public void StringToAllowedGrantTypes()
{
foreach (var grantType in ToLists(AllowedGrantTypesString))
{
AllowedGrantTypes.Add(grantType);
}
}
public void SetDefaultValues()
{
switch (ClientType)
{
case ClientType.Empty:
break;
case ClientType.WebHybrid:
AllowedGrantTypes = AllowedGrantTypes.ToList().Concat(GrantTypes.Hybrid).ToList();
break;
case ClientType.Spa:
AllowedGrantTypes = AllowedGrantTypes.ToList().Concat(GrantTypes.Code).ToList();
RequirePkce = true;
RequireClientSecret = false;
break;
case ClientType.Native:
AllowedGrantTypes = AllowedGrantTypes.ToList().Concat(GrantTypes.Hybrid).ToList();
break;
case ClientType.Machine:
AllowedGrantTypes = AllowedGrantTypes.ToList().Concat(GrantTypes.ResourceOwnerPasswordAndClientCredentials).ToList();
break;
case ClientType.Device:
AllowedGrantTypes = AllowedGrantTypes.ToList().Concat(GrantTypes.DeviceFlow).ToList();
RequireClientSecret = false;
AllowOfflineAccess = true;
break;
}
}
public virtual void AddGrantTypes(IEnumerable <string> grantTypes)
{
AllowedGrantTypes.AddRange(
grantTypes.Select(
grantType => new ClientGrantType(Id, grantType)
)
);
}
public virtual void AddGrantType([NotNull] string grantType)
{
AllowedGrantTypes.Add(new ClientGrantType()
{
ClientId = Id,
GrantType = grantType
});
}
/// <summary>
/// Returns true if Oauth2Client instances are equal
/// </summary>
/// <param name="other">Instance of Oauth2Client to be compared</param>
/// <returns>Boolean</returns>
public bool Equals(Oauth2Client other)
{
if (other is null)
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return
((
ClientId == other.ClientId ||
ClientId != null &&
ClientId.Equals(other.ClientId)
) &&
(
Name == other.Name ||
Name != null &&
Name.Equals(other.Name)
) &&
(
AllowedGrantTypes == other.AllowedGrantTypes ||
AllowedGrantTypes != null &&
other.AllowedGrantTypes != null &&
AllowedGrantTypes.SequenceEqual(other.AllowedGrantTypes)
) &&
(
RedirectUris == other.RedirectUris ||
RedirectUris != null &&
other.RedirectUris != null &&
RedirectUris.SequenceEqual(other.RedirectUris)
) &&
(
AllowedCorsOrigins == other.AllowedCorsOrigins ||
AllowedCorsOrigins != null &&
other.AllowedCorsOrigins != null &&
AllowedCorsOrigins.SequenceEqual(other.AllowedCorsOrigins)
) &&
(
PostLogoutRedirectUris == other.PostLogoutRedirectUris ||
PostLogoutRedirectUris != null &&
other.PostLogoutRedirectUris != null &&
PostLogoutRedirectUris.SequenceEqual(other.PostLogoutRedirectUris)
) &&
(
AllowedScopes == other.AllowedScopes ||
AllowedScopes != null &&
other.AllowedScopes != null &&
AllowedScopes.SequenceEqual(other.AllowedScopes)
) &&
(
AllowedOfflineAccess == other.AllowedOfflineAccess ||
AllowedOfflineAccess.Equals(other.AllowedOfflineAccess)
));
}
public override bool Equals(object obj)
{
var other = obj as ClientModel;
if (other == null)
{
return(false);
}
var result =
AbsoluteRefreshTokenLifetime.SafeEquals(other.AbsoluteRefreshTokenLifetime) &&
AccessTokenLifetime.SafeEquals(other.AccessTokenLifetime) &&
AccessTokenType.SafeEquals(other.AccessTokenType) &&
AllowAccessTokensViaBrowser.SafeEquals(other.AllowAccessTokensViaBrowser) &&
AllowedCorsOrigins.SafeListEquals(other.AllowedCorsOrigins) &&
AllowedGrantTypes.SafeListEquals(other.AllowedGrantTypes) &&
AllowedScopes.SafeListEquals(other.AllowedScopes) &&
AllowOfflineAccess.SafeEquals(other.AllowOfflineAccess) &&
AllowPlainTextPkce.SafeEquals(other.AllowPlainTextPkce) &&
AllowRememberConsent.SafeEquals(other.AllowRememberConsent) &&
AlwaysSendClientClaims.SafeEquals(other.AlwaysSendClientClaims) &&
