public static OpenIddictBuilder UseNWebsec([NotNull] this OpenIddictBuilder builder) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } return(builder.UseNWebsec(options => { options.DefaultSources(directive => directive.Self()) .ImageSources(directive => directive.Self().CustomSources("*")) .ScriptSources(directive => directive.Self().UnsafeInline()) .StyleSources(directive => directive.Self().UnsafeInline()); })); }
/// <summary> /// Sets the issuer address, which is used as the base address /// for the endpoint URIs returned from the discovery endpoint. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="address">The issuer address.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder SetIssuer( [NotNull] this OpenIddictBuilder builder, [NotNull] Uri address) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (address == null) { throw new ArgumentNullException(nameof(address)); } return(builder.Configure(options => options.Issuer = address)); }
/// <summary> /// Enables the userinfo endpoint. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="path">The relative path of the userinfo endpoint.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder EnableUserinfoEndpoint( [NotNull] this OpenIddictBuilder builder, PathString path) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (!path.HasValue) { throw new ArgumentException("The path cannot be empty.", nameof(path)); } return(builder.Configure(options => options.UserinfoEndpointPath = path)); }
/// <summary> /// Enables custom grant type support. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="type">The grant type associated with the flow.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder AllowCustomFlow( [NotNull] this OpenIddictBuilder builder, [NotNull] string type) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (string.IsNullOrEmpty(type)) { throw new ArgumentException("The grant type cannot be null or empty.", nameof(type)); } return(builder.Configure(options => options.GrantTypes.Add(type))); }
/// <summary> /// Registers a <see cref="SecurityKey"/> used to sign the JWT tokens issued by OpenIddict. /// Note: using <see cref="RsaSecurityKey"/> asymmetric keys is recommended on production. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="key">The security key.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder AddSigningKey( [NotNull] this OpenIddictBuilder builder, [NotNull] SecurityKey key) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (key == null) { throw new ArgumentNullException(nameof(key)); } return(builder.Configure(options => options.SigningCredentials.AddKey(key))); }
/// <summary> /// Registers a <see cref="X509Certificate2"/> retrieved from the X.509 /// machine store and used to sign the JWT tokens issued by OpenIddict. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="thumbprint">The thumbprint of the certificate used to identify it in the X.509 store.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder AddSigningCertificate( [NotNull] this OpenIddictBuilder builder, [NotNull] string thumbprint) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (string.IsNullOrEmpty(thumbprint)) { throw new ArgumentNullException(nameof(thumbprint)); } return(builder.Configure(options => options.SigningCredentials.AddCertificate(thumbprint))); }
/// <summary> /// Registers a new ephemeral key used to sign the JWT tokens issued by OpenIddict: the key /// is discarded when the application shuts down and tokens signed using this key are /// automatically invalidated. This method should only be used during development. /// On production, using a X.509 certificate stored in the machine store is recommended. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="algorithm">The algorithm associated with the signing key.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder AddEphemeralSigningKey( [NotNull] this OpenIddictBuilder builder, [NotNull] string algorithm) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (string.IsNullOrEmpty(algorithm)) { throw new ArgumentException("The algorithm cannot be null or empty.", nameof(algorithm)); } return(builder.Configure(options => options.SigningCredentials.AddEphemeralKey(algorithm))); }
/// <summary> /// Registers (and generates if necessary) a user-specific development /// certificate used to sign the JWT tokens issued by OpenIddict. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="subject">The subject name associated with the certificate.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder AddDevelopmentSigningCertificate( [NotNull] this OpenIddictBuilder builder, [NotNull] X500DistinguishedName subject) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (subject == null) { throw new ArgumentNullException(nameof(subject)); } return(builder.Configure(options => options.SigningCredentials.AddDevelopmentCertificate(subject))); }
