/// <summary> /// Gets the allowed client scopes. /// </summary> /// <param name="rockContext">The rock context.</param> /// <param name="clientId">The client identifier.</param> /// <returns></returns> /// <exception cref="ArgumentException"> /// </exception> public static IEnumerable <string> GetAllowedClientScopes(RockContext rockContext, string clientId) { if (rockContext == null) { throw new ArgumentException($"{nameof( rockContext )} cannot be null."); } if (clientId.IsNullOrWhiteSpace()) { throw new ArgumentException($"{nameof( clientId )} cannot be null or empty."); } // The OpenId is required and should always be allowed. var emptyScopeList = new List <string> { }; var authClientService = new AuthClientService(rockContext); var enabledClientScopes = authClientService .Queryable() .Where(ac => ac.ClientId == clientId) .Select(ac => ac.AllowedScopes) .FirstOrDefault(); if (enabledClientScopes.IsNullOrWhiteSpace()) { return(emptyScopeList); } var parsedClientScopes = enabledClientScopes.FromJsonOrNull <List <string> >(); if (parsedClientScopes == null) { return(emptyScopeList); } var activeClientScopes = new AuthScopeService(rockContext) .Queryable() .Where(s => s.IsActive) .Select(s => s.Name); return(parsedClientScopes.Intersect(activeClientScopes)); }
/// <summary> /// Gets the requested scopes. /// </summary> /// <returns></returns> private List <string> GetRequestedScopes() { var scopes = new List <string> { "Authorization" }; var owinContext = Context.GetOwinContext(); var request = owinContext.GetOpenIdConnectRequest(); var requestedScopes = request.GetScopes(); var rockContext = new RockContext(); var authClientService = new AuthClientService(rockContext); var clientAllowedClaims = authClientService .Queryable() .Where(ac => ac.ClientId == request.ClientId) .Select(ac => ac.AllowedClaims).FirstOrDefault(); var parsedAllowedClientClaims = clientAllowedClaims.FromJsonOrNull <List <string> >(); if (parsedAllowedClientClaims == null) { return(new List <string>()); } var authClaimService = new AuthClaimService(rockContext); var activeAllowedClientClaims = authClaimService .Queryable() .Where(ac => parsedAllowedClientClaims.Contains(ac.Name)) .Where(ac => ac.IsActive) .Where(ac => requestedScopes.Contains(ac.Scope.Name)) .Select(ac => new { Scope = ac.Scope.PublicName, Claim = ac.PublicName }) .GroupBy(ac => ac.Scope, ac => ac.Claim) .ToList() .Select(ac => new { Scope = ac.Key, Claims = string.Join(", ", ac.ToArray()) }); scopes.AddRange(activeAllowedClientClaims.Select(ac => ac.Scope == ac.Claims ? ac.Scope : ac.Scope + " (" + ac.Claims + ")")); return(scopes); //return scopeString.SplitDelimitedValues().ToList(); }
/// <summary> /// Binds the grid. /// </summary> private void BindGrid() { var rockContext = new RockContext(); var authClientService = new AuthClientService(rockContext); var authClientQuery = authClientService.Queryable().AsNoTracking(); if (tbName.Text.IsNotNullOrWhiteSpace()) { authClientQuery = authClientQuery.Where(s => s.Name.Contains(tbName.Text)); } if (ddlActiveFilter.SelectedIndex > -1) { switch (ddlActiveFilter.SelectedValue) { case "active": authClientQuery = authClientQuery.Where(s => s.IsActive); break; case "inactive": authClientQuery = authClientQuery.Where(s => !s.IsActive); break; } } // Sort var sortProperty = gAuthClients.SortProperty; if (sortProperty == null) { sortProperty = new SortProperty(new GridViewSortEventArgs("Name", SortDirection.Ascending)); } authClientQuery = authClientQuery.Sort(sortProperty); gAuthClients.SetLinqDataSource(authClientQuery); gAuthClients.DataBind(); }
/// <summary> /// Gets the allowed client claims. /// </summary> /// <param name="rockContext">The rock context.</param> /// <param name="clientId">The client identifier.</param> /// <param name="allowedClientScopes">The allowed client scopes.</param> /// <returns></returns> /// <exception cref="ArgumentException"> /// </exception> public static IDictionary <string, string> GetAllowedClientClaims(RockContext rockContext, string clientId, IEnumerable <string> allowedClientScopes) { if (rockContext == null) { throw new ArgumentException($"{nameof( rockContext )} cannot be null."); } if (clientId.IsNullOrWhiteSpace()) { throw new ArgumentException($"{nameof( clientId )} cannot be null or empty."); } var allowedClaimList = new Dictionary <string, string>(); var authClientService = new AuthClientService(rockContext); var allowedClaims = authClientService.Queryable().Where(ac => ac.ClientId == clientId).Select(ac => ac.AllowedClaims).FirstOrDefault(); if (allowedClaims.IsNullOrWhiteSpace()) { return(allowedClaimList); } var parsedClaims = allowedClaims.FromJsonOrNull <List <string> >(); if (parsedClaims == null) { return(allowedClaimList); } return(new AuthClaimService(rockContext) .Queryable() .Where(ac => parsedClaims.Contains(ac.Name)) .Where(ac => ac.IsActive) .Where(ac => allowedClientScopes.Contains(ac.Scope.Name)) .Where(ac => ac.Scope.IsActive) .ToDictionary(vc => vc.Name, vc => vc.Value)); }