public static IEnumerable <Client> Get()
{
//var redirectUri = "http://localhost:5002";
var redirectUri = "https://fletnix.azurewebsites.net";
return(new List <Client> {
new Client {
ClientId = "fletnix",
ClientSecrets = new List <Secret> {
new Secret("secret".Sha256())
},
ClientName = "Fletnix totally not a copy of netflix...",
AllowedGrantTypes = GrantTypes.List(
GrantType.Implicit,
GrantType.ClientCredentials),
RequireConsent = false,
AllowAccessTokensViaBrowser = true,
AllowedScopes = new List <string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"role"
},
RedirectUris = new List <string> {
redirectUri + "/signin-oidc"
},
PostLogoutRedirectUris = new List <string> {
redirectUri
}
}
});
}
//Clientes, quem pode se conectar ao Identity Server, nesse caso, o app do Ionic
public static IEnumerable <Client> GetClients()
{
return(new List <Client>
{
new Client
{
ClientId = "jarbasApp",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.List(new [] { GrantType.ResourceOwnerPassword, "googleAuth" }),
AllowedScopes = { "jarbasApi", "offline_access" },
AllowOfflineAccess = true,
RefreshTokenUsage = TokenUsage.ReUse,
RefreshTokenExpiration = TokenExpiration.Sliding,
SlidingRefreshTokenLifetime = 60 * 60 * 24 * 7,
AccessTokenLifetime = 60 * 60 * 24 * 1,
AllowedCorsOrigins = { "http://localhost:8100" }
},
new Client
{
ClientId = "script",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "jarbasApi" },
AccessTokenLifetime = 60 * 60 * 24 * 1,
AllowedCorsOrigins = { "http://localhost:80" }
}
});
}
public void duplicate_values_should_throw()
{
var client = new Client();
Action act = () => client.AllowedGrantTypes = GrantTypes.List("custom1", "custom2", "custom1");
act.ShouldThrow <InvalidOperationException>();
}
public void empty_grant_type_list_should_throw_single()
{
var client = new Client();
Action act = () => client.AllowedGrantTypes = GrantTypes.List();
act.ShouldThrow <InvalidOperationException>();
}
public void grant_type_with_space_should_throw_single()
{
var client = new Client();
Action act = () => client.AllowedGrantTypes = GrantTypes.List("custo m2");
act.ShouldThrow <InvalidOperationException>();
}
public void custom_and_forbidden_grant_type_combinations_should_throw(string type1, string type2)
{
var client = new Client();
Action act = () => client.AllowedGrantTypes = GrantTypes.List("custom1", type2, "custom2", type1);
act.ShouldThrow <InvalidOperationException>();
}
// Clients want to access resources.
public static IEnumerable <Client> GetClients(int accessTokenLifetime, int refreshTokenLifetime)
{
// Clients credentials.
return(new List <Client>
{
// Local authentication client
new Client
{
ClientId = "coraltimeapp",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, // Resource Owner Password Credential grant.
AllowAccessTokensViaBrowser = true,
//AlwaysIncludeUserClaimsInIdToken = true, // Include claims in token
RequireClientSecret = false, // This client does not need a secret to request tokens from the token endpoint.
AccessTokenLifetime = accessTokenLifetime,
AbsoluteRefreshTokenLifetime = refreshTokenLifetime,
RefreshTokenExpiration = TokenExpiration.Absolute,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId, // For UserInfo endpoint.
IdentityServerConstants.StandardScopes.Profile,
"roles",
"WebAPI"
},
AllowOfflineAccess = true, // For refresh token.
},
// Authentication client for Azure AD
new Client
{
ClientId = "coraltimeazure",
RequireClientSecret = false, // This client does not need a secret to request tokens from the token endpoint.
//ClientSecrets =
//{
// new Secret("secret".Sha256())
//},
AllowedGrantTypes = GrantTypes.List("azureAuth"),
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId, // For UserInfo endpoint.
