private async Task CreateControlClientDocmentAsync(LoginUpParty loginUpParty)
{
Console.WriteLine("Creating control client");
Console.Write("Add localhost test domain to enable local development [y/n] (default no): ");
var addLocalhostDomain = Console.ReadKey();
Console.WriteLine(string.Empty);
var controlClientRedirectUris = new List <string>();
var controlClientAllowCorsOrigins = new List <string>();
controlClientRedirectUris.AddRange(GetControlClientRedirectUris(settings.FoxIDsMasterControlClientEndpoint));
controlClientAllowCorsOrigins.Add(settings.FoxIDsMasterControlClientEndpoint.TrimEnd('/'));
if (char.ToLower(addLocalhostDomain.KeyChar) == 'y')
{
controlClientRedirectUris.AddRange(GetControlClientRedirectUris("https://localhost:44332"));
controlClientAllowCorsOrigins.Add("https://localhost:44332");
}
var controlClientDownParty = new OidcDownParty
{
Name = controlClientName
};
await controlClientDownParty.SetIdAsync(new Party.IdKey {
TenantName = settings.MasterTenant, TrackName = settings.MasterTrack, PartyName = controlClientName
});
controlClientDownParty.AllowUpParties = new List <UpPartyLink> {
new UpPartyLink {
Name = loginUpParty.Name, Type = loginUpParty.Type
}
};
controlClientDownParty.Client = new OidcDownClient
{
RedirectUris = controlClientRedirectUris,
ResourceScopes = new List <OAuthDownResourceScope> {
new OAuthDownResourceScope {
Resource = controlApiResourceName, Scopes = new[] { controlApiResourceMasterScope, controlApiResourceTenantScope }.ToList()
}
},
ResponseTypes = new[] { "code" }.ToList(),
Scopes = GetControlClientScopes(),
RequirePkce = true,
AuthorizationCodeLifetime = 30,
IdTokenLifetime = 1800, // 30 minutes
AccessTokenLifetime = 1800, // 30 minutes
RefreshTokenLifetime = 86400, // 24 hours
RefreshTokenAbsoluteLifetime = 86400, // 24 hours
RefreshTokenUseOneTime = true,
RefreshTokenLifetimeUnlimited = false,
RequireLogoutIdTokenHint = true,
};
controlClientDownParty.SetTenantPartitionId();
await simpleTenantRepository.SaveAsync(controlClientDownParty);
Console.WriteLine("Control client document created and saved in Cosmos DB");
}
private async Task CreatePortalClientDocmentAsync(LoginUpParty loginUpParty)
{
Console.WriteLine("Creating portal client");
Console.Write("Add localhost test domain to enable local development [y/n] (default no): ");
var addLocalhostDomain = Console.ReadKey();
Console.WriteLine(string.Empty);
var portalClientRedirectUris = new List <string>();
portalClientRedirectUris.Add(settings.FoxIDsPortalAuthResponseEndpoint);
if (char.ToLower(addLocalhostDomain.KeyChar) == 'y')
{
portalClientRedirectUris.Add("https://localhost:44332");
}
var portalClientDownParty = new OidcDownParty();
await portalClientDownParty.SetIdAsync(new Party.IdKey {
TenantName = settings.MasterTenant, TrackName = settings.MasterTrack, PartyName = portalClientName
});
portalClientDownParty.AllowUpParties = new List <UpPartyLink> {
new UpPartyLink {
Name = loginUpParty.Name, Type = loginUpParty.Type
}
};
portalClientDownParty.Client = new OidcDownClient
{
RedirectUris = portalClientRedirectUris.ToList(),
ResourceScopes = new List <OAuthDownResourceScope> {
new OAuthDownResourceScope {
Resource = apiResourceName, Scopes = new[] { "foxids_tenant" }.ToList()
}
},
ResponseTypes = new[] { "code", "id_token", "token" }.ToList(),
AuthorizationCodeLifetime = 10,