/// <summary> /// Configures OpenIddict to use a specific data protection provider /// instead of relying on the default instance provided by the DI container. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="provider">The data protection provider used to create token protectors.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder UseDataProtectionProvider( [NotNull] this OpenIddictBuilder builder, [NotNull] IDataProtectionProvider provider) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (provider == null) { throw new ArgumentNullException(nameof(provider)); } return(builder.Configure(options => options.DataProtectionProvider = provider)); }
/// <summary> /// Sets JWT as the default token format for access tokens. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder UseJsonWebTokens([NotNull] this OpenIddictBuilder builder) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } return(builder.Configure(options => { options.AccessTokenHandler = new JwtSecurityTokenHandler { InboundClaimTypeMap = new Dictionary <string, string>(), OutboundClaimTypeMap = new Dictionary <string, string>() }; })); }
/// <summary> /// Amends the default OpenIddict configuration. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="configuration">The delegate used to configure the OpenIddict options.</param> /// <remarks>This extension can be safely called multiple times.</remarks> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder Configure( [NotNull] this OpenIddictBuilder builder, [NotNull] Action <OpenIddictOptions> configuration) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (configuration == null) { throw new ArgumentNullException(nameof(configuration)); } builder.Services.Configure(configuration); return(builder); }
public static OpenIddictBuilder UseCors( [NotNull] this OpenIddictBuilder builder, [NotNull] Action <CorsPolicyBuilder> configuration) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (configuration == null) { throw new ArgumentNullException(nameof(configuration)); } builder.AddModule("CORS", -10, map => map.UseCors(configuration)); return(builder); }
public static IApplicationBuilder UseOpenIddictCore( [NotNull] this IApplicationBuilder app, [NotNull] Action <OpenIddictBuilder> configuration) { if (app == null) { throw new ArgumentNullException(nameof(app)); } if (configuration == null) { throw new ArgumentNullException(nameof(configuration)); } var builder = new OpenIddictBuilder(); // Resolve the OpenIddict provider from the services container. builder.Options.Provider = app.ApplicationServices.GetRequiredService <IOpenIdConnectServerProvider>(); // By default, enable AllowInsecureHttp in development/testing environments. var environment = app.ApplicationServices.GetRequiredService <IHostingEnvironment>(); builder.Options.AllowInsecureHttp = environment.IsDevelopment() || environment.IsEnvironment("Testing"); // Run the configuration delegate // provided by the application. configuration.Invoke(builder); // Add OpenIdConnectServerMiddleware to the ASP.NET Core pipeline. builder.AddModule("ASOS", 0, map => map.UseOpenIdConnectServer(builder.Options)); // Register the OpenIddict modules in the ASP.NET Core pipeline. foreach (var module in builder.Modules.OrderBy(module => module.Position)) { if (module.Registration == null) { throw new InvalidOperationException("The registration delegate cannot be null."); } module.Registration(app); } return(app); }
/// <summary> /// Registers the OpenIddict core services in the DI container. /// When using this method, custom stores must be manually registered. /// </summary> /// <typeparam name="TUser">The type of the User entity.</typeparam> /// <typeparam name="TRole">The type of the Role entity.</typeparam> /// <typeparam name="TApplication">The type of the Application entity.</typeparam> /// <typeparam name="TAuthorization">The type of the Authorization entity.</typeparam> /// <typeparam name="TScope">The type of the Scope entity.</typeparam> /// <typeparam name="TToken">The type of the Token entity.</typeparam> /// <param name="services">The services collection.</param> /// <remarks> /// Note: the core services include native support for the non-interactive flows /// (resource owner password credentials, client credentials, refresh token). /// To support interactive flows like authorization code or implicit/hybrid, /// consider adding the MVC module or creating your own authorization controller. /// </remarks> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder AddOpenIddict <TUser, TRole, TApplication, TAuthorization, TScope, TToken>( [NotNull] this IServiceCollection services) where TUser : class where TRole : class where TApplication : class where TAuthorization : class where TScope : class where TToken : class { if (services == null) { throw new ArgumentNullException(nameof(services)); } var builder = new OpenIddictBuilder(services) { ApplicationType = typeof(TApplication), AuthorizationType = typeof(TAuthorization), RoleType = typeof(TRole), ScopeType = typeof(TScope), TokenType = typeof(TToken), UserType = typeof(TUser) }; // Register the services required by the OpenID Connect server middleware. builder.Services.AddAuthentication(); builder.Services.AddDistributedMemoryCache(); builder.Configure(options => { // Register the OpenID Connect server provider in the OpenIddict options. options.Provider = new OpenIddictProvider <TUser, TApplication, TAuthorization, TScope, TToken>(); }); // Register the OpenIddict core services in the DI container. builder.Services.TryAddScoped <OpenIddictApplicationManager <TApplication> >(); builder.Services.TryAddScoped <OpenIddictAuthorizationManager <TAuthorization> >(); builder.Services.TryAddScoped <OpenIddictScopeManager <TScope> >(); builder.Services.TryAddScoped <OpenIddictTokenManager <TToken> >(); builder.Services.TryAddScoped <OpenIddictUserManager <TUser> >(); builder.Services.TryAddScoped <OpenIddictServices <TUser, TApplication, TAuthorization, TScope, TToken> >(); return(builder); }
