/// <summary>
/// Gets the allowed client scopes.
/// </summary>
/// <param name="rockContext">The rock context.</param>
/// <param name="clientId">The client identifier.</param>
/// <returns></returns>
/// <exception cref="ArgumentException">
/// </exception>
public static IEnumerable <string> GetAllowedClientScopes(RockContext rockContext, string clientId)
{
if (rockContext == null)
{
throw new ArgumentException($"{nameof( rockContext )} cannot be null.");
}
if (clientId.IsNullOrWhiteSpace())
{
throw new ArgumentException($"{nameof( clientId )} cannot be null or empty.");
}
// The OpenId is required and should always be allowed.
var emptyScopeList = new List <string> {
};
var authClientService = new AuthClientService(rockContext);
var enabledClientScopes = authClientService
.Queryable()
.Where(ac => ac.ClientId == clientId)
.Select(ac => ac.AllowedScopes)
.FirstOrDefault();
if (enabledClientScopes.IsNullOrWhiteSpace())
{
return(emptyScopeList);
}
var parsedClientScopes = enabledClientScopes.FromJsonOrNull <List <string> >();
if (parsedClientScopes == null)
{
return(emptyScopeList);
}
var activeClientScopes = new AuthScopeService(rockContext)
.Queryable()
.Where(s => s.IsActive)
.Select(s => s.Name);
return(parsedClientScopes.Intersect(activeClientScopes));
}
/// <summary>
/// Gets the requested scopes.
/// </summary>
/// <returns></returns>
private List <string> GetRequestedScopes()
{
var scopes = new List <string> {
"Authorization"
};
var owinContext = Context.GetOwinContext();
var request = owinContext.GetOpenIdConnectRequest();
var requestedScopes = request.GetScopes();
var rockContext = new RockContext();
var authClientService = new AuthClientService(rockContext);
var clientAllowedClaims = authClientService
.Queryable()
.Where(ac => ac.ClientId == request.ClientId)
.Select(ac => ac.AllowedClaims).FirstOrDefault();
var parsedAllowedClientClaims = clientAllowedClaims.FromJsonOrNull <List <string> >();
if (parsedAllowedClientClaims == null)
{
return(new List <string>());
}
var authClaimService = new AuthClaimService(rockContext);
var activeAllowedClientClaims = authClaimService
.Queryable()
.Where(ac => parsedAllowedClientClaims.Contains(ac.Name))
.Where(ac => ac.IsActive)
.Where(ac => requestedScopes.Contains(ac.Scope.Name))
.Select(ac => new { Scope = ac.Scope.PublicName, Claim = ac.PublicName })
.GroupBy(ac => ac.Scope, ac => ac.Claim)
.ToList()
.Select(ac => new { Scope = ac.Key, Claims = string.Join(", ", ac.ToArray()) });
scopes.AddRange(activeAllowedClientClaims.Select(ac => ac.Scope == ac.Claims ? ac.Scope : ac.Scope + " (" + ac.Claims + ")"));
return(scopes);
//return scopeString.SplitDelimitedValues().ToList();
}
/// <summary>
/// Binds the grid.
/// </summary>
private void BindGrid()
{
var rockContext = new RockContext();
var authClientService = new AuthClientService(rockContext);
var authClientQuery = authClientService.Queryable().AsNoTracking();
if (tbName.Text.IsNotNullOrWhiteSpace())
{
authClientQuery = authClientQuery.Where(s => s.Name.Contains(tbName.Text));
}
if (ddlActiveFilter.SelectedIndex > -1)
{
switch (ddlActiveFilter.SelectedValue)
{
case "active":
authClientQuery = authClientQuery.Where(s => s.IsActive);
break;
case "inactive":
authClientQuery = authClientQuery.Where(s => !s.IsActive);
break;
}
}
// Sort
var sortProperty = gAuthClients.SortProperty;
if (sortProperty == null)
{
sortProperty = new SortProperty(new GridViewSortEventArgs("Name", SortDirection.Ascending));
}
authClientQuery = authClientQuery.Sort(sortProperty);
gAuthClients.SetLinqDataSource(authClientQuery);
gAuthClients.DataBind();
}
/// <summary>
/// Gets the allowed client claims.
/// </summary>
/// <param name="rockContext">The rock context.</param>
/// <param name="clientId">The client identifier.</param>
/// <param name="allowedClientScopes">The allowed client scopes.</param>
/// <returns></returns>
/// <exception cref="ArgumentException">
/// </exception>
public static IDictionary <string, string> GetAllowedClientClaims(RockContext rockContext, string clientId, IEnumerable <string> allowedClientScopes)
{
if (rockContext == null)
{
throw new ArgumentException($"{nameof( rockContext )} cannot be null.");
}
if (clientId.IsNullOrWhiteSpace())
{
throw new ArgumentException($"{nameof( clientId )} cannot be null or empty.");
}
var allowedClaimList = new Dictionary <string, string>();
var authClientService = new AuthClientService(rockContext);
var allowedClaims = authClientService.Queryable().Where(ac => ac.ClientId == clientId).Select(ac => ac.AllowedClaims).FirstOrDefault();
if (allowedClaims.IsNullOrWhiteSpace())
{
return(allowedClaimList);
}
var parsedClaims = allowedClaims.FromJsonOrNull <List <string> >();
if (parsedClaims == null)
{
return(allowedClaimList);
}
return(new AuthClaimService(rockContext)
.Queryable()
.Where(ac => parsedClaims.Contains(ac.Name))
.Where(ac => ac.IsActive)
.Where(ac => allowedClientScopes.Contains(ac.Scope.Name))
.Where(ac => ac.Scope.IsActive)
.ToDictionary(vc => vc.Name, vc => vc.Value));
}
