/// <summary> /// Returns a scope definition including default scopes and api scopes /// </summary> /// <param name="apiScopes">Enum flags for API scopes.</param> /// <param name="scopes">Default scopes that are added </param> /// <returns></returns> public static string GetScopes(ApiScopes apiScopes, DefaultScopes scopes = DefaultScopes.UserDefault) { var list = GetDefaultScopes(scopes); if (apiScopes.HasFlag(ApiScopes.SystemApiFullAccess)) { list.Add(SystemApiFullAccess); } else if (apiScopes.HasFlag(ApiScopes.SystemApiReadOnly)) { list.Add(SystemApiReadOnly); } if (apiScopes.HasFlag(ApiScopes.IdentityApiFullAccess)) { list.Add(IdentityApiFullAccess); } else if (apiScopes.HasFlag(ApiScopes.IdentityApiReadOnly)) { list.Add(IdentityApiReadOnly); } if (apiScopes.HasFlag(ApiScopes.JobApiFullAccess)) { list.Add(JobApiFullAccess); } else if (apiScopes.HasFlag(ApiScopes.JobApiReadOnly)) { list.Add(JobApiReadOnly); } return(String.Join(" ", list.ToArray())); }
public static IIdentityServerBuilder AddCustomIdentityServerServices(IServiceCollection services, IWebHostEnvironment env, GlobalSettings globalSettings) { services.AddTransient <IAuthorizationCodeStore, AuthorizationCodeStore>(); var issuerUri = new Uri(globalSettings.BaseServiceUri.InternalIdentity); var identityServerBuilder = services .AddIdentityServer(options => { options.Endpoints.EnableIntrospectionEndpoint = false; options.Endpoints.EnableEndSessionEndpoint = false; options.Endpoints.EnableUserInfoEndpoint = false; options.Endpoints.EnableCheckSessionEndpoint = false; options.Endpoints.EnableTokenRevocationEndpoint = false; options.IssuerUri = $"{issuerUri.Scheme}://{issuerUri.Host}"; options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0); if (env.IsDevelopment()) { options.Authentication.CookieSameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified; } }) .AddInMemoryCaching() .AddInMemoryApiResources(ApiResources.GetApiResources()) .AddInMemoryApiScopes(ApiScopes.GetApiScopes()) .AddClientStoreCache <ClientStore>() .AddCustomTokenRequestValidator <CustomTokenRequestValidator>() .AddProfileService <ProfileService>() .AddResourceOwnerValidator <ResourceOwnerPasswordValidator>() .AddPersistedGrantStore <PersistedGrantStore>() .AddClientStore <ClientStore>() .AddIdentityServerCertificate(env, globalSettings); services.AddTransient <ICorsPolicyService, CustomCorsPolicyService>(); return(identityServerBuilder); }
public async Task <IActionResult> Edit(int id, [Bind("Id,ApiResourceId,Description,DisplayName,Emphasize,Name,Required,ShowInDiscoveryDocument")] ApiScopes apiScopes) { if (id != apiScopes.Id) { return(NotFound()); } if (ModelState.IsValid) { try { _context.Update(apiScopes); await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!ApiScopesExists(apiScopes.Id)) { return(NotFound()); } else { throw; } } return(RedirectToAction(nameof(Index))); } return(View(apiScopes)); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddIdentityServer(options => { }) .AddDeveloperSigningCredential() .AddInMemoryClients(Clients.Configuration()) .AddInMemoryApiResources(ApiResources.Configuration()) .AddInMemoryApiScopes(ApiScopes.Configuration()); }
public static Scope MapScope(this ApiScopes apiScopes) { return(new Scope(name: apiScopes.Name, displayName: apiScopes.DisplayName) { Description = apiScopes.Description, Required = apiScopes.Required, Emphasize = apiScopes.Emphasize, ShowInDiscoveryDocument = apiScopes.ShowInDiscoveryDocument }); }
public async Task <IActionResult> Create([Bind("Id,ApiResourceId,Description,DisplayName,Emphasize,Name,Required,ShowInDiscoveryDocument")] ApiScopes apiScopes) { if (ModelState.IsValid) { _context.Add(apiScopes); await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); } return(View(apiScopes)); }
public void ConfigureServices(IServiceCollection services) { //MVC required because we will be serving some pages from identityserver services.AddMvc(option => option.EnableEndpointRouting = false); // SameSite problems: https://www.thinktecture.com/en/identity/samesite/prepare-your-identityserver/ services.ConfigureNonBreakingSameSiteCookies(); //register the IdentityServer services in DI and in-memory store for runtime state. (development-only) services.AddIdentityServer() //create temporary key material for signing tokens. Replace by persistent key material for production scenarios. .AddDeveloperSigningCredential() .AddInMemoryApiScopes(ApiScopes.GetApiScopes()) .AddInMemoryApiResources(ApiResources.GetApiResources()) .AddInMemoryClients(Clients.GetClients()) .AddTestUsers(Users.GetUsers()) .AddInMemoryApiResources(ApiResources.GetApiResources()) // adding api resources .AddInMemoryIdentityResources(IdentityResources.GetIdentityResources()); // <-- adding identity resources }
private async Task CleanupApiResourceAsync(ApiResource entity, CancellationToken cancellationToken = default(CancellationToken)) { //Remove old identity claims var apiResourceClaims = await ApiClaims.Where(x => x.ApiResource.Id == entity.Id).ToListAsync(); ApiClaims.RemoveRange(apiResourceClaims); //Remove old proprs var apiProps = await ApiProperties.Where(x => x.ApiResource.Id == entity.Id).ToListAsync(); ApiProperties.RemoveRange(apiProps); //Remove old scopes var apiScopes = await ApiScopes.Where(x => x.ApiResource.Id == entity.Id).ToListAsync(); ApiScopes.RemoveRange(apiScopes); //Remove old secrets var apiSecrets = await ApiSecrets.Where(x => x.ApiResource.Id == entity.Id).ToListAsync(); ApiSecrets.RemoveRange(apiSecrets); }
public static int Seed(ConfigurationDbContext context) { var missingClients = Clients.Where(x => !context.Clients.Any(y => y.ClientId == x.ClientId)); context.Clients.AddRange(missingClients.Select(x => x.ToEntity())); var missingApiResources = ApiResources.Where(x => !context.ApiResources.Any(y => y.Name == x.Name)); context.ApiResources.AddRange(missingApiResources.Select(x => x.ToEntity())); var missingApiScopes = ApiScopes.Where(x => !context.ApiScopes.Any(y => y.Name == x.Name)); context.ApiScopes.AddRange(missingApiScopes.Select(x => x.ToEntity())); var missingIdentityResources = IdentityResources.Where(x => !context.IdentityResources.Any(y => y.Name == x.Name)); foreach (var idr in missingIdentityResources) { var idrToEntity = idr.ToEntity(); if (idrToEntity.Name == IdentityServerConstants.StandardScopes.OpenId || idrToEntity.Name == IdentityServerConstants.StandardScopes.Profile) { idrToEntity.NonEditable = true; } context.IdentityResources.Add(idrToEntity); } try { context.SaveChanges(); } catch (Exception) { return(1); } return(0); }
/// <summary> /// retrieves the name from the session /// </summary> /// <param name="id"></param> /// <returns>string name of item @ id"#"</returns> public string FetchName(int id) { ApiScopes Name = _context.ApiScopes.Find(id); return(Name.DisplayName); }