simpleidp/Program.cs

// Copyright (c) SimpleIdServer. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using SimpleIdServer.IdServer.Builders;
using SimpleIdServer.IdServer.Config;
using SimpleIdServer.IdServer.Domains;
using SimpleIdServer.IdServer.Domains.DTOs;

var corsPolicyName = "AllowAll";

var realm = RealmBuilder.CreateMaster().Build();

//api.Audience = "urn:bighand:api:bi:portal";

var users = new List<User>
{
    UserBuilder
        .Create("administrator", "password", "Administrator")
        .SetEmail("adm@mail.com")
        .SetFirstname("Administrator")
        .AddRole("BI.PORTAL_ADMIN")
        .AddRole("BI.TENANT_ADMIN")
        .AddClaim("tid", "cbaa13c2-e95b-470a-bbcb-18911d5a6025")
        .AddClaim("aud","urn:bighand:api:bi:portal")
        .AddConsent("master","212C9DB96C2A4B6DA0AFDB2222F6EEAA.bighand.com","bi.portal")
        .SetEmailVerified(true)
        .Build(),

};

var rUser = new RealmUser
{
    Realm = realm,
    User = users[0],
};

users[0].Realms.Add(rUser);


var api = new ApiResource
{
    Realms = { realm },
    Name = "BI Portal API",
    Audience = "urn:bighand:api:bi:portal"
};

//var scopes = new List<Scope> { ScopeBuilder.CreateRoleScope(clients[0], "bi.portal", "").Build() };
var biScope = new Scope()
{
    Realms = { realm },
    ApiResources = { api },
    Protocol = ScopeProtocols.OAUTH,
    Type = ScopeTypes.APIRESOURCE,
    Name = "bi.portal",
    Description = "BI Portal Scope",
    ClaimMappers =
    {
        new ScopeClaimMapper()
        {
            IncludeInAccessToken = true,
            TokenClaimJsonType = TokenClaimJsonTypes.STRING,
            TargetClaimPath = "roles",
            MapperType = MappingRuleTypes.USERATTRIBUTE,
            IsMultiValued=true,
            SourceUserAttribute = "role",
            SourceUserProperty = "role",
        },
        new ScopeClaimMapper()
        {
            IncludeInAccessToken = true,
            TokenClaimJsonType = TokenClaimJsonTypes.STRING,
            TargetClaimPath = "tid",
            MapperType = MappingRuleTypes.USERATTRIBUTE,
            SourceUserAttribute = "tid",
            SourceUserProperty = "tid",
        },
         new ScopeClaimMapper()
        {
            IncludeInAccessToken = true,
            TokenClaimJsonType = TokenClaimJsonTypes.STRING,
            TargetClaimPath = "upn",
            MapperType = MappingRuleTypes.USERATTRIBUTE,
            SourceUserAttribute = "email",
            SourceUserProperty = "email",
        },

    },
};

api.Scopes.Add(biScope);
api.Realms.Add(realm);

var scopes = new List<Scope>
{
    new Scope("openid") { Realms = { realm } },
    new Scope("profile"){ Realms = { realm } },
    new Scope("offline_access"){ Realms = { realm } },
    biScope
};
var clients = new List<Client>
{
    ClientBuilder
        .BuildUserAgentClient("212C9DB96C2A4B6DA0AFDB2222F6EEAA.bighand.com", null, realm, new[] { "http://localhost:4200/loggedin" })
        .SetClientName("BI Portal")
        .AddScope(scopes.ToArray())
        .AddRefreshToken()
        .Build(),
};


clients[0].IsPublic = true;
clients[0].Realms.Add(realm);

realm.Clients.Add(clients[0]);
realm.ApiResources.Add(api);
realm.Users.Add(rUser);
scopes.ForEach(s => realm.Scopes.Add(s));


var builder = WebApplication.CreateBuilder(args);

builder.Services.AddCors(options =>
{
    options.AddPolicy(
        name: corsPolicyName,
        policy =>
        {
            policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();
        }
    );
});

builder
    .AddSidIdentityServer()
    .AddDeveloperSigningCredential()
    .AddInMemoryRealms(new[] { realm }.ToList())
    .AddInMemoryUsers(users)
    .AddInMemoryClients(clients)
    .AddInMemoryScopes(scopes)
    .AddInMemoryLanguages(DefaultLanguages.All)
    .AddPwdAuthentication(true);


var app = builder.Build();
app.Services.SeedData();
app.UseSid();
app.UseCors(corsPolicyName);

await app.RunAsync();