IdentityServerConstants.StandardScopes.Profile,
"roles",
"WebAPI"
},
AccessTokenLifetime = accessTokenLifetime,
AbsoluteRefreshTokenLifetime = refreshTokenLifetime,
RefreshTokenExpiration = TokenExpiration.Absolute,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
AllowOfflineAccess = true
}
});
}
public static IEnumerable <Client> GetClients()
{
return(new List <Client>
{
new Client
{
ClientId = "google",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.List("googleAuth"),
AllowedScopes =
{
"offline_access",
"api1"
}
},
new Client
{
ClientId = "resourceOwner",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes =
{
"offline_access",
"api1"
}
}
});
}
public static IEnumerable <Client> Get()
{
return(new List <Client>
{
///////////////////////////////////////////
// Console Client Credentials Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "client",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = new List <string>
{
"api1", "api2"
}
},
///////////////////////////////////////////
// Console Resource Owner Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Email.Name,
StandardScopes.OfflineAccess.Name,
StandardScopes.Address.Name,
"api1", "api2"
}
},
/////////////////////////////////////////
// Console Custom Grant Flow Sample
////////////////////////////////////////
new Client
{
ClientId = "client.custom",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.List("custom"),
AllowedScopes = new List <string>
{
"api1", "api2"
}
},
///////////////////////////////////////////
// Introspection Client Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient.reference",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List <string>
{
"api1", "api2"
},
AccessTokenType = AccessTokenType.Reference
},
});
}
public static IEnumerable <Client> Get()
{
return(new List <Client>
{
///////////////////////////////////////////
// Console Client Credentials Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes =
{
"api1", "api2"
}
},
new Client
{
ClientId = "client.identityscopes",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes =
{
"openid", "profile",
"api1", "api2"
}
},
new Client
{
ClientId = "client.no_default_scopes",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowAccessToAllScopes = true
},
///////////////////////////////////////////
// Console Resource Owner Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowOfflineAccess = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Email,
IdentityServerConstants.StandardScopes.Address,
"roles",
"api1", "api2", "api4.with.roles"
}
},
/////////////////////////////////////////
// Console Custom Grant Flow Sample
////////////////////////////////////////
new Client
{
ClientId = "client.custom",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.List("custom"),
AllowedScopes =
{
"api1", "api2"
}
},
///////////////////////////////////////////
// Introspection Client Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient.reference",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowOfflineAccess = true,
AllowedScopes =
{
"api1", "api2"
},
AccessTokenType = AccessTokenType.Reference
},
new Client
{
ClientName = "Client with Base64 encoded X509 Certificate",
ClientId = "certificate_base64_valid",
Enabled = true,
ClientSecrets =
{
new Secret
{
Type = IdentityServerConstants.SecretTypes.X509CertificateBase64,
Value = Convert.ToBase64String(TestCert.Load().Export(X509ContentType.Cert))
}
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = new List <string>
{
"api1", "api2"
},
},
});
}
public static IEnumerable <Client> Get()
{
return(new List <Client>
{
///////////////////////////////////////////
// Console Client Credentials Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "api1", "api2.read_only" },
},
///////////////////////////////////////////
// Console Client Credentials Flow with client JWT assertion
//////////////////////////////////////////
new Client
{
ClientId = "client.jwt",
ClientSecrets =
{
new Secret
{
Type = IdentityServerConstants.SecretTypes.X509CertificateBase64,
Value = "MIIDATCCAe2gAwIBAgIQoHUYAquk9rBJcq8W+F0FAzAJBgUrDgMCHQUAMBIxEDAOBgNVBAMTB0RldlJvb3QwHhcNMTAwMTIwMjMwMDAwWhcNMjAwMTIwMjMwMDAwWjARMQ8wDQYDVQQDEwZDbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSaY4x1eXqjHF1iXQcF3pbFrIbmNw19w/IdOQxbavmuPbhY7jX0IORu/GQiHjmhqWt8F4G7KGLhXLC1j7rXdDmxXRyVJBZBTEaSYukuX7zGeUXscdpgODLQVay/0hUGz54aDZPAhtBHaYbog+yH10sCXgV1Mxtzx3dGelA6pPwiAmXwFxjJ1HGsS/hdbt+vgXhdlzud3ZSfyI/TJAnFeKxsmbJUyqMfoBl1zFKG4MOvgHhBjekp+r8gYNGknMYu9JDFr1ue0wylaw9UwG8ZXAkYmYbn2wN/CpJl3gJgX42/9g87uLvtVAmz5L+rZQTlS1ibv54ScR2lcRpGQiQav/LAgMBAAGjXDBaMBMGA1UdJQQMMAoGCCsGAQUFBwMCMEMGA1UdAQQ8MDqAENIWANpX5DZ3bX3WvoDfy0GhFDASMRAwDgYDVQQDEwdEZXZSb290ghAsWTt7E82DjU1E1p427Qj2MAkGBSsOAwIdBQADggEBADLje0qbqGVPaZHINLn+WSM2czZk0b5NG80btp7arjgDYoWBIe2TSOkkApTRhLPfmZTsaiI3Ro/64q+Dk3z3Kt7w+grHqu5nYhsn7xQFAQUf3y2KcJnRdIEk0jrLM4vgIzYdXsoC6YO+9QnlkNqcN36Y8IpSVSTda6gRKvGXiAhu42e2Qey/WNMFOL+YzMXGt/nDHL/qRKsuXBOarIb++43DV3YnxGTx22llhOnPpuZ9/gnNY7KLjODaiEciKhaKqt/b57mTEz4jTF4kIg6BP03MUfDXeVlM1Qf1jB43G2QQ19n5lUiqTpmQkcfLfyci2uBZ8BkOhXr3Vk9HIk/xBXQ="