AuthorizationCodeLifetime.SafeEquals(other.AuthorizationCodeLifetime) &&
BackChannelLogoutSessionRequired.SafeEquals(other.BackChannelLogoutSessionRequired) &&
BackChannelLogoutUri.SafeEquals(other.BackChannelLogoutUri) &&
Claims.SafeListEquals(other.Claims) &&
ClientId.SafeEquals(other.ClientId) &&
ClientName.SafeEquals(other.ClientName) &&
ClientSecrets.SafeListEquals(other.ClientSecrets) &&
ClientUri.SafeEquals(other.ClientUri) &&
ConsentLifetime.SafeEquals(other.ConsentLifetime) &&
Enabled.SafeEquals(other.Enabled) &&
EnableLocalLogin.SafeEquals(other.EnableLocalLogin) &&
FrontChannelLogoutSessionRequired.SafeEquals(other.FrontChannelLogoutSessionRequired) &&
FrontChannelLogoutUri.SafeEquals(other.FrontChannelLogoutUri) &&
IdentityProviderRestrictions.SafeListEquals(other.IdentityProviderRestrictions) &&
IdentityTokenLifetime.SafeEquals(other.IdentityTokenLifetime) &&
IncludeJwtId.SafeEquals(other.IncludeJwtId) &&
LogoUri.SafeEquals(other.LogoUri) &&
LogoutSessionRequired.SafeEquals(other.LogoutSessionRequired) &&
LogoutUri.SafeEquals(other.LogoutUri) &&
PostLogoutRedirectUris.SafeListEquals(other.PostLogoutRedirectUris) &&
Properties.SafeEquals(other.Properties) &&
ProtocolType.SafeEquals(other.ProtocolType) &&
RedirectUris.SafeListEquals(other.RedirectUris) &&
RefreshTokenExpiration.SafeEquals(other.RefreshTokenExpiration) &&
RefreshTokenUsage.SafeEquals(other.RefreshTokenUsage) &&
RequireClientSecret.SafeEquals(other.RequireClientSecret) &&
RequireConsent.SafeEquals(other.RequireConsent) &&
RequirePkce.SafeEquals(other.RequirePkce) &&
SlidingRefreshTokenLifetime.SafeEquals(other.SlidingRefreshTokenLifetime) &&
UpdateAccessTokenClaimsOnRefresh.SafeEquals(other.UpdateAccessTokenClaimsOnRefresh);
return(result);
}
/// <summary>
/// Gets the hash code
/// </summary>
/// <returns>Hash code</returns>
public override int GetHashCode()
{
unchecked // Overflow is fine, just wrap
{
var hashCode = 41;
// Suitable nullity checks etc, of course :)
if (ClientId != null)
{
hashCode = hashCode * 59 + ClientId.GetHashCode();
}
if (Name != null)
{
hashCode = hashCode * 59 + Name.GetHashCode();
}
if (AllowedGrantTypes != null)
{
hashCode = hashCode * 59 + AllowedGrantTypes.GetHashCode();
}
if (RedirectUris != null)
{
hashCode = hashCode * 59 + RedirectUris.GetHashCode();
}
if (AllowedCorsOrigins != null)
{
hashCode = hashCode * 59 + AllowedCorsOrigins.GetHashCode();
}
if (PostLogoutRedirectUris != null)
{
hashCode = hashCode * 59 + PostLogoutRedirectUris.GetHashCode();
}
if (AllowedScopes != null)
{
hashCode = hashCode * 59 + AllowedScopes.GetHashCode();
}
if (ClientSecrets != null)
{
hashCode = hashCode * 59 + ClientSecrets.GetHashCode();
}
if (HashedClientSecrets != null)
{
hashCode = hashCode * 59 + HashedClientSecrets.GetHashCode();
}
hashCode = hashCode * 59 + AllowedOfflineAccess.GetHashCode();
hashCode = hashCode * 59 + AccessTokenLifetime.GetHashCode();
hashCode = hashCode * 59 + IdentityTokenLifetime.GetHashCode();
hashCode = hashCode * 59 + RequireConsent.GetHashCode();
return(hashCode);
}
}
public void Filter(List <string> existingClientIds)
{
Clients = Clients.Where(x => !existingClientIds.Contains(x.ClientId)).ToList();
ClientSecrets = ClientSecrets.Where(x => !existingClientIds.Contains(x.Client.ClientId)).ToList();
AllowedGrantTypes = AllowedGrantTypes.Where(x => !existingClientIds.Contains(x.Client.ClientId)).ToList();
RedirectUris = RedirectUris.Where(x => !existingClientIds.Contains(x.Client.ClientId)).ToList();
PostLogoutRedirectUris = PostLogoutRedirectUris.Where(x => !existingClientIds.Contains(x.Client.ClientId)).ToList();
