private static Client CreateMockClient()
{
var clientId = "JohnSmithMobileDevShop";
var client = new Client
{
Name = "John Smith's Mobile Development Shop",
ClientId = clientId,
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Flow = OAuthFlow.ResourceOwner,
AllowRefreshToken = false
};
client.SetSharedSecret("MyTestSecret");
return client;
}
private void PopulateData()
{
var resourceOwnerClient = new Client
{
Name = "Resource Owner Flow Client",
ClientId = "roclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Enabled = true,
Flow = OAuthFlow.ResourceOwner,
AllowRefreshToken = false
};
resourceOwnerClient.SetSharedSecret("secret");
var assertionClient = new Client
{
Name = "Assertion Flow Client",
ClientId = "assertionclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Enabled = true,
Flow = OAuthFlow.Assertion,
AllowRefreshToken = false
};
assertionClient.SetSharedSecret("secret");
var codeClient = new Client
{
Name = "Code Flow Client",
ClientId = "codeclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Enabled = true,
AllowRefreshToken = true,
Flow = OAuthFlow.Code,
RedirectUris = new List<ClientRedirectUri>
{
new ClientRedirectUri
{
Uri = "https://prod.local",
Description = "Production"
},
new ClientRedirectUri
{
Uri = "https://test.local",
Description = "Test"
}
}
};
codeClient.SetSharedSecret("secret");
var implicitClient = new Client
{
Name = "Implicit Flow Client",
ClientId = "implicitclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Enabled = true,
AllowRefreshToken = false,
Flow = OAuthFlow.Implicit,
RedirectUris = new List<ClientRedirectUri>
{
new ClientRedirectUri
{
Uri = "https://test2.local",
Description = "Test"
}
}
};
implicitClient.SetSharedSecret("secret");
var trustedClient = new Client
{
Name = "Trusted Client",
ClientId = "trustedclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Enabled = true,
AllowRefreshToken = true,
Flow = OAuthFlow.ResourceOwner,
};
trustedClient.SetSharedSecret("secret");
var serviceClient = new Client
{
Name = "Service Client",
ClientId = "client",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Enabled = true,
AllowRefreshToken = false,
Flow = OAuthFlow.Client,
};
serviceClient.SetSharedSecret("secret");
var disabledClient = new Client
{
Name = "Disabled Client",
ClientId = "disabledclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Enabled = false,
AllowRefreshToken = false,
Flow = OAuthFlow.Code,
RedirectUris = new List<ClientRedirectUri>
{
new ClientRedirectUri
{
Uri = "https://prod.local",
Description = "Production"
}
}
};
disabledClient.SetSharedSecret("secret");
var readScope = new Scope
{
AllowedClients = new List<Client> { codeClient, implicitClient, resourceOwnerClient, serviceClient, assertionClient, disabledClient },
Name = "read",
Description = "Read data",
Emphasize = false
};
var browseScope = new Scope
{
AllowedClients = new List<Client> { codeClient, implicitClient, resourceOwnerClient },
Name = "browse",
Description = "Browse data",
Emphasize = false
};
var searchScope = new Scope
{
AllowedClients = new List<Client> { codeClient, resourceOwnerClient },
Name = "search",
Description = "Search data",
Emphasize = false
};
var writeScope = new Scope
{
AllowedClients = new List<Client> { resourceOwnerClient },
Name = "write",
Description = "write data",
Emphasize = true
};
var deleteScope = new Scope
{
AllowedClients = new List<Client> { trustedClient },
Name = "delete",
Description = "delete data",
Emphasize = true
};
var application = new Application
{
Name = "Test Application",
Namespace = "test",
Scopes = new List<Scope> { readScope, browseScope, searchScope, writeScope, deleteScope },
RequireConsent = true,
TokenLifetime = 60
};
_applications.Add(application);
}
public HttpResponseMessage Post(ClientModel model)
{
if (String.IsNullOrEmpty(model.ClientSecret))
{
ModelState.AddModelError("model.ClientSecret", "ClientSecret is required");
}
if (!ModelState.IsValid)
{
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.GetErrors());
}
if (config.Clients.All.Any(x => x.ClientId == model.ClientId))
{
ModelState.AddModelError("", "That Client ID is already in use.");
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.GetErrors());
}
if (config.Clients.All.Any(x => x.Name == model.Name))
{
ModelState.AddModelError("", "That Name is already in use.");
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.GetErrors());
}
var item = new Client();
item.ClientId = model.ClientId;
item.Name = model.Name;
item.Flow = model.Flow;
item.AllowRefreshToken = model.AllowRefreshToken;
item.RequireConsent = model.RequireConsent;
item.Enabled = model.Enabled;
item.SetSharedSecret(model.ClientSecret);
this.config.Clients.Add(item);
