public IActionResult AddTestClient(TestClientViewModel clientViewModel)
{
if (!ModelState.IsValid)
{
return(View());
}
var apiScopes = clientViewModel.ApiScopes.Split(" ").Select(apiScope => apiScope.Trim()).ToArray();
var client = new ClientModel
{
ClientId = clientViewModel.ClientId,
ClientName = clientViewModel.ClientName,
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
ClientSecrets =
{
new SecretModel(clientViewModel.ClientSecret.Sha256())
},
AllowedScopes = apiScopes
};
_configurationDbContext.Clients.Add(client.ToEntity());
_configurationDbContext.SaveChanges();
_trackTelemetry.TrackEvent(EventName.AddTestClient, EventType.Action, EventStatus.Success);
return(RedirectToAction(nameof(Index)));
}
public IActionResult CreateClientApps([FromBody] JObject jObject)
{
try
{
var applicationName = (string)jObject["applicationName"];
var applicationSecret = (string)jObject["applicationSecret"];
var client = new IdentityServer4.Models.Client
{
ClientId = Guid.NewGuid().ToString(),
ClientSecrets = { new IdentityServer4.Models.Secret(applicationSecret.Sha256()) },
ClientName = applicationName,
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "scim.read.write" },
AccessTokenLifetime = 600
};
_configurationDbContext.Clients.Add(client.ToEntity());
_configurationDbContext.SaveChanges();
return(Ok(client));
}
catch (Exception exception)
{
var errorJobject = CommonFunctions.CreateErrorJobject(exception);
Response.Headers.Add("Content-Type", "application/scim+json");
return(StatusCode(StatusCodes.Status500InternalServerError, errorJobject));
}
}
private void InitializeIdentityServerDatabase(IApplicationBuilder app)
{
using (var serviceScope = app.ApplicationServices.GetService <IServiceScopeFactory>().CreateScope()) {
serviceScope.ServiceProvider.GetRequiredService <PersistedGrantDbContext>().Database.Migrate();
var context = serviceScope.ServiceProvider.GetRequiredService <ConfigurationDbContext>();
context.Database.Migrate();
if (!context.Clients.Any())
{
var client1 = new IdentityServer4.Models.Client {
ClientId = "demo.client1",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets =
{
new IdentityServer4.Models.Secret("secret".Sha256())
},
AllowedScopes = { "demo.api1" },
ClientName = "Demo Client1"
};
context.Clients.Add(client1.ToEntity());
context.SaveChanges();
}
if (!context.ApiResources.Any())
{
var api1 = new IdentityServer4.Models.ApiResource {
Name = "demo.api1",
DisplayName = "demo api",
Description = "this is just for demo"
};
context.ApiResources.Add(api1.ToEntity());
context.SaveChanges();
}
}
}
public async Task <ActionResult <ResponseModel> > Create(ClientInputModel inputModel)
{
ResponseModel responseModel = new ResponseModel();
try
{
// TODO: 效验
#region 效验
// 1.授权类型只能来自选项
// eg: 若选项是两项: CodeAndClientCredentials => authorization_code,client_credentials
string selectedGrantTypes = inputModel.AllowedGrantTypes;
if (!AllGrantTypes.Contains(selectedGrantTypes))
{
responseModel.code = -1;
responseModel.message = "创建失败: 不存在此授权类型";
return(await Task.FromResult(responseModel));
}
#endregion
// InputModel => IdentityServer4.Models
IdentityServer4.Models.Client clientModel = new IdentityServer4.Models.Client()
{
ClientId = inputModel.ClientId,
ClientName = inputModel.DisplayName,
AllowedGrantTypes = inputModel.AllowedGrantTypes?.Split(","),
AllowedScopes = inputModel.AllowedScopes?.Split(","),
Description = inputModel.Description,
AllowedCorsOrigins = inputModel.AllowedCorsOrigins?.Split(","),
ClientSecrets = new List <Secret>()
{
new Secret(inputModel.ClientSecret.Sha256())
},
PostLogoutRedirectUris = inputModel.PostLogoutRedirectUris?.Split(","),
RedirectUris = inputModel.RedirectUris?.Split(","),
RequireConsent = inputModel.RequireConsent,
AllowAccessTokensViaBrowser = inputModel.AllowAccessTokensViaBrowser,
AlwaysIncludeUserClaimsInIdToken = inputModel.AlwaysIncludeUserClaimsInIdToken,
AllowOfflineAccess = inputModel.AllowOfflineAccess
};
// 保存到数据库
var dbModel = clientModel.ToEntity();
// TODO: 注意: 1.发现使用 DateTime.UtcNow 时间不正确,不知道为什么,明明推荐用这个统一时间 2.就算不手动赋值, 最后也会有创建时间, 更新时间, 而内部用的就是UtcNow
dbModel.Created = DateTime.Now;
await _configurationDbContext.Clients.AddAsync(dbModel);
await _configurationDbContext.SaveChangesAsync();
responseModel.code = 1;
responseModel.message = "创建成功 ";
