From a3eaf0f5b79967cf840853a26ca66d312a58606b Mon Sep 17 00:00:00 2001 From: Marek Lesko Date: Tue, 2 Sep 2025 17:43:26 +0200 Subject: [PATCH] WIP --- Program.cs | 76 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 62 insertions(+), 14 deletions(-) diff --git a/Program.cs b/Program.cs index aeef200..d7859f0 100644 --- a/Program.cs +++ b/Program.cs @@ -9,9 +9,14 @@ using Microsoft.Extensions.DependencyInjection; using SimpleIdServer.IdServer.Builders; using SimpleIdServer.IdServer.Config; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Domains.DTOs; var corsPolicyName = "AllowAll"; +var realm = RealmBuilder.CreateMaster().Build(); + +//api.Audience = "urn:bighand:api:bi:portal"; + var users = new List { UserBuilder @@ -21,26 +26,37 @@ var users = new List .AddRole("BI.PORTAL_ADMIN") .AddRole("BI.TENANT_ADMIN") .AddClaim("tid", "cbaa13c2-e95b-470a-bbcb-18911d5a6025") + .AddClaim("aud","urn:bighand:api:bi:portal") + .AddConsent("master","212C9DB96C2A4B6DA0AFDB2222F6EEAA.bighand.com","bi.portal") + .SetEmailVerified(true) .Build(), + }; -var api = ApiResourceBuilder.Create("urn:bighand:api:bi:portal", "BI Portal API").Build(); - -var clients = new List +var rUser = new RealmUser { - ClientBuilder - .BuildUserAgentClient("foo", null, null, new[] { "http://localhost:4200/loggedin" }) - .AddScope(new Scope("openid"), new Scope("profile"), new Scope("offline_access")) - .AddRefreshToken() - .Build(), + Realm = realm, + User = users[0], }; -var scopes = new List { ScopeBuilder.CreateRoleScope(clients[0], "bi.portal", "").Build() }; +users[0].Realms.Add(rUser); + + +var api = new ApiResource +{ + Realms = { realm }, + Name = "BI Portal API", + Audience = "urn:bighand:api:bi:portal" +}; + +//var scopes = new List { ScopeBuilder.CreateRoleScope(clients[0], "bi.portal", "").Build() }; var biScope = new Scope() { + Realms = { realm }, ApiResources = { api }, + Protocol = ScopeProtocols.OAUTH, + Type = ScopeTypes.APIRESOURCE, Name = "bi.portal", - Clients = { clients[0] }, Description = "BI Portal Scope", ClaimMappers = { @@ -48,8 +64,9 @@ var biScope = new Scope() { IncludeInAccessToken = true, TokenClaimJsonType = TokenClaimJsonTypes.STRING, - TargetClaimPath = "role", + TargetClaimPath = "roles", MapperType = MappingRuleTypes.USERATTRIBUTE, + IsMultiValued=true, SourceUserAttribute = "role", SourceUserProperty = "role", }, @@ -66,15 +83,44 @@ var biScope = new Scope() { IncludeInAccessToken = true, TokenClaimJsonType = TokenClaimJsonTypes.STRING, - TargetClaimPath = "email", + TargetClaimPath = "upn", MapperType = MappingRuleTypes.USERATTRIBUTE, SourceUserAttribute = "email", SourceUserProperty = "email", }, + }, }; -clients[0].Scopes.Add(biScope); +api.Scopes.Add(biScope); +api.Realms.Add(realm); + +var scopes = new List +{ + new Scope("openid") { Realms = { realm } }, + new Scope("profile"){ Realms = { realm } }, + new Scope("offline_access"){ Realms = { realm } }, + biScope +}; +var clients = new List +{ + ClientBuilder + .BuildUserAgentClient("212C9DB96C2A4B6DA0AFDB2222F6EEAA.bighand.com", null, realm, new[] { "http://localhost:4200/loggedin" }) + .SetClientName("BI Portal") + .AddScope(scopes.ToArray()) + .AddRefreshToken() + .Build(), +}; + + +clients[0].IsPublic = true; +clients[0].Realms.Add(realm); + +realm.Clients.Add(clients[0]); +realm.ApiResources.Add(api); +realm.Users.Add(rUser); +scopes.ForEach(s => realm.Scopes.Add(s)); + var builder = WebApplication.CreateBuilder(args); @@ -92,12 +138,14 @@ builder.Services.AddCors(options => builder .AddSidIdentityServer() .AddDeveloperSigningCredential() + .AddInMemoryRealms(new[] { realm }.ToList()) .AddInMemoryUsers(users) .AddInMemoryClients(clients) - .AddInMemoryScopes([biScope]) + .AddInMemoryScopes(scopes) .AddInMemoryLanguages(DefaultLanguages.All) .AddPwdAuthentication(true); + var app = builder.Build(); app.Services.SeedData(); app.UseSid();