WIP

Program.cs

@@ -9,9 +9,14 @@ using Microsoft.Extensions.DependencyInjection;
 using SimpleIdServer.IdServer.Builders;
 using SimpleIdServer.IdServer.Config;
 using SimpleIdServer.IdServer.Domains;
+using SimpleIdServer.IdServer.Domains.DTOs;
 
 var corsPolicyName = "AllowAll";
 
+var realm = RealmBuilder.CreateMaster().Build();
+
+//api.Audience = "urn:bighand:api:bi:portal";
+
 var users = new List<User>
 {
     UserBuilder
@@ -21,26 +26,37 @@ var users = new List<User>
         .AddRole("BI.PORTAL_ADMIN")
         .AddRole("BI.TENANT_ADMIN")
         .AddClaim("tid", "cbaa13c2-e95b-470a-bbcb-18911d5a6025")
+        .AddClaim("aud","urn:bighand:api:bi:portal")
+        .AddConsent("master","212C9DB96C2A4B6DA0AFDB2222F6EEAA.bighand.com","bi.portal")
+        .SetEmailVerified(true)
         .Build(),
+
 };
 
-var api = ApiResourceBuilder.Create("urn:bighand:api:bi:portal", "BI Portal API").Build();
+var rUser = new RealmUser
-
-var clients = new List<Client>
 {
-    ClientBuilder
+    Realm = realm,
-        .BuildUserAgentClient("foo", null, null, new[] { "http://localhost:4200/loggedin" })
+    User = users[0],
-        .AddScope(new Scope("openid"), new Scope("profile"), new Scope("offline_access"))
-        .AddRefreshToken()
-        .Build(),
 };
 
-var scopes = new List<Scope> { ScopeBuilder.CreateRoleScope(clients[0], "bi.portal", "").Build() };
+users[0].Realms.Add(rUser);
+
+
+var api = new ApiResource
+{
+    Realms = { realm },
+    Name = "BI Portal API",
+    Audience = "urn:bighand:api:bi:portal"
+};
+
+//var scopes = new List<Scope> { ScopeBuilder.CreateRoleScope(clients[0], "bi.portal", "").Build() };
 var biScope = new Scope()
 {
+    Realms = { realm },
     ApiResources = { api },
+    Protocol = ScopeProtocols.OAUTH,
+    Type = ScopeTypes.APIRESOURCE,
     Name = "bi.portal",
-    Clients = { clients[0] },
     Description = "BI Portal Scope",
     ClaimMappers =
     {
@@ -48,8 +64,9 @@ var biScope = new Scope()
         {
             IncludeInAccessToken = true,
             TokenClaimJsonType = TokenClaimJsonTypes.STRING,
-            TargetClaimPath = "role",
+            TargetClaimPath = "roles",
             MapperType = MappingRuleTypes.USERATTRIBUTE,
+            IsMultiValued=true,
             SourceUserAttribute = "role",
             SourceUserProperty = "role",
         },
@@ -66,15 +83,44 @@ var biScope = new Scope()
         {
             IncludeInAccessToken = true,
             TokenClaimJsonType = TokenClaimJsonTypes.STRING,
-            TargetClaimPath = "email",
+            TargetClaimPath = "upn",
             MapperType = MappingRuleTypes.USERATTRIBUTE,
             SourceUserAttribute = "email",
             SourceUserProperty = "email",
         },
+
     },
 };
 
-clients[0].Scopes.Add(biScope);
+api.Scopes.Add(biScope);
+api.Realms.Add(realm);
+
+var scopes = new List<Scope>
+{
+    new Scope("openid") { Realms = { realm } },
+    new Scope("profile"){ Realms = { realm } },
+    new Scope("offline_access"){ Realms = { realm } },
+    biScope
+};
+var clients = new List<Client>
+{
+    ClientBuilder
+        .BuildUserAgentClient("212C9DB96C2A4B6DA0AFDB2222F6EEAA.bighand.com", null, realm, new[] { "http://localhost:4200/loggedin" })
+        .SetClientName("BI Portal")
+        .AddScope(scopes.ToArray())
+        .AddRefreshToken()
+        .Build(),
+};
+
+
+clients[0].IsPublic = true;
+clients[0].Realms.Add(realm);
+
+realm.Clients.Add(clients[0]);
+realm.ApiResources.Add(api);
+realm.Users.Add(rUser);
+scopes.ForEach(s => realm.Scopes.Add(s));
+
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -92,12 +138,14 @@ builder.Services.AddCors(options =>
 builder
     .AddSidIdentityServer()
     .AddDeveloperSigningCredential()
+    .AddInMemoryRealms(new[] { realm }.ToList())
     .AddInMemoryUsers(users)
     .AddInMemoryClients(clients)
-    .AddInMemoryScopes([biScope])
+    .AddInMemoryScopes(scopes)
     .AddInMemoryLanguages(DefaultLanguages.All)
     .AddPwdAuthentication(true);
 
+
 var app = builder.Build();
 app.Services.SeedData();
 app.UseSid();