IdTokenLifetime = 1800, // 30 minutes
AccessTokenLifetime = 1800, // 30 minutes
RefreshTokenLifetime = 86400, // 24 hours
RefreshTokenAbsoluteLifetime = 86400, // 24 hours
RefreshTokenUseOneTime = true,
RefreshTokenLifetimeUnlimited = false,
RequireLogoutIdTokenHint = true,
};
(var secret, var oauthClientSecret) = await CreateSecretAsync();
portalClientDownParty.Client.Secrets = new List <OAuthClientSecret> {
oauthClientSecret
};
portalClientDownParty.SetPartitionId();
await simpleTenantRepository.SaveAsync(portalClientDownParty);
Console.WriteLine("Portal client document created and saved in Cosmos DB");
Console.WriteLine($"Portal client secret is: {secret}");
}
public async Task CreateMasterControlClientDocmentAsync(string tenantName, string controlClientBaseUri, LoginUpParty loginUpParty, bool includeMasterTenantScope = false)
{
var mControlClientDownParty = new OidcDownParty
{
Name = Constants.ControlClient.ClientId
};
await mControlClientDownParty.SetIdAsync(new Party.IdKey {
TenantName = tenantName?.ToLower(), TrackName = Constants.Routes.MasterTrackName, PartyName = Constants.ControlClient.ClientId
});
mControlClientDownParty.AllowUpParties = new List <UpPartyLink> {
new UpPartyLink {
Name = loginUpParty.Name?.ToLower(), Type = loginUpParty.Type
}
};
mControlClientDownParty.AllowCorsOrigins = GetControlClientAllowCorsOrigins(controlClientBaseUri);
var scopes = new List <string> {
Constants.ControlApi.Scope.Tenant
};
if (includeMasterTenantScope)
{
scopes.Add(Constants.ControlApi.Scope.Master);
}
mControlClientDownParty.Client = new OidcDownClient
{
RedirectUris = GetControlClientRedirectUris(tenantName?.ToLower(), controlClientBaseUri).ToList(),
ResourceScopes = new List <OAuthDownResourceScope> {
new OAuthDownResourceScope {
Resource = Constants.ControlApi.ResourceName, Scopes = scopes
}
},
ResponseTypes = new[] { "code" }.ToList(),
Scopes = GetControlClientScopes(),
Claims = GetControlClientClaims(),
RequirePkce = true,
AuthorizationCodeLifetime = 30,
IdTokenLifetime = 3600, // 1 hours
AccessTokenLifetime = 3600, // 1 hours
RefreshTokenLifetime = 7200, // 2 hours
RefreshTokenAbsoluteLifetime = 21600, // 6 hours
RefreshTokenUseOneTime = true,
RefreshTokenLifetimeUnlimited = false,
RequireLogoutIdTokenHint = false,
};
await tenantRepository.CreateAsync(mControlClientDownParty);
}
public async Task UpdateOidcDownPartyAsync(OidcDownParty party) => await PutAsync(oidcApiUri, party);
public async Task CreateOidcDownPartyAsync(OidcDownParty party) => await PostAsync(oidcApiUri, party);
private OidcDownPartyViewModel ToViewModel(GeneralOidcDownPartyViewModel generalOidcDownParty, OidcDownParty oidcDownParty, List <OAuthClientSecretResponse> oidcDownSecrets)
{
return(oidcDownParty.Map <OidcDownPartyViewModel>(afterMap =>
{
if (afterMap.Client == null)
{
generalOidcDownParty.EnableClientTab = false;
}
else
{
generalOidcDownParty.EnableClientTab = true;
afterMap.Client.ExistingSecrets = oidcDownSecrets.Select(s => new OAuthClientSecretViewModel {
Name = s.Name, Info = s.Info
}).ToList();
var defaultResourceScopeIndex = afterMap.Client.ResourceScopes.FindIndex(r => r.Resource.Equals(generalOidcDownParty.Name, StringComparison.Ordinal));
if (defaultResourceScopeIndex > -1)
{
afterMap.Client.DefaultResourceScope = true;
var defaultResourceScope = afterMap.Client.ResourceScopes[defaultResourceScopeIndex];
