private async Task InitializeAsync(IServiceProvider services)
{
// Create a new service scope to ensure the database context is correctly disposed when this methods returns.
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>();
await context.Database.EnsureCreatedAsync();
var manager = scope.ServiceProvider
.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
const string clientId = "my-client";
if (await manager.FindByClientIdAsync(clientId) == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = clientId,
DisplayName = "My Client",
RedirectUris = { new Uri("https://localhost:5001") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.GrantTypes.Implicit,
// allow the openid scope
OpenIddictConstants.Permissions.Scopes.Profile,
}
};
await manager.CreateAsync(descriptor);
}
}
}
private static async Task InitializeAsync(IServiceProvider services, CancellationToken cancellationToken)
{
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
// Add OpenIddict clients
var iddictManager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await iddictManager.FindByClientIdAsync("client-app", cancellationToken) == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "client-app",
DisplayName = "Test Client App",
PostLogoutRedirectUris = { new Uri("http://localhost:8000/signout-oidc") },
RedirectUris = { new Uri("http://localhost:8000/signin-oidc") },
};
await iddictManager.CreateAsync(descriptor, cancellationToken);
}
// Create roles
var roleManager = scope.ServiceProvider.GetRequiredService <RoleManager <IdentityRole> >();
string[] roleNames = { "Administrator" };
foreach (var roleName in roleNames)
{
if (!await roleManager.RoleExistsAsync(roleName))
{
await roleManager.CreateAsync(new IdentityRole(roleName));
}
}
}
}
private async Task AddOpenIdConnectApplication(IConfiguration configuration)
{
if (await _openIddictApplicationManager.FindByClientIdAsync("botw") == null)
{
var host = configuration["HostUrl"].ToString();
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "botw",
DisplayName = "Best of the Worst",
PostLogoutRedirectUris = { new Uri($"{host}signout-oidc") },
RedirectUris = { new Uri(host) },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.Implicit,
OpenIddictConstants.Permissions.GrantTypes.Password,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles,
}
};
await _openIddictApplicationManager.CreateAsync(descriptor);
}
}
public async Task <Audience> SetupAudience(string appName, string displayName)
{
//todo: implement name check
string clientId = Guid.NewGuid().ToString().Replace("-", "").Substring(0, 15).ToUpper();
var AudiencesRepo = _dbContext.Audiences;
string secret = Guid.NewGuid().ToString().ToUpper();
string base64Secret = Convert.ToBase64String(Encoding.UTF8.GetBytes(secret));
Audience Audience = new Audience();
Audience.AppName = appName;
Audience.ClientId = clientId;
Audience.ClientSecret = secret;
Audience.CreatedOn = DateTime.Now;
await AudiencesRepo.AddAsync(Audience);
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = clientId,
ClientSecret = base64Secret,
DisplayName = displayName,
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.ClientCredentials,
OpenIddictConstants.Permissions.GrantTypes.Password,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken
}
};
await _openIddictConnectStore.CreateAsync(descriptor);
await _dbContext.SaveChangesAsync();
return(Audience);
}
private async Task AddClient(StartupClientData client, bool isVip = false)
{
using (var scope = _services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await manager.FindByClientIdAsync(client.ClientId) == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = client.ClientId,
ClientSecret = client.ClientSecret,
DisplayName = client.DisplayName,
Permissions =
{
//OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Token,
//OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles,
OpenIddictConstants.Permissions.GrantTypes.ClientCredentials,
}
};
if (isVip)
{
descriptor.Permissions.Add($"{OpenIddictConstants.Permissions.Prefixes.Scope}is_vip");
}
await manager.CreateAsync(descriptor);
}
}
}
private static async Task InitializeAsync(IServiceProvider services, CancellationToken cancellationToken)
{
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
// Add OpenIddict clients
var iddictManager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await iddictManager.FindByClientIdAsync("barco-rota", cancellationToken) == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "barco-rota",
DisplayName = "Barco Rota",
PostLogoutRedirectUris = { new Uri("https://barcorota.azurewebsites.net/signout-oidc") },
RedirectUris = { new Uri("https://barcorota.azurewebsites.net/signin-oidc") },
};
await iddictManager.CreateAsync(descriptor, cancellationToken);
}
// Create roles
var roleManager = scope.ServiceProvider.GetRequiredService <RoleManager <IdentityRole> >();
string[] roleNames = { Constants.ADMIN_ROLE, Constants.BARCO_ROLE, Constants.ROTA_ROLE, Constants.WOLF_ROLE };
foreach (var roleName in roleNames)
{
if (!await roleManager.RoleExistsAsync(roleName))
{
await roleManager.CreateAsync(new IdentityRole(roleName));
}
}
}
}
private async Task InitializeAsync(IServiceProvider services)
{
// Create a new service scope to ensure the database context is correctly disposed when this methods returns.
