private static void SeedClientRestrictions(IAdminStore <Entity.ClientIdpRestriction> clientIdpRestrictionStore, IdentityServer4.Models.Client client)
{
foreach (var restriction in client.IdentityProviderRestrictions)
{
clientIdpRestrictionStore.CreateAsync(new Entity.ClientIdpRestriction
{
ClientId = client.ClientId,
Id = Guid.NewGuid().ToString(),
Provider = restriction
}).GetAwaiter().GetResult();
}
}
private static void SeedClientUris(IAdminStore <Entity.ClientUri> clientUriStore, IdentityServer4.Models.Client client)
{
var uris = client.RedirectUris.Select(o => new Entity.ClientUri
{
Id = Guid.NewGuid().ToString(),
ClientId = client.ClientId,
Uri = o
}).ToList();
foreach (var origin in client.AllowedCorsOrigins)
{
var cors = new Uri(origin);
var uri = uris.FirstOrDefault(u => cors.CorsMatch(u.Uri));
var corsUri = new Uri(origin);
var sanetized = $"{corsUri.Scheme.ToUpperInvariant()}://{corsUri.Host.ToUpperInvariant()}:{corsUri.Port}";
if (uri == null)
{
uris.Add(new Entity.ClientUri
{
Id = Guid.NewGuid().ToString(),
ClientId = client.ClientId,
Uri = origin,
Kind = Entity.UriKinds.Cors,
SanetizedCorsUri = sanetized
});
continue;
}
uri.SanetizedCorsUri = sanetized;
uri.Kind = Entity.UriKinds.Redirect | Entity.UriKinds.Cors;
}
foreach (var postLogout in client.PostLogoutRedirectUris)
{
var uri = uris.FirstOrDefault(u => u.Uri == postLogout);
if (uri == null)
{
uris.Add(new Entity.ClientUri
{
Id = Guid.NewGuid().ToString(),
ClientId = client.ClientId,
Uri = postLogout,
Kind = Entity.UriKinds.PostLogout
});
continue;
}
uri.Kind |= Entity.UriKinds.Redirect;
}
foreach (var uri in uris)
{
clientUriStore.CreateAsync(uri).GetAwaiter().GetResult();
}
}
private static void SeedClientProperties(IAdminStore <Entity.ClientProperty> clientPropertyStore, IdentityServer4.Models.Client client)
{
foreach (var property in client.Properties)
{
clientPropertyStore.CreateAsync(new Entity.ClientProperty
{
ClientId = client.ClientId,
Id = Guid.NewGuid().ToString(),
Key = property.Key,
Value = property.Value
}).GetAwaiter().GetResult();
}
}
public UpdateClientCommand(IdentityServer4.Models.Client client, string originalClinetId)
{
Client = client;
OriginalClinetId = originalClinetId;
}
/// <summary>
/// 添加或者更新客户端
/// </summary>
/// <param name="dto"></param>
/// <returns></returns>
public async Task <Result> CreateOrUpdateClientAsync(ClientDto dto)
{
//if(!GetExampleGrantTypes().Any(e=>e.GrantType == dto.AllowedGrantTypes))
//{
// return Failed($"无效的grantType【{dto.AllowedGrantTypes}】");
//}
IdentityServer4.Models.Client model = mapper.Map <IdentityServer4.Models.Client>(dto);
var entity = model.ToEntity();
if (!dto.Id.HasValue || dto.Id == 0)
{
//创建
await configurationDbContext.Clients.AddAsync(entity).ConfigureAwait(false);
}
else
{
entity.Id = dto.Id.Value;
Client client = await Clients.FirstOrDefaultAsync(e => e.Id == dto.Id).ConfigureAwait(false);
if (client == null)
{
return(FailedResult($"客户端[{dto.ClientId}]不存在"));
}
client = mapper.Map(entity, client);
}
try
{
int row = await configurationDbContext.SaveChangesAsync().ConfigureAwait(false);
if (row > 0)
{
return(OkResult());
}
return(FailedResult("已执行,但未更新数据"));
}
catch (DbUpdateException ex)
{
return(FailedResult(ex));
}
//如果Id有值,先删除
//if (dto.Id.HasValue && dto.Id > 0)
//{
// //先删除
// var existClient = await configurationDbContext.Clients.FirstOrDefaultAsync(e => e.ClientId == dto.ClientId).ConfigureAwait(false);
