public async Task <IActionResult> Create(CreateOpenIdApplicationViewModel model, string returnUrl = null) { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications)) { return(Unauthorized()); } if (!string.IsNullOrEmpty(model.ClientSecret) && string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { ModelState.AddModelError(nameof(model.ClientSecret), T["No client secret can be set for public applications."]); } else if (string.IsNullOrEmpty(model.ClientSecret) && string.Equals(model.Type, OpenIddictConstants.ClientTypes.Confidential, StringComparison.OrdinalIgnoreCase)) { ModelState.AddModelError(nameof(model.ClientSecret), T["The client secret is required for confidential applications."]); } if (!string.IsNullOrEmpty(model.ClientId) && await _applicationManager.FindByClientIdAsync(model.ClientId) != null) { ModelState.AddModelError(nameof(model.ClientId), T["The client identifier is already taken by another application."]); } if (!ModelState.IsValid) { ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync(); ViewData["ReturnUrl"] = returnUrl; return(View(model)); } var descriptor = new OpenIdApplicationDescriptor { ClientId = model.ClientId, ClientSecret = model.ClientSecret, ConsentType = model.ConsentType, DisplayName = model.DisplayName, Type = model.Type }; if (model.AllowLogoutEndpoint) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout); } if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } if (model.AllowClientCredentialsFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } if (model.AllowPasswordFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } if (model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } descriptor.PostLogoutRedirectUris.UnionWith( from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute)); descriptor.RedirectUris.UnionWith( from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute)); descriptor.Roles.UnionWith(model.RoleEntries .Where(role => role.Selected) .Select(role => role.Name)); await _applicationManager.CreateAsync(descriptor); if (string.IsNullOrEmpty(returnUrl)) { return(RedirectToAction("Index")); } return(LocalRedirect(returnUrl)); }
public async Task ExecuteAsync(RecipeExecutionContext context) { if (!string.Equals(context.Name, "OpenIdApplication", StringComparison.OrdinalIgnoreCase)) { return; } var model = context.Step.ToObject <CreateOpenIdApplicationViewModel>(); var descriptor = new OpenIdApplicationDescriptor { ClientId = model.ClientId, ClientSecret = model.ClientSecret, ConsentType = model.ConsentType, DisplayName = model.DisplayName, Type = model.Type }; if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } if (model.AllowClientCredentialsFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } if (model.AllowPasswordFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } if (model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } if (model.AllowLogoutEndpoint) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout); } if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } descriptor.PostLogoutRedirectUris.UnionWith( from uri in model.PostLogoutRedirectUris?.Split(' ', StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute)); descriptor.RedirectUris.UnionWith( from uri in model.RedirectUris?.Split(' ', StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute)); descriptor.Roles.UnionWith(model.RoleEntries .Where(role => role.Selected) .Select(role => role.Name)); await _applicationManager.CreateAsync(descriptor); }
public static async Task UpdateDescriptorFromSettings(this IOpenIdApplicationManager _applicationManager, OpenIdApplicationSettings model, object application = null) { var descriptor = new OpenIdApplicationDescriptor(); if (application != null) { await _applicationManager.PopulateAsync(descriptor, application); } descriptor.ClientId = model.ClientId; descriptor.ConsentType = model.ConsentType; descriptor.DisplayName = model.DisplayName; descriptor.Type = model.Type; if (!string.IsNullOrEmpty(model.ClientSecret)) { descriptor.ClientSecret = model.ClientSecret; } if (string.Equals(descriptor.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { descriptor.ClientSecret = null; } if (model.AllowLogoutEndpoint) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout); } if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } if (model.AllowClientCredentialsFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } if (model.AllowHybridFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Implicit); } if (model.AllowPasswordFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Password); } if (model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Authorization); } if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow || model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Token); } if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Code); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken); if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken); descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token); } } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token); } if (model.AllowHybridFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken); if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken); descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken); } } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken); descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken); } descriptor.Roles.Clear(); foreach (var role in model.Roles) { descriptor.Roles.Add(role); } descriptor.Permissions.RemoveWhere(permission => permission.StartsWith(OpenIddictConstants.Permissions.Prefixes.Scope)); foreach (var scope in model.Scopes) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Prefixes.Scope + scope); } descriptor.PostLogoutRedirectUris.Clear(); foreach (Uri uri in (from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute))) { descriptor.PostLogoutRedirectUris.Add(uri); } descriptor.RedirectUris.Clear(); foreach (Uri uri in (from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute))) { descriptor.RedirectUris.Add(uri); } if (application == null) { await _applicationManager.CreateAsync(descriptor); } else { await _applicationManager.UpdateAsync(application, descriptor); } }
public async Task ExecuteAsync(RecipeExecutionContext context) { if (!string.Equals(context.Name, "OpenIdApplication", StringComparison.OrdinalIgnoreCase)) { return; } var model = context.Step.ToObject <OpenIdApplicationStepModel>(); var app = await _applicationManager.FindByClientIdAsync(model.ClientId); var descriptor = new OpenIdApplicationDescriptor(); var isNew = true; if (app != null) { isNew = false; await _applicationManager.PopulateAsync(app, descriptor); } descriptor.ClientId = model.ClientId; descriptor.ClientSecret = model.ClientSecret; descriptor.ConsentType = model.ConsentType; descriptor.DisplayName = model.DisplayName; descriptor.Type = model.Type; if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } if (model.AllowClientCredentialsFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } if (model.AllowPasswordFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } if (model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } if (model.AllowLogoutEndpoint) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout); } if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken); if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken); descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token); } } if (model.AllowHybridFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken); if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken); descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken); } } if (!string.IsNullOrWhiteSpace(model.PostLogoutRedirectUris)) { descriptor.PostLogoutRedirectUris.UnionWith( model.PostLogoutRedirectUris .Split(' ', StringSplitOptions.RemoveEmptyEntries) .Select(u => new Uri(u, UriKind.Absolute))); } if (!string.IsNullOrWhiteSpace(model.RedirectUris)) { descriptor.RedirectUris.UnionWith( model.RedirectUris .Split(' ', StringSplitOptions.RemoveEmptyEntries) .Select(u => new Uri(u, UriKind.Absolute))); } if (model.RoleEntries != null) { descriptor.Roles.UnionWith( model.RoleEntries .Select(role => role.Name)); } if (model.ScopeEntries != null) { descriptor.Permissions.UnionWith( model.ScopeEntries .Select(scope => OpenIddictConstants.Permissions.Prefixes.Scope + scope.Name)); } if (isNew) { await _applicationManager.CreateAsync(descriptor); } else { await _applicationManager.UpdateAsync(app, descriptor); } }