openiddict-core/src/OpenIddict.Server/OpenIddictServerExtensions.cs

/*
 * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
 * See https://github.com/openiddict/openiddict-core for more information concerning
 * the license and the contributors participating to this project.
 */

using System;
using System.Text;
using AspNet.Security.OpenIdConnect.Server;
using JetBrains.Annotations;
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Options;
using OpenIddict.Server;

namespace Microsoft.Extensions.DependencyInjection
{
    public static class OpenIddictServerExtensions
    {
        /// <summary>
        /// Registers the OpenIddict token server services in the DI container.
        /// </summary>
        /// <param name="builder">The services builder used by OpenIddict to register new services.</param>
        /// <remarks>This extension can be safely called multiple times.</remarks>
        /// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
        public static OpenIddictServerBuilder AddServer([NotNull] this OpenIddictBuilder builder)
        {
            if (builder == null)
            {
                throw new ArgumentNullException(nameof(builder));
            }

            builder.Services.AddAuthentication();

            // Register the options initializers used by the OpenID Connect server handler and OpenIddict.
            // Note: TryAddEnumerable() is used here to ensure the initializers are only registered once.
            builder.Services.TryAddEnumerable(new[]
            {
                ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIddictServerOptions>,
                                            OpenIddictServerInitializer>(),
                ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIddictServerOptions>,
                                            OpenIdConnectServerInitializer>()
            });

            // Register the OpenIddict handler/provider.
            builder.Services.TryAddScoped(typeof(OpenIddictServerProvider<,,,>));
            builder.Services.TryAddScoped<OpenIddictServerHandler>();
            builder.Services.TryAddScoped(provider =>
            {
                var options = provider.GetRequiredService<IOptionsMonitor<OpenIddictServerOptions>>()
                    .Get(OpenIddictServerDefaults.AuthenticationScheme);

                if (options == null)
                {
                    throw new InvalidOperationException("The OpenIddict validation options cannot be resolved.");
                }

                if (options.ApplicationType == null || options.AuthorizationType == null ||
                    options.ScopeType == null || options.TokenType == null)
                {
                    throw new InvalidOperationException(new StringBuilder()
                        .AppendLine("The entity types must be configured for the token server services to work correctly.")
                        .Append("To configure the entities, use either 'services.AddOpenIddict().AddCore().UseDefaultModels()' ")
                        .Append("or 'services.AddOpenIddict().AddCore().UseCustomModels()'.")
                        .ToString());
                }

                var type = typeof(OpenIddictServerProvider<,,,>).MakeGenericType(
                    /* TApplication: */ options.ApplicationType,
                    /* TAuthorization: */ options.AuthorizationType,
                    /* TScope: */ options.ScopeType,
                    /* TToken: */ options.TokenType);

                return (OpenIdConnectServerProvider) provider.GetRequiredService(type);
            });

            // Register the OpenID Connect server handler in the authentication options,
            // so it can be discovered by the default authentication handler provider.
            builder.Services.Configure<AuthenticationOptions>(options =>
            {
                // Note: this method is guaranteed to be idempotent. To prevent multiple schemes from being
                // registered (which would result in an exception being thrown), a manual check is made here.
                if (options.SchemeMap.ContainsKey(OpenIddictServerDefaults.AuthenticationScheme))
                {
                    return;
                }

                options.AddScheme(OpenIddictServerDefaults.AuthenticationScheme, scheme =>
                {
                    scheme.HandlerType = typeof(OpenIddictServerHandler);
                });
            });

            return new OpenIddictServerBuilder(builder.Services);
        }

        /// <summary>
        /// Registers the OpenIddict token server services in the DI container.
        /// </summary>
        /// <param name="builder">The services builder used by OpenIddict to register new services.</param>
        /// <param name="configuration">The configuration delegate used to configure the server services.</param>
        /// <remarks>This extension can be safely called multiple times.</remarks>
        /// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
        public static OpenIddictBuilder AddServer(
            [NotNull] this OpenIddictBuilder builder,
            [NotNull] Action<OpenIddictServerBuilder> configuration)
        {
            if (builder == null)
            {
                throw new ArgumentNullException(nameof(builder));
            }

            if (configuration == null)
            {
                throw new ArgumentNullException(nameof(configuration));
            }

            configuration(builder.AddServer());

            return builder;
        }
    }
}