}
catch (Exception ex)
{
responseModel.code = -1;
responseModel.message = "创建失败: " + ex.Message;
}
return(await Task.FromResult(responseModel));
}
public IActionResult AddClient(ClientViewModel clientViewModel)
{
if (!ModelState.IsValid)
{
return(View());
}
var apiScopes = clientViewModel.ApiScopes.Split(" ").Select(apiScope => apiScope.Trim()).ToArray();
var client = new ClientModel
{
ClientId = clientViewModel.ClientId,
ClientName = clientViewModel.ClientName,
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = clientViewModel.AllowAccessTokensViaBrowser,
RequireConsent = false,
RedirectUris = { clientViewModel.RedirectUri },
PostLogoutRedirectUris = { clientViewModel.PostLogoutRedirectUri },
AllowedCorsOrigins = { clientViewModel.CorsOrigin },
AllowedScopes = apiScopes
};
_configurationDbContext.Clients.Add(client.ToEntity());
_configurationDbContext.SaveChanges();
_trackTelemetry.TrackEvent(EventName.AddClient, EventType.Action, EventStatus.Success);
return(RedirectToAction(nameof(Index)));
}
public async Task <IActionResult> Create([FromBody] CreateClientRequest request)
{
var clientId = (request.UserId + "client_id_" + request.ApplicationName).Sha256();
int i = 0;
Console.WriteLine("clientId = " + clientId);
while (true)
{
Console.WriteLine("IndexOf + = " + (clientId.IndexOf('+') >= 0).ToString());
if (clientId.IndexOf('+') >= 0)
{
clientId = (request.UserId + "client_id_" + request.ApplicationName + "_" + i).Sha256();
Console.WriteLine("clientId = " + clientId);
i++;
}
else
{
break;
}
}
var clientSecret = ("client_secret_" + request.ApplicationName).Sha256();
request.RedirectUris.Add("http://localhost:7030/Auth/AuthorizationGrantCode");
IdentityServer4.Models.Client client = new IdentityServer4.Models.Client
{
ClientName = request.ApplicationName,
ClientId = clientId,
ClientSecrets =
{
new IdentityServer4.Models.Secret(clientSecret.Sha256())
},
AllowedGrantTypes = { GrantType.AuthorizationCode, GrantType.ClientCredentials },
RedirectUris = request.RedirectUris,
AllowedScopes = request.Scopes,
RequireConsent = true,
AlwaysSendClientClaims = true
};
var entry = await _configurationDbContext.Clients.AddAsync(client.ToEntity());
if (await _configurationDbContext.SaveChangesAsync() > 0)
{
List <string> scopes = new List <string>();
foreach (var item in entry.Entity.AllowedScopes)
{
scopes.Add(item.Scope);
}
var response = new CreateClientResponse
{
ClientId = entry.Entity.ClientId,
ClientSecret = clientSecret,
RedirectUris = entry.Entity.RedirectUris.Select(x => x.RedirectUri).ToList(),
ApplicationName = request.ApplicationName,
Scopes = entry.Entity.AllowedScopes.Select(x => x.Scope).Join(",")
};
return(await Task.FromResult(Ok(response)));
}
return(BadRequest());
}
public void UpdatePostLogoutRedirectUris(
IdentityServer4.EntityFramework.Entities.Client client,
List <string> postLogoutRedirectUris)
{
IdentityServer4.Models.Client clientModel = new IdentityServer4.Models.Client();
clientModel.PostLogoutRedirectUris = postLogoutRedirectUris;
client.PostLogoutRedirectUris = clientModel.ToEntity().PostLogoutRedirectUris;
}
public Task Create(IdentityServer4.Models.Client client)
{
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
State.Client = client.ToEntity();
return(WriteStateAsync());
}
public void UpdateRedirectUris(
IdentityServer4.EntityFramework.Entities.Client client,
List <string> redirectUris
)
{
IdentityServer4.Models.Client clientModel = new IdentityServer4.Models.Client();
clientModel.RedirectUris = redirectUris;
client.RedirectUris = clientModel.ToEntity().RedirectUris;
}
private static void AddTestEntitiesToSql(IS4.Client client, IS4.ApiResource apiResource)
{
using (var identityContext = IdentityDbContext)
{
identityContext.Database.ExecuteSqlCommand(DeleteDataSql);
identityContext.ApiResources.Add(apiResource.ToEntity());
identityContext.Clients.Add(client.ToEntity());
identityContext.SaveChanges();
}
}
public void UpdateAllowedScopes(
IdentityServer4.EntityFramework.Entities.Client client,
List <string> allowedScopes
)
{
IdentityServer4.Models.Client clientModel = new IdentityServer4.Models.Client();
clientModel.AllowedScopes = allowedScopes;
client.AllowedScopes = clientModel.ToEntity().AllowedScopes;
}