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>();
await context.Database.EnsureCreatedAsync();
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await manager.FindByClientIdAsync("console") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "console",
ClientSecret = "388D45FA-B36B-4988-BA59-B187D329C207",
DisplayName = "My client application",
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.ClientCredentials
}
};
await manager.CreateAsync(descriptor);
}
}
}
private async Task InitializeAsync(IServiceProvider services)
{
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <AuthenticationServerContext>();
await context.Database.EnsureCreatedAsync();
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await manager.FindByClientIdAsync("LKG.App") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "LKG.App",
ClientSecret = "73dfecb1-2ccf-4b5d-9293-5361adc5e02f",
DisplayName = "Админка сервисов",
RedirectUris = { new Uri("http://localhost:10234/lkg/signin-oidc") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
OpenIddictConstants.Permissions.Scopes.Profile
}
};
await manager.CreateAsync(descriptor);
}
}
}
public static async Task CreateClientApps(OpenIddictApplicationManager <OpenIddictApplication> manager,
CancellationToken cancellationToken)
{
if (await manager.FindByClientIdAsync(ClientAppHelper.CLIENT_WEB_ID,
cancellationToken) == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = ClientAppHelper.CLIENT_WEB_ID,
ClientSecret = ClientAppHelper.CLIENT_WEB_SECRET,
DisplayName = "Imanage Web App",
PostLogoutRedirectUris = { new Uri("https://imanage.azurewebsites.net/connect/token") },
RedirectUris = { new Uri("https://imanage.azurewebsites.net/connect/token") },
Type = OpenIddictConstants.ClientTypes.Hybrid,
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.Password,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles
}
};
await manager.CreateAsync(descriptor, cancellationToken);
}
}
public async static Task InitializeDbAsync(this IServiceProvider services, CancellationToken cancellationToken)
{
// Create a new service scope to ensure the database context is correctly disposed when this methods returns.
