private static async Task <Policy> GetPolicy(PolicyClientOptions options)
{
// discover endpoints from metadata
var disco = await DiscoveryClient.GetAsync(options.IdentityServerEndpoint);
if (disco.IsError)
{
throw new InvalidCredentialException("Invalid - " + disco.Error);
}
var tokenClient = new TokenClient(disco.TokenEndpoint, options.ClientId, options.ClientSecret);
var tokenResponse = await tokenClient.RequestClientCredentialsAsync(options.PolicyServerApiName);
if (tokenResponse.IsError)
{
throw new InvalidCredentialException("Invalid token - " + tokenResponse.Error);
}
// call policy server
var client = new HttpClient();
client.SetBearerToken(tokenResponse.AccessToken);
var response = await client.GetAsync($"{options.PolicyServerEndpoint}/policies/{options.PolicyName}?secret={options.PolicySecret}");
if (!response.IsSuccessStatusCode)
{
throw new HttpRequestException("Unsuccessful request - " + response.StatusCode);
}
var content = await response.Content.ReadAsStringAsync();
return(JsonConvert.DeserializeObject <Policy>(content));
}
public CachingPolicyClientService(
PolicyClientOptions options,
T inner,
ICache <PolicyResult> cache,
ILogger <CachingPolicyClientService <T> > logger
)
{
_options = options;
_inner = inner;
_cache = cache;
_logger = logger;
}
/// <summary>
/// Adds the policy server client.
/// </summary>
/// <param name="services">The services.</param>
/// <param name="policyClientOptions">Option settings</param>
/// <returns></returns>
public static PolicyServerBuilder AddPolicyServerClient(this IServiceCollection services,
Action <PolicyClientOptions> policyClientOptions)
{
var options = new PolicyClientOptions();
policyClientOptions.Invoke(options);
if (string.IsNullOrWhiteSpace(options.IdentityServerEndpoint))
{
throw new InvalidOperationException("IdentityServerEndpoint is not configured");
}
if (string.IsNullOrWhiteSpace(options.ClientId))
{
throw new InvalidOperationException("ClientId is not configured");
}
if (string.IsNullOrWhiteSpace(options.PolicyServerEndpoint))
{
throw new InvalidOperationException("PolicyServerEndpoint is not configured");
}
if (string.IsNullOrWhiteSpace(options.PolicyName))
{
throw new InvalidOperationException("PolicyName is not configured");
}
if (string.IsNullOrWhiteSpace(options.PolicySecret))
{
throw new InvalidOperationException("PolicySecret is not configured");
}
if (string.IsNullOrWhiteSpace(options.PolicyServerApiName))
{
throw new InvalidOperationException("PolicyServerApiName is not configured");
}
services.Configure(policyClientOptions);
var policy = GetPolicy(options).Result;
services.AddSingleton(policy);
var policyAction = new Action <Policy>(x =>
{
x.Roles = policy.Roles;
x.Permissions = policy.Permissions;
});
services.Configure(policyAction);
services.AddTransient <IPolicyServerRuntimeClient, PolicyServerRuntimeClient>();
services.AddScoped(provider => provider.GetRequiredService <IOptionsSnapshot <Policy> >().Value);
services.AddScoped(provider => provider.GetRequiredService <IOptionsSnapshot <PolicyClientOptions> >().Value);
return(new PolicyServerBuilder(services));
}
public DefaultPolicyClientService(
PolicyClientOptions options
)
{
_options = options;
}
