tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Final fix.

pull/861/head
Sebastian 4 years ago
parent
689cf11907
commit
9439f9d84d
3 changed files with 53 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 57
      backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs
  2. 6
      backend/src/Squidex/Config/MyIdentityOptions.cs
  3. 3
      backend/src/Squidex/appsettings.json

57
backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs
View File

@ -10,8 +10,10 @@ using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.DataProtection.KeyManagement;
using Microsoft.AspNetCore.DataProtection.Repositories;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
using OpenIddict.Abstractions;
using OpenIddict.Server;
using Squidex.Config;
using Squidex.Domain.Users;
using Squidex.Domain.Users.InMemory;
using Squidex.Hosting;
@ -84,16 +86,6 @@ namespace Squidex.Areas.IdentityServer.Config
.SetOrder(AttachTokenParameters.Descriptor.Order + 1);
});
var identityServer = Constants.PrefixIdentityServer;
builder.SetAuthorizationEndpointUris($"{identityServer}/connect/authorize");
builder.SetConfigurationEndpointUris($"{identityServer}/.well-known/openid-configuration");
builder.SetCryptographyEndpointUris($"{identityServer}/.well-known/jwks");
builder.SetIntrospectionEndpointUris($"{identityServer}/connect/introspect");
builder.SetLogoutEndpointUris($"{identityServer}/connect/logout");
builder.SetTokenEndpointUris($"{identityServer}/connect/token");
builder.SetUserinfoEndpointUris($"{identityServer}/connect/userinfo");
builder.SetAccessTokenLifetime(TimeSpan.FromDays(30));
builder.DisableAccessTokenEncryption();
@ -127,8 +119,51 @@ namespace Squidex.Areas.IdentityServer.Config
{
var urlGenerator = services.GetRequiredService<IUrlGenerator>();
options.Issuer = new Uri(urlGenerator.BuildUrl());
var identityPrefix = Constants.PrefixIdentityServer;
var identityOptions = services.GetRequiredService<IOptions<MyIdentityOptions>>().Value;
Func<string, Uri> buildUrl;
if (identityOptions.MultipleDomains)
{
buildUrl = url => new Uri($"{identityPrefix}{url}", UriKind.Relative);
options.Issuer = new Uri(urlGenerator.BuildUrl());
}
else
{
buildUrl = url => new Uri(urlGenerator.BuildUrl($"{identityPrefix}{url}", false));
options.Issuer = new Uri(urlGenerator.BuildUrl(identityPrefix, false));
}
options.AuthorizationEndpointUris.SetEndpoint(
buildUrl("/connect/authorize"));
options.IntrospectionEndpointUris.SetEndpoint(
buildUrl("/connect/introspect"));
options.LogoutEndpointUris.SetEndpoint(
buildUrl("/connect/logout"));
options.TokenEndpointUris.SetEndpoint(
buildUrl("/connect/token"));
options.UserinfoEndpointUris.SetEndpoint(
buildUrl("/connect/userinfo"));
options.CryptographyEndpointUris.SetEndpoint(
buildUrl("/.well-known/jwks"));
options.ConfigurationEndpointUris.SetEndpoint(
buildUrl("/.well-known/openid-configuration"));
});
}
private static void SetEndpoint(this List<Uri> endpointUris, Uri uri)
{
endpointUris.Clear();
endpointUris.Add(uri);
}
}
}

6
backend/src/Squidex/Config/MyIdentityOptions.cs
View File

@ -37,6 +37,8 @@ namespace Squidex.Config
public string MicrosoftTenant { get; set; }
public Dictionary<string, string[]> OidcRoleMapping { get; set; }
public string OidcName { get; set; }
public string OidcClient { get; set; }
@ -57,14 +59,14 @@ namespace Squidex.Config
public bool OidcGetClaimsFromUserInfoEndpoint { get; set; }
public Dictionary<string, string[]> OidcRoleMapping { get; set; }
public bool AdminRecreate { get; set; }
public bool AllowPasswordAuth { get; set; }
public bool LockAutomatically { get; set; }
public bool MultipleDomains { get; set; }
public bool NoConsent { get; set; }
public bool RequiresHttps { get; set; }

3
backend/src/Squidex/appsettings.json
View File

@ -513,6 +513,9 @@
"microsoftSecret": "idWbANxNYEF4cB368WXJhjN",
"microsoftTenant": null,
// Set this to true if you use multiple domains.
"multipleDomains": false,
// Settings for your custom oidc server.
"oidcName": "OIDC",
"oidcAuthority": "",

Write Preview
Loading…
Cancel
Save