/// <summary>
/// Updates an existing authorization.
/// </summary>
/// <param name="authorization">The authorization to update.</param>
/// <param name="operation">The delegate used to update the authorization based on the given descriptor.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
/// <returns>
/// A <see cref="Task"/> that can be used to monitor the asynchronous operation.
/// </returns>
public virtual async Task UpdateAsync([NotNull] TAuthorization authorization,
[NotNull] Func <OpenIddictAuthorizationDescriptor, Task> operation, CancellationToken cancellationToken = default)
{
if (operation == null)
{
throw new ArgumentNullException(nameof(operation));
}
var descriptor = new OpenIddictAuthorizationDescriptor
{
ApplicationId = await Store.GetApplicationIdAsync(authorization, cancellationToken),
Status = await Store.GetStatusAsync(authorization, cancellationToken),
Subject = await Store.GetSubjectAsync(authorization, cancellationToken),
Type = await Store.GetTypeAsync(authorization, cancellationToken)
};
foreach (var scope in await Store.GetScopesAsync(authorization, cancellationToken))
{
descriptor.Scopes.Add(scope);
}
await operation(descriptor);
await PopulateAsync(authorization, descriptor, cancellationToken);
await UpdateAsync(authorization, cancellationToken);
}
/// <summary>
/// Creates a new authorization.
/// </summary>
/// <param name="descriptor">The authorization descriptor.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
/// <returns>
/// A <see cref="Task"/> that can be used to monitor the asynchronous operation, whose result returns the authorization.
/// </returns>
public virtual async Task <TAuthorization> CreateAsync([NotNull] OpenIddictAuthorizationDescriptor descriptor, CancellationToken cancellationToken)
{
if (descriptor == null)
{
throw new ArgumentNullException(nameof(descriptor));
}
// If no type was explicitly specified, assume that
// the authorization is a permanent authorization.
if (string.IsNullOrEmpty(descriptor.Type))
{
descriptor.Type = OpenIddictConstants.AuthorizationTypes.Permanent;
}
await ValidateAsync(descriptor, cancellationToken);
try
{
return(await Store.CreateAsync(descriptor, cancellationToken));
}
catch (Exception exception)
{
Logger.LogError(exception, "An exception occurred while trying to create a new authorization.");
throw;
}
}
/// <summary>
/// Validates the authorization to ensure it's in a consistent state.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
/// <returns>
/// A <see cref="Task"/> that can be used to monitor the asynchronous operation.
/// </returns>
protected virtual async Task ValidateAsync([NotNull] TAuthorization authorization, CancellationToken cancellationToken)
{
if (authorization == null)
{
throw new ArgumentNullException(nameof(authorization));
}
var descriptor = new OpenIddictAuthorizationDescriptor
{
Status = await Store.GetStatusAsync(authorization, cancellationToken),
Subject = await Store.GetSubjectAsync(authorization, cancellationToken),
Type = await Store.GetTypeAsync(authorization, cancellationToken)
};
await ValidateAsync(descriptor, cancellationToken);
}
/// <summary>
/// Creates a new permanent authorization based on the specified parameters.
/// </summary>
/// <param name="principal">The principal associated with the authorization.</param>
/// <param name="subject">The subject associated with the authorization.</param>
/// <param name="client">The client associated with the authorization.</param>
/// <param name="type">The authorization type.</param>
/// <param name="scopes">The minimal scopes associated with the authorization.</param>
/// <param name="properties">The authentication properties associated with the authorization.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
/// <returns>
/// A <see cref="Task"/> that can be used to monitor the asynchronous operation, whose result returns the authorization.
/// </returns>
public virtual Task <TAuthorization> CreateAsync(
[NotNull] ClaimsPrincipal principal, [NotNull] string subject,
[NotNull] string client, [NotNull] string type, ImmutableArray <string> scopes,
[CanBeNull] ImmutableDictionary <string, string> properties, CancellationToken cancellationToken = default)
{
if (principal == null)
{
throw new ArgumentNullException(nameof(principal));
}
if (string.IsNullOrEmpty(subject))
{
throw new ArgumentException("The subject cannot be null or empty.", nameof(subject));
}
if (string.IsNullOrEmpty(client))
{
throw new ArgumentException("The client identifier cannot be null or empty.", nameof(client));
}
if (string.IsNullOrEmpty(type))
{
throw new ArgumentException("The type cannot be null or empty.", nameof(type));
}
var descriptor = new OpenIddictAuthorizationDescriptor
{
ApplicationId = client,
Principal = principal,
Status = OpenIddictConstants.Statuses.Valid,
Subject = subject,
Type = type
};
descriptor.Scopes.UnionWith(scopes);
if (properties != null)
{
foreach (var property in properties)
{
descriptor.Properties.Add(property);
}
}
return(CreateAsync(descriptor, cancellationToken));
}
/// <summary>
/// Creates a new authorization based on the specified descriptor.