public IActionResult CreateClient(CreateClientModel model, [FromServices] ConfigurationDbContext configContext)
{
// Generate a unique client ID
var clientId = StringHelper.RandomString(20, "abcdefghjkmnpqrstuvwxyz1234567890");
while (configContext.Clients.Where(c => c.ClientId == clientId).FirstOrDefault() != null)
{
clientId = StringHelper.RandomString(20, "abcdefghjkmnpqrstuvwxyz1234567890");
}
var clientSecret = StringHelper.RandomString(40, "abcdefghjkmnpqrstuvwxyz1234567890");
// Generate the origin for the callback
Uri redirect = new Uri(model.CallbackUrl);
string origin = redirect.Scheme + "://" + redirect.Host;
var client = new IdentityServer4.Models.Client
{
Properties = new Dictionary <string, string>()
{
{ "username", model.Username }
},
ClientId = clientId,
ClientName = model.Name,
ClientUri = model.HomepageUrl,
LogoUri = model.LogoUrl,
AllowedGrantTypes = model.AllowedGrants,
AllowedScopes = model.AllowedScopes,
ClientSecrets =
{
new IdentityServer4.Models.Secret(clientSecret.Sha256())
},
RedirectUris =
{
model.CallbackUrl
},
AllowedCorsOrigins =
{
origin
},
RequireConsent = true,
AllowOfflineAccess = true
};
configContext.Clients.Add(client.ToEntity());
configContext.SaveChanges();
return(new JsonResult(new { success = true, data = new { id = clientId, secret = clientSecret } }));
}
public void UpdateAllowedGrantType(
IdentityServer4.EntityFramework.Entities.Client client,
string allowedGrantType
)
{
ICollection <string> clientGrantTypeList = new List <string>();
if (!string.IsNullOrEmpty(allowedGrantType))
{
clientGrantTypeList = _clientGrantTypeManager.GetClientGrantTypesForName(allowedGrantType);
}
IdentityServer4.Models.Client clientModel = new IdentityServer4.Models.Client()
{
ClientId = "ClientId"
};
clientModel.AllowedGrantTypes = clientGrantTypeList;
var newclient = clientModel.ToEntity();
client.AllowedGrantTypes = clientModel.ToEntity().AllowedGrantTypes;
}
public async Task <IActionResult> Post([FromBody] IroncladClient model)
{
if (string.IsNullOrEmpty(model.Id))
{
return(this.BadRequest(new { Message = $"Cannot create a client without a client ID" }));
}
var accessTokenType = default(AccessTokenType);
if (model.AccessTokenType != null && !Enum.TryParse(model.AccessTokenType, out accessTokenType))
{
return(this.BadRequest(new { Message = $"Access token type '{model.AccessTokenType}' does not exist" }));
}
var client = new IdentityServerClient {
ClientId = model.Id
};
// optional properties
client.ClientName = model.Name ?? client.ClientName;
client.ClientSecrets = model.Secret == null ? client.ClientSecrets : new HashSet <Secret> {
new Secret(model.Secret.Sha256())
};
client.AllowedCorsOrigins = model.AllowedCorsOrigins ?? client.AllowedCorsOrigins;
client.RedirectUris = model.RedirectUris ?? client.RedirectUris;
client.PostLogoutRedirectUris = model.PostLogoutRedirectUris ?? client.PostLogoutRedirectUris;
client.AllowedScopes = model.AllowedScopes ?? client.AllowedScopes;
client.AccessTokenType = model.AccessTokenType == null ? client.AccessTokenType : accessTokenType;
client.AllowedGrantTypes = model.AllowedGrantTypes ?? client.AllowedGrantTypes;
client.AllowAccessTokensViaBrowser = model.AllowAccessTokensViaBrowser ?? client.AllowAccessTokensViaBrowser;
client.AllowOfflineAccess = model.AllowOfflineAccess ?? client.AllowOfflineAccess;
client.RequireClientSecret = model.RequireClientSecret ?? client.RequireClientSecret;
client.RequirePkce = model.RequirePkce ?? client.RequirePkce;
client.RequireConsent = model.RequireConsent ?? client.RequireConsent;
client.Enabled = model.Enabled ?? client.Enabled;
using (var session = this.store.LightweightSession())
{
if (session.Query <PostgresClient>().Any(document => document.ClientId == client.ClientId))
{
return(this.StatusCode((int)HttpStatusCode.Conflict, new { Message = "Client already exists" }));
}
session.Insert(client.ToEntity());
await session.SaveChangesAsync();
}
return(this.Created(new Uri(this.HttpContext.GetIdentityServerRelativeUrl("~/api/clients/" + model.Id)), null));
}
public void UpdateSecrets(
IdentityServer4.EntityFramework.Entities.Client client,
List <string> clientSecrets
)
{
List <IdentityServer4.Models.Secret> SecretModels = new List <IdentityServer4.Models.Secret>();
clientSecrets.ForEach(e => {