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <AppDbContext>();
await context.Database.EnsureCreatedAsync();
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication <string> > >();
if (await manager.FindByClientIdAsync("angular_client_s6BhdRkqt3", cancellationToken) == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "angular_client_s6BhdRkqt3",
DisplayName = "public_client",
RedirectUris = { new Uri("https://localhost:44329/players") },
PostLogoutRedirectUris = { new Uri("https://localhost:44329/login") }
};
await manager.CreateAsync(descriptor, cancellationToken);
}
await DbInitializer.InitializeAsync(context);
}
}
public override async Task PopulateAsync(TApplication application,
OpenIddictApplicationDescriptor descriptor, CancellationToken cancellationToken = default)
{
if (application == null)
{
throw new ArgumentNullException(nameof(application));
}
if (descriptor == null)
{
throw new ArgumentNullException(nameof(descriptor));
}
if (descriptor is OpenIdApplicationDescriptor model)
{
if (Store is IOpenIdApplicationStore <TApplication> store)
{
await store.SetRolesAsync(application, model.Roles.ToImmutableArray(), cancellationToken);
}
else
{
var properties = await Store.GetPropertiesAsync(application, cancellationToken);
properties[OpenIdConstants.Properties.Roles] = JArray.FromObject(model.Roles);
await Store.SetPropertiesAsync(application, properties, cancellationToken);
}
}
await base.PopulateAsync(application, descriptor, cancellationToken);
}
public override async ValueTask PopulateAsync(TApplication application,
OpenIddictApplicationDescriptor descriptor, CancellationToken cancellationToken = default)
{
if (application == null)
{
throw new ArgumentNullException(nameof(application));
}
if (descriptor == null)
{
throw new ArgumentNullException(nameof(descriptor));
}
if (descriptor is OpenIdApplicationDescriptor model)
{
if (Store is IOpenIdApplicationStore <TApplication> store)
{
await store.SetRolesAsync(application, model.Roles.ToImmutableArray(), cancellationToken);
}
else
{
var properties = await Store.GetPropertiesAsync(application, cancellationToken);
properties = properties.SetItem(OpenIdConstants.Properties.Roles, JsonSerializer.Deserialize <JsonElement>(
JsonSerializer.Serialize(model.Roles, new JsonSerializerOptions
{
Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping
})));
await Store.SetPropertiesAsync(application, properties, cancellationToken);
}
}
await base.PopulateAsync(application, descriptor, cancellationToken);
}
private static async Task AddClientApplications(ApplicationDbContext context, OpenIddictApplicationManager <OpenIddictApplication> manager)
{
const string clientId = "socialarts.club";
var app = await manager.FindByClientIdAsync(clientId);
if (app != null)
{
await manager.DeleteAsync(app);
}
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = clientId,
DisplayName = clientId,
// TODO: Read this from configuration.
RedirectUris =
{
new Uri("https://localhost:5001/MyProgressJournal"),
new Uri("https://socialarts.club/MyProgressJournal")
},
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.GrantTypes.Implicit,
OpenIddictConstants.Permissions.Scopes.OpenId,
}
};
await manager.CreateAsync(descriptor);
}
/// <summary>
/// Creates a new application based on the specified descriptor.
/// Note: the default implementation automatically hashes the client
/// secret before storing it in the database, for security reasons.
/// </summary>
/// <param name="descriptor">The application descriptor.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
/// <returns>
/// A <see cref="Task"/> that can be used to monitor the asynchronous operation,
/// whose result returns the unique identifier associated with the application.
/// </returns>
public override async Task <TApplication> CreateAsync(OpenIddictApplicationDescriptor descriptor, CancellationToken cancellationToken)
{
if (descriptor == null)
{
throw new ArgumentNullException(nameof(descriptor));
}
TApplication application = new Application() as TApplication;
if (application == null)
{
throw new InvalidOperationException("An error occurred while trying to create a new application");
}
//await PopulateAsync(application, descriptor, cancellationToken);
var secret = await Store.GetClientSecretAsync(application, cancellationToken);
if (!string.IsNullOrEmpty(secret))
{
await Store.SetClientSecretAsync(application, /* secret: */ null, cancellationToken);
return(await CreateAsync(application, secret, cancellationToken));
}
return(await CreateAsync(application, cancellationToken));
}
private static async Task InitializeApiClientAsync(IServiceProvider services, CancellationToken cancellationToken)
{
var manager = services.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
var clients = services.GetRequiredService <IConfiguration>().GetSection("Init").GetSection("ApiClients");
foreach (var client in clients.GetChildren())
{
var clientId = client.GetValue <string>("ClientId");
var clientSecret = client.GetValue <string>("ClientSecret");
var displayName = client.GetValue <string>("DisplayName");
var c = await manager.FindByClientIdAsync(clientId, cancellationToken);
if (c != null)
{
continue;
}
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = clientId,
ClientSecret = clientSecret,
DisplayName = displayName
};
await manager.CreateAsync(descriptor, cancellationToken);
}
}
public async Task <ActionResult <OAuthAppSearchResult> > SearchAsync(OAuthAppSearchCriteria criteria)
{
if (criteria.Sort.IsNullOrEmpty())
{
criteria.Sort = "DisplayName:ASC";
}
var apps = await _manager.ListAsync(x =>
x.OrderBySortInfos(criteria.SortInfos).Skip(criteria.Skip).Take(criteria.Take));
var appsTasks = apps.Select(async x =>
{
var descriptor = new OpenIddictApplicationDescriptor();
await _manager.PopulateAsync(descriptor, x);
descriptor.ClientSecret = "";
return(descriptor);
}).ToList();
var result = new OAuthAppSearchResult
{
Results = await Task.WhenAll(appsTasks),
TotalCount = (int)await _manager.CountAsync()
};
return(result);
}
private async Task InitializeAsync(IServiceProvider services)
{
// Create a new service scope to ensure the database context is correctly disposed when this methods returns.
