You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
87 lines
3.7 KiB
87 lines
3.7 KiB
/*
|
|
* Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
|
|
* See https://github.com/openiddict/openiddict-core for more information concerning
|
|
* the license and the contributors participating to this project.
|
|
*/
|
|
|
|
using System.ComponentModel;
|
|
using Microsoft.Extensions.Options;
|
|
using OpenIddict.Server;
|
|
|
|
namespace OpenIddict.Validation.ServerIntegration;
|
|
|
|
/// <summary>
|
|
/// Contains the methods required to ensure that the OpenIddict validation/server integration configuration is valid.
|
|
/// </summary>
|
|
[EditorBrowsable(EditorBrowsableState.Advanced)]
|
|
public sealed class OpenIddictValidationServerIntegrationConfiguration : IConfigureOptions<OpenIddictValidationOptions>,
|
|
IPostConfigureOptions<OpenIddictValidationOptions>
|
|
{
|
|
private readonly IOptionsMonitor<OpenIddictServerOptions> _options;
|
|
|
|
/// <summary>
|
|
/// Creates a new instance of the <see cref="OpenIddictValidationServerIntegrationConfiguration"/> class.
|
|
/// </summary>
|
|
/// <param name="options">The OpenIddict server options.</param>
|
|
public OpenIddictValidationServerIntegrationConfiguration(IOptionsMonitor<OpenIddictServerOptions> options)
|
|
=> _options = options ?? throw new ArgumentNullException(nameof(options));
|
|
|
|
/// <inheritdoc/>
|
|
public void Configure(OpenIddictValidationOptions options)
|
|
{
|
|
if (options is null)
|
|
{
|
|
throw new ArgumentNullException(nameof(options));
|
|
}
|
|
|
|
// Note: the issuer may be null. In this case, it will be usually provided by
|
|
// a validation handler registered by the host (e.g ASP.NET Core or OWIN/Katana).
|
|
options.Issuer = _options.CurrentValue.Issuer;
|
|
options.Configuration = new OpenIddictConfiguration
|
|
{
|
|
Issuer = options.Issuer
|
|
};
|
|
|
|
// Import the signing keys from the server configuration.
|
|
foreach (var credentials in _options.CurrentValue.SigningCredentials)
|
|
{
|
|
options.Configuration.SigningKeys.Add(credentials.Key);
|
|
}
|
|
|
|
// Import the encryption keys from the server configuration.
|
|
options.EncryptionCredentials.AddRange(_options.CurrentValue.EncryptionCredentials);
|
|
|
|
// Note: token entry validation must be enabled to be able to validate reference access tokens.
|
|
options.EnableTokenEntryValidation = _options.CurrentValue.UseReferenceAccessTokens;
|
|
}
|
|
|
|
/// <inheritdoc/>
|
|
public void PostConfigure(string? name, OpenIddictValidationOptions options)
|
|
{
|
|
if (options is null)
|
|
{
|
|
throw new ArgumentNullException(nameof(options));
|
|
}
|
|
|
|
if (options.ValidationType is not OpenIddictValidationType.Direct)
|
|
{
|
|
throw new InvalidOperationException(SR.GetResourceString(SR.ID0170));
|
|
}
|
|
|
|
// Note: authorization validation requires that authorizations have an entry
|
|
// in the database (containing at least the authorization metadata), which is
|
|
// not created if the authorization storage is disabled in the server options.
|
|
if (options.EnableAuthorizationEntryValidation && _options.CurrentValue.DisableAuthorizationStorage)
|
|
{
|
|
throw new InvalidOperationException(SR.GetResourceString(SR.ID0171));
|
|
}
|
|
|
|
// Note: token validation requires that tokens have an entry in the database
|
|
// (containing at least the token metadata), which is not created if the
|
|
// token storage is disabled in the OpenIddict server options.
|
|
if (options.EnableTokenEntryValidation && _options.CurrentValue.DisableTokenStorage)
|
|
{
|
|
throw new InvalidOperationException(SR.GetResourceString(SR.ID0172));
|
|
}
|
|
}
|
|
}
|
|
|