AllowedScopes = AllowedScopes.Where(x => !existingClientIds.Contains(x.Client.ClientId)).ToList();
Claims = Claims.Where(x => !existingClientIds.Contains(x.Client.ClientId)).ToList();
AllowedCorsOrigins = AllowedCorsOrigins.Where(x => !existingClientIds.Contains(x.Client.ClientId)).ToList();
IdentityProviderRestrictions = IdentityProviderRestrictions.Where(x => !existingClientIds.Contains(x.Client.ClientId)).ToList();
Properties = Properties.Where(x => !existingClientIds.Contains(x.Client.ClientId)).ToList();
}
public async Task UpdateSettings(
IClientRepository repository,
string clientName,
string description,
string clientUri,
string logoUri,
bool requireClientSecret,
bool requireConsent,
bool alwaysIncludeUserClaimsInIdToken,
bool allowAccessTokensViaBrowser,
bool ResourceOwnerEnabled,
int identityTokenLifetime,
List <string> redirectUris,
List <string> allowedCorsOrigins,
List <string> allowedScopes
)
{
if (!await repository.HasUniqName(clientName, Id))
{
throw new ArgumentException("An other tenant has the same name.", nameof(clientName));
}
RequireClientSecret = requireClientSecret;
ClientName = clientName;
Description = description;
ClientUri = clientUri;
LogoUri = logoUri;
RequireConsent = requireConsent;
AlwaysIncludeUserClaimsInIdToken = alwaysIncludeUserClaimsInIdToken;
AllowAccessTokensViaBrowser = allowAccessTokensViaBrowser;
RedirectUris = redirectUris;
AllowedScopes = allowedScopes;
AllowedCorsOrigins = allowedCorsOrigins;
IdentityTokenLifetime = identityTokenLifetime;
if (ResourceOwnerEnabled)
{
AllowedGrantTypes = AllowedGrantTypes.Concat(IModels.GrantTypes.ResourceOwnerPassword).Distinct().ToList();
}
else
{
AllowedGrantTypes.RemoveAll(a => IModels.GrantTypes.ResourceOwnerPassword.Any(r => r == a));
}
}
public ClientGrantTypeDto FindGrantType(string grantType)
{
return AllowedGrantTypes.FirstOrDefault(r => r.GrantType == grantType);
}
public void RemoveGrantType(string grantType)
{
AllowedGrantTypes.RemoveAll(r => r.GrantType == grantType);
}
public void RemoveAllAllowedGrantTypes()
{
AllowedGrantTypes.Clear();
}
public void AddGrantType([NotNull] string grantType)
{
AllowedGrantTypes.Add(new ClientGrantTypeDto(Id, grantType));
}
/// <summary>
/// Returns true if Oauth2ClientSubmit instances are equal
/// </summary>
/// <param name="other">Instance of Oauth2ClientSubmit to be compared</param>
/// <returns>Boolean</returns>
public bool Equals(Oauth2ClientSubmit other)
{
if (other is null)
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return
((
ClientId == other.ClientId ||
ClientId != null &&
ClientId.Equals(other.ClientId)
) &&
(
Name == other.Name ||
Name != null &&
Name.Equals(other.Name)
) &&
(
AllowedGrantTypes == other.AllowedGrantTypes ||
AllowedGrantTypes != null &&
other.AllowedGrantTypes != null &&
AllowedGrantTypes.SequenceEqual(other.AllowedGrantTypes)
) &&
(
RedirectUris == other.RedirectUris ||
RedirectUris != null &&
other.RedirectUris != null &&
RedirectUris.SequenceEqual(other.RedirectUris)
) &&
(
AllowedCorsOrigins == other.AllowedCorsOrigins ||
AllowedCorsOrigins != null &&
other.AllowedCorsOrigins != null &&
AllowedCorsOrigins.SequenceEqual(other.AllowedCorsOrigins)
) &&
(
PostLogoutRedirectUris == other.PostLogoutRedirectUris ||
PostLogoutRedirectUris != null &&
other.PostLogoutRedirectUris != null &&
PostLogoutRedirectUris.SequenceEqual(other.PostLogoutRedirectUris)
) &&
(
AllowedScopes == other.AllowedScopes ||
AllowedScopes != null &&
other.AllowedScopes != null &&