/// <summary> /// Registers a <see cref="X509Certificate2"/> that is used to sign the JWT tokens issued by OpenIddict. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="certificate">The certificate used to sign the security tokens issued by the server.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder AddSigningCertificate( [NotNull] this OpenIddictBuilder builder, [NotNull] X509Certificate2 certificate) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); } if (!certificate.HasPrivateKey) { throw new InvalidOperationException("The certificate doesn't contain the required private key."); } return(builder.Configure(options => options.SigningCredentials.AddCertificate(certificate))); }
/// <summary> /// Registers a <see cref="X509Certificate2"/> extracted from a /// stream and used to sign the JWT tokens issued by OpenIddict. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <param name="stream">The stream containing the certificate.</param> /// <param name="password">The password used to open the certificate.</param> /// <param name="flags"> /// An enumeration of flags indicating how and where /// to store the private key of the certificate. /// </param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder AddSigningCertificate( [NotNull] this OpenIddictBuilder builder, [NotNull] Stream stream, [NotNull] string password, X509KeyStorageFlags flags) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (stream == null) { throw new ArgumentNullException(nameof(stream)); } if (string.IsNullOrEmpty(password)) { throw new ArgumentNullException(nameof(password)); } return(builder.Configure(options => options.SigningCredentials.AddCertificate(stream, password, flags))); }
public static OpenIddictBuilder UseMvc([NotNull] this OpenIddictBuilder builder) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } // Run MVC in an isolated environment. return(builder.AddModule("MVC", 10, app => app.Isolate(map => map.UseMvc(routes => { // Register the actions corresponding to the authorization endpoint. if (builder.Options.AuthorizationEndpointPath.HasValue) { routes.MapRoute("{D97891B4}", builder.Options.AuthorizationEndpointPath.Value.Substring(1), new { controller = "OpenIddict", action = nameof(OpenIddictController <object, object> .Authorize) }); routes.MapRoute("{7148DB83}", builder.Options.AuthorizationEndpointPath.Value.Substring(1) + "/accept", new { controller = "OpenIddict", action = nameof(OpenIddictController <object, object> .Accept) }); routes.MapRoute("{23438BCC}", builder.Options.AuthorizationEndpointPath.Value.Substring(1) + "/deny", new { controller = "OpenIddict", action = nameof(OpenIddictController <object, object> .Deny) }); } // Register the action corresponding to the logout endpoint. if (builder.Options.LogoutEndpointPath.HasValue) { routes.MapRoute("{C7DB102A}", builder.Options.LogoutEndpointPath.Value.Substring(1), new { controller = "OpenIddict", action = nameof(OpenIddictController <object, object> .Logout) }); } }), services => { var configuration = app.ApplicationServices.GetRequiredService <OpenIddictConfiguration>(); services.AddMvc() // Note: ConfigureApplicationPartManager() must be // called before AddControllersAsServices(). .ConfigureApplicationPartManager(manager => { manager.ApplicationParts.Clear(); manager.ApplicationParts.Add(new OpenIddictPart(configuration)); }) .AddControllersAsServices() // Add an OpenIddict-specific convention to ensure that the generic // OpenIddictController gets an appropriate controller name. .AddMvcOptions(options => options.Conventions.Add(new OpenIddictConvention())) .AddRazorOptions(options => { // Update the Razor options to also use an embedded file provider that // falls back to the current assembly when searching for views. options.FileProviders.Add(new EmbeddedFileProvider( assembly: typeof(OpenIddictController <,>).GetTypeInfo().Assembly, baseNamespace: typeof(OpenIddictController <,>).Namespace)); }); // Register the user manager in the isolated container. services.AddScoped(typeof(OpenIddictManager <,>).MakeGenericType(configuration.UserType, configuration.ApplicationType), provider => { var accessor = provider.GetRequiredService <IHttpContextAccessor>(); var container = (IServiceProvider)accessor.HttpContext.Items[typeof(IServiceProvider)]; Debug.Assert(container != null); // Resolve the user manager from the parent container. return