diff --git a/Directory.Build.props b/Directory.Build.props index a58bedbbc..f8915f986 100644 --- a/Directory.Build.props +++ b/Directory.Build.props @@ -1,6 +1,6 @@ - 5.0.0 + 5.0.1 SimpleIdServer SimpleIdServer diff --git a/SimpleIdServer.CredentialIssuer.Host.sln b/SimpleIdServer.CredentialIssuer.Host.sln index 3293cc48b..da7abdd20 100644 --- a/SimpleIdServer.CredentialIssuer.Host.sln +++ b/SimpleIdServer.CredentialIssuer.Host.sln @@ -35,6 +35,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.CredentialIs EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "json-ld.net", "json-ld.net\src\json-ld.net\json-ld.net.csproj", "{B51DC1D9-4A57-4D36-B61C-F93D61878321}" EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SimpleIdServer.CredentialIssuer.Console", "src\CredentialIssuer\SimpleIdServer.CredentialIssuer.Console\SimpleIdServer.CredentialIssuer.Console.csproj", "{DAB56B5C-8F1B-4B56-90A0-DB19332D8630}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -89,6 +91,10 @@ Global {B51DC1D9-4A57-4D36-B61C-F93D61878321}.Debug|Any CPU.Build.0 = Debug|Any CPU {B51DC1D9-4A57-4D36-B61C-F93D61878321}.Release|Any CPU.ActiveCfg = Release|Any CPU {B51DC1D9-4A57-4D36-B61C-F93D61878321}.Release|Any CPU.Build.0 = Release|Any CPU + {DAB56B5C-8F1B-4B56-90A0-DB19332D8630}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {DAB56B5C-8F1B-4B56-90A0-DB19332D8630}.Debug|Any CPU.Build.0 = Debug|Any CPU + {DAB56B5C-8F1B-4B56-90A0-DB19332D8630}.Release|Any CPU.ActiveCfg = Release|Any CPU + {DAB56B5C-8F1B-4B56-90A0-DB19332D8630}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -107,6 +113,7 @@ Global {6B7D2058-4163-4D5B-B002-FBBCD26C80FB} = {E81A364B-F1A9-4BAB-95F9-8163AF8A0FD9} {651DAE84-AB36-4D05-B604-3B4A6C885B05} = {E2AE7484-8B8A-4B03-A5E8-93E65905E3DF} {B51DC1D9-4A57-4D36-B61C-F93D61878321} = {CAD5C508-21EA-441F-843E-0E5B6CB9A102} + {DAB56B5C-8F1B-4B56-90A0-DB19332D8630} = {E2AE7484-8B8A-4B03-A5E8-93E65905E3DF} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {AEF94609-C4E0-43B5-ACF8-6EE13FDD5804} diff --git a/SimpleIdServer.Federation.sln b/SimpleIdServer.Federation.sln new file mode 100644 index 000000000..3a877b475 --- /dev/null +++ b/SimpleIdServer.Federation.sln @@ -0,0 +1,88 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.1.32328.378 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "02. Startup", "02. Startup", "{A783A4AE-2E11-4A5D-AECE-0FD34981264A}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.Federation.Ta.Startup", "src\Federation\SimpleIdServer.Federation.Ta.Startup\SimpleIdServer.Federation.Ta.Startup.csproj", "{38943163-054D-479F-BFC6-828838889307}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "01. Core", "01. Core", "{EAD61669-BE54-4AB9-AEE1-79C2384CC41F}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.Authority.Federation", "src\IdServer\SimpleIdServer.Authority.Federation\SimpleIdServer.Authority.Federation.csproj", "{9B2AEBC5-7914-4F93-8AF7-706A99879005}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.OpenidFederation", "src\IdServer\SimpleIdServer.OpenidFederation\SimpleIdServer.OpenidFederation.csproj", "{5F2A66AA-0A03-4651-8408-084BA13E76DE}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.Rp.Federation", "src\IdServer\SimpleIdServer.Rp.Federation\SimpleIdServer.Rp.Federation.csproj", "{D9088814-07DD-4BA2-BDE2-8FBBD202EFC9}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.DPoP", "src\IdServer\SimpleIdServer.DPoP\SimpleIdServer.DPoP.csproj", "{7B30E4B3-B2E4-42E3-A9AD-E3D609F2B987}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.IdServer.Helpers", "src\IdServer\SimpleIdServer.IdServer.Helpers\SimpleIdServer.IdServer.Helpers.csproj", "{DBB697EC-F7C1-477E-AFAA-BCC4E4D1B64B}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.OpenidFederation.Store.EF", "src\IdServer\SimpleIdServer.OpenidFederation.Store.EF\SimpleIdServer.OpenidFederation.Store.EF.csproj", "{8CE25E6F-5710-4314-A89B-F355C22502C3}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.Federation.Rp.Startup", "src\Federation\SimpleIdServer.Federation.Rp.Startup\SimpleIdServer.Federation.Rp.Startup.csproj", "{904B2DA2-BDC1-4A81-8B93-1C25BDF2FF35}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.OpenIdConnect", "src\IdServer\SimpleIdServer.OpenIdConnect\SimpleIdServer.OpenIdConnect.csproj", "{36BCF43C-4E39-43EE-8ED0-A5FC7C547D3A}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {38943163-054D-479F-BFC6-828838889307}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {38943163-054D-479F-BFC6-828838889307}.Debug|Any CPU.Build.0 = Debug|Any CPU + {38943163-054D-479F-BFC6-828838889307}.Release|Any CPU.ActiveCfg = Release|Any CPU + {38943163-054D-479F-BFC6-828838889307}.Release|Any CPU.Build.0 = Release|Any CPU + {9B2AEBC5-7914-4F93-8AF7-706A99879005}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {9B2AEBC5-7914-4F93-8AF7-706A99879005}.Debug|Any CPU.Build.0 = Debug|Any CPU + {9B2AEBC5-7914-4F93-8AF7-706A99879005}.Release|Any CPU.ActiveCfg = Release|Any CPU + {9B2AEBC5-7914-4F93-8AF7-706A99879005}.Release|Any CPU.Build.0 = Release|Any CPU + {5F2A66AA-0A03-4651-8408-084BA13E76DE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {5F2A66AA-0A03-4651-8408-084BA13E76DE}.Debug|Any CPU.Build.0 = Debug|Any CPU + {5F2A66AA-0A03-4651-8408-084BA13E76DE}.Release|Any CPU.ActiveCfg = Release|Any CPU + {5F2A66AA-0A03-4651-8408-084BA13E76DE}.Release|Any CPU.Build.0 = Release|Any CPU + {D9088814-07DD-4BA2-BDE2-8FBBD202EFC9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {D9088814-07DD-4BA2-BDE2-8FBBD202EFC9}.Debug|Any CPU.Build.0 = Debug|Any CPU + {D9088814-07DD-4BA2-BDE2-8FBBD202EFC9}.Release|Any CPU.ActiveCfg = Release|Any CPU + {D9088814-07DD-4BA2-BDE2-8FBBD202EFC9}.Release|Any CPU.Build.0 = Release|Any CPU + {7B30E4B3-B2E4-42E3-A9AD-E3D609F2B987}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {7B30E4B3-B2E4-42E3-A9AD-E3D609F2B987}.Debug|Any CPU.Build.0 = Debug|Any CPU + {7B30E4B3-B2E4-42E3-A9AD-E3D609F2B987}.Release|Any CPU.ActiveCfg = Release|Any CPU + {7B30E4B3-B2E4-42E3-A9AD-E3D609F2B987}.Release|Any CPU.Build.0 = Release|Any CPU + {DBB697EC-F7C1-477E-AFAA-BCC4E4D1B64B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {DBB697EC-F7C1-477E-AFAA-BCC4E4D1B64B}.Debug|Any CPU.Build.0 = Debug|Any CPU + {DBB697EC-F7C1-477E-AFAA-BCC4E4D1B64B}.Release|Any CPU.ActiveCfg = Release|Any CPU + {DBB697EC-F7C1-477E-AFAA-BCC4E4D1B64B}.Release|Any CPU.Build.0 = Release|Any CPU + {8CE25E6F-5710-4314-A89B-F355C22502C3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {8CE25E6F-5710-4314-A89B-F355C22502C3}.Debug|Any CPU.Build.0 = Debug|Any CPU + {8CE25E6F-5710-4314-A89B-F355C22502C3}.Release|Any CPU.ActiveCfg = Release|Any CPU + {8CE25E6F-5710-4314-A89B-F355C22502C3}.Release|Any CPU.Build.0 = Release|Any CPU + {904B2DA2-BDC1-4A81-8B93-1C25BDF2FF35}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {904B2DA2-BDC1-4A81-8B93-1C25BDF2FF35}.Debug|Any CPU.Build.0 = Debug|Any CPU + {904B2DA2-BDC1-4A81-8B93-1C25BDF2FF35}.Release|Any CPU.ActiveCfg = Release|Any CPU + {904B2DA2-BDC1-4A81-8B93-1C25BDF2FF35}.Release|Any CPU.Build.0 = Release|Any CPU + {36BCF43C-4E39-43EE-8ED0-A5FC7C547D3A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {36BCF43C-4E39-43EE-8ED0-A5FC7C547D3A}.Debug|Any CPU.Build.0 = Debug|Any CPU + {36BCF43C-4E39-43EE-8ED0-A5FC7C547D3A}.Release|Any CPU.ActiveCfg = Release|Any CPU + {36BCF43C-4E39-43EE-8ED0-A5FC7C547D3A}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(NestedProjects) = preSolution + {38943163-054D-479F-BFC6-828838889307} = {A783A4AE-2E11-4A5D-AECE-0FD34981264A} + {9B2AEBC5-7914-4F93-8AF7-706A99879005} = {EAD61669-BE54-4AB9-AEE1-79C2384CC41F} + {5F2A66AA-0A03-4651-8408-084BA13E76DE} = {EAD61669-BE54-4AB9-AEE1-79C2384CC41F} + {D9088814-07DD-4BA2-BDE2-8FBBD202EFC9} = {EAD61669-BE54-4AB9-AEE1-79C2384CC41F} + {7B30E4B3-B2E4-42E3-A9AD-E3D609F2B987} = {EAD61669-BE54-4AB9-AEE1-79C2384CC41F} + {DBB697EC-F7C1-477E-AFAA-BCC4E4D1B64B} = {EAD61669-BE54-4AB9-AEE1-79C2384CC41F} + {8CE25E6F-5710-4314-A89B-F355C22502C3} = {EAD61669-BE54-4AB9-AEE1-79C2384CC41F} + {904B2DA2-BDC1-4A81-8B93-1C25BDF2FF35} = {A783A4AE-2E11-4A5D-AECE-0FD34981264A} + {36BCF43C-4E39-43EE-8ED0-A5FC7C547D3A} = {EAD61669-BE54-4AB9-AEE1-79C2384CC41F} + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {48A4817A-3DC6-4471-9D97-4B71EFA432F9} + EndGlobalSection +EndGlobal diff --git a/SimpleIdServer.IdServer.Host.sln b/SimpleIdServer.IdServer.Host.sln index 4cdd47866..3d90b5b37 100644 --- a/SimpleIdServer.IdServer.Host.sln +++ b/SimpleIdServer.IdServer.Host.sln @@ -113,6 +113,20 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.IdServer.Sto EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.IdServer.SqlSugar.Startup", "src\IdServer\SimpleIdServer.IdServer.SqlSugar.Startup\SimpleIdServer.IdServer.SqlSugar.Startup.csproj", "{0D76EB63-29B1-4878-84D1-2D35897EE1FA}" EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.SelfIdServer.Host.Acceptance.Tests", "tests\SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests\SimpleIdServer.SelfIdServer.Host.Acceptance.Tests.csproj", "{467B3D10-E6C9-427F-A29F-373AE95ECF69}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "07. OpenidFederation", "07. OpenidFederation", "{0473E3F7-F4CB-4305-A980-174A953CF0DB}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.IdServer.Federation", "src\IdServer\SimpleIdServer.IdServer.Federation\SimpleIdServer.IdServer.Federation.csproj", "{4A7E1AFE-98FB-4B40-B41B-A912C448D020}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.OpenidFederation", "src\IdServer\SimpleIdServer.OpenidFederation\SimpleIdServer.OpenidFederation.csproj", "{4D3F4A42-8997-4F4E-AD5D-1A26D25E94B0}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.OpenidFederation.Tests", "tests\SimpleIdServer.OpenidFederation.Tests\SimpleIdServer.OpenidFederation.Tests.csproj", "{7B4FB0E4-2B43-4EC4-B978-99E225FBC368}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.Rp.Federation", "src\IdServer\SimpleIdServer.Rp.Federation\SimpleIdServer.Rp.Federation.csproj", "{DC1EBA7B-7458-4AC5-80D4-56E20541C4F4}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.Authority.Federation", "src\IdServer\SimpleIdServer.Authority.Federation\SimpleIdServer.Authority.Federation.csproj", "{687CFA3C-D027-424A-A15C-B2BF18B58607}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -299,6 +313,30 @@ Global {0D76EB63-29B1-4878-84D1-2D35897EE1FA}.Debug|Any CPU.Build.0 = Debug|Any CPU {0D76EB63-29B1-4878-84D1-2D35897EE1FA}.Release|Any CPU.ActiveCfg = Release|Any CPU {0D76EB63-29B1-4878-84D1-2D35897EE1FA}.Release|Any CPU.Build.0 = Release|Any CPU + {467B3D10-E6C9-427F-A29F-373AE95ECF69}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {467B3D10-E6C9-427F-A29F-373AE95ECF69}.Debug|Any CPU.Build.0 = Debug|Any CPU + {467B3D10-E6C9-427F-A29F-373AE95ECF69}.Release|Any CPU.ActiveCfg = Release|Any CPU + {467B3D10-E6C9-427F-A29F-373AE95ECF69}.Release|Any CPU.Build.0 = Release|Any CPU + {4A7E1AFE-98FB-4B40-B41B-A912C448D020}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {4A7E1AFE-98FB-4B40-B41B-A912C448D020}.Debug|Any CPU.Build.0 = Debug|Any CPU + {4A7E1AFE-98FB-4B40-B41B-A912C448D020}.Release|Any CPU.ActiveCfg = Release|Any CPU + {4A7E1AFE-98FB-4B40-B41B-A912C448D020}.Release|Any CPU.Build.0 = Release|Any CPU + {4D3F4A42-8997-4F4E-AD5D-1A26D25E94B0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {4D3F4A42-8997-4F4E-AD5D-1A26D25E94B0}.Debug|Any CPU.Build.0 = Debug|Any CPU + {4D3F4A42-8997-4F4E-AD5D-1A26D25E94B0}.Release|Any CPU.ActiveCfg = Release|Any CPU + {4D3F4A42-8997-4F4E-AD5D-1A26D25E94B0}.Release|Any CPU.Build.0 = Release|Any CPU + {7B4FB0E4-2B43-4EC4-B978-99E225FBC368}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {7B4FB0E4-2B43-4EC4-B978-99E225FBC368}.Debug|Any CPU.Build.0 = Debug|Any CPU + {7B4FB0E4-2B43-4EC4-B978-99E225FBC368}.Release|Any CPU.ActiveCfg = Release|Any CPU + {7B4FB0E4-2B43-4EC4-B978-99E225FBC368}.Release|Any CPU.Build.0 = Release|Any CPU + {DC1EBA7B-7458-4AC5-80D4-56E20541C4F4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {DC1EBA7B-7458-4AC5-80D4-56E20541C4F4}.Debug|Any CPU.Build.0 = Debug|Any CPU + {DC1EBA7B-7458-4AC5-80D4-56E20541C4F4}.Release|Any CPU.ActiveCfg = Release|Any CPU + {DC1EBA7B-7458-4AC5-80D4-56E20541C4F4}.Release|Any CPU.Build.0 = Release|Any CPU + {687CFA3C-D027-424A-A15C-B2BF18B58607}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {687CFA3C-D027-424A-A15C-B2BF18B58607}.Debug|Any CPU.Build.0 = Debug|Any CPU + {687CFA3C-D027-424A-A15C-B2BF18B58607}.Release|Any CPU.ActiveCfg = Release|Any CPU + {687CFA3C-D027-424A-A15C-B2BF18B58607}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -311,7 +349,7 @@ Global {2A0AB899-B02E-449F-B0EA-8BEA4D2FB18A} = {033E4EF3-2FB5-450A-9B35-616D9B0D6EAA} {CE9CED43-D3D4-4711-A8C1-D0E35D4EB2BD} = {E5886E09-671E-4B3E-AA8F-824C39DF94E4} {DE396E1F-F734-4835-9557-65D559C2953A} = {E5886E09-671E-4B3E-AA8F-824C39DF94E4} - {15CD3447-BC21-4D46-AD8A-E76685376077} = {4796A22B-91A9-42AF-87CA-F69392696B0A} + {15CD3447-BC21-4D46-AD8A-E76685376077} = {654E3738-8074-4079-AE56-8B2C31BE6781} {25E98779-29F9-4C74-A935-15D20D9F0E0E} = {15CD3447-BC21-4D46-AD8A-E76685376077} {EA9F6F0A-5F8A-454D-A682-7CADD6704C44} = {033E4EF3-2FB5-450A-9B35-616D9B0D6EAA} {83A19793-668C-46B6-B1D7-134DFED8B430} = {4796A22B-91A9-42AF-87CA-F69392696B0A} @@ -355,6 +393,13 @@ Global {06BF894C-69D7-406A-A97F-BD990A3D59ED} = {4796A22B-91A9-42AF-87CA-F69392696B0A} {BE501B31-2CF6-4218-AA74-F536C11AD9D7} = {06BF894C-69D7-406A-A97F-BD990A3D59ED} {0D76EB63-29B1-4878-84D1-2D35897EE1FA} = {68306EFF-55D9-497B-9482-FEB81C485914} + {467B3D10-E6C9-427F-A29F-373AE95ECF69} = {033E4EF3-2FB5-450A-9B35-616D9B0D6EAA} + {0473E3F7-F4CB-4305-A980-174A953CF0DB} = {4796A22B-91A9-42AF-87CA-F69392696B0A} + {4A7E1AFE-98FB-4B40-B41B-A912C448D020} = {0473E3F7-F4CB-4305-A980-174A953CF0DB} + {4D3F4A42-8997-4F4E-AD5D-1A26D25E94B0} = {0473E3F7-F4CB-4305-A980-174A953CF0DB} + {7B4FB0E4-2B43-4EC4-B978-99E225FBC368} = {033E4EF3-2FB5-450A-9B35-616D9B0D6EAA} + {DC1EBA7B-7458-4AC5-80D4-56E20541C4F4} = {0473E3F7-F4CB-4305-A980-174A953CF0DB} + {687CFA3C-D027-424A-A15C-B2BF18B58607} = {0473E3F7-F4CB-4305-A980-174A953CF0DB} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {1FE1E2C8-475E-4592-8609-D331B1D01730} diff --git a/TODO.txt b/TODO.txt index b510902ed..b5061ed90 100644 --- a/TODO.txt +++ b/TODO.txt @@ -1,9 +1,9 @@ -Install OPENLDAP server - -docker run --name openldap-server -p 389:389 -p 636:636 --env LDAP_ORGANISATION="sid" --env LDAP_DOMAIN="sid.com" --env LDAP_BASE_DN="dc=sid,dc=com" --env LDAP_ADMIN_PASSWORD="password" osixia/openldap:latest - -Quand un utilisateur est reçu de "SCIM" ou "LDAP", un utilisateur est créé, nous pouvons lui envoyer un mot de passe temporaire par email. - -Comprendre l'utilité d'utiliser un workflow pour cela. - -Découvrir comment les autres applications gèrent les concepts d'IAM. \ No newline at end of file +=> corriger problème avec credential issuer : OK +=> mettre à jour fichier de configuration docker : OK +=> publier version 5.0.0 du site : OK +=> mettre à jour les templates : OK +=> vérifier les tests unitaires du credential issuer : TODO +=> essayer de migrer l'application mobile vers DOTNET8 : TODO +=> publier les nuget packages : TODO +=> vérifier si les templates fonctionnent : TODO +=> publier les projets DOCKER : TODO \ No newline at end of file diff --git a/appveyor.yml b/appveyor.yml index 5aeec62cd..77c7fb439 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -25,12 +25,10 @@ deploy: secure: kSru0/Mz8HMao/s+D3eNoTjOdwYRKMESn144kSw8tWrIKZGNCWDKL5Zh57ca9LwP on: branch: master - appveyor_repo_tag: true - provider: GitHub auth_token: secure: FJAvb5bFQzM98phfQ2/dLL7I10Hvof/fdHorRLuDId8PyjAxcdkfWYf5fZ0/0g+e artifact: /.*\.zip/ on: branch: master - appveyor_repo_tag: true \ No newline at end of file diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 1a9debd4d..f519a34a6 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -86,7 +86,7 @@ steps: inputs: command: 'publish' publishWebProjects: false - arguments: '-f net7.0-android -c Release -p:AndroidKeyStore=true -p:AndroidSigningKeyStore=sidmobile.keystore -p:AndroidSigningKeyAlias=sidkey -p:AndroidSigningKeyPass=password -p:AndroidSigningStorePass=password' + arguments: '-f net8.0-android -c Release -p:AndroidKeyStore=true -p:AndroidSigningKeyStore=sidmobile.keystore -p:AndroidSigningKeyAlias=sidkey -p:AndroidSigningKeyPass=password -p:AndroidSigningStorePass=password' zipAfterPublish: false modifyOutputPath: false workingDirectory: '$(Build.Repository.LocalPath)\src\Mobile\SimpleIdServer.Mobile' @@ -101,35 +101,35 @@ steps: - task: CopyFiles@2 displayName: 'Copy SimpleIdServer' inputs: - SourceFolder: '$(Build.Repository.LocalPath)\src\IdServer\SimpleIdServer.IdServer.Startup\bin\Debug\net7.0\publish' + SourceFolder: '$(Build.Repository.LocalPath)\src\IdServer\SimpleIdServer.IdServer.Startup\bin\Release\net8.0\publish' Contents: '**' TargetFolder: '$(Build.ArtifactStagingDirectory)\simpleidserver' - task: CopyFiles@2 displayName: 'Copy SimpleIdServer website' inputs: - SourceFolder: '$(Build.Repository.LocalPath)\src\IdServer\SimpleIdServer.IdServer.Website.Startup\bin\Debug\net7.0\publish' + SourceFolder: '$(Build.Repository.LocalPath)\src\IdServer\SimpleIdServer.IdServer.Website.Startup\bin\Release\net8.0\publish' Contents: '**' TargetFolder: '$(Build.ArtifactStagingDirectory)\simpleidserverwebsite' - task: CopyFiles@2 displayName: 'Copy SCIM' inputs: - SourceFolder: '$(Build.Repository.LocalPath)\src\Scim\SimpleIdServer.Scim.Startup\bin\Debug\net7.0\publish' + SourceFolder: '$(Build.Repository.LocalPath)\src\Scim\SimpleIdServer.Scim.Startup\bin\Release\net8.0\publish' Contents: '**' TargetFolder: '$(Build.ArtifactStagingDirectory)\scim' - task: CopyFiles@2 displayName: 'Copy Credential Issuer' inputs: - SourceFolder: '$(Build.Repository.LocalPath)\src\CredentialIssuer\SimpleIdServer.CredentialIssuer.Startup\bin\Debug\net7.0\publish' + SourceFolder: '$(Build.Repository.LocalPath)\src\CredentialIssuer\SimpleIdServer.CredentialIssuer.Startup\bin\Release\net8.0\publish' Contents: '**' TargetFolder: '$(Build.ArtifactStagingDirectory)\credentialissuer' - task: CopyFiles@2 displayName: 'Copy Credential issuer website' inputs: - SourceFolder: '$(Build.Repository.LocalPath)\src\CredentialIssuer\SimpleIdServer.CredentialIssuer.Website.Startup\bin\Debug\net7.0\publish' + SourceFolder: '$(Build.Repository.LocalPath)\src\CredentialIssuer\SimpleIdServer.CredentialIssuer.Website.Startup\bin\Release\net8.0\publish' Contents: '**' TargetFolder: '$(Build.ArtifactStagingDirectory)\credentialissuerwebsite' @@ -178,6 +178,6 @@ steps: - task: PublishBuildArtifacts@1 displayName: 'Publish Mobile application' inputs: - PathtoPublish: '$(Build.Repository.LocalPath)\src\Mobile\SimpleIdServer.Mobile\bin\Release\net7.0-android\publish' + PathtoPublish: '$(Build.Repository.LocalPath)\src\Mobile\SimpleIdServer.Mobile\bin\Release\net8.0-android\publish' ArtifactName: 'mobileApp' publishLocation: 'Container' \ No newline at end of file diff --git a/default.ps1 b/default.ps1 index e5f3a546b..0217e21d2 100644 --- a/default.ps1 +++ b/default.ps1 @@ -165,6 +165,7 @@ task compile -depends clean { exec { dotnet build .\SimpleIdServer.Scim.Host.sln -c $config --version-suffix=$buildSuffix } exec { dotnet build .\SimpleIdServer.Did.sln -c $config --version-suffix=$buildSuffix } exec { dotnet build .\SimpleIdServer.CredentialIssuer.Host.sln -c $config --version-suffix=$buildSuffix } + exec { dotnet build .\SimpleIdServer.Federation.sln -c $config --version-suffix=$buildSuffix } exec { dotnet build "$source_dir/Templates/SimpleIdServer.Templates.csproj" -c $config --version-suffix=$buildSuffix } } @@ -204,7 +205,6 @@ task pack -depends release, compile, buildTemplate { exec { dotnet pack $source_dir\IdServer\SimpleIdServer.DPoP\SimpleIdServer.DPoP.csproj -c $config --no-build $versionSuffix --output $result_dir } exec { dotnet pack $source_dir\IdServer\SimpleIdServer.Configuration\SimpleIdServer.Configuration.csproj -c $config --no-build $versionSuffix --output $result_dir } exec { dotnet pack $source_dir\IdServer\SimpleIdServer.Configuration.Redis\SimpleIdServer.Configuration.Redis.csproj -c $config --no-build $versionSuffix --output $result_dir } - exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.Store\SimpleIdServer.IdServer.Store.csproj -c $config --no-build $versionSuffix --output $result_dir } exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.Store.EF\SimpleIdServer.IdServer.Store.EF.csproj -c $config --no-build $versionSuffix --output $result_dir } exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.Store.SqlSugar\SimpleIdServer.IdServer.Store.SqlSugar.csproj -c $config --no-build $versionSuffix --output $result_dir } exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.Website\SimpleIdServer.IdServer.Website.csproj -c $config --no-build $versionSuffix --output $result_dir } @@ -220,6 +220,11 @@ task pack -depends release, compile, buildTemplate { exec { dotnet pack $source_dir\IdServer\SimpleIdServer.OpenIdConnect\SimpleIdServer.OpenIdConnect.csproj -c $config --no-build $versionSuffix --output $result_dir } exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.Notification.Fcm\SimpleIdServer.IdServer.Notification.Fcm.csproj -c $config --no-build $versionSuffix --output $result_dir } exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.Notification.Gotify\SimpleIdServer.IdServer.Notification.Gotify.csproj -c $config --no-build $versionSuffix --output $result_dir } + exec { dotnet pack $source_dir\IdServer\SimpleIdServer.OpenidFederation\SimpleIdServer.OpenidFederation.csproj -c $config --no-build $versionSuffix --output $result_dir } + exec { dotnet pack $source_dir\IdServer\SimpleIdServer.OpenidFederation.Store.EF\SimpleIdServer.OpenidFederation.Store.EF.csproj -c $config --no-build $versionSuffix --output $result_dir } + exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.Federation\SimpleIdServer.IdServer.Federation.csproj -c $config --no-build $versionSuffix --output $result_dir } + exec { dotnet pack $source_dir\IdServer\SimpleIdServer.Authority.Federation\SimpleIdServer.Authority.Federation.csproj -c $config --no-build $versionSuffix --output $result_dir } + exec { dotnet pack $source_dir\IdServer\SimpleIdServer.Rp.Federation\SimpleIdServer.Rp.Federation.csproj -c $config --no-build $versionSuffix --output $result_dir } exec { dotnet pack $source_dir\Scim\SimpleIdServer.Scim\SimpleIdServer.Scim.csproj -c $config --no-build $versionSuffix --output $result_dir } exec { dotnet pack $source_dir\Scim\SimpleIdServer.Scim.Domains\SimpleIdServer.Scim.Domains.csproj -c $config --no-build $versionSuffix --output $result_dir } exec { dotnet pack $source_dir\Scim\SimpleIdServer.Scim.Parser\SimpleIdServer.Scim.Parser.csproj -c $config --no-build $versionSuffix --output $result_dir } @@ -244,47 +249,54 @@ task pack -depends release, compile, buildTemplate { } task test { - Push-Location -Path $base_dir\tests\SimpleIdServer.Configuration.Tests - - try { - exec { & dotnet test -c $config --no-build --no-restore } - } finally { - Pop-Location - } + Push-Location -Path $base_dir\tests\SimpleIdServer.Configuration.Tests - Push-Location -Path $base_dir\tests\SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests - - try { - exec { & dotnet test -c $config --no-build --no-restore } - } finally { - Pop-Location - } + try { + exec { & dotnet test -c $config --no-build --no-restore } + } finally { + Pop-Location + } - Push-Location -Path $base_dir\tests\SimpleIdServer.Did.Ethr.Tests - - try { - exec { & dotnet test -c $config --no-build --no-restore } - } finally { - Pop-Location - } + Push-Location -Path $base_dir\tests\SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests - Push-Location -Path $base_dir\tests\SimpleIdServer.Did.Key.Tests - - try { - exec { & dotnet test -c $config --no-build --no-restore } - } finally { - Pop-Location - } + try { + exec { & dotnet test -c $config --no-build --no-restore } + } finally { + Pop-Location + } + + Push-Location -Path $base_dir\tests\SimpleIdServer.Did.Ethr.Tests + + try { + exec { & dotnet test -c $config --no-build --no-restore } + } finally { + Pop-Location + } + + Push-Location -Path $base_dir\tests\SimpleIdServer.Did.Key.Tests + + try { + exec { & dotnet test -c $config --no-build --no-restore } + } finally { + Pop-Location + } + + Push-Location -Path $base_dir\tests\SimpleIdServer.DID.Tests + + try { + exec { & dotnet test -c $config --no-build --no-restore } + } finally { + Pop-Location + } - Push-Location -Path $base_dir\tests\SimpleIdServer.DID.Tests + Push-Location -Path $base_dir\tests\SimpleIdServer.IdServer.Host.Acceptance.Tests try { exec { & dotnet test -c $config --no-build --no-restore } } finally { Pop-Location } - - Push-Location -Path $base_dir\tests\SimpleIdServer.IdServer.Host.Acceptance.Tests + Push-Location -Path $base_dir\tests\SimpleIdServer.IdServer.Tests try { exec { & dotnet test -c $config --no-build --no-restore } @@ -292,7 +304,7 @@ task test { Pop-Location } - Push-Location -Path $base_dir\tests\SimpleIdServer.IdServer.Tests + Push-Location -Path $base_dir\tests\SimpleIdServer.Scim.Host.Acceptance.Tests try { exec { & dotnet test -c $config --no-build --no-restore } @@ -300,7 +312,7 @@ task test { Pop-Location } - Push-Location -Path $base_dir\tests\SimpleIdServer.Scim.Host.Acceptance.Tests + Push-Location -Path $base_dir\tests\SimpleIdServer.Scim.Tests try { exec { & dotnet test -c $config --no-build --no-restore } @@ -308,7 +320,7 @@ task test { Pop-Location } - Push-Location -Path $base_dir\tests\SimpleIdServer.Scim.Tests + Push-Location -Path $base_dir\tests\SimpleIdServer.Vc.Tests try { exec { & dotnet test -c $config --no-build --no-restore } @@ -316,7 +328,7 @@ task test { Pop-Location } - Push-Location -Path $base_dir\tests\SimpleIdServer.Vc.Tests + Push-Location -Path $base_dir\tests\SimpleIdServer.OpenidFederation.Tests try { exec { & dotnet test -c $config --no-build --no-restore } diff --git a/docker-compose.yml b/docker-compose.yml index 9f2f8ae73..cbeeb64f7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,7 +28,7 @@ services: networks: proxy_net: null scim: - image: simpleidserver/scim:4.0.8 + image: simpleidserver/scim:5.0.1 environment: VIRTUAL_HOST: "scim.localhost.com" ASPNETCORE_URLS : "http://*:80" @@ -40,7 +40,7 @@ services: networks: proxy_net: null idserver: - image: simpleidserver/idserver:4.0.8 + image: simpleidserver/idserver:5.0.1 environment: VIRTUAL_HOST: "idserver.localhost.com" ASPNETCORE_URLS : "http://*:80" @@ -58,12 +58,12 @@ services: networks: proxy_net: null website: - image: simpleidserver/website:4.0.8 + image: simpleidserver/website:5.0.1 environment: VIRTUAL_HOST: "website.localhost.com" ASPNETCORE_URLS : "http://*:80" ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true" - DefaultSecurityOptions__Issuer: "https://idserver.localhost.com/master" + DefaultSecurityOptions__Issuer: "https://idserver.localhost.com" DefaultSecurityOptions__IgnoreCertificateError: "true" IdServerBaseUrl: "https://idserver.localhost.com" ScimBaseUrl: "https://scim.localhost.com" @@ -73,7 +73,7 @@ services: networks: proxy_net: null credentialissuer: - image: simpleidserver/credentialissuer:4.0.8 + image: simpleidserver/credentialissuer:5.0.1 environment: VIRTUAL_HOST: "credentialissuer.localhost.com" ASPNETCORE_URLS : "http://*:80" @@ -85,7 +85,7 @@ services: networks: proxy_net: null credentialissuerwebsite: - image: simpleidserver/credentialissuerwebsite:4.0.8 + image: simpleidserver/credentialissuerwebsite:5.0.1 environment: VIRTUAL_HOST: "credentialissuerwebsite.localhost.com" ASPNETCORE_URLS : "http://*:80" diff --git a/local-docker-compose.yml b/local-docker-compose.yml index 1aa31503d..e9e488b9e 100644 --- a/local-docker-compose.yml +++ b/local-docker-compose.yml @@ -72,7 +72,7 @@ services: VIRTUAL_HOST: "website.localhost.com" ASPNETCORE_URLS : "http://*:80" ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true" - DefaultSecurityOptions__Issuer: "https://idserver.localhost.com/master" + DefaultSecurityOptions__Issuer: "https://idserver.localhost.com" DefaultSecurityOptions__IgnoreCertificateError: "true" IdServerBaseUrl: "https://idserver.localhost.com" ScimBaseUrl: "https://scim.localhost.com" diff --git a/samples/OpenidFederation/OpenidFederation.sln b/samples/OpenidFederation/OpenidFederation.sln new file mode 100644 index 000000000..9fa10e3f1 --- /dev/null +++ b/samples/OpenidFederation/OpenidFederation.sln @@ -0,0 +1,34 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.0.31903.59 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{7F9A3D8D-4217-4B6B-A18C-44E1CDC2CF82}" +EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TaApi", "src\TaApi\TaApi.csproj", "{10C9ADF1-A71F-453D-95EE-8A37E2832D86}" +EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RpApi", "src\RpApi\RpApi.csproj", "{0EE90864-7273-4218-93C9-412607723BE5}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {10C9ADF1-A71F-453D-95EE-8A37E2832D86}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {10C9ADF1-A71F-453D-95EE-8A37E2832D86}.Debug|Any CPU.Build.0 = Debug|Any CPU + {10C9ADF1-A71F-453D-95EE-8A37E2832D86}.Release|Any CPU.ActiveCfg = Release|Any CPU + {10C9ADF1-A71F-453D-95EE-8A37E2832D86}.Release|Any CPU.Build.0 = Release|Any CPU + {0EE90864-7273-4218-93C9-412607723BE5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {0EE90864-7273-4218-93C9-412607723BE5}.Debug|Any CPU.Build.0 = Debug|Any CPU + {0EE90864-7273-4218-93C9-412607723BE5}.Release|Any CPU.ActiveCfg = Release|Any CPU + {0EE90864-7273-4218-93C9-412607723BE5}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(NestedProjects) = preSolution + {10C9ADF1-A71F-453D-95EE-8A37E2832D86} = {7F9A3D8D-4217-4B6B-A18C-44E1CDC2CF82} + {0EE90864-7273-4218-93C9-412607723BE5} = {7F9A3D8D-4217-4B6B-A18C-44E1CDC2CF82} + EndGlobalSection +EndGlobal diff --git a/samples/OpenidFederation/src/RpApi/Controllers/ClaimsController.cs b/samples/OpenidFederation/src/RpApi/Controllers/ClaimsController.cs new file mode 100644 index 000000000..1fb6eeece --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Controllers/ClaimsController.cs @@ -0,0 +1,20 @@ +using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Mvc; +using RpApi.ViewModels; + +namespace RpApi.Controllers +{ + public class ClaimsController : Controller + { + [Authorize] + public async Task Index() + { + var accessToken = await HttpContext.GetTokenAsync("access_token"); + return View(new ClaimsViewModel + { + AccessToken = accessToken + }); + } + } +} diff --git a/samples/OpenidFederation/src/RpApi/Controllers/HomeController.cs b/samples/OpenidFederation/src/RpApi/Controllers/HomeController.cs new file mode 100644 index 000000000..16db19730 --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Controllers/HomeController.cs @@ -0,0 +1,31 @@ +using System.Diagnostics; +using Microsoft.AspNetCore.Mvc; +using RpApi.Models; + +namespace RpApi.Controllers; + +public class HomeController : Controller +{ + private readonly ILogger _logger; + + public HomeController(ILogger logger) + { + _logger = logger; + } + + public IActionResult Index() + { + return View(); + } + + public IActionResult Privacy() + { + return View(); + } + + [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)] + public IActionResult Error() + { + return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier }); + } +} diff --git a/samples/OpenidFederation/src/RpApi/Models/ErrorViewModel.cs b/samples/OpenidFederation/src/RpApi/Models/ErrorViewModel.cs new file mode 100644 index 000000000..9fcdf78ab --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Models/ErrorViewModel.cs @@ -0,0 +1,8 @@ +namespace RpApi.Models; + +public class ErrorViewModel +{ + public string? RequestId { get; set; } + + public bool ShowRequestId => !string.IsNullOrEmpty(RequestId); +} diff --git a/samples/OpenidFederation/src/RpApi/Program.cs b/samples/OpenidFederation/src/RpApi/Program.cs new file mode 100644 index 000000000..d648872a3 --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Program.cs @@ -0,0 +1,102 @@ +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.OpenidFederation.Domains; +using SimpleIdServer.OpenidFederation.Store.EF; +using System.Security.Cryptography; + +var builder = WebApplication.CreateBuilder(args); +var signatureCredentials = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "raId" }, SecurityAlgorithms.RsaSha256); + +var jsonWebKey = signatureCredentials.SerializePublicJWK(); +jsonWebKey.Alg = SecurityAlgorithms.RsaSha256; +jsonWebKey.Use = "sig"; + +builder.Services.AddDistributedMemoryCache(); +builder.Services.AddRpFederation(r => +{ + r.Client = new SimpleIdServer.IdServer.Domains.Client + { + ClientId = "http://localhost:7001", + RedirectionUrls = new List + { + "http://localhost:7001/signin-oidc" + }, + ClientRegistrationTypesSupported = new List + { + "automatic" + }, + RequestObjectSigningAlg = SecurityAlgorithms.RsaSha256, + Scopes = new List + { + new Scope + { + Name = "openid" + }, + new Scope + { + Name = "profile" + } + }, + ResponseTypes = new List + { + "code" + }, + GrantTypes = new List + { + "authorization_code" + }, + TokenEndPointAuthMethod = "private_key_jwt" + }; + r.Client.Add(jsonWebKey.Kid, jsonWebKey, "sig", SecurityKeyTypes.RSA); + r.SigningCredentials = signatureCredentials; +}); +builder.Services.AddOpenidFederationStore(); +builder.Services.AddControllersWithViews(); +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; +}) + .AddCookie("Cookies") + .AddCustomOpenIdConnect("sid", options => + { + + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "http://localhost:7001"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + options.UseFederationAutomaticRegistration(signatureCredentials); + }); + +var app = builder.Build(); +AddTrustedEntities(app.Services); +app.UseHttpsRedirection(); +app.UseStaticFiles(); +app.UseRouting(); +app.UseAuthorization(); +app.MapControllerRoute( + name: "default", + pattern: "{controller=Home}/{action=Index}/{id?}"); + +app.Run(); +static void AddTrustedEntities(IServiceProvider services) +{ + using (var scope = services.CreateScope()) + { + var dbContext = scope.ServiceProvider.GetRequiredService(); + dbContext.FederationEntities.AddRange(new List + { + new FederationEntity + { + Id = Guid.NewGuid().ToString(), + Sub = "http://localhost:7000", + Realm = string.Empty, + IsSubordinate = false + } + }); + dbContext.SaveChanges(); + } +} \ No newline at end of file diff --git a/samples/OpenidFederation/src/RpApi/Properties/launchSettings.json b/samples/OpenidFederation/src/RpApi/Properties/launchSettings.json new file mode 100644 index 000000000..433d90d9d --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Properties/launchSettings.json @@ -0,0 +1,38 @@ +{ + "$schema": "http://json.schemastore.org/launchsettings.json", + "iisSettings": { + "windowsAuthentication": false, + "anonymousAuthentication": true, + "iisExpress": { + "applicationUrl": "http://localhost:65068", + "sslPort": 44355 + } + }, + "profiles": { + "http": { + "commandName": "Project", + "dotnetRunMessages": true, + "launchBrowser": true, + "applicationUrl": "http://localhost:5272", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + }, + "https": { + "commandName": "Project", + "dotnetRunMessages": true, + "launchBrowser": true, + "applicationUrl": "https://localhost:7200;http://localhost:5272", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + }, + "IIS Express": { + "commandName": "IISExpress", + "launchBrowser": true, + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + } + } +} diff --git a/samples/OpenidFederation/src/RpApi/RpApi.csproj b/samples/OpenidFederation/src/RpApi/RpApi.csproj new file mode 100644 index 000000000..2dba4eeb3 --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/RpApi.csproj @@ -0,0 +1,15 @@ + + + + net8.0 + enable + enable + + + + + + + + + diff --git a/samples/OpenidFederation/src/RpApi/ViewModels/ClaimsViewModel.cs b/samples/OpenidFederation/src/RpApi/ViewModels/ClaimsViewModel.cs new file mode 100644 index 000000000..9d784888d --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/ViewModels/ClaimsViewModel.cs @@ -0,0 +1,7 @@ +namespace RpApi.ViewModels +{ + public class ClaimsViewModel + { + public string AccessToken { get; set; } + } +} diff --git a/samples/OpenidFederation/src/RpApi/Views/Claims/Index.cshtml b/samples/OpenidFederation/src/RpApi/Views/Claims/Index.cshtml new file mode 100644 index 000000000..2310ca501 --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Views/Claims/Index.cshtml @@ -0,0 +1,13 @@ +@model RpApi.ViewModels.ClaimsViewModel + +
    + @foreach (var claim in User.Claims) + { +
  • @claim.Type : @claim.Value
    • + } +
+ +
+

Access token

+

@Model.AccessToken

+
\ No newline at end of file diff --git a/samples/OpenidFederation/src/RpApi/Views/Home/Index.cshtml b/samples/OpenidFederation/src/RpApi/Views/Home/Index.cshtml new file mode 100644 index 000000000..bcfd79a52 --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Views/Home/Index.cshtml @@ -0,0 +1,8 @@ +@{ + ViewData["Title"] = "Home Page"; +} + +
+

Welcome

+

Learn about building Web apps with ASP.NET Core.

+
diff --git a/samples/OpenidFederation/src/RpApi/Views/Home/Privacy.cshtml b/samples/OpenidFederation/src/RpApi/Views/Home/Privacy.cshtml new file mode 100644 index 000000000..af4fb195a --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Views/Home/Privacy.cshtml @@ -0,0 +1,6 @@ +@{ + ViewData["Title"] = "Privacy Policy"; +} +

@ViewData["Title"]

+ +

Use this page to detail your site's privacy policy.

diff --git a/samples/OpenidFederation/src/RpApi/Views/Shared/Error.cshtml b/samples/OpenidFederation/src/RpApi/Views/Shared/Error.cshtml new file mode 100644 index 000000000..a1e04783c --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Views/Shared/Error.cshtml @@ -0,0 +1,25 @@ +@model ErrorViewModel +@{ + ViewData["Title"] = "Error"; +} + +

Error.

+

An error occurred while processing your request.

+ +@if (Model.ShowRequestId) +{ +

+ Request ID: @Model.RequestId +

+} + +

Development Mode

+

+ Swapping to Development environment will display more detailed information about the error that occurred. +

+

+ The Development environment shouldn't be enabled for deployed applications. + It can result in displaying sensitive information from exceptions to end users. + For local debugging, enable the Development environment by setting the ASPNETCORE_ENVIRONMENT environment variable to Development + and restarting the app. +

diff --git a/samples/OpenidFederation/src/RpApi/Views/Shared/_Layout.cshtml b/samples/OpenidFederation/src/RpApi/Views/Shared/_Layout.cshtml new file mode 100644 index 000000000..eff13f01b --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Views/Shared/_Layout.cshtml @@ -0,0 +1,49 @@ + + + + + + @ViewData["Title"] - RpApi + + + + + +
+ +
+
+
+ @RenderBody() +
+
+ +
+
+ © 2024 - RpApi - Privacy +
+
+ + + + @await RenderSectionAsync("Scripts", required: false) + + diff --git a/samples/OpenidFederation/src/RpApi/Views/Shared/_Layout.cshtml.css b/samples/OpenidFederation/src/RpApi/Views/Shared/_Layout.cshtml.css new file mode 100644 index 000000000..c187c02e0 --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Views/Shared/_Layout.cshtml.css @@ -0,0 +1,48 @@ +/* Please see documentation at https://learn.microsoft.com/aspnet/core/client-side/bundling-and-minification +for details on configuring this project to bundle and minify static web assets. */ + +a.navbar-brand { + white-space: normal; + text-align: center; + word-break: break-all; +} + +a { + color: #0077cc; +} + +.btn-primary { + color: #fff; + background-color: #1b6ec2; + border-color: #1861ac; +} + +.nav-pills .nav-link.active, .nav-pills .show > .nav-link { + color: #fff; + background-color: #1b6ec2; + border-color: #1861ac; +} + +.border-top { + border-top: 1px solid #e5e5e5; +} +.border-bottom { + border-bottom: 1px solid #e5e5e5; +} + +.box-shadow { + box-shadow: 0 .25rem .75rem rgba(0, 0, 0, .05); +} + +button.accept-policy { + font-size: 1rem; + line-height: inherit; +} + +.footer { + position: absolute; + bottom: 0; + width: 100%; + white-space: nowrap; + line-height: 60px; +} diff --git a/samples/OpenidFederation/src/RpApi/Views/Shared/_ValidationScriptsPartial.cshtml b/samples/OpenidFederation/src/RpApi/Views/Shared/_ValidationScriptsPartial.cshtml new file mode 100644 index 000000000..5a16d80a9 --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Views/Shared/_ValidationScriptsPartial.cshtml @@ -0,0 +1,2 @@ + + diff --git a/samples/OpenidFederation/src/RpApi/Views/_ViewImports.cshtml b/samples/OpenidFederation/src/RpApi/Views/_ViewImports.cshtml new file mode 100644 index 000000000..7bc1cc130 --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Views/_ViewImports.cshtml @@ -0,0 +1,3 @@ +@using RpApi +@using RpApi.Models +@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers diff --git a/samples/OpenidFederation/src/RpApi/Views/_ViewStart.cshtml b/samples/OpenidFederation/src/RpApi/Views/_ViewStart.cshtml new file mode 100644 index 000000000..a5f10045d --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/Views/_ViewStart.cshtml @@ -0,0 +1,3 @@ +@{ + Layout = "_Layout"; +} diff --git a/samples/OpenidFederation/src/RpApi/appsettings.Development.json b/samples/OpenidFederation/src/RpApi/appsettings.Development.json new file mode 100644 index 000000000..0c208ae91 --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/appsettings.Development.json @@ -0,0 +1,8 @@ +{ + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Warning" + } + } +} diff --git a/samples/OpenidFederation/src/RpApi/appsettings.json b/samples/OpenidFederation/src/RpApi/appsettings.json new file mode 100644 index 000000000..10f68b8c8 --- /dev/null +++ b/samples/OpenidFederation/src/RpApi/appsettings.json @@ -0,0 +1,9 @@ +{ + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Warning" + } + }, + "AllowedHosts": "*" +} diff --git a/samples/OpenidFederation/src/TaApi/Program.cs b/samples/OpenidFederation/src/TaApi/Program.cs new file mode 100644 index 000000000..e16a822e1 --- /dev/null +++ b/samples/OpenidFederation/src/TaApi/Program.cs @@ -0,0 +1,38 @@ +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.OpenidFederation.Domains; +using SimpleIdServer.OpenidFederation.Store.EF; +using System.Security.Cryptography; + +var builder = WebApplication.CreateBuilder(args); +builder.Services.AddControllers(); +builder.Services.AddDistributedMemoryCache(); +builder.Services.AddAuthorityFederation(o => +{ + o.OrganizationName = "Trust anchor"; + o.SigningCredentials = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "taId" }, SecurityAlgorithms.RsaSha256); +}); +builder.Services.AddOpenidFederationStore(); + +var app = builder.Build(); +AddTrustedEntities(app.Services); +app.MapControllers(); +app.Run(); + +static void AddTrustedEntities(IServiceProvider services) +{ + using (var scope = services.CreateScope()) + { + var dbContext = scope.ServiceProvider.GetRequiredService(); + dbContext.FederationEntities.AddRange(new List + { + new FederationEntity + { + Id = Guid.NewGuid().ToString(), + Sub = "http://localhost:7001", + Realm = string.Empty, + IsSubordinate = true + } + }); + dbContext.SaveChanges(); + } +} \ No newline at end of file diff --git a/samples/OpenidFederation/src/TaApi/Properties/launchSettings.json b/samples/OpenidFederation/src/TaApi/Properties/launchSettings.json new file mode 100644 index 000000000..b2c2764d3 --- /dev/null +++ b/samples/OpenidFederation/src/TaApi/Properties/launchSettings.json @@ -0,0 +1,41 @@ +{ + "$schema": "http://json.schemastore.org/launchsettings.json", + "iisSettings": { + "windowsAuthentication": false, + "anonymousAuthentication": true, + "iisExpress": { + "applicationUrl": "http://localhost:63942", + "sslPort": 44397 + } + }, + "profiles": { + "http": { + "commandName": "Project", + "dotnetRunMessages": true, + "launchBrowser": true, + "launchUrl": "swagger", + "applicationUrl": "http://localhost:5189", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + }, + "https": { + "commandName": "Project", + "dotnetRunMessages": true, + "launchBrowser": true, + "launchUrl": "swagger", + "applicationUrl": "https://localhost:7136;http://localhost:5189", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + }, + "IIS Express": { + "commandName": "IISExpress", + "launchBrowser": true, + "launchUrl": "swagger", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + } + } +} diff --git a/samples/OpenidFederation/src/TaApi/TaApi.csproj b/samples/OpenidFederation/src/TaApi/TaApi.csproj new file mode 100644 index 000000000..64ecfae8d --- /dev/null +++ b/samples/OpenidFederation/src/TaApi/TaApi.csproj @@ -0,0 +1,16 @@ + + + + net8.0 + enable + enable + + + + + + + + + + diff --git a/samples/OpenidFederation/src/TaApi/TaApi.http b/samples/OpenidFederation/src/TaApi/TaApi.http new file mode 100644 index 000000000..9804b72e5 --- /dev/null +++ b/samples/OpenidFederation/src/TaApi/TaApi.http @@ -0,0 +1,6 @@ +@TaApi_HostAddress = http://localhost:5189 + +GET {{TaApi_HostAddress}}/weatherforecast/ +Accept: application/json + +### diff --git a/samples/OpenidFederation/src/TaApi/appsettings.Development.json b/samples/OpenidFederation/src/TaApi/appsettings.Development.json new file mode 100644 index 000000000..0c208ae91 --- /dev/null +++ b/samples/OpenidFederation/src/TaApi/appsettings.Development.json @@ -0,0 +1,8 @@ +{ + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Warning" + } + } +} diff --git a/samples/OpenidFederation/src/TaApi/appsettings.json b/samples/OpenidFederation/src/TaApi/appsettings.json new file mode 100644 index 000000000..10f68b8c8 --- /dev/null +++ b/samples/OpenidFederation/src/TaApi/appsettings.json @@ -0,0 +1,9 @@ +{ + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Warning" + } + }, + "AllowedHosts": "*" +} diff --git a/samples/ProtectWebsiteServersideACR/src/Website/Program.cs b/samples/ProtectWebsiteServersideACR/src/Website/Program.cs index f1938e475..8c951d0ab 100644 --- a/samples/ProtectWebsiteServersideACR/src/Website/Program.cs +++ b/samples/ProtectWebsiteServersideACR/src/Website/Program.cs @@ -16,7 +16,7 @@ if(context.Properties.Items.ContainsKey("acr")) { context.ProtocolMessage.AcrValues = context.Properties.Items["acr"]; - context.ProtocolMessage.Prompt = "login"; + // context.ProtocolMessage.Prompt = "login"; } return Task.CompletedTask; diff --git a/sid-kubernetes.yaml b/sid-kubernetes.yaml index 3a4c90abc..90237d279 100644 --- a/sid-kubernetes.yaml +++ b/sid-kubernetes.yaml @@ -229,7 +229,7 @@ spec: subdomain: localhost containers: - name: scim-deploy - image: simpleidserver/scim:4.0.8 + image: simpleidserver/scim:5.0.1 ports: - containerPort: 80 env: @@ -266,7 +266,7 @@ spec: subdomain: localhost containers: - name: idserver-deploy - image: simpleidserver/idserver:4.0.8 + image: simpleidserver/idserver:5.0.1 ports: - containerPort: 80 env: @@ -309,7 +309,7 @@ spec: subdomain: localhost containers: - name: website-deploy - image: simpleidserver/website:4.0.8 + image: simpleidserver/website:5.0.1 ports: - containerPort: 80 env: @@ -350,7 +350,7 @@ spec: subdomain: localhost containers: - name: credentialissuer-deploy - image: simpleidserver/credentialissuer:4.0.8 + image: simpleidserver/credentialissuer:5.0.1 ports: - containerPort: 80 env: @@ -385,7 +385,7 @@ spec: subdomain: localhost containers: - name: credentialissuerwebsite-deploy - image: simpleidserver/credentialissuerwebsite:4.0.8 + image: simpleidserver/credentialissuerwebsite:5.0.1 ports: - containerPort: 80 env: diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Console/EsbiWallet.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Console/EsbiWallet.cs new file mode 100644 index 000000000..c1719cc62 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Console/EsbiWallet.cs @@ -0,0 +1,234 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.CredentialIssuer.Api.CredentialIssuer; +using SimpleIdServer.Did.Crypto; +using System.Security.Cryptography; +using System.Text; +using System.Text.Json; +using System.Text.Json.Nodes; +using System.Web; + +namespace SimpleIdServer.CredentialIssuer.Console; + +public class EsbiWallet +{ + private const string url = "https://api-conformance.ebsi.eu/conformance/v3/issuer-mock/.well-known/openid-credential-issuer"; + private const string publicKey = "z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbpMAoXtZtunruYnM4gCV65AKAUX2AwEReRhEaf3BRQNJArZPwQdmf9ENZcF8VT13a58WsHeVjJtvAKKPYEibaEfdUxvU7sgxEUTJpjEkq6BJKrRV1JQ1CqhYvGbmJ1WyoUQ"; + private const string did = $"did:key:{publicKey}"; + private const string refDid = $"{did}#{publicKey}"; + + public static async Task RegisterEsbiWalletForConformance() + { + using (var httpClient = new HttpClient()) + { + var (challenge, verifier) = PkceGenerate(); + var openidCredentialIssuer = GetOpenidCredentialIssuer(httpClient).Result; + var configuration = GetAuthorizationEndpoint(httpClient, openidCredentialIssuer.AuthorizationServer).Result; + var parameters = ExecuteAuthorizationRequest(httpClient, configuration.authorizationEndpoint, challenge, openidCredentialIssuer.CredentialIssuer).Result; + var redirectUri = parameters["redirect_uri"]; + var nonce = parameters["nonce"]; + var state = parameters["state"]; + var postAuthResult = ExecutePostAuthorizationRequest(httpClient, redirectUri, openidCredentialIssuer.CredentialIssuer, nonce, state).Result; + var tokenResult = GetToken(httpClient, configuration.tokenEndpoint, postAuthResult["code"], verifier).Result; + GetCredential(httpClient, openidCredentialIssuer.CredentialEndpoint, openidCredentialIssuer.CredentialIssuer, tokenResult.cNonce, tokenResult.accessToken).Wait(); + } + } + + private static async Task GetOpenidCredentialIssuer(HttpClient httpClient) + { + var url = "https://api-conformance.ebsi.eu/conformance/v3/issuer-mock/.well-known/openid-credential-issuer"; + var requestMessage = new HttpRequestMessage(HttpMethod.Get, url); + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var openidCredentialIssuer = JsonSerializer.Deserialize(json); + return openidCredentialIssuer; + } + + private static async Task<(string authorizationEndpoint, string issuer, string tokenEndpoint)> GetAuthorizationEndpoint(HttpClient httpClient, string authUrl) + { + var requestMessage = new HttpRequestMessage(HttpMethod.Get, $"{authUrl}/.well-known/openid-configuration"); + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var jsonObj = JsonObject.Parse(json); + return (jsonObj["authorization_endpoint"].ToString(), jsonObj["issuer"].ToString(), jsonObj["token_endpoint"].ToString()); + } + + private static async Task> ExecuteAuthorizationRequest(HttpClient httpClient, string url, string challenge, string aud) + { + var uriBuilder = new UriBuilder(url); + var authorizationDetails = new JsonArray +{ + new JsonObject + { + { "type", "openid_credential" }, + { "format", "jwt_vc" }, + { "types", new JsonArray + { + "VerifiableCredential", + "VerifiableAttestation", + "CTIssueQualificationCredential" + } }, + { "locations", new JsonArray + { + aud + } } + } +}; + var clientMetadata = new JsonObject +{ + { "response_types_supported", + new JsonArray + { + "vp_token", "id_token" + } + }, + { "authorization_endpoint", "openid://"} +}; + var dic = new Dictionary +{ + { "response_type", "code" }, + { "scope", "openid" }, + // { "issuer_state", "issuer-state" }, + { "state", "client-state" }, + { "client_id", did }, + { "authorization_details", HttpUtility.UrlEncode(authorizationDetails.ToJsonString()) }, + { "redirect_uri", "openid://" }, + { "nonce", "nonce" }, + { "code_challenge", challenge }, + { "code_challenge_method", "S256" }, + { "client_metadata", HttpUtility.UrlEncode(clientMetadata.ToJsonString()) } +}; + uriBuilder.Query = string.Join("&", dic.Select(kvp => $"{kvp.Key}={kvp.Value}")); + var requestMessage = new HttpRequestMessage + { + RequestUri = uriBuilder.Uri + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var result = httpResult.Headers.Location.AbsoluteUri; + uriBuilder = new UriBuilder(result); + var queryParameters = uriBuilder.Query.Trim('?').Split('&').Select(s => s.Split('=')).ToDictionary(arr => arr[0], arr => arr[1]); + return queryParameters; + } + + private static async Task> ExecutePostAuthorizationRequest(HttpClient httpClient, string url, string aud, string nonce, string state) + { + var serializedPrivateKey = System.IO.File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "privatekey.json")); + var signatureKey = SignatureKeySerializer.Deserialize(serializedPrivateKey); + var signingCredentials = signatureKey.BuildSigningCredentials(refDid); + var handler = new JsonWebTokenHandler(); + var securityTokenDescriptor = new SecurityTokenDescriptor + { + IssuedAt = DateTime.UtcNow, + SigningCredentials = signingCredentials, + Audience = aud + }; + var claims = new Dictionary +{ + { "nonce", nonce }, + { "iss", did }, + { "sub", did } +}; + securityTokenDescriptor.Claims = claims; + var token = handler.CreateToken(securityTokenDescriptor); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri(HttpUtility.UrlDecode(url)), + Content = new FormUrlEncodedContent(new List> + { + new KeyValuePair("id_token", token), + new KeyValuePair("state", state) + }), + Method = HttpMethod.Post + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var result = httpResult.Headers.Location.AbsoluteUri; + var uriBuilder = new UriBuilder(result); + var queryParameters = uriBuilder.Query.Trim('?').Split('&').Select(s => s.Split('=')).ToDictionary(arr => arr[0], arr => arr[1]); + return queryParameters; + } + + private static async Task GetCredential(HttpClient httpClient, string credentialEndpoint, string aud, string nonce, string accessToken) + { + var serializedPrivateKey = System.IO.File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "privatekey.json")); + var signatureKey = SignatureKeySerializer.Deserialize(serializedPrivateKey); + var signingCredentials = signatureKey.BuildSigningCredentials(refDid); + var handler = new JsonWebTokenHandler(); + var securityTokenDescriptor = new SecurityTokenDescriptor + { + IssuedAt = DateTime.UtcNow, + SigningCredentials = signingCredentials, + Audience = aud, + TokenType = "openid4vci-proof+jwt" + }; + var claims = new Dictionary +{ + { "iss", did }, + { "nonce", nonce } +}; + securityTokenDescriptor.Claims = claims; + var proofJwt = handler.CreateToken(securityTokenDescriptor); + var proofRequest = new JsonObject(); + proofRequest.Add("proof_type", "jwt"); + proofRequest.Add("jwt", proofJwt); + var request = new JsonObject +{ + { "types", new JsonArray + { + "VerifiableCredential", + "VerifiableAttestation", + "CTIssueQualificationCredential" + } }, + { "format", "jwt_vc" } +}; + request.Add("proof", proofRequest); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri(HttpUtility.UrlDecode(credentialEndpoint)), + Content = new StringContent(request.ToJsonString(), Encoding.UTF8, "application/json"), + Method = HttpMethod.Post + }; + requestMessage.Headers.Add("Authorization", $"Bearer {accessToken}"); + await httpClient.SendAsync(requestMessage); + } + + private static async Task<(string accessToken, string idToken, string cNonce)> GetToken(HttpClient httpClient, string url, string authorizationCode, string codeVerifier) + { + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri(url), + Content = new FormUrlEncodedContent(new List> + { + new KeyValuePair("grant_type", "authorization_code"), + new KeyValuePair("client_id", did), + new KeyValuePair("code", authorizationCode), + new KeyValuePair("code_verifier", codeVerifier) + }), + Method = HttpMethod.Post + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var content = await httpResult.Content.ReadAsStringAsync(); + var jObj = JsonObject.Parse(content); + return (jObj["access_token"].ToString(), jObj["id_token"].ToString(), jObj["c_nonce"].ToString()); + } + + private static (string codeChallenge, string verifier) PkceGenerate(int size = 32) + { + using var rng = RandomNumberGenerator.Create(); + var randomBytes = new byte[size]; + rng.GetBytes(randomBytes); + var verifier = Base64UrlEncode(randomBytes); + + var buffer = Encoding.UTF8.GetBytes(verifier); + var hash = SHA256.Create().ComputeHash(buffer); + var challenge = Base64UrlEncode(hash); + + return (challenge, verifier); + } + private static string Base64UrlEncode(byte[] data) => + Convert.ToBase64String(data) + .Replace("+", "-") + .Replace("/", "_") + .TrimEnd('='); +} diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Console/Program.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Console/Program.cs new file mode 100644 index 000000000..097fe4917 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Console/Program.cs @@ -0,0 +1,5 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.CredentialIssuer.Console; + +EsbiWallet.RegisterEsbiWalletForConformance().Wait(); \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Console/SimpleIdServer.CredentialIssuer.Console.csproj b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Console/SimpleIdServer.CredentialIssuer.Console.csproj new file mode 100644 index 000000000..d591bac62 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Console/SimpleIdServer.CredentialIssuer.Console.csproj @@ -0,0 +1,20 @@ + + + + Exe + net8.0 + enable + enable + + + + + PreserveNewest + + + + + + + + diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/Credential.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/Credential.cs index db6b10f8d..2e6b9c45a 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/Credential.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/Credential.cs @@ -25,4 +25,5 @@ public class Credential public virtual CredentialConfiguration Configuration { get; set; } [JsonPropertyName("claims")] public virtual List Claims { get; set; } + public bool IsDeferred { get; set; } = false; } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/CredentialConfiguration.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/CredentialConfiguration.cs index eba74d7c8..1a62eae4a 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/CredentialConfiguration.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/CredentialConfiguration.cs @@ -26,10 +26,20 @@ public class CredentialConfiguration public DateTime CreateDateTime { get; set; } [JsonPropertyName("update_datetime")] public DateTime UpdateDateTime { get; set; } + [JsonIgnore] + public string? CredentialSchemaId { get; set; } = null; + [JsonIgnore] + public string? CredentialSchemaType { get; set; } = null; + [JsonIgnore] + public bool IsDeferred { get; set; } = false; [JsonPropertyName("claims")] public virtual List Claims { get; set; } = new List(); [JsonPropertyName("displays")] public virtual List Displays { get; set; } = new List(); [JsonIgnore] + public virtual List DeferredCredentials { get; set; } + [JsonIgnore] + public List AdditionalTypes { get; set; } = new List(); + [JsonIgnore] public virtual List Credentials { get; set; } } \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/CredentialOfferRecord.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/CredentialOfferRecord.cs index 91804f4f3..c52fcaccc 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/CredentialOfferRecord.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/CredentialOfferRecord.cs @@ -3,7 +3,6 @@ using System; using System.Collections.Generic; -using System.Text.Json.Serialization; namespace SimpleIdServer.CredentialIssuer.Domains; @@ -11,11 +10,9 @@ public class CredentialOfferRecord { public string Id { get; set; } = null!; public string Subject { get; set; } = null!; - public List GrantTypes { get; set; } = new List(); - public List CredentialConfigurationIds { get; set; } = new List(); - [JsonIgnore] public string? PreAuthorizedCode { get; set; } = null; - [JsonIgnore] public string? IssuerState { get; set; } = null; public DateTime CreateDateTime { get; set; } + public List GrantTypes { get; set; } = new List(); + public List CredentialConfigurationIds { get; set; } } \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/DeferredCredential.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/DeferredCredential.cs new file mode 100644 index 000000000..0b8b962c8 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/DeferredCredential.cs @@ -0,0 +1,49 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System; +using System.Collections.Generic; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.CredentialIssuer.Domains; + +public class DeferredCredential +{ + [JsonPropertyName("transaction_id")] + public string TransactionId { get; set; } = null!; + [JsonPropertyName("credential_id")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? CredentialId { get; set; } = null; + [JsonPropertyName("credential_configuration_id")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? CredentialConfigurationId { get; set; } = null; + [JsonPropertyName("status")] + public DeferredCredentialStatus Status { get; set; } + [JsonPropertyName("formatter_name")] + public string FormatterName { get; set; } + [JsonPropertyName("nonce")] + public string Nonce { get; set; } + [JsonPropertyName("encryption_alg")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? EncryptionAlg { get; set; } = null; + [JsonPropertyName("encryption_enc")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? EncryptionEnc { get; set; } = null; + [JsonPropertyName("encryption_jwk")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? EncryptionJwk { get; set; } = null; + [JsonPropertyName("create_datetime")] + public DateTime CreateDateTime { get; set; } + [JsonPropertyName("configuration")] + public CredentialConfiguration Configuration { get; set; } + [JsonPropertyName("claims")] + public List Claims { get; set; } + [JsonIgnore] + public string UserDid { get; set; } +} + +public enum DeferredCredentialStatus +{ + PENDING = 0, + ISSUED = 1 +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/DeferredCredentialClaim.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/DeferredCredentialClaim.cs new file mode 100644 index 000000000..b1c8827c0 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Domains/DeferredCredentialClaim.cs @@ -0,0 +1,18 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System.Text.Json.Serialization; + +namespace SimpleIdServer.CredentialIssuer.Domains; + +public class DeferredCredentialClaim +{ + [JsonPropertyName("id")] + public string Id { get; set; } + [JsonPropertyName("name")] + public string Name { get; set; } + [JsonPropertyName("value")] + public string Value { get; set; } + [JsonIgnore] + public string DeferredCredentialId { get; set; } +} diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/CredentialIssuerConfiguration.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/CredentialIssuerConfiguration.cs index 533521fa3..5eebfc418 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/CredentialIssuerConfiguration.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/CredentialIssuerConfiguration.cs @@ -1,10 +1,11 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using Org.BouncyCastle.Crypto.Agreement; using SimpleIdServer.CredentialIssuer.Builders; using SimpleIdServer.CredentialIssuer.CredentialFormats; using SimpleIdServer.CredentialIssuer.Domains; +using System; using System.Collections.Generic; +using System.Linq; namespace SimpleIdServer.CredentialIssuer.Startup; @@ -13,7 +14,7 @@ public class CredentialIssuerConfiguration public static List CredentialConfigurations => new List { CredentialConfigurationBuilder - .New(LdpVcFormatter.FORMAT, "UniversityDegree", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", scope: "university_degree") + .New(JwtVcJsonFormatter.FORMAT, "UniversityDegree", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", scope: "university_degree") .AddClaim("given_name", "GivenName", (cb) => { cb.AddTranslation("Given Name", "en-US"); @@ -31,6 +32,34 @@ public class CredentialIssuerConfiguration cb.AddTranslation("Name of degree", "en-US"); }) .AddDisplay("University Credential", "en-US", "https://img.freepik.com/premium-vector/logo-university-name-logo-company-called-university_516670-732.jpg", "A square logo of a university", null,"#12107c", "#acd2b1") + .Build(), + CredentialConfigurationBuilder + .New(JwtVcJsonFormatter.FORMAT, "CTWalletSameAuthorisedInTime", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", additionalTypes: new List { "VerifiableAttestation" }, isDeferred: false, scope: "ct_wallet") + .SetSchema("https://api-pilot.ebsi.eu/trusted-schemas-registry/v2/schemas/z3MgUFUkb722uq4x3dv5yAJmnNmzDFeK5UC8x83QoeLJM", "FullJsonSchemaValidator2021") + .Build(), + CredentialConfigurationBuilder + .New(JwtVcJsonFormatter.FORMAT, "CTWalletSameAuthorisedDeferred", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", additionalTypes: new List { "VerifiableAttestation" }, isDeferred: true, id: "6fea9437-9379-4a22-b396-461c9c510011", scope: "ct_wallet") + .SetSchema("https://api-pilot.ebsi.eu/trusted-schemas-registry/v2/schemas/z3MgUFUkb722uq4x3dv5yAJmnNmzDFeK5UC8x83QoeLJM", "FullJsonSchemaValidator2021") + .AddClaim("given_name", "GivenName", (cb) => + { + cb.AddTranslation("Given Name", "en-US"); + }) + .Build(), + CredentialConfigurationBuilder + .New(JwtVcJsonFormatter.FORMAT, "CTWalletSamePreAuthorisedInTime", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", additionalTypes: new List { "VerifiableAttestation" }, scope: "ct_wallet") + .SetSchema("https://api-pilot.ebsi.eu/trusted-schemas-registry/v2/schemas/z3MgUFUkb722uq4x3dv5yAJmnNmzDFeK5UC8x83QoeLJM", "FullJsonSchemaValidator2021") + .AddClaim("given_name", "GivenName", (cb) => + { + cb.AddTranslation("Given Name", "en-US"); + }) + .Build(), + CredentialConfigurationBuilder + .New(JwtVcJsonFormatter.FORMAT, "CTWalletSamePreAuthorisedDeferred", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", additionalTypes: new List { "VerifiableAttestation" }, isDeferred: true, scope: "ct_wallet") + .SetSchema("https://api-pilot.ebsi.eu/trusted-schemas-registry/v2/schemas/z3MgUFUkb722uq4x3dv5yAJmnNmzDFeK5UC8x83QoeLJM", "FullJsonSchemaValidator2021") + .AddClaim("given_name", "GivenName", (cb) => + { + cb.AddTranslation("Given Name", "en-US"); + }) .Build() }; @@ -39,4 +68,9 @@ public class CredentialIssuerConfiguration UserCredentialClaimBuilder.Build("administrator", "DegreeName", "Master degree"), UserCredentialClaimBuilder.Build("administrator", "GivenName", "SimpleIdServer") }; + + public static List DeferredCredentials = new List + { + new DeferredCredential { CreateDateTime = DateTime.UtcNow, CredentialConfigurationId = "6fea9437-9379-4a22-b396-461c9c510011", Status = DeferredCredentialStatus.PENDING, TransactionId = Guid.NewGuid().ToString(), FormatterName = JwtVcJsonFormatter.FORMAT } + }; } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Program.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Program.cs index 6bd434c2e..5880948a2 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Program.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Program.cs @@ -1,15 +1,23 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Authentication.OpenIdConnect; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; using Microsoft.Extensions.DependencyInjection; using SimpleIdServer.CredentialIssuer.Startup; +using SimpleIdServer.Did.Crypto; +using SimpleIdServer.Did.Key; +using System.IO; using System.Net.Http; +using System.Threading; var builder = WebApplication.CreateBuilder(args); +// GeneratePrivateKey(); + var ignoreCertificateError = bool.Parse(builder.Configuration["Authorization:IgnoreCertificateError"]); builder.Services.AddAuthentication(o => { @@ -61,28 +69,7 @@ }); builder.Services.AddAuthorization(b => { - b.AddPolicy("WebsiteAuthenticated", p => - { - p.RequireAuthenticatedUser(); - }); - b.AddPolicy("ApiAuthenticated", p => - { - p.AuthenticationSchemes.Clear(); - p.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); - p.RequireAuthenticatedUser(); - }); - b.AddPolicy("credconfs", p => - { - p.AuthenticationSchemes.Clear(); - p.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); - p.RequireClaim("scope", "credconfs"); - }); - b.AddPolicy("credinstances", p => - { - p.AuthenticationSchemes.Clear(); - p.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); - p.RequireClaim("scope", "credinstances"); - }); + b.AddDefaultCredentialIssuerAuthorization(); }); builder.Services.AddLocalization(); builder.Services.AddEndpointsApiExplorer(); @@ -92,17 +79,33 @@ builder.Services.AddCredentialIssuer(o => { + var serializedPrivateKey = System.IO.File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "privatekey.json")); + var signatureKey = SignatureKeySerializer.Deserialize(serializedPrivateKey); + var publicDid = builder.Configuration["PublicDid"]; + o.Version = SimpleIdServer.IdServer.CredentialIssuer.CredentialIssuerVersion.ESBI; o.ClientId = builder.Configuration["Authorization:ClientId"]; o.ClientSecret = builder.Configuration["Authorization:ClientSecret"]; o.AuthorizationServer = builder.Configuration["Authorization:Issuer"]; + o.DidDocument = DidKeyResolver.New().Resolve(publicDid, CancellationToken.None).Result; + o.AsymmKey = signatureKey; o.IgnoreHttpsCertificateError = ignoreCertificateError; + o.IsDeveloperModeEnabled = true; }) .UseInMemoryStore(c => { c.AddCredentialConfigurations(CredentialIssuerConfiguration.CredentialConfigurations); c.AddUserCredentialClaims(CredentialIssuerConfiguration.CredentialClaims); + c.AddDeferredCredentials(CredentialIssuerConfiguration.DeferredCredentials); }); +builder.Services.AddDidKey(); + +static void GeneratePrivateKey() +{ + var did = DidKeyGenerator.New().GenerateRandomES256Key().Export(false, true); + var serialized = SignatureKeySerializer.SerializedToJson(did.Key); +} + var app = builder.Build(); app.UseStaticFiles(); app.UseRequestLocalization(e => diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.Designer.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.Designer.cs index 3f6a217ce..0b517b626 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.Designer.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.Designer.cs @@ -114,6 +114,33 @@ public static string Loading { } } + /// + /// Recherche une chaîne localisée semblable à Pre-authorized. + /// + public static string PreAuthorized { + get { + return ResourceManager.GetString("PreAuthorized", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à QR code. + /// + public static string QrCode { + get { + return ResourceManager.GetString("QrCode", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Requires user PIN. + /// + public static string RequiresUserPin { + get { + return ResourceManager.GetString("RequiresUserPin", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Scan the QR code with your wallet application. /// diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.resx b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.resx index 92ba92a20..9217ebefa 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.resx +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.resx @@ -135,6 +135,15 @@ Loading + + Pre-authorized + + + QR code + + + Requires user PIN + Scan the QR code with your wallet application diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/SimpleIdServer.CredentialIssuer.Startup.csproj b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/SimpleIdServer.CredentialIssuer.Startup.csproj index 842870a4f..833f5fe45 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/SimpleIdServer.CredentialIssuer.Startup.csproj +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/SimpleIdServer.CredentialIssuer.Startup.csproj @@ -4,6 +4,7 @@ Exe + @@ -11,6 +12,7 @@ + diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Views/Credentials/Index.cshtml b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Views/Credentials/Index.cshtml index 0c97ebbce..6b4e01cc7 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Views/Credentials/Index.cshtml +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/Views/Credentials/Index.cshtml @@ -1,6 +1,8 @@ @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers +@using Microsoft.Extensions.Options @using SimpleIdServer.CredentialIssuer.Startup.Resources; @using System.Globalization; +@using SimpleIdServer.IdServer.CredentialIssuer @model SimpleIdServer.CredentialIssuer.UI.ViewModels.CredentialsViewModel @{ @@ -30,28 +32,34 @@ var title = display == null ? credentialConfiguration.ServerId : display.Name;
-
-
-
-
- +
+
+
+
+
+ +
+
+
@title
+ @if (display != null) + { +