SecretModels.Add(new IdentityServer4.Models.Secret(e.Sha256()));
});
IdentityServer4.Models.Client clientModel = new IdentityServer4.Models.Client();
clientModel.ClientSecrets = SecretModels;
client.ClientSecrets = clientModel.ToEntity().ClientSecrets;
}
public async Task <bool> AddClient(IdentityServer4.Models.Client client)
{
bool Result = false;
try
{
await Context.Clients.AddAsync(client.ToEntity());
Result = await Context.SaveChangesAsync() > 0;
}
catch (Exception E)
{
var Message = E.Message;
}
return(Result);
}
private IdentityServer4.EntityFramework.Entities.Client MapBllToDal(SharedModels.Client client)
{
IdentityServer4.Models.Client clientModelIds4 = new IdentityServer4.Models.Client();
clientModelIds4.ClientName = client.ClientName;
clientModelIds4.ClientUri = client.ClientUri;
clientModelIds4.ClientId = client.ClientId;
clientModelIds4.FrontChannelLogoutUri = client.FrontChannelLogoutUrl;
if (client.ClientSecret != null)
{
IdentityServer4.Models.Secret secret = new IdentityServer4.Models.Secret(client.ClientSecret.Sha256());
secret.Type = "SharedSecret";
clientModelIds4.ClientSecrets = new List <IdentityServer4.Models.Secret>();
clientModelIds4.ClientSecrets.Add(secret);
}
clientModelIds4.AllowedGrantTypes = new List <string>();
client.GrantType = client.GrantType.Replace(" ", "_");
clientModelIds4.AllowedGrantTypes.Add(client.GrantType);
if (client.ClientProperty != null)
{
string key = "ApplicationType";
clientModelIds4.Properties = new Dictionary <string, string>();
clientModelIds4.Properties.Add(key, client.ClientProperty);
}
clientModelIds4.AllowedScopes = new List <string>();
foreach (string scope in client.AllowedScopes)
{
var replacedScope = scope.Replace(" ", "_");
clientModelIds4.AllowedScopes.Add(replacedScope);
}
clientModelIds4.RedirectUris = new List <string>();
foreach (string redirctUri in client.RedirectUrls)
{
clientModelIds4.RedirectUris.Add(redirctUri);
}
clientModelIds4.PostLogoutRedirectUris = new List <string>();
clientModelIds4.PostLogoutRedirectUris.Add(client.PostLogoutUrl);
return(clientModelIds4.ToEntity());
}
public IActionResult AddClient()
{
IdentityServer4.Models.Client client = new IdentityServer4.Models.Client();
client.ClientId = "mobileapp";
client.ClientSecrets = new List <IdentityServer4.Models.Secret> {
new IdentityServer4.Models.Secret("cleduclient".Sha256())
};
client.AllowedScopes = new List <string> {
"api_meteo_scope"
};
_confContext.Clients.Add(client.ToEntity());
_confContext.SaveChanges();
return(Ok());
}
public IActionResult EditClient(IdentityServer4.Models.Client model)
{
var vModel = model.ToEntity();
var rClient = _configContext.Clients.Where(s => s.ClientId == model.ClientId).SingleOrDefault();
rClient.ClientId = model.ClientId;
rClient.ClientName = model.ClientName;
rClient.RedirectUris = vModel.RedirectUris;
rClient.PostLogoutRedirectUris = vModel.PostLogoutRedirectUris;
rClient.Description = model.Description;
rClient.AllowOfflineAccess = model.AllowOfflineAccess;
rClient.AlwaysSendClientClaims = model.AlwaysSendClientClaims;
rClient.AlwaysIncludeUserClaimsInIdToken = model.AlwaysIncludeUserClaimsInIdToken;
rClient.RequireConsent = model.RequireConsent;
_configContext.Update(rClient);
_configContext.SaveChanges();
return(RedirectToAction("ClientList"));
}
public IActionResult AddClientProfile()
{
IdentityServer4.Models.Client client = new IdentityServer4.Models.Client();
client.ClientId = "mvcapp";
client.ClientSecrets = new List <IdentityServer4.Models.Secret> {
new IdentityServer4.Models.Secret("cleduclient".Sha256())
};
client.AllowedScopes = new List <string> {
"api_meteo_scope", IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile
};
client.AllowedGrantTypes = GrantTypes.Code;
// URLS de redirection =>>> https://oauth.pstmn.io/v1/callback
_confContext.Clients.Add(client.ToEntity());
_confContext.SaveChanges();
return(Ok());
}
public IdentityServer4.EntityFramework.Entities.Client CreateClient(
string clientId,
string allowedGrantType,
List <string> clientSecrets,
List <string> redirectUris,
List <string> postLogoutRedirectUris,
List <string> allowedScopes
)
{
ICollection <string> clientGrantTypeList = new List <string>();
// 认证客户端认证类型是否存在
if (!string.IsNullOrEmpty(allowedGrantType) && !_clientGrantTypeManager.IsExistClientGrantTypeGroup(allowedGrantType))