// if (existClient != null)
// {
// configurationDbContext.Clients.Remove(existClient);
// }
//}
//IdentityServer4.Models.Client client = new IdentityServer4.Models.Client
//{
// ClientName = dto.ClientName,
// Description = dto.Description,
// ClientId = dto.ClientId,
// Enabled = true,
// RequireClientSecret = false,//不需要密码
// AllowOfflineAccess = true, //允许离线访问
// AllowAccessTokensViaBrowser = true, //允许令牌通过浏览器
// AlwaysSendClientClaims = true,//允许发送客户端声明
// AlwaysIncludeUserClaimsInIdToken = false, //允许userClaims 包含在 token 中
// //授权确认同意页面,false则跳过
// RequireConsent = dto.RequireConsent,
// RequirePkce = false,
// RedirectUris = dto.RedirectUris.Split(';')?.ToList(), //登录后重定位路径
// PostLogoutRedirectUris = dto.PostLogoutRedirectUris.Split(';')?.ToList(), //后端注销url
// FrontChannelLogoutUri = dto.FrontChannelLogoutUri, //前端频道注销uri
// AllowedGrantTypes = IdentityServer4.Models.GrantTypes.Implicit, //添加简化模式授权
// AllowedScopes = dto.Scopes.Split(';')?.ToList() //添加允许的作用域
//};
//var entity = client.ToEntity();
//await configurationDbContext.Clients.AddAsync(entity).ConfigureAwait(false);
//DataResult<int?> result = new DataResult<int?>();
//try
//{
// var row = await configurationDbContext.SaveChangesAsync().ConfigureAwait(false);
// if (row > 0)
// {
// var id = (await configurationDbContext.Clients.FirstOrDefaultAsync(e => e.ClientId == dto.ClientId).ConfigureAwait(false))?.Id;
// result.Succeeded = true;
// result.Data = id;
// }
//}
//catch (Exception ex)
//{
// result.ErrorMessage = ex.InnerException?.Message ?? ex.Message;
//}
//return result;
}
public async Task AddClient(IdentityServer4.Models.Client entity)
{
await _configurationDbContext.Clients.AddAsync(entity.ToEntity());
}
public static Entities.Client ToEntity(this IdentityServer4.Models.Client client)
{
return(Mapper.Map <Entities.Client>(client));
}
private async Task <Client> ConvertToModelAsync(ClientEntity entity)
{
var client = new Client
{
ClientId = entity.ClientId,
Enabled = entity.Enabled,
ProtocolType = entity.ProtocolType,
RequireClientSecret = entity.RequireClientSecret,
ClientName = entity.ClientName,
Description = entity.Description,
ClientUri = entity.ClientUri,
LogoUri = entity.LogoUri,
RequireConsent = entity.RequireConsent,
AllowRememberConsent = entity.AllowRememberConsent,
RequirePkce = entity.RequirePkce,
AllowPlainTextPkce = entity.AllowPlainTextPkce,
AllowAccessTokensViaBrowser = entity.AllowAccessTokensViaBrowser,
FrontChannelLogoutUri = entity.FrontChannelLogoutUri,
FrontChannelLogoutSessionRequired = entity.FrontChannelLogoutSessionRequired,
BackChannelLogoutUri = entity.BackChannelLogoutUri,
BackChannelLogoutSessionRequired = entity.BackChannelLogoutSessionRequired,
AllowOfflineAccess = entity.AllowOfflineAccess,
AlwaysIncludeUserClaimsInIdToken = entity.AlwaysIncludeUserClaimsInIdToken,
IdentityTokenLifetime = entity.IdentityTokenLifetime,
AccessTokenLifetime = entity.AccessTokenLifetime,
AuthorizationCodeLifetime = entity.AuthorizationCodeLifetime,
AbsoluteRefreshTokenLifetime = entity.AbsoluteRefreshTokenLifetime,
SlidingRefreshTokenLifetime = entity.SlidingRefreshTokenLifetime,
ConsentLifetime = entity.ConsentLifetime,
RefreshTokenUsage = entity.RefreshTokenUsage,
UpdateAccessTokenClaimsOnRefresh = entity.UpdateAccessTokenClaimsOnRefresh,
RefreshTokenExpiration = entity.RefreshTokenExpiration,
AccessTokenType = entity.AccessTokenType,