@display.Description

+ } +
-
-
@title
- @if (display != null) - { -

@display.Description

- } +
+ +
-
-
- +
- +
-
+
}
@@ -64,6 +72,14 @@
+ @if(Model.IsDeveloperModeEnabled) + { +
+
+

@Global.QrCode

+ +
+ }
@@ -92,9 +108,13 @@ $(document).ready(function () { const loadingText = "@Global.Loading"; const shareText = "@Global.Share"; - function displayQrCode(img) { + function displayQrCode(img, qrCode) { $("#qrCodeDialog img").attr("src", img); $("#qrCodeDialog").modal('toggle'); + var qrCodeText = $("#qrCodeText"); + if(qrCodeText.length > 0) { + $("#qrCodeText textarea").val(qrCode); + } } function displayError(json) { @@ -121,7 +141,8 @@ const blob = await response.blob(); const img = URL.createObjectURL(blob); - displayQrCode(img); + const qrCode = response.headers.get('QRCode'); + displayQrCode(img, qrCode); } $("#errorDialog .close").click(function () { @@ -137,7 +158,8 @@ const target = e.target; const shareBtn = $(target).find(".shareBtn"); const configurationId = $(target).find('input[name="configurationId"]').val(); - const body = { configurationId: configurationId }; + const preAuthorized = $(target).find('input[name="preAuthorized"]').is(':checked'); + const body = { configurationId: configurationId, preAuthorized: preAuthorized }; const url = $(target).attr('action'); shareBtn.html(loadingText); shareBtn.prop('disabled', true); diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/appsettings.json b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/appsettings.json index 2a51e240e..670434dec 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/appsettings.json +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/appsettings.json @@ -2,7 +2,8 @@ "Authorization": { "ClientId": "CredentialIssuer", "ClientSecret": "password", - "Issuer": "https://localhost:5001/master", + "Issuer": "https://3bda-81-246-134-116.ngrok-free.app/master", "IgnoreCertificateError": true - } + }, + "PublicDid": "did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbpMAoXtZtunruYnM4gCV65AKAUX2AwEReRhEaf3BRQNJArZPwQdmf9ENZcF8VT13a58WsHeVjJtvAKKPYEibaEfdUxvU7sgxEUTJpjEkq6BJKrRV1JQ1CqhYvGbmJ1WyoUQ" } \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/privatekey.json b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/privatekey.json new file mode 100644 index 000000000..4aca57748 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Startup/privatekey.json @@ -0,0 +1,4 @@ +{ + "crv_or_size": "P-256", + "jwk": "{\u0022alg\u0022:\u0022ES256\u0022,\u0022crv\u0022:\u0022P-256\u0022,\u0022d\u0022:\u00222F_YZwvrKgfpUZCN0jMeyzRK-jhQGhF67cQaqaB53_I\u0022,\u0022kty\u0022:\u0022EC\u0022,\u0022x\u0022:\u0022ImQHYtAdHDs4JN-doROPPDOUZWWen8PUYFQPW8MGJx0\u0022,\u0022y\u0022:\u0022WtZLCWzzcgF-WNbTM7hS28i7Ty9rsu2TDHSibf01TQ4\u0022}" +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/Configurations/CredentialConfigurationConf.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/Configurations/CredentialConfigurationConf.cs index 7fe446d3d..ccca830d3 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/Configurations/CredentialConfigurationConf.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/Configurations/CredentialConfigurationConf.cs @@ -14,6 +14,10 @@ public void Configure(EntityTypeBuilder builder builder.HasMany(c => c.Claims).WithOne(c => c.CredentialConfiguration).OnDelete(DeleteBehavior.Cascade); builder.HasMany(c => c.Displays).WithOne(c => c.CredentialConfiguration).OnDelete(DeleteBehavior.Cascade); builder.HasMany(c => c.Credentials).WithOne(c => c.Configuration).OnDelete(DeleteBehavior.Cascade); + builder.HasMany(c => c.DeferredCredentials).WithOne(c => c.Configuration).OnDelete(DeleteBehavior.Cascade); + builder.Property(a => a.AdditionalTypes).HasConversion( + v => string.Join(',', v), + v => v.Split(',', StringSplitOptions.None).ToList()); } } } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/Configurations/DeferredCredentialClaimConfiguration.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/Configurations/DeferredCredentialClaimConfiguration.cs new file mode 100644 index 000000000..6b51c9f7e --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/Configurations/DeferredCredentialClaimConfiguration.cs @@ -0,0 +1,17 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + + +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Metadata.Builders; +using SimpleIdServer.CredentialIssuer.Domains; + +namespace SimpleIdServer.CredentialIssuer.Store.Configurations; + +public class DeferredCredentialClaimConfiguration : IEntityTypeConfiguration +{ + public void Configure(EntityTypeBuilder builder) + { + builder.HasKey(d => d.Id); + } +} diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/Configurations/DeferredCredentialConfiguration.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/Configurations/DeferredCredentialConfiguration.cs new file mode 100644 index 000000000..40fed58ec --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/Configurations/DeferredCredentialConfiguration.cs @@ -0,0 +1,17 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Metadata.Builders; +using SimpleIdServer.CredentialIssuer.Domains; + +namespace SimpleIdServer.CredentialIssuer.Store.Configurations; + +public class DeferredCredentialConfiguration : IEntityTypeConfiguration +{ + public void Configure(EntityTypeBuilder builder) + { + builder.HasKey(d => d.TransactionId); + builder.HasMany(d => d.Claims).WithOne().HasForeignKey(d => d.DeferredCredentialId); + } +} diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/CredentialIssuerDbContext.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/CredentialIssuerDbContext.cs index 546b70166..ac3e66e0a 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/CredentialIssuerDbContext.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/CredentialIssuerDbContext.cs @@ -19,6 +19,8 @@ public CredentialIssuerDbContext(DbContextOptions opt public DbSet UserCredentialClaims { get; set; } + public DbSet DeferredCredentials { get; set; } + protected override void OnModelCreating(ModelBuilder modelBuilder) { base.OnModelCreating(modelBuilder); @@ -29,5 +31,7 @@ protected override void OnModelCreating(ModelBuilder modelBuilder) modelBuilder.ApplyConfiguration(new CredentialOfferRecordConfiguration()); modelBuilder.ApplyConfiguration(new UserCredentialClaimConfiguration()); modelBuilder.ApplyConfiguration(new CredentialClaimConfiguration()); + modelBuilder.ApplyConfiguration(new DeferredCredentialConfiguration()); + modelBuilder.ApplyConfiguration(new DeferredCredentialClaimConfiguration()); } } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/CredentialOfferStore.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/CredentialOfferStore.cs index 7894ea12d..9af8b689e 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/CredentialOfferStore.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/CredentialOfferStore.cs @@ -9,6 +9,7 @@ public interface ICredentialOfferStore { void Add(CredentialOfferRecord credentialOffer); Task Get(string id, CancellationToken cancellationToken); + Task GetByIssuerState(string issuerState, CancellationToken cancellationToken); Task SaveChanges(CancellationToken cancellationToken); } @@ -31,6 +32,11 @@ public Task Get(string id, CancellationToken cancellation return _dbContext.CredentialOfferRecords.SingleOrDefaultAsync(c => c.Id == id, cancellationToken); } + public Task GetByIssuerState(string issuerState, CancellationToken cancellationToken) + { + return _dbContext.CredentialOfferRecords.SingleOrDefaultAsync(c => c.IssuerState == issuerState, cancellationToken); + } + public Task SaveChanges(CancellationToken cancellationToken) { return _dbContext.SaveChangesAsync(cancellationToken); diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/DeferredCredentialStore.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/DeferredCredentialStore.cs new file mode 100644 index 000000000..6345af276 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/DeferredCredentialStore.cs @@ -0,0 +1,65 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.EntityFrameworkCore; +using SimpleIdServer.CredentialIssuer.Domains; +using System.Linq.Dynamic.Core; +using System.Xml; + +namespace SimpleIdServer.CredentialIssuer.Store; + +public interface IDeferredCredentialStore +{ + void Add(DeferredCredential deferredCredential); + void Delete(DeferredCredential deferredCredential); + Task> Search(SearchRequest request, CancellationToken cancellationToken); + Task Get(string transactionId, CancellationToken cancellationToken); + Task SaveChanges(CancellationToken cancellationToken); +} + +public class DeferredCredentialStore : IDeferredCredentialStore +{ + private readonly CredentialIssuerDbContext _dbContext; + + public DeferredCredentialStore(CredentialIssuerDbContext dbContext) + { + _dbContext = dbContext; + } + + public void Add(DeferredCredential deferredCredential) + => _dbContext.DeferredCredentials.Add(deferredCredential); + + public void Delete(DeferredCredential deferredCredential) + => _dbContext.DeferredCredentials.Remove(deferredCredential); + + public async Task> Search(SearchRequest request, CancellationToken cancellationToken) + { + var query = _dbContext.DeferredCredentials + .Include(d => d.Configuration) + .AsNoTracking(); + if (!string.IsNullOrWhiteSpace(request.Filter)) + query = query.Where(request.Filter); + + if (!string.IsNullOrWhiteSpace(request.OrderBy)) + query = query.OrderBy(request.OrderBy); + else + query = query.OrderByDescending(r => r.CreateDateTime); + var nb = query.Count(); + var deferredCredentials = await query.Skip(request.Skip.Value).Take(request.Take.Value).ToListAsync(); + return new SearchResult + { + Count = nb, + Content = deferredCredentials + }; + } + + public Task Get(string transactionId, CancellationToken cancellationToken) + => _dbContext + .DeferredCredentials + .Include(c => c.Claims) + .Include(c => c.Configuration).ThenInclude(c => c.Claims).ThenInclude(c => c.Translations) + .SingleOrDefaultAsync(d => d.TransactionId == transactionId, cancellationToken); + + public Task SaveChanges(CancellationToken cancellationToken) + => _dbContext.SaveChangesAsync(cancellationToken); +} diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/SearchRequest.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/SearchRequest.cs new file mode 100644 index 000000000..64f89e91e --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/SearchRequest.cs @@ -0,0 +1,18 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System.Text.Json.Serialization; + +namespace SimpleIdServer.CredentialIssuer.Store; + +public class SearchRequest +{ + [JsonPropertyName("filter")] + public string Filter { get; set; } + [JsonPropertyName("orderby")] + public string OrderBy { get; set; } + [JsonPropertyName("skip")] + public int? Skip { get; set; } + [JsonPropertyName("take")] + public int? Take { get; set; } +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/SearchResult.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/SearchResult.cs similarity index 84% rename from src/IdServer/SimpleIdServer.IdServer/Stores/SearchResult.cs rename to src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/SearchResult.cs index 3bf36268d..39c73a8ae 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/SearchResult.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/SearchResult.cs @@ -1,9 +1,8 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using System.Collections.Generic; using System.Text.Json.Serialization; -namespace SimpleIdServer.IdServer.Stores; +namespace SimpleIdServer.CredentialIssuer.Store; public class SearchResult { diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/ServiceCollectionExtensions.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/ServiceCollectionExtensions.cs index 926724acb..27a19cb4f 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/ServiceCollectionExtensions.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/ServiceCollectionExtensions.cs @@ -19,9 +19,10 @@ public static IServiceCollection AddStore(this IServiceCollection services, Acti private static void RegisterDependencies(IServiceCollection services) { - services.AddTransient(); services.AddTransient(); services.AddTransient(); services.AddTransient(); + services.AddTransient(); + services.AddTransient(); } } \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/SimpleIdServer.CredentialIssuer.Store.csproj b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/SimpleIdServer.CredentialIssuer.Store.csproj index e4b1e6e39..35bf38c9d 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/SimpleIdServer.CredentialIssuer.Store.csproj +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Store/SimpleIdServer.CredentialIssuer.Store.csproj @@ -11,5 +11,6 @@ + \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website.Startup/SimpleIdServer.CredentialIssuer.Website.Startup.csproj b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website.Startup/SimpleIdServer.CredentialIssuer.Website.Startup.csproj index 1a5c8834f..2ac3ff47c 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website.Startup/SimpleIdServer.CredentialIssuer.Website.Startup.csproj +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website.Startup/SimpleIdServer.CredentialIssuer.Website.Startup.csproj @@ -5,6 +5,7 @@ enable + \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website.Startup/appsettings.json b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website.Startup/appsettings.json index b0fccf710..628fc8495 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website.Startup/appsettings.json +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website.Startup/appsettings.json @@ -9,7 +9,7 @@ "forceHttps": false, "CredentialIssuerUrl": "https://localhost:5005", "DefaultSecurityOptions": { - "Issuer": "https://localhost:5001/master", + "Issuer": "https://3bda-81-246-134-116.ngrok-free.app/master", "ClientId": "CredentialIssuer-manager", "ClientSecret": "password", "Scope": "openid profile", diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Pages/DeferredCredential.razor b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Pages/DeferredCredential.razor new file mode 100644 index 000000000..9107a3cdb --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Pages/DeferredCredential.razor @@ -0,0 +1,115 @@ +@page "/deferredcreds/{id}" +@inject IState deferredCredentialsState +@inject IDispatcher dispatcher +@inject NotificationService notificationService +@inject NavigationManager navigationManager +@inject IOptions requestLocalizationOptions +@inherits Fluxor.Blazor.Web.Components.FluxorComponent +@using Microsoft.AspNetCore.Builder +@using Microsoft.Extensions.Options +@using SimpleIdServer.CredentialIssuer.Domains; +@using SimpleIdServer.CredentialIssuer.Website.Stores.CredentialIssuer; +@using SimpleIdServer.CredentialIssuer.Website.Shared; +@using System.Globalization; + + + + + + +@if (deferredCredentialsState.Value.DeferredCredential.Configuration != null) +{ + +
+ + +
+} + +
+ + + + + + @foreach (var claim in Claims) + { + + + + } + + + @if (deferredCredentialsState.Value.DeferredCredential != null && deferredCredentialsState.Value.DeferredCredential.Status == DeferredCredentialStatus.PENDING) + { + + } + +
+ +@code { + [Parameter] + public string id { get; set; } = null!; + + public List Claims { get; set; } = new List(); + + public record EditableClaim + { + public string Name { get; set; } + public string Key { get; set; } + public string Value { get; set; } + } + + RadzenDataGrid deferredCredentialsGrid; + + protected override void OnInitialized() + { + base.OnInitialized(); + SubscribeToAction((act) => + { + var culture = requestLocalizationOptions.Value.DefaultRequestCulture.Culture; + if (act.DeferredCredential.Status == DeferredCredentialStatus.PENDING) + { + Claims = act.DeferredCredential.Configuration.Claims.Select(c => + { + var translation = c.Translations.FirstOrDefault(t => t.Locale == culture.Name); + return new EditableClaim + { + Name = translation == null ? c.Name : translation.Name, + Key = c.SourceUserClaimName, + Value = string.Empty + }; + }).ToList(); + } + else + { + Claims = act.DeferredCredential.Claims.Select(c => + { + var translation = act.DeferredCredential.Configuration.Claims.First(cl => cl.Name == c.Name).Translations.FirstOrDefault(t => t.Locale == culture.Name); + return new EditableClaim + { + Name = translation == null ? c.Name : translation.Name, + Value = c.Value + }; + }).ToList(); + } + }); + SubscribeToAction((act) => + { + notificationService.Notify(new NotificationMessage { Severity = NotificationSeverity.Success, Summary = Global.DeferredCredentialIssued }); + StateHasChanged(); + }); + } + + protected override void OnParametersSet() + { + base.OnParametersSet(); + if (string.IsNullOrWhiteSpace(id)) return; + dispatcher.Dispatch(new GetDeferredCredentialAction { Id = id }); + } + + protected void Update() + { + dispatcher.Dispatch(new IssueDeferredCredentialAction { Claims = Claims.ToDictionary(c => c.Key, c => c.Value), Id = id }); + } +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Pages/DeferredCredentials.razor b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Pages/DeferredCredentials.razor new file mode 100644 index 000000000..dab759f80 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Pages/DeferredCredentials.razor @@ -0,0 +1,66 @@ +@page "/deferredcreds" +@inject IState deferredCredentialsState +@inject IDispatcher dispatcher +@inject NotificationService notificationService +@inject NavigationManager navigationManager +@inherits Fluxor.Blazor.Web.Components.FluxorComponent +@using SimpleIdServer.CredentialIssuer.Domains; +@using SimpleIdServer.CredentialIssuer.Website.Stores.CredentialIssuer; +@using System.Globalization; + +
+
+ +
+
+ + + + + + + + + + + + + + +@code { + RadzenDataGrid deferredCredentialsGrid; + + protected override void OnAfterRender(bool firstRender) + { + base.OnAfterRender(firstRender); + if(firstRender) + { + if (!deferredCredentialsState.Value.IsLoading) + deferredCredentialsGrid.Reload(); + } + } + + void LoadData(LoadDataArgs args) + { + var act = new SearchDeferredCredentialsAction { Filter = args.Filter, OrderBy = args.OrderBy, Skip = args.Skip, Take = args.Top }; + dispatcher.Dispatch(act); + } +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Resources/Global.Designer.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Resources/Global.Designer.cs index dbfac3f38..307ea5d4f 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Resources/Global.Designer.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Resources/Global.Designer.cs @@ -186,6 +186,15 @@ internal static string ClaimValueTypeHelper { } } + /// + /// Recherche une chaîne localisée semblable à Create datetime. + /// + internal static string CreateDateTime { + get { + return ResourceManager.GetString("CreateDateTime", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Claim has been added. /// @@ -339,6 +348,15 @@ internal static string CredentialIssuer { } } + /// + /// Recherche une chaîne localisée semblable à Credential issuer DID. + /// + internal static string CredentialIssuerDid { + get { + return ResourceManager.GetString("CredentialIssuerDid", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Credential has been removed. /// @@ -384,6 +402,51 @@ internal static string CredentialTranslationUpdated { } } + /// + /// Recherche une chaîne localisée semblable à Claims of the deferred credential. + /// + internal static string DeferredCredentialClaims { + get { + return ResourceManager.GetString("DeferredCredentialClaims", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à The deferred credential has been issued. + /// + internal static string DeferredCredentialIssued { + get { + return ResourceManager.GetString("DeferredCredentialIssued", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Issue the credentials. + /// + internal static string DeferredCredentialsDescription { + get { + return ResourceManager.GetString("DeferredCredentialsDescription", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Deferred credentials. + /// + internal static string DeferredCredentialsTitle { + get { + return ResourceManager.GetString("DeferredCredentialsTitle", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Deferred credential. + /// + internal static string DeferredCredentialTitle { + get { + return ResourceManager.GetString("DeferredCredentialTitle", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Delete. /// @@ -681,6 +744,15 @@ internal static string SourceUserClaimNameHelper { } } + /// + /// Recherche une chaîne localisée semblable à Status. + /// + internal static string Status { + get { + return ResourceManager.GetString("Status", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Subject. /// @@ -717,6 +789,15 @@ internal static string TextColorHelper { } } + /// + /// Recherche une chaîne localisée semblable à Transaction identifier. + /// + internal static string TransactionId { + get { + return ResourceManager.GetString("TransactionId", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Type. /// @@ -735,6 +816,15 @@ internal static string TypeHelper { } } + /// + /// Recherche une chaîne localisée semblable à Update. + /// + internal static string Update { + get { + return ResourceManager.GetString("Update", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Update translation. /// diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Resources/Global.resx b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Resources/Global.resx index b90326716..3745efd84 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Resources/Global.resx +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Resources/Global.resx @@ -159,6 +159,9 @@ ClaimValueTypeHelper + + Create datetime + Claim has been added @@ -210,6 +213,9 @@ Credential issuer + + Credential issuer DID + Credential has been removed @@ -225,6 +231,21 @@ Translation has been updated + + Claims of the deferred credential + + + The deferred credential has been issued + + + Issue the credentials + + + Deferred credentials + + + Deferred credential + Delete @@ -324,6 +345,9 @@ SourceUserClaimNameHelper + + Status + Subject @@ -336,12 +360,18 @@ TextColorHelper + + Transaction identifier + Type TypeHelper + + Update + Update translation diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Shared/MainLayout.razor b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Shared/MainLayout.razor index 0bed41d76..ebc30c640 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Shared/MainLayout.razor +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Shared/MainLayout.razor @@ -44,6 +44,7 @@ + diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Shared/RadzenCardLoader.razor b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Shared/RadzenCardLoader.razor new file mode 100644 index 000000000..15b6c01bc --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Shared/RadzenCardLoader.razor @@ -0,0 +1,77 @@ +@inherits RadzenComponentWithChildren + + + +@if (Visible) +{ +
+ @if (IsLoading) + { +
+
+ +
+ } + + @ChildContent +
+} + +@code { + [Parameter] + public bool IsLoading { get; set; } + [Parameter] + public Variant Variant { get; set; } = Variant.Filled; + + public new ElementReference Reference + { + get + { + return base.Element; + } + set + { + + SetProperty(this, nameof(base.Element), value); + } + } + + private void SetProperty(object instance, string propertyName, object newValue) + { + var type = instance.GetType(); + var property = type.GetProperty(propertyName); + + if (property != null) + { + property.SetValue(instance, newValue, null); + } + } + + protected override string GetComponentCssClass() + { + var classList = new List(); + classList.Add("rz-card"); + classList.Add("rz-card-loader"); + classList.Add($"rz-variant-{Variant.ToString().ToLowerInvariant()}"); + return string.Join(" ", classList); + } +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/CredentialIssuerEffects.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/CredentialIssuerEffects.cs index 50b5b88b9..2a51bdcb7 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/CredentialIssuerEffects.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/CredentialIssuerEffects.cs @@ -4,7 +4,9 @@ using Microsoft.Extensions.Options; using SimpleIdServer.CredentialIssuer.Api.CredentialConf; using SimpleIdServer.CredentialIssuer.Api.CredentialInstance; +using SimpleIdServer.CredentialIssuer.Api.DeferredCredential; using SimpleIdServer.CredentialIssuer.Domains; +using SimpleIdServer.CredentialIssuer.Store; using System.Text; using System.Text.Json; using System.Text.Json.Nodes; @@ -405,6 +407,65 @@ public async Task Handle(RemoveCredentialInstanceAction action, IDispatcher disp dispatcher.Dispatch(new RemoveCredentialInstanceSuccessAction { Id = action.Id }); } + [EffectMethod] + public async Task Handle(GetDeferredCredentialAction action, IDispatcher dispatcher) + { + var url = $"{_options.CredentialIssuerUrl}/deferred_credential/{action.Id}"; + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri(url), + Method = HttpMethod.Get + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var result = JsonSerializer.Deserialize(json); + dispatcher.Dispatch(new GetDeferredCredentialSuccessAction { DeferredCredential = result }); + } + + [EffectMethod] + public async Task Handle(IssueDeferredCredentialAction action, IDispatcher dispatcher) + { + var url = $"{_options.CredentialIssuerUrl}/deferred_credential/{action.Id}/issue"; + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri(url), + Method = HttpMethod.Put, + Content = new StringContent(JsonSerializer.Serialize(new IssueDeferredCredentialRequest + { + Claims = action.Claims + }), Encoding.UTF8, "application/json") + }; + await httpClient.SendAsync(requestMessage); + dispatcher.Dispatch(new IssueDeferredCredentialSuccessAction { Claims = action.Claims, Id = action.Id }); + } + + [EffectMethod] + public async Task Handle(SearchDeferredCredentialsAction action, IDispatcher dispatcher) + { + var url = $"{_options.CredentialIssuerUrl}/deferred_credential/.search"; + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri(url), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new SearchRequest + { + Filter = SanitizeExpression(action.Filter), + OrderBy = SanitizeExpression(action.OrderBy), + Skip = action.Skip, + Take = action.Take + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var searchResult = JsonSerializer.Deserialize>(json); + dispatcher.Dispatch(new SearchDeferredCredentialsSuccessAction { DeferredCredentials = searchResult }); + + string SanitizeExpression(string expression) => expression.Replace("Value.", ""); + } + private string GetBaseUrl() => $"{_options.CredentialIssuerUrl}/credential_configurations"; } @@ -668,4 +729,39 @@ public class RemoveCredentialInstanceAction public class RemoveCredentialInstanceSuccessAction { public string Id { get; set; } +} + +public class SearchDeferredCredentialsAction +{ + public string? Filter { get; set; } = null; + public string? OrderBy { get; set; } = null; + public int? Skip { get; set; } = null; + public int? Take { get; set; } = null; +} + +public class SearchDeferredCredentialsSuccessAction +{ + public SearchResult DeferredCredentials { get; set; } +} + +public class GetDeferredCredentialAction +{ + public string Id { get; set; } +} + +public class GetDeferredCredentialSuccessAction +{ + public DeferredCredential DeferredCredential { get; set; } +} + +public class IssueDeferredCredentialAction +{ + public string Id { get; set; } + public Dictionary Claims { get; set; } +} + +public class IssueDeferredCredentialSuccessAction +{ + public string Id { get; set; } + public Dictionary Claims { get; set; } } \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/CredentialIssuerReducers.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/CredentialIssuerReducers.cs index 250943a6b..e5af49366 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/CredentialIssuerReducers.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/CredentialIssuerReducers.cs @@ -1,7 +1,6 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using System.Data; namespace SimpleIdServer.CredentialIssuer.Website.Stores.CredentialIssuer; @@ -424,4 +423,76 @@ public static CredentialsState ReduceRemoveCredentialInstanceSuccessAction(Crede } #endregion + + #region DeferredCredentialsState + + [ReducerMethod] + public static DeferredCredentialsState ReduceSearchDeferredCredentialsAction(DeferredCredentialsState state, SearchDeferredCredentialsAction action) + { + return state with + { + IsLoading = true + }; + } + + [ReducerMethod] + public static DeferredCredentialsState ReduceSearchDeferredCredentialsSuccessAction(DeferredCredentialsState state, SearchDeferredCredentialsSuccessAction action) + { + return state with + { + IsLoading = false, + DeferredCredentials = action.DeferredCredentials + }; + } + + #endregion + + #region DeferredCredentialState + + [ReducerMethod] + public static DeferredCredentialState ReduceGetDeferredCredentialAction(DeferredCredentialState state, GetDeferredCredentialAction action) + { + return state with + { + IsLoading = true + }; + } + + [ReducerMethod] + public static DeferredCredentialState ReduceGetDeferredCredentialSuccessAction(DeferredCredentialState state, GetDeferredCredentialSuccessAction action) + { + return state with + { + IsLoading = false, + DeferredCredential = action.DeferredCredential + }; + } + + [ReducerMethod] + public static DeferredCredentialState ReduceIssueDeferredCredentialAction(DeferredCredentialState state, IssueDeferredCredentialAction action) + { + return state with + { + IsLoading = true + }; + } + + [ReducerMethod] + public static DeferredCredentialState ReduceIssueDeferredCredentialSuccessAction(DeferredCredentialState state, IssueDeferredCredentialSuccessAction action) + { + var deferredCredential = state.DeferredCredential; + deferredCredential.Claims = action.Claims.Select(kvp => new Domains.DeferredCredentialClaim + { + Name = kvp.Key, + Value = kvp.Value + }).ToList(); + deferredCredential.Status = Domains.DeferredCredentialStatus.ISSUED; + return state with + { + IsLoading = false, + DeferredCredential = deferredCredential + }; + } + + #endregion } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/DeferredCredentialState.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/DeferredCredentialState.cs new file mode 100644 index 000000000..fffb230d5 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/DeferredCredentialState.cs @@ -0,0 +1,18 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Fluxor; +using SimpleIdServer.CredentialIssuer.Domains; + +namespace SimpleIdServer.CredentialIssuer.Website.Stores.CredentialIssuer; + +[FeatureState] +public record DeferredCredentialState +{ + public DeferredCredentialState() + { + + } + + public DeferredCredential DeferredCredential { get; set; } = new DeferredCredential(); + public bool IsLoading { get; set; } = true; +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/DeferredCredentialsState.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/DeferredCredentialsState.cs new file mode 100644 index 000000000..beb2d6ab6 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/Stores/CredentialIssuer/DeferredCredentialsState.cs @@ -0,0 +1,19 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Fluxor; +using SimpleIdServer.CredentialIssuer.Domains; +using SimpleIdServer.CredentialIssuer.Store; + +namespace SimpleIdServer.CredentialIssuer.Website.Stores.CredentialIssuer; + +[FeatureState] +public record DeferredCredentialsState +{ + public DeferredCredentialsState() + { + + } + + public SearchResult DeferredCredentials { get; set; } = new SearchResult(); + public bool IsLoading { get; set; } = true; +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/WebsiteHttpClientFactory.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/WebsiteHttpClientFactory.cs index 8be706cdd..2850f0737 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/WebsiteHttpClientFactory.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Website/WebsiteHttpClientFactory.cs @@ -65,7 +65,7 @@ private async Task GetAccessToken() { new KeyValuePair("client_id", _securityOptions.ClientId), new KeyValuePair("client_secret", _securityOptions.ClientSecret), - new KeyValuePair("scope", "credconfs credinstances"), + new KeyValuePair("scope", "credconfs credinstances deferredcreds"), new KeyValuePair("grant_type", "client_credentials") }; var httpRequest = new HttpRequestMessage diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/CredentialController.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/CredentialController.cs index bd414a21f..11a10abdb 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/CredentialController.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/CredentialController.cs @@ -3,11 +3,11 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Options; -using Microsoft.IdentityModel.JsonWebTokens; +using SimpleIdServer.CredentialIssuer.Api.Credential.Services; using SimpleIdServer.CredentialIssuer.Api.Credential.Validators; using SimpleIdServer.CredentialIssuer.CredentialFormats; -using SimpleIdServer.CredentialIssuer.Domains; using SimpleIdServer.CredentialIssuer.Store; +using SimpleIdServer.Did.Serializers; using SimpleIdServer.IdServer.CredentialIssuer; using SimpleIdServer.IdServer.CredentialIssuer.DTOs; using System; @@ -19,229 +19,227 @@ using System.Threading; using System.Threading.Tasks; -namespace SimpleIdServer.CredentialIssuer.Api.Credential +namespace SimpleIdServer.CredentialIssuer.Api.Credential; + +[Route(Constants.EndPoints.Credential)] +[Authorize("ApiAuthenticated")] +public class CredentialController : BaseController { - [Route(Constants.EndPoints.Credential)] - [Authorize("ApiAuthenticated")] - public class CredentialController : BaseController + private readonly IEnumerable _formatters; + private readonly ICredentialStore _credentialStore; + private readonly ICredentialConfigurationStore _credentialConfigurationStore; + private readonly IDeferredCredentialStore _deferredCredentialStore; + private readonly IUserCredentialClaimStore _userCredentialClaimStore; + private readonly ICredentialService _credentialService; + private readonly IEnumerable _keyProofTypeValidators; + private readonly CredentialIssuerOptions _options; + + public CredentialController( + IEnumerable formatters, + ICredentialStore credentialStore, + ICredentialConfigurationStore credentialConfigurationStore, + IDeferredCredentialStore deferredCredentialStore, + IUserCredentialClaimStore userCredentialClaimStore, + ICredentialService credentialService, + IEnumerable keyProofTypeValidators, + IOptions options) { - private readonly IEnumerable _formatters; - private readonly ICredentialStore _credentialStore; - private readonly ICredentialConfigurationStore _credentialConfigurationStore; - private readonly IUserCredentialClaimStore _userCredentialClaimStore; - private readonly IEnumerable _keyProofTypeValidators; - private readonly CredentialIssuerOptions _options; - - public CredentialController( - IEnumerable formatters, - ICredentialStore credentialStore, - ICredentialConfigurationStore credentialConfigurationStore, - IUserCredentialClaimStore userCredentialClaimStore, - IEnumerable keyProofTypeValidators, - IOptions options) - { - _formatters = formatters; - _credentialStore = credentialStore; - _credentialConfigurationStore = credentialConfigurationStore; - _userCredentialClaimStore = userCredentialClaimStore; - _keyProofTypeValidators = keyProofTypeValidators; - _options = options.Value; - } + _formatters = formatters; + _credentialStore = credentialStore; + _credentialConfigurationStore = credentialConfigurationStore; + _deferredCredentialStore = deferredCredentialStore; + _userCredentialClaimStore = userCredentialClaimStore; + _credentialService = credentialService; + _keyProofTypeValidators = keyProofTypeValidators; + _options = options.Value; + } + + [HttpPost] + public async Task Get([FromBody] CredentialRequest request, CancellationToken cancellationToken) + { + var scope = User.Claims.SingleOrDefault(c => c.Type == "scope")?.Value; + var authorizedScopes = new List(); + if (!string.IsNullOrWhiteSpace(scope)) + authorizedScopes = scope.Split(" ", StringSplitOptions.RemoveEmptyEntries).ToList(); + + var validationResult = await Validate(request, authorizedScopes, cancellationToken); + if (validationResult.ErrorResult != null) return Build(validationResult.ErrorResult.Value); + if (validationResult.CredentialConfiguration.IsDeferred) + return new OkObjectResult(await BuildDeferredCredential(request, validationResult, cancellationToken)); - [HttpPost] - public async Task Get([FromBody] CredentialRequest request, CancellationToken cancellationToken) + return new OkObjectResult(await BuildImmediateCredential(request, validationResult, cancellationToken)); + } + + #region Deferred credential + + private async Task BuildDeferredCredential( + CredentialRequest request, + CredentialValidationResult validationResult, + CancellationToken cancellationToken) + { + var deferredCredential = new Domains.DeferredCredential { - var subject = User.FindFirst(ClaimTypes.NameIdentifier).Value; - var scope = User.Claims.SingleOrDefault(c => c.Type == "scope")?.Value; - var authorizedScopes = new List(); - if (!string.IsNullOrWhiteSpace(scope)) - { - authorizedScopes = scope.Split(" ", StringSplitOptions.RemoveEmptyEntries).ToList(); - } - - var validationResult = await Validate(request, authorizedScopes, cancellationToken); - if (validationResult.ErrorResult != null) return Build(validationResult.ErrorResult.Value); - if (!string.IsNullOrWhiteSpace(validationResult.Subject)) - subject = validationResult.Subject; - var buildRequest = new BuildCredentialRequest - { - Subject = subject, - Issuer = _options.DidDocument.Id - }; - var claims = new List(); - List userClaims = null; - if (validationResult.Credential != null) + Status = Domains.DeferredCredentialStatus.PENDING, + TransactionId = Guid.NewGuid().ToString(), + CredentialConfigurationId = validationResult.CredentialConfiguration.Id, + CredentialId = validationResult.Credential?.Id, + FormatterName = validationResult.Formatter.Format, + Nonce = validationResult.Nonce, + EncryptionJwk = request.CredentialResponseEncryption == null ? null : JsonWebKeySerializer.Write(request.CredentialResponseEncryption?.Jwk), + EncryptionAlg = request.CredentialResponseEncryption?.Alg, + EncryptionEnc = request.CredentialResponseEncryption?.Enc, + UserDid = validationResult.Subject, + CreateDateTime = DateTime.UtcNow + }; + _deferredCredentialStore.Add(deferredCredential); + await _deferredCredentialStore.SaveChanges(cancellationToken); + if(_options.Version == CredentialIssuerVersion.LAST) + return new CredentialResult { - buildRequest.Id = $"{validationResult.Credential.Configuration.BaseUrl}/{validationResult.Credential.CredentialId}"; - buildRequest.JsonLdContext = validationResult.Credential.Configuration.JsonLdContext; - buildRequest.Type = validationResult.Credential.Configuration.Type; - buildRequest.ValidFrom = validationResult.Credential.IssueDateTime; - buildRequest.ValidUntil = validationResult.Credential.ExpirationDateTime; - buildRequest.CredentialConfiguration = validationResult.Credential.Configuration; - userClaims = validationResult.Credential.Claims.Select(c => - { - var cl = validationResult.CredentialTemplate.Claims.Single(cl => cl.SourceUserClaimName == c.Name); - return new CredentialUserClaimNode - { - Level = cl.Name.Split('.').Count(), - Name = cl.Name, - Value = c.Value - }; - }).ToList(); - } - else - { - buildRequest.Id = $"{validationResult.CredentialTemplate.BaseUrl}/{Guid.NewGuid()}"; - buildRequest.JsonLdContext = validationResult.CredentialTemplate.JsonLdContext; - buildRequest.Type = validationResult.CredentialTemplate.Type; - buildRequest.CredentialConfiguration = validationResult.CredentialTemplate; - if (_options.CredentialExpirationTimeInSeconds != null) - { - buildRequest.ValidFrom = DateTime.UtcNow; - buildRequest.ValidUntil = DateTime.UtcNow.AddSeconds(_options.CredentialExpirationTimeInSeconds.Value); - } - - var userCredentials = await _userCredentialClaimStore.Resolve(subject, validationResult.CredentialTemplate.Claims, cancellationToken); - userClaims = userCredentials.Select(c => - { - var cl = validationResult.CredentialTemplate.Claims.Single(cl => cl.SourceUserClaimName == c.Name); - return new CredentialUserClaimNode - { - Level = cl.Name.Split('.').Count(), - Name = cl.Name, - Value = c.Value - }; - }).ToList(); - } - - buildRequest.UserClaims = userClaims; - var formatter = validationResult.Formatter; - var credentialResult = formatter.Build(buildRequest, - _options.DidDocument, - _options.VerificationMethodId, - _options.AsymmKey); - if(request.CredentialResponseEncryption != null) - { - var handler = new JsonWebTokenHandler(); - var encKey = request.CredentialResponseEncryption.Jwk; - var encryptedCredential = handler.EncryptToken(credentialResult.ToJsonString(), new Microsoft.IdentityModel.Tokens.EncryptingCredentials( - encKey, - request.CredentialResponseEncryption.Alg, - request.CredentialResponseEncryption.Enc)); - credentialResult = encryptedCredential; - } - - return new OkObjectResult(new CredentialResult - { - Credential = credentialResult, + TransactionId = deferredCredential.TransactionId, CNonce = validationResult.Nonce - }); - } + }; + return new ESBICredentialResult + { + AcceptanceToken = deferredCredential.TransactionId, + CNonce = validationResult.Nonce + }; + } - private async Task Validate(CredentialRequest credentialRequest, List authorizedScopes, CancellationToken cancellationToken) + #endregion + + #region Immediate credential + + private async Task BuildImmediateCredential(CredentialRequest request, + CredentialValidationResult validationResult, + CancellationToken cancellationToken) + { + Dictionary claims = null; + if (validationResult.Credential != null) + claims = validationResult.Credential.Claims.ToDictionary(c => c.Name, c => c.Value); + else { - string subject = null; - string nonce = null; - if (credentialRequest == null) - return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, ErrorMessages.INVALID_INCOMING_REQUEST)); + var userClaims = await _userCredentialClaimStore.Resolve(validationResult.Subject, validationResult.CredentialConfiguration.Claims, cancellationToken); + claims = userClaims.ToDictionary(c => c.Name, c => c.Value); + } - var atCredentialIdentifiers = GetCredentialIdentifiers(); - if(atCredentialIdentifiers == null && string.IsNullOrWhiteSpace(credentialRequest.Format)) - return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.Format))); + return _credentialService.BuildImmediateCredential(new BuildImmediateCredentialRequest( + validationResult.Subject, + validationResult.CredentialConfiguration, + validationResult.Credential, + claims, + validationResult.Formatter, + request.CredentialResponseEncryption, + validationResult.Nonce + )); + } - if(credentialRequest.Proof != null) - { - if (string.IsNullOrWhiteSpace(credentialRequest.Proof.ProofType)) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.ProofType))); - var proofType = _keyProofTypeValidators.SingleOrDefault(v => v.Type == credentialRequest.Proof.ProofType); - if (proofType == null) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, string.Format(ErrorMessages.INVALID_PROOF_FORMAT, credentialRequest.Proof.ProofType))); - var proofTypeValidationResult = await proofType.Validate(credentialRequest.Proof, cancellationToken); - if (!proofTypeValidationResult.IsValid) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_PROOF, proofTypeValidationResult.ErrorMessage)); - subject = proofTypeValidationResult.Subject; - nonce = proofTypeValidationResult.CNonce; - } + #endregion - if (atCredentialIdentifiers != null && string.IsNullOrWhiteSpace(credentialRequest.Credentialidentifier)) - return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.CredentialIdentifier))); + private async Task Validate( + CredentialRequest credentialRequest, + List authorizedScopes, + CancellationToken cancellationToken) + { + string subject = null; + string nonce = null; + if (credentialRequest == null) + return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, ErrorMessages.INVALID_INCOMING_REQUEST)); - if(!string.IsNullOrWhiteSpace(credentialRequest.Format) && !string.IsNullOrWhiteSpace(credentialRequest.Credentialidentifier)) - return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, ErrorMessages.CANNOT_USER_CREDENTIAL_IDENTIFIER_WITH_FORMAT)); + var atCredentialIdentifiers = GetCredentialIdentifiers(); + if(atCredentialIdentifiers == null && string.IsNullOrWhiteSpace(credentialRequest.Format)) + return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.Format))); - if(!string.IsNullOrWhiteSpace(credentialRequest.Credentialidentifier) && !atCredentialIdentifiers.Contains(credentialRequest.Credentialidentifier)) - return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, ErrorMessages.INVALID_CREDENTIAL_IDENTIFIER)); + if(credentialRequest.Proof != null) + { + if (string.IsNullOrWhiteSpace(credentialRequest.Proof.ProofType)) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.ProofType))); + var proofType = _keyProofTypeValidators.SingleOrDefault(v => v.Type == credentialRequest.Proof.ProofType); + if (proofType == null) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, string.Format(ErrorMessages.INVALID_PROOF_FORMAT, credentialRequest.Proof.ProofType))); + var proofTypeValidationResult = await proofType.Validate(credentialRequest.Proof, cancellationToken); + if (!proofTypeValidationResult.IsValid) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_PROOF, proofTypeValidationResult.ErrorMessage)); + subject = proofTypeValidationResult.Subject; + nonce = proofTypeValidationResult.CNonce; + } - if (credentialRequest.CredentialResponseEncryption != null) - { - if (string.IsNullOrWhiteSpace(credentialRequest.CredentialResponseEncryption.Alg)) - return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_ENCRYPTION_PARAMETERS, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.Alg))); - if (string.IsNullOrWhiteSpace(credentialRequest.CredentialResponseEncryption.Enc)) - return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_ENCRYPTION_PARAMETERS, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.Enc))); - if (credentialRequest.CredentialResponseEncryption.Jwk == null) - return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_ENCRYPTION_PARAMETERS, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.Jwk))); - } - - if (!string.IsNullOrWhiteSpace(credentialRequest.Format)) - { - var formatter = _formatters.SingleOrDefault(f => f.Format == credentialRequest.Format); - if (formatter == null) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.UNSUPPORTED_CREDENTIAL_FORMAT, string.Format(ErrorMessages.UNSUPPORTED_CREDENTIAL_FORMAT, credentialRequest.Format))); - var header = formatter.ExtractHeader(credentialRequest.Data); - if (header == null) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, ErrorMessages.CREDENTIAL_TYPE_CANNOT_BE_EXTRACTED)); - var credentialConfiguration = await _credentialConfigurationStore.GetByTypeAndFormat(header.Type, credentialRequest.Format, cancellationToken); - if (credentialConfiguration == null) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.UNSUPPORTED_CREDENTIAL_TYPE, string.Format(ErrorMessages.UNSUPPORTED_CREDENTIAL_TYPE, header.Type))); - if (!authorizedScopes.Any(s => credentialConfiguration.Scope == s)) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.Unauthorized, ErrorCodes.UNAUTHORIZED, string.Format(ErrorMessages.UNAUTHORIZED_TO_ACCESS, header.Type))); - return CredentialValidationResult.Ok(formatter, credentialConfiguration, subject, nonce); - } - - var credential = await _credentialStore.GetByCredentialId(credentialRequest.Credentialidentifier, cancellationToken); - if (credential == null) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, string.Format(ErrorMessages.UNKNOWN_CREDENTIAL_ID, credentialRequest.Credentialidentifier))); - return CredentialValidationResult.Ok(_formatters.Single(f => f.Format == credential.Configuration.Format), credential, subject, nonce); + if (atCredentialIdentifiers != null && string.IsNullOrWhiteSpace(credentialRequest.Credentialidentifier)) + return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.CredentialIdentifier))); + + if(!string.IsNullOrWhiteSpace(credentialRequest.Format) && !string.IsNullOrWhiteSpace(credentialRequest.Credentialidentifier)) + return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, ErrorMessages.CANNOT_USER_CREDENTIAL_IDENTIFIER_WITH_FORMAT)); + + if(!string.IsNullOrWhiteSpace(credentialRequest.Credentialidentifier) && !atCredentialIdentifiers.Contains(credentialRequest.Credentialidentifier)) + return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, ErrorMessages.INVALID_CREDENTIAL_IDENTIFIER)); + + if (credentialRequest.CredentialResponseEncryption != null) + { + if (string.IsNullOrWhiteSpace(credentialRequest.CredentialResponseEncryption.Alg)) + return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_ENCRYPTION_PARAMETERS, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.Alg))); + if (string.IsNullOrWhiteSpace(credentialRequest.CredentialResponseEncryption.Enc)) + return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_ENCRYPTION_PARAMETERS, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.Enc))); + if (credentialRequest.CredentialResponseEncryption.Jwk == null) + return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_ENCRYPTION_PARAMETERS, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialRequestNames.Jwk))); } - private class CredentialValidationResult : BaseValidationResult + if (!string.IsNullOrWhiteSpace(credentialRequest.Format)) { - private CredentialValidationResult(ErrorResult error) : base(error) - { - } + var formatter = _formatters.SingleOrDefault(f => f.Format == credentialRequest.Format); + if (formatter == null) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.UNSUPPORTED_CREDENTIAL_FORMAT, string.Format(ErrorMessages.UNSUPPORTED_CREDENTIAL_FORMAT, credentialRequest.Format))); + var header = formatter.ExtractHeader(credentialRequest.Data); + if (header == null) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, ErrorMessages.CREDENTIAL_TYPE_CANNOT_BE_EXTRACTED)); + var credentialConfiguration = await _credentialConfigurationStore.GetByTypeAndFormat(header.Type, credentialRequest.Format, cancellationToken); + if (credentialConfiguration == null) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.UNSUPPORTED_CREDENTIAL_TYPE, string.Format(ErrorMessages.UNSUPPORTED_CREDENTIAL_TYPE, header.Type))); + // if (!string.IsNullOrWhiteSpace(credentialConfiguration.Scope) && !authorizedScopes.Any(s => credentialConfiguration.Scope == s)) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.Unauthorized, ErrorCodes.UNAUTHORIZED, string.Format(ErrorMessages.UNAUTHORIZED_TO_ACCESS, header.Type))); + return CredentialValidationResult.Ok(formatter, credentialConfiguration, subject, nonce); + } - private CredentialValidationResult(ICredentialFormatter formatter, CredentialConfiguration credentialTemplate, string subject, string nonce) - { - Formatter = formatter; - CredentialTemplate = credentialTemplate; - Subject = subject; - Nonce = nonce; - } + var credential = await _credentialStore.GetByCredentialId(credentialRequest.Credentialidentifier, cancellationToken); + if (credential == null) return CredentialValidationResult.Error(new ErrorResult(HttpStatusCode.BadRequest, ErrorCodes.INVALID_CREDENTIAL_REQUEST, string.Format(ErrorMessages.UNKNOWN_CREDENTIAL_ID, credentialRequest.Credentialidentifier))); + return CredentialValidationResult.Ok(_formatters.Single(f => f.Format == credential.Configuration.Format), credential, subject, nonce); + } - private CredentialValidationResult(ICredentialFormatter formatter, Domains.Credential credential, string subject, string nonce) - { - Formatter = formatter; - Credential = credential; - Subject = subject; - Nonce = nonce; - } + private class CredentialValidationResult : BaseValidationResult + { + private CredentialValidationResult(ErrorResult error) : base(error) + { + } - public ICredentialFormatter Formatter { get; private set; } + private CredentialValidationResult(ICredentialFormatter formatter, Domains.CredentialConfiguration credentialConfiguration, string subject, string nonce) + { + Formatter = formatter; + CredentialConfiguration = credentialConfiguration; + Subject = subject; + Nonce = nonce; + } - public CredentialConfiguration CredentialTemplate { get; private set; } + private CredentialValidationResult(ICredentialFormatter formatter, Domains.Credential credential, string subject, string nonce) : this(formatter, credential.Configuration, subject, nonce) + { + Credential = credential; + } - public string Subject { get; private set; } + public ICredentialFormatter Formatter { get; private set; } - public string Nonce { get; private set; } + public Domains.CredentialConfiguration CredentialConfiguration { get; private set; } - public Domains.Credential Credential { get; private set; } + public string Subject { get; private set; } - public static CredentialValidationResult Ok(ICredentialFormatter formatter, CredentialConfiguration credentialTemplate, string subject, string nonce) => new CredentialValidationResult(formatter, credentialTemplate, subject, nonce); + public string Nonce { get; private set; } - public static CredentialValidationResult Ok(ICredentialFormatter formatter, Domains.Credential credential, string subject, string nonce) => new CredentialValidationResult(formatter, credential, subject, nonce); + public Domains.Credential Credential { get; private set; } - public static CredentialValidationResult Error(ErrorResult error) => new CredentialValidationResult(error); - } + public static CredentialValidationResult Ok(ICredentialFormatter formatter, Domains.CredentialConfiguration credentialConfiguration, string subject, string nonce) + => new CredentialValidationResult(formatter, credentialConfiguration, subject, nonce); - private List GetCredentialIdentifiers() - { - var claim = User.Claims.SingleOrDefault(c => c.Type == "authorization_details"); - if (claim == null) return null; - var jsonObj = JsonObject.Parse(claim.Value).AsObject(); - if (!jsonObj.ContainsKey("credential_identifiers")) return null; - return (jsonObj["credential_identifiers"] as JsonArray).Select(c => c.ToString()).ToList(); - } + public static CredentialValidationResult Ok(ICredentialFormatter formatter, Domains.Credential credential, string subject, string nonce) => new CredentialValidationResult(formatter, credential, subject, nonce); + + public static CredentialValidationResult Error(ErrorResult error) => new CredentialValidationResult(error); + } + + private List GetCredentialIdentifiers() + { + var claim = User.Claims.SingleOrDefault(c => c.Type == "authorization_details"); + if (claim == null) return null; + var jsonObj = JsonObject.Parse(claim.Value).AsObject(); + if (!jsonObj.ContainsKey("credential_identifiers")) return null; + return (jsonObj["credential_identifiers"] as JsonArray).Select(c => c.ToString()).ToList(); } } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/CredentialResult.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/CredentialResult.cs index 677ac6b6d..b283e538f 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/CredentialResult.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/CredentialResult.cs @@ -8,6 +8,8 @@ namespace SimpleIdServer.CredentialIssuer.Api.Credential; public class CredentialResult { + [JsonPropertyName(CredentialResultNames.Format)] + public string Format { get; set; } [JsonPropertyName(CredentialResultNames.Credential)] public JsonNode Credential { get; set; } [JsonPropertyName(CredentialResultNames.CNonce)] @@ -16,4 +18,7 @@ public class CredentialResult [JsonPropertyName(CredentialResultNames.CNonceExpiresIn)] [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] public string CNonceExpiresIn { get; set; } + [JsonPropertyName(CredentialResultNames.TransactionId)] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string TransactionId { get; set; } } \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/ESBICredentialResult.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/ESBICredentialResult.cs new file mode 100644 index 000000000..6601ca25e --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/ESBICredentialResult.cs @@ -0,0 +1,15 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer.CredentialIssuer.DTOs; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.CredentialIssuer.Api.Credential; + +public class ESBICredentialResult +{ + [JsonPropertyName(CredentialResultNames.AcceptanceToken)] + public string AcceptanceToken { get; set; } + [JsonPropertyName(CredentialResultNames.CNonce)] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string CNonce { get; set; } +} diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/Services/CredentialService.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/Services/CredentialService.cs new file mode 100644 index 000000000..967f96fbe --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/Credential/Services/CredentialService.cs @@ -0,0 +1,145 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.JsonWebTokens; +using SimpleIdServer.CredentialIssuer.CredentialFormats; +using SimpleIdServer.CredentialIssuer.Domains; +using SimpleIdServer.IdServer.CredentialIssuer; +using System; +using System.Collections.Generic; +using System.Linq; + +namespace SimpleIdServer.CredentialIssuer.Api.Credential.Services; + +public interface ICredentialService +{ + CredentialResult BuildImmediateCredential(BuildImmediateCredentialRequest request); +} + +public class BuildImmediateCredentialRequest +{ + public BuildImmediateCredentialRequest( + string subject, + CredentialConfiguration credentialConfiguration, + Domains.Credential credential, + Dictionary claims, + ICredentialFormatter formatter, + CredentialResponseEncryption encryption, + string nonce) + { + Subject = subject; + CredentialConfiguration = credentialConfiguration; + Credential = credential; + Claims = claims; + Formatter = formatter; + Encryption = encryption; + Nonce = nonce; + } + + public string Subject { get; set; } + public CredentialConfiguration CredentialConfiguration { get; set; } + public Domains.Credential Credential { get; set; } + public Dictionary Claims { get; set; } + public ICredentialFormatter Formatter { get; set; } + public CredentialResponseEncryption Encryption { get; set; } + public string Nonce { get; set; } +} + +public class CredentialService : ICredentialService +{ + private readonly CredentialIssuerOptions _options; + + public CredentialService(IOptions options) + { + _options = options.Value; + } + + public CredentialResult BuildImmediateCredential(BuildImmediateCredentialRequest request) + { + var buildRequest = new BuildCredentialRequest + { + Subject = request.Subject, + Issuer = _options.DidDocument.Id, + JsonLdContext = request.CredentialConfiguration.JsonLdContext, + Type = request.CredentialConfiguration.Type, + CredentialConfiguration = request.CredentialConfiguration, + AdditionalTypes = request.CredentialConfiguration.AdditionalTypes, + }; + if (request.Credential != null) + Enrich(buildRequest, request.Credential); + else + Enrich(buildRequest, request.CredentialConfiguration); + if (!string.IsNullOrWhiteSpace(request.CredentialConfiguration.CredentialSchemaId)) + { + buildRequest.Schema = new CredentialSchema + { + Id = request.CredentialConfiguration.CredentialSchemaId, + Type = request.CredentialConfiguration.CredentialSchemaType + }; + } + + buildRequest.UserClaims = request.Claims.Select(kvp => + { + var cl = request.CredentialConfiguration.Claims.Single(cl => cl.SourceUserClaimName == kvp.Key); + return new CredentialUserClaimNode + { + Level = cl.Name.Split('.').Count(), + Name = cl.Name, + Value = kvp.Value + }; + }).ToList(); + var formatter = request.Formatter; + var credentialResult = formatter.Build(buildRequest, + _options.DidDocument, + _options.DidDocument.VerificationMethod.First().Id, + _options.AsymmKey); + if (request.Encryption != null) + { + var handler = new JsonWebTokenHandler(); + var encKey = request.Encryption.Jwk; + var encryptedCredential = handler.EncryptToken(credentialResult.ToJsonString(), new Microsoft.IdentityModel.Tokens.EncryptingCredentials( + encKey, + request.Encryption.Alg, + request.Encryption.Enc)); + credentialResult = encryptedCredential; + } + + return new CredentialResult + { + Format = request.Formatter.Format, + Credential = credentialResult, + CNonce = request.Nonce + }; + } + + private void Enrich( + BuildCredentialRequest buildRequest, + Domains.Credential credential) + { + buildRequest.Id = $"{credential.Configuration.BaseUrl}/{credential.CredentialId}"; + buildRequest.ValidFrom = credential.IssueDateTime; + buildRequest.ValidUntil = credential.ExpirationDateTime; + } + + private void Enrich( + BuildCredentialRequest buildRequest, + Domains.CredentialConfiguration credentialConfiguration) + { + buildRequest.Id = $"{credentialConfiguration.BaseUrl}/{Guid.NewGuid()}"; + buildRequest.ValidFrom = DateTime.UtcNow.Date; + if (_options.CredentialExpirationTimeInSeconds != null) + { + buildRequest.ValidUntil = DateTime.UtcNow.Date.AddSeconds(_options.CredentialExpirationTimeInSeconds.Value); + } + + if (!string.IsNullOrWhiteSpace(credentialConfiguration.CredentialSchemaId)) + { + buildRequest.Schema = new CredentialSchema + { + Id = credentialConfiguration.CredentialSchemaId, + Type = credentialConfiguration.CredentialSchemaType + }; + } + } +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialConf/CredentialConfigurationsController.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialConf/CredentialConfigurationsController.cs index e96714ce9..a1b075e2a 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialConf/CredentialConfigurationsController.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialConf/CredentialConfigurationsController.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; +using SimpleIdServer.CredentialIssuer.Api.CredentialInstance; using SimpleIdServer.CredentialIssuer.CredentialFormats; using SimpleIdServer.CredentialIssuer.Domains; using SimpleIdServer.CredentialIssuer.Store; @@ -351,7 +352,8 @@ public async Task Issue(string id, [FromBody] IssueCredentialRequ IssueDateTime = request.IssueDateTime, Subject = request.Subject, CredentialId = request.CredentialId, - Claims = claims + Claims = claims, + IsDeferred = credentialConfiguration.IsDeferred }; _credentialStore.Add(record); await _credentialStore.SaveChanges(cancellationToken); diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/CredentialssuerController.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/CredentialssuerController.cs index a3bbafdfe..c3b7dc9bd 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/CredentialssuerController.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/CredentialssuerController.cs @@ -37,7 +37,23 @@ public async Task Get(CancellationToken cancellationToken) { var credentialTemplates = await _credentialConfigurationStore.GetAll(cancellationToken); var issuer = Request.GetAbsoluteUriWithVirtualPath(); - var result = new CredentialIssuerResult + object result = null; + if (_options.Version == CredentialIssuerVersion.ESBI) + result = GetESBICredentialIssuer(issuer, credentialTemplates); + else + result = GetLastCredentialIssuer(issuer, credentialTemplates); + return new ContentResult + { + Content = JsonSerializer.Serialize(result), + StatusCode = (int)HttpStatusCode.OK, + ContentType = "application/json" + }; + } + + private object GetLastCredentialIssuer(string issuer, List credentialTemplates) + { + // https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html + var result = new LastCredentialIssuerResult { AuthorizationServers = new List { @@ -45,18 +61,32 @@ public async Task Get(CancellationToken cancellationToken) }, CredentialIssuer = issuer, CredentialEndpoint = $"{issuer}/{Constants.EndPoints.Credential}", - CredentialsSupported = credentialTemplates.ToDictionary(kvp =>kvp.ServerId, kvp => _serializer.Serialize(kvp)), + DeferredCredentialEndpoint = $"{issuer}/{Constants.EndPoints.DeferredCredential}", + CredentialConfigurationsSupported = credentialTemplates.ToDictionary(kvp => kvp.ServerId, kvp => _serializer.Serialize(kvp)), CredentialIdentifiersSupported = true, CredentialResponseEncryptionAlgValuesSupported = Constants.AllEncAlgs, CredentialResponseEncryptionEncValuesSupported = Constants.AllEncryptions, RequireCredentialResponseEncryption = false }; - return new ContentResult + return result; + } + + private object GetESBICredentialIssuer(string issuer, List credentialTemplates) + { + // https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-10.html#credential-metadata-object + var result = new ESBICredentialIssuerResult { - Content = JsonSerializer.Serialize(result), - StatusCode = (int)HttpStatusCode.OK, - ContentType = "application/json" + AuthorizationServer = _options.AuthorizationServer, + CredentialIssuer = issuer, + CredentialEndpoint = $"{issuer}/{Constants.EndPoints.Credential}", + DeferredCredentialEndpoint = $"{issuer}/{Constants.EndPoints.DeferredCredential}", + CredentialsSupported = credentialTemplates.Select(kvp => _serializer.Serialize(kvp)).ToList(), + CredentialIdentifiersSupported = true, + CredentialResponseEncryptionAlgValuesSupported = Constants.AllEncAlgs, + CredentialResponseEncryptionEncValuesSupported = Constants.AllEncryptions, + RequireCredentialResponseEncryption = false }; + return result; } } } \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/ESBICredentialIssuerResult.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/ESBICredentialIssuerResult.cs new file mode 100644 index 000000000..db919d042 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/ESBICredentialIssuerResult.cs @@ -0,0 +1,82 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer.CredentialIssuer.DTOs; +using System.Collections.Generic; +using System.Text.Json.Nodes; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.CredentialIssuer.Api.CredentialIssuer; + +public class ESBICredentialIssuerResult +{ + /// + /// The credential issuer's identifier. + /// + [JsonPropertyName(CredentialIssuerResultNames.CredentialIssuer)] + public string CredentialIssuer { get; set; } = null!; + + /// + /// An array of strings, where each string is an identifier of the OAuth 2.0 Authorization Server the credential issuer relies on for authorization. + /// + [JsonPropertyName(CredentialIssuerResultNames.AuthorizationServer)] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string AuthorizationServer { get; set; } = null; + + /// + /// URL of the credential issuer's credential endpoint. + /// + [JsonPropertyName(CredentialIssuerResultNames.CredentialEndpoint)] + public string CredentialEndpoint { get; set; } = null!; + + /// + /// URL of the Credential Issuer's Batch Credential Endpoint. + /// + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + [JsonPropertyName(CredentialIssuerResultNames.BatchCredentialEndpoint)] + public string? BatchCredentialEndpoint { get; set; } = null; + + /// + /// URL of the Credential Issuer's Deferred Credential Endpoint. + /// + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + [JsonPropertyName(CredentialIssuerResultNames.DeferredCredentialEndpoint)] + public string? DeferredCredentialEndpoint { get; set; } = null; + + /// + /// Array containing a list of the JWE [RFC7516] encryption algorithms (alg values) [RFC7518] supported by the Credential and/or Batch Credential Endpoint to encode the Credential or Batch Credential Response in a JWT. + /// + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + [JsonPropertyName(CredentialIssuerResultNames.CredentialResponseEncryptionAlgValuesSupported)] + public IEnumerable CredentialResponseEncryptionAlgValuesSupported { get; set; } = null; + + /// + /// Array containing a list of the JWE [RFC7516] encryption algorithms (enc values) [RFC7518] supported by the Credential and/or Batch Credential Endpoint to encode the Credential or Batch Credential Response in a JWT. + /// + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + [JsonPropertyName(CredentialIssuerResultNames.CredentialResponseEncryptionEncValuesSupported)] + public IEnumerable CredentialResponseEncryptionEncValuesSupported { get; set; } = null; + + /// + /// Boolean value specifying whether the Credential Issuer requires additional encryption on top of TLS for the Credential Response and expects encryption parameters to be present in the Credential Request and/or Batch Credential Request, with true indicating support. + /// + [JsonPropertyName(CredentialIssuerResultNames.RequireCredentialResponseEncryption)] + public bool RequireCredentialResponseEncryption { get; set; } + + /// + /// Boolean value specifying whether the Credential Issuer supports returning credential_identifiers parameter in the authorization_details Token Response parameter, with true indicating support. If omitted, the default value is false. + /// + [JsonPropertyName(CredentialIssuerResultNames.CredentialIdentifiersSupported)] + public bool CredentialIdentifiersSupported { get; set; } + + /// + /// Each object contains display properties of a Credential Issuer for a certain language. + /// + [JsonPropertyName(CredentialIssuerResultNames.Display)] + public ICollection Display { get; set; } = new List(); + + /// + /// List of JSON Objects, each of them representing metadata about a separate credential type that the credential issuer can issue. + /// + [JsonPropertyName(CredentialIssuerResultNames.CredentialsSupported)] + public List CredentialsSupported { get; set; } = new List(); +} diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/CredentialIssuerResult.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/LastCredentialIssuerResult.cs similarity index 95% rename from src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/CredentialIssuerResult.cs rename to src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/LastCredentialIssuerResult.cs index 0303b7ea5..001ee9d43 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/CredentialIssuerResult.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialIssuer/LastCredentialIssuerResult.cs @@ -7,7 +7,7 @@ namespace SimpleIdServer.CredentialIssuer.Api.CredentialIssuer; -public class CredentialIssuerResult +public class LastCredentialIssuerResult { /// /// The credential issuer's identifier. @@ -77,8 +77,8 @@ public class CredentialIssuerResult /// /// List of JSON Objects, each of them representing metadata about a separate credential type that the credential issuer can issue. /// - [JsonPropertyName(CredentialIssuerResultNames.CredentialsSupported)] - public Dictionary CredentialsSupported { get; set; } = new Dictionary(); + [JsonPropertyName(CredentialIssuerResultNames.CredentialConfigurationSupported)] + public Dictionary CredentialConfigurationsSupported { get; set; } = new Dictionary(); } public class CredentialIssuerDisplayResult diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialOffer/Commands/CreateCredentialOfferCommand.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialOffer/Commands/CreateCredentialOfferCommand.cs index 692abc3df..0c2a16502 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialOffer/Commands/CreateCredentialOfferCommand.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialOffer/Commands/CreateCredentialOfferCommand.cs @@ -1,6 +1,5 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using Microsoft.Extensions.Options; using SimpleIdServer.CredentialIssuer.Services; using SimpleIdServer.CredentialIssuer.Store; using SimpleIdServer.IdServer.CredentialIssuer; @@ -35,16 +34,13 @@ public interface ICreateCredentialOfferCommandHandler public class CreateCredentialOfferCommandHandler : ICreateCredentialOfferCommandHandler { - private readonly ICredentialOfferStore _credentialOfferStore; private readonly ICredentialConfigurationStore _credentialConfigurationStore; private readonly IPreAuthorizedCodeService _preAuthorizedCodeService; public CreateCredentialOfferCommandHandler( - ICredentialOfferStore credentialOfferStore, ICredentialConfigurationStore credentialConfigurationStore, IPreAuthorizedCodeService preAuthorizedCodeService) { - _credentialOfferStore = credentialOfferStore; _credentialConfigurationStore = credentialConfigurationStore; _preAuthorizedCodeService = preAuthorizedCodeService; } @@ -62,14 +58,9 @@ public async Task Handle(CreateCredentialOfferC if (credentialOffer.GrantTypes.Contains(CredentialOfferResultNames.PreAuthorizedCodeGrant)) { - credentialOffer.PreAuthorizedCode = await _preAuthorizedCodeService.Get( - command.AccessToken, - validationResult.CredentialConfigurations.Select(c => c.Scope).Distinct().ToList(), - cancellationToken); + credentialOffer.PreAuthorizedCode = await _preAuthorizedCodeService.Get(command.AccessToken, validationResult.CredentialConfigurations.Select(c => c.Scope).Distinct().ToList(), cancellationToken); } - _credentialOfferStore.Add(credentialOffer); - await _credentialOfferStore.SaveChanges(cancellationToken); return new CredentialCredentialOfferResult { CredentialOffer = credentialOffer }; } @@ -94,9 +85,9 @@ private async Task Validate(CreateCredentialOff { Id = Guid.NewGuid().ToString(), GrantTypes = command.Grants, - CredentialConfigurationIds = command.CredentialConfigurationIds, Subject = command.Subject, CreateDateTime = DateTime.UtcNow, + CredentialConfigurationIds = existingCredentials.Select(c => c.Id).ToList() }; return CredentialOfferValidationResult.Ok(credentialOffer, existingCredentials); } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialOffer/CredentialOfferController.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialOffer/CredentialOfferController.cs index 32edc221a..3e7c14f69 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialOffer/CredentialOfferController.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/CredentialOffer/CredentialOfferController.cs @@ -39,8 +39,6 @@ public CredentialOfferController( [Authorize("ApiAuthenticated")] public async Task Create([FromBody] CreateCredentialOfferRequest request, CancellationToken cancellationToken) { - // https://openid.github.io/OpenID4VCI/openid-4-verifiable-credential-issuance-wg-draft.html#name-authorization-code-flow - // https://curity.io/resources/learn/pre-authorized-code/ - exchange the access token for a pre-authorized code and PIN. var accessToken = await GetAccessToken(); var issuer = Request.GetAbsoluteUriWithVirtualPath(); var result = await _createCredentialOfferCommandHandler.Handle(new CreateCredentialOfferCommand diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/DeferredCredential/DeferredCredentialController.