if (defaultResourceScope.Scopes?.Count() > 0)
{
foreach (var scope in defaultResourceScope.Scopes)
{
afterMap.Client.DefaultResourceScopeScopes.Add(scope);
}
}
afterMap.Client.ResourceScopes.RemoveAt(defaultResourceScopeIndex);
}
else
{
afterMap.Client.DefaultResourceScope = false;
}
afterMap.Client.ScopesViewModel = afterMap.Client.Scopes.Map <List <OidcDownScopeViewModel> >() ?? new List <OidcDownScopeViewModel>();
}
if (afterMap.Resource == null)
{
generalOidcDownParty.EnableResourceTab = false;
}
else
{
generalOidcDownParty.EnableResourceTab = true;
}
if (afterMap.ClaimTransforms?.Count > 0)
{
afterMap.ClaimTransforms = afterMap.ClaimTransforms.MapClaimTransforms();
}
}));
}
private async Task CreateBlazorOidcAuthCodePkceSampleDownPartyAsync()
{
Func <string, Task> getAction = async(name) =>
{
_ = await foxIDsApiClient.GetOidcDownPartyAsync(name);
};
Func <string, Task> postAction = async(name) =>
{
var baseUrl = "https://localhost:44345";
var oidcDownParty = new OidcDownParty
{
Name = name,
AllowCorsOrigins = new[] { baseUrl },
AllowUpPartyNames = new[] { loginName, aspNetCoreSamlIdPSampleUpPartyName, identityserverOidcOpUpPartyName /*, "foxids_oidcpkce", "adfs_saml_idp"*/ },
Client = new OidcDownClient
{
ResourceScopes = new[]
{
// Scope to the application it self.
//new OAuthDownResourceScope { Resource = name },
// Scope to API1.
new OAuthDownResourceScope {
Resource = "aspnetcore_api1_sample", Scopes = new [] { "admin", "some_access" }
}
},
Scopes = new[]
{
new OidcDownScope {
Scope = "offline_access"
},
new OidcDownScope {
Scope = "profile", VoluntaryClaims = new[]
{
new OidcDownClaim {
Claim = JwtClaimTypes.Name, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.FamilyName, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.GivenName, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.MiddleName, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.Nickname
},
new OidcDownClaim {
Claim = JwtClaimTypes.PreferredUsername
},
new OidcDownClaim {
Claim = JwtClaimTypes.Profile
},
new OidcDownClaim {
Claim = JwtClaimTypes.Picture
},
new OidcDownClaim {
Claim = JwtClaimTypes.Website
},
new OidcDownClaim {
Claim = JwtClaimTypes.Gender
},
new OidcDownClaim {
Claim = JwtClaimTypes.Birthdate
},
new OidcDownClaim {
Claim = JwtClaimTypes.Zoneinfo
},
new OidcDownClaim {
Claim = JwtClaimTypes.Locale
},
new OidcDownClaim {
Claim = JwtClaimTypes.UpdatedAt
}
}
},
new OidcDownScope {
Scope = "email", VoluntaryClaims = new[]
{
new OidcDownClaim {
Claim = JwtClaimTypes.Email, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.EmailVerified
}
}
},
new OidcDownScope {
Scope = "address", VoluntaryClaims = new[]
{
new OidcDownClaim {
Claim = JwtClaimTypes.Address, InIdToken = true
}
}
},
new OidcDownScope {
Scope = "phone", VoluntaryClaims = new[]
{
new OidcDownClaim {
Claim = JwtClaimTypes.PhoneNumber, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.PhoneNumberVerified
},
}
},
},
Claims = new[]
{
new OidcDownClaim {
Claim = JwtClaimTypes.Email, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.Name, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.FamilyName, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.GivenName, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.Role, InIdToken = true
}
},
ResponseTypes = new[] { "code" },
