public virtual object Clone() { return(new OAuthClient { ClientId = ClientId, ClientNames = ClientNames == null ? new List <OAuthTranslation>() : ClientNames.Select(c => (OAuthTranslation)c.Clone()).ToList(), ClientUris = ClientUris == null ? new List <OAuthTranslation>() : ClientUris.Select(c => (OAuthTranslation)c.Clone()).ToList(), LogoUris = LogoUris == null ? new List <OAuthTranslation>() : LogoUris.Select(c => (OAuthTranslation)c.Clone()).ToList(), PolicyUris = PolicyUris == null ? new List <OAuthTranslation>() : PolicyUris.Select(c => (OAuthTranslation)c.Clone()).ToList(), TosUris = TosUris == null ? new List <OAuthTranslation>() : TosUris.Select(c => (OAuthTranslation)c.Clone()).ToList(), CreateDateTime = CreateDateTime, JwksUri = JwksUri, RefreshTokenExpirationTimeInSeconds = RefreshTokenExpirationTimeInSeconds, UpdateDateTime = UpdateDateTime, TokenEndPointAuthMethod = TokenEndPointAuthMethod, TokenExpirationTimeInSeconds = TokenExpirationTimeInSeconds, Secrets = Secrets == null ? new List <ClientSecret>() : Secrets.Select(s => (ClientSecret)s.Clone()).ToList(), AllowedScopes = AllowedScopes == null ? new List <OAuthScope>() : AllowedScopes.Select(s => (OAuthScope)s.Clone()).ToList(), JsonWebKeys = JsonWebKeys == null ? new List <JsonWebKey>() : JsonWebKeys.Select(j => (JsonWebKey)j.Clone()).ToList(), GrantTypes = GrantTypes.ToList(), RedirectionUrls = RedirectionUrls.ToList(), PreferredTokenProfile = PreferredTokenProfile, TokenEncryptedResponseAlg = TokenEncryptedResponseAlg, TokenEncryptedResponseEnc = TokenEncryptedResponseEnc, TokenSignedResponseAlg = TokenSignedResponseAlg, ResponseTypes = ResponseTypes.ToList(), Contacts = Contacts.ToList(), SoftwareId = SoftwareId, SoftwareVersion = SoftwareVersion, PostLogoutRedirectUris = PostLogoutRedirectUris.ToList() }); }
public async Task allow_refresh_an_accessToken_from_refresh_token() { var server = new TestServerBuilder() .WithSuccessAuthentication() .WithInMemoryStore() .Build(); var client = server.CreateClient(); var response = await client.PostAsync("/token", GrantTypes.APasswordGrantType()); response.EnsureSuccessStatusCode(); var tokenResponse = await ReadRequestResponseToJwtTokenResponse(response); response = await client.PostAsync("/token", GrantTypes.ARefreshTokenGranType(tokenResponse.RefreshToken)); response.EnsureSuccessStatusCode(); var refreshTokenResponse = await ReadRequestResponseToJwtTokenResponse(response); refreshTokenResponse.AccessToken.Should().NotBeEmpty(); refreshTokenResponse.RefreshToken.Should().NotBeEmpty(); refreshTokenResponse.AccessToken.Should().NotBe(tokenResponse.AccessToken); refreshTokenResponse.RefreshToken.Should().NotBe(tokenResponse.RefreshToken); }
public static IEnumerable <Client> GetClients(IConfigurationSection section) { var clients = new List <Client>(); List <ClientConfig> configs = new List <ClientConfig>(); section.Bind("Clients", configs); foreach (var config in configs) { Client client = new Client(); client.ClientId = config.ClientId; List <Secret> clientSecrets = new List <Secret>(); foreach (var secret in config.ClientSecrets) { clientSecrets.Add(new Secret(secret.Sha256())); } client.ClientSecrets = clientSecrets.ToArray(); GrantTypes grantTypes = new GrantTypes(); var allowedGrantTypes = grantTypes.GetType().GetProperty(config.AllowedGrantTypes); client.AllowedGrantTypes = allowedGrantTypes == null ? GrantTypes.ClientCredentials : (ICollection <string>)allowedGrantTypes.GetValue(grantTypes, null); client.AllowedScopes.Add(IdentityServerConstants.StandardScopes.OpenId); client.AllowedScopes.Add(IdentityServerConstants.StandardScopes.Profile); config.AllowedScopes?.Any(a => { client.AllowedScopes.Add(a); return(false); }); clients.Add(client); } return(clients); }
public static IEnumerable <Client> Get() { //var redirectUri = "http://localhost:5002"; var redirectUri = "https://fletnix.azurewebsites.net"; return(new List <Client> { new Client { ClientId = "fletnix", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, ClientName = "Fletnix totally not a copy of netflix...", AllowedGrantTypes = GrantTypes.List( GrantType.Implicit, GrantType.ClientCredentials), RequireConsent = false, AllowAccessTokensViaBrowser = true, AllowedScopes = new List <string> { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "role" }, RedirectUris = new List <string> { redirectUri + "/signin-oidc" }, PostLogoutRedirectUris = new List <string> { redirectUri } } }); }
//Clientes, quem pode se conectar ao Identity Server, nesse caso, o app do Ionic public static IEnumerable <Client> GetClients() { return(new List <Client> { new Client { ClientId = "jarbasApp", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.List(new [] { GrantType.ResourceOwnerPassword, "googleAuth" }), AllowedScopes = { "jarbasApi", "offline_access" }, AllowOfflineAccess = true, RefreshTokenUsage = TokenUsage.ReUse, RefreshTokenExpiration = TokenExpiration.Sliding, SlidingRefreshTokenLifetime = 60 * 60 * 24 * 7, AccessTokenLifetime = 60 * 60 * 24 * 1, AllowedCorsOrigins = { "http://localhost:8100" } }, new Client { ClientId = "script", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = { "jarbasApi" }, AccessTokenLifetime = 60 * 60 * 24 * 1, AllowedCorsOrigins = { "http://localhost:80" } } }); }
