private static Client BuildClient(IConfiguration configuration, string clientId) { var clientConf = configuration.GetSection(clientId); if (!clientConf.Exists()) { return(null); } var rootUri = clientConf.GetValue <string>("AppUri"); var secret = clientConf.GetValue <string>("Secret"); return(new Client { ClientId = clientId, ClientName = "Portal Teme WebApp", ClientUri = rootUri, AllowedGrantTypes = GrantTypes.HybridAndClientCredentials, AllowOfflineAccess = true, UpdateAccessTokenClaimsOnRefresh = true, //TODO: enable when the UI is done RequireConsent = false, ClientSecrets = { new Secret(secret.Sha256()) }, RedirectUris = { AuthenticationConstants.AngularAppLoginCallback(rootUri) }, PostLogoutRedirectUris = { AuthenticationConstants.AngularAppLogoutCallback(rootUri) }, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, AuthenticationConstants.RolesScope, AuthenticationConstants.ApplicationMainApi_FullAccessScope, AuthenticationConstants.ApplicationMainApi_ReadOnlyScope }, AlwaysIncludeUserClaimsInIdToken = true }); }
public AuthenticationScheme Create(AzureAdIdentityProvider identityProvider) { var options = _openIdConnectAuthOptions.CreateOptions(identityProvider.Alias); options.Authority = $"https://login.microsoftonline.com/{identityProvider.TenantId}"; options.ClientId = identityProvider.ClientIdGroupAzureAd; options.ClientSecret = identityProvider.ClientSecretGroupAzureAd; options.CallbackPath = "/auth/signin-callback"; options.TokenValidationParameters.NameClaimType = "name"; options.TokenValidationParameters.ValidAudience = identityProvider.ClientIdGroupAzureAd; options.MetadataAddress = AuthenticationConstants.GetOidcMetadataAddress(options.Authority); options.ConfigurationManager = CreateOidcConfigurationManager( options.BackchannelHttpHandler, options.BackchannelTimeout, options.MetadataAddress, options.RequireHttpsMetadata); options.Validate(); return(new AuthenticationScheme(identityProvider.Alias, identityProvider.Alias, typeof(OpenIdConnectHandler))); }