public void Properties_Map()
{
var model = new Client()
{
Properties =
{
{ "foo1", "bar1" },
{ "foo2", "bar2" },
}
};
var mappedEntity = model.ToEntity();
mappedEntity.Properties.Count.Should().Be(2);
var foo1 = mappedEntity.Properties.FirstOrDefault(x => x.Key == "foo1");
foo1.Should().NotBeNull();
foo1.Value.Should().Be("bar1");
var foo2 = mappedEntity.Properties.FirstOrDefault(x => x.Key == "foo2");
foo2.Should().NotBeNull();
foo2.Value.Should().Be("bar2");
var mappedModel = mappedEntity.ToModel();
mappedModel.Properties.Count.Should().Be(2);
mappedModel.Properties.ContainsKey("foo1").Should().BeTrue();
mappedModel.Properties.ContainsKey("foo2").Should().BeTrue();
mappedModel.Properties["foo1"].Should().Be("bar1");
mappedModel.Properties["foo2"].Should().Be("bar2");
}
public void Can_Map()
{
var model = new Client();
var mappedEntity = model.ToEntity();
var mappedModel = mappedEntity.ToModel();
Assert.NotNull(mappedModel);
Assert.NotNull(mappedEntity);
}
public async Task CreateAsync(CreateClientModel model)
{
var client = new Duende.IdentityServer.Models.Client();
client.ClientId = model.ClientId.Trim();
client.ClientName = model.Name?.Trim();
if (model.Flow == Flow.ClientCredentials)
{
client.AllowedGrantTypes = GrantTypes.ClientCredentials;
}
else
{
client.AllowedGrantTypes = GrantTypes.Code;
}
_context.Clients.Add(client.ToEntity());
await _context.SaveChangesAsync();
}
public void missing_values_should_use_defaults()
{
var entity = new Duende.IdentityServer.EntityFramework.Entities.Client
{
ClientSecrets = new System.Collections.Generic.List <Duende.IdentityServer.EntityFramework.Entities.ClientSecret>
{
new Duende.IdentityServer.EntityFramework.Entities.ClientSecret
{
}
}
};
var def = new Client
{
ClientSecrets = { new Duende.IdentityServer.Models.Secret("foo") }
};
var model = entity.ToModel();
model.ProtocolType.Should().Be(def.ProtocolType);
model.ClientSecrets.First().Type.Should().Be(def.ClientSecrets.First().Type);
}
private static void SeedClientGrantType(IAdminStore <Entity.ClientGrantType> clientGrantTypeStore, ISModels.Client client)
{
foreach (var grantType in client.AllowedGrantTypes)
{
try
{
clientGrantTypeStore.CreateAsync(new Entity.ClientGrantType
{
ClientId = client.ClientId,
GrantType = grantType,
Id = Guid.NewGuid().ToString()
}).GetAwaiter().GetResult();
}
catch (ArgumentException)
{
// silent
}
}
}
private static void SeedClientClaims(IAdminStore <Entity.ClientClaim> clientClaimStore, ISModels.Client client)
{
foreach (var claim in client.Claims)
{
try
{
clientClaimStore.CreateAsync(new Entity.ClientClaim
{
ClientId = client.ClientId,
Id = Guid.NewGuid().ToString(),
Type = claim.Type,
Value = claim.Value
}).GetAwaiter().GetResult();
}
catch (ArgumentException)
{
// silent
}
}
}
private static void SeedClientSecrets(IAdminStore <Entity.ClientSecret> clientSecretStore, ISModels.Client client)
{
foreach (var secret in client.ClientSecrets)
{
try
{
clientSecretStore.CreateAsync(new Entity.ClientSecret
{
ClientId = client.ClientId,
Description = secret.Description,
Expiration = secret.Expiration,
Id = Guid.NewGuid().ToString(),
Type = secret.Type,
Value = secret.Value
}).GetAwaiter().GetResult();
}
catch (ArgumentException)
{
// silent
}
}
}
private static void SeedClientRestrictions(IAdminStore <Entity.ClientIdpRestriction> clientIdpRestrictionStore, ISModels.Client client)
{
foreach (var restriction in client.IdentityProviderRestrictions)
{
try
{
clientIdpRestrictionStore.CreateAsync(new Entity.ClientIdpRestriction
{
ClientId = client.ClientId,
Id = Guid.NewGuid().ToString(),
Provider = restriction
}).GetAwaiter().GetResult();
}
catch (ArgumentException)
{
// silent
}
}
}
private static void SeedClientProperties(IAdminStore <Entity.ClientProperty> clientPropertyStore, ISModels.Client client)
{
foreach (var property in client.Properties)
{
try
{
clientPropertyStore.CreateAsync(new Entity.ClientProperty
{
ClientId = client.ClientId,
Id = Guid.NewGuid().ToString(),
Key = property.Key,
Value = property.Value
}).GetAwaiter().GetResult();
}
catch (ArgumentException)
{
// silent
}
}
}
private static void SeedClientUris(IAdminStore <Entity.ClientUri> clientUriStore, ISModels.Client client)
{
var uris = client.RedirectUris.Select(o => new Entity.ClientUri
{
Id = Guid.NewGuid().ToString(),
ClientId = client.ClientId,
Uri = o
}).ToList();
foreach (var origin in client.AllowedCorsOrigins)
{
var cors = new Uri(origin);
var uri = uris.FirstOrDefault(u => cors.CorsMatch(u.Uri));
var corsUri = new Uri(origin);
