/// <summary> /// Updates the consent asynchronous. /// </summary> /// <param name="client">The client.</param> /// <param name="subject">The subject.</param> /// <param name="scopes">The scopes.</param> /// <returns></returns> /// <exception cref="System.ArgumentNullException"> /// client /// or /// subject /// </exception> public virtual async Task UpdateConsentAsync(ClaimsPrincipal subject, Client client, IEnumerable <string> scopes) { if (client == null) { throw new ArgumentNullException(nameof(client)); } if (subject == null) { throw new ArgumentNullException(nameof(subject)); } if (client.AllowRememberConsent) { var subjectId = subject.GetSubjectId(); var clientId = client.ClientId; if (scopes != null && scopes.Any()) { var consent = new Consent { SubjectId = subjectId, ClientId = clientId, Scopes = scopes }; await _userConsentStore.StoreUserConsentAsync(consent); } else { await _userConsentStore.RemoveUserConsentAsync(subjectId, clientId); } } }
public async Task StoreUserConsentAsync_should_persist_grant() { var consent1 = new Consent() { ClientId = "client", SubjectId = "123", Scopes = new string[] { "foo", "bar" } }; await _userConsent.StoreUserConsentAsync(consent1); var consent2 = await _userConsent.GetUserConsentAsync("123", "client"); consent2.ClientId.Should().Be(consent1.ClientId); consent2.SubjectId.Should().Be(consent1.SubjectId); consent2.Scopes.ShouldBeEquivalentTo(new string[] { "bar", "foo" }); }
/// <summary> /// Updates the consent asynchronous. /// </summary> /// <param name="client">The client.</param> /// <param name="subject">The subject.</param> /// <param name="parsedScopes">The parsed scopes.</param> /// <returns></returns> /// <exception cref="System.ArgumentNullException"> /// client /// or /// subject /// </exception> public virtual async Task UpdateConsentAsync(ClaimsPrincipal subject, Client client, IEnumerable <ParsedScopeValue> parsedScopes) { using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultConsentService.UpdateConsent"); if (client == null) { throw new ArgumentNullException(nameof(client)); } if (subject == null) { throw new ArgumentNullException(nameof(subject)); } if (client.AllowRememberConsent) { var subjectId = subject.GetSubjectId(); var clientId = client.ClientId; var scopes = parsedScopes?.Select(x => x.RawValue).ToArray(); if (scopes != null && scopes.Any()) { Logger.LogDebug("Client allows remembering consent, and consent given. Updating consent store for subject: {subject}", subject.GetSubjectId()); var consent = new Consent { CreationTime = Clock.UtcNow.UtcDateTime, SubjectId = subjectId, ClientId = clientId, Scopes = scopes }; if (client.ConsentLifetime.HasValue) { consent.Expiration = consent.CreationTime.AddSeconds(client.ConsentLifetime.Value); } await UserConsentStore.StoreUserConsentAsync(consent); } else { Logger.LogDebug("Client allows remembering consent, and no scopes provided. Removing consent from consent store for subject: {subject}", subject.GetSubjectId()); await UserConsentStore.RemoveUserConsentAsync(subjectId, clientId); } } }
/// <summary> /// Updates the consent asynchronous. /// </summary> /// <param name="client">The client.</param> /// <param name="subject">The subject.</param> /// <param name="scopes">The scopes.</param> /// <returns></returns> /// <exception cref="System.ArgumentNullException"> /// client /// or /// subject /// </exception> public virtual async Task UpdateConsentAsync(ClaimsPrincipal subject, Client client, IEnumerable <string> scopes) { if (client == null) { throw new ArgumentNullException(nameof(client)); } if (subject == null) { throw new ArgumentNullException(nameof(subject)); } if (client.AllowRememberConsent) { var subjectId = subject.GetSubjectId(); var clientId = client.ClientId; if (scopes != null && scopes.Any()) { Logger.LogDebug("Client allows remembering consent, and consent given. Updating consent store for subject: {subject}", subject.GetSubjectId()); var consent = new Consent { CreationTime = Clock.UtcNow.UtcDateTime, SubjectId = subjectId, ClientId = clientId, Scopes = scopes }; if (client.ConsentLifetime.HasValue) { consent.Expiration = consent.CreationTime.AddSeconds(client.ConsentLifetime.Value); } await UserConsentStore.StoreUserConsentAsync(consent); } else { Logger.LogDebug("Client allows remembering consent, and no scopes provided. Removing consent from consent store for subject: {subject}", subject.GetSubjectId()); await UserConsentStore.RemoveUserConsentAsync(subjectId, clientId); } } }
