public Task<Dictionary<string, object>> ProcessAsync(IntrospectionRequestValidationResult validationResult, Scope scope) { _logger.LogVerbose("Creating introspection response"); var response = new Dictionary<string, object>(); if (validationResult.IsActive == false) { _logger.LogInformation("Creating introspection response for inactive token."); response.Add("active", false); return Task.FromResult(response); } if (scope.AllowUnrestrictedIntrospection) { _logger.LogInformation("Creating unrestricted introspection response for active token."); response = validationResult.Claims.ToClaimsDictionary(); response.Add("active", true); } else { _logger.LogInformation("Creating restricted introspection response for active token."); response = validationResult.Claims.Where(c => c.Type != JwtClaimTypes.Scope).ToClaimsDictionary(); response.Add("active", true); response.Add("scope", scope.Name); } return Task.FromResult(response); }
public void CanSerializeAndDeserializeAScope() { var s1 = new Scope { Name = "email", Required = true, Type = ScopeType.Identity, Emphasize = true, DisplayName = "email foo", Description = "desc foo", Claims = new List<ScopeClaim> { new ScopeClaim{Name = "email", Description = "email"} } }; var s2 = new Scope { Name = "read", Required = true, Type = ScopeType.Resource, Emphasize = true, DisplayName = "foo", Description = "desc", }; var converter = new ScopeConverter(new InMemoryScopeStore(new Scope[] { s1, s2 })); var settings = new JsonSerializerSettings(); settings.Converters.Add(converter); var json = JsonConvert.SerializeObject(s1, settings); var result = JsonConvert.DeserializeObject<Scope>(json, settings); Assert.Same(s1, result); }
public ScopeViewModel(ILocalizationService localization, Scope scope, bool check) { Name = scope.Name; DisplayName = localization.GetScopeDisplayName(scope.Name) ?? scope.DisplayName; Description = localization.GetScopeDescription(scope.Name) ?? scope.Description; Emphasize = scope.Emphasize; Required = scope.Required; Checked = check || scope.Required; }
public void AutomapperConfigurationIsValid() { Models.Scope s = new Models.Scope(); var e = Models.MappingExtensions.ToEntity<int>(s); var s2 = new Scope<int> { ScopeClaims = new HashSet<ScopeClaim<int>>() }; var m = s2.ToModel(); Mapper.AssertConfigurationIsValid(); }
public async Task<IntrospectionRequestValidationResult> ValidateAsync(NameValueCollection parameters, Scope scope) { var fail = new IntrospectionRequestValidationResult { IsError = true }; // retrieve required token var token = parameters.Get("token"); if (token == null) { fail.IsActive = false; fail.FailureReason = IntrospectionRequestValidationFailureReason.MissingToken; return fail; } // validate token var tokenValidationResult = await _tokenValidator.ValidateAccessTokenAsync(token); // invalid or unknown token if (tokenValidationResult.IsError) { fail.IsActive = false; fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidToken; fail.Token = token; return fail; } // check expected scope var expectedScope = tokenValidationResult.Claims.FirstOrDefault( c => c.Type == Constants.ClaimTypes.Scope && c.Value == scope.Name); // expected scope not present if (expectedScope == null) { fail.IsActive = false; fail.IsError = true; fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidScope; fail.Token = token; return fail; } // all is good var success = new IntrospectionRequestValidationResult { IsActive = true, IsError = false, Token = token, Claims = tokenValidationResult.Claims }; return success; }
public void AutomapperConfigurationIsValid() { Models.Scope s = new Models.Scope(); Models.MappingExtensions.ToEntity <int>(s); var s2 = new Scope <int> { ScopeClaims = new HashSet <ScopeClaim <int> >() }; s2.ToModel(); Mapper.AssertConfigurationIsValid(); }