}
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "api1", "api2.read_only" }
},
///////////////////////////////////////////
// Custom Grant Sample
//////////////////////////////////////////
new Client
{
ClientId = "client.custom",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.List("custom"),
AllowedScopes = { "api1", "api2.read_only" }
},
///////////////////////////////////////////
// Console Resource Owner Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowOfflineAccess = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
"custom.profile",
"api1", "api2.read_only"
}
},
///////////////////////////////////////////
// Console Public Resource Owner Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient.public",
RequireClientSecret = false,
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowOfflineAccess = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only"
}
},
///////////////////////////////////////////
// Console Hybrid with PKCE Sample
//////////////////////////////////////////
new Client
{
ClientId = "console.hybrid.pkce",
ClientName = "Console Hybrid with PKCE Sample",
RequireClientSecret = false,
AllowedGrantTypes = GrantTypes.Hybrid,
RequirePkce = true,
RedirectUris = { "http://127.0.0.1:7890/" },
AllowOfflineAccess = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only",
},
},
///////////////////////////////////////////
// Introspection Client Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient.reference",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = { "api1", "api2.read_only" },
AccessTokenType = AccessTokenType.Reference
},
///////////////////////////////////////////
// MVC Implicit Flow Samples
//////////////////////////////////////////
new Client
{
ClientId = "mvc.implicit",
ClientName = "MVC Implicit",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://localhost:44077/signin-oidc" },
LogoutUri = "http://localhost:44077/signout-oidc",
PostLogoutRedirectUris = { "http://localhost:44077/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only"
},
},
///////////////////////////////////////////
// MVC Manual Implicit Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "mvc.manual",
ClientName = "MVC Manual",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Implicit,
RedirectUris = { "http://localhost:44077/home/callback" },
LogoutUri = "http://localhost:44077/signout-oidc",
PostLogoutRedirectUris = { "http://localhost:44077/" },
AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId },
},
///////////////////////////////////////////
// MVC Hybrid Flow Samples
//////////////////////////////////////////
new Client
{
ClientId = "mvc.hybrid",
ClientName = "MVC Hybrid",
ClientUri = "http://identityserver.io",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Hybrid,
AllowAccessTokensViaBrowser = false,
RedirectUris = { "http://localhost:21402/signin-oidc" },
LogoutUri = "http://localhost:21402/signout-oidc",
PostLogoutRedirectUris = { "http://localhost:21402/signout-callback-oidc" },
AllowOfflineAccess = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only",
},
},
///////////////////////////////////////////
// JS OAuth 2.0 Sample
//////////////////////////////////////////
new Client
{
ClientId = "js_oauth",
ClientName = "JavaScript OAuth 2.0 Client",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://localhost:28895/index.html" },
AllowedScopes = { "api1", "api2.read_only" },
},
///////////////////////////////////////////
// JS OIDC Sample
//////////////////////////////////////////
new Client
{
ClientId = "js_oidc",
ClientName = "JavaScript OIDC Client",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RequireClientSecret = false,
AccessTokenType = AccessTokenType.Reference,
RedirectUris =
{
"http://localhost:7017/index.html",
"http://localhost:7017/callback.html",
"http://localhost:7017/silent.html",
"http://localhost:7017/popup.html",
},
PostLogoutRedirectUris = { "http://localhost:7017/index.html" },
AllowedCorsOrigins = { "http://localhost:7017" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only"
},
},
});
}
public static IEnumerable <Client> Get()
{
return(new List <Client>
{
new Client
{
ClientName = "Code Client",
Enabled = true,
ClientId = "codeclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
RequireConsent = false,
RedirectUris = new List <string>
{
"https://server/cb",
},
AuthorizationCodeLifetime = 60
},
new Client
{
ClientName = "Code Client with PKCE",
Enabled = true,
ClientId = "codeclient.pkce",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