/// <summary> /// Define trusted Client client /// </summary> /// <returns></returns> public static IEnumerable <Client> GetClients(IConfigurationSection section) { List <Client> clients = new List <Client>(); if (section != null) { List <ClientConfig> configs = new List <ClientConfig>(); section.Bind("Clients", configs); foreach (var config in configs) { Client client = new Client(); client.ClientId = config.ClientId; List <Secret> clientSecrets = new List <Secret>(); foreach (var secret in config.ClientSecrets) { clientSecrets.Add(new Secret(secret.Sha256())); } client.ClientSecrets = clientSecrets.ToArray(); GrantTypes grantTypes = new GrantTypes(); var allowedGrantTypes = grantTypes.GetType().GetProperty(config.AllowedGrantTypes); client.AllowedGrantTypes = allowedGrantTypes == null ? GrantTypes.ClientCredentials : (ICollection <string>)allowedGrantTypes.GetValue(grantTypes, null); client.AllowedScopes = config.AllowedScopes.ToArray(); clients.Add(client); } } return(clients.ToArray()); }
public void custom_and_forbidden_grant_type_combinations_should_throw(string type1, string type2) { var client = new Client(); Action act = () => client.AllowedGrantTypes = GrantTypes.List("custom1", type2, "custom2", type1); act.ShouldThrow <InvalidOperationException>(); }
public void duplicate_values_should_throw() { var client = new Client(); Action act = () => client.AllowedGrantTypes = GrantTypes.List("custom1", "custom2", "custom1"); act.ShouldThrow <InvalidOperationException>(); }
public void empty_grant_type_list_should_throw_single() { var client = new Client(); Action act = () => client.AllowedGrantTypes = GrantTypes.List(); act.ShouldThrow <InvalidOperationException>(); }
public void grant_type_with_space_should_throw_single() { var client = new Client(); Action act = () => client.AllowedGrantTypes = GrantTypes.List("custo m2"); act.ShouldThrow <InvalidOperationException>(); }
// Clients want to access resources. public static IEnumerable <Client> GetClients(int accessTokenLifetime, int refreshTokenLifetime) { // Clients credentials. return(new List <Client> { // Local authentication client new Client { ClientId = "coraltimeapp", AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, // Resource Owner Password Credential grant. AllowAccessTokensViaBrowser = true, //AlwaysIncludeUserClaimsInIdToken = true, // Include claims in token RequireClientSecret = false, // This client does not need a secret to request tokens from the token endpoint. AccessTokenLifetime = accessTokenLifetime, AbsoluteRefreshTokenLifetime = refreshTokenLifetime, RefreshTokenExpiration = TokenExpiration.Absolute, RefreshTokenUsage = TokenUsage.OneTimeOnly, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, // For UserInfo endpoint. IdentityServerConstants.StandardScopes.Profile, "roles", "WebAPI" }, AllowOfflineAccess = true, // For refresh token. }, // Authentication client for Azure AD new Client { ClientId = "coraltimeazure", RequireClientSecret = false, // This client does not need a secret to request tokens from the token endpoint. //ClientSecrets = //{ // new Secret("secret".Sha256()) //}, AllowedGrantTypes = GrantTypes.List("azureAuth"), AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, // For UserInfo endpoint. IdentityServerConstants.StandardScopes.Profile, "roles", "WebAPI" }, AccessTokenLifetime = accessTokenLifetime, AbsoluteRefreshTokenLifetime = refreshTokenLifetime, RefreshTokenExpiration = TokenExpiration.Absolute, RefreshTokenUsage = TokenUsage.OneTimeOnly, AllowOfflineAccess = true } }); }
public async Task reject_invalid_grant_type() { var server = new TestServerBuilder() .WithSuccessAuthentication() .Build(); var response = await server.CreateClient().PostAsync("/token", GrantTypes.AnInvalidGrantType()); var content = await response.Content.ReadAsStringAsync(); content.Should().Be(ServerMessages.InvalidGrantType); response.StatusCode.Should().Be(StatusCodes.Status400BadRequest); }
public override object Clone() { return(new OpenIdClient { ClientId = ClientId, ClientNames = ClientNames == null ? new List <OAuthTranslation>() : ClientNames.Select(c => (OAuthTranslation)c.Clone()).ToList(), ClientUris = ClientUris == null ? new List <OAuthTranslation>() : ClientUris.Select(c => (OAuthTranslation)c.Clone()).ToList(), LogoUris = LogoUris == null ? new List <OAuthTranslation>() : LogoUris.Select(c => (OAuthTranslation)c.Clone()).ToList(), PolicyUris = PolicyUris == null ? new List <OAuthTranslation>() : PolicyUris.Select(c => (OAuthTranslation)c.Clone()).ToList(), TosUris = TosUris == null ? new List <OAuthTranslation>() : TosUris.Select(c => (OAuthTranslation)c.Clone()).ToList(), CreateDateTime = CreateDateTime, JwksUri = JwksUri, RefreshTokenExpirationTimeInSeconds = RefreshTokenExpirationTimeInSeconds, UpdateDateTime = UpdateDateTime, TokenEndPointAuthMethod = TokenEndPointAuthMethod, TokenExpirationTimeInSeconds = TokenExpirationTimeInSeconds, Secrets = Secrets == null ? new List <ClientSecret>() : Secrets.Select(s => (ClientSecret)s.Clone()).ToList(), AllowedScopes = AllowedScopes == null ? new List <OpenIdScope>() : AllowedScopes.Select(s => (OpenIdScope)s.Clone()).ToList(), JsonWebKeys = JsonWebKeys == null ? new List <JsonWebKey>() : JsonWebKeys.Select(j => (JsonWebKey)j.Clone()).ToList(), GrantTypes = GrantTypes.ToList(), RedirectionUrls = RedirectionUrls.ToList(), PreferredTokenProfile = PreferredTokenProfile, TokenEncryptedResponseAlg = TokenEncryptedResponseAlg, TokenEncryptedResponseEnc = TokenEncryptedResponseEnc, TokenSignedResponseAlg = TokenSignedResponseAlg, ResponseTypes = ResponseTypes.ToList(), Contacts = Contacts.ToList(), SoftwareId = SoftwareId, SoftwareVersion = SoftwareVersion, ApplicationType = ApplicationType, DefaultAcrValues = DefaultAcrValues.ToList(), DefaultMaxAge = DefaultMaxAge, IdTokenEncryptedResponseAlg = IdTokenEncryptedResponseAlg, IdTokenEncryptedResponseEnc = IdTokenEncryptedResponseEnc, IdTokenSignedResponseAlg = IdTokenSignedResponseAlg, PairWiseIdentifierSalt = PairWiseIdentifierSalt, RequestObjectEncryptionAlg = RequestObjectEncryptionAlg, RequestObjectEncryptionEnc = RequestObjectEncryptionEnc, RequestObjectSigningAlg = RequestObjectSigningAlg, RequireAuthTime = RequireAuthTime, SectorIdentifierUri = SectorIdentifierUri, SubjectType = SubjectType, UserInfoEncryptedResponseAlg = UserInfoEncryptedResponseAlg, UserInfoEncryptedResponseEnc = UserInfoEncryptedResponseEnc, UserInfoSignedResponseAlg = UserInfoSignedResponseAlg, RegistrationAccessToken = RegistrationAccessToken, PostLogoutRedirectUris = PostLogoutRedirectUris, InitiateLoginUri = InitiateLoginUri }); }
public AccessTokenV2 Token(GrantTypes type, NameValueCollection nvc) { string result = null; var error = "unknown"; try { // var hvc = HttpUtility.ParseQueryString(string.Empty); // foreach (string key in nvc.Keys) hvc.Add(key, nvc[key]); /// var query = "grant_type=" + type + "&" + hvc.ToString(); var query = String.Join("&", nvc.AllKeys.Select(a => a + "=" + HttpUtility.UrlEncode(nvc[a]))); query = "grant_type=" + type + "&" + query; result = this.HttpPostBasicAuth(this.Settings.EndPointToken, query); } catch (Exception ex) { Console.WriteLine(ex); error = ex.Message; } if (null == result) { return new AccessTokenV2() { error = error } } ; AccessTokenV2 token = new AccessTokenV2(); // Homebrew Json deserialization, made in China, by marstone var pairs = result.Trim(new char[] { ' ', '{', '}' }).Split(','); var dict = pairs.ToDictionary <string, string>(p => p.Substring(0, p.IndexOf(":")).Trim().Trim(new char[] { ':' })); foreach (var key in dict.Keys) { foreach (var prop in typeof(AccessTokenV2).GetProperties()) { if (prop.Name == key.Trim(new [] { '"' })) { object val = dict[key].Substring(dict[key].IndexOf(":") + 1).Trim().Trim(new char[] { ':', '"' }); if (prop.PropertyType == typeof(int)) { val = int.Parse((string)val); } prop.SetValue(token, val, null); } } } return(token); }
public async Task <ClientEditModelCollectionView> Query(ClientQuery query) { if (query.Id != null) { var client = await Get(query.Id.Value); if (client == null) { return(new ClientEditModelCollectionView(query, 0, Enumerable.Empty <ClientEditModel>())); } return(new ClientEditModelCollectionView(query, 1, new ClientEditModel[] { client })); } //Don't want secrets here IQueryable <Client> clients = configDb.Clients .Include(i => i.RedirectUris) .Include(i => i.AllowedScopes); if (!String.IsNullOrEmpty(query.ClientId)) { clients = clients.Where(i => EF.Functions.Like(i.ClientId, $"%{query.ClientId}%")); } if (query.GrantTypes != null) { GrantTypes grantTypes = 0; foreach (var i in query.GrantTypes) { grantTypes |= i; } clients = clients.Where(i => (i.AllowedGrantTypes & grantTypes) != 0); } if (query.HasMissingOrDefaultSecret == true) { var hash = appConfig.DefaultSecret.Sha256(); clients = clients.Where(i => !i.ClientSecrets.Any() || i.ClientSecrets.Where(j => j.Secret == hash).Any()); } int total = await clients.CountAsync(); clients = clients.OrderBy(i => i.ClientId); var results = clients.Skip(query.SkipTo(total)).Take(query.Limit); var items = await results.Select(c => mapper.Map <ClientEditModel>(c)).ToListAsync(); return(new ClientEditModelCollectionView(query, total, items)); }
public async Task return_a_valid_jwt_token_when_grant_type_password() { var server = new TestServerBuilder() .WithSuccessAuthentication() .Build(); var response = await server.CreateClient().PostAsync("/token", GrantTypes.APasswordGrantType()); response.EnsureSuccessStatusCode(); var content = await response.Content.ReadAsStringAsync(); var jwtTokenResponse = JsonConvert.DeserializeObject <JwtTokenResponse>(content); jwtTokenResponse.Should().NotBeNull(); jwtTokenResponse.AccessToken.Should().NotBeNull(); jwtTokenResponse.ExpiresIn.Should().BeGreaterThan(0); }
public async Task allow_invoking_authorized_controller_with_a_token() { var server = new TestServerBuilder() .WithSuccessAuthentication() .Build(); var client = server.CreateClient(); var response = await client.PostAsync("/token", GrantTypes.APasswordGrantType()); response.EnsureSuccessStatusCode(); var content = await response.Content.ReadAsStringAsync(); var jwtTokenResponse = JsonConvert.DeserializeObject <JwtTokenResponse>(content); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", jwtTokenResponse.AccessToken); response = await client.GetAsync("/api/test"); response.EnsureSuccessStatusCode(); }
