public async Task <SecurableItem> AddSecurableItem(string clientId, SecurableItem item) { item.CreatedDateTimeUtc = DateTime.UtcNow; item.Id = Guid.NewGuid(); var client = await _clientStore.Get(clientId); CheckUniqueness(client.TopLevelSecurableItem, item); client.TopLevelSecurableItem.SecurableItems.Add(item); await _clientStore.Update(client); return(item); }
public async Task <Client> Update(Client model) { var entity = await _store.Load(model.Id); if (!CanManage(entity)) { throw new InvalidOperationException(); } // strings entity.Name = model.Name.Trim(); entity.DisplayName = model.DisplayName?.Trim(); entity.Description = model.Description?.Trim(); entity.ClientClaimsPrefix = model.ClientClaimsPrefix?.Trim() ?? "client_"; // simple-timespans entity.ConsentLifetime = model.ConsentLifetime.ToSeconds(); entity.IdentityTokenLifetime = model.IdentityTokenLifetime.ToSeconds(); entity.AccessTokenLifetime = model.AccessTokenLifetime.ToSeconds(); entity.AuthorizationCodeLifetime = model.AuthorizationCodeLifetime.ToSeconds(); entity.AbsoluteRefreshTokenLifetime = model.AbsoluteRefreshTokenLifetime.ToSeconds(); entity.SlidingRefreshTokenLifetime = model.SlidingRefreshTokenLifetime.ToSeconds(); // flags entity.Flags = ClientFlag.EnableLocalLogin; if (model.RequirePkce) { entity.Flags |= ClientFlag.RequirePkce; } if (model.RequireConsent) { entity.Flags |= ClientFlag.RequireConsent; } if (model.AlwaysIncludeUserClaimsInIdToken) { entity.Flags |= ClientFlag.AlwaysIncludeUserClaimsInIdToken; } if (model.AllowOfflineAccess) { entity.Flags |= ClientFlag.AllowOfflineAccess; } if (model.UpdateAccessTokenClaimsOnRefresh) { entity.Flags |= ClientFlag.UpdateAccessTokenClaimsOnRefresh; } if (model.UseOneTimeRefreshTokens) { entity.Flags |= ClientFlag.UseOneTimeRefreshTokens; } if (model.Published) { entity.Flags |= ClientFlag.Published; } if (model.AlwaysSendClientClaims) { entity.Flags |= ClientFlag.AlwaysSendClientClaims; } // urls UpdateUrl(entity, ClientUriType.ClientUri, model.Url?.Trim()); UpdateUrl(entity, ClientUriType.LogoUri, model.LogoUrl?.Trim()); UpdateUrl(entity, ClientUriType.FrontChannelLogoutUri, model.FrontChannelLogoutUrl?.Trim()); UpdateUrl(entity, ClientUriType.BackChannelLogoutUri, model.BackChannelLogoutUrl?.Trim()); UpdateUrls(entity, ClientUriType.RedirectUri, model.RedirectUrls); UpdateUrls(entity, ClientUriType.PostLogoutRedirectUri, model.PostLogoutUrls); UpdateUrls(entity, ClientUriType.CorsUri, model.CorsUrls); // client claims UpdateClaims(entity, model.Claims); // secrets UpdateSecrets(entity, model.Secrets); // managers UpdateManagers(entity, model.Managers); // validate scopes entity.Grants = model.Grants; if (!entity.Grants.Contains("client_credentials")) { entity.Grants += " client_credentials"; } if (entity.Grants.Contains("implicit")) { entity.Flags |= ClientFlag.AllowAccessTokensViaBrowser; entity.Flags |= ClientFlag.AllowOfflineAccess; entity.Flags ^= ClientFlag.AllowOfflineAccess; } await ValidateScopes(entity, model.Scopes?.Trim()); // only admins can enable if (_profile.IsPrivileged) { entity.Enabled = model.Enabled; } try { await _store.Update(entity); } catch (Exception ex) { if (ex.GetBaseException().Message.ToLower().Contains("unique")) { throw new ClientNameNotUniqueException(); } else { throw new ClientUpdateException(); } } return(Mapper.Map <Client>(entity)); }