-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathWorker.cs
163 lines (150 loc) · 6.74 KB
/
Worker.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
using Microsoft.Extensions.Hosting;
using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.DependencyInjection;
using OIDCIndetityServer.Data;
using OpenIddict.Abstractions;
using static OpenIddict.Abstractions.OpenIddictConstants;
namespace OIDCIndetityServer
{
public class Worker : IHostedService
{
private readonly IServiceProvider _serviceProvider;
public Worker(IServiceProvider serviceProvider)
=> _serviceProvider = serviceProvider;
public async Task StartAsync(CancellationToken cancellationToken)
{
using var scope = _serviceProvider.CreateScope();
var context = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
await context.Database.EnsureCreatedAsync(cancellationToken);
await RegisterApplicationsAsync(scope.ServiceProvider);
await RegisterScopesAsync(scope.ServiceProvider);
static async Task RegisterApplicationsAsync(IServiceProvider provider)
{
var manager = provider.GetRequiredService<IOpenIddictApplicationManager>();
// Angular UI client
if (await manager.FindByClientIdAsync("reactclient") is null)
{
await manager.CreateAsync(new OpenIddictApplicationDescriptor
{
ClientId = "reactclient",
ConsentType = ConsentTypes.Explicit,
DisplayName = "react client PKCE",
DisplayNames =
{
[CultureInfo.GetCultureInfo("fr-FR")] = "Application client MVC"
},
PostLogoutRedirectUris =
{
new Uri("https://localhost:3000")
},
RedirectUris =
{
new Uri("https://localhost:3000")
},
Permissions =
{
Permissions.Endpoints.Authorization,
Permissions.Endpoints.Logout,
Permissions.Endpoints.Token,
Permissions.Endpoints.Revocation,
Permissions.GrantTypes.AuthorizationCode,
Permissions.GrantTypes.RefreshToken,
Permissions.ResponseTypes.Code,
Permissions.Scopes.Email,
Permissions.Scopes.Profile,
Permissions.Scopes.Roles,
Permissions.Prefixes.Scope + "dataEventRecords"
},
Requirements =
{
Requirements.Features.ProofKeyForCodeExchange
}
});
}
// API
if (await manager.FindByClientIdAsync("rs_dataEventRecordsApi") == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "rs_dataEventRecordsApi",
ClientSecret = "dataEventRecordsSecret",
Permissions =
{
Permissions.Endpoints.Introspection
}
};
await manager.CreateAsync(descriptor);
}
// Blazor Hosted
if (await manager.FindByClientIdAsync("blazorcodeflowpkceclient") is null)
{
await manager.CreateAsync(new OpenIddictApplicationDescriptor
{
ClientId = "blazorcodeflowpkceclient",
ConsentType = ConsentTypes.Explicit,
DisplayName = "Blazor code PKCE",
DisplayNames =
{
[CultureInfo.GetCultureInfo("fr-FR")] = "Application cliente MVC"
},
PostLogoutRedirectUris =
{
new Uri("https://localhost:44348/signout-callback-oidc"),
new Uri("https://localhost:5001/signout-callback-oidc")
},
RedirectUris =
{
new Uri("https://localhost:44348/signin-oidc"),
new Uri("https://localhost:5001/signin-oidc")
},
ClientSecret = "codeflow_pkce_client_secret",
Permissions =
{
Permissions.Endpoints.Authorization,
Permissions.Endpoints.Logout,
Permissions.Endpoints.Token,
Permissions.Endpoints.Revocation,
Permissions.GrantTypes.AuthorizationCode,
Permissions.GrantTypes.RefreshToken,
Permissions.ResponseTypes.Code,
Permissions.Scopes.Email,
Permissions.Scopes.Profile,
Permissions.Scopes.Roles,
Permissions.Prefixes.Scope + "dataEventRecords"
},
Requirements =
{
Requirements.Features.ProofKeyForCodeExchange
}
});
}
}
static async Task RegisterScopesAsync(IServiceProvider provider)
{
var manager = provider.GetRequiredService<IOpenIddictScopeManager>();
if (await manager.FindByNameAsync("dataEventRecords") is null)
{
await manager.CreateAsync(new OpenIddictScopeDescriptor
{
DisplayName = "dataEventRecords API access",
DisplayNames =
{
[CultureInfo.GetCultureInfo("fr-FR")] = "Accès à l'API de démo"
},
Name = "dataEventRecords",
Resources =
{
"rs_dataEventRecordsApi"
}
});
}
}
}
public Task StopAsync(CancellationToken cancellationToken) => Task.CompletedTask;
}
}