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/DeferredCredential/DeferredCredentialController.cs new file mode 100644 index 000000000..b02efb830 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/DeferredCredential/DeferredCredentialController.cs @@ -0,0 +1,153 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Options; +using SimpleIdServer.CredentialIssuer.Api.Credential; +using SimpleIdServer.CredentialIssuer.Api.Credential.Services; +using SimpleIdServer.CredentialIssuer.CredentialFormats; +using SimpleIdServer.CredentialIssuer.DTOs; +using SimpleIdServer.CredentialIssuer.Store; +using SimpleIdServer.IdServer.CredentialIssuer; +using SimpleIdServer.IdServer.CredentialIssuer.DTOs; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading; +using System.Threading.Tasks; + +namespace SimpleIdServer.CredentialIssuer.Api.DeferredCredential; + +[Route(Constants.EndPoints.DeferredCredential)] +public class DeferredCredentialController : BaseController +{ + private readonly IDeferredCredentialStore _deferredCredentialStore; + private readonly ICredentialService _credentialService; + private readonly IEnumerable _formatters; + private readonly CredentialIssuerOptions _options; + + public DeferredCredentialController( + IDeferredCredentialStore deferredCredentialStore, + ICredentialService credentialService, + IEnumerable formatters, + IOptions options) + { + _deferredCredentialStore = deferredCredentialStore; + _credentialService = credentialService; + _formatters = formatters; + _options = options.Value; + } + + [HttpPost] + public async Task Get([FromBody] DeferredCredentialRequest request, CancellationToken cancellationToken) + { + if (_options.Version == CredentialIssuerVersion.ESBI) + { + if(Request.Headers.ContainsKey("Authorization")) + { + var authValue = Request.Headers["Authorization"].First(); + if(!string.IsNullOrWhiteSpace(authValue) && authValue.StartsWith("Bearer")) + { + request = new DeferredCredentialRequest + { + TransactionId = authValue.Split(" ").Last() + }; + } + } + } + + var validationResult = await Validate(request, cancellationToken); + if (validationResult.ErrorResult != null) return Build(validationResult.ErrorResult.Value); + var formatter = _formatters.Single(f => f.Format == validationResult.DeferredCredential.FormatterName); + CredentialResponseEncryption encryption = null; + if(validationResult.DeferredCredential.EncryptionJwk != null) + { + encryption = new CredentialResponseEncryption + { + Jwk = new Microsoft.IdentityModel.Tokens.JsonWebKey(validationResult.DeferredCredential.EncryptionJwk), + Alg = validationResult.DeferredCredential.EncryptionAlg, + Enc = validationResult.DeferredCredential.EncryptionEnc + }; + } + + var result = _credentialService.BuildImmediateCredential(new BuildImmediateCredentialRequest( + validationResult.DeferredCredential.UserDid, + validationResult.DeferredCredential.Configuration, + null, + validationResult.DeferredCredential.Claims.ToDictionary(c => c.Name, c => c.Value), + formatter, + encryption, + validationResult.DeferredCredential.Nonce)); + _deferredCredentialStore.Delete(validationResult.DeferredCredential); + await _deferredCredentialStore.SaveChanges(cancellationToken); + return new OkObjectResult(result); + } + + [Authorize("deferredcreds")] + [HttpPost(".search")] + public async Task Search([FromBody] SearchRequest request, CancellationToken cancellationToken) + { + var result = await _deferredCredentialStore.Search(request, cancellationToken); + return new OkObjectResult(result); + } + + [Authorize("deferredcreds")] + [HttpGet("{id}")] + public async Task Get(string id, CancellationToken cancellationToken) + { + var result = await _deferredCredentialStore.Get(id, cancellationToken); + if (result == null) return Build(new ErrorResult(System.Net.HttpStatusCode.NotFound, ErrorCodes.NOT_FOUND, string.Format(ErrorMessages.UNKNOWN_DEFERRED_CREDENTIAL, id))); + return new OkObjectResult(result); + } + + [Authorize("deferredcreds")] + [HttpPut("{id}/issue")] + public async Task Issue(string id, [FromBody] IssueDeferredCredentialRequest request, CancellationToken cancellationToken) + { + if (request == null) return Build(new ErrorResult(System.Net.HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, ErrorMessages.INVALID_INCOMING_REQUEST)); + if (request.Claims == null) return Build(new ErrorResult(System.Net.HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, string.Format(ErrorMessages.MISSING_PARAMETER, DeferredCredentialResultNames.Claims))); + var result = await _deferredCredentialStore.Get(id, cancellationToken); + if (result == null) return Build(new ErrorResult(System.Net.HttpStatusCode.NotFound, ErrorCodes.NOT_FOUND, string.Format(ErrorMessages.UNKNOWN_DEFERRED_CREDENTIAL, id))); + result.Claims = request.Claims.Select(kvp => new Domains.DeferredCredentialClaim + { + Id = Guid.NewGuid().ToString(), + Name = kvp.Key, + Value = kvp.Value + }).ToList(); + result.Status = Domains.DeferredCredentialStatus.ISSUED; + await _deferredCredentialStore.SaveChanges(cancellationToken); + return new NoContentResult(); + } + + private async Task Validate( + DeferredCredentialRequest request, + CancellationToken cancellationToken) + { + if (request == null) return DeferredCredentialValidationResult.Error(new ErrorResult(System.Net.HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, ErrorMessages.INVALID_INCOMING_REQUEST)); + if (string.IsNullOrWhiteSpace(request.TransactionId)) return DeferredCredentialValidationResult.Error(new ErrorResult(System.Net.HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, string.Format(ErrorMessages.MISSING_PARAMETER, CredentialResultNames.TransactionId))); + var transaction = await _deferredCredentialStore.Get(request.TransactionId, cancellationToken); + if (transaction == null) return DeferredCredentialValidationResult.Error(new ErrorResult(System.Net.HttpStatusCode.BadRequest, ErrorCodes.INVALID_TRANSACTION_ID, ErrorMessages.INVALID_TRANSACTION_ID)); + if (transaction.Status == Domains.DeferredCredentialStatus.PENDING) return DeferredCredentialValidationResult.Error(new ErrorResult(System.Net.HttpStatusCode.BadRequest, ErrorCodes.ISSUANCE_PENDING, ErrorMessages.ISSUANCE_PENDING)); + return DeferredCredentialValidationResult.Ok(transaction); + } + + private class DeferredCredentialValidationResult : BaseValidationResult + { + private DeferredCredentialValidationResult(ErrorResult error) : base(error) + { + + } + + private DeferredCredentialValidationResult(Domains.DeferredCredential deferredCredential) + { + DeferredCredential = deferredCredential; + } + + public Domains.DeferredCredential DeferredCredential { get; private set; } + + public static DeferredCredentialValidationResult Ok(Domains.DeferredCredential deferredCredential) => new DeferredCredentialValidationResult(deferredCredential); + + public static DeferredCredentialValidationResult Error(ErrorResult error) => new DeferredCredentialValidationResult(error); + } +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/DeferredCredential/DeferredCredentialRequest.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/DeferredCredential/DeferredCredentialRequest.cs new file mode 100644 index 000000000..8d99f92cc --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/DeferredCredential/DeferredCredentialRequest.cs @@ -0,0 +1,13 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.IdServer.CredentialIssuer.DTOs; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.CredentialIssuer.Api.DeferredCredential; + +public class DeferredCredentialRequest +{ + [JsonPropertyName(CredentialResultNames.TransactionId)] + public string TransactionId { get; set; } +} diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/DeferredCredential/IssueDeferredCredentialRequest.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/DeferredCredential/IssueDeferredCredentialRequest.cs new file mode 100644 index 000000000..b2f479166 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Api/DeferredCredential/IssueDeferredCredentialRequest.cs @@ -0,0 +1,14 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.CredentialIssuer.DTOs; +using System.Collections.Generic; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.CredentialIssuer.Api.DeferredCredential; + +public class IssueDeferredCredentialRequest +{ + [JsonPropertyName(DeferredCredentialResultNames.Claims)] + public Dictionary Claims { get; set; } +} diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/AuthorizationOptionsExtensions.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/AuthorizationOptionsExtensions.cs new file mode 100644 index 000000000..086c885a8 --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/AuthorizationOptionsExtensions.cs @@ -0,0 +1,41 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +namespace Microsoft.AspNetCore.Authorization; + +public static class AuthorizationOptionsExtensions +{ + public static AuthorizationOptions AddDefaultCredentialIssuerAuthorization(this AuthorizationOptions b, string bearer = "Bearer") + { + b.AddPolicy("WebsiteAuthenticated", p => + { + p.RequireAuthenticatedUser(); + }); + b.AddPolicy("ApiAuthenticated", p => + { + p.AuthenticationSchemes.Clear(); + p.AuthenticationSchemes.Add(bearer); + p.RequireAuthenticatedUser(); + }); + b.AddPolicy("credconfs", p => + { + p.AuthenticationSchemes.Clear(); + p.AuthenticationSchemes.Add(bearer); + p.RequireClaim("scope", "credconfs"); + }); + b.AddPolicy("credinstances", p => + { + p.AuthenticationSchemes.Clear(); + p.AuthenticationSchemes.Add(bearer); + p.RequireClaim("scope", "credinstances"); + }); + b.AddPolicy("deferredcreds", p => + { + p.AuthenticationSchemes.Clear(); + p.AuthenticationSchemes.Add(bearer); + p.RequireClaim("scope", "deferredcreds"); + }); + + return b; + } +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Builders/CredentialConfigurationBuilder.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Builders/CredentialConfigurationBuilder.cs index 68194a14b..5ce108fa7 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Builders/CredentialConfigurationBuilder.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Builders/CredentialConfigurationBuilder.cs @@ -3,6 +3,7 @@ using SimpleIdServer.CredentialIssuer.Domains; using System; +using System.Collections.Generic; namespace SimpleIdServer.CredentialIssuer.Builders; @@ -21,7 +22,9 @@ public static CredentialConfigurationBuilder New( string jsonLdContext, string baseUrl, string scope = null, - string id = null) + string id = null, + List additionalTypes = null, + bool isDeferred = false) { return new CredentialConfigurationBuilder(new CredentialConfiguration { @@ -34,6 +37,8 @@ public static CredentialConfigurationBuilder New( Scope = scope, CreateDateTime = DateTime.UtcNow, UpdateDateTime = DateTime.UtcNow, + AdditionalTypes = additionalTypes ?? new List(), + IsDeferred = isDeferred }); } @@ -72,5 +77,12 @@ public CredentialConfigurationBuilder AddClaim( return this; } + public CredentialConfigurationBuilder SetSchema(string id, string type) + { + _credentialConfiguration.CredentialSchemaId = id; + _credentialConfiguration.CredentialSchemaType = type; + return this; + } + public CredentialConfiguration Build() => _credentialConfiguration; } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Constants.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Constants.cs index 694c22371..4657fed16 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Constants.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Constants.cs @@ -12,6 +12,7 @@ public static class EndPoints { public const string CredentialIssuer = ".well-known/openid-credential-issuer"; public const string Credential = "credential"; + public const string DeferredCredential = "deferred_credential"; public const string CredentialOffer = "credential_offer"; public const string CredentialConfigurations = "credential_configurations"; public const string CredentialInstances = "credential_instances"; @@ -28,6 +29,5 @@ public static class EndPoints SecurityAlgorithms.Aes128CbcHmacSha256, SecurityAlgorithms.Aes192CbcHmacSha384, SecurityAlgorithms.Aes256CbcHmacSha512 - }; } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialFormats/BaseW3CVerifiableCredentialFormatter.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialFormats/BaseW3CVerifiableCredentialFormatter.cs index 63e6faf47..8c1b34e55 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialFormats/BaseW3CVerifiableCredentialFormatter.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialFormats/BaseW3CVerifiableCredentialFormatter.cs @@ -21,11 +21,17 @@ public JsonObject ExtractCredentialIssuerMetadata(CredentialConfiguration config VcConstants.VerifiableCredentialJsonLdContext, configuration.JsonLdContext }; - var type = new JsonArray + var types = new JsonArray { VcConstants.VerifiableCredentialType, configuration.Type }; + if(configuration.AdditionalTypes != null) + { + foreach (var additionalType in configuration.AdditionalTypes.Where(a => !string.IsNullOrWhiteSpace(a))) + types.Add(additionalType); + } + var credentialSubject = new JsonObject(); var flatNodes = configuration.Claims.Select(c => { @@ -40,7 +46,7 @@ public JsonObject ExtractCredentialIssuerMetadata(CredentialConfiguration config var result = new JsonObject { { "@context", ctx }, - { "type", type }, + { "types", types }, { "credentialSubject", credentialSubject } }; return result; @@ -48,12 +54,21 @@ public JsonObject ExtractCredentialIssuerMetadata(CredentialConfiguration config public CredentialHeader ExtractHeader(JsonObject jsonObj) { - if (!jsonObj.ContainsKey("credential_definition")) return null; - var credentialDefinition = jsonObj["credential_definition"].AsObject(); - if (credentialDefinition == null || !credentialDefinition.ContainsKey("type")) return null; - var jArrTypes = credentialDefinition["type"].AsArray(); + JsonArray jArrTypes; + if (!jsonObj.ContainsKey("credential_definition")) + { + if (!jsonObj.ContainsKey("types")) return null; + jArrTypes = jsonObj["types"].AsArray(); + } + else + { + var credentialDefinition = jsonObj["credential_definition"].AsObject(); + if (credentialDefinition == null || !credentialDefinition.ContainsKey("type")) return null; + jArrTypes = credentialDefinition["type"].AsArray(); + } + if (jArrTypes == null) return null; - var filteredTypes = jArrTypes.Select(t => t.ToString()).Where(c => c != VcConstants.VerifiableCredentialType); + var filteredTypes = jArrTypes.Select(t => t.ToString()).Where(c => c != VcConstants.VerifiableCredentialType && c != VcConstants.VerifiableAttestation); if (filteredTypes.Count() != 1) return null; return new CredentialHeader { @@ -70,12 +85,17 @@ protected W3CVerifiableCredential BuildCredential(BuildCredentialRequest request request.JsonLdContext, request.Issuer, request.Type, + request.AdditionalTypes, request.ValidFrom, request.ValidUntil); builder.AddCredentialSubject(request.Subject, (b) => { + b.SetPersonalIdentifier(request.Subject); Build(request.UserClaims, b.Build(), 1); }); + if(request.Schema != null) + builder.SetSchema(request.Schema.Id, request.Schema.Type); + return builder.Build(); } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialFormats/ICredentialFormatter.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialFormats/ICredentialFormatter.cs index 7bbd16a78..070163cba 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialFormats/ICredentialFormatter.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialFormats/ICredentialFormatter.cs @@ -26,6 +26,8 @@ public class BuildCredentialRequest public string JsonLdContext { get; set; } public DateTime? ValidFrom { get; set; } public DateTime? ValidUntil { get; set; } + public List AdditionalTypes { get; set; } + public CredentialSchema Schema { get; set; } public CredentialConfiguration CredentialConfiguration { get; set; } public List UserClaims { get; set; } } @@ -41,4 +43,10 @@ public class CredentialUserClaimNode : INode public int Level { get; set; } public string Name { get; set; } public string Value { get; set; } +} + +public class CredentialSchema +{ + public string Id { get; set; } + public string Type { get; set; } } \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialIssuerOptions.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialIssuerOptions.cs index 6b0ff8d91..d55551578 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialIssuerOptions.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialIssuerOptions.cs @@ -4,32 +4,16 @@ using SimpleIdServer.Did.Crypto; using SimpleIdServer.Did.Key; using SimpleIdServer.Did.Models; -using System.Linq; -using System.Threading; namespace SimpleIdServer.IdServer.CredentialIssuer; public class CredentialIssuerOptions { - public CredentialIssuerOptions() - { - var resolver = DidKeyResolver.New(); - AsymmKey = Ed25519SignatureKey.Generate(); - var did = DidKeyGenerator.New().Generate(AsymmKey); - DidDocument = resolver.Resolve(did, CancellationToken.None).Result; - VerificationMethodId = DidDocument.VerificationMethod.First().Id; - } - /// /// Did Document of the issuer. Contains only the public key. /// public DidDocument DidDocument { get; set; } - /// - /// Identifier of the verification method. It will be used to signed the verifiable credential. - /// - public string VerificationMethodId { get; set; } - /// /// Private key used to sign the Verifiable Credential. /// @@ -65,4 +49,27 @@ public CredentialIssuerOptions() /// Ignore the HTTPS certificate error. /// public bool IgnoreHttpsCertificateError { get; set; } + + /// + /// Set the version of the credential issuer. + /// + public CredentialIssuerVersion Version { get; set; } = CredentialIssuerVersion.LAST; + + /// + /// Enable or disable the developer mode. + /// + public bool IsDeveloperModeEnabled { get; set; } = false; + + public void GenerateRandomDidKey() + { + AsymmKey = ES256SignatureKey.Generate(); + var exportResult = DidKeyGenerator.New().SetSignatureKey(AsymmKey).Export(false, true); + DidDocument = exportResult.Document; + } } + +public enum CredentialIssuerVersion +{ + LAST = 0, + ESBI = 1 +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialIssuerServer.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialIssuerServer.cs index d729dfb54..9af129d8c 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialIssuerServer.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/CredentialIssuerServer.cs @@ -103,4 +103,19 @@ public CredentialIssuerInMemoryStoreBuilder AddUserCredentialClaims(ICollection< return this; } } + + public CredentialIssuerInMemoryStoreBuilder AddDeferredCredentials(List deferredCredentials) + { + lock(_lck) + { + var dbContext = _serviceProvider.GetService(); + if(!dbContext.DeferredCredentials.Any()) + { + dbContext.DeferredCredentials.AddRange(deferredCredentials); + dbContext.SaveChanges(); + } + + return this; + } + } } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/DTOs/CredentialIssuerResultNames.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/DTOs/CredentialIssuerResultNames.cs index 03a406c2f..3b7784ea8 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/DTOs/CredentialIssuerResultNames.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/DTOs/CredentialIssuerResultNames.cs @@ -5,15 +5,17 @@ namespace SimpleIdServer.IdServer.CredentialIssuer.DTOs public static class CredentialIssuerResultNames { public const string AuthorizationServers = "authorization_servers"; + public const string AuthorizationServer = "authorization_server"; public const string CredentialIssuer = "credential_issuer"; public const string CredentialEndpoint = "credential_endpoint"; public const string BatchCredentialEndpoint = "batch_credential_endpoint"; - public const string CredentialsSupported = "credentials_supported"; + public const string CredentialConfigurationSupported = "credential_configurations_supported"; public const string DeferredCredentialEndpoint = "deferred_credential_endpoint"; public const string CredentialResponseEncryptionAlgValuesSupported = "credential_response_encryption_alg_values_supported"; public const string CredentialResponseEncryptionEncValuesSupported = "credential_response_encryption_enc_values_supported"; public const string RequireCredentialResponseEncryption = "require_credential_response_encryption"; public const string CredentialIdentifiersSupported = "credential_identifiers_supported"; public const string Display = "display"; + public const string CredentialsSupported = "credentials_supported"; } } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/DTOs/CredentialResultNames.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/DTOs/CredentialResultNames.cs index c42a938d2..278bcbb3c 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/DTOs/CredentialResultNames.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/DTOs/CredentialResultNames.cs @@ -1,12 +1,14 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -namespace SimpleIdServer.IdServer.CredentialIssuer.DTOs + +namespace SimpleIdServer.IdServer.CredentialIssuer.DTOs; + +public class CredentialResultNames { - public class CredentialResultNames - { - public const string Format = "format"; - public const string Credential = "credential"; - public const string CNonce = "c_nonce"; - public const string CNonceExpiresIn = "c_nonce_expires_in"; - } -} + public const string Format = "format"; + public const string Credential = "credential"; + public const string CNonce = "c_nonce"; + public const string CNonceExpiresIn = "c_nonce_expires_in"; + public const string TransactionId = "transaction_id"; + public const string AcceptanceToken = "acceptance_token"; +} \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/DTOs/DeferredCredentialResultNames.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/DTOs/DeferredCredentialResultNames.cs new file mode 100644 index 000000000..f7f08687d --- /dev/null +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/DTOs/DeferredCredentialResultNames.cs @@ -0,0 +1,9 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +namespace SimpleIdServer.CredentialIssuer.DTOs; + +public static class DeferredCredentialResultNames +{ + public const string Claims = "claims"; +} diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ErrorCodes.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ErrorCodes.cs index d1e14b006..0bc7c18b2 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ErrorCodes.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ErrorCodes.cs @@ -1,19 +1,20 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -namespace SimpleIdServer.IdServer.CredentialIssuer +namespace SimpleIdServer.IdServer.CredentialIssuer; + +public static class ErrorCodes { - public static class ErrorCodes - { - public const string INVALID_CREDENTIAL_REQUEST = "invalid_credential_request"; - public const string INVALID_CREDENTIAL_OFFER_REQUEST = "invalid_credential_offer_request"; - public const string INVALID_ENCRYPTION_PARAMETERS = "invalid_encryption_parameters"; - public const string INVALID_REQUEST = "invalid_request"; - public const string INVALID_TOKEN = "invalid_token"; - public const string INVALID_PROOF = "invalid_proof"; - public const string INVALID_CREDOFFER = "invalid_credoffer"; - public const string UNAUTHORIZED = "unauthorized"; - public const string UNSUPPORTED_CREDENTIAL_FORMAT = "unsupported_credential_format"; - public const string UNSUPPORTED_CREDENTIAL_TYPE = "unsupported_credential_type"; - public const string NOT_FOUND = "not_found"; - } + public const string ISSUANCE_PENDING = "issuance_pending"; + public const string INVALID_CREDENTIAL_REQUEST = "invalid_credential_request"; + public const string INVALID_CREDENTIAL_OFFER_REQUEST = "invalid_credential_offer_request"; + public const string INVALID_ENCRYPTION_PARAMETERS = "invalid_encryption_parameters"; + public const string INVALID_REQUEST = "invalid_request"; + public const string INVALID_TOKEN = "invalid_token"; + public const string INVALID_PROOF = "invalid_proof"; + public const string INVALID_CREDOFFER = "invalid_credoffer"; + public const string UNAUTHORIZED = "unauthorized"; + public const string UNSUPPORTED_CREDENTIAL_FORMAT = "unsupported_credential_format"; + public const string UNSUPPORTED_CREDENTIAL_TYPE = "unsupported_credential_type"; + public const string NOT_FOUND = "not_found"; + public const string INVALID_TRANSACTION_ID = "invalid_transaction_id"; } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ErrorMessages.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ErrorMessages.cs index c5c944cc7..7314fd40b 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ErrorMessages.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ErrorMessages.cs @@ -1,5 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Org.BouncyCastle.Asn1.Cms; + namespace SimpleIdServer.IdServer.CredentialIssuer { public static class ErrorMessages @@ -11,7 +13,10 @@ public static class ErrorMessages public const string EXISTING_CREDENTIAL_CONFIGURATION = "credential configuration {0} already exists"; public const string EXISTING_CREDENTIAL_CLAIM = "the credential configuration claim {0} already exists"; public const string EXISTING_CREDENTIAL = "the credential {0} already exists"; + public const string ISSUANCE_PENDING = "The Credential issuance is still pending"; + public const string INVALID_TRANSACTION_ID = "The Deferred Credential Request contains an invalid transaction_id"; public const string INVALID_INCOMING_REQUEST = "the incoming request is not valid"; + public const string INVALID_ISSUER_STATE = "the issuer_state is not valid"; public const string INVALID_PROOF_FORMAT = "the proof format {0} is not supported"; public const string INVALID_ACCESS_TOKEN_SCOPE = "access token has an invalid scope"; public const string INVALID_PROOF_SIG = "the proof signature is not correct"; @@ -36,6 +41,7 @@ public static class ErrorMessages public const string UNKNOWN_CREDENTIAL_CLAIM_TRANSLATION = "the translation {0} doesn't exist"; public const string UNKNOWN_CREDENTIAL_CONFIGURATION_DISPLAY = "the credential configuration display {0} doesn't exist"; public const string UNKNOWN_PROOF_TYPE = "the proof type {0} is unknown"; + public const string UNKNOWN_DEFERRED_CREDENTIAL = "the deferred credential {0} doesn't exist"; public const string UNKNOWN_USER = "the user {0} doesn't exist"; public const string UNSUPPORTED_CREDENTIALS_FORMAT = "credential formats {0} are not supported"; public const string MALFROMED_INCOMING_REQUEST = "the incoming request is malformed"; diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ServiceCollectionExtensions.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ServiceCollectionExtensions.cs index 19aa00399..37b5b4e71 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ServiceCollectionExtensions.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/ServiceCollectionExtensions.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.CredentialIssuer; +using SimpleIdServer.CredentialIssuer.Api.Credential.Services; using SimpleIdServer.CredentialIssuer.Api.Credential.Validators; using SimpleIdServer.CredentialIssuer.Api.CredentialOffer.Commands; using SimpleIdServer.CredentialIssuer.Api.CredentialOffer.Queries; @@ -28,6 +29,7 @@ public static CredentialIssuerServer AddCredentialIssuer(this IServiceCollection services.AddTransient(); services.AddTransient(); services.AddTransient(); + services.AddTransient(); return new CredentialIssuerServer(services); } } diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Services/PreAuthorizedCodeService.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Services/PreAuthorizedCodeService.cs index 7e3e97c4e..e4cceb100 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Services/PreAuthorizedCodeService.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/Services/PreAuthorizedCodeService.cs @@ -3,6 +3,7 @@ using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.CredentialIssuer; using System.Collections.Generic; +using System.Linq; using System.Net.Http; using System.Text.Json.Nodes; using System.Threading; @@ -38,8 +39,8 @@ public async Task Get(string accessToken, List scopes, Cancellat { "client_secret", _options.ClientSecret }, { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code" }, { "subject_token", accessToken }, - { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token" }, - { "scope", string.Join((" "), scopes) } + { "scope", string.Join((" "), scopes.Where(s => !string.IsNullOrWhiteSpace(s))) }, + { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token" } }; var requestMessage = new HttpRequestMessage { diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/UI/CredentialsController.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/UI/CredentialsController.cs index 8eaad9eb1..b930cac08 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/UI/CredentialsController.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/UI/CredentialsController.cs @@ -13,6 +13,7 @@ using SimpleIdServer.IdServer.CredentialIssuer.DTOs; using System.Collections.Generic; using System.Security.Claims; +using System.Text.Json; using System.Threading; using System.Threading.Tasks; @@ -44,7 +45,8 @@ public async Task Index(CancellationToken cancellationToken) var credentialConfigurations = await _credentialConfigurationStore.GetAll(cancellationToken); return View(new CredentialsViewModel { - CredentialConfigurations = credentialConfigurations + CredentialConfigurations = credentialConfigurations, + IsDeveloperModeEnabled = _options.IsDeveloperModeEnabled }); } @@ -53,18 +55,22 @@ public async Task Share([FromBody] ShareCredentialRequest request { var issuer = Request.GetAbsoluteUriWithVirtualPath(); var subject = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + var grants = new List(); + if (request.PreAuthorized) + grants.Add(CredentialOfferResultNames.PreAuthorizedCodeGrant); + else + grants.Add(CredentialOfferResultNames.AuthorizedCodeGrant); var result = await _createCredentialOfferCommandHandler.Handle(new CreateCredentialOfferCommand { AccessToken = await GetAccessToken(), CredentialConfigurationIds = new List { request.ConfigurationId }, - Grants = new List - { - CredentialOfferResultNames.PreAuthorizedCodeGrant - }, + Grants = grants, Subject = subject }, cancellationToken); if (result.Error != null) return Build(result.Error.Value); + var json = JsonSerializer.Serialize(result.CredentialOffer); + Response.Headers.Add("QRCode", json); return File(_getCredentialOfferQueryHandler.GetQrCode(new GetCredentialOfferQuery { CredentialOffer = result.CredentialOffer, @@ -77,4 +83,5 @@ public async Task Share([FromBody] ShareCredentialRequest request public class ShareCredentialRequest { public string ConfigurationId { get; set; } + public bool PreAuthorized { get; set; } } \ No newline at end of file diff --git a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/UI/ViewModels/CredentialsViewModel.cs b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/UI/ViewModels/CredentialsViewModel.cs index ad781f8b3..fe118fd9f 100644 --- a/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/UI/ViewModels/CredentialsViewModel.cs +++ b/src/CredentialIssuer/SimpleIdServer.CredentialIssuer/UI/ViewModels/CredentialsViewModel.cs @@ -8,4 +8,5 @@ namespace SimpleIdServer.CredentialIssuer.UI.ViewModels; public class CredentialsViewModel { public List CredentialConfigurations { get; set; } + public bool IsDeveloperModeEnabled { get; set; } } diff --git a/src/Did/SimpleIdServer.Did.Key/DidKeyGenerator.cs b/src/Did/SimpleIdServer.Did.Key/DidKeyGenerator.cs index 954178c0d..c132a8dcd 100644 --- a/src/Did/SimpleIdServer.Did.Key/DidKeyGenerator.cs +++ b/src/Did/SimpleIdServer.Did.Key/DidKeyGenerator.cs @@ -3,33 +3,91 @@ using SimpleIdServer.Did.Crypto; using SimpleIdServer.Did.Crypto.Multicodec; +using SimpleIdServer.Did.Models; +using System; +using System.Runtime.CompilerServices; +using System.Threading; +using System.Threading.Tasks; namespace SimpleIdServer.Did.Key; public class DidKeyGenerator { + private IAsymmetricKey _key; + private readonly string _format; private readonly IMulticodecSerializer _serializer; - public DidKeyGenerator(IMulticodecSerializer serializer) + private DidKeyGenerator(string format, IMulticodecSerializer serializer) { + _format = format; _serializer = serializer; } - public static DidKeyGenerator New() + public static DidKeyGenerator New(string format = null) { var serializer = MulticodecSerializerFactory.Build(); - return new DidKeyGenerator(serializer); + return new DidKeyGenerator(format, serializer); } - public string Generate(IAsymmetricKey key) + public DidKeyGenerator SetSignatureKey(IAsymmetricKey key) { - var multicodec = _serializer.SerializePublicKey(key); - return $"{Did.Constants.Scheme}:{Constants.Type}:{multicodec}"; + _key = key; + return this; } - public string GenerateRandom() + public DidKeyGenerator GenerateRandomEd2559Key() { - var ed25519 = Ed25519SignatureKey.Generate(); - return Generate(ed25519); + _key = Ed25519SignatureKey.Generate(); + return this; + } + + public DidKeyGenerator GenerateRandomES256KKey() + { + _key = ES256KSignatureKey.Generate(); + return this; + } + + public DidKeyGenerator GenerateRandomES256Key() + { + _key = ES256SignatureKey.Generate(); + return this; + } + + public DidKeyExportResult Export(bool exportPrivateKey = false, bool isJsonEncoded = false) + { + if (_key == null) throw new InvalidOperationException("the key doesn't exist"); + string multicodec; + if(!isJsonEncoded) + multicodec = exportPrivateKey ? _serializer.SerializePrivateKey(_key) : _serializer.SerializePublicKey(_key); + else + { + var securityKey = new JsonWebKeySecurityKey(exportPrivateKey ? _key.GetPrivateJwk() : _key.GetPublicJwk()); + multicodec = exportPrivateKey ? _serializer.SerializePrivateKey(securityKey) : _serializer.SerializePublicKey(securityKey); + } + + var did = $"{Did.Constants.Scheme}:{Constants.Type}:{multicodec}"; + DidKeyOptions opts = null; + if (!string.IsNullOrWhiteSpace(_format)) + opts = new DidKeyOptions + { + PublicKeyFormat = _format + }; + var resolver = DidKeyResolver.New(opts); + var document = resolver.Resolve(did, CancellationToken.None).Result; + return new DidKeyExportResult(did, document, _key); } } + +public class DidKeyExportResult +{ + public DidKeyExportResult(string did, DidDocument document, IAsymmetricKey key) + { + Did = did; + Document = document; + Key = key; + } + + public string Did { get; private set; } + public DidDocument Document { get; private set; } + public IAsymmetricKey Key { get; private set; } +} \ No newline at end of file diff --git a/src/Did/SimpleIdServer.Did.Key/DidKeyOptions.cs b/src/Did/SimpleIdServer.Did.Key/DidKeyOptions.cs index cf6f4e231..a9e779d8d 100644 --- a/src/Did/SimpleIdServer.Did.Key/DidKeyOptions.cs +++ b/src/Did/SimpleIdServer.Did.Key/DidKeyOptions.cs @@ -7,6 +7,6 @@ namespace SimpleIdServer.Did.Key; public class DidKeyOptions { - public string PublicKeyFormat { get; set; } = Ed25519VerificationKey2020Standard.TYPE; + public string PublicKeyFormat { get; set; } public bool EnableEncryptionKeyDerivation { get; set; } = false; } diff --git a/src/Did/SimpleIdServer.Did.Key/DidKeyResolver.cs b/src/Did/SimpleIdServer.Did.Key/DidKeyResolver.cs index a257e4ce7..6bc24235f 100644 --- a/src/Did/SimpleIdServer.Did.Key/DidKeyResolver.cs +++ b/src/Did/SimpleIdServer.Did.Key/DidKeyResolver.cs @@ -1,9 +1,12 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.Did.Crypto; using SimpleIdServer.Did.Crypto.Multicodec; using SimpleIdServer.Did.Encoders; using SimpleIdServer.Did.Models; using System; +using System.Collections.Generic; +using System.Linq; using System.Threading; using System.Threading.Tasks; @@ -16,20 +19,23 @@ public class DidKeyResolver : IDidResolver { private readonly IMulticodecSerializer _serializer; private readonly DidKeyOptions _options; + private readonly IEnumerable _verificationMethodsStandardLst; public DidKeyResolver( IMulticodecSerializer serializer, - DidKeyOptions options) + DidKeyOptions options, + IEnumerable verificationMethodsStandardLst) { _serializer = serializer; _options = options; + _verificationMethodsStandardLst = verificationMethodsStandardLst; } public static DidKeyResolver New(DidKeyOptions options = null) { options = options ?? new DidKeyOptions(); var serializer = MulticodecSerializerFactory.Build(); - return new DidKeyResolver(serializer, options); + return new DidKeyResolver(serializer, options, VerificationMethodStandardFactory.GetAll()); } public string Method => Constants.Type; @@ -43,10 +49,22 @@ public Task Resolve(string did, CancellationToken cancellationToken var verificationMethod = _serializer.Deserialize(multibaseValue, null); var builder = DidDocumentBuilder.New(did); var verificationMethodId = $"{did}#{multibaseValue}"; - if(_options.PublicKeyFormat != Ed25519VerificationKey2020Standard.TYPE - && _options.PublicKeyFormat != JsonWebKey2020Standard.TYPE) - throw new InvalidOperationException($"The key format {_options.PublicKeyFormat} is not supported"); - builder.AddVerificationMethod(_options.PublicKeyFormat, + var publicKeyFormat = _options.PublicKeyFormat; + if(string.IsNullOrWhiteSpace(publicKeyFormat)) + { + if (verificationMethod.GetType() == typeof(JsonWebKeySecurityKey)) + publicKeyFormat = JsonWebKey2020Standard.TYPE; + else + { + var verificationMethodStandard = _verificationMethodsStandardLst.FirstOrDefault(m => m.SupportedCurves.Contains(verificationMethod.CrvOrSize)); + if (verificationMethodStandard != null) + publicKeyFormat = verificationMethodStandard.Type; + else + publicKeyFormat = Ed25519VerificationKey2020Standard.TYPE; + } + } + + builder.AddVerificationMethod(publicKeyFormat, verificationMethod, did, VerificationMethodUsages.AUTHENTICATION | VerificationMethodUsages.ASSERTION_METHOD | diff --git a/src/Did/SimpleIdServer.Did.Key/ServiceCollectionExtensions.cs b/src/Did/SimpleIdServer.Did.Key/ServiceCollectionExtensions.cs index f934e629b..8de2b3bfd 100644 --- a/src/Did/SimpleIdServer.Did.Key/ServiceCollectionExtensions.cs +++ b/src/Did/SimpleIdServer.Did.Key/ServiceCollectionExtensions.cs @@ -2,16 +2,20 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.Extensions.DependencyInjection; using SimpleIdServer.Did.Crypto.Multicodec; +using System; namespace SimpleIdServer.Did.Key; public static class ServiceCollectionExtensions { - public static IServiceCollection AddDidKey(this IServiceCollection services) + public static IServiceCollection AddDidKey(this IServiceCollection services, Action cb = null) { - services.AddSingleton(new DidKeyOptions()); + services.AddDid(); + var options = new DidKeyOptions(); + if (cb != null) cb(options); + services.AddSingleton(options); services.AddSingleton(MulticodecSerializerFactory.Build()); services.AddTransient(); return services; } -} +} \ No newline at end of file diff --git a/src/Did/SimpleIdServer.Did/Crypto/BaseESSignatureKey.cs b/src/Did/SimpleIdServer.Did/Crypto/BaseESSignatureKey.cs index dc05e497b..9aea020e5 100644 --- a/src/Did/SimpleIdServer.Did/Crypto/BaseESSignatureKey.cs +++ b/src/Did/SimpleIdServer.Did/Crypto/BaseESSignatureKey.cs @@ -8,6 +8,7 @@ using Org.BouncyCastle.Math; using Org.BouncyCastle.Security; using SimpleIdServer.Did.Crypto.SecurityKeys; +using SimpleIdServer.Did.Helpers; using System; using System.Collections.Generic; using System.Security.Cryptography; @@ -77,7 +78,10 @@ public bool CheckHash(byte[] content, byte[] signature, HashAlgorithmName? alg = var sig = ExtractSignature(signature); var signer = new ECDsaSigner(); signer.Init(false, _publicKey); - return signer.VerifySignature(content, sig.R, sig.S); + var hash = content; + if(alg != null) + hash = HashHelper.Hash(content, alg.Value); + return signer.VerifySignature(hash, sig.R, sig.S); } public byte[] SignHash(byte[] content, HashAlgorithmName alg) @@ -113,6 +117,7 @@ public JsonWebKey GetPublicJwk() q = q.Normalize(); var result = new JsonWebKey { + Alg = JwtAlg, Kty = Kty, Crv = CrvOrSize, X = Base64UrlEncoder.Encode(q.XCoord.GetEncoded()), diff --git a/src/Did/SimpleIdServer.Did/Crypto/JsonWebKeySecurityKey.cs b/src/Did/SimpleIdServer.Did/Crypto/JsonWebKeySecurityKey.cs new file mode 100644 index 000000000..209398bf7 --- /dev/null +++ b/src/Did/SimpleIdServer.Did/Crypto/JsonWebKeySecurityKey.cs @@ -0,0 +1,69 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.Did.Serializers; +using System; +using System.Security.Cryptography; + +namespace SimpleIdServer.Did.Crypto; + +public class JsonWebKeySecurityKey : IAsymmetricKey +{ + private readonly JsonWebKey _jwk; + + public JsonWebKeySecurityKey(JsonWebKey jwk) + { + _jwk = jwk; + } + + public string Kty => string.Empty; + + public string CrvOrSize => string.Empty; + + public string JwtAlg => string.Empty; + + public SigningCredentials BuildSigningCredentials(string kid = null) + { + if (_jwk == null) throw new InvalidOperationException("there is no private key"); + _jwk.Kid = kid; + return new SigningCredentials(_jwk, _jwk.Alg); + } + + public bool CheckHash(byte[] content, byte[] signature, HashAlgorithmName? alg = null) + { + throw new System.NotImplementedException(); + } + + public JsonWebKey GetPrivateJwk() + => _jwk; + + public byte[] GetPrivateKey() + => GetPublicKey(); + + public JsonWebKey GetPublicJwk() + => _jwk; + + public byte[] GetPublicKey(bool compressed = false) + { + if (_jwk == null) throw new InvalidOperationException("there is no public key"); + _jwk.Alg = null; + var json = JsonWebKeySerializer.Write(_jwk); + return System.Text.Encoding.UTF8.GetBytes(json); + } + + public void Import(byte[] publicKey, byte[] privateKey) + { + throw new System.NotImplementedException(); + } + + public void Import(JsonWebKey publicKey, JsonWebKey privateKey) + { + throw new System.NotImplementedException(); + } + + public byte[] SignHash(byte[] content, HashAlgorithmName alg) + { + throw new System.NotImplementedException(); + } +} diff --git a/src/Did/SimpleIdServer.Did/Crypto/Multicodec/Ec256VerificationMethod.cs b/src/Did/SimpleIdServer.Did/Crypto/Multicodec/Ec256VerificationMethod.cs new file mode 100644 index 000000000..1ccb47037 --- /dev/null +++ b/src/Did/SimpleIdServer.Did/Crypto/Multicodec/Ec256VerificationMethod.cs @@ -0,0 +1,30 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.IdentityModel.Tokens; + +namespace SimpleIdServer.Did.Crypto.Multicodec +{ + public class Ec256VerificationMethod : IVerificationMethod + { + public string MulticodecPublicKeyHexValue => null; + + public string MulticodecPrivateKeyHexValue => null; + + public int KeySize => 0; + + public string Kty => throw new System.NotImplementedException(); + + public string CrvOrSize => throw new System.NotImplementedException(); + + public IAsymmetricKey Build(byte[] publicKey, byte[] privateKey) + { + throw new System.NotImplementedException(); + } + + public IAsymmetricKey Build(JsonWebKey publicJwk, JsonWebKey privateJwk) + { + throw new System.NotImplementedException(); + } + } +} diff --git a/src/Did/SimpleIdServer.Did/Crypto/Multicodec/JwkJcsPubVerificationMethod.cs b/src/Did/SimpleIdServer.Did/Crypto/Multicodec/JwkJcsPubVerificationMethod.cs new file mode 100644 index 000000000..757ee76ec --- /dev/null +++ b/src/Did/SimpleIdServer.Did/Crypto/Multicodec/JwkJcsPubVerificationMethod.cs @@ -0,0 +1,33 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.IdentityModel.Tokens; + +namespace SimpleIdServer.Did.Crypto.Multicodec; + +public class JwkJcsPubVerificationMethod : IVerificationMethod +{ + public const string MULTICODES_HEX_VALUE = "0xd1d603"; + + public string MulticodecPublicKeyHexValue => MULTICODES_HEX_VALUE; + + public string MulticodecPrivateKeyHexValue => MULTICODES_HEX_VALUE; + + public int KeySize => 0; + + public string Kty => null; + + public string CrvOrSize => null; + + public IAsymmetricKey Build(byte[] publicKey, byte[] privateKey) + { + var json = System.Text.Encoding.UTF8.GetString(publicKey); + var jsonWebToken = new JsonWebKey(json); + return new JsonWebKeySecurityKey(jsonWebToken); + } + + public IAsymmetricKey Build(JsonWebKey publicJwk, JsonWebKey privateJwk) + { + return null; + } +} \ No newline at end of file diff --git a/src/Did/SimpleIdServer.Did/Crypto/Multicodec/MulticodecSerializer.cs b/src/Did/SimpleIdServer.Did/Crypto/Multicodec/MulticodecSerializer.cs index 51e6b5e13..e096eae7d 100644 --- a/src/Did/SimpleIdServer.Did/Crypto/Multicodec/MulticodecSerializer.cs +++ b/src/Did/SimpleIdServer.Did/Crypto/Multicodec/MulticodecSerializer.cs @@ -58,7 +58,10 @@ public IAsymmetricKey Deserialize(byte[] publicKeyPayload, byte[] privateKeyPayl public string SerializePublicKey(IAsymmetricKey signatureKey) { - var verificationMethod = _verificationMethods.Single(m => m.Kty == signatureKey.Kty && m.CrvOrSize == signatureKey.CrvOrSize); + var verificationMethod = _verificationMethods.SingleOrDefault(m => m.Kty == signatureKey.Kty && m.CrvOrSize == signatureKey.CrvOrSize); + if (verificationMethod == null && signatureKey.GetPublicJwk() != null) + verificationMethod = _verificationMethods.First(v => v.GetType() == typeof(JwkJcsPubVerificationMethod)); + var publicKey = verificationMethod.MulticodecPublicKeyHexValue.HexToByteArray().ToList(); publicKey.AddRange(signatureKey.GetPublicKey()); return MultibaseEncoding.Encode(publicKey.ToArray()); @@ -66,7 +69,10 @@ public string SerializePublicKey(IAsymmetricKey signatureKey) public string SerializePrivateKey(IAsymmetricKey signatureKey) { - var verificationMethod = _verificationMethods.Single(m => m.Kty == signatureKey.Kty && m.CrvOrSize == signatureKey.CrvOrSize); + var verificationMethod = _verificationMethods.SingleOrDefault(m => m.Kty == signatureKey.Kty && m.CrvOrSize == signatureKey.CrvOrSize); + if (verificationMethod == null && signatureKey.GetPrivateJwk() != null) + verificationMethod = _verificationMethods.First(v => v.GetType() == typeof(JwkJcsPubVerificationMethod)); + var privateKey = verificationMethod.MulticodecPrivateKeyHexValue.HexToByteArray().ToList(); privateKey.AddRange(signatureKey.GetPrivateKey()); return MultibaseEncoding.Encode(privateKey.ToArray()); diff --git a/src/Did/SimpleIdServer.Did/Crypto/Multicodec/MulticodecSerializerFactory.cs b/src/Did/SimpleIdServer.Did/Crypto/Multicodec/MulticodecSerializerFactory.cs index 2a9b22c57..03cdbeea0 100644 --- a/src/Did/SimpleIdServer.Did/Crypto/Multicodec/MulticodecSerializerFactory.cs +++ b/src/Did/SimpleIdServer.Did/Crypto/Multicodec/MulticodecSerializerFactory.cs @@ -17,6 +17,7 @@ public static IMulticodecSerializer Build() => new Es256VerificationMethod(), new Es384VerificationMethod(), new X25519VerificationMethod(), - new RSAVerificationMethod() + new RSAVerificationMethod(), + new JwkJcsPubVerificationMethod() }; } diff --git a/src/Did/SimpleIdServer.Did/Crypto/SecurityKeys/Ed25519SecurityKey.cs b/src/Did/SimpleIdServer.Did/Crypto/SecurityKeys/Ed25519SecurityKey.cs index 0f181deb3..1b7dc996c 100644 --- a/src/Did/SimpleIdServer.Did/Crypto/SecurityKeys/Ed25519SecurityKey.cs +++ b/src/Did/SimpleIdServer.Did/Crypto/SecurityKeys/Ed25519SecurityKey.cs @@ -14,7 +14,7 @@ public class Ed25519SecurityKey : AsymmetricSecurityKey public Ed25519SecurityKey() { - CryptoProviderFactory.CustomCryptoProvider = new Ed25519CryptoProvider(); + this.CryptoProviderFactory.CustomCryptoProvider = new Ed25519CryptoProvider(); } public Ed25519SecurityKey(Ed25519PublicKeyParameters publicKey, Ed25519PrivateKeyParameters privateKey = null) : this() diff --git a/src/Did/SimpleIdServer.Did/Crypto/SecurityKeys/EsSecurityKey.cs b/src/Did/SimpleIdServer.Did/Crypto/SecurityKeys/EsSecurityKey.cs index 1c462faad..3fe409035 100644 --- a/src/Did/SimpleIdServer.Did/Crypto/SecurityKeys/EsSecurityKey.cs +++ b/src/Did/SimpleIdServer.Did/Crypto/SecurityKeys/EsSecurityKey.cs @@ -1,7 +1,6 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Tokens; using Org.BouncyCastle.Asn1.X9; using Org.BouncyCastle.Crypto.Parameters; @@ -10,8 +9,7 @@ using SimpleIdServer.Did.Crypto; using SimpleIdServer.Did.Crypto.SecurityKeys; using System; -using System.Collections.Generic; -using System.Linq; +using System.Security.Cryptography; namespace SimpleIdServer.Did.Crypto.SecurityKeys { @@ -23,7 +21,7 @@ public class EsSecurityKey : AsymmetricSecurityKey public EsSecurityKey() { - CryptoProviderFactory.CustomCryptoProvider = new EsCryptoProvider(); + this.CryptoProviderFactory.CustomCryptoProvider = new EsCryptoProvider(); } public EsSecurityKey(X9ECParameters curve, ECPublicKeyParameters publicKey, ECPrivateKeyParameters privateKey = null) : this() @@ -42,7 +40,7 @@ public override bool HasPrivateKey { get { - return _publicKey != null; + return _privateKey != null; } } @@ -54,6 +52,19 @@ public override PrivateKeyStatus PrivateKeyStatus } } + public override bool CanComputeJwkThumbprint() + { + return true; + } + + public override byte[] ComputeJwkThumbprint() + { + var q = _publicKey.Q; + var x = Base64UrlEncoder.Encode(q.XCoord.GetEncoded()); + var y = Base64UrlEncoder.Encode(q.YCoord.GetEncoded()); + return GenerateSha256Hash($"{{\"{"crv"}\":\"{Constants.StandardCrvOrSize.P256}\",\"{"kty"}\":\"{"EC"}\",\"{"x"}\":\"{x}\",\"{"y"}\":\"{y}\"}}"); + } + public override int KeySize { get @@ -64,6 +75,9 @@ public override int KeySize return publicKey.Length; } } + + private static byte[] GenerateSha256Hash(string input) + => SHA256.HashData(System.Text.Encoding.UTF8.GetBytes(input)); } } @@ -102,13 +116,24 @@ public override bool Sign(ReadOnlySpan data, Span destination, out i public override byte[] Sign(byte[] input) { - var signer = new DeterministicECDSA(); - signer.SetPrivateKey(_securityKey.PrivateKey); - var sig = ECDSASignature.FromDER(signer.SignHash(input)); - var lst = new List(); - lst.AddRange(sig.R.ToByteArrayUnsigned()); - lst.AddRange(sig.S.ToByteArrayUnsigned()); - return lst.ToArray(); + var ecDsaSigner = new ECDsaSigner(); + ecDsaSigner.Init(true, _securityKey.PrivateKey); + byte[] hashedInput; + using (var hasher = SHA256.Create()) + { + hashedInput = hasher.ComputeHash(input); + } + + var output = ecDsaSigner.GenerateSignature(hashedInput); + + var r = output[0].ToByteArrayUnsigned(); + var s = output[1].ToByteArrayUnsigned(); + + var signature = new byte[r.Length + s.Length]; + r.CopyTo(signature, 0); + s.CopyTo(signature, r.Length); + + return signature; } public override bool Verify(byte[] input, byte[] signature) diff --git a/src/Did/SimpleIdServer.Did/Crypto/SignatureKeySerializer.cs b/src/Did/SimpleIdServer.Did/Crypto/SignatureKeySerializer.cs new file mode 100644 index 000000000..57ee6be38 --- /dev/null +++ b/src/Did/SimpleIdServer.Did/Crypto/SignatureKeySerializer.cs @@ -0,0 +1,50 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.Did.Crypto.Multicodec; +using SimpleIdServer.Did.Serializers; +using System.Linq; +using System.Text.Json; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.Did.Crypto; + +public static class SignatureKeySerializer +{ + public static string SerializedToJson(IAsymmetricKey key) + => JsonSerializer.Serialize(Serialize(key)); + + public static SerializedKey Serialize(IAsymmetricKey key) + => new SerializedKey + { + CrvOrSize = key.CrvOrSize, + SerializedJwk = JsonWebKeySerializer.Write(key.GetPrivateJwk()) + }; + + public static IAsymmetricKey Deserialize(string json) + => Deserialize(JsonSerializer.Deserialize(json)); + + public static IAsymmetricKey Deserialize(SerializedKey key) + { + var verificationMethod = MulticodecSerializerFactory.AllVerificationMethods.Single(m => m.CrvOrSize == key.CrvOrSize); + var jwk = key.Jwk; + return verificationMethod.Build(jwk, jwk); + } +} + +public class SerializedKey +{ + [JsonPropertyName("crv_or_size")] + public string CrvOrSize { get; set; } + [JsonPropertyName("jwk")] + public string SerializedJwk { get; set; } + [JsonIgnore] + internal JsonWebKey Jwk + { + get + { + if (SerializedJwk == null) return null; + return new JsonWebKey(SerializedJwk); + } + } +} \ No newline at end of file diff --git a/src/Did/SimpleIdServer.Did/Encoders/JsonWebKey2020Formatter.cs b/src/Did/SimpleIdServer.Did/Encoders/JsonWebKey2020Formatter.cs index e3e7b31c4..03a4f4802 100644 --- a/src/Did/SimpleIdServer.Did/Encoders/JsonWebKey2020Formatter.cs +++ b/src/Did/SimpleIdServer.Did/Encoders/JsonWebKey2020Formatter.cs @@ -27,7 +27,7 @@ public class JsonWebKey2020Standard : IVerificationMethodStandard public SignatureKeyEncodingTypes SupportedEncoding => SignatureKeyEncodingTypes.JWK; - public IEnumerable SupportedCurves { get; } = null; + public IEnumerable SupportedCurves { get; set; } = null; public string BuildId(DidDocumentVerificationMethod verificationMethod, IAsymmetricKey asymmKey) { diff --git a/src/Did/SimpleIdServer.Did/Helpers/HashHelper.cs b/src/Did/SimpleIdServer.Did/Helpers/HashHelper.cs new file mode 100644 index 000000000..d732488f6 --- /dev/null +++ b/src/Did/SimpleIdServer.Did/Helpers/HashHelper.cs @@ -0,0 +1,21 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System.Collections.Generic; +using System.Security.Cryptography; + +namespace SimpleIdServer.Did.Helpers; + +public static class HashHelper +{ + private static Dictionary _nameToAlgs = new Dictionary + { + { HashAlgorithmName.SHA256, SHA256.Create() } + }; + + public static byte[] Hash(byte[] content, HashAlgorithmName alg) + { + var algorithm = _nameToAlgs[alg]; + return algorithm.ComputeHash(content); + } +} diff --git a/src/Did/SimpleIdServer.Did/Jwt/DidJsonWebTokenHandler.cs b/src/Did/SimpleIdServer.Did/Jwt/DidJsonWebTokenHandler.cs index ccd9490f6..6d01c240c 100644 --- a/src/Did/SimpleIdServer.Did/Jwt/DidJsonWebTokenHandler.cs +++ b/src/Did/SimpleIdServer.Did/Jwt/DidJsonWebTokenHandler.cs @@ -11,6 +11,8 @@ using System.Collections.Generic; using System.Linq; using System.Security.Cryptography; +using System.Threading; +using System.Threading.Tasks; namespace SimpleIdServer.Did.Jwt; @@ -66,6 +68,19 @@ public string Secure( return result; } + public async Task CheckJwt( + string jwtToken, + IDidFactoryResolver didFactoryResolver, + CancellationToken cancellationToken) + { + var handler = new JsonWebTokenHandler(); + if (!handler.CanReadToken(jwtToken)) throw new InvalidOperationException("cannot read the Json Web Token"); + var jwt = handler.ReadJsonWebToken(jwtToken); + var kid = jwt.Kid; + var did = await didFactoryResolver.Resolve(kid, cancellationToken); + return CheckJwt(jwtToken, did); + } + public bool CheckJwt( string jwt, DidDocument didDocument) @@ -99,11 +114,11 @@ public bool CheckJwt( if (didDocument.AssertionMethod == null) throw new InvalidOperationException("There is no assertion method"); if (string.IsNullOrWhiteSpace(verificationMethodId)) throw new ArgumentNullException(nameof(verificationMethodId)); var handler = new JsonWebTokenHandler(); + var verificationMethod = didDocument.VerificationMethod.Single(m => m.Id == verificationMethodId); + var asymKey = _verificationMethodEncoding.Decode(verificationMethod); var jsonWebToken = handler.ReadJsonWebToken(jwt); var content = System.Text.Encoding.UTF8.GetBytes($"{jsonWebToken.EncodedHeader}.{jsonWebToken.EncodedPayload}"); var signature = Base64UrlEncoder.DecodeBytes(jsonWebToken.EncodedSignature); - var verificationMethod = didDocument.VerificationMethod.Single(m => m.Id == verificationMethodId); - var asymKey = _verificationMethodEncoding.Decode(verificationMethod); if (asymKey.CheckHash(content, signature, HashAlgorithmName.SHA256)) return true; return false; } diff --git a/src/Did/SimpleIdServer.Did/Serializers/JsonWebKeyParameterUtf8Bytes.cs b/src/Did/SimpleIdServer.Did/Serializers/JsonWebKeyParameterUtf8Bytes.cs new file mode 100644 index 000000000..33ab55e5a --- /dev/null +++ b/src/Did/SimpleIdServer.Did/Serializers/JsonWebKeyParameterUtf8Bytes.cs @@ -0,0 +1,52 @@ +using System; + +namespace SimpleIdServer.Did.Serializers; + +public readonly struct JsonWebKeyParameterUtf8Bytes +{ + public static ReadOnlySpan Alg => "alg"u8; + + public static ReadOnlySpan Crv => "crv"u8; + + public static ReadOnlySpan D => "d"u8; + + public static ReadOnlySpan DP => "dp"u8; + + public static ReadOnlySpan DQ => "dq"u8; + + public static ReadOnlySpan E => "e"u8; + + public static ReadOnlySpan K => "k"u8; + + public static ReadOnlySpan KeyOps => "key_ops"u8; + + public static ReadOnlySpan Keys => "keys"u8; + + public static ReadOnlySpan Kid => "kid"u8; + + public static ReadOnlySpan Kty => "kty"u8; + + public static ReadOnlySpan N => "n"u8; + + public static ReadOnlySpan Oth => "oth"u8; + + public static ReadOnlySpan P => "p"u8; + + public static ReadOnlySpan Q => "q"u8; + + public static ReadOnlySpan QI => "qi"u8; + + public static ReadOnlySpan Use => "use"u8; + + public static ReadOnlySpan X5c => "x5c"u8; + + public static ReadOnlySpan X5t => "x5t"u8; + + public static ReadOnlySpan X5tS256 => "x5t#S256"u8; + + public static ReadOnlySpan X5u => "x5u"u8; + + public static ReadOnlySpan X => "x"u8; + + public static ReadOnlySpan Y => "y"u8; +} diff --git a/src/Did/SimpleIdServer.Did/Serializers/JsonWebKeySerializer.cs b/src/Did/SimpleIdServer.Did/Serializers/JsonWebKeySerializer.cs new file mode 100644 index 000000000..fb69fba0c --- /dev/null +++ b/src/Did/SimpleIdServer.Did/Serializers/JsonWebKeySerializer.cs @@ -0,0 +1,350 @@ +using Microsoft.IdentityModel.Logging; +using Microsoft.IdentityModel.Tokens; +using System; +using System.Collections; +using System.Collections.Generic; +using System.Globalization; +using System.IO; +using System.Text.Encodings.Web; +using System.Text.Json; + +namespace SimpleIdServer.Did.Serializers; + +public class JsonWebKeySerializer +{ + public static string Write(JsonWebKey jsonWebKey) + { + using MemoryStream memoryStream = new MemoryStream(); + Utf8JsonWriter writer = null; + try + { + writer = new Utf8JsonWriter(memoryStream, new JsonWriterOptions + { + Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping + }); + Write(ref writer, jsonWebKey); + writer.Flush(); + return System.Text.Encoding.UTF8.GetString(memoryStream.GetBuffer(), 0, (int)memoryStream.Length); + } + finally + { + writer?.Dispose(); + } + } + + public static void Write(ref Utf8JsonWriter writer, JsonWebKey jsonWebKey) + { + if (jsonWebKey == null) + { + throw new ArgumentNullException("jsonWebKey"); + } + + if (writer == null) + { + throw new ArgumentNullException("writer"); + } + + writer.WriteStartObject(); + if (!string.IsNullOrEmpty(jsonWebKey.Alg)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.Alg, jsonWebKey.Alg); + } + + if (!string.IsNullOrEmpty(jsonWebKey.Crv)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.Crv, jsonWebKey.Crv); + } + + if (!string.IsNullOrEmpty(jsonWebKey.D)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.D, jsonWebKey.D); + } + + if (!string.IsNullOrEmpty(jsonWebKey.DP)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.DP, jsonWebKey.DP); + } + + if (!string.IsNullOrEmpty(jsonWebKey.DQ)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.DQ, jsonWebKey.DQ); + } + + if (!string.IsNullOrEmpty(jsonWebKey.E)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.E, jsonWebKey.E); + } + + if (!string.IsNullOrEmpty(jsonWebKey.K)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.K, jsonWebKey.K); + } + + if (jsonWebKey.KeyOps.Count > 0) + { + WriteStrings(ref writer, JsonWebKeyParameterUtf8Bytes.KeyOps, jsonWebKey.KeyOps); + } + + if (!string.IsNullOrEmpty(jsonWebKey.Kid)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.Kid, jsonWebKey.Kid); + } + + if (!string.IsNullOrEmpty(jsonWebKey.Kty)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.Kty, jsonWebKey.Kty); + } + + if (!string.IsNullOrEmpty(jsonWebKey.N)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.N, jsonWebKey.N); + } + + if (jsonWebKey.Oth.Count > 0) + { + WriteStrings(ref writer, JsonWebKeyParameterUtf8Bytes.Oth, jsonWebKey.Oth); + } + + if (!string.IsNullOrEmpty(jsonWebKey.P)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.P, jsonWebKey.P); + } + + if (!string.IsNullOrEmpty(jsonWebKey.Q)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.Q, jsonWebKey.Q); + } + + if (!string.IsNullOrEmpty(jsonWebKey.QI)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.QI, jsonWebKey.QI); + } + + if (!string.IsNullOrEmpty(jsonWebKey.Use)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.Use, jsonWebKey.Use); + } + + if (!string.IsNullOrEmpty(jsonWebKey.X)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.X, jsonWebKey.X); + } + + if (jsonWebKey.X5c.Count > 0) + { + WriteStrings(ref writer, JsonWebKeyParameterUtf8Bytes.X5c, jsonWebKey.X5c); + } + + if (!string.IsNullOrEmpty(jsonWebKey.X5t)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.X5t, jsonWebKey.X5t); + } + + if (!string.IsNullOrEmpty(jsonWebKey.X5tS256)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.X5tS256, jsonWebKey.X5tS256); + } + + if (!string.IsNullOrEmpty(jsonWebKey.X5u)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.X5u, jsonWebKey.X5u); + } + + if (!string.IsNullOrEmpty(jsonWebKey.Y)) + { + writer.WriteString(JsonWebKeyParameterUtf8Bytes.Y, jsonWebKey.Y); + } + + WriteObjects(ref writer, jsonWebKey.AdditionalData); + writer.WriteEndObject(); + } + + public static void WriteStrings(ref Utf8JsonWriter writer, ReadOnlySpan propertyName, IList strings) + { + writer.WriteStartArray(propertyName); + foreach (string @string in strings) + { + writer.WriteStringValue(@string); + } + + writer.WriteEndArray(); + } + + public static void WriteObjects(ref Utf8JsonWriter writer, IDictionary dictionary) + { + if (dictionary == null || dictionary.Count <= 0) + { + return; + } + + foreach (KeyValuePair item in dictionary) + { + WriteObject(ref writer, item.Key, item.Value); + } + } + public static void WriteObject(ref Utf8JsonWriter writer, string key, object obj) + { + if (writer.CurrentDepth >= 64) + { + throw new InvalidOperationException(LogHelper.FormatInvariant("IDX10815: Depth of JSON: '{0}' exceeds max depth of '{1}'.", LogHelper.MarkAsNonPII(writer.CurrentDepth), LogHelper.MarkAsNonPII(64))); + } + + if (obj == null) + { + writer.WriteNull(key); + return; + } + + Type type = obj.GetType(); + if (obj is string value) + { + writer.WriteString(key, value); + } + else if (obj is long value2) + { + writer.WriteNumber(key, value2); + } + else if (obj is int value3) + { + writer.WriteNumber(key, value3); + } + else if (obj is bool value4) + { + writer.WriteBoolean(key, value4); + } + else if (obj is DateTime dateTime) + { + writer.WriteString(key, dateTime.ToUniversalTime().ToString("O", CultureInfo.InvariantCulture)); + } + else if (typeof(IDictionary).IsAssignableFrom(type)) + { + IDictionary dictionary = (IDictionary)obj; + writer.WritePropertyName(key); + writer.WriteStartObject(); + foreach (object key2 in dictionary.Keys) + { + WriteObject(ref writer, key2.ToString(), dictionary[key2]); + } + + writer.WriteEndObject(); + } + else if (typeof(IList).IsAssignableFrom(type)) + { + IList obj2 = (IList)obj; + writer.WriteStartArray(key); + foreach (object item in obj2) + { + WriteObjectValue(ref writer, item); + } + + writer.WriteEndArray(); + } + else if (obj is JsonElement jsonElement) + { + writer.WritePropertyName(key); + jsonElement.WriteTo(writer); + } + else if (obj is double value5) + { + writer.WriteNumber(key, value5); + } + else if (obj is decimal value6) + { + writer.WriteNumber(key, value6); + } + else if (obj is float value7) + { + writer.WriteNumber(key, value7); + } + else + { + if (!(obj is Guid value8)) + { + throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant("IDX11025: Cannot serialize object of type: '{0}' into property: '{1}'.", LogHelper.MarkAsNonPII(type.ToString()), LogHelper.MarkAsNonPII(key)))); + } + + writer.WriteString(key, value8); + } + } + public static void WriteObjectValue(ref Utf8JsonWriter writer, object obj) + { + if (writer.CurrentDepth >= 64) + { + throw new InvalidOperationException(LogHelper.FormatInvariant("IDX10815: Depth of JSON: '{0}' exceeds max depth of '{1}'.", LogHelper.MarkAsNonPII(writer.CurrentDepth), LogHelper.MarkAsNonPII(64))); + } + + if (obj == null) + { + writer.WriteNullValue(); + return; + } + + Type type = obj.GetType(); + if (obj is string value) + { + writer.WriteStringValue(value); + } + else if (obj is DateTime dateTime) + { + writer.WriteStringValue(dateTime.ToUniversalTime()); + } + else if (obj is int value2) + { + writer.WriteNumberValue(value2); + } + else if (obj is bool value3) + { + writer.WriteBooleanValue(value3); + } + else if (obj is long value4) + { + writer.WriteNumberValue(value4); + } + else if (obj == null) + { + writer.WriteNullValue(); + } + else if (obj is double value5) + { + writer.WriteNumberValue(value5); + } + else if (obj is JsonElement jsonElement) + { + jsonElement.WriteTo(writer); + } + else if (typeof(IDictionary).IsAssignableFrom(type)) + { + IDictionary dictionary = (IDictionary)obj; + writer.WriteStartObject(); + foreach (object key in dictionary.Keys) + { + WriteObject(ref writer, key.ToString(), dictionary[key]); + } + + writer.WriteEndObject(); + } + else if (typeof(IList).IsAssignableFrom(type)) + { + IList obj2 = (IList)obj; + writer.WriteStartArray(); + foreach (object item in obj2) + { + WriteObjectValue(ref writer, item); + } + + writer.WriteEndArray(); + } + else if (obj is decimal value6) + { + writer.WriteNumberValue(value6); + } + else if (obj is float value7) + { + writer.WriteNumberValue(value7); + } + else + { + writer.WriteStringValue(obj.ToString()); + } + } +} diff --git a/src/Did/SimpleIdServer.Vc/CredentialSubjectBuilder.cs b/src/Did/SimpleIdServer.Vc/CredentialSubjectBuilder.cs index d7b9201dd..47b3f0a75 100644 --- a/src/Did/SimpleIdServer.Vc/CredentialSubjectBuilder.cs +++ b/src/Did/SimpleIdServer.Vc/CredentialSubjectBuilder.cs @@ -20,6 +20,12 @@ public static CredentialSubjectBuilder New(string id = null) return new CredentialSubjectBuilder(jsonObj); } + public CredentialSubjectBuilder SetPersonalIdentifier(string personalIdentifier) + { + _jsonObj.Add("personalIdentifier", personalIdentifier); + return this; + } + public CredentialSubjectBuilder AddClaim(string name, string value) { _jsonObj.Add(name, value); diff --git a/src/Did/SimpleIdServer.Vc/Models/W3CVerifiableCredential.cs b/src/Did/SimpleIdServer.Vc/Models/W3CVerifiableCredential.cs index 53eefb3dd..9ecc61e27 100644 --- a/src/Did/SimpleIdServer.Vc/Models/W3CVerifiableCredential.cs +++ b/src/Did/SimpleIdServer.Vc/Models/W3CVerifiableCredential.cs @@ -12,27 +12,36 @@ namespace SimpleIdServer.Vc.Models; /// public class W3CVerifiableCredential : BaseVerifiableDocument { - [JsonPropertyName("id")] - public string Id { get; set; } [JsonPropertyName("@context")] public List Context { get; set; } = new List(); + [JsonPropertyName("id")] + public string Id { get; set; } [JsonPropertyName("type")] public List Type { get; set; } = new List(); - [JsonPropertyName("name")] - [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] - public string? Name { get; set; } = null; - [JsonPropertyName("description")] - [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] - public string? Description { get; set; } = null; [JsonPropertyName("issuer")] [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] public string Issuer { get; set; } + [JsonPropertyName("issuanceDate")] + public DateTime IssuanceDate { get; set; } [JsonPropertyName("validFrom")] [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] public DateTime? ValidFrom { get; set; } [JsonPropertyName("validUntil")] [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] public DateTime? ValidUntil { get; set; } + [JsonPropertyName("issued")] + public DateTime Issued { get; set; } [JsonPropertyName("credentialSubject")] public JsonNode CredentialSubject { get; set; } + [JsonPropertyName("credentialSchema")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public W3CVerifiableCredentialSchema Schema { get; set; } +} + +public class W3CVerifiableCredentialSchema +{ + [JsonPropertyName("id")] + public string Id { get; set; } = null!; + [JsonPropertyName("type")] + public string Type { get; set; } = null!; } \ No newline at end of file diff --git a/src/Did/SimpleIdServer.Vc/SecuredDocument.cs b/src/Did/SimpleIdServer.Vc/SecuredDocument.cs index e91d15144..97e278fbf 100644 --- a/src/Did/SimpleIdServer.Vc/SecuredDocument.cs +++ b/src/Did/SimpleIdServer.Vc/SecuredDocument.cs @@ -130,24 +130,27 @@ public string SecureJwt( if (vcCredential == null) throw new ArgumentNullException(nameof(vcCredential)); var verificationMethod = didDocument.VerificationMethod.SingleOrDefault(m => m.Id == verificationMethodId); if (verificationMethod == null) throw new ArgumentException($"The verification method {verificationMethodId} doesn't exist"); - if(asymKey == null) - asymKey = _verificationMethodEncoding.Decode(verificationMethod); - var signingCredentials = asymKey.BuildSigningCredentials(); + if (asymKey == null) + if (verificationMethod.PrivateKeyJwk != null) + asymKey = new JsonWebKeySecurityKey(verificationMethod.PrivateKeyJwk); + else + asymKey = _verificationMethodEncoding.Decode(verificationMethod); + var signingCredentials = asymKey.BuildSigningCredentials(verificationMethod.Id); var claims = new Dictionary { { "sub", subject }, + { "jti", vcCredential.Id }, { "vc", new W3CVerifiableCredentialJsonSerializer().SerializeToDic(vcCredential) } }; var securityTokenDescriptor = new SecurityTokenDescriptor { Issuer = didDocument.Id, - IssuedAt = DateTime.UtcNow, + IssuedAt = DateTime.UtcNow.Date, SigningCredentials = signingCredentials, - Claims = claims + Claims = claims, + NotBefore = DateTime.UtcNow.Date }; var handler = new JsonWebTokenHandler(); - CryptoProviderFactory cryptoProviderFactory = signingCredentials.CryptoProviderFactory ?? signingCredentials.Key.CryptoProviderFactory; - var signatureProvider = cryptoProviderFactory.CreateForSigning(signingCredentials.Key, signingCredentials.Algorithm); var result = handler.CreateToken(securityTokenDescriptor); return result; } @@ -170,7 +173,7 @@ private byte[] HashProof(DataIntegrityProof dataIntegrityProof, ISignatureProof json = j.ToJsonString(); } - return Hash(json, proof); + return Hash(json, proof); } private byte[] Hash(string json, ISignatureProof proof) diff --git a/src/Did/SimpleIdServer.Vc/VcBuilder.cs b/src/Did/SimpleIdServer.Vc/VcBuilder.cs index 1b0aca966..e80fd4a0c 100644 --- a/src/Did/SimpleIdServer.Vc/VcBuilder.cs +++ b/src/Did/SimpleIdServer.Vc/VcBuilder.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.Vc.Models; using System; +using System.Collections.Generic; using System.Text.Json.Nodes; namespace SimpleIdServer.Vc; @@ -19,6 +20,7 @@ public static VcBuilder New(string id, string jsonLdContext, string issuer, string type, + List additionalTypes, DateTime? validFrom = null, DateTime? validUntil = null ) @@ -29,10 +31,14 @@ public static VcBuilder New(string id, Issuer = issuer, ValidFrom = validFrom, ValidUntil = validUntil, + IssuanceDate = DateTime.UtcNow.Date, + Issued = DateTime.UtcNow.Date }; credential.Context.Add(VcConstants.VerifiableCredentialJsonLdContext); credential.Context.Add(jsonLdContext); credential.Type.Add(VcConstants.VerifiableCredentialType); + if (additionalTypes != null) + credential.Type.AddRange(additionalTypes); credential.Type.Add(type); return new VcBuilder(credential); } @@ -57,5 +63,15 @@ public VcBuilder AddCredentialSubject(string id, Action _credential; } \ No newline at end of file diff --git a/src/Did/SimpleIdServer.Vc/VcConstants.cs b/src/Did/SimpleIdServer.Vc/VcConstants.cs index d0dfd97bb..eead503d3 100644 --- a/src/Did/SimpleIdServer.Vc/VcConstants.cs +++ b/src/Did/SimpleIdServer.Vc/VcConstants.cs @@ -7,4 +7,5 @@ public static class VcConstants { public const string VerifiableCredentialJsonLdContext = "https://www.w3.org/2018/credentials/v1"; public const string VerifiableCredentialType = "VerifiableCredential"; + public const string VerifiableAttestation = "VerifiableAttestation"; } diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Controllers/ClaimsController.cs b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Controllers/ClaimsController.cs new file mode 100644 index 000000000..577093c33 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Controllers/ClaimsController.cs @@ -0,0 +1,19 @@ +using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Mvc; +using SimpleIdServer.Federation.Rp.Startup.ViewModels; + +namespace SimpleIdServer.Federation.Rp.Startup.Controllers; + +public class ClaimsController : Controller +{ + [Authorize] + public async Task Index() + { + var accessToken = await HttpContext.GetTokenAsync("access_token"); + return View(new ClaimsViewModel + { + AccessToken = accessToken + }); + } +} diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Controllers/HomeController.cs b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Controllers/HomeController.cs new file mode 100644 index 000000000..4c75db59f --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Controllers/HomeController.cs @@ -0,0 +1,37 @@ +using Microsoft.AspNetCore.Mvc; +using SimpleIdServer.Federation.Rp.Startup.ViewModels; +using System.Diagnostics; + +namespace SimpleIdServer.Federation.Rp.Startup.Controllers +{ + public class HomeController : Controller + { + private readonly ILogger _logger; + + public HomeController(ILogger logger) + { + _logger = logger; + } + + public IActionResult Index() + { + return View(); + } + + public IActionResult Privacy() + { + return View(); + } + + public IActionResult Logout() + { + return SignOut(new[] { "sid", "Cookies" }); + } + + [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)] + public IActionResult Error() + { + return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier }); + } + } +} diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Program.cs b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Program.cs new file mode 100644 index 000000000..e47ce0f10 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Program.cs @@ -0,0 +1,93 @@ +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.Federation.Rp.Startup; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.OpenidFederation.Store.EF; +using System.Security.Cryptography; + +var builder = WebApplication.CreateBuilder(args); +var signatureCredentials = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "raId" }, SecurityAlgorithms.RsaSha256); + +var jsonWebKey = signatureCredentials.SerializePublicJWK(); +jsonWebKey.Alg = SecurityAlgorithms.RsaSha256; +jsonWebKey.Use = "sig"; + +builder.Services.AddDistributedMemoryCache(); +builder.Services.AddRpFederation(r => +{ + r.Client = new SimpleIdServer.IdServer.Domains.Client + { + ClientId = "http://localhost:7001", + RedirectionUrls = new List + { + "http://localhost:7001/signin-oidc" + }, + ClientRegistrationTypesSupported = new List + { + "automatic" + }, + RequestObjectSigningAlg = SecurityAlgorithms.RsaSha256, + Scopes = new List + { + new Scope + { + Name = "openid" + }, + new Scope + { + Name = "profile" + } + }, + ResponseTypes = new List + { + "code" + }, + GrantTypes = new List + { + "authorization_code" + }, + TokenEndPointAuthMethod = "private_key_jwt" + }; + r.Client.Add(jsonWebKey.Kid, jsonWebKey, "sig", SecurityKeyTypes.RSA); + r.SigningCredentials = signatureCredentials; +}); +builder.Services.AddOpenidFederationStore(); +builder.Services.AddControllersWithViews(); +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; +}) + .AddCookie("Cookies") + .AddCustomOpenIdConnect("sid", options => + { + + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "http://localhost:7001"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + options.UseFederationAutomaticRegistration(signatureCredentials); + }); + +var app = builder.Build(); +AddTrustedEntities(app.Services); +app.UseHttpsRedirection(); +app.UseStaticFiles(); +app.UseRouting(); +app.UseAuthorization(); +app.MapControllerRoute( + name: "default", + pattern: "{controller=Home}/{action=Index}/{id?}"); + +app.Run(); +static void AddTrustedEntities(IServiceProvider services) +{ + using (var scope = services.CreateScope()) + { + var dbContext = scope.ServiceProvider.GetRequiredService(); + dbContext.FederationEntities.AddRange(RpConfiguration.FederationEntities); + dbContext.SaveChanges(); + } +} \ No newline at end of file diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Properties/launchSettings.json b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Properties/launchSettings.json new file mode 100644 index 000000000..a3c55cd99 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Properties/launchSettings.json @@ -0,0 +1,11 @@ +{ + "profiles": { + "SimpleIdServer.Federation.Rp.Startup": { + "commandName": "Project", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + }, + "applicationUrl": "http://localhost:7001" + } + } +} \ No newline at end of file diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/RpConfiguration.cs b/src/Federation/SimpleIdServer.Federation.Rp.Startup/RpConfiguration.cs new file mode 100644 index 000000000..c7818a675 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/RpConfiguration.cs @@ -0,0 +1,17 @@ +using SimpleIdServer.OpenidFederation.Domains; + +namespace SimpleIdServer.Federation.Rp.Startup; + +public class RpConfiguration +{ + public static List FederationEntities = new List + { + new FederationEntity + { + Id = Guid.NewGuid().ToString(), + Sub = "http://localhost:7000", + Realm = string.Empty, + IsSubordinate = false + } + }; +} \ No newline at end of file diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/SimpleIdServer.Federation.Rp.Startup.csproj b/src/Federation/SimpleIdServer.Federation.Rp.Startup/SimpleIdServer.Federation.Rp.Startup.csproj new file mode 100644 index 000000000..b90e7d8ef --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/SimpleIdServer.Federation.Rp.Startup.csproj @@ -0,0 +1,12 @@ + + + net8.0 + enable + enable + + + + + + + diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/ViewModels/ClaimsViewModel.cs b/src/Federation/SimpleIdServer.Federation.Rp.Startup/ViewModels/ClaimsViewModel.cs new file mode 100644 index 000000000..458f23642 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/ViewModels/ClaimsViewModel.cs @@ -0,0 +1,6 @@ +namespace SimpleIdServer.Federation.Rp.Startup.ViewModels; + +public class ClaimsViewModel +{ + public string AccessToken { get; set; } +} diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/ViewModels/ErrorViewModel.cs b/src/Federation/SimpleIdServer.Federation.Rp.Startup/ViewModels/ErrorViewModel.cs new file mode 100644 index 000000000..c8305dc5e --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/ViewModels/ErrorViewModel.cs @@ -0,0 +1,8 @@ +namespace SimpleIdServer.Federation.Rp.Startup.ViewModels; + +public class ErrorViewModel +{ + public string? RequestId { get; set; } + + public bool ShowRequestId => !string.IsNullOrEmpty(RequestId); +} diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Claims/Index.cshtml b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Claims/Index.cshtml new file mode 100644 index 000000000..f29394cda --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Claims/Index.cshtml @@ -0,0 +1,13 @@ +@model SimpleIdServer.Federation.Rp.Startup.ViewModels.ClaimsViewModel + +
    + @foreach (var claim in User.Claims) + { +
  • @claim.Type : @claim.Value
    • + } +
+ +
+