{
throw new Exception("不存在的客户端认证类型[" + allowedGrantType + "]");
}
if (!string.IsNullOrEmpty(allowedGrantType))
{
clientGrantTypeList = _clientGrantTypeManager.GetClientGrantTypesForName(allowedGrantType);
}
List <IdentityServer4.Models.Secret> clientSecretList = new List <IdentityServer4.Models.Secret>();
clientSecrets.ForEach(e => {
clientSecretList.Add(new IdentityServer4.Models.Secret(e.Sha256()));
});
IdentityServer4.Models.Client client = new IdentityServer4.Models.Client()
{
ClientId = clientId,
AllowedGrantTypes = clientGrantTypeList,
ClientSecrets = clientSecretList,
RedirectUris = redirectUris,
PostLogoutRedirectUris = postLogoutRedirectUris,
AllowedScopes = allowedScopes,
};
return(client.ToEntity());
}
public async Task <JsonResult> Create(IdentityServer4.Models.Client request)
{
JsonResponse response = new JsonResponse();
request.ClientSecrets.ToList().ForEach(m =>
{
m.Value = m.Value.Sha256();
});
var model = (await _context.Clients.AddAsync(request.ToEntity())).Entity;
await _context.SaveChangesAsync();
if (model != null)
{
response.status = 0;
response.code = "200";
}
else
{
response.status = -1;
response.code = "500";
}
return(Json(response));
}
public async Task <MessageModel <string> > SaveData(ClientDto request)
{
if (request != null && request.id == 0)
{
IdentityServer4.Models.Client client = new IdentityServer4.Models.Client()
{
ClientId = request?.ClientId,
ClientName = request?.ClientName,
Description = request?.Description,
AllowAccessTokensViaBrowser = (request?.AllowAccessTokensViaBrowser).ObjToBool(),
AllowedCorsOrigins = request?.AllowedCorsOrigins?.Split(","),
AllowedGrantTypes = request?.AllowedGrantTypes?.Split(","),
AllowedScopes = request?.AllowedScopes?.Split(","),
PostLogoutRedirectUris = request?.PostLogoutRedirectUris?.Split(","),
RedirectUris = request?.RedirectUris?.Split(","),
};
if (!string.IsNullOrEmpty(request.ClientSecrets))
{
client.ClientSecrets = new List <Secret>()
{
new Secret(request.ClientSecrets.Sha256())
};
}
var result = (await _configurationDbContext.Clients.AddAsync(client.ToEntity()));
await _configurationDbContext.SaveChangesAsync();
}
if (request != null && request.id > 0)
{
var modelEF = (await _configurationDbContext.Clients
.Include(d => d.AllowedGrantTypes)
.Include(d => d.AllowedScopes)
.Include(d => d.AllowedCorsOrigins)
.Include(d => d.RedirectUris)
.Include(d => d.PostLogoutRedirectUris)
.ToListAsync()).FirstOrDefault(d => d.Id == request.id);
modelEF.ClientId = request?.ClientId;
modelEF.ClientName = request?.ClientName;
modelEF.Description = request?.Description;
modelEF.AllowAccessTokensViaBrowser = (request?.AllowAccessTokensViaBrowser).ObjToBool();
var AllowedCorsOrigins = new List <IdentityServer4.EntityFramework.Entities.ClientCorsOrigin>();
if (!string.IsNullOrEmpty(request?.AllowedCorsOrigins))
{
request?.AllowedCorsOrigins.Split(",").Where(s => s != "" && s != null).ToList().ForEach(s =>
{
AllowedCorsOrigins.Add(new IdentityServer4.EntityFramework.Entities.ClientCorsOrigin()
{
Client = modelEF,
ClientId = modelEF.Id,
Origin = s
});
});
modelEF.AllowedCorsOrigins = AllowedCorsOrigins;
}
var AllowedGrantTypes = new List <IdentityServer4.EntityFramework.Entities.ClientGrantType>();
if (!string.IsNullOrEmpty(request?.AllowedGrantTypes))
{
request?.AllowedGrantTypes.Split(",").Where(s => s != "" && s != null).ToList().ForEach(s =>
{
AllowedGrantTypes.Add(new IdentityServer4.EntityFramework.Entities.ClientGrantType()
{
Client = modelEF,
ClientId = modelEF.Id,
GrantType = s
});
});
modelEF.AllowedGrantTypes = AllowedGrantTypes;
}
var AllowedScopes = new List <IdentityServer4.EntityFramework.Entities.ClientScope>();
if (!string.IsNullOrEmpty(request?.AllowedScopes))
{
request?.AllowedScopes.Split(",").Where(s => s != "" && s != null).ToList().ForEach(s =>
{
AllowedScopes.Add(new IdentityServer4.EntityFramework.Entities.ClientScope()
{
Client = modelEF,
ClientId = modelEF.Id,
Scope = s
});
});
modelEF.AllowedScopes = AllowedScopes;
}
var PostLogoutRedirectUris = new List <IdentityServer4.EntityFramework.Entities.ClientPostLogoutRedirectUri>();
if (!string.IsNullOrEmpty(request?.PostLogoutRedirectUris))
{
request?.PostLogoutRedirectUris.Split(",").Where(s => s != "" && s != null).ToList().ForEach(s =>