container.GetRequiredService(typeof(OpenIddictManager <,>).MakeGenericType(configuration.UserType, configuration.ApplicationType)); }); // Register the services context in the isolated container. services.AddScoped(typeof(OpenIddictServices <,>).MakeGenericType(configuration.UserType, configuration.ApplicationType), provider => { var accessor = provider.GetRequiredService <IHttpContextAccessor>(); var container = (IServiceProvider)accessor.HttpContext.Items[typeof(IServiceProvider)]; Debug.Assert(container != null); // Resolve the services context from the parent container. return container.GetRequiredService(typeof(OpenIddictServices <,>).MakeGenericType(configuration.UserType, configuration.ApplicationType)); }); // Register the sign-in manager in the isolated container. services.AddScoped(typeof(SignInManager <>).MakeGenericType(configuration.UserType), provider => { var accessor = provider.GetRequiredService <IHttpContextAccessor>(); var container = (IServiceProvider)accessor.HttpContext.Items[typeof(IServiceProvider)]; Debug.Assert(container != null); // Resolve the sign-in manager from the parent container. return container.GetRequiredService(typeof(SignInManager <>).MakeGenericType(configuration.UserType)); }); // Register the user manager in the isolated container. services.AddScoped(typeof(UserManager <>).MakeGenericType(configuration.UserType), provider => { var accessor = provider.GetRequiredService <IHttpContextAccessor>(); var container = (IServiceProvider)accessor.HttpContext.Items[typeof(IServiceProvider)]; Debug.Assert(container != null); // Resolve the user manager from the parent container. return container.GetRequiredService(typeof(UserManager <>).MakeGenericType(configuration.UserType)); }); // Register the compilation service in the isolated container. services.AddScoped(provider => { var accessor = provider.GetRequiredService <IHttpContextAccessor>(); var container = (IServiceProvider)accessor.HttpContext.Items[typeof(IServiceProvider)]; Debug.Assert(container != null); // Resolve the compilation service from the parent container. return container.GetRequiredService <ICompilationService>(); }); // Register the options in the isolated container. services.AddSingleton(Options.Create(builder.Options)); }))); }
/// <summary> /// Registers the Entity Framework stores. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder AddEntityFramework <TContext, TKey>([NotNull] this OpenIddictBuilder builder) where TContext : DbContext where TKey : IEquatable <TKey> { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } Debug.Assert(builder.ApplicationType != null && builder.AuthorizationType != null && builder.RoleType != null && builder.ScopeType != null && builder.TokenType != null, "The entity types exposed by OpenIddictBuilder shouldn't be null."); // Register the application store in the DI container. builder.Services.TryAddScoped( typeof(IOpenIddictApplicationStore <>).MakeGenericType(builder.ApplicationType), typeof(OpenIddictApplicationStore <, , ,>).MakeGenericType( /* TApplication: */ builder.ApplicationType, /* TToken: */ builder.TokenType, /* TContext: */ typeof(TContext), /* TKey: */ typeof(TKey))); // Register the authorization store in the DI container. builder.Services.TryAddScoped( typeof(IOpenIddictAuthorizationStore <>).MakeGenericType(builder.AuthorizationType), typeof(OpenIddictAuthorizationStore <, , ,>).MakeGenericType( /* TAuthorization: */ builder.AuthorizationType, /* TToken: */ builder.TokenType, /* TContext: */ typeof(TContext), /* TKey: */ typeof(TKey))); // Register the scope store in the DI container. builder.Services.TryAddScoped( typeof(IOpenIddictScopeStore <>).MakeGenericType(builder.ScopeType), typeof(OpenIddictScopeStore <, ,>).MakeGenericType( /* TScope: */ builder.ScopeType, /* TContext: */ typeof(TContext), /* TKey: */ typeof(TKey))); // Register the token store in the DI container. builder.Services.TryAddScoped( typeof(IOpenIddictTokenStore <>).MakeGenericType(builder.TokenType), typeof(OpenIddictTokenStore <, , , ,>).MakeGenericType( /* TToken: */ builder.TokenType, /* TAuthorization: */ builder.AuthorizationType, /* TUser: */ builder.UserType, /* TContext: */ typeof(TContext), /* TKey: */ typeof(TKey))); // Register the token store in the DI container. builder.Services.TryAddScoped( typeof(IOpenIddictUserStore <>).MakeGenericType(builder.UserType), typeof(OpenIddictUserStore <, , , , , ,>).MakeGenericType( /* TUser: */ builder.UserType, /* TApplication: */ builder.ApplicationType, /* TAuthorization: */ builder.AuthorizationType, /* TRole: */ builder.RoleType, /* TToken: */ builder.TokenType, /* TContext: */ typeof(TContext), /* TKey: */ typeof(TKey))); return(builder); }
/// <summary> /// Registers the Entity Framework stores. /// </summary> /// <param name="builder">The services builder used by OpenIddict to register new services.</param> /// <returns>The <see cref="OpenIddictBuilder"/>.</returns> public static OpenIddictBuilder AddEntityFramework <TContext>([NotNull] this OpenIddictBuilder builder) where TContext : DbContext { return(builder.AddEntityFramework <TContext, string>()); }