Access token

+

@Model.AccessToken

+
\ No newline at end of file diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Home/Index.cshtml b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Home/Index.cshtml new file mode 100644 index 000000000..20ef4b5f9 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Home/Index.cshtml @@ -0,0 +1,6 @@ +
    + @foreach (var claim in User.Claims) + { +
  • @claim.Type : @claim.Value
    • + } +
\ No newline at end of file diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Home/Privacy.cshtml b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Home/Privacy.cshtml new file mode 100644 index 000000000..af4fb195a --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Home/Privacy.cshtml @@ -0,0 +1,6 @@ +@{ + ViewData["Title"] = "Privacy Policy"; +} +

@ViewData["Title"]

+ +

Use this page to detail your site's privacy policy.

diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/Error.cshtml b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/Error.cshtml new file mode 100644 index 000000000..e1d582a9b --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/Error.cshtml @@ -0,0 +1,26 @@ +@model SimpleIdServer.Federation.Rp.Startup.ViewModels.ErrorViewModel + +@{ + ViewData["Title"] = "Error"; +} + +

Error.

+

An error occurred while processing your request.

+ +@if (Model.ShowRequestId) +{ +

+ Request ID: @Model.RequestId +

+} + +

Development Mode

+

+ Swapping to Development environment will display more detailed information about the error that occurred. +

+

+ The Development environment shouldn't be enabled for deployed applications. + It can result in displaying sensitive information from exceptions to end users. + For local debugging, enable the Development environment by setting the ASPNETCORE_ENVIRONMENT environment variable to Development + and restarting the app. +

diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/_Layout.cshtml b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/_Layout.cshtml new file mode 100644 index 000000000..138a6cc11 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/_Layout.cshtml @@ -0,0 +1,52 @@ + + + + + + @ViewData["Title"] - Website + + + + + +
+ +
+
+
+ @RenderBody() +
+
+ +
+
+ © 2023 - Website - Privacy +
+
+ + + + @await RenderSectionAsync("Scripts", required: false) + + diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/_Layout.cshtml.css b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/_Layout.cshtml.css new file mode 100644 index 000000000..a72cbeaf3 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/_Layout.cshtml.css @@ -0,0 +1,48 @@ +/* Please see documentation at https://docs.microsoft.com/aspnet/core/client-side/bundling-and-minification +for details on configuring this project to bundle and minify static web assets. */ + +a.navbar-brand { + white-space: normal; + text-align: center; + word-break: break-all; +} + +a { + color: #0077cc; +} + +.btn-primary { + color: #fff; + background-color: #1b6ec2; + border-color: #1861ac; +} + +.nav-pills .nav-link.active, .nav-pills .show > .nav-link { + color: #fff; + background-color: #1b6ec2; + border-color: #1861ac; +} + +.border-top { + border-top: 1px solid #e5e5e5; +} +.border-bottom { + border-bottom: 1px solid #e5e5e5; +} + +.box-shadow { + box-shadow: 0 .25rem .75rem rgba(0, 0, 0, .05); +} + +button.accept-policy { + font-size: 1rem; + line-height: inherit; +} + +.footer { + position: absolute; + bottom: 0; + width: 100%; + white-space: nowrap; + line-height: 60px; +} diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/_ValidationScriptsPartial.cshtml b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/_ValidationScriptsPartial.cshtml new file mode 100644 index 000000000..5a16d80a9 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/Shared/_ValidationScriptsPartial.cshtml @@ -0,0 +1,2 @@ + + diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/_ViewImports.cshtml b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/_ViewImports.cshtml new file mode 100644 index 000000000..afa82bbf2 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/_ViewImports.cshtml @@ -0,0 +1 @@ +@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers diff --git a/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/_ViewStart.cshtml b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/_ViewStart.cshtml new file mode 100644 index 000000000..a5f10045d --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Rp.Startup/Views/_ViewStart.cshtml @@ -0,0 +1,3 @@ +@{ + Layout = "_Layout"; +} diff --git a/src/Federation/SimpleIdServer.Federation.Ta.Startup/Program.cs b/src/Federation/SimpleIdServer.Federation.Ta.Startup/Program.cs new file mode 100644 index 000000000..24f3a0c1d --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Ta.Startup/Program.cs @@ -0,0 +1,29 @@ +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.Federation.Ta.Startup; +using SimpleIdServer.OpenidFederation.Store.EF; +using System.Security.Cryptography; + +var builder = WebApplication.CreateBuilder(args); +builder.Services.AddControllers(); +builder.Services.AddDistributedMemoryCache(); +builder.Services.AddAuthorityFederation(o => +{ + o.OrganizationName = "Trust anchor"; + o.SigningCredentials = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "taId" }, SecurityAlgorithms.RsaSha256); +}); +builder.Services.AddOpenidFederationStore(); + +var app = builder.Build(); +AddTrustedEntities(app.Services); +app.MapControllers(); +app.Run(); + +static void AddTrustedEntities(IServiceProvider services) +{ + using (var scope = services.CreateScope()) + { + var dbContext = scope.ServiceProvider.GetRequiredService(); + dbContext.FederationEntities.AddRange(TaConfiguration.FederationEntities); + dbContext.SaveChanges(); + } +} \ No newline at end of file diff --git a/src/Federation/SimpleIdServer.Federation.Ta.Startup/Properties/launchSettings.json b/src/Federation/SimpleIdServer.Federation.Ta.Startup/Properties/launchSettings.json new file mode 100644 index 000000000..83a6e50dc --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Ta.Startup/Properties/launchSettings.json @@ -0,0 +1,12 @@ +{ + "profiles": { + "SimpleIdServer.Federation.Ta.Startup": { + "commandName": "Project", + "launchBrowser": true, + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + }, + "applicationUrl": "http://localhost:7000" + } + } +} \ No newline at end of file diff --git a/src/Federation/SimpleIdServer.Federation.Ta.Startup/SimpleIdServer.Federation.Ta.Startup.csproj b/src/Federation/SimpleIdServer.Federation.Ta.Startup/SimpleIdServer.Federation.Ta.Startup.csproj new file mode 100644 index 000000000..d73fb7c20 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Ta.Startup/SimpleIdServer.Federation.Ta.Startup.csproj @@ -0,0 +1,11 @@ + + + net8.0 + enable + enable + + + + + + diff --git a/src/Federation/SimpleIdServer.Federation.Ta.Startup/TaConfiguration.cs b/src/Federation/SimpleIdServer.Federation.Ta.Startup/TaConfiguration.cs new file mode 100644 index 000000000..d561559e5 --- /dev/null +++ b/src/Federation/SimpleIdServer.Federation.Ta.Startup/TaConfiguration.cs @@ -0,0 +1,17 @@ +using SimpleIdServer.OpenidFederation.Domains; + +namespace SimpleIdServer.Federation.Ta.Startup; + +public class TaConfiguration +{ + public static List FederationEntities = new List + { + new FederationEntity + { + Id = Guid.NewGuid().ToString(), + Sub = "http://localhost:7001", + Realm = string.Empty, + IsSubordinate = true + } + }; +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Authority.Federation/Apis/FederationFetch/FederationFetchController.cs b/src/IdServer/SimpleIdServer.Authority.Federation/Apis/FederationFetch/FederationFetchController.cs new file mode 100644 index 000000000..26aa2c4eb --- /dev/null +++ b/src/IdServer/SimpleIdServer.Authority.Federation/Apis/FederationFetch/FederationFetchController.cs @@ -0,0 +1,49 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Caching.Distributed; +using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.Authority.Federation.Builders; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Apis.FederationFetch; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using SimpleIdServer.OpenidFederation.Builders; +using SimpleIdServer.OpenidFederation.Stores; + +namespace SimpleIdServer.Authority.Federation.Apis.FederationFetch; + +[Route(OpenidFederationConstants.EndPoints.FederationFetch)] +public class FederationFetchController : BaseFederationFetchController +{ + private readonly IAuthorityFederationEntityBuilder _federationEntityBuilder; + private readonly AuthorityFederationOptions _options; + + public FederationFetchController( + IAuthorityFederationEntityBuilder federationEntityBuilder, + IFederationEntityStore federationEntityStore, + IDistributedCache distributedCache, + IdServer.Helpers.IHttpClientFactory httpClientFactory, + IOptions options) : base(federationEntityStore, distributedCache, httpClientFactory) + { + _federationEntityBuilder = federationEntityBuilder; + _options = options.Value; + } + + [HttpGet] + public Task Get( + [FromQuery] FederationFetchRequest request, + CancellationToken cancellationToken) + { + var issuer = this.GetAbsoluteUriWithVirtualPath(); + return Get(request, string.Empty, issuer, cancellationToken); + } + + protected override Task BuildSelfIssuedFederationEntity(BuildFederationEntityRequest request, CancellationToken cancellationToken) + => _federationEntityBuilder.BuildSelfIssued(request, cancellationToken); + + protected override SigningCredentials GetSigningCredential(string realm) + { + return _options.SigningCredentials; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Authority.Federation/Apis/FederationList/FederationListController.cs b/src/IdServer/SimpleIdServer.Authority.Federation/Apis/FederationList/FederationListController.cs new file mode 100644 index 000000000..bbe0b65d4 --- /dev/null +++ b/src/IdServer/SimpleIdServer.Authority.Federation/Apis/FederationList/FederationListController.cs @@ -0,0 +1,25 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Mvc; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Stores; + +namespace SimpleIdServer.Authority.Federation.Apis.FederationList; + +[Route(OpenidFederationConstants.EndPoints.FederationList)] +public class FederationListController +{ + private readonly IFederationEntityStore _federationEntityStore; + + public FederationListController(IFederationEntityStore federationEntityStore) + { + _federationEntityStore = federationEntityStore; + } + + [HttpGet] + public async Task Get(CancellationToken cancellationToken) + { + var result = await _federationEntityStore.GetAllSubordinates(string.Empty, cancellationToken); + return new OkObjectResult(result.Select(r => r.Sub).ToArray()); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Authority.Federation/Apis/OpenidFederation/OpenidFederationController.cs b/src/IdServer/SimpleIdServer.Authority.Federation/Apis/OpenidFederation/OpenidFederationController.cs new file mode 100644 index 000000000..b11d5d917 --- /dev/null +++ b/src/IdServer/SimpleIdServer.Authority.Federation/Apis/OpenidFederation/OpenidFederationController.cs @@ -0,0 +1,48 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.Authority.Federation.Builders; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Apis; +using System.Net; +using System.Text.Json; + +namespace SimpleIdServer.Authority.Federation.Apis.OpenidFederation; + +[Route(OpenidFederationConstants.EndPoints.OpenidFederation)] +public class OpenidFederationController : BaseOpenidFederationController +{ + private readonly AuthorityFederationOptions _options; + private readonly IAuthorityFederationEntityBuilder _authorityFederationEntityBuilder; + + public OpenidFederationController( + IOptions options, + IAuthorityFederationEntityBuilder authorityFederationEntityBuilder) + { + _options = options.Value; + _authorityFederationEntityBuilder = authorityFederationEntityBuilder; + } + + [HttpGet] + public async Task Get(CancellationToken cancellationToken) + { + var issuer = this.GetAbsoluteUriWithVirtualPath(); + if (_options.SigningCredentials == null) return Error(System.Net.HttpStatusCode.InternalServerError, SimpleIdServer.OpenidFederation.ErrorCodes.INTERNAL_SERVER_ERROR, SimpleIdServer.OpenidFederation.Resources.Global.CannotExtractSignatureKey); + var selfIssuedFederationEntity = await _authorityFederationEntityBuilder.BuildSelfIssued(new SimpleIdServer.OpenidFederation.Builders.BuildFederationEntityRequest + { + Credential = _options.SigningCredentials, + Issuer = issuer + }, cancellationToken); + var handler = new JsonWebTokenHandler(); + var jws = handler.CreateToken(JsonSerializer.Serialize(selfIssuedFederationEntity), new SigningCredentials(_options.SigningCredentials.Key, _options.SigningCredentials.Algorithm)); + return new ContentResult + { + StatusCode = (int)HttpStatusCode.OK, + Content = jws, + ContentType = OpenidFederationConstants.EntityStatementContentType + }; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Authority.Federation/AuthorityFederationOptions.cs b/src/IdServer/SimpleIdServer.Authority.Federation/AuthorityFederationOptions.cs new file mode 100644 index 000000000..a787a7650 --- /dev/null +++ b/src/IdServer/SimpleIdServer.Authority.Federation/AuthorityFederationOptions.cs @@ -0,0 +1,18 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.IdentityModel.Tokens; + +namespace SimpleIdServer.Authority.Federation; + +public class AuthorityFederationOptions +{ + /// + /// Organization name. + /// + public string OrganizationName { get; set; } + /// + /// Key used to sign the response. + /// + public SigningCredentials SigningCredentials { get; set; } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Authority.Federation/Builders/AuthorityFederationEntityBuilder.cs b/src/IdServer/SimpleIdServer.Authority.Federation/Builders/AuthorityFederationEntityBuilder.cs new file mode 100644 index 000000000..20f39d74d --- /dev/null +++ b/src/IdServer/SimpleIdServer.Authority.Federation/Builders/AuthorityFederationEntityBuilder.cs @@ -0,0 +1,32 @@ +using Microsoft.Extensions.Options; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using SimpleIdServer.OpenidFederation.Builders; +using SimpleIdServer.OpenidFederation.Stores; + +namespace SimpleIdServer.Authority.Federation.Builders; + +public interface IAuthorityFederationEntityBuilder +{ + Task BuildSelfIssued(BuildFederationEntityRequest request, CancellationToken cancellationToken); +} + +public class AuthorityFederationEntityBuilder : BaseFederationEntityBuilder, IAuthorityFederationEntityBuilder +{ + private readonly AuthorityFederationOptions _options; + + public AuthorityFederationEntityBuilder( + IOptions options, + IFederationEntityStore federationEntityStore) : base(federationEntityStore) + { + _options = options.Value; + } + + protected override bool IsFederationEnabled => true; + + protected override string OrganizationName => _options.OrganizationName; + + protected override Task EnrichSelfIssued(OpenidFederationResult federationEntity, BuildFederationEntityRequest request, CancellationToken cancellationToken) + { + return Task.CompletedTask; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Authority.Federation/ServiceCollectionExtensions.cs b/src/IdServer/SimpleIdServer.Authority.Federation/ServiceCollectionExtensions.cs new file mode 100644 index 000000000..c628f2e72 --- /dev/null +++ b/src/IdServer/SimpleIdServer.Authority.Federation/ServiceCollectionExtensions.cs @@ -0,0 +1,17 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.Authority.Federation; +using SimpleIdServer.Authority.Federation.Builders; + +namespace Microsoft.Extensions.DependencyInjection; + +public static class ServiceCollectionExtensions +{ + public static IServiceCollection AddAuthorityFederation(this IServiceCollection services, Action authorityOptions) + { + services.Configure(authorityOptions); + services.AddTransient(); + services.AddTransient(); + return services; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Authority.Federation/SimpleIdServer.Authority.Federation.csproj b/src/IdServer/SimpleIdServer.Authority.Federation/SimpleIdServer.Authority.Federation.csproj new file mode 100644 index 000000000..461e44d0c --- /dev/null +++ b/src/IdServer/SimpleIdServer.Authority.Federation/SimpleIdServer.Authority.Federation.csproj @@ -0,0 +1,11 @@ + + + net8.0 + enable + enable + Support OPENID federation - authority (intermediate authority or trust anchor). + + + + + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Configuration/AutomaticConfigurationProvider.cs b/src/IdServer/SimpleIdServer.Configuration/AutomaticConfigurationProvider.cs index 6c0c9fec3..011522d6d 100644 --- a/src/IdServer/SimpleIdServer.Configuration/AutomaticConfigurationProvider.cs +++ b/src/IdServer/SimpleIdServer.Configuration/AutomaticConfigurationProvider.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Primitives; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Middlewares; using System; using System.Collections.Generic; diff --git a/src/IdServer/SimpleIdServer.Configuration/ConfigurationDefinitionExtractor.cs b/src/IdServer/SimpleIdServer.Configuration/ConfigurationDefinitionExtractor.cs index b4f7b64a9..c72c860e2 100644 --- a/src/IdServer/SimpleIdServer.Configuration/ConfigurationDefinitionExtractor.cs +++ b/src/IdServer/SimpleIdServer.Configuration/ConfigurationDefinitionExtractor.cs @@ -1,5 +1,6 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer; using SimpleIdServer.IdServer.Domains; using System; using System.Collections.Generic; diff --git a/src/IdServer/SimpleIdServer.Configuration/DisplayConditionEvaluator.cs b/src/IdServer/SimpleIdServer.Configuration/DisplayConditionEvaluator.cs index c5314caa9..eb272c987 100644 --- a/src/IdServer/SimpleIdServer.Configuration/DisplayConditionEvaluator.cs +++ b/src/IdServer/SimpleIdServer.Configuration/DisplayConditionEvaluator.cs @@ -7,13 +7,19 @@ namespace SimpleIdServer.Configuration { public static class DisplayConditionEvaluator { - public static bool IsValid(Dictionary values, string condition) + public static bool IsLogicalOperationValid(Dictionary values, string condition) { if (string.IsNullOrWhiteSpace(condition)) return true; + var conditions = condition.Split("&&").Select(c => c.Trim()); + return conditions.All(c => IsEqualityOperationValid(values, c)); + } + + public static bool IsEqualityOperationValid(Dictionary values, string condition) + { var splitted = condition.Split('='); var key = splitted[0]; var value = splitted[1]; - return values.Any(kvp => kvp.Key == key && kvp.Value == value); + return values.Any(kvp => kvp.Key == key && kvp.Value.Equals(value, System.StringComparison.InvariantCultureIgnoreCase)); } } } diff --git a/src/IdServer/SimpleIdServer.DPoP/SimpleIdServer.DPoP.csproj b/src/IdServer/SimpleIdServer.DPoP/SimpleIdServer.DPoP.csproj index c0a0f83ef..048d505c2 100644 --- a/src/IdServer/SimpleIdServer.DPoP/SimpleIdServer.DPoP.csproj +++ b/src/IdServer/SimpleIdServer.DPoP/SimpleIdServer.DPoP.csproj @@ -4,7 +4,7 @@ Includes types that provider support for creating, serializing and validating DPoP. - - + + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.ConformanceSuite.Startup/Converters/FacebookOptionsLite.cs b/src/IdServer/SimpleIdServer.IdServer.ConformanceSuite.Startup/Converters/FacebookOptionsLite.cs index c0fc31e13..824852a75 100644 --- a/src/IdServer/SimpleIdServer.IdServer.ConformanceSuite.Startup/Converters/FacebookOptionsLite.cs +++ b/src/IdServer/SimpleIdServer.IdServer.ConformanceSuite.Startup/Converters/FacebookOptionsLite.cs @@ -7,9 +7,9 @@ namespace SimpleIdServer.IdServer.ConformanceSuite.Startup.Converters { public class FacebookOptionsLite : IDynamicAuthenticationOptions { - [SimpleIdServer.Configuration.ConfigurationRecord("AppId", "Application identifier", 0)] + [SimpleIdServer.IdServer.ConfigurationRecord("AppId", "Application identifier", 0)] public string AppId { get; set; } - [SimpleIdServer.Configuration.ConfigurationRecord("AppSecret", "Application secret", 1, null, Configuration.CustomConfigurationRecordType.PASSWORD)] + [SimpleIdServer.IdServer.ConfigurationRecord("AppSecret", "Application secret", 1, null, SimpleIdServer.IdServer.CustomConfigurationRecordType.PASSWORD)] public string AppSecret { get; set; } public FacebookOptions Convert() => new FacebookOptions diff --git a/src/IdServer/SimpleIdServer.IdServer.ConformanceSuite.Startup/Converters/OpenIdConnectLiteOptions.cs b/src/IdServer/SimpleIdServer.IdServer.ConformanceSuite.Startup/Converters/OpenIdConnectLiteOptions.cs index 7ad0e022a..3c101cb91 100644 --- a/src/IdServer/SimpleIdServer.IdServer.ConformanceSuite.Startup/Converters/OpenIdConnectLiteOptions.cs +++ b/src/IdServer/SimpleIdServer.IdServer.ConformanceSuite.Startup/Converters/OpenIdConnectLiteOptions.cs @@ -7,9 +7,9 @@ namespace SimpleIdServer.IdServer.ConformanceSuite.Startup.Converters { public class OpenIdConnectLiteOptions : IDynamicAuthenticationOptions { - [SimpleIdServer.Configuration.ConfigurationRecord("ClientId", "Client Identifier", order: 0)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientId", "Client Identifier", order: 0)] public string ClientId { get; set; } - [SimpleIdServer.Configuration.ConfigurationRecord("ClientSecret", "Client Secret", order: 1)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientSecret", "Client Secret", order: 1)] public string ClientSecret { get; set; } public OpenIdConnectOptions Convert() diff --git a/src/IdServer/SimpleIdServer.IdServer.Console/UI/AuthenticateController.cs b/src/IdServer/SimpleIdServer.IdServer.Console/UI/AuthenticateController.cs index 7ca1e5ca2..4c76324d7 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Console/UI/AuthenticateController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Console/UI/AuthenticateController.cs @@ -45,7 +45,7 @@ public AuthenticateController( IJwtBuilder jwtBuilder, IBusControl busControl, IAntiforgery antiforgery, - IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(notificationServices, otpAuthenticators, userAuthenticationService, authenticationSchemeProvider, options, dataProtectionProvider, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, tokenRepository, transactionBuilder, jwtBuilder, busControl, antiforgery, authenticationContextClassReferenceRepository) + IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(configuration, notificationServices, otpAuthenticators, userAuthenticationService, authenticationSchemeProvider, options, dataProtectionProvider, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, tokenRepository, transactionBuilder, jwtBuilder, busControl, antiforgery, authenticationContextClassReferenceRepository) { _configuration = configuration; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/Client.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/Client.cs index a9e7303c1..5dbf27df7 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Domains/Client.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/Client.cs @@ -244,6 +244,13 @@ public IEnumerable JsonWebKeys return SerializedJsonWebKeys.Select(j=> new JsonWebKey(j.SerializedJsonWebKey)); } } + + /// + /// Array of strings representing URI scheme identifiers and optionally method names of supported Subject Syntax Types. + /// For example : did:key, did:example, urn:ietf:params:oauth:jwk-thumbprint + /// + [JsonPropertyName(OAuthClientParameters.SubjectSyntaxTypesSupported)] + public List SubjectSyntaxTypesSupported { get; set; } = new List(); /// /// Cryptographic algorithm used to secure the JWS access token. /// @@ -356,6 +363,8 @@ public IEnumerable JsonWebKeys [JsonPropertyName(OAuthClientParameters.UserInfoSignedResponseAlg)] [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] public string? UserInfoSignedResponseAlg { get; set; } = null; + [JsonPropertyName(OAuthClientParameters.ClientRegistrationTypesSupported)] + public List ClientRegistrationTypesSupported { get; set; } = new List(); [JsonPropertyName(OAuthClientParameters.UserInfoEncryptedResponseAlg)] [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] /// @@ -496,6 +505,8 @@ public IEnumerable JsonWebKeys public ICollection SerializedJsonWebKeys { get; set; } = new List(); [JsonPropertyName(OAuthClientParameters.ClientType)] public string? ClientType { get; set; } = null; + [JsonPropertyName(OAuthClientParameters.ExpirationDateTime)] + public DateTime? ExpirationDateTime { get; set; } = null; /// /// Nonce is required in the DPoP proof. /// @@ -508,6 +519,11 @@ public IEnumerable JsonWebKeys public double DPOPNonceLifetimeInSeconds { get; set; } = 5 * 60; [JsonPropertyName(OAuthClientParameters.IsRedirectUrlCaseSensitive)] public bool IsRedirectUrlCaseSensitive { get; set; } = false; + /// + /// Enable or disable self-issued. + /// + [JsonPropertyName(OAuthClientParameters.IsSelfIssueEnabled)] + public bool IsSelfIssueEnabled { get; set; } [JsonPropertyName(OAuthClientParameters.Parameters)] public JsonObject Parameters { @@ -537,7 +553,7 @@ public JsonObject Parameters /// [JsonPropertyName(OAuthClientParameters.AccessTokenType)] public AccessTokenTypes AccessTokenType { get; set; } = AccessTokenTypes.Jwt; - [JsonIgnore] + [JsonPropertyName(OAuthClientParameters.Realms)] public ICollection Realms { get; set; } = new List(); [JsonIgnore] public ICollection DeviceAuthCodes { get; set; } = new List(); @@ -628,5 +644,6 @@ public class ClientTypes public const string GRANTMANAGEMENT = "GRANTMANAGEMENT"; public const string SAML = "SAML"; public const string CREDENTIAL_ISSUER = "CREDENTIALISSUER"; + public const string FEDERATION = "FEDERATION"; } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/OAuthClientParameters.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/OAuthClientParameters.cs index e021cadf9..e889a6644 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/OAuthClientParameters.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/OAuthClientParameters.cs @@ -89,5 +89,10 @@ public class OAuthClientParameters public const string RedirectToRevokeSessionUI = "redirect_revoke_session_ui"; public const string PreAuthCodeExpirationTimeInSeconds = "pre_auth_code_expiration_time"; public const string SupportedAcrs = "supported_acrs"; + public const string SubjectSyntaxTypesSupported = "subject_syntax_types_supported"; + public const string IsSelfIssueEnabled = "is_self_issue_enabled"; + public const string ExpirationDateTime = "expiration_datetime"; + public const string ClientRegistrationTypesSupported = "client_registration_types_supported"; + public const string Realms = "realms"; } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/ScopeNames.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/ScopeNames.cs index b38a7157d..9776aacb9 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/ScopeNames.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/ScopeNames.cs @@ -16,4 +16,6 @@ public static class ScopeNames public const string UpdateDatetime = "update_datetime"; public const string Mappers = "mappers"; public const string IsRole = "is_role"; + public const string Component = "component"; + public const string Action = "action"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/UserNames.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/UserNames.cs index 55b028843..386173fbf 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/UserNames.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/DTOs/UserNames.cs @@ -26,5 +26,7 @@ public class UserNames public const string Source = "source"; public const string DID = "did"; public const string DIDPrivateHex = "did_private_key"; + public const string UnblockDateTime = "unblock_datetime"; + public const string NbLoginAttempt = "nb_login_attempt"; } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/MessageBusErrorMessage.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/MessageBusErrorMessage.cs new file mode 100644 index 000000000..5e0d123a5 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/MessageBusErrorMessage.cs @@ -0,0 +1,15 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +namespace SimpleIdServer.IdServer.Domains; + +public class MessageBusErrorMessage +{ + public string Id { get; set; } = null!; + public string? ExternalId { get; set; } = null; + public string Name { get; set; } = null!; + public string FullName { get; set; } = null!; + public string Content { get; set; } = null!; + public List Exceptions { get; set; } = new List(); + public DateTime ReceivedDateTime { get; set; } + public string QueueName { get; set; } = null!; +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/Scope.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/Scope.cs index 071970428..ab708f6cd 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Domains/Scope.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/Scope.cs @@ -34,11 +34,15 @@ public Scope(string name) : this() public DateTime CreateDateTime { get; set; } [JsonPropertyName(ScopeNames.UpdateDatetime)] public DateTime UpdateDateTime { get; set; } + [JsonPropertyName(ScopeNames.Component)] + public string? Component { set; get; } = null; + [JsonPropertyName(ScopeNames.Action)] + public ComponentActions? Action { get; set; } /// /// Array of strings that specifies the claims. /// [JsonPropertyName(ScopeNames.Mappers)] - public ICollection ClaimMappers { get; set; }= new List(); + public ICollection ClaimMappers { get; set; } = new List(); [JsonIgnore] public ICollection ApiResources { get; set; } = new List(); [JsonIgnore] @@ -101,3 +105,9 @@ public enum ScopeProtocols OAUTH = 2 } } + +public enum ComponentActions +{ + Manage = 0, + View = 1 +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/ScopeClaimMapper.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/ScopeClaimMapper.cs index fd172976d..2d4f8fc81 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Domains/ScopeClaimMapper.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/ScopeClaimMapper.cs @@ -3,6 +3,7 @@ using SimpleIdServer.IdServer.Domains.DTOs; using System.Security.Claims; using System.Text.Json.Serialization; +using System.Xml.Linq; namespace SimpleIdServer.IdServer.Domains { diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/Token.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/Token.cs index 2e9104202..f4c54e246 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Domains/Token.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/Token.cs @@ -7,7 +7,7 @@ public class Token { public string Id { get; set; } = null!; public string? SessionId { get; set; } = null; - public string ClientId { get; set; } = null!; + public string? ClientId { get; set; } = null!; public string TokenType { get; set; } = null!; public AccessTokenTypes? AccessTokenType { get; set; } = null; public string? Data { get; set; } = null; diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/TranslatableConverter.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/TranslatableConverter.cs index b869f933b..62adf6162 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Domains/TranslatableConverter.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/TranslatableConverter.cs @@ -68,6 +68,8 @@ public override void Write(Utf8JsonWriter writer, T value, JsonSerializerOptions writer.WriteNumber(prop.Item2, (double)obj); else if (propertyType == typeof(DateTime)) writer.WriteString(prop.Item2, (DateTime)obj); + else if (propertyType == typeof(DateTime?) && obj != null) + writer.WriteString(prop.Item2, (DateTime)obj); else if (TryGetEnumType(propertyType, out Type resultType)) writer.WriteString(prop.Item2, Enum.GetName(resultType, obj)); else if (propertyType.GetInterfaces().Any(i => i.IsGenericType && i.GetGenericTypeDefinition() == typeof(IEnumerable<>))) diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/User.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/User.cs index f93526861..a3e623098 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Domains/User.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/User.cs @@ -57,6 +57,10 @@ public User() public DateTime UpdateDateTime { get; set; } [JsonPropertyName(UserNames.Source)] public string? Source { get; set; } = null; + [JsonPropertyName(UserNames.UnblockDateTime)] + public DateTime? UnblockDateTime { get; set; } + [JsonPropertyName(UserNames.NbLoginAttempt)] + public int NbLoginAttempt { get; set; } [JsonIgnore] public string? IdentityProvisioningId { get; set; } = null; [JsonIgnore] @@ -115,6 +119,7 @@ public UserCredential? ActivePassword [JsonIgnore] public IdentityProvisioning? IdentityProvisioning { get; set; } = null; + #region User claims public bool TryGetUserClaim(string key, out object result) @@ -132,6 +137,34 @@ public bool TryGetUserClaim(string key, out object result) #endregion + public bool IsBlocked() + { + if (Status == UserStatus.BLOCKED && UnblockDateTime >= DateTime.UtcNow) return true; + if (Status == UserStatus.BLOCKED && UnblockDateTime < DateTime.UtcNow) + { + ResetLoginAttempt(); + } + + return false; + } + + public void LoginAttempt(int maxAttempt, int lockTimeInSeconds) + { + NbLoginAttempt++; + if (NbLoginAttempt >= maxAttempt) + { + UnblockDateTime = DateTime.UtcNow.AddSeconds(lockTimeInSeconds); + Status = UserStatus.BLOCKED; + } + } + + public void ResetLoginAttempt() + { + NbLoginAttempt = 0; + UnblockDateTime = null; + Status = UserStatus.ACTIVATED; + } + public Consent AddConsent(string realm, string clientId, ICollection claims, ICollection scopes, ICollection authorizationDetails) { var result = new Consent diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/UserCredential.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/UserCredential.cs index 9d52fcc9a..c2a150530 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Domains/UserCredential.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/UserCredential.cs @@ -48,7 +48,7 @@ public object Clone() }; } - public static UserCredential CreatePassword(string pwd) => new UserCredential { Id = Guid.NewGuid().ToString(), CredentialType = "pwd", Value = PasswordHelper.ComputeHash(pwd) }; + public static UserCredential CreatePassword(string pwd, bool isBase64Encoded) => new UserCredential { Id = Guid.NewGuid().ToString(), CredentialType = "pwd", Value = PasswordHelper.ComputeHash(pwd, isBase64Encoded) }; } public enum OTPAlgs diff --git a/src/IdServer/SimpleIdServer.IdServer.Domains/UserStatus.cs b/src/IdServer/SimpleIdServer.IdServer.Domains/UserStatus.cs index 92e409d0f..6ebc634bf 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Domains/UserStatus.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Domains/UserStatus.cs @@ -4,8 +4,7 @@ namespace SimpleIdServer.IdServer.Domains { public enum UserStatus { - CREATED = 0, - NOTIFIED = 1, - CONFIRMED = 2 + ACTIVATED = 0, + BLOCKED = 1 } -} +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Email/UI/AuthenticateController.cs b/src/IdServer/SimpleIdServer.IdServer.Email/UI/AuthenticateController.cs index b172ec353..53b25bebd 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Email/UI/AuthenticateController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Email/UI/AuthenticateController.cs @@ -41,10 +41,10 @@ public AuthenticateController( IAmrHelper amrHelper, IUserRepository userRepository, IUserSessionResitory userSessionRepository, - IUserTransformer userTransformer, + IUserTransformer userTransformer, IBusControl busControl, IAntiforgery antiforgery, - IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(notificationServices, otpAuthenticators, userAuthenticationService, authenticationSchemeProvider, options, dataProtectionProvider, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, tokenRepository, transactionBuilder, jwtBuilder, busControl, antiforgery, authenticationContextClassReferenceRepository) + IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(configuration,notificationServices, otpAuthenticators, userAuthenticationService, authenticationSchemeProvider, options, dataProtectionProvider, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, tokenRepository, transactionBuilder, jwtBuilder, busControl, antiforgery, authenticationContextClassReferenceRepository) { _configuration = configuration; } @@ -65,6 +65,7 @@ protected override bool TryGetLogin(AmrAuthInfo amr, out string login) protected override void EnrichViewModel(AuthenticateEmailViewModel viewModel) { + } private IdServerEmailOptions GetOptions() diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationEntity/AddTrustedAnchorRequest.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationEntity/AddTrustedAnchorRequest.cs new file mode 100644 index 000000000..9d973c115 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationEntity/AddTrustedAnchorRequest.cs @@ -0,0 +1,11 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Newtonsoft.Json; + +namespace SimpleIdServer.IdServer.Federation.Apis.FederationEntity; + +public class AddTrustedAnchorRequest +{ + [JsonProperty("url")] + public string Url { get; set; } = null!; +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationEntity/FederationEntitiesController.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationEntity/FederationEntitiesController.cs new file mode 100644 index 000000000..dda2d1c31 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationEntity/FederationEntitiesController.cs @@ -0,0 +1,125 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Logging; +using SimpleIdServer.IdServer.Api; +using SimpleIdServer.IdServer.Exceptions; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Jwt; +using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.OpenidFederation.Clients; +using SimpleIdServer.OpenidFederation.Stores; +using System.Net; +using System.Text.Json; + +namespace SimpleIdServer.IdServer.Federation.Apis.FederationEntity; + +public class FederationEntitiesController : BaseController +{ + private readonly IFederationEntityStore _federationEntityStore; + private readonly ITransactionBuilder _transactionBuilder; + private readonly ILogger _logger; + private readonly IdServer.Helpers.IHttpClientFactory _httpClientFactory; + + public FederationEntitiesController( + IFederationEntityStore federationEntityStore, + ITransactionBuilder transactionBuilder, + ILogger logger, + IdServer.Helpers.IHttpClientFactory httpClientFactory, + ITokenRepository tokenRepository, + IJwtBuilder jwtBuilder) : base(tokenRepository, jwtBuilder) + { + _federationEntityStore = federationEntityStore; + _transactionBuilder = transactionBuilder; + _logger = logger; + _httpClientFactory = httpClientFactory; + } + + [HttpPost] + public async Task AddTrustAnchor([FromRoute] string prefix, [FromBody] AddTrustedAnchorRequest request, CancellationToken cancellationToken) + { + prefix = prefix ?? Constants.DefaultRealm; + try + { + await CheckAccessToken(prefix, IdServerFederationConstants.StandardScopes.FederationEntities.Name); + if (request == null) throw new OAuthException(ErrorCodes.INVALID_REQUEST, IdServer.Resources.Global.InvalidIncomingRequest); + if (string.IsNullOrWhiteSpace(request.Url)) throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(IdServer.Resources.Global.MissingParameter, "url")); + var federationEntity = await _federationEntityStore.GetByUrl(prefix, request.Url, cancellationToken); + if (federationEntity != null) throw new OAuthException(ErrorCodes.INVALID_REQUEST, Resources.Global.FederationEntityAlreadyExists); + using(var resolver = TrustChainResolver.New(_httpClientFactory.GetHttpClient())) + { + using (var transaction = _transactionBuilder.Build()) + { + var openidFederation = await resolver.ResolveOpenidFederation(request.Url, cancellationToken); + if (openidFederation == null) throw new OAuthException(ErrorCodes.INVALID_REQUEST, Resources.Global.OpenidFederationCannotBeResolved); + federationEntity = new SimpleIdServer.OpenidFederation.Domains.FederationEntity + { + Id = Guid.NewGuid().ToString(), + IsSubordinate = false, + Realm = prefix, + Sub = request.Url, + CreateDateTime = DateTime.UtcNow + }; + _federationEntityStore.Add(federationEntity); + await transaction.Commit(cancellationToken); + return new ContentResult + { + Content = JsonSerializer.Serialize(federationEntity), + ContentType = "application/json", + StatusCode = (int)HttpStatusCode.Created + }; + } + } + } + catch(InvalidOperationException ex) + { + _logger.LogError(ex.ToString()); + return BuildError(ex); + } + catch (OAuthException ex) + { + _logger.LogError(ex.ToString()); + return BuildError(ex); + } + } + + [HttpDelete] + public async Task Delete([FromRoute] string prefix, string id, CancellationToken cancellationToken) + { + prefix = prefix ?? Constants.DefaultRealm; + try + { + using (var transaction = _transactionBuilder.Build()) + { + await CheckAccessToken(prefix, IdServerFederationConstants.StandardScopes.FederationEntities.Name); + var federationEntity = await _federationEntityStore.Get(id, cancellationToken); + if (federationEntity == null) throw new OAuthException(HttpStatusCode.NotFound, ErrorCodes.INVALID_REQUEST, Resources.Global.FederationEntityUnknown); + _federationEntityStore.Remove(federationEntity); + await transaction.Commit(cancellationToken); + return NoContent(); + } + } + catch (OAuthException ex) + { + _logger.LogError(ex.ToString()); + return BuildError(ex); + } + } + + [HttpPost] + public async Task SearchFederationEntities([FromRoute] string prefix, [FromBody] SearchRequest request, CancellationToken cancellationToken) + { + prefix = prefix ?? Constants.DefaultRealm; + try + { + await CheckAccessToken(prefix, IdServerFederationConstants.StandardScopes.FederationEntities.Name); + var result = await _federationEntityStore.Search(prefix, request, cancellationToken); + return new OkObjectResult(result); + } + catch (OAuthException ex) + { + _logger.LogError(ex.ToString()); + return BuildError(ex); + } + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationFetch/FederationFetchController.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationFetch/FederationFetchController.cs new file mode 100644 index 000000000..facfd3266 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationFetch/FederationFetchController.cs @@ -0,0 +1,57 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Caching.Distributed; +using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.IdServer.Federation.Builders; +using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.OpenidFederation.Apis.FederationFetch; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using SimpleIdServer.OpenidFederation.Builders; +using SimpleIdServer.OpenidFederation.Stores; + +namespace SimpleIdServer.IdServer.Federation.Apis.FederationFetch; + +public class FederationFetchController : BaseFederationFetchController +{ + private readonly IOpenidProviderFederationEntityBuilder _federationEntityBuilder; + private readonly IKeyStore _keyStore; + private readonly OpenidFederationOptions _options; + + public FederationFetchController( + IOpenidProviderFederationEntityBuilder federationEntityBuilder, + IKeyStore keyStore, + IFederationEntityStore federationEntityStore, + IDistributedCache distributedCache, + IdServer.Helpers.IHttpClientFactory httpClientFactory, + IOptions options) : base(federationEntityStore, distributedCache, httpClientFactory) + { + _federationEntityBuilder = federationEntityBuilder; + _keyStore = keyStore; + _options = options.Value; + } + + [HttpGet] + public Task Get( + [FromRoute] string prefix, + [FromQuery] FederationFetchRequest request, + CancellationToken cancellationToken) + { + prefix = prefix ?? Constants.DefaultRealm; + var issuer = Request.GetAbsoluteUriWithVirtualPath(); + return Get(request, prefix, issuer, cancellationToken); + } + + protected override Task BuildSelfIssuedFederationEntity(BuildFederationEntityRequest request, CancellationToken cancellationToken) + => _federationEntityBuilder.BuildSelfIssued(request, cancellationToken); + + protected override SigningCredentials GetSigningCredential(string realm) + { + var signingKeys = _keyStore.GetAllSigningKeys(realm); + var signingKey = signingKeys.FirstOrDefault(k => k.Kid == _options.TokenSignedKid); + return signingKey; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationList/FederationListController.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationList/FederationListController.cs new file mode 100644 index 000000000..65a71ec22 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationList/FederationListController.cs @@ -0,0 +1,25 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.Mvc; +using SimpleIdServer.OpenidFederation.Stores; + +namespace SimpleIdServer.IdServer.Federation.Apis.FederationList; + +public class FederationListController : Controller +{ + private readonly IFederationEntityStore _federationEntityStore; + + public FederationListController(IFederationEntityStore federationEntityStore) + { + _federationEntityStore = federationEntityStore; + } + + [HttpGet] + public async Task Get([FromRoute] string prefix, CancellationToken cancellationToken) + { + prefix = prefix ?? IdServer.Constants.DefaultRealm; + var result = await _federationEntityStore.GetAllSubordinates(prefix, cancellationToken); + return new OkObjectResult(result.Select(r => r.Sub).ToArray()); + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationRegistration/FederationRegistrationController.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationRegistration/FederationRegistrationController.cs new file mode 100644 index 000000000..534090ec8 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationRegistration/FederationRegistrationController.cs @@ -0,0 +1,93 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Logging; +using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.IdServer.Exceptions; +using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Apis; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using System.Net; +using System.Text; +using System.Text.Json; +using System.Text.Json.Nodes; + +namespace SimpleIdServer.IdServer.Federation.Apis.FederationRegistration; + +public class FederationRegistrationController : BaseOpenidFederationController +{ + private readonly ILogger _logger; + private readonly IClientRegistrationService _clientRegistrationService; + private readonly IKeyStore _keyStore; + private readonly OpenidFederationOptions _options; + + public FederationRegistrationController(ILogger logger, + IClientRegistrationService clientRegistrationService, + IKeyStore keyStore, + IOptions options) + { + _logger = logger; + _clientRegistrationService = clientRegistrationService; + _keyStore = keyStore; + _options = options.Value; + } + + [HttpPost] + public async Task Post([FromRoute] string prefix, CancellationToken cancellationToken) + { + using (var reader = new StreamReader( + Request.Body, + encoding: Encoding.UTF8, + detectEncodingFromByteOrderMarks: false + )) + { + var entityStatement = await reader.ReadToEndAsync(); + prefix = prefix ?? Constants.DefaultRealm; + if (!Request.Headers.ContentType.Any(c => c.StartsWith(OpenidFederationConstants.EntityStatementContentType))) + return Error(HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, Resources.Global.OnlyEntityStatementIsSupported); + try + { + var signingCredential = GetSigningCredential(prefix); + var record = await _clientRegistrationService.ExplicitRegisterClient(prefix, entityStatement, cancellationToken); + var rpEs = record.Item2.EntityStatements.First(); + var taEs = record.Item2.TrustAnchor; + var openidFederation = new OpenidFederationResult + { + Iat = rpEs.FederationResult.Iat, + Exp = rpEs.FederationResult.Exp, + Iss = this.GetAbsoluteUriWithVirtualPath(), + Sub = rpEs.FederationResult.Sub, + Jwks = rpEs.FederationResult.Jwks + }; + var client = JsonObject.Parse(JsonSerializer.Serialize(record.Item1)).AsObject(); + openidFederation.Metadata.OtherParameters.Add(EntityStatementTypes.OpenidRelyingParty, client); + openidFederation.TrustAnchorId = taEs.FederationResult.Sub; + var handler = new JsonWebTokenHandler(); + var jws = handler.CreateToken(JsonSerializer.Serialize(openidFederation), new SigningCredentials(signingCredential.Key, signingCredential.Algorithm)); + return new ContentResult + { + StatusCode = (int)HttpStatusCode.OK, + Content = jws, + ContentType = OpenidFederationConstants.EntityStatementContentType + }; + } + catch (OAuthException ex) + { + _logger.LogError(ex.ToString()); + var statusCode = ex.StatusCode == null ? HttpStatusCode.BadRequest : ex.StatusCode.Value; + return Error(statusCode, ex.Code, ex.Message); + } + } + } + + private SigningCredentials GetSigningCredential(string realm) + { + var signingKeys = _keyStore.GetAllSigningKeys(realm); + var signingKey = signingKeys.FirstOrDefault(k => k.Kid == _options.TokenSignedKid); + return signingKey; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/OpenidConfiguration/FederationOpenidConfigurationRequestHandler.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/OpenidConfiguration/FederationOpenidConfigurationRequestHandler.cs new file mode 100644 index 000000000..b8150e787 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/OpenidConfiguration/FederationOpenidConfigurationRequestHandler.cs @@ -0,0 +1,44 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.Extensions.Options; +using SimpleIdServer.IdServer.Api.Configuration; + +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.IdServer.Api.OpenIdConfiguration; +using SimpleIdServer.IdServer.Options; +using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.SubjectTypeBuilders; +using SimpleIdServer.OpenidFederation; +using System.Text.Json; +using System.Text.Json.Nodes; + +namespace SimpleIdServer.IdServer.Federation.Apis.OpenidConfiguration; + +public class FederationOpenidConfigurationRequestHandler : OpenidConfigurationRequestHandler +{ + public FederationOpenidConfigurationRequestHandler( + IEnumerable subjectTypeBuilders, + IScopeRepository scopeRepository, + IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository, + IOptions options, + IOAuthConfigurationRequestHandler configurationRequestHandler) : base(subjectTypeBuilders, scopeRepository, authenticationContextClassReferenceRepository, options, configurationRequestHandler) + { + } + + public override async Task Handle(string issuer, string prefix, CancellationToken cancellationToken) + { + var result = await base.Handle(issuer, prefix, cancellationToken); + if (!string.IsNullOrWhiteSpace(prefix)) + prefix = $"{prefix}/"; + result.Add("client_registration_types_supported", JsonSerializer.SerializeToNode(new List + { + ClientRegistrationMethods.Explicit, + ClientRegistrationMethods.Automatic + })); + result.Add("federation_registration_endpoint", $"{issuer}/{prefix}{OpenidFederationConstants.EndPoints.FederationRegistration}"); + return result; + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/OpenidFederation/OpenidFederationController.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/OpenidFederation/OpenidFederationController.cs new file mode 100644 index 000000000..cf0d3d3ad --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/Apis/OpenidFederation/OpenidFederationController.cs @@ -0,0 +1,56 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.IdServer.Federation.Builders; +using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Apis; +using System.Net; +using System.Text.Json; + +namespace SimpleIdServer.IdServer.Federation.Apis.OpenidFederation; + +public class OpenidFederationController : BaseOpenidFederationController +{ + private readonly IKeyStore _keyStore; + private readonly IOpenidProviderFederationEntityBuilder _federationEntityBuilder; + private readonly OpenidFederationOptions _options; + + public OpenidFederationController( + IKeyStore keyStore, + IOpenidProviderFederationEntityBuilder federationEntityBuilder, + IOptions options) + { + _keyStore = keyStore; + _federationEntityBuilder = federationEntityBuilder; + _options = options.Value; + } + + [HttpGet] + public async Task Get([FromRoute] string prefix, CancellationToken cancellationToken) + { + var realm = prefix ?? Constants.DefaultRealm; + var issuer = this.GetAbsoluteUriWithVirtualPath(); + var signingKeys = _keyStore.GetAllSigningKeys(realm); + var signingKey = signingKeys.FirstOrDefault(k => k.Kid == _options.TokenSignedKid); + if (signingKey == null) return Error(System.Net.HttpStatusCode.InternalServerError, SimpleIdServer.OpenidFederation.ErrorCodes.INTERNAL_SERVER_ERROR, SimpleIdServer.OpenidFederation.Resources.Global.CannotExtractSignatureKey); + var selfIssuedFederationEntity = await _federationEntityBuilder.BuildSelfIssued(new SimpleIdServer.OpenidFederation.Builders.BuildFederationEntityRequest + { + Credential = signingKey, + Issuer = issuer, + Realm = realm + }, cancellationToken); + var handler = new JsonWebTokenHandler(); + var jws = handler.CreateToken(JsonSerializer.Serialize(selfIssuedFederationEntity), new SigningCredentials(signingKey.Key, signingKey.Algorithm)); + return new ContentResult + { + StatusCode = (int)HttpStatusCode.OK, + Content = jws, + ContentType = OpenidFederationConstants.EntityStatementContentType + }; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/Builders/OpenidProviderFederationEntityBuilder.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/Builders/OpenidProviderFederationEntityBuilder.cs new file mode 100644 index 000000000..51bd4c3b2 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/Builders/OpenidProviderFederationEntityBuilder.cs @@ -0,0 +1,44 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.Extensions.Options; +using SimpleIdServer.IdServer.Api.OpenIdConfiguration; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using SimpleIdServer.OpenidFederation.Builders; +using SimpleIdServer.OpenidFederation.Stores; +using System.Text.Json.Nodes; + +namespace SimpleIdServer.IdServer.Federation.Builders; + +public interface IOpenidProviderFederationEntityBuilder +{ + Task BuildSelfIssued(BuildFederationEntityRequest request, CancellationToken cancellationToken); +} + +public class OpenidProviderFederationEntityBuilder : BaseFederationEntityBuilder, IOpenidProviderFederationEntityBuilder +{ + private readonly OpenidFederationOptions _options; + private readonly IOpenidConfigurationRequestHandler _openidConfigurationRequestHandler; + + public OpenidProviderFederationEntityBuilder( + IOpenidConfigurationRequestHandler openidConfigurationRequestHandler, + IOptions options, + IFederationEntityStore federationEntityStore) : base(federationEntityStore) + { + _openidConfigurationRequestHandler = openidConfigurationRequestHandler; + _options = options.Value; + } + + protected override bool IsFederationEnabled => _options.IsFederationEnabled; + + protected override string OrganizationName => _options.OrganizationName; + + protected override async Task EnrichSelfIssued(OpenidFederationResult federationEntity, BuildFederationEntityRequest request, CancellationToken cancellationToken) + { + var openidProvider = await _openidConfigurationRequestHandler.Handle(federationEntity.Iss, request.Realm, cancellationToken); + if (federationEntity.Metadata.OtherParameters == null) + federationEntity.Metadata.OtherParameters = new Dictionary(); + federationEntity.Metadata.OtherParameters.Add(EntityStatementTypes.OpenidProvider, openidProvider); + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/ClientRegistrationService.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/ClientRegistrationService.cs new file mode 100644 index 000000000..571a5fe1b --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/ClientRegistrationService.cs @@ -0,0 +1,176 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.Extensions.Logging; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Domains.DTOs; +using SimpleIdServer.IdServer.Exceptions; +using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Clients; +using SimpleIdServer.OpenidFederation.Stores; +using System.Text.Json; +using System.Text.Json.Nodes; + +namespace SimpleIdServer.IdServer.Federation; + +public interface IClientRegistrationService +{ + Task AutomaticRegisterClient(string realm, string clientId, CancellationToken cancellationToken); + Task<(Client, OpenidTrustChain)> ExplicitRegisterClient(string realm, string entityStatement, CancellationToken cancellationToken); + Task<(Client, OpenidTrustChain)> ExplicitResolveClientTrustChain(string realm, string clientId, CancellationToken cancellationToken); + Task<(Client, OpenidTrustChain)> AutomaticResolveClientTrustChain(string realm, string clientId, CancellationToken cancellationToken); +} + +public class ClientRegistrationService : IClientRegistrationService +{ + private readonly IdServer.Helpers.IHttpClientFactory _httpClientFactory; + private readonly IFederationEntityStore _federationEntityStore; + private readonly IClientRepository _clientRepository; + private readonly IRealmRepository _realmRepository; + private readonly IScopeRepository _scopeRepository; + private readonly ILogger _logger; + + public ClientRegistrationService( + IdServer.Helpers.IHttpClientFactory httpClientFactory, + IFederationEntityStore federationEntityStore, + IClientRepository clientRepository, + IRealmRepository realmRepository, + IScopeRepository scopeRepository, + ILogger logger) + { + _httpClientFactory = httpClientFactory; + _federationEntityStore = federationEntityStore; + _clientRepository = clientRepository; + _realmRepository = realmRepository; + _scopeRepository = scopeRepository; + _logger = logger; + } + + public async Task AutomaticRegisterClient( + string realm, + string clientId, + CancellationToken cancellationToken) + { + var record = await AutomaticResolveClientTrustChain(realm, clientId, cancellationToken); + return await AddClient(realm, record, cancellationToken); + } + + public async Task<(Client, OpenidTrustChain)> ExplicitRegisterClient( + string realm, + string entityStatement, + CancellationToken cancellationToken) + { + var record = await ExplicitResolveClientTrustChain(realm, entityStatement, cancellationToken); + var newClient = record.Item1; + var trustChain = record.Item2; + var existingClient = await _clientRepository.GetByClientId(realm, newClient.ClientId, cancellationToken); + if (existingClient != null) + { + existingClient.ExpirationDateTime = trustChain.ExpirationDateTime; + existingClient.UpdateDateTime = DateTime.UtcNow; + _clientRepository.Update(existingClient); + return (existingClient, trustChain); + } + + return (await AddClient(realm, record, cancellationToken), trustChain); + } + + public Task<(Client, OpenidTrustChain)> ExplicitResolveClientTrustChain( + string realm, + string entityStatement, + CancellationToken cancellationToken) + { + return ResolveClientTrustChain(realm, + (r, c) => r.ResolveTrustChains(entityStatement, cancellationToken), + ClientRegistrationMethods.Explicit, + cancellationToken); + } + + public Task<(Client, OpenidTrustChain)> AutomaticResolveClientTrustChain( + string realm, + string clientId, + CancellationToken cancellationToken) + { + return ResolveClientTrustChain(realm, + (r, c) => r.ResolveTrustChainsFromClientId(clientId, cancellationToken), + ClientRegistrationMethods.Automatic, + cancellationToken); + } + + private async Task<(Client, OpenidTrustChain)> ResolveClientTrustChain( + string realm, + Func>> fn, + string type, + CancellationToken cancellationToken) + { + var authorizedAuthMethods = new List + { + "private_key_jwt", + "tls_client_auth", + "self_signed_tls_client_auth" + }; + using (var resolver = TrustChainResolver.New(_httpClientFactory.GetHttpClient())) + { + List trustChains = null; + try + { + trustChains = await fn(resolver, cancellationToken); + } + catch (Exception ex) + { + var message = ex.ToString(); + _logger.LogError(message); + throw new OAuthException(ErrorCodes.INVALID_REQUEST, ex.Message); + } + + var allAuthorities = await _federationEntityStore.GetAllAuthorities(realm, cancellationToken); + var allTrustAnchors = trustChains.Select(c => c.TrustAnchor); + var filteredTrustChain = trustChains.FirstOrDefault(tc => allAuthorities.Any(at => at.Sub == tc.TrustAnchor.FederationResult.Sub)); + if (filteredTrustChain == null) + throw new OAuthException(ErrorCodes.MISSING_TRUST_ANCHOR, Resources.Global.NoTrustAnchorCanBeResolved); + + var federationResult = filteredTrustChain.EntityStatements.First().FederationResult; + if (federationResult.Metadata == null || + federationResult.Metadata.OtherParameters == null || + !federationResult.Metadata.OtherParameters.ContainsKey(EntityStatementTypes.OpenidRelyingParty)) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, Resources.Global.MissingOpenidRpInEntityStatement); + var client = JsonSerializer.Deserialize(federationResult.Metadata.OtherParameters[EntityStatementTypes.OpenidRelyingParty]); + if (string.IsNullOrWhiteSpace(client.TokenEndPointAuthMethod)) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(IdServer.Resources.Global.MissingParameter, OAuthClientParameters.TokenEndpointAuthMethod)); + + if (!authorizedAuthMethods.Contains(client.TokenEndPointAuthMethod)) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Resources.Global.OnlyFollowingAuthMethodsAreSupported, string.Join(",", authorizedAuthMethods))); + + var metadata = federationResult.Metadata.OtherParameters[EntityStatementTypes.OpenidRelyingParty]; + if (!metadata.ContainsKey(OAuthClientParameters.ClientRegistrationTypesSupported)) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, Resources.Global.ClientRegistrationTypesMustBeSpecified); + + var clientRegistrationTypes = (metadata[OAuthClientParameters.ClientRegistrationTypesSupported] as JsonArray).Select(c => c.ToString()); + if(!clientRegistrationTypes.Contains(type)) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Resources.Global.ClientRegistrationTypeNotSupported, type)); + + return (client, filteredTrustChain); + } + } + + private async Task AddClient(string realm, (Client, OpenidTrustChain) record, CancellationToken cancellationToken) + { + var newClient = record.Item1; + var trustChain = record.Item2; + var existingRealm = await _realmRepository.Get(realm, cancellationToken); + newClient.Id = Guid.NewGuid().ToString(); + newClient.Realms = new List + { + existingRealm + }; + newClient.Scopes = await _scopeRepository.GetByNames(realm, newClient.Scopes.Select(s => s.Name).ToList(), cancellationToken); + newClient.ClientType = ClientTypes.FEDERATION; + newClient.ClientSecret = Guid.NewGuid().ToString(); + newClient.ExpirationDateTime = trustChain.ExpirationDateTime; + newClient.UpdateDateTime = DateTime.UtcNow; + newClient.CreateDateTime = DateTime.UtcNow; + _clientRepository.Add(newClient); + return newClient; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/Helpers/FederationClientHelper.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/Helpers/FederationClientHelper.cs new file mode 100644 index 000000000..1c7f1de6b --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/Helpers/FederationClientHelper.cs @@ -0,0 +1,63 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Exceptions; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.OpenidFederation; + +namespace SimpleIdServer.IdServer.Federation.Helpers; + +public class FederationClientHelper : StandardClientHelper +{ + private readonly IClientRegistrationService _clientRegistrationService; + + public FederationClientHelper( + IdServer.Helpers.IHttpClientFactory httpClientFactory, + IClientRepository clientRepository, + IClientRegistrationService clientRegistrationService) : base(httpClientFactory, clientRepository) + { + _clientRegistrationService = clientRegistrationService; + } + + /// + /// Resolve the client. + /// Two scenarios are supported : + /// 1). Returns the client from the database. + /// 2). Resolve the trust chain and returns the client. + /// + /// + /// + /// + /// + /// + public override async Task ResolveClient(string realm, string clientId, CancellationToken cancellationToken) + { + var result = await base.ResolveClient(realm, clientId, cancellationToken); + if (result == null) + { + if (Uri.TryCreate(clientId, UriKind.Absolute, out Uri uri) && uri != null && uri.Scheme != null && uri.Scheme.StartsWith("http", StringComparison.InvariantCultureIgnoreCase)) + { + result = await _clientRegistrationService.AutomaticRegisterClient(realm, clientId, cancellationToken); + } + } + else + { + await RenewClientTrustChain(realm, result, cancellationToken); + } + + return result; + } + + private async Task RenewClientTrustChain(string realm, Client client, CancellationToken cancellationToken) + { + if (client.ClientType != ClientTypes.FEDERATION || + client.ExpirationDateTime > DateTime.UtcNow || + !client.ClientRegistrationTypesSupported.Contains(ClientRegistrationMethods.Automatic)) return; + var record = await _clientRegistrationService.AutomaticResolveClientTrustChain(realm, client.ClientId, cancellationToken); + client.UpdateDateTime = DateTime.UtcNow; + client.ExpirationDateTime = record.Item2.ExpirationDateTime; + ClientRepository.Update(client); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/IdBuilderExtensions.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/IdBuilderExtensions.cs new file mode 100644 index 000000000..241fc3c45 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/IdBuilderExtensions.cs @@ -0,0 +1,28 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.Extensions.DependencyInjection.Extensions; +using SimpleIdServer.IdServer.Api.OpenIdConfiguration; +using SimpleIdServer.IdServer.Federation; +using SimpleIdServer.IdServer.Federation.Apis.OpenidConfiguration; +using SimpleIdServer.IdServer.Federation.Builders; +using SimpleIdServer.IdServer.Federation.Helpers; +using SimpleIdServer.IdServer.Helpers; + +namespace Microsoft.Extensions.DependencyInjection; + +public static class IdBuilderExtensions +{ + public static IdServerBuilder AddOpenidFederation(this IdServerBuilder builder, Action cb = null) + { + if (cb != null) builder.Services.Configure(cb); + else builder.Services.Configure(cb); + builder.Services.AddTransient(); + builder.Services.RemoveAll(); + builder.Services.AddTransient(); + builder.Services.RemoveAll(); + builder.Services.AddTransient(); + builder.Services.AddTransient(); + return builder; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/IdServerFederationConstants.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/IdServerFederationConstants.cs new file mode 100644 index 000000000..5140a9303 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/IdServerFederationConstants.cs @@ -0,0 +1,28 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.IdServer.Domains; +using static SimpleIdServer.IdServer.Constants; + +namespace SimpleIdServer.IdServer.Federation; + +public static class IdServerFederationConstants +{ + public static class StandardScopes + { + public static Scope FederationEntities = new Scope + { + Id = Guid.NewGuid().ToString(), + Type = ScopeTypes.APIRESOURCE, + Name = "federation_entities", + Realms = new List + { + StandardRealms.Master + }, + Protocol = ScopeProtocols.OAUTH, + IsExposedInConfigurationEdp = true, + CreateDateTime = DateTime.UtcNow, + UpdateDateTime = DateTime.UtcNow + }; + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/OpenidFederationOptions.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/OpenidFederationOptions.cs new file mode 100644 index 000000000..eb44be559 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/OpenidFederationOptions.cs @@ -0,0 +1,20 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +namespace SimpleIdServer.IdServer.Federation; + +public class OpenidFederationOptions +{ + /// + /// Key Identifier of the signature key, used to sign all the response. + /// + public string TokenSignedKid { get; set; } + /// + /// Enable or disable the OPENID federation. + /// + public bool IsFederationEnabled { get; set; } + /// + /// Organization name. + /// + public string OrganizationName { get; set; } = "SID"; +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/Resources/Global.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/Resources/Global.Designer.cs new file mode 100644 index 000000000..670102480 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/Resources/Global.Designer.cs @@ -0,0 +1,153 @@ +//------------------------------------------------------------------------------ +// +// Ce code a été généré par un outil. +// Version du runtime :4.0.30319.42000 +// +// Les modifications apportées à ce fichier peuvent provoquer un comportement incorrect et seront perdues si +// le code est régénéré. +// +//------------------------------------------------------------------------------ + +namespace SimpleIdServer.IdServer.Federation.Resources { + using System; + + + /// + /// Une classe de ressource fortement typée destinée, entre autres, à la consultation des chaînes localisées. + /// + // Cette classe a été générée automatiquement par la classe StronglyTypedResourceBuilder + // à l'aide d'un outil, tel que ResGen ou Visual Studio. + // Pour ajouter ou supprimer un membre, modifiez votre fichier .ResX, puis réexécutez ResGen + // avec l'option /str ou régénérez votre projet VS. + [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "17.0.0.0")] + [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] + [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + internal class Global { + + private static global::System.Resources.ResourceManager resourceMan; + + private static global::System.Globalization.CultureInfo resourceCulture; + + [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] + internal Global() { + } + + /// + /// Retourne l'instance ResourceManager mise en cache utilisée par cette classe. + /// + [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] + internal static global::System.Resources.ResourceManager ResourceManager { + get { + if (object.ReferenceEquals(resourceMan, null)) { + global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("SimpleIdServer.IdServer.Federation.Resources.Global", typeof(Global).Assembly); + resourceMan = temp; + } + return resourceMan; + } + } + + /// + /// Remplace la propriété CurrentUICulture du thread actuel pour toutes + /// les recherches de ressources à l'aide de cette classe de ressource fortement typée. + /// + [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] + internal static global::System.Globalization.CultureInfo Culture { + get { + return resourceCulture; + } + set { + resourceCulture = value; + } + } + + /// + /// Recherche une chaîne localisée semblable à the client registration type {0} is not supported by the RP. + /// + internal static string ClientRegistrationTypeNotSupported { + get { + return ResourceManager.GetString("ClientRegistrationTypeNotSupported", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the client_registration_types must be specified by the RP entity statement. + /// + internal static string ClientRegistrationTypesMustBeSpecified { + get { + return ResourceManager.GetString("ClientRegistrationTypesMustBeSpecified", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à federation entity already exists. + /// + internal static string FederationEntityAlreadyExists { + get { + return ResourceManager.GetString("FederationEntityAlreadyExists", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the federation entity doesn't exist. + /// + internal static string FederationEntityUnknown { + get { + return ResourceManager.GetString("FederationEntityUnknown", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the issuer is not valid. + /// + internal static string InvalidIssuer { + get { + return ResourceManager.GetString("InvalidIssuer", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the openid_relying_party doesn't exist in the entity statement. + /// + internal static string MissingOpenidRpInEntityStatement { + get { + return ResourceManager.GetString("MissingOpenidRpInEntityStatement", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à no trust anchor can be resolved. + /// + internal static string NoTrustAnchorCanBeResolved { + get { + return ResourceManager.GetString("NoTrustAnchorCanBeResolved", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à only entity statement is supported. + /// + internal static string OnlyEntityStatementIsSupported { + get { + return ResourceManager.GetString("OnlyEntityStatementIsSupported", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à only the following authentication methods {0} are supported. + /// + internal static string OnlyFollowingAuthMethodsAreSupported { + get { + return ResourceManager.GetString("OnlyFollowingAuthMethodsAreSupported", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the openid-federation cannot be resolved. + /// + internal static string OpenidFederationCannotBeResolved { + get { + return ResourceManager.GetString("OpenidFederationCannotBeResolved", resourceCulture); + } + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/Resources/Global.resx b/src/IdServer/SimpleIdServer.IdServer.Federation/Resources/Global.resx new file mode 100644 index 000000000..018bfc5c2 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/Resources/Global.resx @@ -0,0 +1,150 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text/microsoft-resx + + + 2.0 + + + System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + + + System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + + + the client registration type {0} is not supported by the RP + + + the client_registration_types must be specified by the RP entity statement + + + federation entity already exists + + + the federation entity doesn't exist + + + the issuer is not valid + + + the openid_relying_party doesn't exist in the entity statement + + + no trust anchor can be resolved + + + only entity statement is supported + + + only the following authentication methods {0} are supported + + + the openid-federation cannot be resolved + + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/SimpleIdServer.IdServer.Federation.csproj b/src/IdServer/SimpleIdServer.IdServer.Federation/SimpleIdServer.IdServer.Federation.csproj new file mode 100644 index 000000000..0b60d32fc --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/SimpleIdServer.IdServer.Federation.csproj @@ -0,0 +1,25 @@ + + + net8.0 + enable + enable + Support OPENID federation - openid_provider. + + + + + + + + True + True + Global.resx + + + + + ResXFileCodeGenerator + Global.Designer.cs + + + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Federation/WebApplicationExtensions.cs b/src/IdServer/SimpleIdServer.IdServer.Federation/WebApplicationExtensions.cs new file mode 100644 index 000000000..7bce3cde1 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Federation/WebApplicationExtensions.cs @@ -0,0 +1,48 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Options; +using SimpleIdServer.IdServer.Federation; +using SimpleIdServer.IdServer.Infastructures; +using SimpleIdServer.IdServer.Options; +using SimpleIdServer.OpenidFederation; + +namespace Microsoft.AspNetCore.Builder +{ + public static class WebApplicationExtensions + { + public static WebApplication UseOpenidFederation(this WebApplication webApplication) + { + var opts = webApplication.Services.GetRequiredService>().Value; + var federationOpts = webApplication.Services.GetRequiredService>().Value; + var usePrefix = opts.UseRealm; + webApplication.SidMapControllerRoute("openidFederationMetadata", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + OpenidFederationConstants.EndPoints.OpenidFederation, + defaults: new { controller = "OpenidFederation", action = "Get" }); + webApplication.SidMapControllerRoute("federationRegistration", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + OpenidFederationConstants.EndPoints.FederationRegistration, + defaults: new { controller = "FederationRegistration", action = "Post" }); + webApplication.SidMapControllerRoute("addFederationEntity", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + OpenidFederationConstants.EndPoints.FederationEntities + "/trustanchors", + defaults: new { controller = "FederationEntities", action = "AddTrustAnchor" }); + webApplication.SidMapControllerRoute("searchFederationEntities", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + OpenidFederationConstants.EndPoints.FederationEntities + "/.search", + defaults: new { controller = "FederationEntities", action = "SearchFederationEntities" }); + webApplication.SidMapControllerRoute("removeFederationEntity", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + OpenidFederationConstants.EndPoints.FederationEntities + "/{id}", + defaults: new { controller = "FederationEntities", action = "Delete" }); + if (federationOpts.IsFederationEnabled) + { + webApplication.SidMapControllerRoute("federationFetch", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + OpenidFederationConstants.EndPoints.FederationFetch, + defaults: new { controller = "FederationFetch", action = "Get" }); + webApplication.SidMapControllerRoute("federationList", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + OpenidFederationConstants.EndPoints.FederationList, + defaults: new { controller = "FederationList", action = "Get" }); + } + + return webApplication; + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Fido/Apis/U2FLoginController.cs b/src/IdServer/SimpleIdServer.IdServer.Fido/Apis/U2FLoginController.cs index 9eb7346c2..35564748b 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Fido/Apis/U2FLoginController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Fido/Apis/U2FLoginController.cs @@ -27,6 +27,7 @@ public class U2FLoginController : BaseController private readonly IUserRepository _userRepository; private readonly IDistributedCache _distributedCache; private readonly ITransactionBuilder _transactionBuilder; + private readonly IEnumerable _authenticationMethodServices; private IFido2 _fido2; public U2FLoginController( @@ -37,6 +38,7 @@ public U2FLoginController( IJwtBuilder jwtBuilder, IDistributedCache distributedCache, ITransactionBuilder transactionBuilder, + IEnumerable authenticationMethodServices, IFido2 fido2) : base(tokenRepository, jwtBuilder) { _configuration = configuration; @@ -44,6 +46,7 @@ public U2FLoginController( _userRepository = userRepository; _distributedCache = distributedCache; _transactionBuilder = transactionBuilder; + _authenticationMethodServices = authenticationMethodServices; _fido2 = fido2; } @@ -111,7 +114,6 @@ public async Task End([FromRoute] string prefix, [FromBody] EndU2 { using (var transaction = _transactionBuilder.Build()) { - var fidoOptions = GetOptions(); prefix = prefix ?? IdServer.Constants.DefaultRealm; if (request == null) return BuildError(System.Net.HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, Global.InvalidIncomingRequest); var session = await _distributedCache.GetStringAsync(request.SessionId, cancellationToken); @@ -125,6 +127,7 @@ public async Task End([FromRoute] string prefix, [FromBody] EndU2 return BuildError(System.Net.HttpStatusCode.Unauthorized, ErrorCodes.ACCESS_DENIED, string.Format(SimpleIdServer.IdServer.Resources.Global.UnknownUser, login)); var sessionRecord = JsonSerializer.Deserialize(session); + var fidoOptions = GetOptions(sessionRecord.CredentialType); var options = sessionRecord.Options; var storedCredentials = authenticatedUser.GetStoredFidoCredentials(sessionRecord.CredentialType); IsUserHandleOwnerOfCredentialIdAsync callback = (args, cancellationToken) => @@ -146,7 +149,7 @@ public async Task End([FromRoute] string prefix, [FromBody] EndU2 sessionRecord.IsValidated = true; await _distributedCache.SetStringAsync(request.SessionId, JsonSerializer.Serialize(sessionRecord), new DistributedCacheEntryOptions { - SlidingExpiration = fidoOptions.U2FExpirationTimeInSeconds + SlidingExpiration = TimeSpan.FromSeconds(fidoOptions.U2FExpirationTimeInSeconds) }, cancellationToken); return NoContent(); } @@ -154,7 +157,7 @@ public async Task End([FromRoute] string prefix, [FromBody] EndU2 protected async Task<(BeginU2FLoginResult, IActionResult)> CommonBegin(string prefix, BeginU2FLoginRequest request, CancellationToken cancellationToken) { - var fidoOptions = GetOptions(); + var fidoOptions = GetOptions(request.CredentialType); var issuer = Request.GetAbsoluteUriWithVirtualPath(); prefix = prefix ?? IdServer.Constants.DefaultRealm; if (request == null) return (null, BuildError(System.Net.HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, Global.InvalidIncomingRequest)); @@ -187,7 +190,7 @@ public async Task End([FromRoute] string prefix, [FromBody] EndU2 var sessionRecord = new AuthenticationSessionRecord(options, request.Login, request.CredentialType); await _distributedCache.SetStringAsync(sessionId, JsonSerializer.Serialize(sessionRecord), new DistributedCacheEntryOptions { - SlidingExpiration = fidoOptions.U2FExpirationTimeInSeconds + SlidingExpiration = TimeSpan.FromSeconds(fidoOptions.U2FExpirationTimeInSeconds) }, cancellationToken); return (new BeginU2FLoginResult { @@ -198,10 +201,11 @@ public async Task End([FromRoute] string prefix, [FromBody] EndU2 }, null); } - private FidoOptions GetOptions() + private IFidoOptions GetOptions(string credentialType) { - var section = _configuration.GetSection(typeof(FidoOptions).Name); - return section.Get(); + var authenticationMethodService = _authenticationMethodServices.Single(a => a.Amr == credentialType); + var section = _configuration.GetSection(authenticationMethodService.OptionsType.Name); + return section.Get(authenticationMethodService.OptionsType) as IFidoOptions; } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Fido/Apis/U2FRegisterController.cs b/src/IdServer/SimpleIdServer.IdServer.Fido/Apis/U2FRegisterController.cs index 7513a9dfb..07a68449d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Fido/Apis/U2FRegisterController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Fido/Apis/U2FRegisterController.cs @@ -32,15 +32,17 @@ public class U2FRegisterController : BaseController private readonly IFido2 _fido2; private readonly IDistributedCache _distributedCache; private readonly ITransactionBuilder _transactionBuilder; + private readonly IEnumerable _authenticationMethodServices; private readonly IdServerHostOptions _idServerHostOptions; public U2FRegisterController( - IConfiguration configuration, - IAuthenticationHelper authenticationHelper, - IUserRepository userRepository, - IFido2 fido2, - IDistributedCache distributedCache, + IConfiguration configuration, + IAuthenticationHelper authenticationHelper, + IUserRepository userRepository, + IFido2 fido2, + IDistributedCache distributedCache, ITransactionBuilder transactionBuilder, + IEnumerable authenticationMethodServices, ITokenRepository tokenRepository, IJwtBuilder jwtBuilder, IOptions idServerHostOptions) : base(tokenRepository, jwtBuilder) @@ -51,6 +53,7 @@ public U2FRegisterController( _fido2 = fido2; _distributedCache = distributedCache; _transactionBuilder = transactionBuilder; + _authenticationMethodServices = authenticationMethodServices; _idServerHostOptions = idServerHostOptions.Value; } @@ -118,7 +121,6 @@ public async Task Begin([FromRoute] string prefix, [FromBody] Beg public async Task End([FromRoute] string prefix, [FromBody] EndU2FRegisterRequest request, CancellationToken cancellationToken) { var transaction = _transactionBuilder.Build(); - var fidoOptions = GetOptions(); prefix = prefix ?? IdServer.Constants.DefaultRealm; if (request == null) return BuildError(System.Net.HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, Global.InvalidIncomingRequest); if (string.IsNullOrWhiteSpace(request.SessionId)) return BuildError(System.Net.HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, string.Format(IdServer.Resources.Global.MissingParameter, EndU2FRegisterRequestNames.SessionId)); @@ -126,6 +128,7 @@ public async Task End([FromRoute] string prefix, [FromBody] EndU2 var session = await _distributedCache.GetStringAsync(request.SessionId, cancellationToken); if (string.IsNullOrWhiteSpace(session)) return BuildError(System.Net.HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, Resources.Global.SessionCannotBeExtracted); var sessionRecord = System.Text.Json.JsonSerializer.Deserialize(session); + var fidoOptions = GetOptions(sessionRecord.CredentialType); var login = request.Login; var registrationProgress = await GetRegistrationProgress(sessionRecord); if (registrationProgress == null) return BuildError(System.Net.HttpStatusCode.Unauthorized, ErrorCodes.INVALID_REQUEST, Resources.Global.NotAllowedToRegister); @@ -164,7 +167,7 @@ public async Task End([FromRoute] string prefix, [FromBody] EndU2 sessionRecord.IsValidated = true; await _distributedCache.SetStringAsync(request.SessionId, System.Text.Json.JsonSerializer.Serialize(sessionRecord), new DistributedCacheEntryOptions { - SlidingExpiration = fidoOptions.U2FExpirationTimeInSeconds + SlidingExpiration = TimeSpan.FromSeconds(fidoOptions.U2FExpirationTimeInSeconds) }, cancellationToken); return await HandleWorkflowRegistration(); @@ -228,7 +231,7 @@ async Task HandleWorkflowRegistration() var cookieName = _idServerHostOptions.GetRegistrationCookieName(); var cookieValue = string.Empty; if(Request.Cookies.ContainsKey(cookieName)) cookieValue = Request.Cookies[cookieName]; - var fidoOptions = GetOptions(); + var fidoOptions = GetOptions(request.CredentialType); var isAuthenticated = User.Identity.IsAuthenticated; var issuer = Request.GetAbsoluteUriWithVirtualPath(); prefix = prefix ?? IdServer.Constants.DefaultRealm; @@ -263,7 +266,7 @@ async Task HandleWorkflowRegistration() var sessionRecord = new RegistrationSessionRecord(options, request.Login, request.CredentialType, cookieValue); await _distributedCache.SetStringAsync(sessionId, System.Text.Json.JsonSerializer.Serialize(sessionRecord), new DistributedCacheEntryOptions { - SlidingExpiration = fidoOptions.U2FExpirationTimeInSeconds + SlidingExpiration = TimeSpan.FromSeconds(fidoOptions.U2FExpirationTimeInSeconds) }, cancellationToken); string nextRegistrationRedirectUrl = null; var registrationProgress = await GetRegistrationProgress(); @@ -283,10 +286,11 @@ async Task HandleWorkflowRegistration() }, null); } - private FidoOptions GetOptions() + private IFidoOptions GetOptions(string credentialType) { - var section = _configuration.GetSection(typeof(FidoOptions).Name); - return section.Get(); + var authenticationMethodService = _authenticationMethodServices.Single(a => a.Amr == credentialType); + var section = _configuration.GetSection(authenticationMethodService.OptionsType.Name); + return section.Get(authenticationMethodService.OptionsType) as IFidoOptions; } private record RegistrationSessionRecord diff --git a/src/IdServer/SimpleIdServer.IdServer.Fido/IFidoOptions.cs b/src/IdServer/SimpleIdServer.IdServer.Fido/IFidoOptions.cs new file mode 100644 index 000000000..cd4a19b09 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Fido/IFidoOptions.cs @@ -0,0 +1,10 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +namespace SimpleIdServer.IdServer.Fido +{ + public interface IFidoOptions + { + int U2FExpirationTimeInSeconds { get; set; } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Fido/MobileAuthenticationService.cs b/src/IdServer/SimpleIdServer.IdServer.Fido/MobileAuthenticationService.cs index 431a8384c..fb4c80226 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Fido/MobileAuthenticationService.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Fido/MobileAuthenticationService.cs @@ -9,7 +9,7 @@ public class MobileAuthenticationService : IAuthenticationMethodService { public string Amr => Constants.MobileAMR; public string Name => "Mobile"; - public Type? OptionsType => typeof(FidoOptions); + public Type? OptionsType => typeof(MobileOptions); public AuthenticationMethodCapabilities Capabilities => AuthenticationMethodCapabilities.USERAUTHENTICATION | AuthenticationMethodCapabilities.USERREGISTRATION; public bool IsCredentialExists(User user) => user.Credentials.Any(c => c.CredentialType == Amr); } diff --git a/src/IdServer/SimpleIdServer.IdServer.Fido/FidoOptions.cs b/src/IdServer/SimpleIdServer.IdServer.Fido/MobileOptions.cs similarity index 72% rename from src/IdServer/SimpleIdServer.IdServer.Fido/FidoOptions.cs rename to src/IdServer/SimpleIdServer.IdServer.Fido/MobileOptions.cs index 61edcdf21..672e3f9dc 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Fido/FidoOptions.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Fido/MobileOptions.cs @@ -5,13 +5,13 @@ namespace SimpleIdServer.IdServer.Fido { - public class FidoOptions + public class MobileOptions : IFidoOptions { /// /// Expiration time in seconds of the U2F FIDO session identifier. /// - [ConfigurationRecord("Expiration time in MS of the session", null, order: 0)] - public TimeSpan U2FExpirationTimeInSeconds { get; set; } = TimeSpan.FromSeconds(5 * 60); + [ConfigurationRecord("Duration of the authentication/registration process in seconds", null, order: 0)] + public int U2FExpirationTimeInSeconds { get; set; } = 5 * 60; /// /// Enable or disable the developer mode. /// diff --git a/src/IdServer/SimpleIdServer.IdServer.Fido/Services/UserMobileAuthenticationService.cs b/src/IdServer/SimpleIdServer.IdServer.Fido/Services/UserMobileAuthenticationService.cs index b0cbbd13c..946823b04 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Fido/Services/UserMobileAuthenticationService.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Fido/Services/UserMobileAuthenticationService.cs @@ -47,6 +47,7 @@ protected override async Task Validate(string realm protected override async Task Validate(string realm, User authenticatedUser, AuthenticateMobileViewModel viewModel, CancellationToken cancellationToken) { + if (authenticatedUser.IsBlocked()) return CredentialsValidationResult.Error("user_blocked", "user_blocked"); var session = await _distributedCache.GetStringAsync(viewModel.SessionId, cancellationToken); if (string.IsNullOrWhiteSpace(session)) { diff --git a/src/IdServer/SimpleIdServer.IdServer.Fido/Services/UserWebauthnAuthenticationService.cs b/src/IdServer/SimpleIdServer.IdServer.Fido/Services/UserWebauthnAuthenticationService.cs index 4e8ef2a8d..1db30dc84 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Fido/Services/UserWebauthnAuthenticationService.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Fido/Services/UserWebauthnAuthenticationService.cs @@ -47,6 +47,7 @@ protected override async Task Validate(string realm protected override async Task Validate(string realm, User authenticatedUser, AuthenticateWebauthnViewModel viewModel, CancellationToken cancellationToken) { + if (authenticatedUser.IsBlocked()) return CredentialsValidationResult.Error("user_blocked", "user_blocked"); if (!authenticatedUser.GetStoredFidoCredentials(Constants.AMR).Any()) return CredentialsValidationResult.Error("missing_credential", "missing_credential"); var session = await _distributedCache.GetStringAsync(viewModel.SessionId, cancellationToken); if (string.IsNullOrWhiteSpace(session)) diff --git a/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Mobile/AuthenticateController.cs b/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Mobile/AuthenticateController.cs index bea303fb2..67961c1e7 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Mobile/AuthenticateController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Mobile/AuthenticateController.cs @@ -50,7 +50,7 @@ public AuthenticateController( IUserTransformer userTransformer, IBusControl busControl, IAntiforgery antiforgery, - IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(options, authenticationSchemeProvider, userAuthenticationService, dataProtectionProvider, tokenRepository, transactionBuilder, jwtBuilder, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, busControl, antiforgery, authenticationContextClassReferenceRepository) + IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(configuration, options, authenticationSchemeProvider, userAuthenticationService, dataProtectionProvider, tokenRepository, transactionBuilder, jwtBuilder, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, busControl, antiforgery, authenticationContextClassReferenceRepository) { _configuration = configuration; _authenticationHelper = authenticationHelper; @@ -76,7 +76,7 @@ protected override Task CustomAuthenticate(string pref protected override void EnrichViewModel(AuthenticateMobileViewModel viewModel) { - var options = GetFidoOptions(); + var options = GetMobileOptions(); var issuer = Request.GetAbsoluteUriWithVirtualPath(); var realm = "/"; if (!string.IsNullOrWhiteSpace(viewModel.Realm)) @@ -105,10 +105,10 @@ protected async Task ValidateCredentials(AuthenticateMobileVie return ValidationStatus.AUTHENTICATE; } - private FidoOptions GetFidoOptions() + private MobileOptions GetMobileOptions() { - var section = _configuration.GetSection(typeof(FidoOptions).Name); - return section.Get(); + var section = _configuration.GetSection(typeof(MobileOptions).Name); + return section.Get(); } } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Mobile/RegisterController.cs b/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Mobile/RegisterController.cs index f420b7ecc..7ac48e95a 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Mobile/RegisterController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Mobile/RegisterController.cs @@ -67,10 +67,10 @@ protected override void EnrichUser(User user, RegisterMobileViewModel viewModel) { } - private FidoOptions GetOptions() + private MobileOptions GetOptions() { - var section = _configuration.GetSection(typeof(FidoOptions).Name); - return section.Get(); + var section = _configuration.GetSection(typeof(MobileOptions).Name); + return section.Get(); } } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Webauthn/AuthenticateController.cs b/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Webauthn/AuthenticateController.cs index bce22adbd..1fb94f3a6 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Webauthn/AuthenticateController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Fido/UI/Webauthn/AuthenticateController.cs @@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Caching.Distributed; +using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Fido.Apis; @@ -28,7 +29,8 @@ public class AuthenticateController : BaseAuthenticationMethodController Constants.AMR; public string Name => "Web Authentication (Webauthn)"; - public Type? OptionsType => typeof(FidoOptions); + public Type? OptionsType => typeof(WebauthnOptions); public AuthenticationMethodCapabilities Capabilities => AuthenticationMethodCapabilities.USERAUTHENTICATION | AuthenticationMethodCapabilities.USERREGISTRATION; public bool IsCredentialExists(User user) => user.Credentials.Any(c => c.CredentialType == Amr); } diff --git a/src/IdServer/SimpleIdServer.IdServer.Fido/WebauthnOptions.cs b/src/IdServer/SimpleIdServer.IdServer.Fido/WebauthnOptions.cs new file mode 100644 index 000000000..07ecda9ce --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Fido/WebauthnOptions.cs @@ -0,0 +1,16 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.Configuration; + +namespace SimpleIdServer.IdServer.Fido +{ + public class WebauthnOptions : IFidoOptions + { + /// + /// Expiration time in seconds of the U2F FIDO session identifier. + /// + [ConfigurationRecord("Duration of the authentication/registration process in seconds", null, order: 0)] + public int U2FExpirationTimeInSeconds { get; set; } = 5 * 60; + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Infastructures/HttpClientFactory.cs b/src/IdServer/SimpleIdServer.IdServer.Helpers/HttpClientFactory.cs similarity index 91% rename from src/IdServer/SimpleIdServer.IdServer/Infastructures/HttpClientFactory.cs rename to src/IdServer/SimpleIdServer.IdServer.Helpers/HttpClientFactory.cs index 11318be8c..a4f53452d 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Infastructures/HttpClientFactory.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Helpers/HttpClientFactory.cs @@ -1,8 +1,6 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using System.Net.Http; - -namespace SimpleIdServer.IdServer.Infrastructures +namespace SimpleIdServer.IdServer.Helpers { public interface IHttpClientFactory { diff --git a/src/IdServer/SimpleIdServer.IdServer.Helpers/PasswordHelper.cs b/src/IdServer/SimpleIdServer.IdServer.Helpers/PasswordHelper.cs index 3a97f2996..77533da96 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Helpers/PasswordHelper.