RequireConsent = false,
RedirectUris = new List <string>
{
"https://server/cb",
},
AuthorizationCodeLifetime = 60
},
new Client
{
ClientName = "Code Client with PKCE and plain allowed",
Enabled = true,
ClientId = "codeclient.pkce.plain",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowPlainTextPkce = true,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
RequireConsent = false,
RedirectUris = new List <string>
{
"https://server/cb",
},
AuthorizationCodeLifetime = 60
},
new Client
{
ClientName = "Hybrid Client",
Enabled = true,
ClientId = "hybridclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Hybrid,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
RedirectUris = new List <string>
{
"https://server/cb",
},
AuthorizationCodeLifetime = 60
},
new Client
{
ClientName = "Hybrid Client with PKCE",
Enabled = true,
ClientId = "hybridclient.pkce",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Hybrid,
RequirePkce = true,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
RedirectUris = new List <string>
{
"https://server/cb",
},
AuthorizationCodeLifetime = 60
},
new Client
{
ClientName = "Hybrid Client",
Enabled = true,
ClientId = "hybridclient_no_aavb",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Hybrid,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
AllowAccessTokensViaBrowser = false,
RequireConsent = false,
RedirectUris = new List <string>
{
"https://server/cb",
},
AuthorizationCodeLifetime = 60
},
new Client
{
ClientName = "Implicit Client",
ClientId = "implicitclient",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
RedirectUris = new List <string>
{
"oob://implicit/cb"
},
},
new Client
{
ClientName = "Implicit Client",
ClientId = "implicitclient_no_aavb",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
AllowAccessTokensViaBrowser = false,
RequireConsent = false,
RedirectUris = new List <string>
{
"oob://implicit/cb"
},
},
new Client
{
ClientName = "Implicit and Client Credentials Client",
Enabled = true,
ClientId = "implicit_and_client_creds_client",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
RequireConsent = false,
RedirectUris = new List <string>
{
"oob://implicit/cb"
},
},
new Client
{
ClientName = "Code Client with Scope Restrictions",
Enabled = true,
ClientId = "codeclient_restricted",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequireConsent = false,
AllowedScopes = new List <string>
{
"openid"
},
RedirectUris = new List <string>
{
"https://server/cb",
},
},
new Client
{
ClientName = "Client Credentials Client",
Enabled = true,
ClientId = "client",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
AccessTokenType = AccessTokenType.Jwt
},
new Client
{
ClientName = "Client Credentials Client (restricted)",
Enabled = true,
ClientId = "client_restricted",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = new List <string>
{
"resource"
},
},
new Client
{
ClientName = "Resource Owner Client",
Enabled = true,
ClientId = "roclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
AllowOfflineAccess = true
},
new Client
{
ClientName = "Resource Owner Client - Public",
Enabled = true,
ClientId = "roclient.public",
RequireClientSecret = false,
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
},
new Client
{
ClientName = "Resource Owner Client",
Enabled = true,
ClientId = "roclient_absolute_refresh_expiration_one_time_only",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
RefreshTokenExpiration = TokenExpiration.Absolute,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
AbsoluteRefreshTokenLifetime = 200
},
new Client
{
ClientName = "Resource Owner Client",
Enabled = true,
ClientId = "roclient_absolute_refresh_expiration_reuse",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
RefreshTokenExpiration = TokenExpiration.Absolute,
RefreshTokenUsage = TokenUsage.ReUse,
AbsoluteRefreshTokenLifetime = 200
},
new Client
{
ClientName = "Resource Owner Client",
Enabled = true,
ClientId = "roclient_sliding_refresh_expiration_one_time_only",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
RefreshTokenExpiration = TokenExpiration.Sliding,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
AbsoluteRefreshTokenLifetime = 10,
SlidingRefreshTokenLifetime = 4
},
new Client
{
ClientName = "Resource Owner Client",
Enabled = true,
ClientId = "roclient_sliding_refresh_expiration_reuse",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
RefreshTokenExpiration = TokenExpiration.Sliding,
RefreshTokenUsage = TokenUsage.ReUse,
AbsoluteRefreshTokenLifetime = 200,
SlidingRefreshTokenLifetime = 100
},
new Client
{
ClientName = "Resource Owner Client (restricted)",
Enabled = true,
ClientId = "roclient_restricted",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List <string>
{
"resource"
},
},