RedirectUris = new[] { UrlCombine.Combine(baseUrl, "authentication/login-callback"), UrlCombine.Combine(baseUrl, "authentication/logout-callback") },
RequirePkce = true,
RequireLogoutIdTokenHint = true,
AuthorizationCodeLifetime = 30, // 30 seconds
IdTokenLifetime = 600, // 10 minutes
AccessTokenLifetime = 600, // 10 minutes
RefreshTokenLifetime = 900, // 15 minutes
RefreshTokenAbsoluteLifetime = 1200, // 20 minutes
RefreshTokenUseOneTime = false,
RefreshTokenLifetimeUnlimited = false
}
};
await foxIDsApiClient.PostOidcDownPartyAsync(oidcDownParty);
var secret = RandomGenerator.Generate(32);
await foxIDsApiClient.PostOidcClientSecretDownPartyAsync(new OAuthClientSecretRequest
{
PartyName = oidcDownParty.Name,
Secrets = new string[] { secret },
});
Console.WriteLine($"\t'{name}' client secret is: {secret}");
};
await CreateIfNotExistsAsync(blazorOidcAuthCodePkceSampleDownPartyName, getAction, postAction);
}
private async Task CreateAspNetCoreOidcImplicitSampleDownPartyAsync()
{
Func <string, Task> getAction = async(name) =>
{
_ = await foxIDsApiClient.GetOidcDownPartyAsync(name);
};
Func <string, Task> postAction = async(name) =>
{
var baseUrl = "https://localhost:44341";
var oidcDownParty = new OidcDownParty
{
Name = name,
AllowCorsOrigins = new[] { baseUrl },
AllowUpPartyNames = new[] { loginName, aspNetCoreSamlIdPSampleUpPartyName, identityserverOidcOpUpPartyName /*, "foxids_oidcpkce", "adfs_saml_idp"*/ },
Client = new OidcDownClient
{
ResourceScopes = new[]
{
// Scope to the application it self.
new OAuthDownResourceScope {
Resource = name
}
},
Scopes = new[]
{
new OidcDownScope {
Scope = "profile", VoluntaryClaims = new[]
{
new OidcDownClaim {
Claim = JwtClaimTypes.Name, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.FamilyName, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.GivenName, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.MiddleName, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.Nickname
},
new OidcDownClaim {
Claim = JwtClaimTypes.PreferredUsername
},
new OidcDownClaim {
Claim = JwtClaimTypes.Profile
},
new OidcDownClaim {
Claim = JwtClaimTypes.Picture
},
new OidcDownClaim {
Claim = JwtClaimTypes.Website
},
new OidcDownClaim {
Claim = JwtClaimTypes.Gender
},
new OidcDownClaim {
Claim = JwtClaimTypes.Birthdate
},
new OidcDownClaim {
Claim = JwtClaimTypes.Zoneinfo
},
new OidcDownClaim {
Claim = JwtClaimTypes.Locale
},
new OidcDownClaim {
Claim = JwtClaimTypes.UpdatedAt
}
}
},
new OidcDownScope {
Scope = "email", VoluntaryClaims = new[]
{
new OidcDownClaim {
Claim = JwtClaimTypes.Email, InIdToken = true
},
new OidcDownClaim {
Claim = JwtClaimTypes.EmailVerified
}
}
},
},
Claims = new[]
{
new OidcDownClaim {
Claim = JwtClaimTypes.Role, InIdToken = true
}
},
ResponseTypes = new[] { "id_token token", "id_token" },
RedirectUris = new[] { UrlCombine.Combine(baseUrl, "signin-oidc"), UrlCombine.Combine(baseUrl, "signout-callback-oidc") },
RequirePkce = false,
RequireLogoutIdTokenHint = true,
IdTokenLifetime = 3600, // 60 minutes
AccessTokenLifetime = 3600 // 60 minutes
}
};
await foxIDsApiClient.PostOidcDownPartyAsync(oidcDownParty);
};
await CreateIfNotExistsAsync(aspNetCoreOidcImplicitSampleDownPartyName, getAction, postAction);
}
public async Task <OidcDownParty> UpdateOidcDownPartyAsync(OidcDownParty party) => await PutResponseAsync <OidcDownParty, OidcDownParty>(oidcApiUri, party);
