public async Task <SecurableItem> AddSecurableItem(string clientId, SecurableItem item)
{
item.CreatedDateTimeUtc = DateTime.UtcNow;
item.Id = Guid.NewGuid();
var client = await _clientStore.Get(clientId);
CheckUniqueness(client.TopLevelSecurableItem, item);
client.TopLevelSecurableItem.SecurableItems.Add(item);
await _clientStore.Update(client);
return(item);
}
public async Task <Client> Update(Client model)
{
var entity = await _store.Load(model.Id);
if (!CanManage(entity))
{
throw new InvalidOperationException();
}
// strings
entity.Name = model.Name.Trim();
entity.DisplayName = model.DisplayName?.Trim();
entity.Description = model.Description?.Trim();
entity.ClientClaimsPrefix = model.ClientClaimsPrefix?.Trim() ?? "client_";
// simple-timespans
entity.ConsentLifetime = model.ConsentLifetime.ToSeconds();
entity.IdentityTokenLifetime = model.IdentityTokenLifetime.ToSeconds();
entity.AccessTokenLifetime = model.AccessTokenLifetime.ToSeconds();
entity.AuthorizationCodeLifetime = model.AuthorizationCodeLifetime.ToSeconds();
entity.AbsoluteRefreshTokenLifetime = model.AbsoluteRefreshTokenLifetime.ToSeconds();
entity.SlidingRefreshTokenLifetime = model.SlidingRefreshTokenLifetime.ToSeconds();
// flags
entity.Flags = ClientFlag.EnableLocalLogin;
if (model.RequirePkce)
{
entity.Flags |= ClientFlag.RequirePkce;
}
if (model.RequireConsent)
{
entity.Flags |= ClientFlag.RequireConsent;
}
if (model.AlwaysIncludeUserClaimsInIdToken)
{
entity.Flags |= ClientFlag.AlwaysIncludeUserClaimsInIdToken;
}
if (model.AllowOfflineAccess)
{
entity.Flags |= ClientFlag.AllowOfflineAccess;
}
if (model.UpdateAccessTokenClaimsOnRefresh)
{
entity.Flags |= ClientFlag.UpdateAccessTokenClaimsOnRefresh;
}
if (model.UseOneTimeRefreshTokens)
{
entity.Flags |= ClientFlag.UseOneTimeRefreshTokens;
}
if (model.Published)
{
entity.Flags |= ClientFlag.Published;
}
if (model.AlwaysSendClientClaims)
{
entity.Flags |= ClientFlag.AlwaysSendClientClaims;
}
// urls
UpdateUrl(entity, ClientUriType.ClientUri, model.Url?.Trim());
UpdateUrl(entity, ClientUriType.LogoUri, model.LogoUrl?.Trim());
UpdateUrl(entity, ClientUriType.FrontChannelLogoutUri, model.FrontChannelLogoutUrl?.Trim());
UpdateUrl(entity, ClientUriType.BackChannelLogoutUri, model.BackChannelLogoutUrl?.Trim());
UpdateUrls(entity, ClientUriType.RedirectUri, model.RedirectUrls);
UpdateUrls(entity, ClientUriType.PostLogoutRedirectUri, model.PostLogoutUrls);
UpdateUrls(entity, ClientUriType.CorsUri, model.CorsUrls);
// client claims
UpdateClaims(entity, model.Claims);
// secrets
UpdateSecrets(entity, model.Secrets);
// managers
UpdateManagers(entity, model.Managers);
// validate scopes
entity.Grants = model.Grants;
if (!entity.Grants.Contains("client_credentials"))
{
entity.Grants += " client_credentials";
}
if (entity.Grants.Contains("implicit"))
{
entity.Flags |= ClientFlag.AllowAccessTokensViaBrowser;
entity.Flags |= ClientFlag.AllowOfflineAccess;
entity.Flags ^= ClientFlag.AllowOfflineAccess;
}
await ValidateScopes(entity, model.Scopes?.Trim());
// only admins can enable
if (_profile.IsPrivileged)
{
entity.Enabled = model.Enabled;
}
try
{
await _store.Update(entity);
}
catch (Exception ex)
{
if (ex.GetBaseException().Message.ToLower().Contains("unique"))
{
throw new ClientNameNotUniqueException();
}
else
{
throw new ClientUpdateException();
}
}
return(Mapper.Map <Client>(entity));
}
