public async Task <IActionResult> Post([Required][FromBody] ClientDto clientDto)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (await _ospClientStore.FindClientByIdAsync(clientDto.ClientId) != null)
{
return(Conflict($"Client with id '{clientDto.ClientId}' already exists."));
}
var appClient = new OspClient
{
RequirePkce = true,
RequireClientSecret = false,
AccessTokenType = AccessTokenType.Jwt,
AllowAccessTokensViaBrowser = true,
AlwaysIncludeUserClaimsInIdToken = true,
RequireConsent = false
};
ApplyToClient(appClient, clientDto);
try
{
await _ospClientStore.CreateAsync(appClient);
await ClearCacheAsync();
return(Ok());
}
catch (Exception e)
{
return(BadRequest(new InternalServerError(e.Message)));
}
}
private async Task CreateClients()
{
var ospJobServices = await _clientStore.FindClientByIdAsync(CommonConstants.JobServicesClientId);
if (ospJobServices == null)
{
var appClient = new OspClient
{
ClientId = CommonConstants.JobServicesClientId,
ClientName = Texts.Backend_JobServices_UserSchema_JobServices_DisplayName,
ClientUri = _ospJobServicesOptions.PublicUrl,
AllowedGrantTypes = new[] { OidcConstants.GrantTypes.Implicit },
RequirePkce = true,
RequireClientSecret = false,
AccessTokenType = AccessTokenType.Jwt,
AllowAccessTokensViaBrowser = true,
AlwaysIncludeUserClaimsInIdToken = true,
RedirectUris =
{
_ospJobServicesOptions.PublicUrl.EnsureEndsWith("/") + "signin-oidc"
},
PostLogoutRedirectUris = { _ospJobServicesOptions.PublicUrl.EnsureEndsWith("/") },
AllowedCorsOrigins = { _ospJobServicesOptions.PublicUrl.TrimEnd('/') },
AllowedScopes =
{
CommonConstants.Scopes.OpenId,
CommonConstants.Scopes.Profile,
CommonConstants.Scopes.Email,
JwtClaimTypes.Role
}
};
await _clientStore.CreateAsync(appClient);
}
var ospJobServiceSwaggerClient =
await _clientStore.FindClientByIdAsync(CommonConstants.JobServicesSwaggerClientId);
if (ospJobServiceSwaggerClient == null)
{
var appClient = new OspClient
{
ClientId = CommonConstants.JobServicesSwaggerClientId,
ClientName = Texts.Backend_JobServices_UserSchema_Swagger_DisplayName,
ClientUri = _ospJobServicesOptions.PublicUrl,
AllowedGrantTypes = new[] { OidcConstants.GrantTypes.AuthorizationCode },
RequirePkce = true,
RequireClientSecret = false,
AccessTokenType = AccessTokenType.Jwt,
AllowAccessTokensViaBrowser = true,
AlwaysIncludeUserClaimsInIdToken = true,
RedirectUris =
{
_ospJobServicesOptions.PublicUrl.EnsureEndsWith("/swagger/oauth2-redirect.html")
},
PostLogoutRedirectUris = { _ospJobServicesOptions.PublicUrl.EnsureEndsWith("/") },
AllowedCorsOrigins = { _ospJobServicesOptions.PublicUrl.TrimEnd('/') },
AllowedScopes =
{
CommonConstants.Scopes.OpenId,
CommonConstants.Scopes.Profile,
CommonConstants.Scopes.Email,
JwtClaimTypes.Role,
CommonConstants.JobApiFullAccess,
CommonConstants.JobApiReadOnly
}
};
await _clientStore.CreateAsync(appClient);
}
}
private async Task CreateClients()
{
var ospToolClient = await _clientStore.FindClientByIdAsync(CommonConstants.OspToolClientId);
if (ospToolClient == null)
{
var appClient = new OspClient
{
ClientId = CommonConstants.OspToolClientId,
// no interactive user, use the clientId/secret for authentication
AllowedGrantTypes = new[] { OidcConstants.GrantTypes.DeviceCode },
// secret for authentication
ClientSecrets =
{
new Secret(CommonConstants.OspToolClientSecret.Sha256())
},
AllowOfflineAccess = true,
// scopes that client has access to
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
JwtClaimTypes.Role,
CommonConstants.SystemApiFullAccess,
CommonConstants.IdentityApiFullAccess,
CommonConstants.JobApiFullAccess
}
};
await _clientStore.CreateAsync(appClient);
}
var ospIdentityServiceSwaggerClient =
await _clientStore.FindClientByIdAsync(CommonConstants.IdentityServicesSwaggerClientId);
if (ospIdentityServiceSwaggerClient == null)
{
var appClient = new OspClient
{
ClientId = CommonConstants.IdentityServicesSwaggerClientId,
ClientName = Texts.Backend_IdentityServices_UserSchema_Swagger_DisplayName,
ClientUri = _ospIdentityOptions.AuthorityUrl,
AllowedGrantTypes = new[] { OidcConstants.GrantTypes.AuthorizationCode },
RequirePkce = true,
RequireClientSecret = false,
AccessTokenType = AccessTokenType.Jwt,
AllowAccessTokensViaBrowser = true,
AlwaysIncludeUserClaimsInIdToken = true,
RedirectUris =
{
_ospIdentityOptions.AuthorityUrl.EnsureEndsWith("/swagger/oauth2-redirect.html")
},
PostLogoutRedirectUris = { _ospIdentityOptions.AuthorityUrl.EnsureEndsWith("/") },
AllowedCorsOrigins = { _ospIdentityOptions.AuthorityUrl.TrimEnd('/') },
AllowedScopes =
{
CommonConstants.Scopes.OpenId,
CommonConstants.Scopes.Profile,
CommonConstants.Scopes.Email,
JwtClaimTypes.Role,
CommonConstants.IdentityApiFullAccess,
CommonConstants.IdentityApiReadOnly
}
};
await _clientStore.CreateAsync(appClient);
}
}