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>();
await context.Database.EnsureCreatedAsync();
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await manager.FindByClientIdAsync("mvc") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "mvc",
ClientSecret = "901564A5-E7FE-42CB-B10D-61EF6A8F3654",
DisplayName = "MVC client application",
PostLogoutRedirectUris = { new Uri("http://localhost:53507/signout-callback-oidc") },
RedirectUris = { new Uri("http://localhost:53507/signin-oidc") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken
}
};
await manager.CreateAsync(descriptor);
}
// To test this sample with Postman, use the following settings:
//
// * Authorization URL: http://localhost:54540/connect/authorize
// * Access token URL: http://localhost:54540/connect/token
// * Client ID: postman
// * Client secret: [blank] (not used with public clients)
// * Scope: openid email profile roles
// * Grant type: authorization code
// * Request access token locally: yes
if (await manager.FindByClientIdAsync("postman") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "postman",
DisplayName = "Postman",
RedirectUris = { new Uri("https://www.getpostman.com/oauth2/callback") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode
}
};
await manager.CreateAsync(descriptor);
}
}
}
private async Task InitializeIdentityDbAsync(IServiceProvider services, CancellationToken cancellationToken)
{
using var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope();
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await manager.FindByClientIdAsync("SBSC.base", cancellationToken) == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "SBSC.base",
ClientSecret = "178e196b-04b5-40ff-b235-7ac541eed1c9",
DisplayName = "SBSC base Api client",
Type = OpenIddictConstants.ClientTypes.Hybrid,
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.Password,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles
}
};
await manager.CreateAsync(descriptor, cancellationToken);
}
}
public async Task <string> Handle(Request request)
{
if (!await RegistrationIsEnabledOrNecessary())
{
throw new Exception("Application registration is disabled");
}
await _validator.GuardAsync(request);
var existingApp = await _applicationManager.FindByClientIdAsync(request.ClientId !);
if (existingApp != null)
{
throw new ValidationException(new[] { new ValidationFailure(nameof(request.ClientId), $"ClientId {request.ClientId} already exists") });
}
var application = new OpenIddictApplicationDescriptor
{
ClientId = request.ClientId,
ClientSecret = request.ClientSecret,
DisplayName = request.DisplayName,
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.ClientCredentials,
OpenIddictConstants.Permissions.Prefixes.Scope + SecurityConstants.Scopes.AdminApiFullAccess
},
};
await _applicationManager.CreateAsync(application);
return($"Registered client {request.ClientId} successfully.");
}
private async Task AddOpenIdConnectOptions(IConfiguration configuration)
{
if (await _openIddictApplicationManager.FindByClientIdAsync("cleanarchitecture") == null)
{
var host = configuration["HostUrl"].ToString();
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "cleanarchitecture",
DisplayName = "CleanArchitecture",
PostLogoutRedirectUris = { new Uri($"{host}signout-oidc") },
RedirectUris = { new Uri(host) },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.Implicit,
OpenIddictConstants.Permissions.GrantTypes.Password,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken
}
};
await _openIddictApplicationManager.CreateAsync(descriptor);
}
}
private static async Task RegisterApplicationsAsync(IServiceProvider provider)