new Client
{
ClientName = "Resource Owner Client (restricted with refresh)",
Enabled = true,
ClientId = "roclient_restricted_refresh",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowOfflineAccess = true,
AllowedScopes = new List <string>
{
"resource",
},
},
new Client
{
ClientName = "Custom Grant Client",
Enabled = true,
ClientId = "customgrantclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.List("custom_grant"),
AllowedScopes = { "openid", "profile", "resource", "resource2" },
},
new Client
{
ClientName = "Disabled Client",
Enabled = false,
ClientId = "disabled",
ClientSecrets = new List <Secret>
{
new Secret("invalid".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
},
new Client
{
ClientName = "Reference Token Client",
Enabled = true,
ClientId = "referencetokenclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
AccessTokenType = AccessTokenType.Reference
},
new Client
{
ClientId = "wsfed",
ClientName = "WS-Fed Client",
ProtocolType = IdentityServerConstants.ProtocolTypes.WsFederation,
AllowedGrantTypes = GrantTypes.Implicit,
Enabled = true,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
RedirectUris = { "http://wsfed/callback" }
},
new Client
{
ClientId = "client.cred.wsfed",
ClientName = "WS-Fed Client",
ProtocolType = IdentityServerConstants.ProtocolTypes.WsFederation,
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = { new Secret("secret".Sha256()) },
Enabled = true,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
},
new Client
{
ClientId = "client.implicit",
ClientName = "Implicit Client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes = { "openid", "profile", "resource", "resource2" },
},
new Client
{
ClientId = "implicit_and_client_creds",
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials,
AllowedScopes = { "api1" }
},
});
}
public static IEnumerable <Client> Get()
{
return(new List <Client>
{
///////////////////////////////////////////
// Console Client Credentials Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "client",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = new List <string>
{
"api1", "api2"
}
},
///////////////////////////////////////////
// Custom Grant Sample
//////////////////////////////////////////
new Client
{
ClientId = "client.custom",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.List("custom"),
AllowedScopes = new List <string>
{
"api1", "api2"
}
},
///////////////////////////////////////////
// Console Resource Owner Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Email.Name,
StandardScopes.OfflineAccess.Name,
"api1", "api2"
}
},
///////////////////////////////////////////
// Introspection Client Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient.reference",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List <string>
{
"api1", "api2"
},
AccessTokenType = AccessTokenType.Reference
},
///////////////////////////////////////////
// MVC Implicit Flow Samples
//////////////////////////////////////////
new Client
{
ClientId = "mvc.implicit",
ClientName = "MVC Implicit",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = new List <string>
{
"http://localhost:44077/signin-oidc"
},
PostLogoutRedirectUris = new List <string>
{
"http://localhost:44077/"
},
LogoutUri = "http://localhost:44077/signout-oidc",
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.Email.Name,
StandardScopes.Roles.Name,
"api1", "api2"
},
},
///////////////////////////////////////////
// MVC Hybrid Flow Samples
//////////////////////////////////////////
new Client
{
ClientId = "mvc.hybrid",
ClientName = "MVC Hybrid",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Hybrid,
AllowAccessTokensViaBrowser = false,
RedirectUris = new List <string>
{
"http://localhost:21402/signin-oidc"
},
PostLogoutRedirectUris = new List <string>
{
"http://localhost:21402/"
},
LogoutUri = "http://localhost:21402/signout-oidc",
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.Email.Name,
StandardScopes.Roles.Name,
StandardScopes.OfflineAccess.Name,
"api1", "api2",
},
},
///////////////////////////////////////////
// JS OAuth 2.0 Sample
//////////////////////////////////////////
new Client
{
ClientId = "js_oauth",
ClientName = "JavaScript OAuth 2.0 Client",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = new List <string>
{
"http://localhost:28895/index.html"
},
AllowedScopes = new List <string>
{
"api1", "api2"
},
},
///////////////////////////////////////////
// JS OIDC Sample
//////////////////////////////////////////
new Client
{
ClientId = "js_oidc",
ClientName = "JavaScript OIDC Client",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = new List <string>
{
"http://localhost:7017/index.html",
"http://localhost:7017/silent_renew.html",
},
PostLogoutRedirectUris = new List <string>
{
"http://localhost:7017/index.html",
