public static async Task UpdateDescriptorFromSettings(this IOpenIdApplicationManager _applicationManager, OpenIdApplicationSettings model, object application = null)
{
var descriptor = new OpenIdApplicationDescriptor();
if (application != null)
{
await _applicationManager.PopulateAsync(descriptor, application);
}
descriptor.ClientId = model.ClientId;
descriptor.ConsentType = model.ConsentType;
descriptor.DisplayName = model.DisplayName;
descriptor.Type = model.Type;
if (!string.IsNullOrEmpty(model.ClientSecret))
{
descriptor.ClientSecret = model.ClientSecret;
}
if (string.Equals(descriptor.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.ClientSecret = null;
}
if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout);
}
if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
if (model.AllowClientCredentialsFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
if (model.AllowHybridFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
if (model.AllowAuthorizationCodeFlow || model.AllowHybridFlow ||
model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Token);
}
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Code);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken);
if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
if (model.AllowHybridFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);
if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
descriptor.Roles.Clear();
foreach (var role in model.Roles)
{
descriptor.Roles.Add(role);
}
descriptor.Permissions.RemoveWhere(permission => permission.StartsWith(OpenIddictConstants.Permissions.Prefixes.Scope));
foreach (var scope in model.Scopes)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Prefixes.Scope + scope);
}
descriptor.PostLogoutRedirectUris.Clear();
foreach (Uri uri in
(from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.PostLogoutRedirectUris.Add(uri);
}
descriptor.RedirectUris.Clear();
foreach (Uri uri in
(from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.RedirectUris.Add(uri);
}
if (application == null)
{
await _applicationManager.CreateAsync(descriptor);
}
else
{
await _applicationManager.UpdateAsync(application, descriptor);
}
}
public async Task <IActionResult> Edit(EditOpenIdApplicationViewModel model, string returnUrl = null)
{
if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications))
{
return(Unauthorized());
}
var application = await _applicationManager.FindByPhysicalIdAsync(model.Id);
if (application == null)
{
return(NotFound());
}
// If the application was a public client and is now a confidential client, ensure a client secret was provided.
if (string.IsNullOrEmpty(model.ClientSecret) &&
!string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase) &&
await _applicationManager.IsPublicAsync(application))
{
ModelState.AddModelError(nameof(model.ClientSecret), T["Setting a new client secret is required."]);
}
if (!string.IsNullOrEmpty(model.ClientSecret) &&
string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelError(nameof(model.ClientSecret), T["No client secret can be set for public applications."]);
}
if (ModelState.IsValid)
{
var other = await _applicationManager.FindByClientIdAsync(model.ClientId);
if (other != null && !string.Equals(
await _applicationManager.GetIdAsync(other),
await _applicationManager.GetIdAsync(application), StringComparison.Ordinal))
{
ModelState.AddModelError(nameof(model.ClientId), T["The client identifier is already taken by another application."]);
}
}
if (!ModelState.IsValid)
{
ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync();
ViewData["ReturnUrl"] = returnUrl;
return(View(model));
}
var descriptor = new OpenIdApplicationDescriptor();
await _applicationManager.PopulateAsync(descriptor, application);
descriptor.ClientId = model.ClientId;
descriptor.ConsentType = model.ConsentType;
descriptor.DisplayName = model.DisplayName;
descriptor.Type = model.Type;
if (!string.IsNullOrEmpty(model.ClientSecret))
{
descriptor.ClientSecret = model.ClientSecret;
}
if (string.Equals(descriptor.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.ClientSecret = null;
}
if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout);
}
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
if (model.AllowClientCredentialsFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow ||
model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Token);
}
descriptor.Roles.Clear();
foreach (string selectedRole in (model.RoleEntries
.Where(role => role.Selected)
.Select(role => role.Name)))
{
descriptor.Roles.Add(selectedRole);
}
descriptor.PostLogoutRedirectUris.Clear();
foreach (Uri uri in
(from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.PostLogoutRedirectUris.Add(uri);
}
descriptor.RedirectUris.Clear();
foreach (Uri uri in
(from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.RedirectUris.Add(uri);
}
await _applicationManager.UpdateAsync(application, descriptor);
if (string.IsNullOrEmpty(returnUrl))
{
return(RedirectToAction("Index"));
}
return(LocalRedirect(returnUrl));
}
public async Task ExecuteAsync(RecipeExecutionContext context)
{
if (!string.Equals(context.Name, "OpenIdApplication", StringComparison.OrdinalIgnoreCase))
{
return;
}
var model = context.Step.ToObject <OpenIdApplicationStepModel>();
var app = await _applicationManager.FindByClientIdAsync(model.ClientId);
var descriptor = new OpenIdApplicationDescriptor();
var isNew = true;
if (app != null)
{
isNew = false;
await _applicationManager.PopulateAsync(app, descriptor);
}
descriptor.ClientId = model.ClientId;
descriptor.ClientSecret = model.ClientSecret;
descriptor.ConsentType = model.ConsentType;
descriptor.DisplayName = model.DisplayName;
descriptor.Type = model.Type;
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
if (model.AllowClientCredentialsFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow ||
model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken);
if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
}
if (model.AllowHybridFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);
if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
}
if (!string.IsNullOrWhiteSpace(model.PostLogoutRedirectUris))
{
descriptor.PostLogoutRedirectUris.UnionWith(
model.PostLogoutRedirectUris
.Split(' ', StringSplitOptions.RemoveEmptyEntries)
.Select(u => new Uri(u, UriKind.Absolute)));
}
if (!string.IsNullOrWhiteSpace(model.RedirectUris))
{
descriptor.RedirectUris.UnionWith(
model.RedirectUris
.Split(' ', StringSplitOptions.RemoveEmptyEntries)
.Select(u => new Uri(u, UriKind.Absolute)));
}
if (model.RoleEntries != null)
{
descriptor.Roles.UnionWith(
model.RoleEntries
.Select(role => role.Name));
}
if (model.ScopeEntries != null)
{
descriptor.Permissions.UnionWith(
model.ScopeEntries
.Select(scope => OpenIddictConstants.Permissions.Prefixes.Scope + scope.Name));
}
if (isNew)
{
await _applicationManager.CreateAsync(descriptor);
}
else
{
await _applicationManager.UpdateAsync(app, descriptor);
}
}