this.config.SaveChanges();
var response = Request.CreateResponse(HttpStatusCode.OK, item);
var url = Url.Link("Admin-Endpoints", new { controller = "Clients", id = item.ClientId });
response.Headers.Location = new Uri(url);
return response;
}
public static void Populate()
{
Database.SetInitializer(new DropCreateDatabaseIfModelChanges<AuthorizationServerContext>());
try
{
var db = DependencyResolver.Current.GetService<AuthorizationServerContext>();
var resourceOwnerClient = db.Clients.Find("roclient");
var CodeClient = db.Clients.Find("codeclient");
var ImplicitClient = db.Clients.Find("implicitclient");
var client = db.Clients.Find("client");
var assertionClient = db.Clients.Find("assertionclient");
if (client == null)
{
client = new Client
{
Enabled = true,
Name = "Client",
ClientId = "client",
Flow = OAuthFlow.Client
};
client.SetSharedSecret("secret");
db.Clients.Add(client);
db.SaveChanges();
}
if (assertionClient == null)
{
assertionClient = new Client
{
Enabled = true,
Name = "Assertion Client",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
ClientId = "assertionclient",
Flow = OAuthFlow.Assertion
};
assertionClient.SetSharedSecret("secret");
db.Clients.Add(assertionClient);
db.SaveChanges();
}
if (resourceOwnerClient == null)
{
resourceOwnerClient = new Client
{
Enabled = true,
Name = "Resource Owner Flow Client",
ClientId = "roclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Flow = OAuthFlow.ResourceOwner,
AllowRefreshToken = true
};
resourceOwnerClient.SetSharedSecret("secret");
db.Clients.Add(resourceOwnerClient);
db.SaveChanges();
}
if (CodeClient == null)
{
CodeClient = new Client
{
Enabled = true,
Name = "Code Flow Client",
ClientId = "codeclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
AllowRefreshToken = true,
Flow = OAuthFlow.Code,
RedirectUris = new List<ClientRedirectUri>
{
new ClientRedirectUri
{
Uri = "https://prod.local",
Description = "Production"
},
new ClientRedirectUri
{
Uri = "https://test.local",
Description = "Test"
},
new ClientRedirectUri
{
Uri = "https://localhost:44303/callback",
Description = "Local Test"
}
}
};
CodeClient.SetSharedSecret("secret");
db.Clients.Add(CodeClient);
db.SaveChanges();
}
if (ImplicitClient == null)
{
ImplicitClient = new Client
{
Enabled = true,
Name = "Implicit Flow Client",
ClientId = "implicitclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
AllowRefreshToken = false,
Flow = OAuthFlow.Implicit,
RedirectUris = new List<ClientRedirectUri>
{
new ClientRedirectUri
{
Uri = "https://test2.local",
Description = "Test"
},
new ClientRedirectUri
{
Uri = "https://localhost:44300/callback.cshtml",
Description = "JavaScript Callback Page"
},
new ClientRedirectUri
{
Uri = "ms-app://s-1-15-2-4224567138-2162094511-1976135278-3909242924-69295690-1380993013-1329561029/",
Description = "Win Store App"
}
}
};
ImplicitClient.SetSharedSecret("secret");
db.Clients.Add(ImplicitClient);
db.SaveChanges();
}
//if (!db.SigningKeys.Any())
//{
// db.SigningKeys.Add(new X509CertificateReference
// {
// Name = "Default X509 Cert",
// Location = System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,
// FindValue = "CN=idsrv.local",
// FindType = System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectDistinguishedName,
// StoreName = System.Security.Cryptography.X509Certificates.StoreName.My
// });
// db.SaveChanges();
//}
if (!db.Applications.Any())
{
var readScope = new Scope
{
AllowedClients = new List<Client> { CodeClient, ImplicitClient, resourceOwnerClient, client, assertionClient },
Name = "read",
DisplayName = "Read data",
Description = "Allows to read data",
Emphasize = false
};
var searchScope = new Scope
{
AllowedClients = new List<Client> { CodeClient, resourceOwnerClient },
Name = "search",
DisplayName = "Search data",
Description = "Allows to search for data",
Emphasize = false
};
var writeScope = new Scope
{
AllowedClients = new List<Client> { resourceOwnerClient },
Name = "write",
DisplayName = "Write data",
Description = "Allows to write data",
Emphasize = true
};
var key = new SymmetricKey { Name = "Demo signing key" };
key.SetValue(Convert.FromBase64String("1fTiS2clmPTUlNcpwYzd5i4AEFJ2DEsd8TcUsllmaKQ="));
var application = new Application
{
Enabled = true,
Name = "User management",
Namespace = "users",
Audience = "users",
Description = "This app manages your users",
LogoUrl = "http://en.opensuse.org/images/0/0b/Icon-user.png",
Scopes = new List<Scope> { readScope, searchScope, writeScope },
RequireConsent = true,
TokenLifetime = 60,
AllowRefreshToken = true,
AllowRememberConsentDecision = true,
SigningKey = key
};
db.Applications.Add(application);
db.SaveChanges();
}
}
catch (Exception)
{
throw;
}
}