},
AllowedCorsOrigins = new List <string>
{
"http://localhost:7017"
},
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.Email.Name,
StandardScopes.Roles.Name,
"api1", "api2"
},
},
});
}
public static List <Client> Get()
{
return(new List <Client>
{
new Client
{
ClientName = "UserAuthProvider.ServiceStack.SelfHost",
ClientId = "UserAuthProvider.ServiceStack.SelfHost",
Enabled = true,
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets = new List <Secret>
{
new Secret("F621F470-9731-4A25-80EF-67A6F7C5F4B8".Sha256())
},
RedirectUris = new List <string>
{
"http://localhost:5001/auth/IdentityServer"
},
AllowedScopes = new List <string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"UserAuthProvider.ServiceStack.SelfHost"
},
AllowOfflineAccess = true,
RequireConsent = false
},
// Service Web Client
new Client
{
ClientName = "ServiceAuthProvider.ServiceStack.SelfHost",
ClientId = "ServiceAuthProvider.ServiceStack.SelfHost",
Enabled = true,
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets = new List <Secret>
{
new Secret("26631ded-6165-4bdd-900d-182028495a8c".Sha256())
},
RedirectUris = new List <string>
{
"http://localhost:5001/auth/IdentityServer"
},
AllowedScopes = new List <string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"ServiceAuthProvider.ServiceStack.SelfHost"
},
AllowOfflineAccess = true,
RequireConsent = false
},
new Client
{
ClientName = "ServiceAuthProvider.ServiceStack.Api.SelfHost",
ClientId = "ServiceAuthProvider.ServiceStack.Api.SelfHost",
Enabled = true,
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List <Secret>
{
new Secret("358bbaad-7921-4785-999e-adfbef1eb1d1".Sha256())
},
AllowedScopes = new List <string>
{
IdentityServerConstants.StandardScopes.OpenId,
"ServiceAuthProvider.ServiceStack.Api.SelfHost"
}
},
// Impersonate Web Client
new Client
{
ClientName = "ImpersonateAuthProvider.ServiceStack.SelfHost",
ClientId = "ImpersonateAuthProvider.ServiceStack.SelfHost",
Enabled = true,
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = GrantTypes.Hybrid,
ClientSecrets = new List <Secret>
{
new Secret("99e1ae38-866c-4ff4-b9e0-dcfaeb3dbb4a".Sha256())
},
RedirectUris = new List <string>
{
"http://localhost:5001/auth/IdentityServer"
},
RequireConsent = false,
AllowedScopes = new List <string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"ImpersonateAuthProvider.ServiceStack.SelfHost"
},
AllowOfflineAccess = true
},
new Client
{
ClientName = "ImpersonateAuthProvider.ServiceStack.Api.SelfHost",
ClientId = "ImpersonateAuthProvider.ServiceStack.Api.SelfHost",
Enabled = true,
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = GrantTypes.List(ActAsUserGrantValidator.GrantTypeName),
ClientSecrets = new List <Secret>
{
new Secret("a9c08d7b-ffc2-49f4-99c9-ce232d9f0cf6".Sha256())
},
AllowedScopes = new List <string>
{
IdentityServerConstants.StandardScopes.OpenId,
"ImpersonateAuthProvider.ServiceStack.Api.SelfHost"
}
}
});
}
private async Task LoadIdentityServer4Data()
{
var fullClientStore = P7.Core.Global.ServiceProvider.GetServices <IFullClientStore>().FirstOrDefault();
await fullClientStore.InsertClientAsync(new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "arbitrary" }
});
await fullClientStore.InsertClientAsync(new Client
{
ClientId = "resource-owner-client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowOfflineAccess = true,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "arbitrary" }
});
await fullClientStore.InsertClientAsync(new Client
{
ClientId = "public-resource-owner-client",
AllowedGrantTypes = GrantTypes.List("public_refresh_token"),
RequireClientSecret = false,
AllowedScopes = { "arbitrary" }
});
var apiResourceList = new List <ApiResource>
{
new ApiResource("arbitrary", "Arbitrary Scope")
{
ApiSecrets =
{
new Secret("secret".Sha256())
}
}
};
var resourceStore = P7.Core.Global.ServiceProvider.GetServices <IResourceStore>().FirstOrDefault();
var adminResourceStore = P7.Core.Global.ServiceProvider.GetServices <IAdminResourceStore>().FirstOrDefault();
foreach (var apiResource in apiResourceList)
{
await adminResourceStore.ApiResourceStore.InsertApiResourceAsync(apiResource);
}
var dd = await adminResourceStore.ApiResourceStore.PageAsync(10, null);
}
public static IEnumerable <Client> Get()
{
return(new List <Client>
{
new Client
{
ClientName = "Code Client",
Enabled = true,
ClientId = "codeclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
AllowAccessToAllScopes = true,
RequireConsent = false,
RedirectUris = new List <string>
{
"https://server/cb",
},
AuthorizationCodeLifetime = 60
},
new Client
{
ClientName = "Hybrid Client",
Enabled = true,
ClientId = "hybridclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
AllowAccessToAllScopes = true,
RequireConsent = false,
RedirectUris = new List <string>
{