/// </summary>
/// <param name="descriptor">The authorization descriptor.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
/// <returns>
/// A <see cref="Task"/> that can be used to monitor the asynchronous operation, whose result returns the authorization.
/// </returns>
public virtual async Task <TAuthorization> CreateAsync([NotNull] OpenIddictAuthorizationDescriptor descriptor, CancellationToken cancellationToken)
{
if (descriptor == null)
{
throw new ArgumentNullException(nameof(descriptor));
}
var authorization = await Store.InstantiateAsync(cancellationToken);
if (authorization == null)
{
throw new InvalidOperationException("An error occurred while trying to create a new authorization.");
}
await PopulateAsync(authorization, descriptor, cancellationToken);
return(await CreateAsync(authorization, cancellationToken));
}
/// <summary>
/// Validates the authorization descriptor to ensure it's in a consistent state.
/// </summary>
/// <param name="descriptor">The authorization descriptor.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
/// <returns>
/// A <see cref="Task"/> that can be used to monitor the asynchronous operation.
/// </returns>
protected virtual Task ValidateAsync([NotNull] OpenIddictAuthorizationDescriptor descriptor, CancellationToken cancellationToken)
{
if (descriptor == null)
{
throw new ArgumentNullException(nameof(descriptor));
}
if (string.IsNullOrEmpty(descriptor.Type))
{
throw new ArgumentException("The authorization type cannot be null or empty.", nameof(descriptor));
}
if (!string.Equals(descriptor.Type, OpenIddictConstants.AuthorizationTypes.AdHoc, StringComparison.OrdinalIgnoreCase) &&
!string.Equals(descriptor.Type, OpenIddictConstants.AuthorizationTypes.Permanent, StringComparison.OrdinalIgnoreCase))
{
throw new ArgumentException("The specified authorization type is not supported by the default token manager.");
}
if (string.IsNullOrEmpty(descriptor.Status))
{
throw new ArgumentException("The status cannot be null or empty.");
}
if (string.IsNullOrEmpty(descriptor.Subject))
{
throw new ArgumentException("The subject cannot be null or empty.");
}
// Ensure that the scopes are not null or empty and do not contain spaces.
foreach (var scope in descriptor.Scopes)
{
if (string.IsNullOrEmpty(scope))
{
throw new ArgumentException("Scopes cannot be null or empty.", nameof(descriptor));
}
if (scope.Contains(OpenIddictConstants.Separators.Space))
{
throw new ArgumentException("Scopes cannot contain spaces.", nameof(descriptor));
}
}
return(Task.CompletedTask);
}
/// <summary>
/// Populates the authorization using the specified descriptor.
/// </summary>
/// <param name="authorization">The authorization.</param>
/// <param name="descriptor">The descriptor.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
/// <returns>
/// A <see cref="Task"/> that can be used to monitor the asynchronous operation.
/// </returns>
protected virtual async Task PopulateAsync([NotNull] TAuthorization authorization,
[NotNull] OpenIddictAuthorizationDescriptor descriptor, CancellationToken cancellationToken = default)
{
if (authorization == null)
{
throw new ArgumentNullException(nameof(authorization));
}
if (descriptor == null)
{
throw new ArgumentNullException(nameof(descriptor));
}
await Store.SetApplicationIdAsync(authorization, descriptor.ApplicationId, cancellationToken);
await Store.SetScopesAsync(authorization, ImmutableArray.CreateRange(descriptor.Scopes), cancellationToken);
await Store.SetStatusAsync(authorization, descriptor.Status, cancellationToken);
await Store.SetSubjectAsync(authorization, descriptor.Subject, cancellationToken);
await Store.SetTypeAsync(authorization, descriptor.Type, cancellationToken);
}
/// <summary> /// Creates a new authorization. /// </summary> /// <param name="descriptor">The authorization descriptor.</param> /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param> /// <returns> /// A <see cref="Task"/> that can be used to monitor the asynchronous operation, whose result returns the authorization. /// </returns> public abstract Task <TAuthorization> CreateAsync([NotNull] OpenIddictAuthorizationDescriptor descriptor, CancellationToken cancellationToken);