{
PostLogoutRedirectUris.Add(new IdentityServer4.EntityFramework.Entities.ClientPostLogoutRedirectUri()
{
Client = modelEF,
ClientId = modelEF.Id,
PostLogoutRedirectUri = s
});
});
modelEF.PostLogoutRedirectUris = PostLogoutRedirectUris;
}
var RedirectUris = new List <IdentityServer4.EntityFramework.Entities.ClientRedirectUri>();
if (!string.IsNullOrEmpty(request?.RedirectUris))
{
request?.RedirectUris.Split(",").Where(s => s != "" && s != null).ToList().ForEach(s =>
{
RedirectUris.Add(new IdentityServer4.EntityFramework.Entities.ClientRedirectUri()
{
Client = modelEF,
ClientId = modelEF.Id,
RedirectUri = s
});
});
modelEF.RedirectUris = RedirectUris;
}
var result = (_configurationDbContext.Clients.Update(modelEF));
await _configurationDbContext.SaveChangesAsync();
}
return(new MessageModel <string>()
{
success = true,
msg = "添加成功",
});
}
public static void ConfigurationDbContextSeed(this ModelBuilder modelBuilder)
{
var clientGrantTypeEntity = new ClientGrantType
{
Id = -1,
GrantType = GrantType.ResourceOwnerPassword,
ClientId = -1,
};
var clientScopes = new[]
{
new ClientScope
{
ClientId = -1,
Id = -1,
Scope = "record-keep-api"
},
new ClientScope
{
ClientId = -1,
Id = -2,
Scope = IdentityServerConstants.StandardScopes.OpenId
},
new ClientScope
{
ClientId = -1,
Id = -3,
Scope = IdentityServerConstants.StandardScopes.Profile
}
};
var client = new Client
{
ClientId = "record-keep",
AccessTokenType = AccessTokenType.Jwt,
RequireClientSecret = false,
AllowOfflineAccess = false,
AllowAccessTokensViaBrowser = true
};
var clientEntity = client.ToEntity();
clientEntity.Id = -1;
var apiResourceClaimEntity = new ApiResourceClaim
{
Id = -1,
ApiResourceId = -1,
Type = JwtClaimTypes.Name
};
var apiResourceScopesEntity = new ApiScope
{
Name = "record-keep-api",
Id = -1,
DisplayName = "Record Keep API",
ApiResourceId = -1,
};
var apiResource = new ApiResource
{
Name = "record-keep-api",
DisplayName = "Record Keep API"
};
var apiResourceEntity = apiResource.ToEntity();
apiResourceEntity.Id = -1;
var openIdIdentity = new IdentityResources.OpenId().ToEntity();
var profileIdentity = new IdentityResources.Profile().ToEntity();
openIdIdentity.Id = -1;
profileIdentity.Id = -2;
var identityClaimOpenId = new IdentityClaim
{
Id = -1,
Type = JwtClaimTypes.Subject,
IdentityResourceId = -1
};
var identityClaims = new List <IdentityClaim>
{
identityClaimOpenId
};
var index = -2;
foreach (var claims in profileIdentity.UserClaims)
{
identityClaims.Add(new IdentityClaim
{
Id = index,
Type = claims.Type,
IdentityResourceId = -2,
});
index--;
}
openIdIdentity.UserClaims = new List <IdentityClaim>();
profileIdentity.UserClaims = new List <IdentityClaim>();
modelBuilder.Entity <ClientGrantType>().HasData(clientGrantTypeEntity);
modelBuilder.Entity <ClientScope>().HasData(clientScopes);
modelBuilder.Entity <IdentityServer4.EntityFramework.Entities.Client>().HasData(clientEntity);
modelBuilder.Entity <ApiResourceClaim>().HasData(apiResourceClaimEntity);
modelBuilder.Entity <ApiScope>().HasData(apiResourceScopesEntity);
modelBuilder.Entity <IdentityServer4.EntityFramework.Entities.ApiResource>().HasData(apiResourceEntity);
modelBuilder.Entity <IdentityResource>().HasData(openIdIdentity, profileIdentity);
modelBuilder.Entity <IdentityClaim>().HasData(identityClaims);
}
public async Task <IActionResult> Put(string clientId, [FromBody] IroncladClient model)
{
if (string.Equals(clientId, "auth_console", StringComparison.OrdinalIgnoreCase))
{
return(this.BadRequest(new { Message = $"Cannot modify the authorization console client" }));
}
using (var session = this.store.LightweightSession())
{
var document = await session.Query <PostgresClient>().SingleOrDefaultAsync(item => item.ClientId == clientId);
if (document == null)
{
return(this.NotFound(new { Message = $"Client '{clientId}' not found" }));
}
var accessTokenType = default(AccessTokenType);
if (model.AccessTokenType != null && !Enum.TryParse(model.AccessTokenType, out accessTokenType))
{
return(this.BadRequest(new { Message = $"Access token type '{model.AccessTokenType}' does not exist" }));
}
// NOTE (Cameron): Because of the mapping/conversion unknowns we rely upon the Postgres integration to perform that operation which is why we do this...