"https://server/cb",
},
AuthorizationCodeLifetime = 60
},
new Client
{
ClientName = "Implicit Client",
ClientId = "implicitclient",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessToAllScopes = true,
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
RedirectUris = new List <string>
{
"oob://implicit/cb"
},
},
new Client
{
ClientName = "Implicit and Client Credentials Client",
Enabled = true,
ClientId = "implicit_and_client_creds_client",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials,
AllowAccessToAllScopes = true,
RequireConsent = false,
RedirectUris = new List <string>
{
"oob://implicit/cb"
},
},
new Client
{
ClientName = "Code Client with Scope Restrictions",
Enabled = true,
ClientId = "codeclient_restricted",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequireConsent = false,
AllowedScopes = new List <string>
{
"openid"
},
RedirectUris = new List <string>
{
"https://server/cb",
},
},
new Client
{
ClientName = "Client Credentials Client",
Enabled = true,
ClientId = "client",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowAccessToAllScopes = true,
AccessTokenType = AccessTokenType.Jwt
},
new Client
{
ClientName = "Client Credentials Client (restricted)",
Enabled = true,
ClientId = "client_restricted",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = new List <string>
{
"resource"
},
},
new Client
{
ClientName = "Resource Owner Client",
Enabled = true,
ClientId = "roclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowAccessToAllScopes = true,
},
new Client
{
ClientName = "Resource Owner Client",
Enabled = true,
ClientId = "roclient_absolute_refresh_expiration_one_time_only",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowAccessToAllScopes = true,
RefreshTokenExpiration = TokenExpiration.Absolute,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
AbsoluteRefreshTokenLifetime = 200
},
new Client
{
ClientName = "Resource Owner Client",
Enabled = true,
ClientId = "roclient_absolute_refresh_expiration_reuse",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowAccessToAllScopes = true,
RefreshTokenExpiration = TokenExpiration.Absolute,
RefreshTokenUsage = TokenUsage.ReUse,
AbsoluteRefreshTokenLifetime = 200
},
new Client
{
ClientName = "Resource Owner Client",
Enabled = true,
ClientId = "roclient_sliding_refresh_expiration_one_time_only",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowAccessToAllScopes = true,
RefreshTokenExpiration = TokenExpiration.Sliding,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
AbsoluteRefreshTokenLifetime = 10,
SlidingRefreshTokenLifetime = 4
},
new Client
{
ClientName = "Resource Owner Client",
Enabled = true,
ClientId = "roclient_sliding_refresh_expiration_reuse",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowAccessToAllScopes = true,
RefreshTokenExpiration = TokenExpiration.Sliding,
RefreshTokenUsage = TokenUsage.ReUse,
AbsoluteRefreshTokenLifetime = 200,
SlidingRefreshTokenLifetime = 100
},
new Client
{
ClientName = "Resource Owner Client (restricted)",
Enabled = true,
ClientId = "roclient_restricted",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List <string>
{
"resource"
},
},
new Client
{
ClientName = "Resource Owner Client (restricted with refresh)",
Enabled = true,
ClientId = "roclient_restricted_refresh",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List <string>
{
"resource",
"offline_access"
},
},
new Client
{
ClientName = "Custom Grant Client",
Enabled = true,
ClientId = "customgrantclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.List("custom_grant"),
AllowAccessToAllScopes = true,
},
new Client
{
ClientName = "Disabled Client",
Enabled = false,
ClientId = "disabled",
ClientSecrets = new List <Secret>
{
new Secret("invalid".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowAccessToAllScopes = true,
},
new Client
{
ClientName = "Reference Token Client",
Enabled = true,
ClientId = "referencetokenclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessToAllScopes = true,
AccessTokenType = AccessTokenType.Reference
}
});
}
// clients want to access resources (aka scopes)
public static IEnumerable <Client> GetClients()
{
return(new List <Client>
{
///////////////////////////////////////////
// Console Client Credentials Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "client",
ClientName = "client",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = new List <string>
{
"api1", "api2"
}
},
///////////////////////////////////////////
// Custom Grant Sample
//////////////////////////////////////////
new Client
{
ClientId = "client.custom",
ClientName = "client.custom",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.List("custom"),
AllowedScopes = new List <string>
{
"api1", "api2"
}
},
///////////////////////////////////////////
