tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Headless CMS and Content Managment Hub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1240 Commits
16 Branches
152 Tags
129 MiB
 
 
 
 
 
Tree: 31140aced2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '31140aced2'
${ noResults }
squidex/src/Squidex/Areas/IdentityServer/Config/LazyClientStore.cs

152 lines
5.2 KiB
Raw Blame History

// ==========================================================================
// LazyClientStore.cs
// Squidex Headless CMS
// ==========================================================================
// Copyright (c) Squidex Group
// All rights reserved.
// ==========================================================================
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Stores;
using Microsoft.Extensions.Options;
using Squidex.Config;
using Squidex.Domain.Apps.Core.Apps;
using Squidex.Domain.Apps.Read;
using Squidex.Infrastructure;
namespace Squidex.Areas.IdentityServer.Config
{
public class LazyClientStore : IClientStore
{
private readonly IAppProvider appState;
private readonly Dictionary<string, Client> staticClients = new Dictionary<string, Client>(StringComparer.OrdinalIgnoreCase);
public LazyClientStore(IOptions<MyUrlsOptions> urlsOptions, IAppProvider appState)
{
Guard.NotNull(urlsOptions, nameof(urlsOptions));
Guard.NotNull(appState, nameof(appState));
this.appState = appState;
CreateStaticClients(urlsOptions);
}
public async Task<Client> FindClientByIdAsync(string clientId)
{
var client = staticClients.GetOrDefault(clientId);
if (client != null)
{
return client;
}
var token = clientId.Split(':');
if (token.Length != 2)
{
return null;
}
var app = await appState.GetAppAsync(token[0]);
var appClient = app?.Clients.GetOrDefault(token[1]);
if (appClient == null)
{
return null;
}
client = CreateClientFromApp(clientId, appClient);
return client;
}
private static Client CreateClientFromApp(string id, AppClient appClient)
{
return new Client
{
ClientId = id,
ClientName = id,
ClientSecrets = new List<Secret> { new Secret(appClient.Secret.Sha256()) },
AccessTokenLifetime = (int)TimeSpan.FromDays(30).TotalSeconds,
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = new List<string>
{
Constants.ApiScope,
Constants.RoleScope
}
};
}
private void CreateStaticClients(IOptions<MyUrlsOptions> urlsOptions)
{
foreach (var client in CreateStaticClients(urlsOptions.Value))
{
staticClients[client.ClientId] = client;
}
}
private static IEnumerable<Client> CreateStaticClients(MyUrlsOptions urlsOptions)
{
var frontendId = Constants.FrontendClient;
yield return new Client
{
ClientId = frontendId,
ClientName = frontendId,
RedirectUris = new List<string>
{
urlsOptions.BuildUrl("login;"),
urlsOptions.BuildUrl("client-callback-silent", false),
urlsOptions.BuildUrl("client-callback-popup", false)
},
PostLogoutRedirectUris = new List<string>
{
urlsOptions.BuildUrl("logout", false)
},
AllowAccessTokensViaBrowser = true,
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
Constants.ApiScope,
Constants.ProfileScope,
Constants.RoleScope
},
RequireConsent = false
};
var internalClient = Constants.InternalClientId;
yield return new Client
{
ClientId = internalClient,
ClientName = internalClient,
ClientSecrets = new List<Secret> { new Secret(Constants.InternalClientSecret) },
RedirectUris = new List<string>
{
urlsOptions.BuildUrl("orleans/signin-oidc", false),
urlsOptions.BuildUrl("portal/signin-oidc", false)
},
AccessTokenLifetime = (int)TimeSpan.FromDays(30).TotalSeconds,
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials,
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
Constants.ApiScope,
Constants.ProfileScope,
Constants.RoleScope
},
RequireConsent = false
};
}
}
}