AllowedScopes.SequenceEqual(other.AllowedScopes)
) &&
(
ClientSecrets == other.ClientSecrets ||
ClientSecrets != null &&
other.ClientSecrets != null &&
ClientSecrets.SequenceEqual(other.ClientSecrets)
) &&
(
HashedClientSecrets == other.HashedClientSecrets ||
HashedClientSecrets != null &&
other.HashedClientSecrets != null &&
HashedClientSecrets.SequenceEqual(other.HashedClientSecrets)
) &&
(
AllowedOfflineAccess == other.AllowedOfflineAccess ||
AllowedOfflineAccess.Equals(other.AllowedOfflineAccess)
) &&
(
AccessTokenLifetime == other.AccessTokenLifetime ||
AccessTokenLifetime.Equals(other.AccessTokenLifetime)
) &&
(
IdentityTokenLifetime == other.IdentityTokenLifetime ||
IdentityTokenLifetime.Equals(other.IdentityTokenLifetime)
) &&
(
RequireConsent == other.RequireConsent ||
RequireConsent.Equals(other.RequireConsent)
));
}
public virtual ClientGrantType FindGrantType(string grantType)
{
return(AllowedGrantTypes.FirstOrDefault(r => r.GrantType == grantType));
}
public void UpdateEntity(IdentityServer4.EntityFramework.Entities.Client entity)
{
entity.Enabled = Enabled;
entity.ClientId = ClientId;
entity.ProtocolType = ProtocolType;
entity.RequireClientSecret = RequireClientSecret;
entity.ClientName = ClientName;
entity.Description = Description;
entity.ClientUri = ClientUri;
entity.LogoUri = LogoUri;
entity.RequireConsent = RequireConsent;
entity.AllowRememberConsent = AllowRememberConsent;
entity.AlwaysIncludeUserClaimsInIdToken = AlwaysIncludeUserClaimsInIdToken;
entity.AllowedGrantTypes = AllowedGrantTypes.Select(x => new ClientGrantType
{
GrantType = x,
}).ToList();
entity.RequirePkce = RequirePkce;
entity.AllowPlainTextPkce = AllowPlainTextPkce;
entity.AllowAccessTokensViaBrowser = AllowAccessTokensViaBrowser;
entity.RedirectUris = RedirectUris.Select(x => new ClientRedirectUri
{
RedirectUri = x,
}).ToList();
entity.PostLogoutRedirectUris = PostLogoutRedirectUris.Select(x => new ClientPostLogoutRedirectUri
{
PostLogoutRedirectUri = x,
}).ToList();
entity.FrontChannelLogoutUri = FrontChannelLogoutUri;
entity.FrontChannelLogoutSessionRequired = FrontChannelLogoutSessionRequired;
entity.BackChannelLogoutUri = BackChannelLogoutUri;
entity.BackChannelLogoutSessionRequired = BackChannelLogoutSessionRequired;
entity.AllowOfflineAccess = AllowOfflineAccess;
entity.AllowedScopes = AllowedScopes.Select(x => new ClientScope
{
Scope = x,
}).ToList();
entity.IdentityTokenLifetime = IdentityTokenLifetime;
entity.AccessTokenLifetime = AccessTokenLifetime;
entity.AuthorizationCodeLifetime = AuthorizationCodeLifetime;
entity.ConsentLifetime = ConsentLifetime;
entity.AbsoluteRefreshTokenLifetime = AbsoluteRefreshTokenLifetime;
entity.SlidingRefreshTokenLifetime = SlidingRefreshTokenLifetime;
entity.RefreshTokenUsage = (int)RefreshTokenUsage;
entity.UpdateAccessTokenClaimsOnRefresh = UpdateAccessTokenClaimsOnRefresh;
entity.RefreshTokenExpiration = (int)RefreshTokenExpiration;
entity.AccessTokenType = (int)AccessTokenType;
entity.EnableLocalLogin = EnableLocalLogin;
entity.IdentityProviderRestrictions = IdentityProviderRestrictions.Select(x => new ClientIdPRestriction
{
Provider = x,
}).ToList();
entity.IncludeJwtId = IncludeJwtId;
entity.AlwaysSendClientClaims = AlwaysSendClientClaims;
entity.ClientClaimsPrefix = ClientClaimsPrefix;
entity.PairWiseSubjectSalt = PairWiseSubjectSalt;
entity.AllowedCorsOrigins = AllowedCorsOrigins.Select(x => new ClientCorsOrigin
{
Origin = x,
}).ToList();
entity.UserSsoLifetime = UserSsoLifetime;
entity.UserCodeType = UserCodeType;
entity.DeviceCodeLifetime = DeviceCodeLifetime;
}