var client = new IdentityServerClient
{
AllowedCorsOrigins = model.AllowedCorsOrigins,
RedirectUris = model.RedirectUris,
PostLogoutRedirectUris = model.PostLogoutRedirectUris,
AllowedScopes = model.AllowedScopes,
AllowedGrantTypes = model.AllowedGrantTypes,
};
client.AccessTokenType = model.AccessTokenType == null ? client.AccessTokenType : accessTokenType;
// NOTE (Cameron): If the secret is updated we want to add the new secret...
if (!string.IsNullOrEmpty(model.Secret))
{
client.ClientSecrets = new List <Secret> {
new Secret(model.Secret.Sha256())
};
}
var entity = client.ToEntity();
// update properties (everything supported is an optional update eg. if null is passed we will not update)
document.ClientName = model.Name ?? document.ClientName;
document.AllowedCorsOrigins = entity.AllowedCorsOrigins ?? document.AllowedCorsOrigins;
document.RedirectUris = entity.RedirectUris ?? document.RedirectUris;
document.PostLogoutRedirectUris = entity.PostLogoutRedirectUris ?? document.PostLogoutRedirectUris;
document.AllowedScopes = entity.AllowedScopes ?? document.AllowedScopes;
document.AccessTokenType = model.AccessTokenType == null ? document.AccessTokenType : entity.AccessTokenType;
document.AllowedGrantTypes = entity.AllowedGrantTypes ?? document.AllowedGrantTypes;
document.AllowAccessTokensViaBrowser = model.AllowAccessTokensViaBrowser ?? document.AllowAccessTokensViaBrowser;
document.AllowOfflineAccess = model.AllowOfflineAccess ?? document.AllowOfflineAccess;
document.RequireClientSecret = model.RequireClientSecret ?? document.RequireClientSecret;
document.RequirePkce = model.RequirePkce ?? document.RequirePkce;
document.RequireConsent = model.RequireConsent ?? document.RequireConsent;
document.Enabled = model.Enabled ?? document.Enabled;
if (!string.IsNullOrEmpty(model.Secret))
{
document.ClientSecrets.Add(entity.ClientSecrets.First());
}
session.Update(document);
await session.SaveChangesAsync();
}
return(this.Ok());
}
public static void Clients(ConfigurationDbContext context)
{
if (!context.ApiResources.Any(r => r.Name == UiLoginApiResource))
{
ApiResource resource = new ApiResource(UiLoginApiResource, "Main UI");
context.ApiResources.Add(resource.ToEntity());
context.SaveChanges();
}
if (!context.ApiResources.Any(r => r.Name == Consts.Api.ResourceId))
{
ApiResource resource = new ApiResource(Consts.Api.ResourceId, "Main API");
context.ApiResources.Add(resource.ToEntity());
context.SaveChanges();
}
// TODO: configure clients
if (!context.Clients.Any(client => client.ClientId == DebugConstants.Ui.ClientId))
{
IdentityServer4.Models.Client client = new IdentityServer4.Models.Client();
client.ClientId = DebugConstants.Ui.ClientId;
client.ClientName = "EDAMOS UI";
client.AllowedGrantTypes = GrantTypes.HybridAndClientCredentials;
client.ClientSecrets = new[] { new Secret(DebugConstants.Ui.ClientSecret.Sha256()) }; // TODO: configure secret
client.AllowedScopes = new[]
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
Consts.Api.ResourceId
};
client.RedirectUris = new[] { DebugConstants.Ui.RootAddress + Consts.OpenId.CallbackPath };
client.PostLogoutRedirectUris = new[] { DebugConstants.Ui.RootAddress + Consts.OpenId.SignOutCallbackPath };
client.RequireConsent = false;
context.Clients.Add(client.ToEntity());
context.SaveChanges();
}
if (!context.Clients.Any(client => client.ClientId == DebugConstants.AdminUi.ClientId))
{
IdentityServer4.Models.Client client = new IdentityServer4.Models.Client();
client.ClientId = DebugConstants.AdminUi.ClientId;
client.ClientName = "EDAMOS ADMIN";
client.AllowedGrantTypes = GrantTypes.HybridAndClientCredentials;
