public static OpenIddictServerBuilder ConfigureSigningKey(this OpenIddictServerBuilder builder,
IConfiguration configuration)
{
return(builder
.AddSigningKey(GetSigningKey(configuration, "signing.rsaparams"))
.AddEncryptionKey(GetSigningKey(configuration, "encrypting.rsaparams")));
}
public static void AddCustomGrantTypes(this OpenIddictServerBuilder options)
{
foreach (var grantType in All)
{
options.AllowCustomFlow(grantType);
}
}
/// <summary>
/// Registers the OpenIddict ASP.NET Core Data Protection server services in the DI container
/// and configures OpenIddict to validate and issue ASP.NET Data Protection-based tokens.
/// </summary>
/// <param name="builder">The services builder used by OpenIddict to register new services.</param>
/// <remarks>This extension can be safely called multiple times.</remarks>
/// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
public static OpenIddictServerDataProtectionBuilder UseDataProtection(this OpenIddictServerBuilder builder)
{
if (builder is null)
{
throw new ArgumentNullException(nameof(builder));
}
builder.Services.AddDataProtection();
// Register the built-in server event handlers used by the OpenIddict Data Protection components.
// Note: the order used here is not important, as the actual order is set in the options.
builder.Services.TryAdd(OpenIddictServerDataProtectionHandlers.DefaultHandlers.Select(descriptor => descriptor.ServiceDescriptor));
// Register the built-in filters used by the default OpenIddict Data Protection event handlers.
builder.Services.TryAddSingleton <RequireDataProtectionTokenFormat>();
// Note: TryAddEnumerable() is used here to ensure the initializers are registered only once.
builder.Services.TryAddEnumerable(new[]
{
ServiceDescriptor.Singleton <IConfigureOptions <OpenIddictServerOptions>, OpenIddictServerDataProtectionConfiguration>(),
ServiceDescriptor.Singleton <IPostConfigureOptions <OpenIddictServerDataProtectionOptions>, OpenIddictServerDataProtectionConfiguration>()
});
return(new OpenIddictServerDataProtectionBuilder(builder.Services));
}
public void Configure_RegistersModelMetadataDetailsProviders()
{
// Arrange
var services = new ServiceCollection();
services.AddOptions();
var builder = new OpenIddictServerBuilder(services);
// Act
builder.UseMvc();
var options = services.BuildServiceProvider().GetRequiredService <IOptions <MvcOptions> >();
// Assert
Assert.Contains(
options.Value.ModelMetadataDetailsProviders.OfType <BindingSourceMetadataProvider>(),
provider => provider.Type == typeof(OpenIdConnectRequest) &&
provider.BindingSource == BindingSource.Special);
Assert.Contains(
options.Value.ModelMetadataDetailsProviders.OfType <BindingSourceMetadataProvider>(),
provider => provider.Type == typeof(OpenIdConnectResponse) &&
provider.BindingSource == BindingSource.Special);
Assert.Contains(
options.Value.ModelMetadataDetailsProviders.OfType <SuppressChildValidationMetadataProvider>(),
provider => provider.Type == typeof(OpenIdConnectRequest));
Assert.Contains(
options.Value.ModelMetadataDetailsProviders.OfType <SuppressChildValidationMetadataProvider>(),
provider => provider.Type == typeof(OpenIdConnectResponse));
}
public static OpenIddictServerBuilder AddCertificate(this OpenIddictServerBuilder options, String thumbprint, IConfiguration configuration)
{
var cert = Load(thumbprint, configuration);
options.AddEncryptionCertificate(cert);
options.AddSigningCertificate(cert);
return(options);
}
public static OpenIddictServerBuilder UseCustomTokenEndpoint(
this OpenIddictServerBuilder builder)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
return(builder.AddEventHandler <OpenIddictServerEvents.HandleTokenRequest>(
notification =>
{
var request = notification.Context.Request;
if (!request.IsPasswordGrantType())
{
return Task.CompletedTask;
}
// Validate the user credentials.
