public async Task <Oauth2Client> ApplyClientDefinitionAsync(Oauth2ClientSubmit oauth2ClientSubmit, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
{
logger.Debug($"[client.clientId: '{oauth2ClientSubmit.ClientId}']: Applying client definition for client: '{oauth2ClientSubmit.ClientId}'.");
IdentityServer4.EntityFramework.Entities.Client client = await identityClientRepository.GetByClientIdAsync(oauth2ClientSubmit.ClientId);
bool newClient = false;
if (client == null)
{
client = new IdentityServer4.EntityFramework.Entities.Client();
newClient = true;
}
client.AllowOfflineAccess = oauth2ClientSubmit.AllowedOfflineAccess;
client.ClientId = oauth2ClientSubmit.ClientId;
client.ClientName = oauth2ClientSubmit.Name;
// The following properties of clients are not externally configurable, but we do need to add them th clients to get the desired behaviour.
client.UpdateAccessTokenClaimsOnRefresh = true;
client.AlwaysSendClientClaims = true;
client.AlwaysIncludeUserClaimsInIdToken = true;
client.RequireConsent = false;
if (oauth2ClientSubmit.AccessTokenLifetime > 0)
{
client.AccessTokenLifetime = oauth2ClientSubmit.AccessTokenLifetime;
}
if (oauth2ClientSubmit.IdentityTokenLifetime > 0)
{
client.IdentityTokenLifetime = oauth2ClientSubmit.IdentityTokenLifetime;
}
client.RefreshTokenExpiration = (int)TokenExpiration.Absolute;
client.RefreshTokenUsage = (int)TokenUsage.OneTimeOnly;
ApplyClientAllowedScopes(client, oauth2ClientSubmit);
ApplyClientAllowedGrantTypes(client, oauth2ClientSubmit);
ApplyClientSecrets(client, oauth2ClientSubmit);
ApplyClientRedirectUris(client, oauth2ClientSubmit);
ApplyClientPostLogoutRedirectUris(client, oauth2ClientSubmit);
ApplyClientAllowedCorsOrigins(client, oauth2ClientSubmit, dryRun, securityContractDryRunResult);
if (newClient)
{
logger.Debug($"[client.clientId: '{oauth2ClientSubmit.ClientId}']: Client '{oauth2ClientSubmit.ClientId}' does not exist. Creating it.");
return(mapper.Map <Oauth2Client>(await identityClientRepository.CreateAsync(client)));
}
logger.Debug($"[client.clientId: '{oauth2ClientSubmit.ClientId}']: Client '{oauth2ClientSubmit.ClientId}' already exists. Updating it.");
return(mapper.Map <Oauth2Client>(await identityClientRepository.UpdateAsync(client)));
}
public async Task <Oauth2Client> ApplyClientDefinitionAsync(Oauth2ClientSubmit oauth2ClientSubmit)
{
logger.Debug($"Applying client definition for client: '{oauth2ClientSubmit.Name}'.");
IdentityServer4.EntityFramework.Entities.Client client = await identityClientRepository.GetByClientIdAsync(oauth2ClientSubmit.ClientId);
bool newClient = false;
if (client == null)
{
client = new IdentityServer4.EntityFramework.Entities.Client();
newClient = true;
}
client.AllowOfflineAccess = oauth2ClientSubmit.AllowedOfflineAccess;
client.ClientId = oauth2ClientSubmit.ClientId;
client.ClientName = oauth2ClientSubmit.Name;
// The following properties of clients are not externally configurable, but we do need to add them th clients to get the desired behaviour.
client.UpdateAccessTokenClaimsOnRefresh = true;
client.AlwaysSendClientClaims = true;
client.AlwaysIncludeUserClaimsInIdToken = true;
client.RequireConsent = false;
client.AllowedScopes = new List <ClientScope>();
foreach (var clientScope in oauth2ClientSubmit.AllowedScopes)
{
client.AllowedScopes.Add(new ClientScope {
Client = client,
Scope = clientScope
});
}
client.AllowedGrantTypes = new List <ClientGrantType>();
foreach (var grantType in oauth2ClientSubmit.AllowedGrantTypes)
{
client.AllowedGrantTypes.Add(new ClientGrantType
{
Client = client,
GrantType = grantType
});
}
client.ClientSecrets = new List <ClientSecret>();
if (oauth2ClientSubmit.HashedClientSecrets != null && oauth2ClientSubmit.HashedClientSecrets.Count > 0)
{
foreach (var hashedClientSecret in oauth2ClientSubmit.HashedClientSecrets)
{
client.ClientSecrets.Add(new ClientSecret
{
Client = client,
Value = hashedClientSecret
});
}
}
else
{
foreach (var clientSecret in oauth2ClientSubmit.ClientSecrets)
{
client.ClientSecrets.Add(new ClientSecret
{
Client = client,
Value = clientSecret.Sha256()
});
}
}
client.RedirectUris = new List <ClientRedirectUri>();
foreach (var redirectUri in oauth2ClientSubmit.RedirectUris)
{
client.RedirectUris.Add(new ClientRedirectUri
{
Client = client,
RedirectUri = redirectUri
});
}
client.PostLogoutRedirectUris = new List <ClientPostLogoutRedirectUri>();
foreach (var postLogoutRedirectUri in oauth2ClientSubmit.PostLogoutRedirectUris)
{
client.PostLogoutRedirectUris.Add(new ClientPostLogoutRedirectUri
{
Client = client,
PostLogoutRedirectUri = postLogoutRedirectUri
});
}
client.AllowedCorsOrigins = new List <ClientCorsOrigin>();
foreach (var corsOrigin in oauth2ClientSubmit.AllowedCorsOrigins)
{
client.AllowedCorsOrigins.Add(new ClientCorsOrigin {
Client = client,
Origin = corsOrigin
});
}
if (newClient)
{
logger.Debug($"Client '{oauth2ClientSubmit.Name}' does not exist. Creating it.");
return(mapper.Map <Oauth2Client>(await identityClientRepository.CreateAsync(client)));
}
logger.Debug($"Client '{oauth2ClientSubmit.Name}' already exists. Updating it.");
return(mapper.Map <Oauth2Client>(await identityClientRepository.UpdateAsync(client)));
}