示例#1
0
        /// <summary>
        /// Validates that the requested scopes is contained in the store, and the client is allowed to request it.
        /// </summary>
        /// <param name="client"></param>
        /// <param name="resourcesFromStore"></param>
        /// <param name="requestedScope"></param>
        /// <param name="result"></param>
        /// <returns></returns>
        protected override async Task ValidateScopeAsync(Client client, Resources resourcesFromStore,
                                                         ParsedScopeValue requestedScope, ResourceValidationResult result)
        {
            var parameters = await _scopedHttpContextRequestForm.GetFormCollectionAsync();

            var grantType = parameters.Get(OidcConstants.TokenRequest.GrantType);

            if (grantType == null)
            {
                // check if this is deviceauthorizaiton.
                if (_httpContextAccessor.HttpContext.Request.Path.ToString().Contains("deviceauthorization"))
                {
                    grantType = Constants.GrantType.DeviceAuthorization;
                }
            }

            switch (grantType)
            {
            case Constants.GrantType.DeviceCode:
            case Constants.GrantType.DeviceAuthorization:
            case Constants.GrantType.TokenExchangeMutate:
            case Constants.GrantType.TokenExchange:
            case Constants.GrantType.ArbitraryToken:
            case Constants.GrantType.ArbitraryIdentity:
                if (requestedScope.ParsedName == IdentityServerConstants.StandardScopes.OfflineAccess)
                {
                    if (await IsClientAllowedOfflineAccessAsync(client))
                    {
                        result.Resources.OfflineAccess = true;
                        result.ParsedScopes.Add(new ParsedScopeValue(IdentityServerConstants.StandardScopes.OfflineAccess));
                    }
                    else
                    {
                        result.InvalidScopes.Add(IdentityServerConstants.StandardScopes.OfflineAccess);
                    }
                }
                else
                {
                    result.ParsedScopes.Add(requestedScope);
                }
                break;

            default:
                await base.ValidateScopeAsync(client, resourcesFromStore, requestedScope, result);

                break;
            }
        }
示例#2
0
        /// <summary>
        /// Validates that the requested scopes is contained in the store, and the client is allowed to request it.
        /// </summary>
        /// <param name="client"></param>
        /// <param name="resourcesFromStore"></param>
        /// <param name="requestedScope"></param>
        /// <param name="result"></param>
        /// <returns></returns>
        protected virtual async Task ValidateScopeAsync(
            Client client,
            Resources resourcesFromStore,
            ParsedScopeValue requestedScope,
            ResourceValidationResult result)
        {
            if (requestedScope.Name == IdentityServerConstants.StandardScopes.OfflineAccess)
            {
                if (await IsClientAllowedOfflineAccessAsync(client))
                {
                    result.Resources.OfflineAccess = true;
                    result.ParsedScopes.Add(new ParsedScopeValue(IdentityServerConstants.StandardScopes.OfflineAccess));
                }
                else
                {
                    result.InvalidScopes.Add(IdentityServerConstants.StandardScopes.OfflineAccess);
                }
            }
            else
            {
                var identity = resourcesFromStore.FindIdentityResourcesByScope(requestedScope.Name);
                if (identity != null)
                {
                    if (await IsClientAllowedIdentityResourceAsync(client, identity))
                    {
                        result.ParsedScopes.Add(requestedScope);
                        result.Resources.IdentityResources.Add(identity);
                    }
                    else
                    {
                        result.InvalidScopes.Add(requestedScope.Value);
                    }
                }
                else
                {
                    var apiScope = resourcesFromStore.FindApiScope(requestedScope.Name);
                    if (apiScope != null)
                    {
                        if (await IsClientAllowedApiScopeAsync(client, apiScope))
                        {
                            result.ParsedScopes.Add(requestedScope);
                            result.Resources.ApiScopes.Add(apiScope);

                            var apis = resourcesFromStore.FindApiResourcesByScope(apiScope.Name);
                            foreach (var api in apis)
                            {
                                result.Resources.ApiResources.Add(api);
                            }
                        }
                        else
                        {
                            result.InvalidScopes.Add(requestedScope.Value);
                        }
                    }
                    else
                    {
                        _logger.LogError("Scope {scope} not found in store.", requestedScope.Name);
                        result.InvalidScopes.Add(requestedScope.Value);
                    }
                }
            }
        }