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Helpers/PasswordHelper.cs @@ -7,12 +7,12 @@ namespace SimpleIdServer.IdServer.Helpers { public static class PasswordHelper { - public static string ComputeHash(string password) + public static string ComputeHash(string password, bool isBase64Encoding) { using (var sha256 = SHA256.Create()) { var hashPayload = sha256.ComputeHash(Encoding.UTF8.GetBytes(password)); - return Encoding.UTF8.GetString(hashPayload); + return isBase64Encoding ? Convert.ToBase64String(hashPayload) : Encoding.UTF8.GetString(hashPayload); } } } diff --git a/src/IdServer/SimpleIdServer.IdServer/Middlewares/RealmContext.cs b/src/IdServer/SimpleIdServer.IdServer.Helpers/RealmContext.cs similarity index 92% rename from src/IdServer/SimpleIdServer.IdServer/Middlewares/RealmContext.cs rename to src/IdServer/SimpleIdServer.IdServer.Helpers/RealmContext.cs index 185073aaa..67b70b966 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Middlewares/RealmContext.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Helpers/RealmContext.cs @@ -1,7 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -namespace SimpleIdServer.IdServer.Middlewares +namespace SimpleIdServer.IdServer.Helpers { public class RealmContext { diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/SearchParameter.cs b/src/IdServer/SimpleIdServer.IdServer.Helpers/SearchRequest.cs similarity index 92% rename from src/IdServer/SimpleIdServer.IdServer/Stores/SearchParameter.cs rename to src/IdServer/SimpleIdServer.IdServer.Helpers/SearchRequest.cs index 6fd9ed141..9ccb26974 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/SearchParameter.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Helpers/SearchRequest.cs @@ -3,7 +3,7 @@ using System.Text.Json.Serialization; -namespace SimpleIdServer.IdServer.Stores; +namespace SimpleIdServer.IdServer.Helpers; public class SearchRequest { diff --git a/src/IdServer/SimpleIdServer.IdServer.Helpers/SearchResult.cs b/src/IdServer/SimpleIdServer.IdServer.Helpers/SearchResult.cs new file mode 100644 index 000000000..b777d0075 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Helpers/SearchResult.cs @@ -0,0 +1,13 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using System.Text.Json.Serialization; + +namespace SimpleIdServer.IdServer.Helpers; + +public class SearchResult +{ + [JsonPropertyName("content")] + public ICollection Content { get; set; } + [JsonPropertyName("count")] + public int Count { get; set; } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240604114006_AddMessageBusErrorMessage.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240604114006_AddMessageBusErrorMessage.Designer.cs new file mode 100644 index 000000000..c0de0cf41 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240604114006_AddMessageBusErrorMessage.Designer.cs @@ -0,0 +1,3223 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.MySQLMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240604114006_AddMessageBusErrorMessage")] + partial class AddMessageBusErrorMessage + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 64); + + MySqlModelBuilderExtensions.AutoIncrementColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("varchar(255)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("varchar(255)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("RolesId") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("longtext"); + + b.Property("Xml") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.Property("SerializedFileKeysId") + .HasColumnType("varchar(255)"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("DisplayName") + .HasColumnType("longtext"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("SourceClaimName") + .HasColumnType("longtext"); + + b.Property("TargetUserAttribute") + .HasColumnType("longtext"); + + b.Property("TargetUserProperty") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("longtext"); + + b.Property("AuthorizedScopeId") + .HasColumnType("int"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ClientId") + .HasColumnType("longtext"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Interval") + .HasColumnType("int"); + + b.Property("LastStatus") + .HasColumnType("int"); + + b.Property("NextFetchTime") + .HasColumnType("datetime(6)"); + + b.Property("NotificationEdp") + .HasColumnType("longtext"); + + b.Property("NotificationMode") + .HasColumnType("longtext"); + + b.Property("NotificationToken") + .HasColumnType("longtext"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RejectionSentDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("UserId") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("varchar(255)"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Message") + .HasColumnType("longtext"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Status") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ClaimType") + .HasColumnType("int"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("varchar(255)"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("double"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("tinyint(1)"); + + b.Property("JwksUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("longtext"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("longtext"); + + b.Property("SoftwareId") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("varchar(255)"); + + b.Property("KeyType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DisplayCondition") + .HasColumnType("longtext"); + + b.Property("IsRequired") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Order") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ScopeId") + .HasColumnType("varchar(255)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("varchar(255)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)"); + + b.Property("LastAccessTime") + .HasColumnType("datetime(6)"); + + b.Property("NextAccessDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UserId") + .HasColumnType("varchar(255)"); + + b.Property("UserLogin") + .HasColumnType("longtext"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("varchar(255)"); + + b.Property("Version") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Values") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("varchar(255)"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("UsersId") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("IsEnabled") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("int"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime(6)"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("int"); + + b.Property("NbGroups") + .HasColumnType("int"); + + b.Property("NbUsers") + .HasColumnType("int"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TotalPages") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("From") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("HasMultipleAttribute") + .HasColumnType("tinyint(1)"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("TargetUserAttribute") + .HasColumnType("longtext"); + + b.Property("TargetUserProperty") + .HasColumnType("longtext"); + + b.Property("Usage") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ExternalId") + .HasColumnType("longtext"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Name") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Format") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("varchar(255)"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Name") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("varchar(255)"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Path") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("IsDefault") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("SourceUserAttribute") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Enc") + .HasColumnType("longtext"); + + b.Property("IsSymmetric") + .HasColumnType("tinyint(1)"); + + b.Property("Key") + .HasColumnType("longblob"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PrivateKeyPem") + .HasColumnType("longtext"); + + b.Property("PublicKeyPem") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("int"); + + b.Property("AuthorizationCode") + .HasColumnType("longtext"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Data") + .HasColumnType("longtext"); + + b.Property("ExpirationTime") + .HasColumnType("datetime(6)"); + + b.Property("GrantId") + .HasColumnType("longtext"); + + b.Property("Id") + .HasColumnType("longtext"); + + b.Property("Jkt") + .HasColumnType("longtext"); + + b.Property("OriginalData") + .HasColumnType("longtext"); + + b.Property("SessionId") + .HasColumnType("longtext"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("varchar(255)"); + + b.Property("Key") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Language") + .HasColumnType("longtext"); + + b.Property("Value") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Owner") + .HasColumnType("longtext"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Requester") + .HasColumnType("longtext"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("longtext"); + + b.Property("Type") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("longtext"); + + b.Property("Firstname") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("varchar(255)"); + + b.Property("Lastname") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DeviceType") + .HasColumnType("longtext"); + + b.Property("Manufacturer") + .HasColumnType("longtext"); + + b.Property("Model") + .HasColumnType("longtext"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("PushToken") + .HasColumnType("longtext"); + + b.Property("PushType") + .HasColumnType("longtext"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Version") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("State") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("int"); + + b.Property("UMAResourceId") + .HasColumnType("varchar(255)"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240604114006_AddMessageBusErrorMessage.cs b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240604114006_AddMessageBusErrorMessage.cs new file mode 100644 index 000000000..226e2d7db --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240604114006_AddMessageBusErrorMessage.cs @@ -0,0 +1,48 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.MySQLMigrations.Migrations +{ + /// + public partial class AddMessageBusErrorMessage : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.CreateTable( + name: "MessageBusErrorMessages", + columns: table => new + { + Id = table.Column(type: "varchar(255)", nullable: false) + .Annotation("MySql:CharSet", "utf8mb4"), + ExternalId = table.Column(type: "longtext", nullable: true) + .Annotation("MySql:CharSet", "utf8mb4"), + Name = table.Column(type: "longtext", nullable: false) + .Annotation("MySql:CharSet", "utf8mb4"), + FullName = table.Column(type: "longtext", nullable: false) + .Annotation("MySql:CharSet", "utf8mb4"), + Content = table.Column(type: "longtext", nullable: false) + .Annotation("MySql:CharSet", "utf8mb4"), + Exceptions = table.Column(type: "longtext", nullable: false) + .Annotation("MySql:CharSet", "utf8mb4"), + ReceivedDateTime = table.Column(type: "datetime(6)", nullable: false), + QueueName = table.Column(type: "longtext", nullable: false) + .Annotation("MySql:CharSet", "utf8mb4") + }, + constraints: table => + { + table.PrimaryKey("PK_MessageBusErrorMessages", x => x.Id); + }) + .Annotation("MySql:CharSet", "utf8mb4"); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropTable( + name: "MessageBusErrorMessages"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240614194622_LockAccount.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240614194622_LockAccount.Designer.cs new file mode 100644 index 000000000..f1fd2452e --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240614194622_LockAccount.Designer.cs @@ -0,0 +1,3231 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.MySQLMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240614194622_LockAccount")] + partial class LockAccount + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 64); + + MySqlModelBuilderExtensions.AutoIncrementColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("varchar(255)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("varchar(255)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("RolesId") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("longtext"); + + b.Property("Xml") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.Property("SerializedFileKeysId") + .HasColumnType("varchar(255)"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("DisplayName") + .HasColumnType("longtext"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("SourceClaimName") + .HasColumnType("longtext"); + + b.Property("TargetUserAttribute") + .HasColumnType("longtext"); + + b.Property("TargetUserProperty") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("longtext"); + + b.Property("AuthorizedScopeId") + .HasColumnType("int"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ClientId") + .HasColumnType("longtext"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Interval") + .HasColumnType("int"); + + b.Property("LastStatus") + .HasColumnType("int"); + + b.Property("NextFetchTime") + .HasColumnType("datetime(6)"); + + b.Property("NotificationEdp") + .HasColumnType("longtext"); + + b.Property("NotificationMode") + .HasColumnType("longtext"); + + b.Property("NotificationToken") + .HasColumnType("longtext"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RejectionSentDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("UserId") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("varchar(255)"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Message") + .HasColumnType("longtext"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Status") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ClaimType") + .HasColumnType("int"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("varchar(255)"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("double"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("tinyint(1)"); + + b.Property("JwksUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("longtext"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("longtext"); + + b.Property("SoftwareId") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("varchar(255)"); + + b.Property("KeyType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DisplayCondition") + .HasColumnType("longtext"); + + b.Property("IsRequired") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Order") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ScopeId") + .HasColumnType("varchar(255)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("varchar(255)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)"); + + b.Property("LastAccessTime") + .HasColumnType("datetime(6)"); + + b.Property("NextAccessDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UserId") + .HasColumnType("varchar(255)"); + + b.Property("UserLogin") + .HasColumnType("longtext"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("varchar(255)"); + + b.Property("Version") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Values") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("varchar(255)"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("UsersId") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("IsEnabled") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("int"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime(6)"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("int"); + + b.Property("NbGroups") + .HasColumnType("int"); + + b.Property("NbUsers") + .HasColumnType("int"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TotalPages") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("From") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("HasMultipleAttribute") + .HasColumnType("tinyint(1)"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("TargetUserAttribute") + .HasColumnType("longtext"); + + b.Property("TargetUserProperty") + .HasColumnType("longtext"); + + b.Property("Usage") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ExternalId") + .HasColumnType("longtext"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Name") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Format") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("varchar(255)"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Name") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("varchar(255)"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Path") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("IsDefault") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("SourceUserAttribute") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Enc") + .HasColumnType("longtext"); + + b.Property("IsSymmetric") + .HasColumnType("tinyint(1)"); + + b.Property("Key") + .HasColumnType("longblob"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PrivateKeyPem") + .HasColumnType("longtext"); + + b.Property("PublicKeyPem") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("int"); + + b.Property("AuthorizationCode") + .HasColumnType("longtext"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Data") + .HasColumnType("longtext"); + + b.Property("ExpirationTime") + .HasColumnType("datetime(6)"); + + b.Property("GrantId") + .HasColumnType("longtext"); + + b.Property("Id") + .HasColumnType("longtext"); + + b.Property("Jkt") + .HasColumnType("longtext"); + + b.Property("OriginalData") + .HasColumnType("longtext"); + + b.Property("SessionId") + .HasColumnType("longtext"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("varchar(255)"); + + b.Property("Key") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Language") + .HasColumnType("longtext"); + + b.Property("Value") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Owner") + .HasColumnType("longtext"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Requester") + .HasColumnType("longtext"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("longtext"); + + b.Property("Type") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("longtext"); + + b.Property("Firstname") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("varchar(255)"); + + b.Property("Lastname") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DeviceType") + .HasColumnType("longtext"); + + b.Property("Manufacturer") + .HasColumnType("longtext"); + + b.Property("Model") + .HasColumnType("longtext"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("PushToken") + .HasColumnType("longtext"); + + b.Property("PushType") + .HasColumnType("longtext"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Version") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("State") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("int"); + + b.Property("UMAResourceId") + .HasColumnType("varchar(255)"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240614194622_LockAccount.cs b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240614194622_LockAccount.cs new file mode 100644 index 000000000..0adfd9874 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240614194622_LockAccount.cs @@ -0,0 +1,40 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.MySQLMigrations.Migrations +{ + /// + public partial class LockAccount : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "NbLoginAttempt", + table: "Users", + type: "int", + nullable: false, + defaultValue: 0); + + migrationBuilder.AddColumn( + name: "UnblockDateTime", + table: "Users", + type: "datetime(6)", + nullable: true); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "NbLoginAttempt", + table: "Users"); + + migrationBuilder.DropColumn( + name: "UnblockDateTime", + table: "Users"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240628184925_ClientIsIsNullable.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240628184925_ClientIsIsNullable.Designer.cs new file mode 100644 index 000000000..b55a46175 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240628184925_ClientIsIsNullable.Designer.cs @@ -0,0 +1,3239 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.MySQLMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240628184925_ClientIsIsNullable")] + partial class ClientIsIsNullable + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 64); + + MySqlModelBuilderExtensions.AutoIncrementColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("varchar(255)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("varchar(255)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("RolesId") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("longtext"); + + b.Property("Xml") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.Property("SerializedFileKeysId") + .HasColumnType("varchar(255)"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("DisplayName") + .HasColumnType("longtext"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("SourceClaimName") + .HasColumnType("longtext"); + + b.Property("TargetUserAttribute") + .HasColumnType("longtext"); + + b.Property("TargetUserProperty") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("longtext"); + + b.Property("AuthorizedScopeId") + .HasColumnType("int"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ClientId") + .HasColumnType("longtext"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Interval") + .HasColumnType("int"); + + b.Property("LastStatus") + .HasColumnType("int"); + + b.Property("NextFetchTime") + .HasColumnType("datetime(6)"); + + b.Property("NotificationEdp") + .HasColumnType("longtext"); + + b.Property("NotificationMode") + .HasColumnType("longtext"); + + b.Property("NotificationToken") + .HasColumnType("longtext"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RejectionSentDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("UserId") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("varchar(255)"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Message") + .HasColumnType("longtext"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Status") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ClaimType") + .HasColumnType("int"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("varchar(255)"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("double"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("tinyint(1)"); + + b.Property("JwksUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("longtext"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("longtext"); + + b.Property("SoftwareId") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("varchar(255)"); + + b.Property("KeyType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DisplayCondition") + .HasColumnType("longtext"); + + b.Property("IsRequired") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Order") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ScopeId") + .HasColumnType("varchar(255)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("varchar(255)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)"); + + b.Property("LastAccessTime") + .HasColumnType("datetime(6)"); + + b.Property("NextAccessDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UserId") + .HasColumnType("varchar(255)"); + + b.Property("UserLogin") + .HasColumnType("longtext"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("varchar(255)"); + + b.Property("Version") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Values") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("varchar(255)"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("UsersId") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("IsEnabled") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("int"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime(6)"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("int"); + + b.Property("NbGroups") + .HasColumnType("int"); + + b.Property("NbUsers") + .HasColumnType("int"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TotalPages") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("From") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("HasMultipleAttribute") + .HasColumnType("tinyint(1)"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("TargetUserAttribute") + .HasColumnType("longtext"); + + b.Property("TargetUserProperty") + .HasColumnType("longtext"); + + b.Property("Usage") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ExternalId") + .HasColumnType("longtext"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Name") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Format") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("varchar(255)"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Name") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("varchar(255)"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Path") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("IsDefault") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("SourceUserAttribute") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Enc") + .HasColumnType("longtext"); + + b.Property("IsSymmetric") + .HasColumnType("tinyint(1)"); + + b.Property("Key") + .HasColumnType("longblob"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PrivateKeyPem") + .HasColumnType("longtext"); + + b.Property("PublicKeyPem") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("int"); + + b.Property("AuthorizationCode") + .HasColumnType("longtext"); + + b.Property("ClientId") + .HasColumnType("longtext"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Data") + .HasColumnType("longtext"); + + b.Property("ExpirationTime") + .HasColumnType("datetime(6)"); + + b.Property("GrantId") + .HasColumnType("longtext"); + + b.Property("Id") + .HasColumnType("longtext"); + + b.Property("Jkt") + .HasColumnType("longtext"); + + b.Property("OriginalData") + .HasColumnType("longtext"); + + b.Property("SessionId") + .HasColumnType("longtext"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("varchar(255)"); + + b.Property("Key") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Language") + .HasColumnType("longtext"); + + b.Property("Value") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Owner") + .HasColumnType("longtext"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Requester") + .HasColumnType("longtext"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("longtext"); + + b.Property("Type") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("longtext"); + + b.Property("Firstname") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("varchar(255)"); + + b.Property("Lastname") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DeviceType") + .HasColumnType("longtext"); + + b.Property("Manufacturer") + .HasColumnType("longtext"); + + b.Property("Model") + .HasColumnType("longtext"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("PushToken") + .HasColumnType("longtext"); + + b.Property("PushType") + .HasColumnType("longtext"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Version") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("State") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("int"); + + b.Property("UMAResourceId") + .HasColumnType("varchar(255)"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240628184925_ClientIsIsNullable.cs b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240628184925_ClientIsIsNullable.cs new file mode 100644 index 000000000..ca1c41d7c --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240628184925_ClientIsIsNullable.cs @@ -0,0 +1,68 @@ +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.MySQLMigrations.Migrations +{ + /// + public partial class ClientIsIsNullable : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AlterColumn( + name: "ClientId", + table: "Tokens", + type: "longtext", + nullable: true, + oldClrType: typeof(string), + oldType: "longtext") + .Annotation("MySql:CharSet", "utf8mb4") + .OldAnnotation("MySql:CharSet", "utf8mb4"); + + migrationBuilder.AddColumn( + name: "IsSelfIssueEnabled", + table: "Clients", + type: "tinyint(1)", + nullable: false, + defaultValue: false); + + migrationBuilder.AddColumn( + name: "SubjectSyntaxTypesSupported", + table: "Clients", + type: "longtext", + nullable: false) + .Annotation("MySql:CharSet", "utf8mb4"); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "IsSelfIssueEnabled", + table: "Clients"); + + migrationBuilder.DropColumn( + name: "SubjectSyntaxTypesSupported", + table: "Clients"); + + migrationBuilder.UpdateData( + table: "Tokens", + keyColumn: "ClientId", + keyValue: null, + column: "ClientId", + value: ""); + + migrationBuilder.AlterColumn( + name: "ClientId", + table: "Tokens", + type: "longtext", + nullable: false, + oldClrType: typeof(string), + oldType: "longtext", + oldNullable: true) + .Annotation("MySql:CharSet", "utf8mb4") + .OldAnnotation("MySql:CharSet", "utf8mb4"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240722143026_SupportOpenidFederation.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240722143026_SupportOpenidFederation.Designer.cs new file mode 100644 index 000000000..568ae35e6 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240722143026_SupportOpenidFederation.Designer.cs @@ -0,0 +1,3276 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.MySQLMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240722143026_SupportOpenidFederation")] + partial class SupportOpenidFederation + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 64); + + MySqlModelBuilderExtensions.AutoIncrementColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("varchar(255)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("varchar(255)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("RolesId") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("longtext"); + + b.Property("Xml") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.Property("SerializedFileKeysId") + .HasColumnType("varchar(255)"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("DisplayName") + .HasColumnType("longtext"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("SourceClaimName") + .HasColumnType("longtext"); + + b.Property("TargetUserAttribute") + .HasColumnType("longtext"); + + b.Property("TargetUserProperty") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("longtext"); + + b.Property("AuthorizedScopeId") + .HasColumnType("int"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ClientId") + .HasColumnType("longtext"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Interval") + .HasColumnType("int"); + + b.Property("LastStatus") + .HasColumnType("int"); + + b.Property("NextFetchTime") + .HasColumnType("datetime(6)"); + + b.Property("NotificationEdp") + .HasColumnType("longtext"); + + b.Property("NotificationMode") + .HasColumnType("longtext"); + + b.Property("NotificationToken") + .HasColumnType("longtext"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RejectionSentDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("UserId") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("varchar(255)"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Message") + .HasColumnType("longtext"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Status") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ClaimType") + .HasColumnType("int"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("varchar(255)"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("double"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("tinyint(1)"); + + b.Property("JwksUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("longtext"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("longtext"); + + b.Property("SoftwareId") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("varchar(255)"); + + b.Property("KeyType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DisplayCondition") + .HasColumnType("longtext"); + + b.Property("IsRequired") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Order") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ScopeId") + .HasColumnType("varchar(255)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("varchar(255)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)"); + + b.Property("LastAccessTime") + .HasColumnType("datetime(6)"); + + b.Property("NextAccessDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UserId") + .HasColumnType("varchar(255)"); + + b.Property("UserLogin") + .HasColumnType("longtext"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("varchar(255)"); + + b.Property("Version") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Values") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("varchar(255)"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("UsersId") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("IsEnabled") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("int"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime(6)"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("int"); + + b.Property("NbGroups") + .HasColumnType("int"); + + b.Property("NbUsers") + .HasColumnType("int"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TotalPages") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("From") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("HasMultipleAttribute") + .HasColumnType("tinyint(1)"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("TargetUserAttribute") + .HasColumnType("longtext"); + + b.Property("TargetUserProperty") + .HasColumnType("longtext"); + + b.Property("Usage") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ExternalId") + .HasColumnType("longtext"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Name") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Format") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("varchar(255)"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Name") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("varchar(255)"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Path") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("IsDefault") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("SourceUserAttribute") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Enc") + .HasColumnType("longtext"); + + b.Property("IsSymmetric") + .HasColumnType("tinyint(1)"); + + b.Property("Key") + .HasColumnType("longblob"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PrivateKeyPem") + .HasColumnType("longtext"); + + b.Property("PublicKeyPem") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("int"); + + b.Property("AuthorizationCode") + .HasColumnType("longtext"); + + b.Property("ClientId") + .HasColumnType("longtext"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Data") + .HasColumnType("longtext"); + + b.Property("ExpirationTime") + .HasColumnType("datetime(6)"); + + b.Property("GrantId") + .HasColumnType("longtext"); + + b.Property("Id") + .HasColumnType("longtext"); + + b.Property("Jkt") + .HasColumnType("longtext"); + + b.Property("OriginalData") + .HasColumnType("longtext"); + + b.Property("SessionId") + .HasColumnType("longtext"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("varchar(255)"); + + b.Property("Key") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Language") + .HasColumnType("longtext"); + + b.Property("Value") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Owner") + .HasColumnType("longtext"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Requester") + .HasColumnType("longtext"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("longtext"); + + b.Property("Type") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("longtext"); + + b.Property("Firstname") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("varchar(255)"); + + b.Property("Lastname") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DeviceType") + .HasColumnType("longtext"); + + b.Property("Manufacturer") + .HasColumnType("longtext"); + + b.Property("Model") + .HasColumnType("longtext"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("PushToken") + .HasColumnType("longtext"); + + b.Property("PushType") + .HasColumnType("longtext"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Version") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("State") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("int"); + + b.Property("UMAResourceId") + .HasColumnType("varchar(255)"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240722143026_SupportOpenidFederation.cs b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240722143026_SupportOpenidFederation.cs new file mode 100644 index 000000000..f8f545623 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240722143026_SupportOpenidFederation.cs @@ -0,0 +1,62 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.MySQLMigrations.Migrations +{ + /// + public partial class SupportOpenidFederation : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "ClientRegistrationTypesSupported", + table: "Clients", + type: "longtext", + nullable: false) + .Annotation("MySql:CharSet", "utf8mb4"); + + migrationBuilder.AddColumn( + name: "ExpirationDateTime", + table: "Clients", + type: "datetime(6)", + nullable: true); + + migrationBuilder.CreateTable( + name: "FederationEntities", + columns: table => new + { + Id = table.Column(type: "varchar(255)", nullable: false) + .Annotation("MySql:CharSet", "utf8mb4"), + Sub = table.Column(type: "longtext", nullable: false) + .Annotation("MySql:CharSet", "utf8mb4"), + Realm = table.Column(type: "longtext", nullable: true) + .Annotation("MySql:CharSet", "utf8mb4"), + IsSubordinate = table.Column(type: "tinyint(1)", nullable: false), + CreateDateTime = table.Column(type: "datetime(6)", nullable: false) + }, + constraints: table => + { + table.PrimaryKey("PK_FederationEntities", x => x.Id); + }) + .Annotation("MySql:CharSet", "utf8mb4"); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropTable( + name: "FederationEntities"); + + migrationBuilder.DropColumn( + name: "ClientRegistrationTypesSupported", + table: "Clients"); + + migrationBuilder.DropColumn( + name: "ExpirationDateTime", + table: "Clients"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240805132838_SupportAdminRole.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240805132838_SupportAdminRole.Designer.cs new file mode 100644 index 000000000..d6b297221 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240805132838_SupportAdminRole.Designer.cs @@ -0,0 +1,3284 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.MySQLMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240805132838_SupportAdminRole")] + partial class SupportAdminRole + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 64); + + MySqlModelBuilderExtensions.AutoIncrementColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("varchar(255)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("varchar(255)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("RolesId") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("longtext"); + + b.Property("Xml") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.Property("ScopesId") + .HasColumnType("varchar(255)"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.Property("SerializedFileKeysId") + .HasColumnType("varchar(255)"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("DisplayName") + .HasColumnType("longtext"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("SourceClaimName") + .HasColumnType("longtext"); + + b.Property("TargetUserAttribute") + .HasColumnType("longtext"); + + b.Property("TargetUserProperty") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("longtext"); + + b.Property("AuthorizedScopeId") + .HasColumnType("int"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ClientId") + .HasColumnType("longtext"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Interval") + .HasColumnType("int"); + + b.Property("LastStatus") + .HasColumnType("int"); + + b.Property("NextFetchTime") + .HasColumnType("datetime(6)"); + + b.Property("NotificationEdp") + .HasColumnType("longtext"); + + b.Property("NotificationMode") + .HasColumnType("longtext"); + + b.Property("NotificationToken") + .HasColumnType("longtext"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RejectionSentDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("UserId") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("varchar(255)"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Message") + .HasColumnType("longtext"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Status") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ClaimType") + .HasColumnType("int"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("varchar(255)"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("double"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("tinyint(1)"); + + b.Property("JwksUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("longtext"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("longtext"); + + b.Property("SoftwareId") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("double") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("varchar(255)"); + + b.Property("KeyType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DisplayCondition") + .HasColumnType("longtext"); + + b.Property("IsRequired") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Order") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ScopeId") + .HasColumnType("varchar(255)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("varchar(255)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)"); + + b.Property("LastAccessTime") + .HasColumnType("datetime(6)"); + + b.Property("NextAccessDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UserId") + .HasColumnType("varchar(255)"); + + b.Property("UserLogin") + .HasColumnType("longtext"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("varchar(255)"); + + b.Property("Version") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Values") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("varchar(255)"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("varchar(255)"); + + b.Property("UsersId") + .HasColumnType("varchar(255)"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("IsEnabled") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("int"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime(6)"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("int"); + + b.Property("NbGroups") + .HasColumnType("int"); + + b.Property("NbUsers") + .HasColumnType("int"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TotalPages") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("From") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("HasMultipleAttribute") + .HasColumnType("tinyint(1)"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("TargetUserAttribute") + .HasColumnType("longtext"); + + b.Property("TargetUserProperty") + .HasColumnType("longtext"); + + b.Property("Usage") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ExternalId") + .HasColumnType("longtext"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Name") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Format") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("varchar(255)"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Name") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("varchar(255)"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Path") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("varchar(255)"); + + b.Property("RealmsName") + .HasColumnType("varchar(255)"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("IsDefault") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Action") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "action"); + + b.Property("Component") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "component"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("SourceUserAttribute") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Enc") + .HasColumnType("longtext"); + + b.Property("IsSymmetric") + .HasColumnType("tinyint(1)"); + + b.Property("Key") + .HasColumnType("longblob"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("PrivateKeyPem") + .HasColumnType("longtext"); + + b.Property("PublicKeyPem") + .HasColumnType("longtext"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("int"); + + b.Property("AuthorizationCode") + .HasColumnType("longtext"); + + b.Property("ClientId") + .HasColumnType("longtext"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Data") + .HasColumnType("longtext"); + + b.Property("ExpirationTime") + .HasColumnType("datetime(6)"); + + b.Property("GrantId") + .HasColumnType("longtext"); + + b.Property("Id") + .HasColumnType("longtext"); + + b.Property("Jkt") + .HasColumnType("longtext"); + + b.Property("OriginalData") + .HasColumnType("longtext"); + + b.Property("SessionId") + .HasColumnType("longtext"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("varchar(255)"); + + b.Property("Key") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Language") + .HasColumnType("longtext"); + + b.Property("Value") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Owner") + .HasColumnType("longtext"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Requester") + .HasColumnType("longtext"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("longtext"); + + b.Property("Type") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("longtext"); + + b.Property("Firstname") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("varchar(255)"); + + b.Property("Lastname") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)"); + + b.Property("DeviceType") + .HasColumnType("longtext"); + + b.Property("Manufacturer") + .HasColumnType("longtext"); + + b.Property("Model") + .HasColumnType("longtext"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("PushToken") + .HasColumnType("longtext"); + + b.Property("PushType") + .HasColumnType("longtext"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.Property("Version") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("State") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("varchar(255)"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("int"); + + b.Property("UMAResourceId") + .HasColumnType("varchar(255)"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240805132838_SupportAdminRole.cs b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240805132838_SupportAdminRole.cs new file mode 100644 index 000000000..40c42ffbb --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/20240805132838_SupportAdminRole.cs @@ -0,0 +1,39 @@ +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.MySQLMigrations.Migrations +{ + /// + public partial class SupportAdminRole : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "Action", + table: "Scopes", + type: "int", + nullable: true); + + migrationBuilder.AddColumn( + name: "Component", + table: "Scopes", + type: "longtext", + nullable: true) + .Annotation("MySql:CharSet", "utf8mb4"); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "Action", + table: "Scopes"); + + migrationBuilder.DropColumn( + name: "Component", + table: "Scopes"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/StoreDbContextModelSnapshot.cs b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/StoreDbContextModelSnapshot.cs index 8d8de8fa2..e2b7fa5f5 100644 --- a/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/StoreDbContextModelSnapshot.cs +++ b/src/IdServer/SimpleIdServer.IdServer.MySQLMigrations/Migrations/StoreDbContextModelSnapshot.cs @@ -757,6 +757,11 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("longtext") .HasAnnotation("Relational:JsonPropertyName", "client_id"); + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + b.Property("ClientSecret") .IsRequired() .HasColumnType("longtext") @@ -800,6 +805,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("double") .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + b.Property("ExpirationDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + b.Property("FrontChannelLogoutSessionRequired") .HasColumnType("tinyint(1)") .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); @@ -845,6 +854,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("tinyint(1)") .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + b.Property("IsSelfIssueEnabled") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + b.Property("IsTokenExchangeEnabled") .HasColumnType("tinyint(1)") .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); @@ -925,6 +938,11 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("longtext") .HasAnnotation("Relational:JsonPropertyName", "software_version"); + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + b.Property("SubjectType") .HasColumnType("longtext") .HasAnnotation("Relational:JsonPropertyName", "subject_type"); @@ -1572,6 +1590,42 @@ protected override void BuildModel(ModelBuilder modelBuilder) b.ToTable("Languages"); }); + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ExternalId") + .HasColumnType("longtext"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("Name") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("longtext"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => { b.Property("Id") @@ -1758,6 +1812,14 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("varchar(255)") .HasAnnotation("Relational:JsonPropertyName", "id"); + b.Property("Action") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "action"); + + b.Property("Component") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "component"); + b.Property("CreateDateTime") .HasColumnType("datetime(6)") .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); @@ -1906,7 +1968,6 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("longtext"); b.Property("ClientId") - .IsRequired() .HasColumnType("longtext"); b.Property("CreateDateTime") @@ -2189,6 +2250,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("longtext") .HasAnnotation("Relational:JsonPropertyName", "name"); + b.Property("NbLoginAttempt") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + b.Property("NotificationMode") .IsRequired() .HasColumnType("longtext") @@ -2202,6 +2267,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("int") .HasAnnotation("Relational:JsonPropertyName", "status"); + b.Property("UnblockDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + b.Property("UpdateDateTime") .HasColumnType("datetime(6)") .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); @@ -2415,6 +2484,34 @@ protected override void BuildModel(ModelBuilder modelBuilder) b.HasAnnotation("Relational:JsonPropertyName", "sessions"); }); + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("varchar(255)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime(6)") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("tinyint(1)") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("longtext") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + modelBuilder.Entity("TranslationUMAResource", b => { b.Property("TranslationsId") diff --git a/src/IdServer/SimpleIdServer.IdServer.Notification.Gotify/Apis/GotifyConnectionsController.cs b/src/IdServer/SimpleIdServer.IdServer.Notification.Gotify/Apis/GotifyConnectionsController.cs index 3544b8825..1d661d5b3 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Notification.Gotify/Apis/GotifyConnectionsController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Notification.Gotify/Apis/GotifyConnectionsController.cs @@ -13,13 +13,13 @@ namespace SimpleIdServer.IdServer.Notification.Gotify.Apis; public class GotifyConnectionsController { private readonly IConfiguration _configuration; - private readonly Infrastructures.IHttpClientFactory _httpClientFactory; + private readonly Helpers.IHttpClientFactory _httpClientFactory; private readonly IGotiySessionStore _gotiySessionStore; private readonly ITransactionBuilder _transactionBuilder; public GotifyConnectionsController( IConfiguration configuration, - Infrastructures.IHttpClientFactory httpClientFactory, + Helpers.IHttpClientFactory httpClientFactory, IGotiySessionStore gotiySessionStore, ITransactionBuilder transactionBuilder) { diff --git a/src/IdServer/SimpleIdServer.IdServer.Notification.Gotify/GotifyUserNotificationService.cs b/src/IdServer/SimpleIdServer.IdServer.Notification.Gotify/GotifyUserNotificationService.cs index 0f049ed44..d41602f4b 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Notification.Gotify/GotifyUserNotificationService.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Notification.Gotify/GotifyUserNotificationService.cs @@ -14,12 +14,12 @@ namespace SimpleIdServer.IdServer.Notification.Gotify; public class GotifyUserNotificationService : IUserNotificationService { private readonly IConfiguration _configuration; - private readonly Infrastructures.IHttpClientFactory _httpClientFactory; + private readonly Helpers.IHttpClientFactory _httpClientFactory; private readonly IGotiySessionStore _gotifySessionStore; public GotifyUserNotificationService( - IConfiguration configuration, - Infrastructures.IHttpClientFactory httpClientFactory, + IConfiguration configuration, + Helpers.IHttpClientFactory httpClientFactory, IGotiySessionStore gotifySessionStore) { _configuration = configuration; diff --git a/src/IdServer/SimpleIdServer.IdServer.Otp/UI/AuthenticateController.cs b/src/IdServer/SimpleIdServer.IdServer.Otp/UI/AuthenticateController.cs index f2aae58b2..c9bb3d48f 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Otp/UI/AuthenticateController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Otp/UI/AuthenticateController.cs @@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api; using SimpleIdServer.IdServer.Helpers; @@ -23,6 +24,7 @@ namespace SimpleIdServer.IdServer.Otp.UI; public class AuthenticateController : BaseOTPAuthenticateController { public AuthenticateController( + IConfiguration configuration, IEnumerable notificationServices, IEnumerable otpAuthenticators, IOtpAuthenticationService userAuthenticationService, @@ -40,7 +42,7 @@ public AuthenticateController( IJwtBuilder jwtBuilder, IBusControl busControl, IAntiforgery antiforgery, - IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(notificationServices, otpAuthenticators, userAuthenticationService, authenticationSchemeProvider, options, dataProtectionProvider, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, tokenRepository, transactionBuilder, jwtBuilder, busControl, antiforgery, authenticationContextClassReferenceRepository) + IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(configuration, notificationServices, otpAuthenticators, userAuthenticationService, authenticationSchemeProvider, options, dataProtectionProvider, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, tokenRepository, transactionBuilder, jwtBuilder, busControl, antiforgery, authenticationContextClassReferenceRepository) { } diff --git a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240604112932_AddErrorMessage.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240604112932_AddErrorMessage.Designer.cs new file mode 100644 index 000000000..071a814b1 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240604112932_AddErrorMessage.Designer.cs @@ -0,0 +1,3223 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.PostgreMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240604112932_AddErrorMessage")] + partial class AddErrorMessage + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 63); + + NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("text"); + + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("text"); + + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("RolesId") + .HasColumnType("text"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("text"); + + b.Property("Xml") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("text"); + + b.Property("SerializedFileKeysId") + .HasColumnType("text"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("DisplayName") + .HasColumnType("text"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("text"); + + b.Property("MapperType") + .HasColumnType("integer"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("SourceClaimName") + .HasColumnType("text"); + + b.Property("TargetUserAttribute") + .HasColumnType("text"); + + b.Property("TargetUserProperty") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("text"); + + b.Property("AuthorizedScopeId") + .HasColumnType("integer"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Interval") + .HasColumnType("integer"); + + b.Property("LastStatus") + .HasColumnType("integer"); + + b.Property("NextFetchTime") + .HasColumnType("timestamp with time zone"); + + b.Property("NotificationEdp") + .HasColumnType("text"); + + b.Property("NotificationMode") + .HasColumnType("text"); + + b.Property("NotificationToken") + .HasColumnType("text"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("RejectionSentDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("UserId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("text"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Message") + .HasColumnType("text"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Status") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ClaimType") + .HasColumnType("integer"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("text"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("text"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("double precision"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("boolean"); + + b.Property("JwksUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("text"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("text"); + + b.Property("SoftwareId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("KeyType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DisplayCondition") + .HasColumnType("text"); + + b.Property("IsRequired") + .HasColumnType("boolean"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("Order") + .HasColumnType("integer"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("ScopeId") + .HasColumnType("text"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("text"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("LastAccessTime") + .HasColumnType("timestamp with time zone"); + + b.Property("NextAccessDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("text"); + + b.Property("UserId") + .HasColumnType("text"); + + b.Property("UserLogin") + .HasColumnType("text"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("Version") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("text"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("text"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("text"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("Values") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("text"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("UsersId") + .HasColumnType("text"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("IsEnabled") + .HasColumnType("boolean"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("text"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("integer"); + + b.Property("ExecutionDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("text"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("integer"); + + b.Property("NbGroups") + .HasColumnType("integer"); + + b.Property("NbUsers") + .HasColumnType("integer"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("TotalPages") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("From") + .IsRequired() + .HasColumnType("text"); + + b.Property("HasMultipleAttribute") + .HasColumnType("boolean"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("MapperType") + .HasColumnType("integer"); + + b.Property("TargetUserAttribute") + .HasColumnType("text"); + + b.Property("TargetUserProperty") + .HasColumnType("text"); + + b.Property("Usage") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Content") + .IsRequired() + .HasColumnType("text"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("text"); + + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("text"); + + b.Property("ReceivedDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Format") + .IsRequired() + .HasColumnType("text"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("text"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("text"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("text"); + + b.Property("Path") + .IsRequired() + .HasColumnType("text"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("IsDefault") + .HasColumnType("boolean"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("text"); + + b.Property("SourceUserAttribute") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Enc") + .HasColumnType("text"); + + b.Property("IsSymmetric") + .HasColumnType("boolean"); + + b.Property("Key") + .HasColumnType("bytea"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("text"); + + b.Property("PrivateKeyPem") + .HasColumnType("text"); + + b.Property("PublicKeyPem") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("integer"); + + b.Property("AuthorizationCode") + .HasColumnType("text"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Data") + .HasColumnType("text"); + + b.Property("ExpirationTime") + .HasColumnType("timestamp with time zone"); + + b.Property("GrantId") + .HasColumnType("text"); + + b.Property("Id") + .HasColumnType("text"); + + b.Property("Jkt") + .HasColumnType("text"); + + b.Property("OriginalData") + .HasColumnType("text"); + + b.Property("SessionId") + .HasColumnType("text"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("Key") + .IsRequired() + .HasColumnType("text"); + + b.Property("Language") + .HasColumnType("text"); + + b.Property("Value") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Owner") + .HasColumnType("text"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("Requester") + .HasColumnType("text"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("text"); + + b.Property("Firstname") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("text"); + + b.Property("Lastname") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DeviceType") + .HasColumnType("text"); + + b.Property("Manufacturer") + .HasColumnType("text"); + + b.Property("Model") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("PushToken") + .HasColumnType("text"); + + b.Property("PushType") + .HasColumnType("text"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Version") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("text"); + + b.Property("State") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.Property("UMAResourceId") + .HasColumnType("text"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240604112932_AddErrorMessage.cs b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240604112932_AddErrorMessage.cs new file mode 100644 index 000000000..2d6c8dd78 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240604112932_AddErrorMessage.cs @@ -0,0 +1,40 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.PostgreMigrations.Migrations +{ + /// + public partial class AddErrorMessage : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.CreateTable( + name: "MessageBusErrorMessages", + columns: table => new + { + Id = table.Column(type: "text", nullable: false), + ExternalId = table.Column(type: "text", nullable: true), + Name = table.Column(type: "text", nullable: false), + FullName = table.Column(type: "text", nullable: false), + Content = table.Column(type: "text", nullable: false), + Exceptions = table.Column(type: "text", nullable: false), + ReceivedDateTime = table.Column(type: "timestamp with time zone", nullable: false), + QueueName = table.Column(type: "text", nullable: false) + }, + constraints: table => + { + table.PrimaryKey("PK_MessageBusErrorMessages", x => x.Id); + }); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropTable( + name: "MessageBusErrorMessages"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240614194140_LockAccount.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240614194140_LockAccount.Designer.cs new file mode 100644 index 000000000..9b7beb49a --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240614194140_LockAccount.Designer.cs @@ -0,0 +1,3231 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.PostgreMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240614194140_LockAccount")] + partial class LockAccount + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 63); + + NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("text"); + + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("text"); + + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("RolesId") + .HasColumnType("text"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("text"); + + b.Property("Xml") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("text"); + + b.Property("SerializedFileKeysId") + .HasColumnType("text"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("DisplayName") + .HasColumnType("text"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("text"); + + b.Property("MapperType") + .HasColumnType("integer"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("SourceClaimName") + .HasColumnType("text"); + + b.Property("TargetUserAttribute") + .HasColumnType("text"); + + b.Property("TargetUserProperty") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("text"); + + b.Property("AuthorizedScopeId") + .HasColumnType("integer"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Interval") + .HasColumnType("integer"); + + b.Property("LastStatus") + .HasColumnType("integer"); + + b.Property("NextFetchTime") + .HasColumnType("timestamp with time zone"); + + b.Property("NotificationEdp") + .HasColumnType("text"); + + b.Property("NotificationMode") + .HasColumnType("text"); + + b.Property("NotificationToken") + .HasColumnType("text"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("RejectionSentDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("UserId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("text"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Message") + .HasColumnType("text"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Status") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ClaimType") + .HasColumnType("integer"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("text"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("text"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("double precision"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("boolean"); + + b.Property("JwksUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("text"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("text"); + + b.Property("SoftwareId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("KeyType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DisplayCondition") + .HasColumnType("text"); + + b.Property("IsRequired") + .HasColumnType("boolean"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("Order") + .HasColumnType("integer"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("ScopeId") + .HasColumnType("text"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("text"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("LastAccessTime") + .HasColumnType("timestamp with time zone"); + + b.Property("NextAccessDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("text"); + + b.Property("UserId") + .HasColumnType("text"); + + b.Property("UserLogin") + .HasColumnType("text"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("Version") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("text"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("text"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("text"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("Values") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("text"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("UsersId") + .HasColumnType("text"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("IsEnabled") + .HasColumnType("boolean"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("text"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("integer"); + + b.Property("ExecutionDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("text"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("integer"); + + b.Property("NbGroups") + .HasColumnType("integer"); + + b.Property("NbUsers") + .HasColumnType("integer"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("TotalPages") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("From") + .IsRequired() + .HasColumnType("text"); + + b.Property("HasMultipleAttribute") + .HasColumnType("boolean"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("MapperType") + .HasColumnType("integer"); + + b.Property("TargetUserAttribute") + .HasColumnType("text"); + + b.Property("TargetUserProperty") + .HasColumnType("text"); + + b.Property("Usage") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Content") + .IsRequired() + .HasColumnType("text"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("text"); + + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("text"); + + b.Property("ReceivedDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Format") + .IsRequired() + .HasColumnType("text"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("text"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("text"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("text"); + + b.Property("Path") + .IsRequired() + .HasColumnType("text"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("IsDefault") + .HasColumnType("boolean"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("text"); + + b.Property("SourceUserAttribute") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Enc") + .HasColumnType("text"); + + b.Property("IsSymmetric") + .HasColumnType("boolean"); + + b.Property("Key") + .HasColumnType("bytea"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("text"); + + b.Property("PrivateKeyPem") + .HasColumnType("text"); + + b.Property("PublicKeyPem") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("integer"); + + b.Property("AuthorizationCode") + .HasColumnType("text"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Data") + .HasColumnType("text"); + + b.Property("ExpirationTime") + .HasColumnType("timestamp with time zone"); + + b.Property("GrantId") + .HasColumnType("text"); + + b.Property("Id") + .HasColumnType("text"); + + b.Property("Jkt") + .HasColumnType("text"); + + b.Property("OriginalData") + .HasColumnType("text"); + + b.Property("SessionId") + .HasColumnType("text"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("Key") + .IsRequired() + .HasColumnType("text"); + + b.Property("Language") + .HasColumnType("text"); + + b.Property("Value") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Owner") + .HasColumnType("text"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("Requester") + .HasColumnType("text"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("text"); + + b.Property("Firstname") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("text"); + + b.Property("Lastname") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DeviceType") + .HasColumnType("text"); + + b.Property("Manufacturer") + .HasColumnType("text"); + + b.Property("Model") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("PushToken") + .HasColumnType("text"); + + b.Property("PushType") + .HasColumnType("text"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Version") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("text"); + + b.Property("State") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.Property("UMAResourceId") + .HasColumnType("text"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240614194140_LockAccount.cs b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240614194140_LockAccount.cs new file mode 100644 index 000000000..8ec386ffe --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240614194140_LockAccount.cs @@ -0,0 +1,40 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.PostgreMigrations.Migrations +{ + /// + public partial class LockAccount : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "NbLoginAttempt", + table: "Users", + type: "integer", + nullable: false, + defaultValue: 0); + + migrationBuilder.AddColumn( + name: "UnblockDateTime", + table: "Users", + type: "timestamp with time zone", + nullable: true); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "NbLoginAttempt", + table: "Users"); + + migrationBuilder.DropColumn( + name: "UnblockDateTime", + table: "Users"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240628184721_ClientIsIsNullable.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240628184721_ClientIsIsNullable.Designer.cs new file mode 100644 index 000000000..a9c375fe2 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240628184721_ClientIsIsNullable.Designer.cs @@ -0,0 +1,3239 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.PostgreMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240628184721_ClientIsIsNullable")] + partial class ClientIsIsNullable + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 63); + + NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("text"); + + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("text"); + + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("RolesId") + .HasColumnType("text"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("text"); + + b.Property("Xml") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("text"); + + b.Property("SerializedFileKeysId") + .HasColumnType("text"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("DisplayName") + .HasColumnType("text"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("text"); + + b.Property("MapperType") + .HasColumnType("integer"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("SourceClaimName") + .HasColumnType("text"); + + b.Property("TargetUserAttribute") + .HasColumnType("text"); + + b.Property("TargetUserProperty") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("text"); + + b.Property("AuthorizedScopeId") + .HasColumnType("integer"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Interval") + .HasColumnType("integer"); + + b.Property("LastStatus") + .HasColumnType("integer"); + + b.Property("NextFetchTime") + .HasColumnType("timestamp with time zone"); + + b.Property("NotificationEdp") + .HasColumnType("text"); + + b.Property("NotificationMode") + .HasColumnType("text"); + + b.Property("NotificationToken") + .HasColumnType("text"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("RejectionSentDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("UserId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("text"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Message") + .HasColumnType("text"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Status") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ClaimType") + .HasColumnType("integer"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("text"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("text"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("double precision"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("boolean"); + + b.Property("JwksUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("text"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("text"); + + b.Property("SoftwareId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("KeyType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DisplayCondition") + .HasColumnType("text"); + + b.Property("IsRequired") + .HasColumnType("boolean"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("Order") + .HasColumnType("integer"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("ScopeId") + .HasColumnType("text"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("text"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("LastAccessTime") + .HasColumnType("timestamp with time zone"); + + b.Property("NextAccessDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("text"); + + b.Property("UserId") + .HasColumnType("text"); + + b.Property("UserLogin") + .HasColumnType("text"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("Version") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("text"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("text"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("text"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("Values") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("text"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("UsersId") + .HasColumnType("text"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("IsEnabled") + .HasColumnType("boolean"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("text"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("integer"); + + b.Property("ExecutionDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("text"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("integer"); + + b.Property("NbGroups") + .HasColumnType("integer"); + + b.Property("NbUsers") + .HasColumnType("integer"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("TotalPages") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("From") + .IsRequired() + .HasColumnType("text"); + + b.Property("HasMultipleAttribute") + .HasColumnType("boolean"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("MapperType") + .HasColumnType("integer"); + + b.Property("TargetUserAttribute") + .HasColumnType("text"); + + b.Property("TargetUserProperty") + .HasColumnType("text"); + + b.Property("Usage") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Content") + .IsRequired() + .HasColumnType("text"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("text"); + + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("text"); + + b.Property("ReceivedDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Format") + .IsRequired() + .HasColumnType("text"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("text"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("text"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("text"); + + b.Property("Path") + .IsRequired() + .HasColumnType("text"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("IsDefault") + .HasColumnType("boolean"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("text"); + + b.Property("SourceUserAttribute") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Enc") + .HasColumnType("text"); + + b.Property("IsSymmetric") + .HasColumnType("boolean"); + + b.Property("Key") + .HasColumnType("bytea"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("text"); + + b.Property("PrivateKeyPem") + .HasColumnType("text"); + + b.Property("PublicKeyPem") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("integer"); + + b.Property("AuthorizationCode") + .HasColumnType("text"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Data") + .HasColumnType("text"); + + b.Property("ExpirationTime") + .HasColumnType("timestamp with time zone"); + + b.Property("GrantId") + .HasColumnType("text"); + + b.Property("Id") + .HasColumnType("text"); + + b.Property("Jkt") + .HasColumnType("text"); + + b.Property("OriginalData") + .HasColumnType("text"); + + b.Property("SessionId") + .HasColumnType("text"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("Key") + .IsRequired() + .HasColumnType("text"); + + b.Property("Language") + .HasColumnType("text"); + + b.Property("Value") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Owner") + .HasColumnType("text"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("Requester") + .HasColumnType("text"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("text"); + + b.Property("Firstname") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("text"); + + b.Property("Lastname") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DeviceType") + .HasColumnType("text"); + + b.Property("Manufacturer") + .HasColumnType("text"); + + b.Property("Model") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("PushToken") + .HasColumnType("text"); + + b.Property("PushType") + .HasColumnType("text"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Version") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("text"); + + b.Property("State") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.Property("UMAResourceId") + .HasColumnType("text"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240628184721_ClientIsIsNullable.cs b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240628184721_ClientIsIsNullable.cs new file mode 100644 index 000000000..e1b4fa04a --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240628184721_ClientIsIsNullable.cs @@ -0,0 +1,58 @@ +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.PostgreMigrations.Migrations +{ + /// + public partial class ClientIsIsNullable : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AlterColumn( + name: "ClientId", + table: "Tokens", + type: "text", + nullable: true, + oldClrType: typeof(string), + oldType: "text"); + + migrationBuilder.AddColumn( + name: "IsSelfIssueEnabled", + table: "Clients", + type: "boolean", + nullable: false, + defaultValue: false); + + migrationBuilder.AddColumn( + name: "SubjectSyntaxTypesSupported", + table: "Clients", + type: "text", + nullable: false, + defaultValue: ""); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "IsSelfIssueEnabled", + table: "Clients"); + + migrationBuilder.DropColumn( + name: "SubjectSyntaxTypesSupported", + table: "Clients"); + + migrationBuilder.AlterColumn( + name: "ClientId", + table: "Tokens", + type: "text", + nullable: false, + defaultValue: "", + oldClrType: typeof(string), + oldType: "text", + oldNullable: true); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240722142834_SupportOpenidFederation.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240722142834_SupportOpenidFederation.Designer.cs new file mode 100644 index 000000000..0e16d2193 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240722142834_SupportOpenidFederation.Designer.cs @@ -0,0 +1,3276 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.PostgreMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240722142834_SupportOpenidFederation")] + partial class SupportOpenidFederation + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 63); + + NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("text"); + + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("text"); + + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("RolesId") + .HasColumnType("text"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("text"); + + b.Property("Xml") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("text"); + + b.Property("SerializedFileKeysId") + .HasColumnType("text"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("DisplayName") + .HasColumnType("text"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("text"); + + b.Property("MapperType") + .HasColumnType("integer"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("SourceClaimName") + .HasColumnType("text"); + + b.Property("TargetUserAttribute") + .HasColumnType("text"); + + b.Property("TargetUserProperty") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("text"); + + b.Property("AuthorizedScopeId") + .HasColumnType("integer"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Interval") + .HasColumnType("integer"); + + b.Property("LastStatus") + .HasColumnType("integer"); + + b.Property("NextFetchTime") + .HasColumnType("timestamp with time zone"); + + b.Property("NotificationEdp") + .HasColumnType("text"); + + b.Property("NotificationMode") + .HasColumnType("text"); + + b.Property("NotificationToken") + .HasColumnType("text"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("RejectionSentDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("UserId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("text"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Message") + .HasColumnType("text"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Status") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ClaimType") + .HasColumnType("integer"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("text"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("text"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("double precision"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("boolean"); + + b.Property("JwksUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("text"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("text"); + + b.Property("SoftwareId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("KeyType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DisplayCondition") + .HasColumnType("text"); + + b.Property("IsRequired") + .HasColumnType("boolean"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("Order") + .HasColumnType("integer"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("ScopeId") + .HasColumnType("text"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("text"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("LastAccessTime") + .HasColumnType("timestamp with time zone"); + + b.Property("NextAccessDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("text"); + + b.Property("UserId") + .HasColumnType("text"); + + b.Property("UserLogin") + .HasColumnType("text"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("Version") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("text"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("text"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("text"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("Values") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("text"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("UsersId") + .HasColumnType("text"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("IsEnabled") + .HasColumnType("boolean"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("text"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("integer"); + + b.Property("ExecutionDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("text"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("integer"); + + b.Property("NbGroups") + .HasColumnType("integer"); + + b.Property("NbUsers") + .HasColumnType("integer"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("TotalPages") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("From") + .IsRequired() + .HasColumnType("text"); + + b.Property("HasMultipleAttribute") + .HasColumnType("boolean"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("MapperType") + .HasColumnType("integer"); + + b.Property("TargetUserAttribute") + .HasColumnType("text"); + + b.Property("TargetUserProperty") + .HasColumnType("text"); + + b.Property("Usage") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Content") + .IsRequired() + .HasColumnType("text"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("text"); + + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("text"); + + b.Property("ReceivedDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Format") + .IsRequired() + .HasColumnType("text"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("text"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("text"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("text"); + + b.Property("Path") + .IsRequired() + .HasColumnType("text"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("IsDefault") + .HasColumnType("boolean"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("text"); + + b.Property("SourceUserAttribute") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Enc") + .HasColumnType("text"); + + b.Property("IsSymmetric") + .HasColumnType("boolean"); + + b.Property("Key") + .HasColumnType("bytea"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("text"); + + b.Property("PrivateKeyPem") + .HasColumnType("text"); + + b.Property("PublicKeyPem") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("integer"); + + b.Property("AuthorizationCode") + .HasColumnType("text"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Data") + .HasColumnType("text"); + + b.Property("ExpirationTime") + .HasColumnType("timestamp with time zone"); + + b.Property("GrantId") + .HasColumnType("text"); + + b.Property("Id") + .HasColumnType("text"); + + b.Property("Jkt") + .HasColumnType("text"); + + b.Property("OriginalData") + .HasColumnType("text"); + + b.Property("SessionId") + .HasColumnType("text"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("Key") + .IsRequired() + .HasColumnType("text"); + + b.Property("Language") + .HasColumnType("text"); + + b.Property("Value") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Owner") + .HasColumnType("text"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("Requester") + .HasColumnType("text"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("text"); + + b.Property("Firstname") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("text"); + + b.Property("Lastname") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DeviceType") + .HasColumnType("text"); + + b.Property("Manufacturer") + .HasColumnType("text"); + + b.Property("Model") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("PushToken") + .HasColumnType("text"); + + b.Property("PushType") + .HasColumnType("text"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Version") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("text"); + + b.Property("State") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.Property("UMAResourceId") + .HasColumnType("text"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240722142834_SupportOpenidFederation.cs b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240722142834_SupportOpenidFederation.cs new file mode 100644 index 000000000..4f5dfec61 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240722142834_SupportOpenidFederation.cs @@ -0,0 +1,58 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.PostgreMigrations.Migrations +{ + /// + public partial class SupportOpenidFederation : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "ClientRegistrationTypesSupported", + table: "Clients", + type: "text", + nullable: false, + defaultValue: ""); + + migrationBuilder.AddColumn( + name: "ExpirationDateTime", + table: "Clients", + type: "timestamp with time zone", + nullable: true); + + migrationBuilder.CreateTable( + name: "FederationEntities", + columns: table => new + { + Id = table.Column(type: "text", nullable: false), + Sub = table.Column(type: "text", nullable: false), + Realm = table.Column(type: "text", nullable: true), + IsSubordinate = table.Column(type: "boolean", nullable: false), + CreateDateTime = table.Column(type: "timestamp with time zone", nullable: false) + }, + constraints: table => + { + table.PrimaryKey("PK_FederationEntities", x => x.Id); + }); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropTable( + name: "FederationEntities"); + + migrationBuilder.DropColumn( + name: "ClientRegistrationTypesSupported", + table: "Clients"); + + migrationBuilder.DropColumn( + name: "ExpirationDateTime", + table: "Clients"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240805132749_SupportAdminRole.