// Note: to mitigate brute force attacks, you SHOULD strongly consider
// applying a key derivation function like PBKDF2 to slow down
// the password validation process. You SHOULD also consider
// using a time-constant comparer to prevent timing attacks.
if (request.Username != "*****@*****.**" ||
request.Password != "P@ssw0rd")
{
notification.Context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "The specified credentials are invalid.");
return Task.CompletedTask;
}
// Create a new ClaimsIdentity holding the user identity.
var identity = new ClaimsIdentity(
notification.Context.Scheme.Name,
OpenIdConnectConstants.Claims.Name,
OpenIdConnectConstants.Claims.Role);
// Add a "sub" claim containing the user identifier, and attach
// the "access_token" destination to allow OpenIddict to store it
// in the access token, so it can be retrieved from your controllers.
identity.AddClaim(OpenIdConnectConstants.Claims.Subject,
"71346D62-9BA5-4B6D-9ECA-755574D628D8",
OpenIdConnectConstants.Destinations.AccessToken);
identity.AddClaim(OpenIdConnectConstants.Claims.Name, "Alice",
OpenIdConnectConstants.Destinations.AccessToken);
// ... add other claims, if necessary.
var principal = new ClaimsPrincipal(identity);
notification.Context.Validate(principal);
return Task.CompletedTask;
}));
}
public void UseMvc_ThrowsAnExceptionForNullConfiguration()
{
// Arrange
var services = new ServiceCollection();
var builder = new OpenIddictServerBuilder(services);
// Act and assert
var exception = Assert.Throws <ArgumentNullException>(() => builder.UseMvc(configuration: null));
Assert.Equal("configuration", exception.ParamName);
}
public void UseQuartz_RegistersJobService()
{
// Arrange
var services = new ServiceCollection();
var builder = new OpenIddictServerBuilder(services);
// Act
builder.UseQuartz();
// Assert
Assert.Contains(services, service => service.ServiceType == typeof(OpenIddictServerQuartzJob) &&
service.ImplementationType == typeof(OpenIddictServerQuartzJob) &&
service.Lifetime == ServiceLifetime.Transient);
}
public void UseQuartz_RegistersTriggerDetails()
{
// Arrange
var services = new ServiceCollection();
var builder = new OpenIddictServerBuilder(services);
// Act
builder.UseQuartz();
// Assert
Assert.Contains(services, service => service.ServiceType == typeof(ITrigger) &&
service.ImplementationInstance is ITrigger trigger &&
trigger.JobKey.Equals(OpenIddictServerQuartzJob.Identity));
}
public static OpenIddictServerBuilder AddCustomClaims(this OpenIddictServerBuilder options)
{
options.RegisterClaims(Claims.NotBefore);
options.AddEventHandler <ProcessSignInContext>(builder =>
{
// Make this event handler run just before GenerateIdentityModelAccessToken
builder.SetOrder(GenerateIdentityModelAccessToken.Descriptor.Order - 1)
// Only run the event handler if an access token was generated
.AddFilter <RequireAccessTokenGenerated>()
.SetType(OpenIddict.Server.OpenIddictServerHandlerType.Custom)
.UseInlineHandler(context =>
{
ClaimsIdentity ci = context.AccessTokenPrincipal.Identity as ClaimsIdentity;
ci.AddClaim(Claims.NotBefore, EpochTime.GetIntDate(DateTime.UtcNow).ToString());
return(default);
public void UseMvc_RegistersConfiguration()
{
// Arrange
var services = new ServiceCollection();
services.AddOptions();
var builder = new OpenIddictServerBuilder(services);
// Act
builder.UseMvc();
// Assert
Assert.Contains(services, service => service.ServiceType == typeof(IConfigureOptions <MvcOptions>) &&
service.ImplementationType == typeof(OpenIddictMvcConfiguration));
}
/// <summary>
/// Registers the OpenIddict server services for ASP.NET Core in the DI container.