{
var manager = provider.GetRequiredService <IOpenIddictApplicationManager>();
if (await manager.FindByClientIdAsync("spa_client") is null)
{
await manager.CreateAsync(new OpenIddictApplicationDescriptor
{
ClientId = "spa_client",
// ClientSecret = "901564A5-E7FE-42CB-B10D-61EF6A8F3654",
ConsentType = ConsentTypes.Implicit,
DisplayName = "SPA Client Application",
PostLogoutRedirectUris =
{
new Uri("https://localhost:5001"),
new Uri("http://localhost:4200")
},
RedirectUris =
{
new Uri("https://localhost:5001"),
new Uri("http://localhost:4200")
},
Permissions =
{
Permissions.Endpoints.Authorization,
Permissions.Endpoints.Logout,
Permissions.Endpoints.Token,
Permissions.GrantTypes.AuthorizationCode,
Permissions.GrantTypes.RefreshToken,
Permissions.ResponseTypes.Code,
Permissions.Scopes.Email,
Permissions.Scopes.Profile,
Permissions.Scopes.Roles,
Permissions.Prefixes.Scope + "server_scope",
Permissions.Prefixes.Scope + "api_scope"
},
Requirements =
{
Requirements.Features.ProofKeyForCodeExchange
}
});
}
if (await manager.FindByClientIdAsync("api_service") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "api_service",
DisplayName = "API Service",
ClientSecret = "my-api-secret",
Permissions =
{
Permissions.Endpoints.Introspection
}
};
await manager.CreateAsync(descriptor);
}
}
public static OpenIddictApplicationDescriptor CopyClaims(this OpenIddictApplicationDescriptor application, IUser claims)
{
foreach (var group in claims.Claims.GroupBy(x => x.Type))
{
application.Properties[group.Key] = CreateParameter(group.Select(x => x.Value));
}
return(application);
}
private async Task SeedAsync(IServiceProvider services, IFeatureCollection serverFeatures, CancellationToken cancellationToken)
{
// Create a new service scope to ensure the database context is correctly disposed when this methods returns.
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <ApplicationIdentityDbContext>();
await context.Database.EnsureCreatedAsync();
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
var url = serverFeatures.Get <IServerAddressesFeature>();
System.Console.WriteLine(url.Addresses.Count);
/* var app = await manager.FindByClientIdAsync("mvc", cancellationToken);
*
* if (app != null)
* {
* await manager.DeleteAsync(app, cancellationToken);
* } */
if (await manager.FindByClientIdAsync("mvc", cancellationToken) == null)
{
var application = new OpenIddictApplicationDescriptor
{
ClientId = "mvc",
ClientSecret = "916fb5e0-95b5-4d62-9341-bacba3044076",
DisplayName = "MVC client application",
PostLogoutRedirectUris = { new Uri("http://localhost:5000/signout-callback-oidc") },
RedirectUris = { new Uri("http://localhost:5000/signin-oidc") }
};
await manager.CreateAsync(application, cancellationToken);
}
// To test this sample with Postman, use the following settings:
//
// * Authorization URL: http://localhost:54540/connect/authorize
// * Access token URL: http://localhost:54540/connect/token
// * Client ID: postman
// * Client secret: [blank] (not used with public clients)
// * Scope: openid email profile roles
// * Grant type: authorization code
// * Request access token locally: yes
if (await manager.FindByClientIdAsync("postman", cancellationToken) == null)
{
var application = new OpenIddictApplicationDescriptor
{
ClientId = "postman",
DisplayName = "Postman",
RedirectUris = { new Uri("https://www.getpostman.com/oauth2/callback") }
};
await manager.CreateAsync(application, cancellationToken);
}
}
}
private async Task InitializeAsync(IServiceProvider services)
{
// Create a new service scope to ensure the database context is correctly disposed when this methods returns.
