment)
{
if (hostingEnvironment.EnvironmentName != "Development")
{
throw new NotSupportedException($"The Identity Server configuration is currently only intended for Development environments. Current environment: '{hostingEnvironment.EnvironmentName}'");
}
var clientSource = new ConfigurationBasedClientSource(logger);
var clients = clientSource.LoadClients(configuration.GetSection("Identity:Clients"))
.ToList();
services.AddIdentityServer(options =>
{
options.Endpoints.EnableAuthorizeEndpoint = true;
options.Endpoints.EnableTokenEndpoint = true;
})
.AddTemporarySigningCredential() // using inbuilt signing cert, but we are explicitly a dev-only service at this point ;-)
.AddInMemoryClients(clients)
.AddInMemoryIdentityResources(Scopes.GetIdentityResources())
.AddInMemoryApiResources(Scopes.GetApiResources())
.AddExtensionGrantValidator <FacebookUserAccessTokenExtensionGrantValidator>()
;
services.AddTransient <IPasswordHasher, PasswordHasher>();
services.AddTransient <IProfileService, StoreBackedProfileService>();
services.AddTransient <IResourceOwnerPasswordValidator, StoreBackedResourceOwnerPasswordValidator>();
services.AddTransient <UserClaimsProvider>();
}
private string GetClientSecretFromJson(string json, string clientId)
{
var config = LoadConfig(json);
var source = new ConfigurationBasedClientSource(NullLogger.Instance);
var clientSecret = source.GetClientSecret(config.GetSection("Identity:Clients"), clientId);
return(clientSecret);
}
private List <Client> GetClientsFromJson(
string json,
bool addEnvironmentVariables = false,
string environmentVariablePrefix = null)
{
var config = LoadConfig(json, addEnvironmentVariables, environmentVariablePrefix);
var source = new ConfigurationBasedClientSource(NullLogger.Instance);
var clients = source.LoadClients(config.GetSection("Identity:Clients"))
.ToList();
return(clients);
}
private static void ConfigureIdentityPlayerMangementClient(
IServiceCollection services,
IConfiguration configuration,
ILogger logger)
{
if (configuration.Exists("Identity:PlayerManagementClient:wellKnown"))
{
// register using well-known type
var wellKnownType = configuration["Identity:PlayerManagementClient:wellknown"];
var scopedConfiguration = configuration.GetSection("Identity:PlayerManagementClient:properties");
switch (wellKnownType)
{
case "default":
var identityBaseUri = scopedConfiguration["IdentityBaseUrl"];
var apiBaseUri = scopedConfiguration["ApiBaseUrl"];
logger.LogInformation("Identity:PlayerManagementClient: using 'default' client with IdentityBaseUrl '{0}', ApiBaseUrl '{1}'", identityBaseUri, apiBaseUri);
// could simplify this by requiring the client secret in the properties for PlayerManagementClient, but that duplicates config
var clientSource = new ConfigurationBasedClientSource(logger);
var clientSecret = clientSource.GetClientSecret(configuration.GetSection("Identity:Clients"), "nether_identity");
if (string.IsNullOrEmpty(clientSecret))
{
throw new Exception("Unable to determine the client secret for nether_identity");
}
services.AddSingleton <IIdentityPlayerManagementClient, DefaultIdentityPlayerManagementClient>(serviceProvider =>
{
return(new DefaultIdentityPlayerManagementClient(
identityBaseUri,
apiBaseUri,
clientSecret,
serviceProvider.GetRequiredService <ILogger <DefaultIdentityPlayerManagementClient> >()
));
});
break;
default:
throw new Exception($"Unhandled 'wellKnown' type for Identity:PlayerManagementClient: '{wellKnownType}'");
}
}
else
{
// fall back to generic "factory"/"implementation" configuration
services.AddServiceFromConfiguration <IUserStore>(configuration, logger, "Identity:PlayerManagementClient");
}
}
private static void ConfigureIdentityServer(
IServiceCollection services,
IConfiguration configuration,
ILogger logger,
IHostingEnvironment hostingEnvironment)
{
if (!hostingEnvironment.IsDevelopment())
{
throw new NotSupportedException($"The Identity Server configuration is currently only intended for Development environments. Current environment: '{hostingEnvironment.EnvironmentName}'");
}
var clientSource = new ConfigurationBasedClientSource(logger);
var clients = clientSource.LoadClients(configuration.GetSection("Identity:Clients"))
.ToList();
var identityServerBuilder = services.AddIdentityServer(options =>
{
options.Endpoints.EnableAuthorizeEndpoint = true;
options.Endpoints.EnableTokenEndpoint = true;
options.UserInteraction.ErrorUrl = "/account/error";
})
.AddTemporarySigningCredential() // using inbuilt signing cert, but we are explicitly a dev-only service at this point ;-)
.AddInMemoryClients(clients)
.AddInMemoryIdentityResources(Scopes.GetIdentityResources())
.AddInMemoryApiResources(Scopes.GetApiResources())
;
// Facebook Sign-in method
//var facebookUserAccessTokenEnabled = bool.Parse(configuration["Identity:SignInMethods:Facebook:EnableAccessToken"] ?? "false");
//if (facebookUserAccessTokenEnabled)
//{
// identityServerBuilder.AddExtensionGrantValidator<FacebookUserAccessTokenExtensionGrantValidator>();
//}
identityServerBuilder.AddGrantValidatorIfConfigured <FacebookUserAccessTokenExtensionGrantValidator>("Identity:SignInMethods:Facebook:EnableAccessToken", configuration);
identityServerBuilder.AddGrantValidatorIfConfigured <GuestAccessTokenExtensionGrantValidator>("Identity:SignInMethods:GuestAccess:Enabled", configuration);
// Guest access token sign-in
services.AddTransient <IPasswordHasher, PasswordHasher>();
services.AddTransient <IProfileService, StoreBackedProfileService>();
services.AddTransient <IResourceOwnerPasswordValidator, StoreBackedResourceOwnerPasswordValidator>();
services.AddTransient <UserClaimsProvider>();
services.AddTransient <FacebookGraphService>();
}