client.ClientSecrets = new[] { new Secret(DebugConstants.AdminUi.ClientSecret.Sha256()) }; // TODO: configure secret
client.AllowedScopes = new[]
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
Consts.Api.ResourceId
};
client.RedirectUris = new[] { DebugConstants.AdminUi.RootAddress + Consts.OpenId.CallbackPath };
client.PostLogoutRedirectUris = new[] { DebugConstants.AdminUi.RootAddress + Consts.OpenId.SignOutCallbackPath };
client.RequireConsent = false;
context.Clients.Add(client.ToEntity());
context.SaveChanges();
}
if (!context.Clients.Any(client => client.ClientId == DebugConstants.ProxyUi.ClientId))
{
Client client = new Client();
client.ClientId = DebugConstants.ProxyUi.ClientId;
client.ClientName = "EDAMOS PROXY UI";
client.AllowedGrantTypes = GrantTypes.HybridAndClientCredentials;
client.ClientSecrets = new[] { new Secret(DebugConstants.ProxyUi.ClientSecret.Sha256()) }; // TODO: configure secret
client.AllowedScopes = new[]
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
};
client.RedirectUris = new[]
{
DebugConstants.ProxyUi.KibanaRootAddress + Consts.OpenId.CallbackPath,
DebugConstants.ProxyUi.GrafanaRootAddress + Consts.OpenId.CallbackPath,
DebugConstants.ProxyUi.RabbitMqRootAddress + Consts.OpenId.CallbackPath,
};
client.PostLogoutRedirectUris = new[]
{
DebugConstants.ProxyUi.KibanaRootAddress + Consts.OpenId.SignOutCallbackPath,
DebugConstants.ProxyUi.GrafanaRootAddress + Consts.OpenId.SignOutCallbackPath,
DebugConstants.ProxyUi.RabbitMqRootAddress + Consts.OpenId.SignOutCallbackPath,
};
client.RequireConsent = false;
context.Clients.Add(client.ToEntity());
context.SaveChanges();
}
}
public IActionResult CreateClient(ClientModel model)
{
if (model.SelectedScopes == null)
{
ModelState.AddModelError("Client", "Please select or insert at least a scope.");
}
if (model.AllowedGrantType == null)
{
ModelState.AddModelError("Client", "Please select a grnt type.");
}
if (model.RedirectUris == null)
{
ModelState.AddModelError("Client", "Please insert at least a RedirectUris.");
}
if (model.PostLogoutRedirectUris == null)
{
ModelState.AddModelError("Client", "Please insert at least a PostLogoutRedirectUris.");
}
var grantType = HelperExtension.GetPropValue <GrantTypes>(model.AllowedGrantType) as ICollection <string>;
if (grantType == null)
{
ModelState.AddModelError("Client", "grant Type not valid.");
}
if (!ModelState.IsValid)
{
PropertyInfo[] grantInfo;
grantInfo = typeof(GrantTypes).GetProperties(BindingFlags.Public |
BindingFlags.Static);
model.AllowedGrantTypes = grantInfo.Select(s => s.Name).ToList();
FieldInfo[] scopesInfo;
scopesInfo = typeof(StandardScopes).GetFields(BindingFlags.Public | BindingFlags.Static |
BindingFlags.FlattenHierarchy)
.Where(fi => fi.IsLiteral && !fi.IsInitOnly).ToArray();
model.AllowedScopes = scopesInfo.Select(s => s.GetValue(s).ToString()).ToList();
return(View(model));
}
var client = new IdentityServer4.Models.Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = model.ClientName,
AllowedGrantTypes = grantType,
Description = model.Description,
RequireConsent = model.RequireConsent,
ClientSecrets =
{
new Secret(model.SecretCode.Sha256())
},
RedirectUris = model.RedirectUris,
PostLogoutRedirectUris = model.PostLogoutRedirectUris,
AllowedScopes = model.SelectedScopes,
AllowOfflineAccess = model.AllowOfflineAccess,
AlwaysSendClientClaims = model.AlwaysSendClientClaims,
AlwaysIncludeUserClaimsInIdToken = model.AlwaysIncludeUserClaimsInIdToken,
};
_configContext.Clients.Add(client.ToEntity());
_configContext.SaveChanges();
return(RedirectToAction("ClientList"));
}