EnableLocalLogin = entity.EnableLocalLogin,
IncludeJwtId = entity.IncludeJwtId,
AlwaysSendClientClaims = entity.AlwaysSendClientClaims,
ClientClaimsPrefix = entity.ClientClaimsPrefix,
PairWiseSubjectSalt = entity.PairWiseSubjectSalt,
UserSsoLifetime = entity.UserSsoLifetime,
UserCodeType = entity.UserCodeType,
DeviceCodeLifetime = entity.DeviceCodeLifetime,
};
await foreach (var claim in _claims.EnumAsync(entity.ClientId))
{
client.Claims.Add(new Claim(claim.Type, claim.Value));
}
await foreach (var corsOrigin in _corsOrigins.EnumAsync(client.ClientId))
{
client.AllowedCorsOrigins.Add(WebUtility.UrlDecode(corsOrigin.Origin));
}
await foreach (var grantType in _grantTypes.EnumAsync(entity.ClientId))
{
client.AllowedGrantTypes.Add(grantType.GrantType);
}
await foreach (var restriction in _idPRestrictions.EnumAsync(entity.ClientId))
{
client.IdentityProviderRestrictions.Add(restriction.Provider);
}
await foreach (var redirectUri in _postLogoutRedirectUris.EnumAsync(entity.ClientId))
{
client.PostLogoutRedirectUris.Add(WebUtility.UrlDecode(redirectUri.PostLogoutRedirectUri));
}
await foreach (var redirectUri in _redirectUris.EnumAsync(entity.ClientId))
{
client.RedirectUris.Add(WebUtility.UrlDecode(redirectUri.RedirectUri));
}
await foreach (var secret in _secrets.EnumAsync(entity.ClientId))
{
client.ClientSecrets.Add(new Secret
{
Description = secret.Description,
Expiration = secret.Expiration,
Type = secret.Type,
Value = secret.Value,
});
}
await foreach (var scope in _scopes.EnumAsync(entity.ClientId))
{
client.AllowedScopes.Add(scope.Scope);
}
return(client);
}
public async Task StoreAsync(Client client)
{
await _clients.InsertAsync(new ClientEntity
{
ClientId = client.ClientId,
Enabled = client.Enabled,
ProtocolType = client.ProtocolType,
RequireClientSecret = client.RequireClientSecret,
ClientName = client.ClientName,
Description = client.Description,
ClientUri = client.ClientUri,
LogoUri = client.LogoUri,
RequireConsent = client.RequireConsent,
AllowRememberConsent = client.AllowRememberConsent,
RequirePkce = client.RequirePkce,
AllowPlainTextPkce = client.AllowPlainTextPkce,
AllowAccessTokensViaBrowser = client.AllowAccessTokensViaBrowser,
FrontChannelLogoutUri = client.FrontChannelLogoutUri,
FrontChannelLogoutSessionRequired = client.FrontChannelLogoutSessionRequired,
BackChannelLogoutUri = client.BackChannelLogoutUri,
BackChannelLogoutSessionRequired = client.BackChannelLogoutSessionRequired,
AllowOfflineAccess = client.AllowOfflineAccess,
AlwaysIncludeUserClaimsInIdToken = client.AlwaysIncludeUserClaimsInIdToken,
IdentityTokenLifetime = client.IdentityTokenLifetime,
AccessTokenLifetime = client.AccessTokenLifetime,
AuthorizationCodeLifetime = client.AuthorizationCodeLifetime,
AbsoluteRefreshTokenLifetime = client.AbsoluteRefreshTokenLifetime,
SlidingRefreshTokenLifetime = client.SlidingRefreshTokenLifetime,
ConsentLifetime = client.ConsentLifetime,
RefreshTokenUsage = client.RefreshTokenUsage,
UpdateAccessTokenClaimsOnRefresh = client.UpdateAccessTokenClaimsOnRefresh,
RefreshTokenExpiration = client.RefreshTokenExpiration,
AccessTokenType = client.AccessTokenType,
EnableLocalLogin = client.EnableLocalLogin,
IncludeJwtId = client.IncludeJwtId,
AlwaysSendClientClaims = client.AlwaysSendClientClaims,
ClientClaimsPrefix = client.ClientClaimsPrefix,
PairWiseSubjectSalt = client.PairWiseSubjectSalt,
UserSsoLifetime = client.UserSsoLifetime,
