using System; using System.Collections.Generic; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using IdentityModel; using IdentityServer4; using IdentityServer4.Models; using IdentityServer4.Test; using Teknik.Configuration; namespace Teknik.IdentityServer.Configuration { internal class Clients { public static IEnumerable Get(Config config) { return new List { new Client { ClientId = config.UserConfig.IdentityServerConfig.ClientId, ClientName = "Teknik Web Services", AllowedGrantTypes = GrantTypes.HybridAndClientCredentials, ClientSecrets = { new Secret(config.UserConfig.IdentityServerConfig.ClientSecret.Sha256()) }, RequireConsent = false, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, "role", "account-info", "security-info", "teknik-api.read", "teknik-api.write", "auth-api" }, AllowOfflineAccess = true } }; } } internal class Resources { public static IEnumerable GetIdentityResources() { return new List { new IdentityResources.OpenId(), new IdentityResource { Name = "account-info", DisplayName = "Account Info", UserClaims = new List { "username", "email", "creation-date", "last-seen", "account-type", "account-status" } }, new IdentityResource { Name = "security-info", DisplayName = "Security Info", UserClaims = new List { "recovery-email", "recovery-verified", "pgp-public-key" } }, new IdentityResource { Name = "role", DisplayName = "Role", UserClaims = new List {"role"} } }; } public static IEnumerable GetApiResources(Config config) { return new List { new ApiResource { Name = config.UserConfig.IdentityServerConfig.APIName, DisplayName = "Teknik API", Description = "Teknik API Access for end users", UserClaims = new List {"role", "username"}, ApiSecrets = new List {new Secret(config.UserConfig.IdentityServerConfig.APISecret.Sha256()) }, Scopes = new List { new Scope("teknik-api.read", "Teknik API Read Access"), new Scope("teknik-api.write", "Teknik API Write Access") } }, new ApiResource { Name = "auth-api", DisplayName = "Auth Server API", Description = "Auth Server API Access for managing the Auth Server", Scopes = new List { new Scope() { Name = "auth-api", ShowInDiscoveryDocument = false, Required = true } } } }; } } internal class Policies { public static IEnumerable Get() { return new List { new Policy { Name = "Internal", Scopes = { "auth-api" } } }; } } internal class Policy { public string Name { get; set; } public ICollection Scopes { get; set; } public Policy() { Name = string.Empty; Scopes = new List(); } } }