public override void validate() { if (RedirectUris != null && ResponseTypes != null && RedirectUris.Count != ResponseTypes.Count) { throw new OIDCException("The redirect_uris do not match response_types."); } if (RedirectUris != null && SectorIdentifierUri != null) { List <string> siUris = new List <string>(); dynamic uris = OpenIdRelyingParty.GetUrlContent(WebRequest.Create(SectorIdentifierUri)); foreach (string uri in uris) { siUris.Add(uri); } foreach (string uri in RedirectUris) { if (!siUris.Contains(uri)) { throw new OIDCException("The sector_identifier_uri json must include URIs from the redirect_uri array."); } } } if (ResponseTypes != null && GrantTypes != null) { foreach (string responseType in ResponseTypes) { if ((responseType == "code" && !GrantTypes.Contains("authorization_code")) || (responseType == "id_token" && !GrantTypes.Contains("implicit")) || (responseType == "token" && !GrantTypes.Contains("implicit")) || (responseType == "id_token" && !GrantTypes.Contains("implicit"))) { throw new OIDCException("The response_types do not match grant_types."); } } } }
public object Clone() { return(new OAuthClient { ClientId = ClientId, Translations = Translations == null ? new List <OAuthClientTranslation>() : Translations.Select(t => (OAuthClientTranslation)t.Clone()).ToList(), CreateDateTime = CreateDateTime, JwksUri = JwksUri, RefreshTokenExpirationTimeInSeconds = RefreshTokenExpirationTimeInSeconds, UpdateDateTime = UpdateDateTime, TokenEndPointAuthMethod = TokenEndPointAuthMethod, TokenExpirationTimeInSeconds = TokenExpirationTimeInSeconds, ClientSecret = ClientSecret, ClientSecretExpirationTime = ClientSecretExpirationTime, AllowedScopes = AllowedScopes == null ? new List <OAuthScope>() : AllowedScopes.Select(s => (OAuthScope)s.Clone()).ToList(), JsonWebKeys = JsonWebKeys == null ? new List <JsonWebKey>() : JsonWebKeys.Select(j => (JsonWebKey)j.Clone()).ToList(), GrantTypes = GrantTypes.ToList(), RedirectionUrls = RedirectionUrls.ToList(), PreferredTokenProfile = PreferredTokenProfile, TokenEncryptedResponseAlg = TokenEncryptedResponseAlg, TokenEncryptedResponseEnc = TokenEncryptedResponseEnc, TokenSignedResponseAlg = TokenSignedResponseAlg, ResponseTypes = ResponseTypes.ToList(), Contacts = Contacts.ToList(), SoftwareId = SoftwareId, SoftwareVersion = SoftwareVersion, RegistrationAccessToken = RegistrationAccessToken, PostLogoutRedirectUris = PostLogoutRedirectUris.ToList(), TlsClientAuthSanDNS = TlsClientAuthSanDNS, TlsClientAuthSanEmail = TlsClientAuthSanEmail, TlsClientAuthSanIP = TlsClientAuthSanIP, TlsClientAuthSanURI = TlsClientAuthSanURI, TlsClientAuthSubjectDN = TlsClientAuthSubjectDN, TlsClientCertificateBoundAccessToken = TlsClientCertificateBoundAccessToken }); }
public static IEnumerable <Client> GetClients() { return(new List <Client> { new Client { ClientId = "google", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.List("googleAuth"), AllowedScopes = { "offline_access", "api1" } }, new Client { ClientId = "resourceOwner", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = { "offline_access", "api1" } } }); }
public bool ShouldSerializeGrantTypes() { return(GrantTypes.Any()); }
public static IEnumerable <Client> Get() { return(new List <Client> { /////////////////////////////////////////// // Console Client Credentials Flow Sample ////////////////////////////////////////// new Client { ClientId = "client", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = { "api1", "api2.read_only" }, }, /////////////////////////////////////////// // Console Client Credentials Flow with client JWT assertion ////////////////////////////////////////// new Client { ClientId = "client.jwt", ClientSecrets = { new Secret { Type = IdentityServerConstants.SecretTypes.X509CertificateBase64, Value = "MIIDATCCAe2gAwIBAgIQoHUYAquk9rBJcq8W+F0FAzAJBgUrDgMCHQUAMBIxEDAOBgNVBAMTB0RldlJvb3QwHhcNMTAwMTIwMjMwMDAwWhcNMjAwMTIwMjMwMDAwWjARMQ8wDQYDVQQDEwZDbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSaY4x1eXqjHF1iXQcF3pbFrIbmNw19w/IdOQxbavmuPbhY7jX0IORu/GQiHjmhqWt8F4G7KGLhXLC1j7rXdDmxXRyVJBZBTEaSYukuX7zGeUXscdpgODLQVay/0hUGz54aDZPAhtBHaYbog+yH10sCXgV1Mxtzx3dGelA6pPwiAmXwFxjJ1HGsS/hdbt+vgXhdlzud3ZSfyI/TJAnFeKxsmbJUyqMfoBl1zFKG4MOvgHhBjekp+r8gYNGknMYu9JDFr1ue0wylaw9UwG8ZXAkYmYbn2wN/CpJl3gJgX42/9g87uLvtVAmz5L+rZQTlS1ibv54ScR2lcRpGQiQav/LAgMBAAGjXDBaMBMGA1UdJQQMMAoGCCsGAQUFBwMCMEMGA1UdAQQ8MDqAENIWANpX5DZ3bX3WvoDfy0GhFDASMRAwDgYDVQQDEwdEZXZSb290ghAsWTt7E82DjU1E1p427Qj2MAkGBSsOAwIdBQADggEBADLje0qbqGVPaZHINLn+WSM2czZk0b5NG80btp7arjgDYoWBIe2TSOkkApTRhLPfmZTsaiI3Ro/64q+Dk3z3Kt7w+grHqu5nYhsn7xQFAQUf3y2KcJnRdIEk0jrLM4vgIzYdXsoC6YO+9QnlkNqcN36Y8IpSVSTda6gRKvGXiAhu42e2Qey/WNMFOL+YzMXGt/nDHL/qRKsuXBOarIb++43DV3YnxGTx22llhOnPpuZ9/gnNY7KLjODaiEciKhaKqt/b57mTEz4jTF4kIg6BP03MUfDXeVlM1Qf1jB43G2QQ19n5lUiqTpmQkcfLfyci2uBZ8BkOhXr3Vk9HIk/xBXQ=" } }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = { "api1", "api2.read_only" } }, /////////////////////////////////////////// // Custom Grant Sample ////////////////////////////////////////// new Client { ClientId = "client.custom", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.List("custom"), AllowedScopes = { "api1", "api2.read_only" } }, /////////////////////////////////////////// // Console Resource Owner Flow Sample ////////////////////////////////////////// new Client { ClientId = "roclient", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowOfflineAccess = true, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, "custom.profile", "api1", "api2.read_only" } }, /////////////////////////////////////////// // Console Public Resource Owner Flow Sample ////////////////////////////////////////// new Client { ClientId = "roclient.public", RequireClientSecret = false, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowOfflineAccess = true, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Email, "api1", "api2.read_only" } }, /////////////////////////////////////////// // Console Hybrid with PKCE Sample ////////////////////////////////////////// new Client { ClientId = "console.hybrid.pkce", ClientName = "Console Hybrid with PKCE Sample", RequireClientSecret = false, AllowedGrantTypes = GrantTypes.Hybrid, RequirePkce = true, RedirectUris = { "http://127.0.0.1:7890/" }, AllowOfflineAccess = true, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "api1", "api2.read_only", }, }, /////////////////////////////////////////// // Introspection Client Sample ////////////////////////////////////////// new Client { ClientId = "roclient.reference", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = { "api1", "api2.read_only" }, AccessTokenType = AccessTokenType.Reference }, /////////////////////////////////////////// // MVC Implicit Flow Samples ////////////////////////////////////////// new Client { ClientId = "mvc.implicit", ClientName = "MVC Implicit", ClientUri = "http://identityserver.io", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { "http://localhost:44077/signin-oidc" }, LogoutUri = "http://localhost:44077/signout-oidc", PostLogoutRedirectUris = { "http://localhost:44077/signout-callback-oidc" }, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "api1", "api2.read_only" }, }, /////////////////////////////////////////// // MVC Manual Implicit Flow Sample ////////////////////////////////////////// new Client { ClientId = "mvc.manual", ClientName = "MVC Manual", ClientUri = "http://identityserver.io", AllowedGrantTypes = GrantTypes.Implicit, RedirectUris = { "http://localhost:44077/home/callback" }, LogoutUri = "http://localhost:44077/signout-oidc", PostLogoutRedirectUris = { "http://localhost:44077/" }, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId }, }, /////////////////////////////////////////// // MVC Hybrid Flow Samples ////////////////////////////////////////// new Client { ClientId = "mvc.hybrid", ClientName = "MVC Hybrid", ClientUri = "http://identityserver.io", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Hybrid, AllowAccessTokensViaBrowser = false, RedirectUris = { "http://localhost:21402/signin-oidc" }, LogoutUri = "http://localhost:21402/signout-oidc", PostLogoutRedirectUris = { "http://localhost:21402/signout-callback-oidc" }, AllowOfflineAccess = true, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "api1", "api2.read_only", }, }, /////////////////////////////////////////// // JS OAuth 2.0 Sample ////////////////////////////////////////// new Client { ClientId = "js_oauth", ClientName = "JavaScript OAuth 2.0 Client", ClientUri = "http://identityserver.io", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { "http://localhost:28895/index.html" }, AllowedScopes = { "api1", "api2.read_only" }, }, /////////////////////////////////////////// // JS OIDC Sample ////////////////////////////////////////// new Client { ClientId = "js_oidc", ClientName = "JavaScript OIDC Client", ClientUri = "http://identityserver.io", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RequireClientSecret = false, AccessTokenType = AccessTokenType.Reference, RedirectUris = { "http://localhost:7017/index.html", "http://localhost:7017/callback.html", "http://localhost:7017/silent.html", "http://localhost:7017/popup.html", }, PostLogoutRedirectUris = { "http://localhost:7017/index.html" }, AllowedCorsOrigins = { "http://localhost:7017" }, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "api1", "api2.read_only" }, }, }); }
public static IEnumerable <Client> Get() { return(new List <Client> { /////////////////////////////////////////// // Console Client Credentials Flow Sample ////////////////////////////////////////// new Client { ClientId = "client", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = new List <string> { "api1", "api2" } }, /////////////////////////////////////////// // Console Resource Owner Flow Sample ////////////////////////////////////////// new Client { ClientId = "roclient", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = new List <string> { StandardScopes.OpenId.Name, StandardScopes.Email.Name, StandardScopes.OfflineAccess.Name, StandardScopes.Address.Name, "api1", "api2" } }, ///////////////////////////////////////// // Console Custom Grant Flow Sample //////////////////////////////////////// new Client { ClientId = "client.custom", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.List("custom"), AllowedScopes = new List <string> { "api1", "api2" } }, /////////////////////////////////////////// // Introspection Client Sample ////////////////////////////////////////// new Client { ClientId = "roclient.reference", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = new List <string> { "api1", "api2" }, AccessTokenType = AccessTokenType.Reference }, }); }
