mirror of
https://git.teknik.io/Teknikode/Teknik.git
synced 2023-08-02 14:16:22 +02:00
143 lines
4.6 KiB
C#
143 lines
4.6 KiB
C#
|
using System;
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.IdentityModel.Tokens.Jwt;
|
|||
|
using System.Security.Claims;
|
|||
|
using IdentityModel;
|
|||
|
using IdentityServer4;
|
|||
|
using IdentityServer4.Models;
|
|||
|
using IdentityServer4.Test;
|
|||
|
using Teknik.Configuration;
|
|||
|
|
|||
|
namespace Teknik.IdentityServer.Configuration
|
|||
|
{
|
|||
|
internal class Clients
|
|||
|
{
|
|||
|
public static IEnumerable<Client> Get(Config config)
|
|||
|
{
|
|||
|
return new List<Client> {
|
|||
|
new Client
|
|||
|
{
|
|||
|
ClientId = config.UserConfig.IdentityServerConfig.ClientId,
|
|||
|
ClientName = "Teknik Web Services",
|
|||
|
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
|
|||
|
|
|||
|
ClientSecrets =
|
|||
|
{
|
|||
|
new Secret(config.UserConfig.IdentityServerConfig.ClientSecret.Sha256())
|
|||
|
},
|
|||
|
|
|||
|
RequireConsent = false,
|
|||
|
|
|||
|
AllowedScopes =
|
|||
|
{
|
|||
|
IdentityServerConstants.StandardScopes.OpenId,
|
|||
|
"role",
|
|||
|
"account-info",
|
|||
|
"security-info",
|
|||
|
"teknik-api.read",
|
|||
|
"teknik-api.write",
|
|||
|
"auth-api"
|
|||
|
},
|
|||
|
AllowOfflineAccess = true
|
|||
|
}
|
|||
|
};
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
internal class Resources
|
|||
|
{
|
|||
|
public static IEnumerable<IdentityResource> GetIdentityResources()
|
|||
|
{
|
|||
|
return new List<IdentityResource> {
|
|||
|
new IdentityResources.OpenId(),
|
|||
|
new IdentityResource
|
|||
|
{
|
|||
|
Name = "account-info",
|
|||
|
DisplayName = "Account Info",
|
|||
|
UserClaims = new List<string>
|
|||
|
{
|
|||
|
"username",
|
|||
|
"email",
|
|||
|
"creation-date",
|
|||
|
"last-seen",
|
|||
|
"account-type",
|
|||
|
"account-status"
|
|||
|
}
|
|||
|
},
|
|||
|
new IdentityResource
|
|||
|
{
|
|||
|
Name = "security-info",
|
|||
|
DisplayName = "Security Info",
|
|||
|
UserClaims = new List<string>
|
|||
|
{
|
|||
|
"recovery-email",
|
|||
|
"recovery-verified",
|
|||
|
"pgp-public-key"
|
|||
|
}
|
|||
|
},
|
|||
|
new IdentityResource {
|
|||
|
Name = "role",
|
|||
|
DisplayName = "Role",
|
|||
|
UserClaims = new List<string> {"role"}
|
|||
|
}
|
|||
|
};
|
|||
|
}
|
|||
|
|
|||
|
public static IEnumerable<ApiResource> GetApiResources(Config config)
|
|||
|
{
|
|||
|
return new List<ApiResource> {
|
|||
|
new ApiResource {
|
|||
|
Name = config.UserConfig.IdentityServerConfig.APIName,
|
|||
|
DisplayName = "Teknik API",
|
|||
|
Description = "Teknik API Access for end users",
|
|||
|
UserClaims = new List<string> {"role"},
|
|||
|
ApiSecrets = new List<Secret> {new Secret(config.UserConfig.IdentityServerConfig.APISecret.Sha256()) },
|
|||
|
Scopes = new List<Scope> {
|
|||
|
new Scope("teknik-api.read", "Teknik API Read Access"),
|
|||
|
new Scope("teknik-api.write", "Teknik API Write Access")
|
|||
|
}
|
|||
|
},
|
|||
|
new ApiResource {
|
|||
|
Name = "auth-api",
|
|||
|
DisplayName = "Auth Server API",
|
|||
|
Description = "Auth Server API Access for managing the Auth Server",
|
|||
|
Scopes = new List<Scope> {
|
|||
|
new Scope()
|
|||
|
{
|
|||
|
Name = "auth-api",
|
|||
|
ShowInDiscoveryDocument = false,
|
|||
|
Required = true
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
};
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
internal class Policies
|
|||
|
{
|
|||
|
public static IEnumerable<Policy> Get()
|
|||
|
{
|
|||
|
return new List<Policy>
|
|||
|
{
|
|||
|
new Policy
|
|||
|
{
|
|||
|
Name = "Internal",
|
|||
|
Scopes = { "auth-api" }
|
|||
|
}
|
|||
|
};
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
internal class Policy
|
|||
|
{
|
|||
|
public string Name { get; set; }
|
|||
|
public ICollection<string> Scopes { get; set; }
|
|||
|
|
|||
|
public Policy()
|
|||
|
{
|
|||
|
Name = string.Empty;
|
|||
|
Scopes = new List<string>();
|
|||
|
}
|
|||
|
}
|
|||
|
}
|