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>();
await context.Database.EnsureCreatedAsync();
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await manager.FindByClientIdAsync("MobileApp") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "MobileApp",
ClientSecret = "901564A5-E7FE-42CB-B10D-61EF6A8F3654",
DisplayName = "Mobile client application",
PostLogoutRedirectUris = { new Uri("https://localhost:44342/signout-callback-oidc") },
RedirectUris = { new Uri("https://localhost:44342/signin-oidc") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
}
};
await manager.CreateAsync(descriptor);
}
if (await manager.FindByClientIdAsync("angular-app") == null)
{
var descriptorTest = new OpenIddictApplicationDescriptor
{
ClientId = "test-app",
DisplayName = "Angular Application",
ClientSecret = "901564A5-E7GE-42CB-B10D-61EF6A8F3654",
PostLogoutRedirectUris = { new Uri("https://oidcdebugger.com/debug") },
RedirectUris = { new Uri("https://oidcdebugger.com/debug") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken
}
};
await manager.CreateAsync(descriptorTest);
}
}
}
public async override ValueTask PopulateAsync(OpenIddictApplicationDescriptor descriptor, OpenIddictApplicationModel application, CancellationToken cancellationToken = default)
{
await base.PopulateAsync(descriptor, application, cancellationToken);
if (descriptor is AbpApplicationDescriptor model)
{
application.ClientUri = model.ClientUri;
application.LogoUri = model.LogoUri;
}
}
private async Task InitializeAsync(IServiceProvider services)
{
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <AuthorizationDbContext>();
await context.Database.EnsureCreatedAsync();
await CreateApplicationsAsync();
await CreateScopesAsync();
async Task CreateApplicationsAsync()
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
if (await manager.FindByClientIdAsync("angular-app") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "angular-app",
DisplayName = "Angular app client application",
PostLogoutRedirectUris = { new Uri("https://localhost:44382/bye") },
RedirectUris = { new Uri("https://localhost:44382/auth-callback"), new Uri("https://localhost:44382/silentrefresh") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.GrantTypes.Implicit,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles,
OpenIddictConstants.Permissions.Prefixes.Scope + "api1"
}
};
await manager.CreateAsync(descriptor);
}
}
async Task CreateScopesAsync()
{
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictScopeManager <OpenIddictScope> >();
if (await manager.FindByNameAsync("api1") == null)
{
var descriptor = new OpenIddictScopeDescriptor
{
Name = "api1",
Resources = { "resource-server-1" }
};
await manager.CreateAsync(descriptor);
}
}
}
}
public async Task StartAsync(CancellationToken cancellationToken)
{
using var scope = _serviceProvider.CreateScope();
var openIdDictManager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictEntityFrameworkCoreApplication> >();
var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>();
await context.Database.EnsureCreatedAsync();
var client = await openIdDictManager.FindByClientIdAsync("client1");
if (client != null)
{
await openIdDictManager.DeleteAsync(client);
}
var clientDetails = new OpenIddictApplicationDescriptor
{
ClientId = "client1",
ClientSecret = "secret",
RedirectUris = { new Uri("https://oidcdebugger.com/debug") },
DisplayName = "My client application",
Permissions =
{
Permissions.Endpoints.Authorization,
Permissions.Endpoints.Token,
Permissions.GrantTypes.AuthorizationCode,
Permissions.GrantTypes.RefreshToken,
Permissions.ResponseTypes.Code
}
};
await openIdDictManager.CreateAsync(clientDetails);
var userManager = scope.ServiceProvider.GetRequiredService <UserManager <ApplicationUser> >();
var testUser = await userManager.FindByEmailAsync("test@localhost");
if (testUser != null)
{
await userManager.DeleteAsync(testUser);
}
var newUser = new ApplicationUser()
{
Email = "test@localhost",
EmailConfirmed = true,
NormalizedEmail = "test@localhost",
UserName = "******"
};
var result = await userManager.CreateAsync(newUser, "Password123+");
if (!result.Succeeded)
{
throw new Exception("Failed to create a test user.");
}
}
public static async Task InitializeAsync(IServiceProvider services, CancellationToken cancellationToken)
{
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <MappedUserContext>();
await context.Database.EnsureCreatedAsync(cancellationToken);
}
// Create a new service scope to ensure the database context is correctly disposed when this methods returns.