public ViewResult Submit() { Context.Database.EnsureDeleted(); Context.Database.EnsureCreated(); foreach (var field in typeof(Constants.ClaimTypes).GetTypeInfo().DeclaredFields) { Context.ClaimDefinitions.Add(new ClaimDefinition<Int32>() { Name = field.Name }); } Context.SaveChanges(); foreach (var scope in IDS4.StandardScopes.AllAlwaysInclude) { _scopeStore.CreateScopeAsync(scope).Wait(); } _scopeStore.CreateScopeAsync(IDS4.StandardScopes.OfflineAccess).Wait(); _scopeStore.CreateScopeAsync(IDS4.StandardScopes.Roles).Wait(); var ScopeApi1 = new IDS4.Scope { Name = "api1", DisplayName = "API 1", Description = "API 1 features and data", Type = IDS4.ScopeType.Resource, ScopeSecrets = new List<IDS4.Secret> { new IDS4.Secret(IDS4.HashExtensions.Sha256("secret")) }, Claims = new List<IDS4.ScopeClaim> { new IDS4. ScopeClaim("role") } }; var ScopeApi2 = new IDS4.Scope { Name = "api2", DisplayName = "API 2", Description = "API 2 features and data, which are better than API 1", Type = IDS4.ScopeType.Resource }; _scopeStore.CreateScopeAsync(ScopeApi1).Wait(); _scopeStore.CreateScopeAsync(ScopeApi2).Wait(); /////////////////////////////////////////// // Console Client Credentials Flow Sample ////////////////////////////////////////// var client = new IDS4.Client { ClientId = "client", ClientSecrets = new List<IDS4.Secret> { new IDS4.Secret(IDS4.HashExtensions.Sha256("secret")) }, Flow = IDS4.Flows.ClientCredentials, AllowedScopes = new List<String> { ScopeApi1.Name, ScopeApi2.Name } }; _clientStore.CreateClientAsync(client).Wait(); /////////////////////////////////////////// // Console Resource Owner Flow Sample ////////////////////////////////////////// var roclient = new IDS4.Client { ClientId = "roclient", ClientSecrets = new List<IDS4.Secret> { new IDS4.Secret(IDS4.HashExtensions.Sha256("secret") ) }, Flow = IDS4.Flows.ResourceOwner, AllowedScopes = new List<String> { IDS4.StandardScopes.OpenId.Name , IDS4.StandardScopes.Email.Name , IDS4.StandardScopes.OfflineAccess.Name, ScopeApi1.Name, ScopeApi2.Name } }; _clientStore.CreateClientAsync(roclient).Wait(); /////////////////////////////////////////// // Console Client Credentials Flow Sample ////////////////////////////////////////// var client_custom = new IDS4.Client { ClientId = "client.custom", ClientSecrets = new List<IDS4.Secret> { new IDS4.Secret( IDS4.HashExtensions.Sha256("secret")) }, Flow = IDS4.Flows.Custom, AllowedCustomGrantTypes = new List<String> { "custom" }, AllowedScopes = new List<String> { ScopeApi1.Name, ScopeApi2.Name } }; _clientStore.CreateClientAsync(client_custom).Wait(); /////////////////////////////////////////// // Introspection Client Sample ////////////////////////////////////////// var roclient_reference = new IDS4.Client { ClientId = "roclient.reference", ClientSecrets = new List<IDS4.Secret> { new IDS4.Secret(IDS4.HashExtensions.Sha256("secret")) }, Flow = IDS4.Flows.ResourceOwner, AllowedScopes = new List<String> { ScopeApi1.Name, ScopeApi2.Name }, AccessTokenType = IDS4.AccessTokenType.Reference }; _clientStore.CreateClientAsync(roclient_reference).Wait(); /////////////////////////////////////////// // MVC Implicit Flow Samples ////////////////////////////////////////// var mvc_implicit = new IDS4.Client { ClientId = "mvc_implicit", ClientName = "MVC Implicit", ClientUri = "http://identityserver.io", Flow = IDS4.Flows.Implicit, RedirectUris = new List<String> { "http://*****:*****@email.com"), new SSC.Claim(Constants.ClaimTypes.EmailVerified, "true", SSC.ClaimValueTypes.Boolean), new SSC.Claim(Constants.ClaimTypes.Role, "Developer"), new SSC.Claim(Constants.ClaimTypes.Role, "Geek"), new SSC.Claim(Constants.ClaimTypes.WebSite, "http://bob.com"), new SSC.Claim( Constants.ClaimTypes.Address, @"{ 'street_address': 'One Hacker Way', 'locality': 'Heidelberg', 'postal_code': 69118, 'country': 'Germany' }", Constants.ClaimValueTypes.Json) } ).Wait(); _userManager.CreateAsync(BobUser).Wait(); var AliceUser = new User<Int32> { Name = "alice", Password = "******" }; _userManager.AddClaimsAsync( AliceUser, new SSC.Claim[] { new SSC.Claim(Constants.ClaimTypes.Name, "Alice Smith"), new SSC.Claim(Constants.ClaimTypes.GivenName, "Alice") , new SSC.Claim(Constants.ClaimTypes.FamilyName, "Smith"), new SSC.Claim(Constants.ClaimTypes.Email, "*****@*****.**"), new SSC.Claim(Constants.ClaimTypes.EmailVerified, "true", SSC.ClaimValueTypes.Boolean), new SSC.Claim(Constants.ClaimTypes.Role, "Admin"), new SSC.Claim(Constants.ClaimTypes.Role, "Geek"), new SSC.Claim(Constants.ClaimTypes.WebSite, "http://alice.com"), new SSC.Claim( Constants.ClaimTypes.Address, @"{ 'street_address': 'One Hacker Way', 'locality': 'Heidelberg', 'postal_code': 69118, 'country': 'Germany' }", Constants.ClaimValueTypes.Json ) } ).Wait(); _userManager.CreateAsync(AliceUser).Wait(); return View("Home"); }