// Console Resource Owner Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient",
ClientName = "roclient",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Email.Name,
StandardScopes.OfflineAccess.Name,
"api1", "api2"
}
},
///////////////////////////////////////////
// Console Public Resource Owner Flow Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient.public",
ClientName = "roclient.public",
RequireClientSecret = false,
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Email.Name,
StandardScopes.OfflineAccess.Name,
"api1", "api2"
}
},
///////////////////////////////////////////
// Console Hybrid with PKCE Sample
//////////////////////////////////////////
new Client
{
ClientId = "console.hybrid.pkce",
ClientName = "Console Hybrid with PKCE Sample",
RequireClientSecret = false,
AllowedGrantTypes = GrantTypes.Hybrid,
RequirePkce = true,
RedirectUris = new List <string>
{
"http://127.0.0.1:7890/"
},
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.Email.Name,
StandardScopes.Roles.Name,
StandardScopes.OfflineAccess.Name,
"api1", "api2",
},
},
///////////////////////////////////////////
// Introspection Client Sample
//////////////////////////////////////////
new Client
{
ClientId = "roclient.reference",
ClientName = "roclient.reference",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List <string>
{
"api1", "api2"
},
AccessTokenType = AccessTokenType.Reference
},
///////////////////////////////////////////
// MVC Implicit Flow Samples
//////////////////////////////////////////
new Client
{
ClientId = "mvc.implicit",
ClientName = "MVC Implicit",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = new List <string>
{
"http://localhost:44077/signin-oidc"
},
PostLogoutRedirectUris = new List <string>
{
"http://localhost:44077/"
},
LogoutUri = "http://localhost:44077/signout-oidc",
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.Email.Name,
StandardScopes.Roles.Name,
"api1", "api2"
},
},
///////////////////////////////////////////
// MVC Hybrid Flow Samples
//////////////////////////////////////////
new Client
{
ClientId = "mvc.hybrid",
ClientName = "MVC Hybrid",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Hybrid,
AllowAccessTokensViaBrowser = false,
RedirectUris = new List <string>
{
"http://localhost:21402/signin-oidc"
},
PostLogoutRedirectUris = new List <string>
{
"http://localhost:21402/"
},
LogoutUri = "http://localhost:21402/signout-oidc",
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.Email.Name,
StandardScopes.Roles.Name,
StandardScopes.OfflineAccess.Name,
"api1", "api2",
},
},
///////////////////////////////////////////
// JS OAuth 2.0 Sample
//////////////////////////////////////////
new Client
{
ClientId = "js_oauth",
ClientName = "JavaScript OAuth 2.0 Client",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = new List <string>
{
"http://localhost:28895/index.html"
},
AllowedCorsOrigins = new List <string>
{
"http://localhost:28895"
},
AllowedScopes = new List <string>
{
"api1", "api2"
},
},
///////////////////////////////////////////
// JS OIDC Sample
//////////////////////////////////////////
new Client
{
ClientId = "js_oidc",
ClientName = "JavaScript OIDC Client",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = new List <string>
{
"http://localhost:5000/index.html",
"http://localhost:5000/silent_renew.html",
},
PostLogoutRedirectUris = new List <string>
{
"http://localhost:5000/index.html",
},
AllowedCorsOrigins = new List <string>
{
"http://localhost:5000"
},
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.Email.Name,
StandardScopes.Roles.Name,
"api1", "api2"
},
},
new Client
{
ClientId = "Postman",
ClientName = "Postman",
AllowedGrantTypes = GrantTypes.CodeAndClientCredentials,
ClientUri = "https://www.getpostman.com/",
UpdateAccessTokenClaimsOnRefresh = true,
RequireConsent = false,
AllowRememberConsent = true,
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
RedirectUris = new List <string>
{
"https://www.getpostman.com/oauth2/callback"
},
//PostLogoutRedirectUris = new List<string>
//{
// "http://localhost:5000"
//},
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.Email.Name,
StandardScopes.Roles.Name,
"api1", "api2"
}
},
// Swagger UI
new Client
{
ClientId = "your-client-id",
ClientName = "Swagger UI",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
AllowRememberConsent = false,
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
RedirectUris = new List <string>
{
"http://localhost:5000/swagger/ui/o2c.html"
},
PostLogoutRedirectUris = new List <string>
{
"http://localhost:5000"
},
AllowedScopes = new List <string>
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.OfflineAccess.Name,
"api1"
}
}
});
}
public void custom_should_be_allowed()
{
var client = new Client();
client.AllowedGrantTypes = GrantTypes.List("custom");
}