using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <DbContext>();
await context.Database.EnsureCreatedAsync(cancellationToken);
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
//Copy and add other clients as needed
//This is a sample, please manage this properly in the database :)
if (await manager.FindByClientIdAsync("mvc", cancellationToken) == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "mvc",
ClientSecret = "901564A5-E7FE-42CB-B10D-61EF6A8F3654",
DisplayName = "MVC client application",
PostLogoutRedirectUris = { new Uri("http://localhost:53507/signout-callback-oidc") },
RedirectUris = { new Uri("http://localhost:53507/signin-oidc") }
};
await manager.CreateAsync(descriptor, cancellationToken);
}
// To test this sample with Postman, use the following settings:
//
// * Authorization URL: http://localhost:62210/connect/authorize
// * Access token URL: http://localhost:62210/connect/token
// * Client ID: postman
// * Client secret: [blank] (not used with public clients)
// * Scope: openid email profile roles
// * Grant type: authorization code
// * Request access token locally: yes
if (await manager.FindByClientIdAsync("postman", cancellationToken) == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "postman",
DisplayName = "Postman",
RedirectUris = { new Uri("https://www.getpostman.com/oauth2/callback") }
};
await manager.CreateAsync(descriptor, cancellationToken);
}
}
}
public static async Task RegisterOpenIddictClientApp(this IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
// Create a new service scope to ensure the database context is correctly disposed when this methods returns.
using (var scope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>();
if (!context.AllMigrationsApplied())
{
//await context.Database.EnsureCreatedAsync();
await context.Database.MigrateAsync();
}
// Note: when using a custom entity or a custom key type, replace OpenIddictApplication by the appropriate type.
var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >();
CancellationToken cancellationToken = CancellationToken.None;
string clientIdentifier = Startup.Configuration["Auth:ClientId"];
if (await manager.FindByClientIdAsync(clientIdentifier, cancellationToken) == null)
{
string clientSecret = Startup.Configuration["Auth:ClientSecret"]; // "[client secret]";
string redirectUri = Startup.Configuration["Auth:RedirectUrl"]; // "[redirect uri]";
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = clientIdentifier,
//ClientSecret = clientSecret.Sha256(),
RedirectUris = { new Uri(redirectUri) }
};
await manager.CreateAsync(descriptor, cancellationToken);
}
var userManager = scope.ServiceProvider.GetService <UserManager <ApplicationUser> >();
if (!userManager.Users.Any())
{
var user = new ApplicationUser()
{
UserName = "******"
};
var result = await userManager.CreateAsync(user, "12345");
if (result.Succeeded)
{
//user created
}
else
{
//failed
}
}
}
}
}
public async Task <BTCPayOpenIdClient> RegisterOpenIdClient(OpenIddictApplicationDescriptor descriptor, string secret = null)
{
var openIddictApplicationManager = parent.PayTester.GetService <OpenIddictApplicationManager <BTCPayOpenIdClient> >();
var client = new BTCPayOpenIdClient {
ApplicationUserId = UserId
};
await openIddictApplicationManager.PopulateAsync(client, descriptor);
await openIddictApplicationManager.CreateAsync(client, secret);
return(client);
}