/// </summary>
/// <param name="builder">The services builder used by OpenIddict to register new services.</param>
/// <param name="configuration">The configuration delegate used to configure the server services.</param>
/// <remarks>This extension can be safely called multiple times.</remarks>
/// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
public static OpenIddictServerBuilder UseAspNetCore(
this OpenIddictServerBuilder builder, Action <OpenIddictServerAspNetCoreBuilder> configuration)
{
if (builder is null)
{
throw new ArgumentNullException(nameof(builder));
}
if (configuration is null)
{
throw new ArgumentNullException(nameof(configuration));
}
configuration(builder.UseAspNetCore());
return(builder);
}
public void Configure_RegistersModelBinderProvider()
{
// Arrange
var services = new ServiceCollection();
services.AddOptions();
var builder = new OpenIddictServerBuilder(services);
// Act
builder.UseMvc();
var options = services.BuildServiceProvider().GetRequiredService <IOptions <MvcOptions> >();
// Assert
Assert.Contains(options.Value.ModelBinderProviders, binder => binder is OpenIddictMvcBinderProvider);
}
/// <summary>
/// Registers the OpenIddict server services for ASP.NET Core in the DI container.
/// </summary>
/// <param name="builder">The services builder used by OpenIddict to register new services.</param>
/// <remarks>This extension can be safely called multiple times.</remarks>
/// <returns>The <see cref="OpenIddictServerAspNetCoreBuilder"/>.</returns>
public static OpenIddictServerAspNetCoreBuilder UseAspNetCore(this OpenIddictServerBuilder builder)
{
if (builder is null)
{
throw new ArgumentNullException(nameof(builder));
}
builder.Services.AddAuthentication();
builder.Services.TryAddScoped <OpenIddictServerAspNetCoreHandler>();
// Register the built-in event handlers used by the OpenIddict ASP.NET Core server components.
// Note: the order used here is not important, as the actual order is set in the options.
builder.Services.TryAdd(OpenIddictServerAspNetCoreHandlers.DefaultHandlers.Select(descriptor => descriptor.ServiceDescriptor));
// Register the built-in filters used by the default OpenIddict ASP.NET Core server event handlers.
builder.Services.TryAddSingleton <RequireAuthorizationRequestCachingEnabled>();
builder.Services.TryAddSingleton <RequireAuthorizationEndpointPassthroughEnabled>();
builder.Services.TryAddSingleton <RequireErrorPassthroughEnabled>();
builder.Services.TryAddSingleton <RequireHttpRequest>();
builder.Services.TryAddSingleton <RequireLogoutRequestCachingEnabled>();
builder.Services.TryAddSingleton <RequireLogoutEndpointPassthroughEnabled>();
builder.Services.TryAddSingleton <RequireTransportSecurityRequirementEnabled>();
builder.Services.TryAddSingleton <RequireStatusCodePagesIntegrationEnabled>();
builder.Services.TryAddSingleton <RequireTokenEndpointPassthroughEnabled>();
builder.Services.TryAddSingleton <RequireUserinfoEndpointPassthroughEnabled>();
builder.Services.TryAddSingleton <RequireVerificationEndpointPassthroughEnabled>();
// Register the option initializer used by the OpenIddict ASP.NET Core server integration services.
// Note: TryAddEnumerable() is used here to ensure the initializers are only registered once.
builder.Services.TryAddEnumerable(new[]
{
ServiceDescriptor.Singleton <IConfigureOptions <AuthenticationOptions>, OpenIddictServerAspNetCoreConfiguration>(),
ServiceDescriptor.Singleton <IPostConfigureOptions <AuthenticationOptions>, OpenIddictServerAspNetCoreConfiguration>(),
ServiceDescriptor.Singleton <IConfigureOptions <OpenIddictServerOptions>, OpenIddictServerAspNetCoreConfiguration>(),
ServiceDescriptor.Singleton <IPostConfigureOptions <OpenIddictServerAspNetCoreOptions>, OpenIddictServerAspNetCoreConfiguration>()
});
return(new OpenIddictServerAspNetCoreBuilder(builder.Services));
}
public void UseQuartz_CanBeSafelyInvokedMultipleTimes()
{
// Arrange
var services = new ServiceCollection();
var builder = new OpenIddictServerBuilder(services);
// Act
builder.UseQuartz();
builder.UseQuartz();
builder.UseQuartz();
// Assert
Assert.Single(services, service => service.ServiceType == typeof(IJobDetail) &&
service.ImplementationInstance is IJobDetail job &&
job.Key.Equals(OpenIddictServerQuartzJob.Identity));
Assert.Single(services, service => service.ServiceType == typeof(ITrigger) &&
service.ImplementationInstance is ITrigger trigger &&
trigger.JobKey.Equals(OpenIddictServerQuartzJob.Identity));
}
/// <summary>
/// Registers the OpenIddict server services for OWIN in the DI container.