var sanetized = $"{corsUri.Scheme.ToUpperInvariant()}://{corsUri.Host.ToUpperInvariant()}:{corsUri.Port}";
if (uri == null)
{
uris.Add(new Entity.ClientUri
{
Id = Guid.NewGuid().ToString(),
ClientId = client.ClientId,
Uri = origin,
Kind = Entity.UriKinds.Cors,
SanetizedCorsUri = sanetized
});
continue;
}
uri.SanetizedCorsUri = sanetized;
uri.Kind = Entity.UriKinds.Redirect | Entity.UriKinds.Cors;
}
foreach (var postLogout in client.PostLogoutRedirectUris)
{
var uri = uris.FirstOrDefault(u => u.Uri == postLogout);
if (uri == null)
{
uris.Add(new Entity.ClientUri
{
Id = Guid.NewGuid().ToString(),
ClientId = client.ClientId,
Uri = postLogout,
Kind = Entity.UriKinds.PostLogout
});
continue;
}
uri.Kind |= Entity.UriKinds.Redirect;
}
foreach (var uri in uris)
{
try
{
clientUriStore.CreateAsync(uri).GetAwaiter().GetResult();
}
catch (ArgumentException)
{
// silent
}
}
}
public static Duende.IdentityServer.Models.Client ToDuende(this IdentityServer3.EntityFramework.Entities.Client client)
{
if (client == null)
{
return(null);
}
var mappedClient = new Duende.IdentityServer.Models.Client();
mappedClient.AbsoluteRefreshTokenLifetime = client.AbsoluteRefreshTokenLifetime;
mappedClient.AccessTokenLifetime = client.AccessTokenLifetime;
mappedClient.AccessTokenType = client.AccessTokenType == AccessTokenType.Jwt
? Duende.IdentityServer.Models.AccessTokenType.Jwt
: Duende.IdentityServer.Models.AccessTokenType.Reference;
mappedClient.AllowAccessTokensViaBrowser = client.AllowAccessTokensViaBrowser;
mappedClient.AllowOfflineAccess = client.AllowedScopes != null && client.AllowedScopes.Any(x => x.Scope == "offline_access");
mappedClient.AllowPlainTextPkce = false; // not an option in IdentityServer 3
mappedClient.AllowRememberConsent = client.AllowRememberConsent;
mappedClient.AllowedCorsOrigins = client.AllowedCorsOrigins?.Select(x => x.Origin).ToList();
mappedClient.AllowedGrantTypes = client.Flow.ToGrantTypes();
mappedClient.AlwaysIncludeUserClaimsInIdToken = false; // not an option per client in IdentityServer 3
mappedClient.AlwaysSendClientClaims = client.AlwaysSendClientClaims;
mappedClient.AuthorizationCodeLifetime = client.AuthorizationCodeLifetime;
mappedClient.Claims = client.Claims?.Select(x => new ClientClaim(x.Type, x.Value)).ToList();
mappedClient.ClientName = client.ClientName;
mappedClient.ClientId = client.ClientId;
mappedClient.ClientClaimsPrefix = client.PrefixClientClaims ? "client_" : null;
mappedClient.ClientSecrets = client.ClientSecrets?.Select(x => x.ToDuende()).ToList();
mappedClient.ClientUri = client.ClientUri;
mappedClient.Enabled = client.Enabled;
mappedClient.EnableLocalLogin = client.EnableLocalLogin;
mappedClient.FrontChannelLogoutSessionRequired = client.LogoutSessionRequired;
mappedClient.FrontChannelLogoutUri = client.LogoutUri;
mappedClient.IdentityProviderRestrictions =
client.IdentityProviderRestrictions?.Select(x => x.Provider).ToList();
mappedClient.IdentityTokenLifetime = client.IdentityTokenLifetime;
mappedClient.IncludeJwtId = client.IncludeJwtId;
mappedClient.LogoUri = client.LogoUri;
mappedClient.PostLogoutRedirectUris = client.PostLogoutRedirectUris?.Select(x => x.Uri).ToList();
mappedClient.ProtocolType = IdentityServerConstants.ProtocolTypes.OpenIdConnect;
mappedClient.RedirectUris = client.RedirectUris?.Select(x => x.Uri).ToList();
mappedClient.RefreshTokenExpiration = client.RefreshTokenExpiration == IdentityServer3.Core.Models.TokenExpiration.Absolute
? Duende.IdentityServer.Models.TokenExpiration.Absolute
: Duende.IdentityServer.Models.TokenExpiration.Sliding;
mappedClient.RefreshTokenUsage = client.RefreshTokenUsage == IdentityServer3.Core.Models.TokenUsage.OneTimeOnly
? Duende.IdentityServer.Models.TokenUsage.OneTimeOnly
: Duende.IdentityServer.Models.TokenUsage.ReUse;
mappedClient.RequireClientSecret = true; // not an option in IdentityServer 3
mappedClient.RequireConsent = client.RequireConsent;
mappedClient.RequirePkce = client.Flow == Flows.AuthorizationCodeWithProofKey ||
client.Flow == Flows.HybridWithProofKey;
mappedClient.SlidingRefreshTokenLifetime = client.SlidingRefreshTokenLifetime;
mappedClient.UpdateAccessTokenClaimsOnRefresh = client.UpdateAccessTokenOnRefresh;
mappedClient.AllowedScopes = client.AllowedScopes?.Select(x => x.Scope).ToList();
mappedClient.AllowedScopes?.Remove("offline_access");
if (client.Flow == Flows.Custom && client.AllowedCustomGrantTypes != null && client.AllowedCustomGrantTypes.Any())
{
mappedClient.AllowedGrantTypes = client.AllowedCustomGrantTypes?.Select(x => x.GrantType).ToList();
}
return(mappedClient);
}