/// <summary> /// Updates the consent asynchronous. /// </summary> /// <param name="client">The client.</param> /// <param name="subject">The subject.</param> /// <param name="scopes">The scopes.</param> /// <returns></returns> /// <exception cref="System.ArgumentNullException"> /// client /// or /// subject /// </exception> public virtual async Task UpdateConsentAsync(ClaimsPrincipal subject, Client client, IEnumerable <string> scopes) { if (client == null) { throw new ArgumentNullException(nameof(client)); } if (subject == null) { throw new ArgumentNullException(nameof(subject)); } if (client.AllowRememberConsent) { var subjectId = subject.GetSubjectId(); var clientId = client.ClientId; if (scopes != null && scopes.Any()) { var consent = new Consent { CreationTime = _options.UtcNow, SubjectId = subjectId, ClientId = clientId, Scopes = scopes }; if (client.ConsentLifetime.HasValue) { consent.Expiration = consent.CreationTime.AddSeconds(client.ConsentLifetime.Value); } await _userConsentStore.StoreUserConsentAsync(consent); } else { await _userConsentStore.RemoveUserConsentAsync(subjectId, clientId); } } }
public async Task GetAllGrantsAsync_should_return_all_grants() { await _userConsent.StoreUserConsentAsync(new Consent() { CreationTime = DateTime.UtcNow, ClientId = "client1", SubjectId = "123", Scopes = new string[] { "foo1", "foo2" } }); await _userConsent.StoreUserConsentAsync(new Consent() { CreationTime = DateTime.UtcNow, ClientId = "client2", SubjectId = "123", Scopes = new string[] { "foo3" } }); await _userConsent.StoreUserConsentAsync(new Consent() { CreationTime = DateTime.UtcNow, ClientId = "client1", SubjectId = "456", Scopes = new string[] { "foo3" } }); var handle1 = await _referenceTokens.StoreReferenceTokenAsync(new Token() { ClientId = "client1", Audiences = { "aud" }, CreationTime = DateTime.UtcNow, Type = "type", Claims = new List <Claim> { new Claim("sub", "123"), new Claim("scope", "bar1"), new Claim("scope", "bar2") } }); var handle2 = await _referenceTokens.StoreReferenceTokenAsync(new Token() { ClientId = "client2", Audiences = { "aud" }, CreationTime = DateTime.UtcNow, Type = "type", Claims = new List <Claim> { new Claim("sub", "123"), new Claim("scope", "bar3") } }); var handle3 = await _referenceTokens.StoreReferenceTokenAsync(new Token() { ClientId = "client1", Audiences = { "aud" }, CreationTime = DateTime.UtcNow, Type = "type", Claims = new List <Claim> { new Claim("sub", "456"), new Claim("scope", "bar3") } }); var handle4 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken() { CreationTime = DateTime.UtcNow, Lifetime = 10, AccessToken = new Token { ClientId = "client1", Audiences = { "aud" }, CreationTime = DateTime.UtcNow, Type = "type", Claims = new List <Claim> { new Claim("sub", "123"), new Claim("scope", "baz1"), new Claim("scope", "baz2") } }, Version = 1 }); var handle5 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken() { CreationTime = DateTime.UtcNow, Lifetime = 10, AccessToken = new Token { ClientId = "client1", Audiences = { "aud" }, CreationTime = DateTime.UtcNow, Type = "type", Claims = new List <Claim> { new Claim("sub", "456"), new Claim("scope", "baz3") } }, Version = 1 }); var handle6 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken() { CreationTime = DateTime.UtcNow, Lifetime = 10, AccessToken = new Token { ClientId = "client2", Audiences = { "aud" }, CreationTime = DateTime.UtcNow, Type = "type", Claims = new List <Claim> { new Claim("sub", "123"), new Claim("scope", "baz3") } }, Version = 1 }); var handle7 = await _codes.StoreAuthorizationCodeAsync(new AuthorizationCode() { ClientId = "client1", CreationTime = DateTime.UtcNow, Lifetime = 10, Subject = _user, CodeChallenge = "challenge", RedirectUri = "http://client/cb", Nonce = "nonce", RequestedScopes = new string[] { "quux1", "quux2" } }); var handle8 = await _codes.StoreAuthorizationCodeAsync(new AuthorizationCode() { ClientId = "client2", CreationTime = DateTime.UtcNow, Lifetime = 10, Subject = _user, CodeChallenge = "challenge", RedirectUri = "http://client/cb", Nonce = "nonce", RequestedScopes = new string[] { "quux3" } }); var handle9 = await _codes.StoreAuthorizationCodeAsync(new AuthorizationCode() { ClientId = "client1", CreationTime = DateTime.UtcNow, Lifetime = 10, Subject = new IdentityServerUser("456").CreatePrincipal(), CodeChallenge = "challenge", RedirectUri = "http://client/cb", Nonce = "nonce", RequestedScopes = new string[] { "quux3" } }); var grants = await _subject.GetAllGrantsAsync("123"); grants.Count().Should().Be(2); var grant1 = grants.First(x => x.ClientId == "client1"); grant1.SubjectId.Should().Be("123"); grant1.ClientId.Should().Be("client1"); grant1.Scopes.ShouldBeEquivalentTo(new string[] { "foo1", "foo2", "bar1", "bar2", "baz1", "baz2", "quux1", "quux2" }); var grant2 = grants.First(x => x.ClientId == "client2"); grant2.SubjectId.Should().Be("123"); grant2.ClientId.Should().Be("client2"); grant2.Scopes.ShouldBeEquivalentTo(new string[] { "foo3", "bar3", "baz3", "quux3" }); }