public static bool CanHandlePostLogout(this IdentityServer.Store.Entity.Client client)
{
return(client.AllowedGrantTypes.Any(g => g.GrantType == "authorization_code" ||
g.GrantType == "hybrid" ||
g.GrantType == "implicit") ||
client.HasCustomGrantType());
}
public static bool CanUseRefreshToken(this IdentityServer.Store.Entity.Client client)
{
return((client.AllowedGrantTypes.Any(g => g.GrantType == "authorization_code" ||
g.GrantType == "hybrid" ||
g.GrantType == "password") ||
client.HasCustomGrantType()) &&
client.AllowOfflineAccess);
}
protected override ICollection <ClientGrantType> GetCollection(IdentityServer.Store.Entity.Client client)
{
if (client.AllowedGrantTypes == null)
{
client.AllowedGrantTypes = new List <ClientGrantType>();
}
return(client.AllowedGrantTypes);
}
protected override ICollection <ClientSecret> GetCollection(IdentityServer.Store.Entity.Client client)
{
if (client.ClientSecrets == null)
{
client.ClientSecrets = new List <ClientSecret>();
}
return(client.ClientSecrets);
}
protected override ICollection <ClientProperty> GetCollection(IdentityServer.Store.Entity.Client client)
{
if (client.Properties == null)
{
client.Properties = new List <ClientProperty>();
}
return(client.Properties);
}
public static bool IsWebClient(this IdentityServer.Store.Entity.Client client)
{
return(client.ProtocolType == "wsfed" ||
client.AllowedGrantTypes.Any(g => g.GrantType == "authorization_code" ||
g.GrantType == "hybrid" ||
g.GrantType == "implicit" ||
g.GrantType == "urn:ietf:params:oauth:grant-type:device_code") ||
client.HasCustomGrantType());
}
protected override ICollection <ClientLocalizedResource> GetCollection(IdentityServer.Store.Entity.Client client)
{
if (client.Resources == null)
{
client.Resources = new List <ClientLocalizedResource>();
}
return(client.Resources);
}
protected override ICollection <ClientUri> GetCollection(IdentityServer.Store.Entity.Client client)
{
if (client.RedirectUris == null)
{
client.RedirectUris = new List <ClientUri>();
}
return(client.RedirectUris);
}
protected override ICollection <ClientIdpRestriction> GetCollection(IdentityServer.Store.Entity.Client client)
{
if (client.IdentityProviderRestrictions == null)
{
client.IdentityProviderRestrictions = new List <ClientIdpRestriction>();
}
return(client.IdentityProviderRestrictions);
}
/// <summary>
/// Initializes a new instance of the <see cref="ClientGrantTypeValidator"/> class.
/// </summary>
public ClientGrantTypeValidator(IdentityServer.Store.Entity.Client client)
{
RuleFor(m => m.GrantType).Must(g => g == null || !_regex.IsMatch(g)).WithMessage("The grant type cannot contains space.");
RuleFor(m => m.GrantType).IsUnique(client.AllowedGrantTypes).WithMessage("The grant type must be unique.");
RuleFor(m => m.GrantType).Must(g => (g != "hybrid" && g != "authorization_code") ||
!client.AllowedGrantTypes.Any(gt => gt.GrantType == "implicit"))
.WithMessage(g => $"'{GetGrantTypeName(g.GrantType)}' cannot be added to a client with grant type '{GetGrantTypeName("implicit")}'.");
RuleFor(m => m.GrantType).Must(g => (g != "implicit" && g != "authorization_code") ||
!client.AllowedGrantTypes.Any(gt => gt.GrantType == "hybrid"))
.WithMessage(g => $"'{GetGrantTypeName(g.GrantType)}' cannot be added to a client with grant type '{GetGrantTypeName("hybrid")}'.");
RuleFor(m => m.GrantType).Must(g => (g != "implicit" && g != "hybrid") ||
!client.AllowedGrantTypes.Any(gt => gt.GrantType == "authorization_code"))
.WithMessage(g => $"'{GetGrantTypeName(g.GrantType)}' cannot be added to a client with grant type '{GetGrantTypeName("authorization_code")}'.");
}
public TokenValidator(IdentityServer.Store.Entity.Client _)
{
RuleFor(m => m.ValueString)
.Matches(Token.RegulatExpression)
.WithMessage("The token expression doesn't match a valid format. You can use the forms d.hh:mm:ss, hh.mm:ss, mm:ss, a number of days (365d), a number of hours (12h), a number of minutes (30m), a number of second");
}
public static bool HasCustomGrantType(this IdentityServer.Store.Entity.Client client)
{
return(!client.AllowedGrantTypes.Where(g => g.Id != null)
.All(g => GrantTypes.Instance.ContainsKey(g.GrantType)));
}
public static bool IsDevice(this IdentityServer.Store.Entity.Client client)
{
return(client.AllowedGrantTypes.Any(g => g.GrantType == "urn:ietf:params:oauth:grant-type:device_code") ||
client.HasCustomGrantType());
}
public static bool HasUser(this IdentityServer.Store.Entity.Client client)
{
return(CanHandlePostLogout(client) || client.IsCiba());
}
public static bool IsCiba(this IdentityServer.Store.Entity.Client client)
{
return(client.AllowedGrantTypes.Any(g => g.GrantType == "urn:openid:params:grant-type:ciba"));
}
public static bool IsAuthorizationCodeClient(this IdentityServer.Store.Entity.Client client)
{
return(client.AllowedGrantTypes.Any(g => g.GrantType == "authorization_code") ||
client.HasCustomGrantType());
}