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240805132749_SupportAdminRole.Designer.cs new file mode 100644 index 000000000..d66e9c3c0 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240805132749_SupportAdminRole.Designer.cs @@ -0,0 +1,3284 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.PostgreMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240805132749_SupportAdminRole")] + partial class SupportAdminRole + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 63); + + NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("text"); + + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("text"); + + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("RolesId") + .HasColumnType("text"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("text"); + + b.Property("Xml") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("text"); + + b.Property("ScopesId") + .HasColumnType("text"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("text"); + + b.Property("SerializedFileKeysId") + .HasColumnType("text"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("DisplayName") + .HasColumnType("text"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("text"); + + b.Property("MapperType") + .HasColumnType("integer"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("SourceClaimName") + .HasColumnType("text"); + + b.Property("TargetUserAttribute") + .HasColumnType("text"); + + b.Property("TargetUserProperty") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("text"); + + b.Property("AuthorizedScopeId") + .HasColumnType("integer"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Interval") + .HasColumnType("integer"); + + b.Property("LastStatus") + .HasColumnType("integer"); + + b.Property("NextFetchTime") + .HasColumnType("timestamp with time zone"); + + b.Property("NotificationEdp") + .HasColumnType("text"); + + b.Property("NotificationMode") + .HasColumnType("text"); + + b.Property("NotificationToken") + .HasColumnType("text"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("RejectionSentDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("UserId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("text"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Message") + .HasColumnType("text"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Status") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ClaimType") + .HasColumnType("integer"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("text"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("text"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("double precision"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("boolean"); + + b.Property("JwksUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("text"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("text"); + + b.Property("SoftwareId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("double precision") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("KeyType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DisplayCondition") + .HasColumnType("text"); + + b.Property("IsRequired") + .HasColumnType("boolean"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("Order") + .HasColumnType("integer"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("ScopeId") + .HasColumnType("text"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("text"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("LastAccessTime") + .HasColumnType("timestamp with time zone"); + + b.Property("NextAccessDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("text"); + + b.Property("UserId") + .HasColumnType("text"); + + b.Property("UserLogin") + .HasColumnType("text"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("Version") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("text"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("text"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("text"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("Values") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("text"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("text"); + + b.Property("UsersId") + .HasColumnType("text"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("IsEnabled") + .HasColumnType("boolean"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("text"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("integer"); + + b.Property("ExecutionDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("text"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("integer"); + + b.Property("NbGroups") + .HasColumnType("integer"); + + b.Property("NbUsers") + .HasColumnType("integer"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("TotalPages") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("From") + .IsRequired() + .HasColumnType("text"); + + b.Property("HasMultipleAttribute") + .HasColumnType("boolean"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("text"); + + b.Property("MapperType") + .HasColumnType("integer"); + + b.Property("TargetUserAttribute") + .HasColumnType("text"); + + b.Property("TargetUserProperty") + .HasColumnType("text"); + + b.Property("Usage") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Content") + .IsRequired() + .HasColumnType("text"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("text"); + + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("text"); + + b.Property("ReceivedDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Format") + .IsRequired() + .HasColumnType("text"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("text"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("text"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("text"); + + b.Property("Path") + .IsRequired() + .HasColumnType("text"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("text"); + + b.Property("RealmsName") + .HasColumnType("text"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("IsDefault") + .HasColumnType("boolean"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Action") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "action"); + + b.Property("Component") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "component"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("text"); + + b.Property("SourceUserAttribute") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Enc") + .HasColumnType("text"); + + b.Property("IsSymmetric") + .HasColumnType("boolean"); + + b.Property("Key") + .HasColumnType("bytea"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("text"); + + b.Property("PrivateKeyPem") + .HasColumnType("text"); + + b.Property("PublicKeyPem") + .HasColumnType("text"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("integer"); + + b.Property("AuthorizationCode") + .HasColumnType("text"); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Data") + .HasColumnType("text"); + + b.Property("ExpirationTime") + .HasColumnType("timestamp with time zone"); + + b.Property("GrantId") + .HasColumnType("text"); + + b.Property("Id") + .HasColumnType("text"); + + b.Property("Jkt") + .HasColumnType("text"); + + b.Property("OriginalData") + .HasColumnType("text"); + + b.Property("SessionId") + .HasColumnType("text"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("text"); + + b.Property("Key") + .IsRequired() + .HasColumnType("text"); + + b.Property("Language") + .HasColumnType("text"); + + b.Property("Value") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Owner") + .HasColumnType("text"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("Requester") + .HasColumnType("text"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("text"); + + b.Property("Firstname") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("text"); + + b.Property("Lastname") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Value") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("DeviceType") + .HasColumnType("text"); + + b.Property("Manufacturer") + .HasColumnType("text"); + + b.Property("Model") + .HasColumnType("text"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("PushToken") + .HasColumnType("text"); + + b.Property("PushType") + .HasColumnType("text"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.Property("Version") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("text"); + + b.Property("State") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("text"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("integer"); + + b.Property("UMAResourceId") + .HasColumnType("text"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240805132749_SupportAdminRole.cs b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240805132749_SupportAdminRole.cs new file mode 100644 index 000000000..fcddc3620 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/20240805132749_SupportAdminRole.cs @@ -0,0 +1,38 @@ +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.PostgreMigrations.Migrations +{ + /// + public partial class SupportAdminRole : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "Action", + table: "Scopes", + type: "integer", + nullable: true); + + migrationBuilder.AddColumn( + name: "Component", + table: "Scopes", + type: "text", + nullable: true); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "Action", + table: "Scopes"); + + migrationBuilder.DropColumn( + name: "Component", + table: "Scopes"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/StoreDbContextModelSnapshot.cs b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/StoreDbContextModelSnapshot.cs index b3497fb8f..ca556b46f 100644 --- a/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/StoreDbContextModelSnapshot.cs +++ b/src/IdServer/SimpleIdServer.IdServer.PostgreMigrations/Migrations/StoreDbContextModelSnapshot.cs @@ -1,8 +1,10 @@ // +using System; using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata; using SimpleIdServer.IdServer.Store.EF; -using System; #nullable disable @@ -755,6 +757,11 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("text") .HasAnnotation("Relational:JsonPropertyName", "client_id"); + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + b.Property("ClientSecret") .IsRequired() .HasColumnType("text") @@ -798,6 +805,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("double precision") .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + b.Property("ExpirationDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + b.Property("FrontChannelLogoutSessionRequired") .HasColumnType("boolean") .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); @@ -843,6 +854,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("boolean") .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + b.Property("IsSelfIssueEnabled") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + b.Property("IsTokenExchangeEnabled") .HasColumnType("boolean") .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); @@ -923,6 +938,11 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("text") .HasAnnotation("Relational:JsonPropertyName", "software_version"); + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + b.Property("SubjectType") .HasColumnType("text") .HasAnnotation("Relational:JsonPropertyName", "subject_type"); @@ -1570,6 +1590,42 @@ protected override void BuildModel(ModelBuilder modelBuilder) b.ToTable("Languages"); }); + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Content") + .IsRequired() + .HasColumnType("text"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("text"); + + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("text"); + + b.Property("Name") + .IsRequired() + .HasColumnType("text"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("text"); + + b.Property("ReceivedDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => { b.Property("Id") @@ -1756,6 +1812,14 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("text") .HasAnnotation("Relational:JsonPropertyName", "id"); + b.Property("Action") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "action"); + + b.Property("Component") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "component"); + b.Property("CreateDateTime") .HasColumnType("timestamp with time zone") .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); @@ -1904,7 +1968,6 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("text"); b.Property("ClientId") - .IsRequired() .HasColumnType("text"); b.Property("CreateDateTime") @@ -2187,6 +2250,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("text") .HasAnnotation("Relational:JsonPropertyName", "name"); + b.Property("NbLoginAttempt") + .HasColumnType("integer") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + b.Property("NotificationMode") .IsRequired() .HasColumnType("text") @@ -2200,6 +2267,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("integer") .HasAnnotation("Relational:JsonPropertyName", "status"); + b.Property("UnblockDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + b.Property("UpdateDateTime") .HasColumnType("timestamp with time zone") .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); @@ -2413,6 +2484,34 @@ protected override void BuildModel(ModelBuilder modelBuilder) b.HasAnnotation("Relational:JsonPropertyName", "sessions"); }); + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("timestamp with time zone") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("boolean") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("text") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + modelBuilder.Entity("TranslationUMAResource", b => { b.Property("TranslationsId") diff --git a/src/IdServer/SimpleIdServer.IdServer.Provisioning.LDAP/LDAPRepresentationsExtractionJobOptions.cs b/src/IdServer/SimpleIdServer.IdServer.Provisioning.LDAP/LDAPRepresentationsExtractionJobOptions.cs index 9e301982f..be515c5b7 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Provisioning.LDAP/LDAPRepresentationsExtractionJobOptions.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Provisioning.LDAP/LDAPRepresentationsExtractionJobOptions.cs @@ -27,29 +27,31 @@ public class LDAPRepresentationsExtractionJobOptions #region Groups - [ConfigurationRecord("Groups DN", "Full DN of LDAP tree where your groups are.", order: 6)] + [ConfigurationRecord("Synchronize groups", "Enable or disabled groups synchronization", order: 6)] + public bool IsGroupSyncEnabled { get; set; } = false; + [ConfigurationRecord("Groups DN", "Full DN of LDAP tree where your groups are.", order: 7, "IsGroupSyncEnabled=true")] public string GroupsDN { get; set; } - [ConfigurationRecord("Group object classes", "All values of LDAP objectClass attribute for groups in LDAP, divided by commas.", order: 7)] + [ConfigurationRecord("Group object classes", "All values of LDAP objectClass attribute for groups in LDAP, divided by commas.", order: 8, "IsGroupSyncEnabled=true")] public string GroupObjectClasses { get; set; } = "posixGroup"; - [ConfigurationRecord("Membership Group LDAP Attribute.", "It is the name of the LDAP Attribute on the group, which is used for membership mappings, for example memberUid", order: 8)] + [ConfigurationRecord("Membership Group LDAP Attribute.", "It is the name of the LDAP Attribute on the group, which is used for membership mappings, for example memberUid", order: 9, "IsGroupSyncEnabled=true")] public string MembershipLDAPAttribute { get; set; } - [ConfigurationRecord("Membership User LDAP Attribute.", "It is the name of the LDAP Attribute on the user, which is used for membership mappings, for example uidNumber", order: 9)] + [ConfigurationRecord("Membership User LDAP Attribute.", "It is the name of the LDAP Attribute on the user, which is used for membership mappings, for example uidNumber", order: 10, "IsGroupSyncEnabled=true")] public string MembershipUserLDAPAttribute { get; set; } - [ConfigurationRecord("User Groups Retrieve Strategy", "Membership User LDAP Attribute.", order: 10)] + [ConfigurationRecord("User Groups Retrieve Strategy", "Membership User LDAP Attribute.", order: 11, "IsGroupSyncEnabled=true")] public LoadingStrategies RetrievingStrategies { get; set; } - [ConfigurationRecord("Member of LDAP Attribute", "Specifies the name of the LDAP Attribute on the LDAP user which contains the groups, which the user is member of.", order: 11, "RetrievingStrategies=LOAD_FROM_USER_MEMBEROF_ATTRIBUTE")] + [ConfigurationRecord("Member of LDAP Attribute", "Specifies the name of the LDAP Attribute on the LDAP user which contains the groups, which the user is member of.", order: 12, "RetrievingStrategies=LOAD_FROM_USER_MEMBEROF_ATTRIBUTE && IsGroupSyncEnabled=true")] public string MemberOfAttribute { get; set; } #endregion - [ConfigurationRecord("User Identifier LDAP Attribute", "Name of the LDAP attribute, which is used as a unique object identifier for objects in LDAP, objectSID for Active Directory or uidNumber of Open Ldap", order: 12)] + [ConfigurationRecord("User Identifier LDAP Attribute", "Name of the LDAP attribute, which is used as a unique object identifier for objects in LDAP, objectSID for Active Directory or uidNumber of Open Ldap", order: 13)] public string UserIdLDAPAttribute { get; set; } - [ConfigurationRecord("Group Identifier LDAP Attribute", "Name of the LDAP attribute, which is used as a unique object identifier for objects in LDAP, objectSID for Active Directory or gidNumber of Open Ldap", order: 13)] + [ConfigurationRecord("Group Identifier LDAP Attribute", "Name of the LDAP attribute, which is used as a unique object identifier for objects in LDAP, objectSID for Active Directory or gidNumber of Open Ldap", order: 14, "IsGroupSyncEnabled=true")] public string GroupIdLDAPAttribute { get; set; } - [ConfigurationRecord("Modification Date Attribute", "Name of the LDAP Attribute, which is used as the modification date for objects in LDAP", order: 14)] + [ConfigurationRecord("Modification Date Attribute", "Name of the LDAP Attribute, which is used as the modification date for objects in LDAP", order: 15)] public string ModificationDateAttribute { get; set; } = "modificationDate"; - [ConfigurationRecord("Batch size", "Number of records", order: 15)] + [ConfigurationRecord("Batch size", "Number of records", order: 16)] public int BatchSize { get; set; } = 1; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Provisioning.LDAP/Services/LDAPProvisioningService.cs b/src/IdServer/SimpleIdServer.IdServer.Provisioning.LDAP/Services/LDAPProvisioningService.cs index bd5796d6a..84d03ecbc 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Provisioning.LDAP/Services/LDAPProvisioningService.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Provisioning.LDAP/Services/LDAPProvisioningService.cs @@ -101,9 +101,12 @@ private ExtractedResult Extract(SearchResultEntryCollection entries, LDAPReprese Version = version }; users.Add(user); - var userGroups = ResolveUserGroups(userId, entry, options, ldapConnection, definition); - groups.AddRange(userGroups); - user.GroupIds = userGroups.Select(g => g.Id).ToList(); + if(options.IsGroupSyncEnabled) + { + var userGroups = ResolveUserGroups(userId, entry, options, ldapConnection, definition); + groups.AddRange(userGroups); + user.GroupIds = userGroups.Select(g => g.Id).ToList(); + } } return new ExtractedResult { Users = users, Groups = groups }; diff --git a/src/IdServer/SimpleIdServer.IdServer.Pwd/IdServerPasswordOptions.cs b/src/IdServer/SimpleIdServer.IdServer.Pwd/IdServerPasswordOptions.cs index ad3e0d062..5a5ea988e 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Pwd/IdServerPasswordOptions.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Pwd/IdServerPasswordOptions.cs @@ -1,7 +1,5 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using SimpleIdServer.Configuration; - namespace SimpleIdServer.IdServer.Pwd; public class IdServerPasswordOptions diff --git a/src/IdServer/SimpleIdServer.IdServer.Pwd/Services/PasswordAuthenticationService.cs b/src/IdServer/SimpleIdServer.IdServer.Pwd/Services/PasswordAuthenticationService.cs index 54368e491..d7a811a89 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Pwd/Services/PasswordAuthenticationService.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Pwd/Services/PasswordAuthenticationService.cs @@ -1,7 +1,9 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Options; using SimpleIdServer.IdServer.Stores; using SimpleIdServer.IdServer.UI.Services; using SimpleIdServer.IdServer.UI.ViewModels; @@ -16,10 +18,16 @@ public interface IPasswordAuthenticationService : IUserAuthenticationService public class PasswordAuthenticationService : GenericAuthenticationService, IPasswordAuthenticationService { private readonly IEnumerable _authServices; + private readonly IdServerHostOptions _options; - public PasswordAuthenticationService(IEnumerable authServices, IAuthenticationHelper authenticationHelper, IUserRepository userRepository) : base(authenticationHelper, userRepository) + public PasswordAuthenticationService( + IEnumerable authServices, + IOptions options, + IAuthenticationHelper authenticationHelper, + IUserRepository userRepository) : base(authenticationHelper, userRepository) { _authServices = authServices; + _options = options.Value; } public override string Amr => Constants.Areas.Password; @@ -44,16 +52,17 @@ protected override async Task Validate(string realm protected override Task Validate(string realm, User authenticatedUser, AuthenticatePasswordViewModel viewModel, CancellationToken cancellationToken) { + if (authenticatedUser.IsBlocked()) return Task.FromResult(CredentialsValidationResult.Error("user_blocked", "user_blocked")); var authService = _authServices.SingleOrDefault(s => s.Name == authenticatedUser.Source); if (authService != null) { - if (!authService.Authenticate(authenticatedUser, authenticatedUser.IdentityProvisioning, viewModel.Password)) return Task.FromResult(CredentialsValidationResult.Error(ValidationStatus.INVALIDCREDENTIALS)); + if (!authService.Authenticate(authenticatedUser, authenticatedUser.IdentityProvisioning, viewModel.Password)) return Task.FromResult(CredentialsValidationResult.InvalidCredentials(authenticatedUser)); } else { var credential = authenticatedUser.Credentials.FirstOrDefault(c => c.CredentialType == Constants.Areas.Password && c.IsActive); - var hash = PasswordHelper.ComputeHash(viewModel.Password); - if (credential == null || credential.Value != hash) return Task.FromResult(CredentialsValidationResult.Error(ValidationStatus.INVALIDCREDENTIALS)); + var hash = PasswordHelper.ComputeHash(viewModel.Password, _options.IsPasswordEncodeInBase64); + if (credential == null || credential.Value != hash) return Task.FromResult(CredentialsValidationResult.InvalidCredentials(authenticatedUser)); } return Task.FromResult(CredentialsValidationResult.Ok(authenticatedUser)); diff --git a/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/AuthenticateController.cs b/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/AuthenticateController.cs index 4d3cb5904..c2a8cd22d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/AuthenticateController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/AuthenticateController.cs @@ -24,6 +24,7 @@ public class AuthenticateController : BaseAuthenticationMethodController options, @@ -38,9 +39,8 @@ public AuthenticateController( IUserSessionResitory userSessionRepository, IUserTransformer userTransformer, IBusControl busControl, - IConfiguration configuration, IAntiforgery antiforgery, - IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(options, authenticationSchemeProvider, userAuthenticationService, dataProtectionProvider, tokenRepository, transactionBuidler, jwtBuilder, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, busControl, antiforgery, authenticationContextClassReferenceRepository) + IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(configuration, options, authenticationSchemeProvider, userAuthenticationService, dataProtectionProvider, tokenRepository, transactionBuidler, jwtBuilder, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, busControl, antiforgery, authenticationContextClassReferenceRepository) { _configuration = configuration; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/RegisterController.cs b/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/RegisterController.cs index 6c171fe3b..1db2bcd26 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/RegisterController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/RegisterController.cs @@ -96,11 +96,11 @@ async Task UpdateUser() { var user = await UserRepository.GetBySubject(viewModel.Login, prefix, cancellationToken); var passwordCredential = user.Credentials.FirstOrDefault(c => c.CredentialType == UserCredential.PWD); - if (passwordCredential != null) passwordCredential.Value = PasswordHelper.ComputeHash(viewModel.Password); + if (passwordCredential != null) passwordCredential.Value = PasswordHelper.ComputeHash(viewModel.Password, Options.IsPasswordEncodeInBase64); else user.Credentials.Add(new UserCredential { Id = Guid.NewGuid().ToString(), - Value = PasswordHelper.ComputeHash(viewModel.Password), + Value = PasswordHelper.ComputeHash(viewModel.Password, Options.IsPasswordEncodeInBase64), CredentialType = UserCredential.PWD, IsActive = true }); @@ -118,7 +118,7 @@ protected override void EnrichUser(User user, PwdRegisterViewModel viewModel) Id = Guid.NewGuid().ToString(), CredentialType = "pwd", IsActive = true, - Value = PasswordHelper.ComputeHash(viewModel.Password) + Value = PasswordHelper.ComputeHash(viewModel.Password, Options.IsPasswordEncodeInBase64) }); user.Name = viewModel.Login; if (Options.IsEmailUsedDuringAuthentication) user.Email = viewModel.Login; diff --git a/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/ResetController.cs b/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/ResetController.cs index 109fa35cf..dc5bea909 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/ResetController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Pwd/UI/ResetController.cs @@ -1,14 +1,17 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using MassTransit.Configuration; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Logging; +using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api; using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Jwt; +using SimpleIdServer.IdServer.Options; using SimpleIdServer.IdServer.Pwd.UI.ViewModels; using SimpleIdServer.IdServer.Stores; using SimpleIdServer.IdServer.UI.Services; @@ -19,6 +22,7 @@ namespace SimpleIdServer.IdServer.Pwd.UI; [Area(Constants.Areas.Password)] public class ResetController : BaseController { + private readonly IdServerHostOptions _options; private readonly IEnumerable _resetPasswordServices; private readonly IAuthenticationHelper _authenticationHelper; private readonly IConfiguration _configuration; @@ -28,6 +32,7 @@ public class ResetController : BaseController private readonly ILogger _logger; public ResetController( + IOptions options, ITokenRepository tokenRepository, IJwtBuilder jwtBuilder, IEnumerable resetPasswordServices, @@ -38,6 +43,7 @@ public ResetController( ITransactionBuilder transactionBuilder, ILogger logger) : base(tokenRepository, jwtBuilder) { + _options = options.Value; _resetPasswordServices = resetPasswordServices; _authenticationHelper = authenticationHelper; _configuration = configuration; @@ -202,7 +208,7 @@ public async Task Confirm([FromRoute] string prefix, ConfirmReset user.Credentials.Add(credential); } - credential.Value = PasswordHelper.ComputeHash(viewModel.Password); + credential.Value = PasswordHelper.ComputeHash(viewModel.Password, _options.IsPasswordEncodeInBase64); _userRepository.Update(user); await transaction.Commit(cancellationToken); viewModel.IsPasswordUpdated = true; diff --git a/src/IdServer/SimpleIdServer.IdServer.Saml.Idp/Factories/Saml2ConfigurationFactory.cs b/src/IdServer/SimpleIdServer.IdServer.Saml.Idp/Factories/Saml2ConfigurationFactory.cs index 035d0c438..b7d7870f0 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Saml.Idp/Factories/Saml2ConfigurationFactory.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Saml.Idp/Factories/Saml2ConfigurationFactory.cs @@ -20,12 +20,12 @@ public interface ISaml2ConfigurationFactory public class Saml2ConfigurationFactory : ISaml2ConfigurationFactory { private readonly IKeyStore _keyStore; - private readonly Infrastructures.IHttpClientFactory _httpClientFactory; + private readonly Helpers.IHttpClientFactory _httpClientFactory; private readonly SamlIdpOptions _options; public Saml2ConfigurationFactory( IKeyStore keyStore, - Infrastructures.IHttpClientFactory httpClientFactory, + Helpers.IHttpClientFactory httpClientFactory, IOptions options) { _keyStore = keyStore; diff --git a/src/IdServer/SimpleIdServer.IdServer.Sms/UI/AuthenticateController.cs b/src/IdServer/SimpleIdServer.IdServer.Sms/UI/AuthenticateController.cs index 595553b8d..6b569ed65 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Sms/UI/AuthenticateController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Sms/UI/AuthenticateController.cs @@ -45,7 +45,7 @@ public AuthenticateController( IUserTransformer userTransformer, IBusControl busControl, IAntiforgery antiforgery, - IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(notificationServices, otpAuthenticators, userAuthenticationService, authenticationSchemeProvider, options, dataProtectionProvider, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, tokenRepository, transactionBuilder, jwtBuilder, busControl, antiforgery, authenticationContextClassReferenceRepository) + IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(configuration,notificationServices, otpAuthenticators, userAuthenticationService, authenticationSchemeProvider, options, dataProtectionProvider, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, tokenRepository, transactionBuilder, jwtBuilder, busControl, antiforgery, authenticationContextClassReferenceRepository) { _configuration = configuration; } diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603124218_AddMessageBusError.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603124218_AddMessageBusError.Designer.cs new file mode 100644 index 000000000..bcffecb7e --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603124218_AddMessageBusError.Designer.cs @@ -0,0 +1,3219 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240603124218_AddMessageBusError")] + partial class AddMessageBusError + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 128); + + SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RolesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)"); + + b.Property("Xml") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedFileKeysId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("DisplayName") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SourceClaimName") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("nvarchar(max)"); + + b.Property("AuthorizedScopeId") + .HasColumnType("int"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("Interval") + .HasColumnType("int"); + + b.Property("LastStatus") + .HasColumnType("int"); + + b.Property("NextFetchTime") + .HasColumnType("datetime2"); + + b.Property("NotificationEdp") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationMode") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationToken") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RejectionSentDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserId") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("nvarchar(450)"); + + b.Property("EndDateTime") + .HasColumnType("datetime2"); + + b.Property("Message") + .HasColumnType("nvarchar(max)"); + + b.Property("StartDateTime") + .HasColumnType("datetime2"); + + b.Property("Status") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClaimType") + .HasColumnType("int"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("float"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("bit"); + + b.Property("JwksUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("nvarchar(max)"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("nvarchar(max)"); + + b.Property("SoftwareId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("KeyType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DisplayCondition") + .HasColumnType("nvarchar(max)"); + + b.Property("IsRequired") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Order") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ScopeId") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("LastAccessTime") + .HasColumnType("datetime2"); + + b.Property("NextAccessDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("UserLogin") + .HasColumnType("nvarchar(max)"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Values") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("IsEnabled") + .HasColumnType("bit"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("int"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime2"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("int"); + + b.Property("NbGroups") + .HasColumnType("int"); + + b.Property("NbUsers") + .HasColumnType("int"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TotalPages") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("From") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("HasMultipleAttribute") + .HasColumnType("bit"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.Property("Usage") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ExternalId") + .HasColumnType("nvarchar(max)"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Format") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Path") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("IsDefault") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("SourceUserAttribute") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Enc") + .HasColumnType("nvarchar(max)"); + + b.Property("IsSymmetric") + .HasColumnType("bit"); + + b.Property("Key") + .HasColumnType("varbinary(max)"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PrivateKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("PublicKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("int"); + + b.Property("AuthorizationCode") + .HasColumnType("nvarchar(max)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Data") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationTime") + .HasColumnType("datetime2"); + + b.Property("GrantId") + .HasColumnType("nvarchar(max)"); + + b.Property("Id") + .HasColumnType("nvarchar(max)"); + + b.Property("Jkt") + .HasColumnType("nvarchar(max)"); + + b.Property("OriginalData") + .HasColumnType("nvarchar(max)"); + + b.Property("SessionId") + .HasColumnType("nvarchar(max)"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("Key") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Language") + .HasColumnType("nvarchar(max)"); + + b.Property("Value") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Owner") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Requester") + .HasColumnType("nvarchar(max)"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("nvarchar(max)"); + + b.Property("Firstname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("nvarchar(450)"); + + b.Property("Lastname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DeviceType") + .HasColumnType("nvarchar(max)"); + + b.Property("Manufacturer") + .HasColumnType("nvarchar(max)"); + + b.Property("Model") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("PushToken") + .HasColumnType("nvarchar(max)"); + + b.Property("PushType") + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("State") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("int"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603124218_AddMessageBusError.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603124218_AddMessageBusError.cs new file mode 100644 index 000000000..101feaf25 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603124218_AddMessageBusError.cs @@ -0,0 +1,39 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + /// + public partial class AddMessageBusError : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.CreateTable( + name: "MessageBusErrorMessages", + columns: table => new + { + Id = table.Column(type: "nvarchar(450)", nullable: false), + ExternalId = table.Column(type: "nvarchar(max)", nullable: true), + Name = table.Column(type: "nvarchar(max)", nullable: false), + FullName = table.Column(type: "nvarchar(max)", nullable: false), + Content = table.Column(type: "nvarchar(max)", nullable: false), + Exceptions = table.Column(type: "nvarchar(max)", nullable: false), + ReceivedDateTime = table.Column(type: "datetime2", nullable: false) + }, + constraints: table => + { + table.PrimaryKey("PK_MessageBusErrorMessages", x => x.Id); + }); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropTable( + name: "MessageBusErrorMessages"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603193149_AddQueueNameColumn.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603193149_AddQueueNameColumn.Designer.cs new file mode 100644 index 000000000..f525034da --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603193149_AddQueueNameColumn.Designer.cs @@ -0,0 +1,3223 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240603193149_AddQueueNameColumn")] + partial class AddQueueNameColumn + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 128); + + SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RolesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)"); + + b.Property("Xml") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedFileKeysId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("DisplayName") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SourceClaimName") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("nvarchar(max)"); + + b.Property("AuthorizedScopeId") + .HasColumnType("int"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("Interval") + .HasColumnType("int"); + + b.Property("LastStatus") + .HasColumnType("int"); + + b.Property("NextFetchTime") + .HasColumnType("datetime2"); + + b.Property("NotificationEdp") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationMode") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationToken") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RejectionSentDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserId") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("nvarchar(450)"); + + b.Property("EndDateTime") + .HasColumnType("datetime2"); + + b.Property("Message") + .HasColumnType("nvarchar(max)"); + + b.Property("StartDateTime") + .HasColumnType("datetime2"); + + b.Property("Status") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClaimType") + .HasColumnType("int"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("float"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("bit"); + + b.Property("JwksUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("nvarchar(max)"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("nvarchar(max)"); + + b.Property("SoftwareId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("KeyType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DisplayCondition") + .HasColumnType("nvarchar(max)"); + + b.Property("IsRequired") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Order") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ScopeId") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("LastAccessTime") + .HasColumnType("datetime2"); + + b.Property("NextAccessDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("UserLogin") + .HasColumnType("nvarchar(max)"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Values") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("IsEnabled") + .HasColumnType("bit"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("int"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime2"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("int"); + + b.Property("NbGroups") + .HasColumnType("int"); + + b.Property("NbUsers") + .HasColumnType("int"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TotalPages") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("From") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("HasMultipleAttribute") + .HasColumnType("bit"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.Property("Usage") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ExternalId") + .HasColumnType("nvarchar(max)"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Format") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Path") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("IsDefault") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("SourceUserAttribute") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Enc") + .HasColumnType("nvarchar(max)"); + + b.Property("IsSymmetric") + .HasColumnType("bit"); + + b.Property("Key") + .HasColumnType("varbinary(max)"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PrivateKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("PublicKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("int"); + + b.Property("AuthorizationCode") + .HasColumnType("nvarchar(max)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Data") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationTime") + .HasColumnType("datetime2"); + + b.Property("GrantId") + .HasColumnType("nvarchar(max)"); + + b.Property("Id") + .HasColumnType("nvarchar(max)"); + + b.Property("Jkt") + .HasColumnType("nvarchar(max)"); + + b.Property("OriginalData") + .HasColumnType("nvarchar(max)"); + + b.Property("SessionId") + .HasColumnType("nvarchar(max)"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("Key") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Language") + .HasColumnType("nvarchar(max)"); + + b.Property("Value") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Owner") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Requester") + .HasColumnType("nvarchar(max)"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("nvarchar(max)"); + + b.Property("Firstname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("nvarchar(450)"); + + b.Property("Lastname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DeviceType") + .HasColumnType("nvarchar(max)"); + + b.Property("Manufacturer") + .HasColumnType("nvarchar(max)"); + + b.Property("Model") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("PushToken") + .HasColumnType("nvarchar(max)"); + + b.Property("PushType") + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("State") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("int"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603193149_AddQueueNameColumn.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603193149_AddQueueNameColumn.cs new file mode 100644 index 000000000..d7af29907 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240603193149_AddQueueNameColumn.cs @@ -0,0 +1,29 @@ +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + /// + public partial class AddQueueNameColumn : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "QueueName", + table: "MessageBusErrorMessages", + type: "nvarchar(max)", + nullable: false, + defaultValue: ""); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "QueueName", + table: "MessageBusErrorMessages"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240614141451_AddUserBlocked.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240614141451_AddUserBlocked.Designer.cs new file mode 100644 index 000000000..ad5c44088 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240614141451_AddUserBlocked.Designer.cs @@ -0,0 +1,3231 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240614141451_AddUserBlocked")] + partial class AddUserBlocked + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 128); + + SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RolesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)"); + + b.Property("Xml") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedFileKeysId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("DisplayName") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SourceClaimName") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("nvarchar(max)"); + + b.Property("AuthorizedScopeId") + .HasColumnType("int"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("Interval") + .HasColumnType("int"); + + b.Property("LastStatus") + .HasColumnType("int"); + + b.Property("NextFetchTime") + .HasColumnType("datetime2"); + + b.Property("NotificationEdp") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationMode") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationToken") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RejectionSentDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserId") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("nvarchar(450)"); + + b.Property("EndDateTime") + .HasColumnType("datetime2"); + + b.Property("Message") + .HasColumnType("nvarchar(max)"); + + b.Property("StartDateTime") + .HasColumnType("datetime2"); + + b.Property("Status") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClaimType") + .HasColumnType("int"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("float"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("bit"); + + b.Property("JwksUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("nvarchar(max)"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("nvarchar(max)"); + + b.Property("SoftwareId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("KeyType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DisplayCondition") + .HasColumnType("nvarchar(max)"); + + b.Property("IsRequired") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Order") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ScopeId") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("LastAccessTime") + .HasColumnType("datetime2"); + + b.Property("NextAccessDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("UserLogin") + .HasColumnType("nvarchar(max)"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Values") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("IsEnabled") + .HasColumnType("bit"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("int"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime2"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("int"); + + b.Property("NbGroups") + .HasColumnType("int"); + + b.Property("NbUsers") + .HasColumnType("int"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TotalPages") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("From") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("HasMultipleAttribute") + .HasColumnType("bit"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.Property("Usage") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ExternalId") + .HasColumnType("nvarchar(max)"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Format") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Path") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("IsDefault") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("SourceUserAttribute") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Enc") + .HasColumnType("nvarchar(max)"); + + b.Property("IsSymmetric") + .HasColumnType("bit"); + + b.Property("Key") + .HasColumnType("varbinary(max)"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PrivateKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("PublicKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("int"); + + b.Property("AuthorizationCode") + .HasColumnType("nvarchar(max)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Data") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationTime") + .HasColumnType("datetime2"); + + b.Property("GrantId") + .HasColumnType("nvarchar(max)"); + + b.Property("Id") + .HasColumnType("nvarchar(max)"); + + b.Property("Jkt") + .HasColumnType("nvarchar(max)"); + + b.Property("OriginalData") + .HasColumnType("nvarchar(max)"); + + b.Property("SessionId") + .HasColumnType("nvarchar(max)"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("Key") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Language") + .HasColumnType("nvarchar(max)"); + + b.Property("Value") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Owner") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Requester") + .HasColumnType("nvarchar(max)"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("nvarchar(max)"); + + b.Property("Firstname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("nvarchar(450)"); + + b.Property("Lastname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DeviceType") + .HasColumnType("nvarchar(max)"); + + b.Property("Manufacturer") + .HasColumnType("nvarchar(max)"); + + b.Property("Model") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("PushToken") + .HasColumnType("nvarchar(max)"); + + b.Property("PushType") + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("State") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("int"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240614141451_AddUserBlocked.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240614141451_AddUserBlocked.cs new file mode 100644 index 000000000..53b3e3a51 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240614141451_AddUserBlocked.cs @@ -0,0 +1,40 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + /// + public partial class AddUserBlocked : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "NbLoginAttempt", + table: "Users", + type: "int", + nullable: false, + defaultValue: 0); + + migrationBuilder.AddColumn( + name: "UnblockDateTime", + table: "Users", + type: "datetime2", + nullable: true); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "NbLoginAttempt", + table: "Users"); + + migrationBuilder.DropColumn( + name: "UnblockDateTime", + table: "Users"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240628184610_ClientIsIsNullable.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240628184610_ClientIsIsNullable.Designer.cs new file mode 100644 index 000000000..65bae5196 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240628184610_ClientIsIsNullable.Designer.cs @@ -0,0 +1,3239 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240628184610_ClientIsIsNullable")] + partial class ClientIsIsNullable + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 128); + + SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RolesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)"); + + b.Property("Xml") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedFileKeysId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("DisplayName") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SourceClaimName") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("nvarchar(max)"); + + b.Property("AuthorizedScopeId") + .HasColumnType("int"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("Interval") + .HasColumnType("int"); + + b.Property("LastStatus") + .HasColumnType("int"); + + b.Property("NextFetchTime") + .HasColumnType("datetime2"); + + b.Property("NotificationEdp") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationMode") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationToken") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RejectionSentDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserId") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("nvarchar(450)"); + + b.Property("EndDateTime") + .HasColumnType("datetime2"); + + b.Property("Message") + .HasColumnType("nvarchar(max)"); + + b.Property("StartDateTime") + .HasColumnType("datetime2"); + + b.Property("Status") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClaimType") + .HasColumnType("int"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("float"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("bit"); + + b.Property("JwksUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("nvarchar(max)"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("nvarchar(max)"); + + b.Property("SoftwareId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("KeyType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DisplayCondition") + .HasColumnType("nvarchar(max)"); + + b.Property("IsRequired") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Order") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ScopeId") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("LastAccessTime") + .HasColumnType("datetime2"); + + b.Property("NextAccessDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("UserLogin") + .HasColumnType("nvarchar(max)"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Values") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("IsEnabled") + .HasColumnType("bit"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("int"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime2"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("int"); + + b.Property("NbGroups") + .HasColumnType("int"); + + b.Property("NbUsers") + .HasColumnType("int"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TotalPages") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("From") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("HasMultipleAttribute") + .HasColumnType("bit"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.Property("Usage") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ExternalId") + .HasColumnType("nvarchar(max)"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Format") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Path") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("IsDefault") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("SourceUserAttribute") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Enc") + .HasColumnType("nvarchar(max)"); + + b.Property("IsSymmetric") + .HasColumnType("bit"); + + b.Property("Key") + .HasColumnType("varbinary(max)"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PrivateKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("PublicKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("int"); + + b.Property("AuthorizationCode") + .HasColumnType("nvarchar(max)"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Data") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationTime") + .HasColumnType("datetime2"); + + b.Property("GrantId") + .HasColumnType("nvarchar(max)"); + + b.Property("Id") + .HasColumnType("nvarchar(max)"); + + b.Property("Jkt") + .HasColumnType("nvarchar(max)"); + + b.Property("OriginalData") + .HasColumnType("nvarchar(max)"); + + b.Property("SessionId") + .HasColumnType("nvarchar(max)"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("Key") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Language") + .HasColumnType("nvarchar(max)"); + + b.Property("Value") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Owner") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Requester") + .HasColumnType("nvarchar(max)"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("nvarchar(max)"); + + b.Property("Firstname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("nvarchar(450)"); + + b.Property("Lastname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DeviceType") + .HasColumnType("nvarchar(max)"); + + b.Property("Manufacturer") + .HasColumnType("nvarchar(max)"); + + b.Property("Model") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("PushToken") + .HasColumnType("nvarchar(max)"); + + b.Property("PushType") + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("State") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("int"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240628184610_ClientIsIsNullable.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240628184610_ClientIsIsNullable.cs new file mode 100644 index 000000000..5c9fa4817 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240628184610_ClientIsIsNullable.cs @@ -0,0 +1,58 @@ +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + /// + public partial class ClientIsIsNullable : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AlterColumn( + name: "ClientId", + table: "Tokens", + type: "nvarchar(max)", + nullable: true, + oldClrType: typeof(string), + oldType: "nvarchar(max)"); + + migrationBuilder.AddColumn( + name: "IsSelfIssueEnabled", + table: "Clients", + type: "bit", + nullable: false, + defaultValue: false); + + migrationBuilder.AddColumn( + name: "SubjectSyntaxTypesSupported", + table: "Clients", + type: "nvarchar(max)", + nullable: false, + defaultValue: ""); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "IsSelfIssueEnabled", + table: "Clients"); + + migrationBuilder.DropColumn( + name: "SubjectSyntaxTypesSupported", + table: "Clients"); + + migrationBuilder.AlterColumn( + name: "ClientId", + table: "Tokens", + type: "nvarchar(max)", + nullable: false, + defaultValue: "", + oldClrType: typeof(string), + oldType: "nvarchar(max)", + oldNullable: true); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240722142621_SupportOpenidFederation.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240722142621_SupportOpenidFederation.Designer.cs new file mode 100644 index 000000000..255501a71 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240722142621_SupportOpenidFederation.Designer.cs @@ -0,0 +1,3276 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240722142621_SupportOpenidFederation")] + partial class SupportOpenidFederation + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 128); + + SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RolesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)"); + + b.Property("Xml") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedFileKeysId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("DisplayName") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SourceClaimName") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("nvarchar(max)"); + + b.Property("AuthorizedScopeId") + .HasColumnType("int"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("Interval") + .HasColumnType("int"); + + b.Property("LastStatus") + .HasColumnType("int"); + + b.Property("NextFetchTime") + .HasColumnType("datetime2"); + + b.Property("NotificationEdp") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationMode") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationToken") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RejectionSentDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserId") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("nvarchar(450)"); + + b.Property("EndDateTime") + .HasColumnType("datetime2"); + + b.Property("Message") + .HasColumnType("nvarchar(max)"); + + b.Property("StartDateTime") + .HasColumnType("datetime2"); + + b.Property("Status") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClaimType") + .HasColumnType("int"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("float"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("bit"); + + b.Property("JwksUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("nvarchar(max)"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("nvarchar(max)"); + + b.Property("SoftwareId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("KeyType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DisplayCondition") + .HasColumnType("nvarchar(max)"); + + b.Property("IsRequired") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Order") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ScopeId") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("LastAccessTime") + .HasColumnType("datetime2"); + + b.Property("NextAccessDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("UserLogin") + .HasColumnType("nvarchar(max)"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Values") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("IsEnabled") + .HasColumnType("bit"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("int"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime2"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("int"); + + b.Property("NbGroups") + .HasColumnType("int"); + + b.Property("NbUsers") + .HasColumnType("int"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TotalPages") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("From") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("HasMultipleAttribute") + .HasColumnType("bit"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.Property("Usage") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ExternalId") + .HasColumnType("nvarchar(max)"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Format") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Path") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("IsDefault") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("SourceUserAttribute") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Enc") + .HasColumnType("nvarchar(max)"); + + b.Property("IsSymmetric") + .HasColumnType("bit"); + + b.Property("Key") + .HasColumnType("varbinary(max)"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PrivateKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("PublicKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("int"); + + b.Property("AuthorizationCode") + .HasColumnType("nvarchar(max)"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Data") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationTime") + .HasColumnType("datetime2"); + + b.Property("GrantId") + .HasColumnType("nvarchar(max)"); + + b.Property("Id") + .HasColumnType("nvarchar(max)"); + + b.Property("Jkt") + .HasColumnType("nvarchar(max)"); + + b.Property("OriginalData") + .HasColumnType("nvarchar(max)"); + + b.Property("SessionId") + .HasColumnType("nvarchar(max)"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("Key") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Language") + .HasColumnType("nvarchar(max)"); + + b.Property("Value") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Owner") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Requester") + .HasColumnType("nvarchar(max)"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("nvarchar(max)"); + + b.Property("Firstname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("nvarchar(450)"); + + b.Property("Lastname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DeviceType") + .HasColumnType("nvarchar(max)"); + + b.Property("Manufacturer") + .HasColumnType("nvarchar(max)"); + + b.Property("Model") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("PushToken") + .HasColumnType("nvarchar(max)"); + + b.Property("PushType") + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("State") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("int"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240722142621_SupportOpenidFederation.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240722142621_SupportOpenidFederation.cs new file mode 100644 index 000000000..34b52661a --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240722142621_SupportOpenidFederation.cs @@ -0,0 +1,58 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + /// + public partial class SupportOpenidFederation : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "ClientRegistrationTypesSupported", + table: "Clients", + type: "nvarchar(max)", + nullable: false, + defaultValue: ""); + + migrationBuilder.AddColumn( + name: "ExpirationDateTime", + table: "Clients", + type: "datetime2", + nullable: true); + + migrationBuilder.CreateTable( + name: "FederationEntities", + columns: table => new + { + Id = table.Column(type: "nvarchar(450)", nullable: false), + Sub = table.Column(type: "nvarchar(max)", nullable: false), + Realm = table.Column(type: "nvarchar(max)", nullable: true), + IsSubordinate = table.Column(type: "bit", nullable: false), + CreateDateTime = table.Column(type: "datetime2", nullable: false) + }, + constraints: table => + { + table.PrimaryKey("PK_FederationEntities", x => x.Id); + }); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropTable( + name: "FederationEntities"); + + migrationBuilder.DropColumn( + name: "ClientRegistrationTypesSupported", + table: "Clients"); + + migrationBuilder.DropColumn( + name: "ExpirationDateTime", + table: "Clients"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240805132454_SupportAdminRole.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240805132454_SupportAdminRole.Designer.cs new file mode 100644 index 000000000..5e9f0af71 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240805132454_SupportAdminRole.Designer.cs @@ -0,0 +1,3284 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240805132454_SupportAdminRole")] + partial class SupportAdminRole + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 128); + + SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("nvarchar(450)"); + + b.Property("TranslationsId") + .HasColumnType("int"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RolesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)"); + + b.Property("Xml") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("ScopesId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedFileKeysId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("DisplayName") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SourceClaimName") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Audience") + .HasColumnType("nvarchar(max)"); + + b.Property("AuthorizedScopeId") + .HasColumnType("int"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("Interval") + .HasColumnType("int"); + + b.Property("LastStatus") + .HasColumnType("int"); + + b.Property("NextFetchTime") + .HasColumnType("datetime2"); + + b.Property("NotificationEdp") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationMode") + .HasColumnType("nvarchar(max)"); + + b.Property("NotificationToken") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RejectionSentDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserId") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("BCAuthorizeId") + .HasColumnType("nvarchar(450)"); + + b.Property("EndDateTime") + .HasColumnType("datetime2"); + + b.Property("Message") + .HasColumnType("nvarchar(max)"); + + b.Property("StartDateTime") + .HasColumnType("datetime2"); + + b.Property("Status") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ClaimType") + .HasColumnType("int"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("nvarchar(450)"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("float"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("bit"); + + b.Property("JwksUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("nvarchar(max)"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("nvarchar(max)"); + + b.Property("SoftwareId") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("float") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("KeyType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DisplayCondition") + .HasColumnType("nvarchar(max)"); + + b.Property("IsRequired") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Order") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ScopeId") + .HasColumnType("nvarchar(450)"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2"); + + b.Property("LastAccessTime") + .HasColumnType("datetime2"); + + b.Property("NextAccessDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("UserLogin") + .HasColumnType("nvarchar(max)"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Values") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("nvarchar(450)"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("nvarchar(450)"); + + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("IsEnabled") + .HasColumnType("bit"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CurrentPage") + .HasColumnType("int"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime2"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("int"); + + b.Property("NbGroups") + .HasColumnType("int"); + + b.Property("NbUsers") + .HasColumnType("int"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TotalPages") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("From") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("HasMultipleAttribute") + .HasColumnType("bit"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("MapperType") + .HasColumnType("int"); + + b.Property("TargetUserAttribute") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetUserProperty") + .HasColumnType("nvarchar(max)"); + + b.Property("Usage") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ExternalId") + .HasColumnType("nvarchar(max)"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Format") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("nvarchar(450)"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Path") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("nvarchar(450)"); + + b.Property("RealmsName") + .HasColumnType("nvarchar(450)"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("IsDefault") + .HasColumnType("bit"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Action") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "action"); + + b.Property("Component") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "component"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("SourceUserAttribute") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Enc") + .HasColumnType("nvarchar(max)"); + + b.Property("IsSymmetric") + .HasColumnType("bit"); + + b.Property("Key") + .HasColumnType("varbinary(max)"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("PrivateKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("PublicKeyPem") + .HasColumnType("nvarchar(max)"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("PkID")); + + b.Property("AccessTokenType") + .HasColumnType("int"); + + b.Property("AuthorizationCode") + .HasColumnType("nvarchar(max)"); + + b.Property("ClientId") + .HasColumnType("nvarchar(max)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Data") + .HasColumnType("nvarchar(max)"); + + b.Property("ExpirationTime") + .HasColumnType("datetime2"); + + b.Property("GrantId") + .HasColumnType("nvarchar(max)"); + + b.Property("Id") + .HasColumnType("nvarchar(max)"); + + b.Property("Jkt") + .HasColumnType("nvarchar(max)"); + + b.Property("OriginalData") + .HasColumnType("nvarchar(max)"); + + b.Property("SessionId") + .HasColumnType("nvarchar(max)"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClientId") + .HasColumnType("nvarchar(450)"); + + b.Property("Key") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Language") + .HasColumnType("nvarchar(max)"); + + b.Property("Value") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Owner") + .HasColumnType("nvarchar(max)"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Requester") + .HasColumnType("nvarchar(max)"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("ClaimType") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("nvarchar(max)"); + + b.Property("Firstname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("nvarchar(450)"); + + b.Property("Lastname") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Value") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2"); + + b.Property("DeviceType") + .HasColumnType("nvarchar(max)"); + + b.Property("Manufacturer") + .HasColumnType("nvarchar(max)"); + + b.Property("Model") + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("PushToken") + .HasColumnType("nvarchar(max)"); + + b.Property("PushType") + .HasColumnType("nvarchar(max)"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.Property("Version") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("State") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("nvarchar(450)"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("int"); + + b.Property("UMAResourceId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240805132454_SupportAdminRole.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240805132454_SupportAdminRole.cs new file mode 100644 index 000000000..7c7521e6d --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/20240805132454_SupportAdminRole.cs @@ -0,0 +1,38 @@ +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqlServerMigrations.Migrations +{ + /// + public partial class SupportAdminRole : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "Action", + table: "Scopes", + type: "int", + nullable: true); + + migrationBuilder.AddColumn( + name: "Component", + table: "Scopes", + type: "nvarchar(max)", + nullable: true); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "Action", + table: "Scopes"); + + migrationBuilder.DropColumn( + name: "Component", + table: "Scopes"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/StoreDbContextModelSnapshot.cs b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/StoreDbContextModelSnapshot.cs index a4d5b442a..ea556ccfc 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/StoreDbContextModelSnapshot.cs +++ b/src/IdServer/SimpleIdServer.IdServer.SqlServerMigrations/Migrations/StoreDbContextModelSnapshot.cs @@ -4,7 +4,6 @@ using Microsoft.EntityFrameworkCore.Infrastructure; using Microsoft.EntityFrameworkCore.Metadata; using Microsoft.EntityFrameworkCore.Storage.ValueConversion; -using SimpleIdServer.IdServer.Store; using SimpleIdServer.IdServer.Store.EF; #nullable disable @@ -758,6 +757,11 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("nvarchar(max)") .HasAnnotation("Relational:JsonPropertyName", "client_id"); + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + b.Property("ClientSecret") .IsRequired() .HasColumnType("nvarchar(max)") @@ -801,6 +805,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("float") .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + b.Property("ExpirationDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + b.Property("FrontChannelLogoutSessionRequired") .HasColumnType("bit") .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); @@ -846,6 +854,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("bit") .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + b.Property("IsSelfIssueEnabled") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + b.Property("IsTokenExchangeEnabled") .HasColumnType("bit") .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); @@ -926,6 +938,11 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("nvarchar(max)") .HasAnnotation("Relational:JsonPropertyName", "software_version"); + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + b.Property("SubjectType") .HasColumnType("nvarchar(max)") .HasAnnotation("Relational:JsonPropertyName", "subject_type"); @@ -1573,6 +1590,42 @@ protected override void BuildModel(ModelBuilder modelBuilder) b.ToTable("Languages"); }); + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Content") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ExternalId") + .HasColumnType("nvarchar(max)"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("Name") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("nvarchar(max)"); + + b.Property("ReceivedDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => { b.Property("Id") @@ -1759,6 +1812,14 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("nvarchar(450)") .HasAnnotation("Relational:JsonPropertyName", "id"); + b.Property("Action") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "action"); + + b.Property("Component") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "component"); + b.Property("CreateDateTime") .HasColumnType("datetime2") .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); @@ -1907,7 +1968,6 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("nvarchar(max)"); b.Property("ClientId") - .IsRequired() .HasColumnType("nvarchar(max)"); b.Property("CreateDateTime") @@ -2190,6 +2250,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("nvarchar(max)") .HasAnnotation("Relational:JsonPropertyName", "name"); + b.Property("NbLoginAttempt") + .HasColumnType("int") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + b.Property("NotificationMode") .IsRequired() .HasColumnType("nvarchar(max)") @@ -2203,6 +2267,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("int") .HasAnnotation("Relational:JsonPropertyName", "status"); + b.Property("UnblockDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + b.Property("UpdateDateTime") .HasColumnType("datetime2") .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); @@ -2416,6 +2484,34 @@ protected override void BuildModel(ModelBuilder modelBuilder) b.HasAnnotation("Relational:JsonPropertyName", "sessions"); }); + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("datetime2") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("bit") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("nvarchar(max)") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + modelBuilder.Entity("TranslationUMAResource", b => { b.Property("TranslationsId") diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/console/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/console/Views/Authenticate/Index.cshtml index d46b41aa7..bdd0929aa 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/console/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/console/Views/Authenticate/Index.cshtml @@ -9,7 +9,7 @@ ViewBag.Title = AuthenticateConsoleResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/email/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/email/Views/Authenticate/Index.cshtml index b04f6afcf..f52df34c2 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/email/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/email/Views/Authenticate/Index.cshtml @@ -9,7 +9,7 @@ ViewBag.Title = AuthenticateEmailResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/mobile/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/mobile/Views/Authenticate/Index.cshtml index 782838c33..21967a4ba 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/mobile/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/mobile/Views/Authenticate/Index.cshtml @@ -8,7 +8,7 @@ ViewBag.Title = AuthenticateMobileResource.auth_title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/otp/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/otp/Views/Authenticate/Index.cshtml index b0dde9de0..7aafab9bd 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/otp/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/otp/Views/Authenticate/Index.cshtml @@ -9,7 +9,7 @@ ViewBag.Title = AuthenticateOtpResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/pwd/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/pwd/Views/Authenticate/Index.cshtml index 77d2d9c67..f3d9664c1 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/pwd/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/pwd/Views/Authenticate/Index.cshtml @@ -5,7 +5,7 @@ ViewBag.Title = AuthenticatePasswordResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/sms/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/sms/Views/Authenticate/Index.cshtml index 10e1ce023..44c8bcf9d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/sms/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/sms/Views/Authenticate/Index.cshtml @@ -8,7 +8,7 @@ ViewBag.Title = AuthenticateSmsResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml index 3dbdad906..6b377beb3 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml @@ -10,7 +10,7 @@ var makeAssertionsOptionsUrl = Url.Action("MakeAssertionOptions", "Authenticate", new { area = "webauthn" }); var authenticateUrl = Url.Action("Index", "Authenticate", new { area = "webauthn" }); var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/FacebookOptionsLite.cs b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/FacebookOptionsLite.cs index ead5e94bd..425e7e603 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/FacebookOptionsLite.cs +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/FacebookOptionsLite.cs @@ -7,9 +7,9 @@ namespace SimpleIdServer.IdServer.SqlSugar.Startup.Converters { public class FacebookOptionsLite : IDynamicAuthenticationOptions { - [SimpleIdServer.Configuration.ConfigurationRecord("AppId", "Application identifier", 0, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("AppId", "Application identifier", 0, IsRequired = true)] public string AppId { get; set; } - [SimpleIdServer.Configuration.ConfigurationRecord("AppSecret", "Application secret", 1, null, SimpleIdServer.Configuration.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("AppSecret", "Application secret", 1, null, SimpleIdServer.IdServer.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] public string AppSecret { get; set; } public FacebookOptions Convert() => new FacebookOptions diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/GoogleOptionsLite.cs b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/GoogleOptionsLite.cs index a0c299217..5dedecf07 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/GoogleOptionsLite.cs +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/GoogleOptionsLite.cs @@ -7,9 +7,9 @@ namespace SimpleIdServer.IdServer.SqlSugar.Startup.Converters; public class GoogleOptionsLite : IDynamicAuthenticationOptions { - [SimpleIdServer.Configuration.ConfigurationRecord("ClientId", "Client identifier", 0, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientId", "Client identifier", 0, IsRequired = true)] public string ClientId { get; set; } - [SimpleIdServer.Configuration.ConfigurationRecord("ClientSecret", "Client secret", 1, null, SimpleIdServer.Configuration.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientSecret", "Client secret", 1, null, SimpleIdServer.IdServer.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] public string ClientSecret { get; set; } public GoogleOptions Convert() => new GoogleOptions diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/OpenIdConnectLiteOptions.cs b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/OpenIdConnectLiteOptions.cs index 111c018ef..0ca9520a1 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/OpenIdConnectLiteOptions.cs +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Converters/OpenIdConnectLiteOptions.cs @@ -7,9 +7,9 @@ namespace SimpleIdServer.IdServer.SqlSugar.Startup.Converters { public class OpenIdConnectLiteOptions : IDynamicAuthenticationOptions { - [SimpleIdServer.Configuration.ConfigurationRecord("ClientId", "Client Identifier", order: 0, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientId", "Client Identifier", order: 0, IsRequired = true)] public string ClientId { get; set; } - [SimpleIdServer.Configuration.ConfigurationRecord("ClientSecret", "Client Secret", order: 1, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientSecret", "Client Secret", order: 1, IsRequired = true)] public string ClientSecret { get; set; } public OpenIdConnectOptions Convert() diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/IdServerConfiguration.cs b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/IdServerConfiguration.cs index 954bbacc0..42a5ae233 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/IdServerConfiguration.cs +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/IdServerConfiguration.cs @@ -85,13 +85,14 @@ public class IdServerConfiguration SimpleIdServer.IdServer.Constants.StandardScopes.OfflineAccessScope, SimpleIdServer.IdServer.Constants.StandardScopes.CredentialConfigurations, SimpleIdServer.IdServer.Constants.StandardScopes.CredentialInstances, + SimpleIdServer.IdServer.Constants.StandardScopes.Acrs, UniversityDegreeScope }; public static ICollection Users => new List { - UserBuilder.Create("administrator", "password", "Administrator").SetFirstname("Administrator").SetEmail("adm@email.com").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").GenerateRandomTOTPKey().Build(), - UserBuilder.Create("user", "password", "User").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").Build() + UserBuilder.Create("administrator", "password", "Administrator", isBase64Encoded: true).SetFirstname("Administrator").SetEmail("adm@email.com").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").GenerateRandomTOTPKey().Build(), + UserBuilder.Create("user", "password", "User", isBase64Encoded: true).SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").Build() }; public static ICollection Clients => new List diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Program.cs b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Program.cs index 498f476b9..4a714a7f3 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Program.cs +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Program.cs @@ -6,11 +6,15 @@ using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.Server.Kestrel.Core; +using Microsoft.Data.SqlClient; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; +using MySqlConnector; using NeoSmart.Caching.Sqlite.AspNetCore; +using SimpleIdServer.Configuration; using SimpleIdServer.Did.Key; +using SimpleIdServer.IdServer; using SimpleIdServer.IdServer.Console; using SimpleIdServer.IdServer.Email; using SimpleIdServer.IdServer.Fido; @@ -25,14 +29,38 @@ using SimpleIdServer.IdServer.SqlSugar.Startup.Converters; using SimpleIdServer.IdServer.Store.SqlSugar; using SimpleIdServer.IdServer.Store.SqlSugar.Seeding; +using SimpleIdServer.IdServer.Stores; using SimpleIdServer.IdServer.Swagger; using SimpleIdServer.IdServer.TokenTypes; +using SimpleIdServer.IdServer.UI; using SimpleIdServer.IdServer.VerifiablePresentation; +using SimpleIdServer.IdServer.WsFederation; using SqlSugar; using System; using System.Collections.Generic; using System.Net; +using System.Threading; +using System.Threading.Tasks; +const string SQLServerCreateTableFormat = "IF NOT EXISTS (SELECT * FROM sysobjects WHERE name='DistributedCache' and xtype='U') " + + "CREATE TABLE [dbo].[DistributedCache] (" + + "Id nvarchar(449) COLLATE SQL_Latin1_General_CP1_CS_AS NOT NULL, " + + "Value varbinary(MAX) NOT NULL, " + + "ExpiresAtTime datetimeoffset NOT NULL, " + + "SlidingExpirationInSeconds bigint NULL," + + "AbsoluteExpiration datetimeoffset NULL, " + + "PRIMARY KEY (Id))"; + +const string MYSQLCreateTableFormat = + "CREATE TABLE IF NOT EXISTS DistributedCache (" + + "`Id` varchar(449) CHARACTER SET ascii COLLATE ascii_bin NOT NULL," + + "`AbsoluteExpiration` datetime(6) DEFAULT NULL," + + "`ExpiresAtTime` datetime(6) NOT NULL," + + "`SlidingExpirationInSeconds` bigint(20) DEFAULT NULL," + + "`Value` longblob NOT NULL," + + "PRIMARY KEY(`Id`)," + + "KEY `Index_ExpiresAtTime` (`ExpiresAtTime`)" + +")"; var storageTypes = new Dictionary { { StorageTypes.SQLSERVER, DbType.SqlServer }, @@ -63,7 +91,6 @@ }); } - var section = builder.Configuration.GetSection(nameof(StorageConfiguration)); var conf = section.Get(); @@ -76,12 +103,11 @@ ConfigureIdServer(builder.Services); ConfigureCentralizedConfiguration(builder); -// Uncomment these two lines to enable seed data from JSON file. -// builder.Services.AddJsonSeeding(builder.Configuration); -// builder.Services.AddEntitySeeders(typeof(UserEntitySeeder)); +// Delete these two lines or remove the JSON_SEEDS_FILE_PATH key/content from the configuration to disable seed data from JSON file. +builder.Services.AddJsonSeeding(builder.Configuration); +builder.Services.AddEntitySeeders(typeof(UserEntitySeeder)); var app = builder.Build(); -SeedData(app, identityServerConfiguration.SCIMBaseUrl); app.UseCors("AllowAll"); if (identityServerConfiguration.IsForwardedEnabled) { @@ -115,7 +141,7 @@ .UseSamlIdp() .UseGotifyNotification() .UseAutomaticConfiguration(); - +// SeedData(app); app.Run(); void ConfigureIdServer(IServiceCollection services) @@ -125,6 +151,7 @@ void ConfigureIdServer(IServiceCollection services) if (!string.IsNullOrWhiteSpace(identityServerConfiguration.SessionCookieNamePrefix)) cb.SessionCookieName = identityServerConfiguration.SessionCookieNamePrefix; cb.Authority = identityServerConfiguration.Authority; + cb.IsPasswordEncodeInBase64 = false; }, cookie: c => { if (!string.IsNullOrWhiteSpace(identityServerConfiguration.AuthCookieNamePrefix)) @@ -188,10 +215,12 @@ void ConfigureCentralizedConfiguration(WebApplicationBuilder builder) o.Add(); o.Add(); o.Add(); - o.Add(); + o.Add(); + o.Add(); o.Add(); o.Add(); o.Add(); + o.Add(); o.Add(); o.UseEFConnector(); }); @@ -249,15 +278,154 @@ void ConfigureDataProtection(IDataProtectionBuilder dataProtectionBuilder) dataProtectionBuilder.Services.PersistKeysToSqlSugar(); } -void SeedData(WebApplication application, string scimBaseUrl) +async Task SeedData(WebApplication webApplication) { - using (var scope = app.Services.GetRequiredService().CreateScope()) + var dbContext = webApplication.Services.GetRequiredService(); + dbContext.Migrate(); + var transactionBuilder = webApplication.Services.GetRequiredService(); + var realmRepository = webApplication.Services.GetRequiredService(); + var scopeRepository = webApplication.Services.GetRequiredService(); + var userRepository = webApplication.Services.GetRequiredService(); + var clientRepository = webApplication.Services.GetRequiredService(); + var umaPendingRequestRepository = webApplication.Services.GetRequiredService(); + var umaResourceRepository = webApplication.Services.GetRequiredService(); + var gotifySessionRepository = webApplication.Services.GetRequiredService(); + var languageRepository = webApplication.Services.GetRequiredService(); + var providerDefinitionRepository = webApplication.Services.GetRequiredService(); + var authSchemeProviderRepository = webApplication.Services.GetRequiredService(); + var idProvisioningDefRepository = webApplication.Services.GetRequiredService(); + var registrationWorkflowRepository = webApplication.Services.GetRequiredService(); + var serializedFileKeyStore = webApplication.Services.GetRequiredService(); + var certificateAuthorityRepository = webApplication.Services.GetRequiredService(); + var presentationDefinitionRepository = webApplication.Services.GetRequiredService(); + var acrRepository = webApplication.Services.GetRequiredService(); + var configurationDefinitionRepository = webApplication.Services.GetRequiredService(); + using (var transaction = transactionBuilder.Build()) + { + foreach (var realm in IdServerConfiguration.Realms) + realmRepository.Add(realm); + + foreach (var scope in IdServerConfiguration.Scopes) + scopeRepository.Add(scope); + + foreach (var user in IdServerConfiguration.Users) + userRepository.Add(user); + + foreach (var client in IdServerConfiguration.Clients) + clientRepository.Add(client); + + foreach (var umaPendingRequest in IdServerConfiguration.PendingRequests) + umaPendingRequestRepository.Add(umaPendingRequest); + + foreach (var umaResource in IdServerConfiguration.Resources) + umaResourceRepository.Add(umaResource); + + foreach (var gotifySession in IdServerConfiguration.Sessions) + gotifySessionRepository.Add(gotifySession); + + foreach (var language in IdServerConfiguration.Languages) + languageRepository.Add(language); + + foreach (var definition in IdServerConfiguration.ProviderDefinitions) + providerDefinitionRepository.Add(definition); + + foreach (var authProvider in IdServerConfiguration.Providers) + authSchemeProviderRepository.Add(authProvider); + + foreach (var idProvisioningDef in IdServerConfiguration.IdentityProvisioningDefLst) + idProvisioningDefRepository.Add(idProvisioningDef); + + foreach (var registrationWorkflow in IdServerConfiguration.RegistrationWorkflows) + registrationWorkflowRepository.Add(registrationWorkflow); + + serializedFileKeyStore.Add(KeyGenerator.GenerateRSASigningCredentials(SimpleIdServer.IdServer.Constants.StandardRealms.Master, "rsa-1")); + serializedFileKeyStore.Add(KeyGenerator.GenerateECDSASigningCredentials(SimpleIdServer.IdServer.Constants.StandardRealms.Master, "ecdsa-1")); + serializedFileKeyStore.Add(WsFederationKeyGenerator.GenerateWsFederationSigningCredentials(SimpleIdServer.IdServer.Constants.StandardRealms.Master)); + + foreach (var certificateAuthority in IdServerConfiguration.CertificateAuthorities) + certificateAuthorityRepository.Add(certificateAuthority); + + foreach (var presentationDefinition in IdServerConfiguration.PresentationDefinitions) + presentationDefinitionRepository.Add(presentationDefinition); + + acrRepository.Add(SimpleIdServer.IdServer.Constants.StandardAcrs.FirstLevelAssurance); + acrRepository.Add(SimpleIdServer.IdServer.Constants.StandardAcrs.IapSilver); + acrRepository.Add(new SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference + { + Id = Guid.NewGuid().ToString(), + Name = "email", + AuthenticationMethodReferences = new[] { "email" }, + DisplayName = "Email authentication", + UpdateDateTime = DateTime.UtcNow, + Realms = new List + { + SimpleIdServer.IdServer.Constants.StandardRealms.Master + } + }); + acrRepository.Add(new SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference + { + Id = Guid.NewGuid().ToString(), + Name = "sms", + AuthenticationMethodReferences = new[] { "sms" }, + DisplayName = "Sms authentication", + UpdateDateTime = DateTime.UtcNow, + Realms = new List + { + SimpleIdServer.IdServer.Constants.StandardRealms.Master + } + }); + acrRepository.Add(new SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference + { + Id = Guid.NewGuid().ToString(), + Name = "pwd-email", + AuthenticationMethodReferences = new[] { "pwd", "email" }, + DisplayName = "Password and email authentication", + UpdateDateTime = DateTime.UtcNow, + Realms = new List + { + SimpleIdServer.IdServer.Constants.StandardRealms.Master + } + }); + + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + configurationDefinitionRepository.Add(ConfigurationDefinitionExtractor.Extract()); + + await transaction.Commit(CancellationToken.None); + } + + // Delete these two lines to disable seed data from an external resource like JSON file. + ISeedStrategy seedingService = webApplication.Services.GetRequiredService(); + await seedingService.SeedDataAsync(); + + EnsureIsolationLevel(); + + void EnsureIsolationLevel() { - using (var dbContext = scope.ServiceProvider.GetService()) + var ado = dbContext.SqlSugarClient.Ado.Connection; + if (ado is SqlConnection) { - // Uncomment these two lines to enable seed data from an external resource like JSON file. - // ISeedStrategy seedingService = scope.ServiceProvider.GetService(); - // seedingService.SeedDataAsync().Wait(); + dbContext.SqlSugarClient.Ado.ExecuteCommand("ALTER DATABASE CURRENT SET ALLOW_SNAPSHOT_ISOLATION ON"); + dbContext.SqlSugarClient.Ado.ExecuteCommand(SQLServerCreateTableFormat); + return; + } + + if (ado is MySqlConnection) + { + dbContext.SqlSugarClient.Ado.ExecuteCommand(MYSQLCreateTableFormat); + return; } } -} \ No newline at end of file +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Seed.json b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Seed.json index f59a0bc2c..3393267e6 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Seed.json +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/Seed.json @@ -1,15 +1,31 @@ { + "Realms": [ + { + "Name": "testing" + } + ], + "Scopes": [ + { + "Name": "testing_scope", + "Type": "APIRESOURCE", + "Protocol": "OAUTH", + "Description": "Access to view the home page", + "IsExposedInConfigurationEdp": true, + "Realm": "testing" + } + ], "Users": [ { - "Login": "user2", + "Login": "user-seeded-testing", "Password": "password", "FirstName": "User", - "LastName": "2", - "Email": "user2@email.com", - "Roles": ["user", "local"] + "LastName": "Seeded Testing", + "Email": "user-seeded-testing@email.com", + "Roles": [ "user", "local" ], + "Realm": "testing" }, { - "Login": "user3", + "Login": "user-seeded-master", "Password": "password" } ] diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/appsettings.Docker.json b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/appsettings.Docker.json index 78eff2c49..6dcdd9e24 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/appsettings.Docker.json +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/appsettings.Docker.json @@ -73,10 +73,13 @@ "ResetPasswordLinkExpirationInSeconds": "30", "CanResetPassword": "true" }, - "FidoOptions": { + "MobileOptions": { "U2FExpirationTimeInSeconds": "300", "IsDeveloperModeEnabled": false }, + "WebauthnOptions": { + "U2FExpirationTimeInSeconds": "300" + }, "IdServerConsoleOptions": { "Message": "The confirmation code is {0}", "OTPType": "TOTP", @@ -93,5 +96,9 @@ }, "IdServerVpOptions": { + }, + "UserLockingOptions": { + "LockTimeInSeconds": "300", + "MaxLoginAttempts": "5" } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/appsettings.json b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/appsettings.json index 61f8ab30c..d57fcdd86 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/appsettings.json +++ b/src/IdServer/SimpleIdServer.IdServer.SqlSugar.Startup/appsettings.json @@ -89,10 +89,13 @@ "ResetPasswordLinkExpirationInSeconds": "30", "CanResetPassword": "true" }, - "FidoOptions": { + "MobileOptions": { "U2FExpirationTimeInSeconds": "300", "IsDeveloperModeEnabled": false }, + "WebauthnOptions": { + "U2FExpirationTimeInSeconds": "300" + }, "IdServerConsoleOptions": { "Message": "The confirmation code is {0}", "OTPType": "TOTP", @@ -109,6 +112,10 @@ }, "IdServerVpOptions": { + }, + "UserLockingOptions": { + "LockTimeInSeconds": "300", + "MaxLoginAttempts": "5" }, "JSON_SEEDS_FILE_PATH": "Seed.json" } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240604113801_AddMessageBusErrorMessage.