using System.Globalization; using OpenIddict.Sandbox.AspNetCore.Server.Models; using OpenIddict.Abstractions; using static OpenIddict.Abstractions.OpenIddictConstants; namespace OpenIddict.Sandbox.AspNetCore.Server; public class Worker : IHostedService { private readonly IServiceProvider _serviceProvider; public Worker(IServiceProvider serviceProvider) => _serviceProvider = serviceProvider; public async Task StartAsync(CancellationToken cancellationToken) { await using var scope = _serviceProvider.CreateAsyncScope(); var context = scope.ServiceProvider.GetRequiredService(); await context.Database.EnsureCreatedAsync(cancellationToken); await RegisterApplicationsAsync(scope.ServiceProvider); await RegisterScopesAsync(scope.ServiceProvider); static async Task RegisterApplicationsAsync(IServiceProvider provider) { var manager = provider.GetRequiredService(); if (await manager.FindByClientIdAsync("mvc") is null) { await manager.CreateAsync(new OpenIddictApplicationDescriptor { ClientId = "mvc", ClientSecret = "901564A5-E7FE-42CB-B10D-61EF6A8F3654", ConsentType = ConsentTypes.Explicit, DisplayName = "MVC client application", DisplayNames = { [CultureInfo.GetCultureInfo("fr-FR")] = "Application cliente MVC" }, RedirectUris = { new Uri("https://localhost:44381/callback/login/local") }, PostLogoutRedirectUris = { new Uri("https://localhost:44381/callback/logout/local") }, Permissions = { Permissions.Endpoints.Authorization, Permissions.Endpoints.Logout, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.RefreshToken, Permissions.ResponseTypes.Code, Permissions.Scopes.Email, Permissions.Scopes.Profile, Permissions.Scopes.Roles, Permissions.Prefixes.Scope + "demo_api" }, Requirements = { Requirements.Features.ProofKeyForCodeExchange } }); } // Note: when using introspection instead of local token validation, // an application entry MUST be created to allow the resource server // to communicate with OpenIddict's introspection endpoint. if (await manager.FindByClientIdAsync("resource_server") is null) { await manager.CreateAsync(new OpenIddictApplicationDescriptor { ClientId = "resource_server", ClientSecret = "80B552BB-4CD8-48DA-946E-0815E0147DD2", Permissions = { Permissions.Endpoints.Introspection } }); } // To test this sample with Postman, use the following settings: // // * Authorization URL: https://localhost:44395/connect/authorize // * Access token URL: https://localhost:44395/connect/token // * Client ID: postman // * Client secret: [blank] (not used with public clients) // * Scope: openid email profile roles // * Grant type: authorization code // * Request access token locally: yes if (await manager.FindByClientIdAsync("postman") is null) { await manager.CreateAsync(new OpenIddictApplicationDescriptor { ClientId = "postman", ConsentType = ConsentTypes.Systematic, DisplayName = "Postman", RedirectUris = { new Uri("urn:postman") }, Permissions = { Permissions.Endpoints.Authorization, Permissions.Endpoints.Device, Permissions.Endpoints.Token, Permissions.GrantTypes.AuthorizationCode, Permissions.GrantTypes.DeviceCode, Permissions.GrantTypes.Password, Permissions.GrantTypes.RefreshToken, Permissions.ResponseTypes.Code, Permissions.Scopes.Email, Permissions.Scopes.Profile, Permissions.Scopes.Roles } }); } } static async Task RegisterScopesAsync(IServiceProvider provider) { var manager = provider.GetRequiredService(); if (await manager.FindByNameAsync("demo_api") is null) { await manager.CreateAsync(new OpenIddictScopeDescriptor { DisplayName = "Demo API access", DisplayNames = { [CultureInfo.GetCultureInfo("fr-FR")] = "Accès à l'API de démo" }, Name = "demo_api", Resources = { "resource_server" } }); } } } public Task StopAsync(CancellationToken cancellationToken) => Task.CompletedTask; }