UserCodeType = client.UserCodeType,
DeviceCodeLifetime = client.DeviceCodeLifetime,
});
foreach (var claim in client.Claims)
{
await _claims.InsertAsync(new ClientClaimEntity
{
ClientId = client.ClientId,
Type = claim.Type,
Value = claim.Value,
});
}
foreach (var corsOrigin in client.AllowedCorsOrigins)
{
await _corsOrigins.InsertAsync(new ClientCorsOriginEntity
{
ClientId = client.ClientId,
Origin = WebUtility.UrlEncode(corsOrigin),
});
}
foreach (var grantType in client.AllowedGrantTypes)
{
await _grantTypes.InsertAsync(new ClientGrantTypeEntity
{
ClientId = client.ClientId,
GrantType = grantType,
});
}
foreach (var restriction in client.IdentityProviderRestrictions)
{
await _idPRestrictions.InsertAsync(new ClientIdPRestrictionEntity
{
ClientId = client.ClientId,
Provider = restriction,
});
}
foreach (var redirectUri in client.PostLogoutRedirectUris)
{
await _postLogoutRedirectUris.InsertAsync(new ClientPostLogoutRedirectUriEntity
{
ClientId = client.ClientId,
PostLogoutRedirectUri = WebUtility.UrlEncode(redirectUri),
});
}
foreach (var redirectUri in client.RedirectUris)
{
await _redirectUris.InsertAsync(new ClientRedirectUriEntity
{
ClientId = client.ClientId,
RedirectUri = WebUtility.UrlEncode(redirectUri),
});
}
var secrets = client.ClientSecrets.ToArray();
for (var index = 0; index < client.ClientSecrets.Count; index++)
{
var secret = secrets[index];
await _secrets.InsertAsync(new ClientSecretEntity
{
ClientId = client.ClientId,
Sequence = index,
Description = secret.Description,
Expiration = secret.Expiration,
Type = secret.Type,
Value = secret.Value,
});
}
foreach (var scope in client.AllowedScopes)
{
await _scopes.InsertAsync(new ClientScopeEntity
{
ClientId = client.ClientId,
Scope = scope,
});
}
}
/// <summary>
/// Maps a model to an entity.
/// </summary>
/// <param name="model">The model.</param>
/// <returns></returns>
public static Client ToEntity(this IdentityServer4.Models.Client model)
{
return(Mapper.Map <Client>(model));
}
private static void SeedClientGrantType(IAdminStore <Entity.ClientGrantType> clientGrantTypeStore, IdentityServer4.Models.Client client)
{
foreach (var grantType in client.AllowedGrantTypes)
{
clientGrantTypeStore.CreateAsync(new Entity.ClientGrantType
{
ClientId = client.ClientId,
GrantType = grantType,
Id = Guid.NewGuid().ToString()
}).GetAwaiter().GetResult();
}
}
private static void SeedClientClaims(IAdminStore <Entity.ClientClaim> clientClaimStore, IdentityServer4.Models.Client client)
{
foreach (var claim in client.Claims)
{
clientClaimStore.CreateAsync(new Entity.ClientClaim
{
ClientId = client.ClientId,
Id = Guid.NewGuid().ToString(),
Type = claim.Type,
Value = claim.Value
}).GetAwaiter().GetResult();
}
}
private static void SeedClientSecrets(IAdminStore <Entity.ClientSecret> clientSecretStore, IdentityServer4.Models.Client client)
{
foreach (var secret in client.ClientSecrets)
{
clientSecretStore.CreateAsync(new Entity.ClientSecret
{
ClientId = client.ClientId,
Description = secret.Description,
Expiration = secret.Expiration,
Id = Guid.NewGuid().ToString(),
Type = secret.Type,
Value = secret.Value
}).GetAwaiter().GetResult();
}
}
public Task <bool> IsRedirectUriValidAsync(string requestedUri, IdentityServer4.Models.Client client)
{
_logger.LogInformation("Client {ClientName} used post logout uri {RequestedUri}.", client.ClientName, requestedUri);
return(Task.FromResult(true));
}