/// </summary>
/// <param name="builder">The services builder used by OpenIddict to register new services.</param>
/// <remarks>This extension can be safely called multiple times.</remarks>
/// <returns>The <see cref="OpenIddictServerOwinBuilder"/>.</returns>
public static OpenIddictServerOwinBuilder UseOwin(this OpenIddictServerBuilder builder)
{
if (builder is null)
{
throw new ArgumentNullException(nameof(builder));
}
builder.Services.AddWebEncoders();
// Note: unlike regular OWIN middleware, the OpenIddict server middleware is registered
// as a scoped service in the DI container. This allows containers that support middleware
// resolution (like Autofac) to use it without requiring additional configuration.
builder.Services.TryAddScoped <OpenIddictServerOwinMiddleware>();
// Register the built-in event handlers used by the OpenIddict OWIN server components.
// Note: the order used here is not important, as the actual order is set in the options.
builder.Services.TryAdd(OpenIddictServerOwinHandlers.DefaultHandlers.Select(descriptor => descriptor.ServiceDescriptor));
// Register the built-in filters used by the default OpenIddict OWIN server event handlers.
builder.Services.TryAddSingleton <RequireAuthorizationRequestCachingEnabled>();
builder.Services.TryAddSingleton <RequireAuthorizationEndpointPassthroughEnabled>();
builder.Services.TryAddSingleton <RequireErrorPassthroughEnabled>();
builder.Services.TryAddSingleton <RequireLogoutRequestCachingEnabled>();
builder.Services.TryAddSingleton <RequireLogoutEndpointPassthroughEnabled>();
builder.Services.TryAddSingleton <RequireTransportSecurityRequirementEnabled>();
builder.Services.TryAddSingleton <RequireOwinRequest>();
builder.Services.TryAddSingleton <RequireTokenEndpointPassthroughEnabled>();
builder.Services.TryAddSingleton <RequireUserinfoEndpointPassthroughEnabled>();
builder.Services.TryAddSingleton <RequireVerificationEndpointPassthroughEnabled>();
// Register the option initializers used by the OpenIddict OWIN server integration services.
// Note: TryAddEnumerable() is used here to ensure the initializers are only registered once.
builder.Services.TryAddEnumerable(new[]
{
ServiceDescriptor.Singleton <IConfigureOptions <OpenIddictServerOptions>, OpenIddictServerOwinConfiguration>(),
ServiceDescriptor.Singleton <IPostConfigureOptions <OpenIddictServerOwinOptions>, OpenIddictServerOwinConfiguration>()
});
return(new OpenIddictServerOwinBuilder(builder.Services));
}
public static OpenIddictServerBuilder ConfigureSigningKey(this OpenIddictServerBuilder builder,
IConfiguration configuration)
{
var file = Path.Combine(configuration.GetDataDir(), "rsaparams");
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(2048);
RsaSecurityKey key = null;
if (File.Exists(file))
{
RSA.FromXmlString2(File.ReadAllText(file));
}
else
{
var contents = RSA.ToXmlString2(true);
File.WriteAllText(file, contents);
}
RSAParameters KeyParam = RSA.ExportParameters(true);
key = new RsaSecurityKey(KeyParam);
return(builder.AddSigningKey(key));
}
public static OpenIddictServerBuilder ConfigureSigningKey(this OpenIddictServerBuilder builder,
IConfiguration configuration)
{
return(builder.AddSigningKey(GetSigningKey(configuration)));
}
