public async Task <IActionResult> Create(CreateOpenIdApplicationViewModel model, string returnUrl = null)
{
if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications))
{
return(Forbid());
}
if (!string.IsNullOrEmpty(model.ClientSecret) &&
string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelError(nameof(model.ClientSecret), S["No client secret can be set for public applications."]);
}
else if (string.IsNullOrEmpty(model.ClientSecret) &&
string.Equals(model.Type, OpenIddictConstants.ClientTypes.Confidential, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelError(nameof(model.ClientSecret), S["The client secret is required for confidential applications."]);
}
if (!string.IsNullOrEmpty(model.ClientId) && await _applicationManager.FindByClientIdAsync(model.ClientId) != null)
{
ModelState.AddModelError(nameof(model.ClientId), S["The client identifier is already taken by another application."]);
}
if (!ModelState.IsValid)
{
ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync();
ViewData["ReturnUrl"] = returnUrl;
return(View(model));
}
var settings = new OpenIdApplicationSettings()
{
AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow,
AllowClientCredentialsFlow = model.AllowClientCredentialsFlow,
AllowHybridFlow = model.AllowHybridFlow,
AllowImplicitFlow = model.AllowImplicitFlow,
AllowLogoutEndpoint = model.AllowLogoutEndpoint,
AllowPasswordFlow = model.AllowPasswordFlow,
AllowRefreshTokenFlow = model.AllowRefreshTokenFlow,
ClientId = model.ClientId,
ClientSecret = model.ClientSecret,
ConsentType = model.ConsentType,
DisplayName = model.DisplayName,
PostLogoutRedirectUris = model.PostLogoutRedirectUris,
RedirectUris = model.RedirectUris,
Roles = model.RoleEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(),
Scopes = model.ScopeEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(),
Type = model.Type
};
await _applicationManager.UpdateDescriptorFromSettings(settings);
if (string.IsNullOrEmpty(returnUrl))
{
return(RedirectToAction(nameof(Index)));
}
return(this.LocalRedirect(returnUrl, true));
}
public async Task ExecuteAsync(RecipeExecutionContext context)
{
if (!string.Equals(context.Name, "OpenIdApplication", StringComparison.OrdinalIgnoreCase))
{
return;
}
var model = context.Step.ToObject <OpenIdApplicationStepModel>();
var app = await _applicationManager.FindByClientIdAsync(model.ClientId);
var settings = new OpenIdApplicationSettings()
{
AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow,
AllowClientCredentialsFlow = model.AllowClientCredentialsFlow,
AllowHybridFlow = model.AllowHybridFlow,
AllowImplicitFlow = model.AllowImplicitFlow,
AllowIntrospectionEndpoint = model.AllowIntrospectionEndpoint,
AllowLogoutEndpoint = model.AllowLogoutEndpoint,
AllowPasswordFlow = model.AllowPasswordFlow,
AllowRefreshTokenFlow = model.AllowRefreshTokenFlow,
AllowRevocationEndpoint = model.AllowRevocationEndpoint,
ClientId = model.ClientId,
ClientSecret = model.ClientSecret,
ConsentType = model.ConsentType,
DisplayName = model.DisplayName,
PostLogoutRedirectUris = model.PostLogoutRedirectUris,
RedirectUris = model.RedirectUris,
Roles = model.RoleEntries.Select(x => x.Name).ToArray(),
Scopes = model.ScopeEntries.Select(x => x.Name).ToArray(),
Type = model.Type,
RequireProofKeyForCodeExchange = model.RequireProofKeyForCodeExchange,
};
await _applicationManager.UpdateDescriptorFromSettings(settings, app);
}
public async Task <IActionResult> Edit(EditOpenIdApplicationViewModel model, string returnUrl = null)
{
if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications))
{
return(Forbid());
}
var application = await _applicationManager.FindByPhysicalIdAsync(model.Id);
if (application == null)
{
return(NotFound());
}
// If the application was a public client and is now a confidential client, ensure a client secret was provided.
if (string.IsNullOrEmpty(model.ClientSecret) &&
!string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase) &&
await _applicationManager.HasClientTypeAsync(application, OpenIddictConstants.ClientTypes.Public))
{
ModelState.AddModelError(nameof(model.ClientSecret), S["Setting a new client secret is required."]);
}
if (!string.IsNullOrEmpty(model.ClientSecret) &&
string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelError(nameof(model.ClientSecret), S["No client secret can be set for public applications."]);
}
if (ModelState.IsValid)
{
var other = await _applicationManager.FindByClientIdAsync(model.ClientId);
if (other != null && !string.Equals(
await _applicationManager.GetIdAsync(other),
await _applicationManager.GetIdAsync(application), StringComparison.Ordinal))
{
ModelState.AddModelError(nameof(model.ClientId), S["The client identifier is already taken by another application."]);
}
}
if (!ModelState.IsValid)
{
ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync();
ViewData["ReturnUrl"] = returnUrl;
return(View(model));
}
var settings = new OpenIdApplicationSettings()
{
AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow,
AllowClientCredentialsFlow = model.AllowClientCredentialsFlow,
AllowHybridFlow = model.AllowHybridFlow,
AllowImplicitFlow = model.AllowImplicitFlow,
AllowIntrospectionEndpoint = model.AllowIntrospectionEndpoint,
AllowLogoutEndpoint = model.AllowLogoutEndpoint,
AllowPasswordFlow = model.AllowPasswordFlow,
AllowRefreshTokenFlow = model.AllowRefreshTokenFlow,
AllowRevocationEndpoint = model.AllowRevocationEndpoint,
ClientId = model.ClientId,
ClientSecret = model.ClientSecret,
ConsentType = model.ConsentType,
DisplayName = model.DisplayName,
PostLogoutRedirectUris = model.PostLogoutRedirectUris,
RedirectUris = model.RedirectUris,
Roles = model.RoleEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(),
Scopes = model.ScopeEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(),
Type = model.Type,
RequireProofKeyForCodeExchange = model.RequireProofKeyForCodeExchange
};
await _applicationManager.UpdateDescriptorFromSettings(settings, application);
if (string.IsNullOrEmpty(returnUrl))
{
return(RedirectToAction(nameof(Index)));
}
return(this.LocalRedirect(returnUrl, true));
}