private static string GetGrantTypeName(string grantType) => GrantTypes.GetGrantTypeName(grantType);
public static IEnumerable <Client> Get() { return(new List <Client> { /////////////////////////////////////////// // Console Client Credentials Flow Sample ////////////////////////////////////////// new Client { ClientId = "client", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = { "api1", "api2" } }, new Client { ClientId = "client.identityscopes", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = { "openid", "profile", "api1", "api2" } }, new Client { ClientId = "client.no_default_scopes", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowAccessToAllScopes = true }, /////////////////////////////////////////// // Console Resource Owner Flow Sample ////////////////////////////////////////// new Client { ClientId = "roclient", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowOfflineAccess = true, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Email, IdentityServerConstants.StandardScopes.Address, "roles", "api1", "api2", "api4.with.roles" } }, ///////////////////////////////////////// // Console Custom Grant Flow Sample //////////////////////////////////////// new Client { ClientId = "client.custom", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.List("custom"), AllowedScopes = { "api1", "api2" } }, /////////////////////////////////////////// // Introspection Client Sample ////////////////////////////////////////// new Client { ClientId = "roclient.reference", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowOfflineAccess = true, AllowedScopes = { "api1", "api2" }, AccessTokenType = AccessTokenType.Reference }, new Client { ClientName = "Client with Base64 encoded X509 Certificate", ClientId = "certificate_base64_valid", Enabled = true, ClientSecrets = { new Secret { Type = IdentityServerConstants.SecretTypes.X509CertificateBase64, Value = Convert.ToBase64String(TestCert.Load().Export(X509ContentType.Cert)) } }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = new List <string> { "api1", "api2" }, }, }); }
public static IEnumerable <Client> Get() { return(new List <Client> { /////////////////////////////////////////// // Console Client Credentials Flow Sample ////////////////////////////////////////// new Client { ClientId = "client", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = new List <string> { "api1", "api2" } }, /////////////////////////////////////////// // Custom Grant Sample ////////////////////////////////////////// new Client { ClientId = "client.custom", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.List("custom"), AllowedScopes = new List <string> { "api1", "api2" } }, /////////////////////////////////////////// // Console Resource Owner Flow Sample ////////////////////////////////////////// new Client { ClientId = "roclient", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = new List <string> { StandardScopes.OpenId.Name, StandardScopes.Email.Name, StandardScopes.OfflineAccess.Name, "api1", "api2" } }, /////////////////////////////////////////// // Introspection Client Sample ////////////////////////////////////////// new Client { ClientId = "roclient.reference", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = new List <string> { "api1", "api2" }, AccessTokenType = AccessTokenType.Reference }, /////////////////////////////////////////// // MVC Implicit Flow Samples ////////////////////////////////////////// new Client { ClientId = "mvc.implicit", ClientName = "MVC Implicit", ClientUri = "http://identityserver.io", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = new List <string> { "http://localhost:44077/signin-oidc" }, PostLogoutRedirectUris = new List <string> { "http://localhost:44077/" }, LogoutUri = "http://localhost:44077/signout-oidc", AllowedScopes = new List <string> { StandardScopes.OpenId.Name, StandardScopes.Profile.Name, StandardScopes.Email.Name, StandardScopes.Roles.Name, "api1", "api2" }, }, /////////////////////////////////////////// // MVC Hybrid Flow Samples ////////////////////////////////////////// new Client { ClientId = "mvc.hybrid", ClientName = "MVC Hybrid", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, ClientUri = "http://identityserver.io", AllowedGrantTypes = GrantTypes.Hybrid, AllowAccessTokensViaBrowser = false, RedirectUris = new List <string> { "http://localhost:21402/signin-oidc" }, PostLogoutRedirectUris = new List <string> { "http://localhost:21402/" }, LogoutUri = "http://localhost:21402/signout-oidc", AllowedScopes = new List <string> { StandardScopes.OpenId.Name, StandardScopes.Profile.Name, StandardScopes.Email.Name, StandardScopes.Roles.Name, StandardScopes.OfflineAccess.Name, "api1", "api2", }, }, /////////////////////////////////////////// // JS OAuth 2.0 Sample ////////////////////////////////////////// new Client { ClientId = "js_oauth", ClientName = "JavaScript OAuth 2.0 Client", ClientUri = "http://identityserver.io", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = new List <string> { "http://localhost:28895/index.html" }, AllowedScopes = new List <string> { "api1", "api2" }, }, /////////////////////////////////////////// // JS OIDC Sample ////////////////////////////////////////// new Client { ClientId = "js_oidc", ClientName = "JavaScript OIDC Client", ClientUri = "http://identityserver.io", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = new List <string> { "http://localhost:7017/index.html", "http://localhost:7017/silent_renew.html", }, PostLogoutRedirectUris = new List <string> { "http://localhost:7017/index.html", }, AllowedCorsOrigins = new List <string> { "http://localhost:7017" }, AllowedScopes = new List <string> { StandardScopes.OpenId.Name, StandardScopes.Profile.Name, StandardScopes.Email.Name, StandardScopes.Roles.Name, "api1", "api2" }, }, }); }
