// Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using System; using System.Collections.Generic; using System.Linq; using System.Security.Claims; using Microsoft.AspNetCore.Builder; using Microsoft.Extensions.DependencyInjection; using SimpleIdServer.IdServer.Builders; using SimpleIdServer.IdServer.Config; using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Domains.DTOs; var corsPolicyName = "AllowAll"; var realm = RealmBuilder.CreateMaster().Build(); //api.Audience = "urn:bighand:api:bi:portal"; var users = new List { UserBuilder .Create("administrator", "password", "Administrator") .SetEmail("adm@mail.com") .SetFirstname("Administrator") .AddRole("BI.PORTAL_ADMIN") .AddRole("BI.TENANT_ADMIN") .AddClaim("tid", "cbaa13c2-e95b-470a-bbcb-18911d5a6025") .AddClaim("aud","urn:bighand:api:bi:portal") .AddConsent("master","212C9DB96C2A4B6DA0AFDB2222F6EEAA.bighand.com","bi.portal") .SetEmailVerified(true) .Build(), }; var rUser = new RealmUser { Realm = realm, User = users[0], }; users[0].Realms.Add(rUser); var api = new ApiResource { Realms = { realm }, Name = "BI Portal API", Audience = "urn:bighand:api:bi:portal" }; //var scopes = new List { ScopeBuilder.CreateRoleScope(clients[0], "bi.portal", "").Build() }; var biScope = new Scope() { Realms = { realm }, ApiResources = { api }, Protocol = ScopeProtocols.OAUTH, Type = ScopeTypes.APIRESOURCE, Name = "bi.portal", Description = "BI Portal Scope", ClaimMappers = { new ScopeClaimMapper() { IncludeInAccessToken = true, TokenClaimJsonType = TokenClaimJsonTypes.STRING, TargetClaimPath = "roles", MapperType = MappingRuleTypes.USERATTRIBUTE, IsMultiValued=true, SourceUserAttribute = "role", SourceUserProperty = "role", }, new ScopeClaimMapper() { IncludeInAccessToken = true, TokenClaimJsonType = TokenClaimJsonTypes.STRING, TargetClaimPath = "tid", MapperType = MappingRuleTypes.USERATTRIBUTE, SourceUserAttribute = "tid", SourceUserProperty = "tid", }, new ScopeClaimMapper() { IncludeInAccessToken = true, TokenClaimJsonType = TokenClaimJsonTypes.STRING, TargetClaimPath = "upn", MapperType = MappingRuleTypes.USERATTRIBUTE, SourceUserAttribute = "email", SourceUserProperty = "email", }, }, }; api.Scopes.Add(biScope); api.Realms.Add(realm); var scopes = new List { new Scope("openid") { Realms = { realm } }, new Scope("profile"){ Realms = { realm } }, new Scope("offline_access"){ Realms = { realm } }, biScope }; var clients = new List { ClientBuilder .BuildUserAgentClient("212C9DB96C2A4B6DA0AFDB2222F6EEAA.bighand.com", null, realm, new[] { "http://localhost:4200/loggedin" }) .SetClientName("BI Portal") .AddScope(scopes.ToArray()) .AddRefreshToken() .Build(), }; clients[0].IsPublic = true; clients[0].Realms.Add(realm); realm.Clients.Add(clients[0]); realm.ApiResources.Add(api); realm.Users.Add(rUser); scopes.ForEach(s => realm.Scopes.Add(s)); var builder = WebApplication.CreateBuilder(args); builder.Services.AddCors(options => { options.AddPolicy( name: corsPolicyName, policy => { policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader(); } ); }); builder .AddSidIdentityServer() .AddDeveloperSigningCredential() .AddInMemoryRealms(new[] { realm }.ToList()) .AddInMemoryUsers(users) .AddInMemoryClients(clients) .AddInMemoryScopes(scopes) .AddInMemoryLanguages(DefaultLanguages.All) .AddPwdAuthentication(true); var app = builder.Build(); app.Services.SeedData(); app.UseSid(); app.UseCors(corsPolicyName); await app.RunAsync();