/// <summary> /// <see cref="OIDClientSerializableMessage.Validate()"/> /// </summary> public override void Validate() { if (RedirectUris != null && ResponseTypes != null && RedirectUris.Count != ResponseTypes.Count) { throw new OIDCException("The redirect_uris do not match response_types."); } if (RedirectUris != null && SectorIdentifierUri != null) { List <string> siUris = new List <string>(); dynamic uris = WebOperations.GetUrlContent(WebRequest.Create(SectorIdentifierUri)); foreach (string uri in uris) { siUris.Add(uri); } foreach (string uri in RedirectUris) { if (!siUris.Contains(uri)) { throw new OIDCException("The sector_identifier_uri json must include URIs from the redirect_uri array."); } } } if (ResponseTypes != null && GrantTypes != null) { foreach (ResponseType responseType in ResponseTypes) { if ((responseType == ResponseType.Code && !GrantTypes.Contains("authorization_code")) || (responseType == ResponseType.IdToken && !GrantTypes.Contains("implicit")) || (responseType == ResponseType.Token && !GrantTypes.Contains("implicit"))) { throw new OIDCException("The response_types do not match grant_types."); } } } List <string> listUri = new List <string>() { LogoUri, ClientUri, PolicyUri, TosUri, JwksUri, SectorIdentifierUri, InitiateLoginUri, RegistrationClientUri }; if (RedirectUris != null) { listUri.AddRange(RedirectUris); } if (RequestUris != null) { listUri.AddRange(RequestUris); } foreach (string uri in listUri) { if (uri == null) { continue; } if (new Uri(uri).Scheme != "https") { throw new OIDCException("Some of the URIs for the client is not on https"); } } }
public static IEnumerable <Client> Get() { return(new List <Client> { new Client { ClientName = "Code Client", Enabled = true, ClientId = "codeclient", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Code, AllowedScopes = { "openid", "profile", "resource", "resource2" }, RequireConsent = false, RedirectUris = new List <string> { "https://server/cb", }, AuthorizationCodeLifetime = 60 }, new Client { ClientName = "Code Client with PKCE", Enabled = true, ClientId = "codeclient.pkce", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Code, RequirePkce = true, AllowedScopes = { "openid", "profile", "resource", "resource2" }, RequireConsent = false, RedirectUris = new List <string> { "https://server/cb", }, AuthorizationCodeLifetime = 60 }, new Client { ClientName = "Code Client with PKCE and plain allowed", Enabled = true, ClientId = "codeclient.pkce.plain", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Code, RequirePkce = true, AllowPlainTextPkce = true, AllowedScopes = { "openid", "profile", "resource", "resource2" }, RequireConsent = false, RedirectUris = new List <string> { "https://server/cb", }, AuthorizationCodeLifetime = 60 }, new Client { ClientName = "Hybrid Client", Enabled = true, ClientId = "hybridclient", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Hybrid, AllowedScopes = { "openid", "profile", "resource", "resource2" }, AllowAccessTokensViaBrowser = true, RequireConsent = false, RedirectUris = new List <string> { "https://server/cb", }, AuthorizationCodeLifetime = 60 }, new Client { ClientName = "Hybrid Client with PKCE", Enabled = true, ClientId = "hybridclient.pkce", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Hybrid, RequirePkce = true, AllowedScopes = { "openid", "profile", "resource", "resource2" }, AllowAccessTokensViaBrowser = true, RequireConsent = false, RedirectUris = new List <string> { "https://server/cb", }, AuthorizationCodeLifetime = 60 }, new Client { ClientName = "Hybrid Client", Enabled = true, ClientId = "hybridclient_no_aavb", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Hybrid, AllowedScopes = { "openid", "profile", "resource", "resource2" }, AllowAccessTokensViaBrowser = false, RequireConsent = false, RedirectUris = new List <string> { "https://server/cb", }, AuthorizationCodeLifetime = 60 }, new Client { ClientName = "Implicit Client", ClientId = "implicitclient", AllowedGrantTypes = GrantTypes.Implicit, AllowedScopes = { "openid", "profile", "resource", "resource2" }, AllowAccessTokensViaBrowser = true, RequireConsent = false, RedirectUris = new List <string> { "oob://implicit/cb" }, }, new Client { ClientName = "Implicit Client", ClientId = "implicitclient_no_aavb", AllowedGrantTypes = GrantTypes.Implicit, AllowedScopes = { "openid", "profile", "resource", "resource2" }, AllowAccessTokensViaBrowser = false, RequireConsent = false, RedirectUris = new List <string> { "oob://implicit/cb" }, }, new Client { ClientName = "Implicit and Client Credentials Client", Enabled = true, ClientId = "implicit_and_client_creds_client", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials, AllowedScopes = { "openid", "profile", "resource", "resource2" }, RequireConsent = false, RedirectUris = new List <string> { "oob://implicit/cb" }, }, new Client { ClientName = "Code Client with Scope Restrictions", Enabled = true, ClientId = "codeclient_restricted", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Code, RequireConsent = false, AllowedScopes = new List <string> { "openid" }, RedirectUris = new List <string> { "https://server/cb", }, }, new Client { ClientName = "Client Credentials Client", Enabled = true, ClientId = "client", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = { "openid", "profile", "resource", "resource2" }, AccessTokenType = AccessTokenType.Jwt }, new Client { ClientName = "Client Credentials Client (restricted)", Enabled = true, ClientId = "client_restricted", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = new List <string> { "resource" }, }, new Client { ClientName = "Resource Owner Client", Enabled = true, ClientId = "roclient", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = { "openid", "profile", "resource", "resource2" }, AllowOfflineAccess = true }, new Client { ClientName = "Resource Owner Client - Public", Enabled = true, ClientId = "roclient.public", RequireClientSecret = false, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = { "openid", "profile", "resource", "resource2" }, }, new Client { ClientName = "Resource Owner Client", Enabled = true, ClientId = "roclient_absolute_refresh_expiration_one_time_only", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = { "openid", "profile", "resource", "resource2" }, RefreshTokenExpiration = TokenExpiration.Absolute, RefreshTokenUsage = TokenUsage.OneTimeOnly, AbsoluteRefreshTokenLifetime = 200 }, new Client { ClientName = "Resource Owner Client", Enabled = true, ClientId = "roclient_absolute_refresh_expiration_reuse", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = { "openid", "profile", "resource", "resource2" }, RefreshTokenExpiration = TokenExpiration.Absolute, RefreshTokenUsage = TokenUsage.ReUse, AbsoluteRefreshTokenLifetime = 200 }, new Client { ClientName = "Resource Owner Client", Enabled = true, ClientId = "roclient_sliding_refresh_expiration_one_time_only", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = { "openid", "profile", "resource", "resource2" }, RefreshTokenExpiration = TokenExpiration.Sliding, RefreshTokenUsage = TokenUsage.OneTimeOnly, AbsoluteRefreshTokenLifetime = 10, SlidingRefreshTokenLifetime = 4 }, new Client { ClientName = "Resource Owner Client", Enabled = true, ClientId = "roclient_sliding_refresh_expiration_reuse", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = { "openid", "profile", "resource", "resource2" }, RefreshTokenExpiration = TokenExpiration.Sliding, RefreshTokenUsage = TokenUsage.ReUse, AbsoluteRefreshTokenLifetime = 200, SlidingRefreshTokenLifetime = 100 }, new Client { ClientName = "Resource Owner Client (restricted)", Enabled = true, ClientId = "roclient_restricted", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = new List <string> { "resource" }, }, new Client { ClientName = "Resource Owner Client (restricted with refresh)", Enabled = true, ClientId = "roclient_restricted_refresh", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowOfflineAccess = true, AllowedScopes = new List <string> { "resource", }, }, new Client { ClientName = "Custom Grant Client", Enabled = true, ClientId = "customgrantclient", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.List("custom_grant"), AllowedScopes = { "openid", "profile", "resource", "resource2" }, }, new Client { ClientName = "Disabled Client", Enabled = false, ClientId = "disabled", ClientSecrets = new List <Secret> { new Secret("invalid".Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = { "openid", "profile", "resource", "resource2" }, }, new Client { ClientName = "Reference Token Client", Enabled = true, ClientId = "referencetokenclient", ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Implicit, AllowedScopes = { "openid", "profile", "resource", "resource2" }, AccessTokenType = AccessTokenType.Reference }, new Client { ClientId = "wsfed", ClientName = "WS-Fed Client", ProtocolType = IdentityServerConstants.ProtocolTypes.WsFederation, AllowedGrantTypes = GrantTypes.Implicit, Enabled = true, AllowedScopes = { "openid", "profile", "resource", "resource2" }, RedirectUris = { "http://wsfed/callback" } }, new Client { ClientId = "client.cred.wsfed", ClientName = "WS-Fed Client", ProtocolType = IdentityServerConstants.ProtocolTypes.WsFederation, AllowedGrantTypes = GrantTypes.ClientCredentials, ClientSecrets = { new Secret("secret".Sha256()) }, Enabled = true, AllowedScopes = { "openid", "profile", "resource", "resource2" }, }, new Client { ClientId = "client.implicit", ClientName = "Implicit Client", AllowedGrantTypes = GrantTypes.Implicit, AllowedScopes = { "openid", "profile", "resource", "resource2" }, }, new Client { ClientId = "implicit_and_client_creds", AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials, AllowedScopes = { "api1" } }, }); }
private static string GetGrantTypeName(string key) => GrantTypes.GetGrantTypeName(key);
public void custom_should_be_allowed() { var client = new Client(); client.AllowedGrantTypes = GrantTypes.List("custom"); }