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240604113801_AddMessageBusErrorMessage.Designer.cs new file mode 100644 index 000000000..bd1ca5af1 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240604113801_AddMessageBusErrorMessage.Designer.cs @@ -0,0 +1,3194 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqliteMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240604113801_AddMessageBusErrorMessage")] + partial class AddMessageBusErrorMessage + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder.HasAnnotation("ProductVersion", "8.0.4"); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("TEXT"); + + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("TEXT"); + + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("RolesId") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("FriendlyName") + .HasColumnType("TEXT"); + + b.Property("Xml") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.Property("SerializedFileKeysId") + .HasColumnType("TEXT"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("DisplayName") + .HasColumnType("TEXT"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("MapperType") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SourceClaimName") + .HasColumnType("TEXT"); + + b.Property("TargetUserAttribute") + .HasColumnType("TEXT"); + + b.Property("TargetUserProperty") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("Audience") + .HasColumnType("TEXT"); + + b.Property("AuthorizedScopeId") + .HasColumnType("INTEGER"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT"); + + b.Property("Interval") + .HasColumnType("INTEGER"); + + b.Property("LastStatus") + .HasColumnType("INTEGER"); + + b.Property("NextFetchTime") + .HasColumnType("TEXT"); + + b.Property("NotificationEdp") + .HasColumnType("TEXT"); + + b.Property("NotificationMode") + .HasColumnType("TEXT"); + + b.Property("NotificationToken") + .HasColumnType("TEXT"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RejectionSentDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("BCAuthorizeId") + .HasColumnType("TEXT"); + + b.Property("EndDateTime") + .HasColumnType("TEXT"); + + b.Property("Message") + .HasColumnType("TEXT"); + + b.Property("StartDateTime") + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ClaimType") + .HasColumnType("INTEGER"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("TEXT"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("REAL"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("INTEGER"); + + b.Property("JwksUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("TEXT"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("TEXT"); + + b.Property("SoftwareId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("KeyType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DisplayCondition") + .HasColumnType("TEXT"); + + b.Property("IsRequired") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Order") + .HasColumnType("INTEGER"); + + b.Property("Type") + .HasColumnType("INTEGER"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ScopeId") + .HasColumnType("TEXT"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT"); + + b.Property("LastAccessTime") + .HasColumnType("TEXT"); + + b.Property("NextAccessDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.Property("UserLogin") + .HasColumnType("TEXT"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("TEXT"); + + b.Property("Version") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Type") + .HasColumnType("INTEGER"); + + b.Property("Values") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("TEXT"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("UsersId") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("IsEnabled") + .HasColumnType("INTEGER"); + + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CurrentPage") + .HasColumnType("INTEGER"); + + b.Property("ExecutionDateTime") + .HasColumnType("TEXT"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("INTEGER"); + + b.Property("NbGroups") + .HasColumnType("INTEGER"); + + b.Property("NbUsers") + .HasColumnType("INTEGER"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("TotalPages") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("From") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("HasMultipleAttribute") + .HasColumnType("INTEGER"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("MapperType") + .HasColumnType("INTEGER"); + + b.Property("TargetUserAttribute") + .HasColumnType("TEXT"); + + b.Property("TargetUserProperty") + .HasColumnType("TEXT"); + + b.Property("Usage") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Content") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ExternalId") + .HasColumnType("TEXT"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ReceivedDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Format") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("TEXT"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("TEXT"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Path") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("IsDefault") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SourceUserAttribute") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Enc") + .HasColumnType("TEXT"); + + b.Property("IsSymmetric") + .HasColumnType("INTEGER"); + + b.Property("Key") + .HasColumnType("BLOB"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PrivateKeyPem") + .HasColumnType("TEXT"); + + b.Property("PublicKeyPem") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("AccessTokenType") + .HasColumnType("INTEGER"); + + b.Property("AuthorizationCode") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Data") + .HasColumnType("TEXT"); + + b.Property("ExpirationTime") + .HasColumnType("TEXT"); + + b.Property("GrantId") + .HasColumnType("TEXT"); + + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Jkt") + .HasColumnType("TEXT"); + + b.Property("OriginalData") + .HasColumnType("TEXT"); + + b.Property("SessionId") + .HasColumnType("TEXT"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("Key") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Language") + .HasColumnType("TEXT"); + + b.Property("Value") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Owner") + .HasColumnType("TEXT"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Requester") + .HasColumnType("TEXT"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("TEXT"); + + b.Property("Type") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ClaimType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("TEXT"); + + b.Property("Firstname") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("TEXT"); + + b.Property("Lastname") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DeviceType") + .HasColumnType("TEXT"); + + b.Property("Manufacturer") + .HasColumnType("TEXT"); + + b.Property("Model") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("PushToken") + .HasColumnType("TEXT"); + + b.Property("PushType") + .HasColumnType("TEXT"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Version") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("State") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.Property("UMAResourceId") + .HasColumnType("TEXT"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240604113801_AddMessageBusErrorMessage.cs b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240604113801_AddMessageBusErrorMessage.cs new file mode 100644 index 000000000..910c1e8ad --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240604113801_AddMessageBusErrorMessage.cs @@ -0,0 +1,40 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqliteMigrations.Migrations +{ + /// + public partial class AddMessageBusErrorMessage : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.CreateTable( + name: "MessageBusErrorMessages", + columns: table => new + { + Id = table.Column(type: "TEXT", nullable: false), + ExternalId = table.Column(type: "TEXT", nullable: true), + Name = table.Column(type: "TEXT", nullable: false), + FullName = table.Column(type: "TEXT", nullable: false), + Content = table.Column(type: "TEXT", nullable: false), + Exceptions = table.Column(type: "TEXT", nullable: false), + ReceivedDateTime = table.Column(type: "TEXT", nullable: false), + QueueName = table.Column(type: "TEXT", nullable: false) + }, + constraints: table => + { + table.PrimaryKey("PK_MessageBusErrorMessages", x => x.Id); + }); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropTable( + name: "MessageBusErrorMessages"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240614194321_LockAccount.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240614194321_LockAccount.Designer.cs new file mode 100644 index 000000000..2ef53a529 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240614194321_LockAccount.Designer.cs @@ -0,0 +1,3202 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqliteMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240614194321_LockAccount")] + partial class LockAccount + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder.HasAnnotation("ProductVersion", "8.0.4"); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("TEXT"); + + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("TEXT"); + + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("RolesId") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("FriendlyName") + .HasColumnType("TEXT"); + + b.Property("Xml") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.Property("SerializedFileKeysId") + .HasColumnType("TEXT"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("DisplayName") + .HasColumnType("TEXT"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("MapperType") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SourceClaimName") + .HasColumnType("TEXT"); + + b.Property("TargetUserAttribute") + .HasColumnType("TEXT"); + + b.Property("TargetUserProperty") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("Audience") + .HasColumnType("TEXT"); + + b.Property("AuthorizedScopeId") + .HasColumnType("INTEGER"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT"); + + b.Property("Interval") + .HasColumnType("INTEGER"); + + b.Property("LastStatus") + .HasColumnType("INTEGER"); + + b.Property("NextFetchTime") + .HasColumnType("TEXT"); + + b.Property("NotificationEdp") + .HasColumnType("TEXT"); + + b.Property("NotificationMode") + .HasColumnType("TEXT"); + + b.Property("NotificationToken") + .HasColumnType("TEXT"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RejectionSentDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("BCAuthorizeId") + .HasColumnType("TEXT"); + + b.Property("EndDateTime") + .HasColumnType("TEXT"); + + b.Property("Message") + .HasColumnType("TEXT"); + + b.Property("StartDateTime") + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ClaimType") + .HasColumnType("INTEGER"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("TEXT"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("REAL"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("INTEGER"); + + b.Property("JwksUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("TEXT"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("TEXT"); + + b.Property("SoftwareId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("KeyType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DisplayCondition") + .HasColumnType("TEXT"); + + b.Property("IsRequired") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Order") + .HasColumnType("INTEGER"); + + b.Property("Type") + .HasColumnType("INTEGER"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ScopeId") + .HasColumnType("TEXT"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT"); + + b.Property("LastAccessTime") + .HasColumnType("TEXT"); + + b.Property("NextAccessDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.Property("UserLogin") + .HasColumnType("TEXT"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("TEXT"); + + b.Property("Version") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Type") + .HasColumnType("INTEGER"); + + b.Property("Values") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("TEXT"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("UsersId") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("IsEnabled") + .HasColumnType("INTEGER"); + + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CurrentPage") + .HasColumnType("INTEGER"); + + b.Property("ExecutionDateTime") + .HasColumnType("TEXT"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("INTEGER"); + + b.Property("NbGroups") + .HasColumnType("INTEGER"); + + b.Property("NbUsers") + .HasColumnType("INTEGER"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("TotalPages") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("From") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("HasMultipleAttribute") + .HasColumnType("INTEGER"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("MapperType") + .HasColumnType("INTEGER"); + + b.Property("TargetUserAttribute") + .HasColumnType("TEXT"); + + b.Property("TargetUserProperty") + .HasColumnType("TEXT"); + + b.Property("Usage") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Content") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ExternalId") + .HasColumnType("TEXT"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ReceivedDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Format") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("TEXT"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("TEXT"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Path") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("IsDefault") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SourceUserAttribute") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Enc") + .HasColumnType("TEXT"); + + b.Property("IsSymmetric") + .HasColumnType("INTEGER"); + + b.Property("Key") + .HasColumnType("BLOB"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PrivateKeyPem") + .HasColumnType("TEXT"); + + b.Property("PublicKeyPem") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("AccessTokenType") + .HasColumnType("INTEGER"); + + b.Property("AuthorizationCode") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Data") + .HasColumnType("TEXT"); + + b.Property("ExpirationTime") + .HasColumnType("TEXT"); + + b.Property("GrantId") + .HasColumnType("TEXT"); + + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Jkt") + .HasColumnType("TEXT"); + + b.Property("OriginalData") + .HasColumnType("TEXT"); + + b.Property("SessionId") + .HasColumnType("TEXT"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("Key") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Language") + .HasColumnType("TEXT"); + + b.Property("Value") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Owner") + .HasColumnType("TEXT"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Requester") + .HasColumnType("TEXT"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("TEXT"); + + b.Property("Type") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ClaimType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("TEXT"); + + b.Property("Firstname") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("TEXT"); + + b.Property("Lastname") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DeviceType") + .HasColumnType("TEXT"); + + b.Property("Manufacturer") + .HasColumnType("TEXT"); + + b.Property("Model") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("PushToken") + .HasColumnType("TEXT"); + + b.Property("PushType") + .HasColumnType("TEXT"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Version") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("State") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.Property("UMAResourceId") + .HasColumnType("TEXT"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240614194321_LockAccount.cs b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240614194321_LockAccount.cs new file mode 100644 index 000000000..dcc652be6 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240614194321_LockAccount.cs @@ -0,0 +1,40 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqliteMigrations.Migrations +{ + /// + public partial class LockAccount : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "NbLoginAttempt", + table: "Users", + type: "INTEGER", + nullable: false, + defaultValue: 0); + + migrationBuilder.AddColumn( + name: "UnblockDateTime", + table: "Users", + type: "TEXT", + nullable: true); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "NbLoginAttempt", + table: "Users"); + + migrationBuilder.DropColumn( + name: "UnblockDateTime", + table: "Users"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240628184822_ClientIsIsNullable.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240628184822_ClientIsIsNullable.Designer.cs new file mode 100644 index 000000000..ebe104077 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240628184822_ClientIsIsNullable.Designer.cs @@ -0,0 +1,3210 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqliteMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240628184822_ClientIsIsNullable")] + partial class ClientIsIsNullable + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder.HasAnnotation("ProductVersion", "8.0.4"); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("TEXT"); + + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("TEXT"); + + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("RolesId") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("FriendlyName") + .HasColumnType("TEXT"); + + b.Property("Xml") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.Property("SerializedFileKeysId") + .HasColumnType("TEXT"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("DisplayName") + .HasColumnType("TEXT"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("MapperType") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SourceClaimName") + .HasColumnType("TEXT"); + + b.Property("TargetUserAttribute") + .HasColumnType("TEXT"); + + b.Property("TargetUserProperty") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("Audience") + .HasColumnType("TEXT"); + + b.Property("AuthorizedScopeId") + .HasColumnType("INTEGER"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT"); + + b.Property("Interval") + .HasColumnType("INTEGER"); + + b.Property("LastStatus") + .HasColumnType("INTEGER"); + + b.Property("NextFetchTime") + .HasColumnType("TEXT"); + + b.Property("NotificationEdp") + .HasColumnType("TEXT"); + + b.Property("NotificationMode") + .HasColumnType("TEXT"); + + b.Property("NotificationToken") + .HasColumnType("TEXT"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RejectionSentDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("BCAuthorizeId") + .HasColumnType("TEXT"); + + b.Property("EndDateTime") + .HasColumnType("TEXT"); + + b.Property("Message") + .HasColumnType("TEXT"); + + b.Property("StartDateTime") + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ClaimType") + .HasColumnType("INTEGER"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("TEXT"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("REAL"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("INTEGER"); + + b.Property("JwksUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("TEXT"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("TEXT"); + + b.Property("SoftwareId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("KeyType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DisplayCondition") + .HasColumnType("TEXT"); + + b.Property("IsRequired") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Order") + .HasColumnType("INTEGER"); + + b.Property("Type") + .HasColumnType("INTEGER"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ScopeId") + .HasColumnType("TEXT"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT"); + + b.Property("LastAccessTime") + .HasColumnType("TEXT"); + + b.Property("NextAccessDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.Property("UserLogin") + .HasColumnType("TEXT"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("TEXT"); + + b.Property("Version") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Type") + .HasColumnType("INTEGER"); + + b.Property("Values") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("TEXT"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("UsersId") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("IsEnabled") + .HasColumnType("INTEGER"); + + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CurrentPage") + .HasColumnType("INTEGER"); + + b.Property("ExecutionDateTime") + .HasColumnType("TEXT"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("INTEGER"); + + b.Property("NbGroups") + .HasColumnType("INTEGER"); + + b.Property("NbUsers") + .HasColumnType("INTEGER"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("TotalPages") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("From") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("HasMultipleAttribute") + .HasColumnType("INTEGER"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("MapperType") + .HasColumnType("INTEGER"); + + b.Property("TargetUserAttribute") + .HasColumnType("TEXT"); + + b.Property("TargetUserProperty") + .HasColumnType("TEXT"); + + b.Property("Usage") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Content") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ExternalId") + .HasColumnType("TEXT"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ReceivedDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Format") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("TEXT"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("TEXT"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Path") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("IsDefault") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SourceUserAttribute") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Enc") + .HasColumnType("TEXT"); + + b.Property("IsSymmetric") + .HasColumnType("INTEGER"); + + b.Property("Key") + .HasColumnType("BLOB"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PrivateKeyPem") + .HasColumnType("TEXT"); + + b.Property("PublicKeyPem") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("AccessTokenType") + .HasColumnType("INTEGER"); + + b.Property("AuthorizationCode") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Data") + .HasColumnType("TEXT"); + + b.Property("ExpirationTime") + .HasColumnType("TEXT"); + + b.Property("GrantId") + .HasColumnType("TEXT"); + + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Jkt") + .HasColumnType("TEXT"); + + b.Property("OriginalData") + .HasColumnType("TEXT"); + + b.Property("SessionId") + .HasColumnType("TEXT"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("Key") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Language") + .HasColumnType("TEXT"); + + b.Property("Value") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Owner") + .HasColumnType("TEXT"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Requester") + .HasColumnType("TEXT"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("TEXT"); + + b.Property("Type") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ClaimType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("TEXT"); + + b.Property("Firstname") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("TEXT"); + + b.Property("Lastname") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DeviceType") + .HasColumnType("TEXT"); + + b.Property("Manufacturer") + .HasColumnType("TEXT"); + + b.Property("Model") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("PushToken") + .HasColumnType("TEXT"); + + b.Property("PushType") + .HasColumnType("TEXT"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Version") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("State") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.Property("UMAResourceId") + .HasColumnType("TEXT"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240628184822_ClientIsIsNullable.cs b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240628184822_ClientIsIsNullable.cs new file mode 100644 index 000000000..5df3902d7 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240628184822_ClientIsIsNullable.cs @@ -0,0 +1,58 @@ +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqliteMigrations.Migrations +{ + /// + public partial class ClientIsIsNullable : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AlterColumn( + name: "ClientId", + table: "Tokens", + type: "TEXT", + nullable: true, + oldClrType: typeof(string), + oldType: "TEXT"); + + migrationBuilder.AddColumn( + name: "IsSelfIssueEnabled", + table: "Clients", + type: "INTEGER", + nullable: false, + defaultValue: false); + + migrationBuilder.AddColumn( + name: "SubjectSyntaxTypesSupported", + table: "Clients", + type: "TEXT", + nullable: false, + defaultValue: ""); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "IsSelfIssueEnabled", + table: "Clients"); + + migrationBuilder.DropColumn( + name: "SubjectSyntaxTypesSupported", + table: "Clients"); + + migrationBuilder.AlterColumn( + name: "ClientId", + table: "Tokens", + type: "TEXT", + nullable: false, + defaultValue: "", + oldClrType: typeof(string), + oldType: "TEXT", + oldNullable: true); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240722142738_SupportOpenidFederation.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240722142738_SupportOpenidFederation.Designer.cs new file mode 100644 index 000000000..ffcd7a99b --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240722142738_SupportOpenidFederation.Designer.cs @@ -0,0 +1,3247 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqliteMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240722142738_SupportOpenidFederation")] + partial class SupportOpenidFederation + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder.HasAnnotation("ProductVersion", "8.0.4"); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("TEXT"); + + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("TEXT"); + + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("RolesId") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("FriendlyName") + .HasColumnType("TEXT"); + + b.Property("Xml") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.Property("SerializedFileKeysId") + .HasColumnType("TEXT"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("DisplayName") + .HasColumnType("TEXT"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("MapperType") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SourceClaimName") + .HasColumnType("TEXT"); + + b.Property("TargetUserAttribute") + .HasColumnType("TEXT"); + + b.Property("TargetUserProperty") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("Audience") + .HasColumnType("TEXT"); + + b.Property("AuthorizedScopeId") + .HasColumnType("INTEGER"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT"); + + b.Property("Interval") + .HasColumnType("INTEGER"); + + b.Property("LastStatus") + .HasColumnType("INTEGER"); + + b.Property("NextFetchTime") + .HasColumnType("TEXT"); + + b.Property("NotificationEdp") + .HasColumnType("TEXT"); + + b.Property("NotificationMode") + .HasColumnType("TEXT"); + + b.Property("NotificationToken") + .HasColumnType("TEXT"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RejectionSentDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("BCAuthorizeId") + .HasColumnType("TEXT"); + + b.Property("EndDateTime") + .HasColumnType("TEXT"); + + b.Property("Message") + .HasColumnType("TEXT"); + + b.Property("StartDateTime") + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ClaimType") + .HasColumnType("INTEGER"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("TEXT"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("REAL"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("INTEGER"); + + b.Property("JwksUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("TEXT"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("TEXT"); + + b.Property("SoftwareId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("KeyType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DisplayCondition") + .HasColumnType("TEXT"); + + b.Property("IsRequired") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Order") + .HasColumnType("INTEGER"); + + b.Property("Type") + .HasColumnType("INTEGER"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ScopeId") + .HasColumnType("TEXT"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT"); + + b.Property("LastAccessTime") + .HasColumnType("TEXT"); + + b.Property("NextAccessDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.Property("UserLogin") + .HasColumnType("TEXT"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("TEXT"); + + b.Property("Version") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Type") + .HasColumnType("INTEGER"); + + b.Property("Values") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("TEXT"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("UsersId") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("IsEnabled") + .HasColumnType("INTEGER"); + + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CurrentPage") + .HasColumnType("INTEGER"); + + b.Property("ExecutionDateTime") + .HasColumnType("TEXT"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("INTEGER"); + + b.Property("NbGroups") + .HasColumnType("INTEGER"); + + b.Property("NbUsers") + .HasColumnType("INTEGER"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("TotalPages") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("From") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("HasMultipleAttribute") + .HasColumnType("INTEGER"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("MapperType") + .HasColumnType("INTEGER"); + + b.Property("TargetUserAttribute") + .HasColumnType("TEXT"); + + b.Property("TargetUserProperty") + .HasColumnType("TEXT"); + + b.Property("Usage") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Content") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ExternalId") + .HasColumnType("TEXT"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ReceivedDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Format") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("TEXT"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("TEXT"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Path") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("IsDefault") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SourceUserAttribute") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Enc") + .HasColumnType("TEXT"); + + b.Property("IsSymmetric") + .HasColumnType("INTEGER"); + + b.Property("Key") + .HasColumnType("BLOB"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PrivateKeyPem") + .HasColumnType("TEXT"); + + b.Property("PublicKeyPem") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("AccessTokenType") + .HasColumnType("INTEGER"); + + b.Property("AuthorizationCode") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Data") + .HasColumnType("TEXT"); + + b.Property("ExpirationTime") + .HasColumnType("TEXT"); + + b.Property("GrantId") + .HasColumnType("TEXT"); + + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Jkt") + .HasColumnType("TEXT"); + + b.Property("OriginalData") + .HasColumnType("TEXT"); + + b.Property("SessionId") + .HasColumnType("TEXT"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("Key") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Language") + .HasColumnType("TEXT"); + + b.Property("Value") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Owner") + .HasColumnType("TEXT"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Requester") + .HasColumnType("TEXT"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("TEXT"); + + b.Property("Type") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ClaimType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("TEXT"); + + b.Property("Firstname") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("TEXT"); + + b.Property("Lastname") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DeviceType") + .HasColumnType("TEXT"); + + b.Property("Manufacturer") + .HasColumnType("TEXT"); + + b.Property("Model") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("PushToken") + .HasColumnType("TEXT"); + + b.Property("PushType") + .HasColumnType("TEXT"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Version") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("State") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.Property("UMAResourceId") + .HasColumnType("TEXT"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240722142738_SupportOpenidFederation.cs b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240722142738_SupportOpenidFederation.cs new file mode 100644 index 000000000..9e8c42f2b --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240722142738_SupportOpenidFederation.cs @@ -0,0 +1,58 @@ +using System; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqliteMigrations.Migrations +{ + /// + public partial class SupportOpenidFederation : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "ClientRegistrationTypesSupported", + table: "Clients", + type: "TEXT", + nullable: false, + defaultValue: ""); + + migrationBuilder.AddColumn( + name: "ExpirationDateTime", + table: "Clients", + type: "TEXT", + nullable: true); + + migrationBuilder.CreateTable( + name: "FederationEntities", + columns: table => new + { + Id = table.Column(type: "TEXT", nullable: false), + Sub = table.Column(type: "TEXT", nullable: false), + Realm = table.Column(type: "TEXT", nullable: true), + IsSubordinate = table.Column(type: "INTEGER", nullable: false), + CreateDateTime = table.Column(type: "TEXT", nullable: false) + }, + constraints: table => + { + table.PrimaryKey("PK_FederationEntities", x => x.Id); + }); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropTable( + name: "FederationEntities"); + + migrationBuilder.DropColumn( + name: "ClientRegistrationTypesSupported", + table: "Clients"); + + migrationBuilder.DropColumn( + name: "ExpirationDateTime", + table: "Clients"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240805132551_SupportAdminRole.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240805132551_SupportAdminRole.Designer.cs new file mode 100644 index 000000000..d897ee882 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240805132551_SupportAdminRole.Designer.cs @@ -0,0 +1,3255 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.IdServer.Store.EF; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqliteMigrations.Migrations +{ + [DbContext(typeof(StoreDbContext))] + [Migration("20240805132551_SupportAdminRole")] + partial class SupportAdminRole + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder.HasAnnotation("ProductVersion", "8.0.4"); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.Property("ApiResourcesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("ApiResourcesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ApiResourceRealm"); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.Property("ApiResourcesId") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("ApiResourcesId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ApiResourceScope"); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.Property("AuthenticationContextClassReferencesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("AuthenticationContextClassReferencesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationContextClassReferenceRealm"); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.Property("AuthenticationSchemeProvidersId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("AuthenticationSchemeProvidersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("AuthenticationSchemeProviderRealm"); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.Property("CertificateAuthoritiesId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("CertificateAuthoritiesId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("CertificateAuthorityRealm"); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.Property("ClientsId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("ClientsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("ClientRealm"); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.Property("ClientsId") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("ClientsId", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("ClientScope"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("TEXT"); + + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.HasKey("ConfigurationDefinitionRecordId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordTranslation"); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.Property("ConfigurationDefinitionRecordValueId") + .HasColumnType("TEXT"); + + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.HasKey("ConfigurationDefinitionRecordValueId", "TranslationsId"); + + b.HasIndex("TranslationsId"); + + b.ToTable("ConfigurationDefinitionRecordValueTranslation"); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("RolesId") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "RolesId"); + + b.HasIndex("RolesId"); + + b.ToTable("GroupScope"); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.Property("IdentityProvisioningLstId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("IdentityProvisioningLstId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("IdentityProvisioningRealm"); + }); + + modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("FriendlyName") + .HasColumnType("TEXT"); + + b.Property("Xml") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("DataProtectionKeys"); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.Property("ScopesId") + .HasColumnType("TEXT"); + + b.HasKey("RealmsName", "ScopesId"); + + b.HasIndex("ScopesId"); + + b.ToTable("RealmScope"); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.Property("SerializedFileKeysId") + .HasColumnType("TEXT"); + + b.HasKey("RealmsName", "SerializedFileKeysId"); + + b.HasIndex("SerializedFileKeysId"); + + b.ToTable("RealmSerializedFileKey"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ApiResource", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Audience") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "aud"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("ApiResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuditEvent", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthMethod") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "auth_method"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("ErrorMessage") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "error_message"); + + b.Property("EventName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("IsError") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_error"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("RedirectUrl") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "redirect_url"); + + b.Property("RequestJSON") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_json"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UserName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "username"); + + b.HasKey("Id"); + + b.ToTable("AuditEvents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AuthenticationMethodReferences") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "amrs"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("DisplayName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "display_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RegistrationWorkflowId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "workflow_id"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("RegistrationWorkflowId"); + + b.ToTable("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("AuthSchemeProviderDefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("DisplayName") + .HasColumnType("TEXT"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("AuthSchemeProviderDefinitionName"); + + b.ToTable("AuthenticationSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("HandlerFullQualifiedName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "handler_full_qualifiedname"); + + b.Property("Image") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "img"); + + b.Property("OptionsFullQualifiedName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "options_full_qualifiedname"); + + b.Property("OptionsName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "options_name"); + + b.HasKey("Name"); + + b.ToTable("AuthenticationSchemeProviderDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("IdProviderId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("MapperType") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SourceClaimName") + .HasColumnType("TEXT"); + + b.Property("TargetUserAttribute") + .HasColumnType("TEXT"); + + b.Property("TargetUserProperty") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("IdProviderId"); + + b.ToTable("AuthenticationSchemeProviderMapper"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("Audience") + .HasColumnType("TEXT"); + + b.Property("AuthorizedScopeId") + .HasColumnType("INTEGER"); + + b.Property("Resource") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("AuthorizedScopeId"); + + b.ToTable("AuthorizedResource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ConsentId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scope") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scope"); + + b.HasKey("Id"); + + b.HasIndex("ConsentId"); + + b.ToTable("AuthorizedScope"); + + b.HasAnnotation("Relational:JsonPropertyName", "scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT"); + + b.Property("Interval") + .HasColumnType("INTEGER"); + + b.Property("LastStatus") + .HasColumnType("INTEGER"); + + b.Property("NextFetchTime") + .HasColumnType("TEXT"); + + b.Property("NotificationEdp") + .HasColumnType("TEXT"); + + b.Property("NotificationMode") + .HasColumnType("TEXT"); + + b.Property("NotificationToken") + .HasColumnType("TEXT"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RejectionSentDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("BCAuthorizeLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("BCAuthorizeId") + .HasColumnType("TEXT"); + + b.Property("EndDateTime") + .HasColumnType("TEXT"); + + b.Property("Message") + .HasColumnType("TEXT"); + + b.Property("StartDateTime") + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("BCAuthorizeId"); + + b.ToTable("BCAuthorizeHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("EndDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("FindType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "find_type"); + + b.Property("FindValue") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "find_value"); + + b.Property("PrivateKey") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("Source") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("StartDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.Property("StoreLocation") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "store_location"); + + b.Property("StoreName") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "store_name"); + + b.Property("SubjectName") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_name"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("CertificateAuthorities"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClaimProvider", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ClaimType") + .HasColumnType("INTEGER"); + + b.Property("ConnectionString") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ProviderType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("ClaimProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("AccessTokenType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "access_token_type"); + + b.Property("ApplicationType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "application_type"); + + b.Property("AuthReqIdExpirationTimeInSeconds") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "auth_reqid_expirationtime"); + + b.Property("AuthenticationContextClassReferenceId") + .HasColumnType("TEXT"); + + b.Property("AuthorizationDataTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_data_types"); + + b.Property("AuthorizationEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_alg"); + + b.Property("AuthorizationEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_encrypted_response_enc"); + + b.Property("AuthorizationSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "authorization_signed_response_alg"); + + b.Property("BCAuthenticationRequestSigningAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_authentication_request_signing_alg"); + + b.Property("BCClientNotificationEndpoint") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_client_notification_endpoint"); + + b.Property("BCIntervalSeconds") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "bc_interval"); + + b.Property("BCTokenDeliveryMode") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_token_delivery_mode"); + + b.Property("BCUserCodeParameter") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_user_code_parameter"); + + b.Property("BackChannelLogoutSessionRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_session_required"); + + b.Property("BackChannelLogoutUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "backchannel_logout_uri"); + + b.Property("CNonceExpirationTimeInSeconds") + .HasColumnType("REAL"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + + b.Property("ClientSecret") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_secret"); + + b.Property("ClientSecretExpirationTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_secret_expires_at"); + + b.Property("ClientType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_type"); + + b.Property("Contacts") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "contacts"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("CredentialOfferEndpoint") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "credential_offer_endpoint"); + + b.Property("DPOPBoundAccessTokens") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "dpop_bound_access_tokens"); + + b.Property("DPOPNonceLifetimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "dpop_lifetime"); + + b.Property("DefaultAcrValues") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "default_acr_values"); + + b.Property("DefaultMaxAge") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + + b.Property("FrontChannelLogoutSessionRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); + + b.Property("FrontChannelLogoutUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_uri"); + + b.Property("GrantTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "grant_types"); + + b.Property("IdTokenEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_alg"); + + b.Property("IdTokenEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_encrypted_response_enc"); + + b.Property("IdTokenSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id_token_signed_response_alg"); + + b.Property("InitiateLoginUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "initiate_login_uri"); + + b.Property("IsConsentDisabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_consent_disabled"); + + b.Property("IsDPOPNonceRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "dpop_nonce_required"); + + b.Property("IsRedirectUrlCaseSensitive") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_redirect_url_casesensitive"); + + b.Property("IsResourceParameterRequired") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + + b.Property("IsSelfIssueEnabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + + b.Property("IsTokenExchangeEnabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); + + b.Property("IsTransactionCodeRequired") + .HasColumnType("INTEGER"); + + b.Property("JwksUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "jwks_uri"); + + b.Property("PairWiseIdentifierSalt") + .HasColumnType("TEXT"); + + b.Property("PostLogoutRedirectUris") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "post_logout_redirect_uris"); + + b.Property("PreAuthCodeExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "pre_auth_code_expiration_time"); + + b.Property("PreferredTokenProfile") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "preferred_token_profile"); + + b.Property("RedirectToRevokeSessionUI") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "redirect_revoke_session_ui"); + + b.Property("RedirectionUrls") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "redirect_uris"); + + b.Property("RefreshTokenExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "refresh_token_expiration_time_seconds"); + + b.Property("RegistrationAccessToken") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "registration_access_token"); + + b.Property("RequestObjectEncryptionAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_alg"); + + b.Property("RequestObjectEncryptionEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_encryption_enc"); + + b.Property("RequestObjectSigningAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "request_object_signing_alg"); + + b.Property("RequireAuthTime") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "require_auth_time"); + + b.Property("ResponseTypes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "response_types"); + + b.Property("SectorIdentifierUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sector_identifier_uri"); + + b.Property("SerializedParameters") + .HasColumnType("TEXT"); + + b.Property("SoftwareId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "software_id"); + + b.Property("SoftwareVersion") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "software_version"); + + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + + b.Property("SubjectType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_type"); + + b.Property("TlsClientAuthSanDNS") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_dns"); + + b.Property("TlsClientAuthSanEmail") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_email"); + + b.Property("TlsClientAuthSanIP") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_ip"); + + b.Property("TlsClientAuthSanURI") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_san_uri"); + + b.Property("TlsClientAuthSubjectDN") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_auth_subject_dn"); + + b.Property("TlsClientCertificateBoundAccessToken") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "tls_client_certificate_bound_access_token"); + + b.Property("TokenEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_alg"); + + b.Property("TokenEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_encrypted_response_enc"); + + b.Property("TokenEndPointAuthMethod") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_endpoint_auth_method"); + + b.Property("TokenExchangeType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "token_exchange_type"); + + b.Property("TokenExpirationTimeInSeconds") + .HasColumnType("REAL") + .HasAnnotation("Relational:JsonPropertyName", "token_expiration_time_seconds"); + + b.Property("TokenSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "token_signed_response_alg"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserInfoEncryptedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_alg"); + + b.Property("UserInfoEncryptedResponseEnc") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_encrypted_response_enc"); + + b.Property("UserInfoSignedResponseAlg") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "userinfo_signed_response_alg"); + + b.HasKey("Id"); + + b.HasIndex("AuthenticationContextClassReferenceId"); + + b.ToTable("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CertificateAuthorityId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("EndDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "end_datetime"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PrivateKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "private_key"); + + b.Property("PublicKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "public_key"); + + b.Property("StartDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "start_datetime"); + + b.HasKey("Id"); + + b.HasIndex("CertificateAuthorityId"); + + b.ToTable("ClientCertificate"); + + b.HasAnnotation("Relational:JsonPropertyName", "client_certificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "alg"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("KeyType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "key_type"); + + b.Property("Kid") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "kid"); + + b.Property("SerializedJsonWebKey") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "serialized_jwk"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "usage"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("ClientJsonWebKey"); + + b.HasAnnotation("Relational:JsonPropertyName", "serialized_jwks"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("FullQualifiedName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("Definitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ConfigurationDefinitionId") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DisplayCondition") + .HasColumnType("TEXT"); + + b.Property("IsRequired") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Order") + .HasColumnType("INTEGER"); + + b.Property("Type") + .HasColumnType("INTEGER"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionId"); + + b.ToTable("ConfigurationDefinitionRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("ConfigurationDefinitionRecordId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ConfigurationDefinitionRecordId"); + + b.ToTable("ConfigurationDefinitionRecordValue"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationKeyPairValueRecord", b => + { + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Name"); + + b.ToTable("ConfigurationKeyPairValueRecords"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Claims") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claims"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ScopeId") + .HasColumnType("TEXT"); + + b.Property("SerializedAuthorizationDetails") + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.HasIndex("UserId"); + + b.ToTable("Grants"); + + b.HasAnnotation("Relational:JsonPropertyName", "consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.Property("DeviceCode") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT"); + + b.Property("LastAccessTime") + .HasColumnType("TEXT"); + + b.Property("NextAccessDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("UserCode") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.Property("UserLogin") + .HasColumnType("TEXT"); + + b.HasKey("DeviceCode"); + + b.HasIndex("ClientId"); + + b.HasIndex("UserId"); + + b.ToTable("DeviceAuthCodes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentation", b => + { + b.Property("ExternalId") + .HasColumnType("TEXT"); + + b.Property("Version") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("ExternalId"); + + b.ToTable("ExtractedRepresentations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ExtractedRepresentationStaging", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("GroupIds") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("IdProvisioningProcessId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RepresentationId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("RepresentationVersion") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Type") + .HasColumnType("INTEGER"); + + b.Property("Values") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("ExtractedRepresentationsStaging"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GotifySession", b => + { + b.Property("ApplicationToken") + .HasColumnType("TEXT"); + + b.Property("ClientToken") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("ApplicationToken"); + + b.ToTable("GotifySessions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("FullPath") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "full_path"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("ParentGroupId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "parent_group_id"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.HasIndex("ParentGroupId"); + + b.ToTable("Groups"); + + b.HasAnnotation("Relational:JsonPropertyName", "group"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("GroupRealm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.Property("GroupsId") + .HasColumnType("TEXT"); + + b.Property("UsersId") + .HasColumnType("TEXT"); + + b.HasKey("GroupsId", "UsersId"); + + b.HasIndex("UsersId"); + + b.ToTable("GroupUser"); + + b.HasAnnotation("Relational:JsonPropertyName", "groups"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("IsEnabled") + .HasColumnType("INTEGER"); + + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("DefinitionName"); + + b.ToTable("IdentityProvisioningLst"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Description") + .HasColumnType("TEXT"); + + b.Property("OptionsFullQualifiedName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("OptionsName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Name"); + + b.ToTable("IdentityProvisioningDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CurrentPage") + .HasColumnType("INTEGER"); + + b.Property("ExecutionDateTime") + .HasColumnType("TEXT"); + + b.Property("IdentityProvisioningId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("NbFilteredRepresentations") + .HasColumnType("INTEGER"); + + b.Property("NbGroups") + .HasColumnType("INTEGER"); + + b.Property("NbUsers") + .HasColumnType("INTEGER"); + + b.Property("ProcessId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("TotalPages") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("IdentityProvisioningHistory"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("From") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("HasMultipleAttribute") + .HasColumnType("INTEGER"); + + b.Property("IdentityProvisioningDefinitionName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("MapperType") + .HasColumnType("INTEGER"); + + b.Property("TargetUserAttribute") + .HasColumnType("TEXT"); + + b.Property("TargetUserProperty") + .HasColumnType("TEXT"); + + b.Property("Usage") + .HasColumnType("INTEGER"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningDefinitionName"); + + b.ToTable("IdentityProvisioningMappingRule"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Language", b => + { + b.Property("Code") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "code"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Code"); + + b.ToTable("Languages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Content") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ExternalId") + .HasColumnType("TEXT"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ReceivedDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("PresentationDefinitions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Format") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("TEXT"); + + b.Property("ProofType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionFormat"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("PresentationDefinitionId") + .HasColumnType("TEXT"); + + b.Property("PublicId") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Purpose") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "purpose"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionId"); + + b.ToTable("PresentationDefinitionInputDescriptor"); + + b.HasAnnotation("Relational:JsonPropertyName", "input_descriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Filter") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Path") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PresentationDefinitionInputDescriptorId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("PresentationDefinitionInputDescriptorId"); + + b.ToTable("PresentationDefinitionInputDescriptorConstraint"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Name"); + + b.ToTable("Realms"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.Property("UsersId") + .HasColumnType("TEXT"); + + b.Property("RealmsName") + .HasColumnType("TEXT"); + + b.HasKey("UsersId", "RealmsName"); + + b.HasIndex("RealmsName"); + + b.ToTable("RealmUser"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("IsDefault") + .HasColumnType("INTEGER"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("RealmName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Steps") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("RealmName"); + + b.ToTable("RegistrationWorkflows"); + + b.HasAnnotation("Relational:JsonPropertyName", "registration_workflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Action") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "action"); + + b.Property("Component") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "component"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Description") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "description"); + + b.Property("IsExposedInConfigurationEdp") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_exposed"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Protocol") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "protocol"); + + b.Property("Type") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "update_datetime"); + + b.HasKey("Id"); + + b.ToTable("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("IncludeInAccessToken") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "include_in_accesstoken"); + + b.Property("IsMultiValued") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_multivalued"); + + b.Property("MapperType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "mapper_type"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("SAMLAttributeName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "saml_attribute_name"); + + b.Property("ScopeId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("SourceUserAttribute") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source_user_attribute"); + + b.Property("SourceUserProperty") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source_user_property"); + + b.Property("TargetClaimPath") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "target_claim_path"); + + b.Property("TokenClaimJsonType") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "token_claim_json_type"); + + b.HasKey("Id"); + + b.HasIndex("ScopeId"); + + b.ToTable("ScopeClaimMapper"); + + b.HasAnnotation("Relational:JsonPropertyName", "mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.SerializedFileKey", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Alg") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Enc") + .HasColumnType("TEXT"); + + b.Property("IsSymmetric") + .HasColumnType("INTEGER"); + + b.Property("Key") + .HasColumnType("BLOB"); + + b.Property("KeyId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("PrivateKeyPem") + .HasColumnType("TEXT"); + + b.Property("PublicKeyPem") + .HasColumnType("TEXT"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.Property("Usage") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("SerializedFileKeys"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Token", b => + { + b.Property("PkID") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("AccessTokenType") + .HasColumnType("INTEGER"); + + b.Property("AuthorizationCode") + .HasColumnType("TEXT"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Data") + .HasColumnType("TEXT"); + + b.Property("ExpirationTime") + .HasColumnType("TEXT"); + + b.Property("GrantId") + .HasColumnType("TEXT"); + + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Jkt") + .HasColumnType("TEXT"); + + b.Property("OriginalData") + .HasColumnType("TEXT"); + + b.Property("SessionId") + .HasColumnType("TEXT"); + + b.Property("TokenType") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("PkID"); + + b.ToTable("Tokens"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ClientId") + .HasColumnType("TEXT"); + + b.Property("Key") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Language") + .HasColumnType("TEXT"); + + b.Property("Value") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ClientId"); + + b.ToTable("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Owner") + .HasColumnType("TEXT"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Requester") + .HasColumnType("TEXT"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Status") + .HasColumnType("INTEGER"); + + b.Property("TicketId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("ResourceId"); + + b.ToTable("UmaPendingRequest"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("UMAPermissionTicket"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ResourceId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("UMAPermissionTicketId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UMAPermissionTicketId"); + + b.ToTable("UMAPermissionTicketRecord"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "_id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IconUri") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "icon_uri"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "resource_scopes"); + + b.Property("Subject") + .HasColumnType("TEXT"); + + b.Property("Type") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("UmaResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("Scopes") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scopes"); + + b.Property("UMAResourceId") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("UMAResourcePermission"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("ClaimType") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "claim_type"); + + b.Property("FriendlyName") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "friendly_name"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("UMAResourcePermissionId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UMAResourcePermissionId"); + + b.ToTable("UMAResourcePermissionClaim"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "createDateTime"); + + b.Property("DeviceRegistrationToken") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "device_registration_token"); + + b.Property("Email") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "email"); + + b.Property("EmailVerified") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "emailVerified"); + + b.Property("EncodedPicture") + .HasColumnType("TEXT"); + + b.Property("Firstname") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "firstname"); + + b.Property("IdentityProvisioningId") + .HasColumnType("TEXT"); + + b.Property("Lastname") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "lastname"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("NbLoginAttempt") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + + b.Property("NotificationMode") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "notification_mode"); + + b.Property("Source") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "source"); + + b.Property("Status") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "status"); + + b.Property("UnblockDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + + b.Property("UpdateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); + + b.HasKey("Id"); + + b.HasIndex("IdentityProvisioningId"); + + b.ToTable("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "name"); + + b.Property("Type") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("UserId") + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserClaims"); + + b.HasAnnotation("Relational:JsonPropertyName", "claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CredentialType") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "type"); + + b.Property("HOTPWindow") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "hotp_window"); + + b.Property("IsActive") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "active"); + + b.Property("OTPAlg") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "otp_alg"); + + b.Property("OTPCounter") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "otp_counter"); + + b.Property("TOTPStep") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "totp_step"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Value") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "value"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserCredential"); + + b.HasAnnotation("Relational:JsonPropertyName", "credentials"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT"); + + b.Property("DeviceType") + .HasColumnType("TEXT"); + + b.Property("Manufacturer") + .HasColumnType("TEXT"); + + b.Property("Model") + .HasColumnType("TEXT"); + + b.Property("Name") + .HasColumnType("TEXT"); + + b.Property("PushToken") + .HasColumnType("TEXT"); + + b.Property("PushType") + .HasColumnType("TEXT"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Version") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserDevice"); + + b.HasAnnotation("Relational:JsonPropertyName", "devices"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("INTEGER"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("Scheme") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "scheme"); + + b.Property("Subject") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.HasIndex("UserId"); + + b.ToTable("UserExternalAuthProvider"); + + b.HasAnnotation("Relational:JsonPropertyName", "external_auth_providers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.Property("SessionId") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "session_id"); + + b.Property("AuthenticationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "auth_datetime"); + + b.Property("ExpirationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "exp_datetime"); + + b.Property("IsClientsNotified") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_clients_notified"); + + b.Property("Realm") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("SerializedClientIds") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("State") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "state"); + + b.Property("UserId") + .IsRequired() + .HasColumnType("TEXT"); + + b.HasKey("SessionId"); + + b.HasIndex("UserId"); + + b.ToTable("UserSession"); + + b.HasAnnotation("Relational:JsonPropertyName", "sessions"); + }); + + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.Property("TranslationsId") + .HasColumnType("INTEGER"); + + b.Property("UMAResourceId") + .HasColumnType("TEXT"); + + b.HasKey("TranslationsId", "UMAResourceId"); + + b.HasIndex("UMAResourceId"); + + b.ToTable("TranslationUMAResource"); + }); + + modelBuilder.Entity("ApiResourceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ApiResourceScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ApiResource", null) + .WithMany() + .HasForeignKey("ApiResourcesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationContextClassReferenceRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany() + .HasForeignKey("AuthenticationContextClassReferencesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("AuthenticationSchemeProviderRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", null) + .WithMany() + .HasForeignKey("AuthenticationSchemeProvidersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("CertificateAuthorityRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", null) + .WithMany() + .HasForeignKey("CertificateAuthoritiesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ClientScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany() + .HasForeignKey("ClientsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("ConfigurationDefinitionRecordValueTranslation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", null) + .WithMany() + .HasForeignKey("ConfigurationDefinitionRecordValueId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("GroupScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", null) + .WithMany() + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("RolesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("IdentityProvisioningRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", null) + .WithMany() + .HasForeignKey("IdentityProvisioningLstId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany() + .HasForeignKey("ScopesId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("RealmSerializedFileKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", null) + .WithMany() + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.SerializedFileKey", null) + .WithMany() + .HasForeignKey("SerializedFileKeysId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", "RegistrationWorkflow") + .WithMany("Acrs") + .HasForeignKey("RegistrationWorkflowId"); + + b.Navigation("RegistrationWorkflow"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", "AuthSchemeProviderDefinition") + .WithMany("AuthSchemeProviders") + .HasForeignKey("AuthSchemeProviderDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("AuthSchemeProviderDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", "IdProvider") + .WithMany("Mappers") + .HasForeignKey("IdProviderId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdProvider"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthorizedScope", null) + .WithMany("AuthorizedResources") + .HasForeignKey("AuthorizedScopeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Consent", "Consent") + .WithMany("Scopes") + .HasForeignKey("ConsentId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Consent"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorizeHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.BCAuthorize", null) + .WithMany("Histories") + .HasForeignKey("BCAuthorizeId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", null) + .WithMany("Clients") + .HasForeignKey("AuthenticationContextClassReferenceId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientCertificate", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.CertificateAuthority", "CertificateAuthority") + .WithMany("ClientCertificates") + .HasForeignKey("CertificateAuthorityId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("CertificateAuthority"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ClientJsonWebKey", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("SerializedJsonWebKeys") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", null) + .WithMany("Records") + .HasForeignKey("ConfigurationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecordValue", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", null) + .WithMany("Values") + .HasForeignKey("ConfigurationDefinitionRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", null) + .WithMany("Consents") + .HasForeignKey("ScopeId"); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Consents") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.DeviceAuthCode", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", "Client") + .WithMany("DeviceAuthCodes") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany() + .HasForeignKey("UserId"); + + b.Navigation("Client"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "ParentGroup") + .WithMany("Children") + .HasForeignKey("ParentGroupId"); + + b.Navigation("ParentGroup"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupRealm", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Realms") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Groups") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.GroupUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Group", "Group") + .WithMany("Users") + .HasForeignKey("GroupsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Groups") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Group"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "Definition") + .WithMany("Instances") + .HasForeignKey("DefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Definition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningHistory", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Histories") + .HasForeignKey("IdentityProvisioningId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningMappingRule", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", "IdentityProvisioningDefinition") + .WithMany("MappingRules") + .HasForeignKey("IdentityProvisioningDefinitionName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("IdentityProvisioningDefinition"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("PresentationDefinitions") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionFormat", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Format") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinition", null) + .WithMany("InputDescriptors") + .HasForeignKey("PresentationDefinitionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptorConstraint", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", null) + .WithMany("Constraints") + .HasForeignKey("PresentationDefinitionInputDescriptorId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RealmUser", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("Users") + .HasForeignKey("RealmsName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Realms") + .HasForeignKey("UsersId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Realm", "Realm") + .WithMany("RegistrationWorkflows") + .HasForeignKey("RealmName") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Realm"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ScopeClaimMapper", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Scope", "Scope") + .WithMany("ClaimMappers") + .HasForeignKey("ScopeId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Scope"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Translation", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Client", null) + .WithMany("Translations") + .HasForeignKey("ClientId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPendingRequest", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", "Resource") + .WithMany() + .HasForeignKey("ResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("Resource"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicketRecord", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", null) + .WithMany("Records") + .HasForeignKey("UMAPermissionTicketId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany("Permissions") + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermissionClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResourcePermission", null) + .WithMany("Claims") + .HasForeignKey("UMAResourcePermissionId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.IdentityProvisioning", "IdentityProvisioning") + .WithMany("Users") + .HasForeignKey("IdentityProvisioningId"); + + b.Navigation("IdentityProvisioning"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserClaim", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("OAuthUserClaims") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserCredential", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Credentials") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserDevice", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Devices") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserExternalAuthProvider", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("ExternalAuthProviders") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UserSession", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.User", "User") + .WithMany("Sessions") + .HasForeignKey("UserId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.Navigation("User"); + }); + + modelBuilder.Entity("TranslationUMAResource", b => + { + b.HasOne("SimpleIdServer.IdServer.Domains.Translation", null) + .WithMany() + .HasForeignKey("TranslationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.IdServer.Domains.UMAResource", null) + .WithMany() + .HasForeignKey("UMAResourceId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationContextClassReference", b => + { + b.Navigation("Clients"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProvider", b => + { + b.Navigation("Mappers"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthenticationSchemeProviderDefinition", b => + { + b.Navigation("AuthSchemeProviders"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.AuthorizedScope", b => + { + b.Navigation("AuthorizedResources"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.BCAuthorize", b => + { + b.Navigation("Histories"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.CertificateAuthority", b => + { + b.Navigation("ClientCertificates"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Client", b => + { + b.Navigation("DeviceAuthCodes"); + + b.Navigation("SerializedJsonWebKeys"); + + b.Navigation("Translations"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinition", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.ConfigurationDefinitionRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Consent", b => + { + b.Navigation("Scopes"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Group", b => + { + b.Navigation("Children"); + + b.Navigation("Realms"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioning", b => + { + b.Navigation("Histories"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.IdentityProvisioningDefinition", b => + { + b.Navigation("Instances"); + + b.Navigation("MappingRules"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => + { + b.Navigation("InputDescriptors"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinitionInputDescriptor", b => + { + b.Navigation("Constraints"); + + b.Navigation("Format"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Realm", b => + { + b.Navigation("Groups"); + + b.Navigation("PresentationDefinitions"); + + b.Navigation("RegistrationWorkflows"); + + b.Navigation("Users"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.RegistrationWorkflow", b => + { + b.Navigation("Acrs"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.Scope", b => + { + b.Navigation("ClaimMappers"); + + b.Navigation("Consents"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAPermissionTicket", b => + { + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResource", b => + { + b.Navigation("Permissions"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.UMAResourcePermission", b => + { + b.Navigation("Claims"); + }); + + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.User", b => + { + b.Navigation("Consents"); + + b.Navigation("Credentials"); + + b.Navigation("Devices"); + + b.Navigation("ExternalAuthProviders"); + + b.Navigation("Groups"); + + b.Navigation("OAuthUserClaims"); + + b.Navigation("Realms"); + + b.Navigation("Sessions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240805132551_SupportAdminRole.cs b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240805132551_SupportAdminRole.cs new file mode 100644 index 000000000..12b85d74d --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/20240805132551_SupportAdminRole.cs @@ -0,0 +1,38 @@ +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.IdServer.SqliteMigrations.Migrations +{ + /// + public partial class SupportAdminRole : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "Action", + table: "Scopes", + type: "INTEGER", + nullable: true); + + migrationBuilder.AddColumn( + name: "Component", + table: "Scopes", + type: "TEXT", + nullable: true); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "Action", + table: "Scopes"); + + migrationBuilder.DropColumn( + name: "Component", + table: "Scopes"); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/StoreDbContextModelSnapshot.cs b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/StoreDbContextModelSnapshot.cs index eabee5725..8779e319a 100644 --- a/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/StoreDbContextModelSnapshot.cs +++ b/src/IdServer/SimpleIdServer.IdServer.SqliteMigrations/Migrations/StoreDbContextModelSnapshot.cs @@ -3,7 +3,6 @@ using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore.Infrastructure; using Microsoft.EntityFrameworkCore.Storage.ValueConversion; -using SimpleIdServer.IdServer.Store; using SimpleIdServer.IdServer.Store.EF; #nullable disable @@ -745,6 +744,11 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("TEXT") .HasAnnotation("Relational:JsonPropertyName", "client_id"); + b.Property("ClientRegistrationTypesSupported") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "client_registration_types_supported"); + b.Property("ClientSecret") .IsRequired() .HasColumnType("TEXT") @@ -788,6 +792,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("REAL") .HasAnnotation("Relational:JsonPropertyName", "default_max_age"); + b.Property("ExpirationDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "expiration_datetime"); + b.Property("FrontChannelLogoutSessionRequired") .HasColumnType("INTEGER") .HasAnnotation("Relational:JsonPropertyName", "frontchannel_logout_session_required"); @@ -833,6 +841,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("INTEGER") .HasAnnotation("Relational:JsonPropertyName", "is_resource_parameter_required"); + b.Property("IsSelfIssueEnabled") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_self_issue_enabled"); + b.Property("IsTokenExchangeEnabled") .HasColumnType("INTEGER") .HasAnnotation("Relational:JsonPropertyName", "is_token_exchange_enabled"); @@ -913,6 +925,11 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("TEXT") .HasAnnotation("Relational:JsonPropertyName", "software_version"); + b.Property("SubjectSyntaxTypesSupported") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "subject_syntax_types_supported"); + b.Property("SubjectType") .HasColumnType("TEXT") .HasAnnotation("Relational:JsonPropertyName", "subject_type"); @@ -1556,6 +1573,42 @@ protected override void BuildModel(ModelBuilder modelBuilder) b.ToTable("Languages"); }); + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.MessageBusErrorMessage", b => + { + b.Property("Id") + .HasColumnType("TEXT"); + + b.Property("Content") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Exceptions") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ExternalId") + .HasColumnType("TEXT"); + + b.Property("FullName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("Name") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("QueueName") + .IsRequired() + .HasColumnType("TEXT"); + + b.Property("ReceivedDateTime") + .HasColumnType("TEXT"); + + b.HasKey("Id"); + + b.ToTable("MessageBusErrorMessages"); + }); + modelBuilder.Entity("SimpleIdServer.IdServer.Domains.PresentationDefinition", b => { b.Property("Id") @@ -1742,6 +1795,14 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("TEXT") .HasAnnotation("Relational:JsonPropertyName", "id"); + b.Property("Action") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "action"); + + b.Property("Component") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "component"); + b.Property("CreateDateTime") .HasColumnType("TEXT") .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); @@ -1888,7 +1949,6 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("TEXT"); b.Property("ClientId") - .IsRequired() .HasColumnType("TEXT"); b.Property("CreateDateTime") @@ -2163,6 +2223,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("TEXT") .HasAnnotation("Relational:JsonPropertyName", "name"); + b.Property("NbLoginAttempt") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "nb_login_attempt"); + b.Property("NotificationMode") .IsRequired() .HasColumnType("TEXT") @@ -2176,6 +2240,10 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("INTEGER") .HasAnnotation("Relational:JsonPropertyName", "status"); + b.Property("UnblockDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "unblock_datetime"); + b.Property("UpdateDateTime") .HasColumnType("TEXT") .HasAnnotation("Relational:JsonPropertyName", "updateDateTime"); @@ -2387,6 +2455,34 @@ protected override void BuildModel(ModelBuilder modelBuilder) b.HasAnnotation("Relational:JsonPropertyName", "sessions"); }); + modelBuilder.Entity("SimpleIdServer.OpenidFederation.Domains.FederationEntity", b => + { + b.Property("Id") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "id"); + + b.Property("CreateDateTime") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "create_datetime"); + + b.Property("IsSubordinate") + .HasColumnType("INTEGER") + .HasAnnotation("Relational:JsonPropertyName", "is_subordinate"); + + b.Property("Realm") + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "realm"); + + b.Property("Sub") + .IsRequired() + .HasColumnType("TEXT") + .HasAnnotation("Relational:JsonPropertyName", "sub"); + + b.HasKey("Id"); + + b.ToTable("FederationEntities"); + }); + modelBuilder.Entity("TranslationUMAResource", b => { b.Property("TranslationsId") diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/console/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/console/Views/Authenticate/Index.cshtml index 25b6b8ebf..43f9d468b 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/console/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/console/Views/Authenticate/Index.cshtml @@ -9,7 +9,7 @@ ViewBag.Title = AuthenticateConsoleResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/email/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/email/Views/Authenticate/Index.cshtml index ae2e7c98e..9634ae970 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/email/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/email/Views/Authenticate/Index.cshtml @@ -9,7 +9,7 @@ ViewBag.Title = AuthenticateEmailResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Authenticate/Index.cshtml index 5b4c40300..40c8bd33d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Authenticate/Index.cshtml @@ -8,7 +8,7 @@ ViewBag.Title = AuthenticateMobileResource.auth_title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/otp/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/otp/Views/Authenticate/Index.cshtml index f25b2ef58..7580225b5 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/otp/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/otp/Views/Authenticate/Index.cshtml @@ -9,7 +9,7 @@ ViewBag.Title = AuthenticateOtpResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/pwd/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/pwd/Views/Authenticate/Index.cshtml index 54e97de3b..630ba8873 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/pwd/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/pwd/Views/Authenticate/Index.cshtml @@ -5,7 +5,7 @@ ViewBag.Title = AuthenticatePasswordResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/sms/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/sms/Views/Authenticate/Index.cshtml index e6a95e594..8ed8b42b1 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/sms/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/sms/Views/Authenticate/Index.cshtml @@ -8,7 +8,7 @@ ViewBag.Title = AuthenticateSmsResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml index c935a1af6..7b21c5dbf 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml @@ -10,7 +10,7 @@ var makeAssertionsOptionsUrl = Url.Action("MakeAssertionOptions", "Authenticate", new { area = "webauthn" }); var authenticateUrl = Url.Action("Index", "Authenticate", new { area = "webauthn" }); var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/FacebookOptionsLite.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/FacebookOptionsLite.cs index 2c349c2a1..3789de36c 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/FacebookOptionsLite.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/FacebookOptionsLite.cs @@ -7,9 +7,9 @@ namespace SimpleIdServer.IdServer.Startup.Converters { public class FacebookOptionsLite : IDynamicAuthenticationOptions { - [SimpleIdServer.Configuration.ConfigurationRecord("AppId", "Application identifier", 0, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("AppId", "Application identifier", 0, IsRequired = true)] public string AppId { get; set; } - [SimpleIdServer.Configuration.ConfigurationRecord("AppSecret", "Application secret", 1, null, SimpleIdServer.Configuration.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("AppSecret", "Application secret", 1, null, SimpleIdServer.IdServer.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] public string AppSecret { get; set; } public FacebookOptions Convert() => new FacebookOptions diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/GoogleOptionsLite.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/GoogleOptionsLite.cs index ffdb3f88c..25b1dc395 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/GoogleOptionsLite.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/GoogleOptionsLite.cs @@ -7,9 +7,9 @@ namespace SimpleIdServer.IdServer.Startup.Converters; public class GoogleOptionsLite : IDynamicAuthenticationOptions { - [SimpleIdServer.Configuration.ConfigurationRecord("ClientId", "Client identifier", 0, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientId", "Client identifier", 0, IsRequired = true)] public string ClientId { get; set; } - [SimpleIdServer.Configuration.ConfigurationRecord("ClientSecret", "Client secret", 1, null, SimpleIdServer.Configuration.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientSecret", "Client secret", 1, null, SimpleIdServer.IdServer.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] public string ClientSecret { get; set; } public GoogleOptions Convert() => new GoogleOptions diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/OpenIdConnectLiteOptions.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/OpenIdConnectLiteOptions.cs index 435b02e99..efa79922d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/OpenIdConnectLiteOptions.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Converters/OpenIdConnectLiteOptions.cs @@ -7,9 +7,9 @@ namespace SimpleIdServer.IdServer.Startup.Converters { public class OpenIdConnectLiteOptions : IDynamicAuthenticationOptions { - [SimpleIdServer.Configuration.ConfigurationRecord("ClientId", "Client Identifier", order: 0, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientId", "Client Identifier", order: 0, IsRequired = true)] public string ClientId { get; set; } - [SimpleIdServer.Configuration.ConfigurationRecord("ClientSecret", "Client Secret", order: 1, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientSecret", "Client Secret", order: 1, IsRequired = true)] public string ClientSecret { get; set; } public OpenIdConnectOptions Convert() diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/DbContextFactory.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/DbContextFactory.cs index 8099cc39e..fc42858ac 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/DbContextFactory.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/DbContextFactory.cs @@ -4,7 +4,6 @@ using SimpleIdServer.IdServer.Store.EF; namespace SimpleIdServer.IdServer.PostgreMigrations; -/* public class DbContextFactory : IDesignTimeDbContextFactory { public StoreDbContext CreateDbContext(string[] args) @@ -18,5 +17,4 @@ public StoreDbContext CreateDbContext(string[] args) }); return new StoreDbContext(optionsBuilder.Options); } -} -*/ \ No newline at end of file +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/IdServerConfiguration.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/IdServerConfiguration.cs index 4277e2e54..c7d7bcb52 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/IdServerConfiguration.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/IdServerConfiguration.cs @@ -2,7 +2,6 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.AspNetCore.Authentication.Facebook; using Microsoft.AspNetCore.Authentication.Google; -using Microsoft.AspNetCore.Authentication.Negotiate; using Microsoft.IdentityModel.JsonWebTokens; using Microsoft.IdentityModel.Tokens; using SimpleIdServer.IdServer.Builders; @@ -10,6 +9,7 @@ using SimpleIdServer.IdServer.Provisioning.LDAP; using SimpleIdServer.IdServer.Provisioning.SCIM; using SimpleIdServer.IdServer.Startup.Converters; +using SimpleIdServer.OpenidFederation.Domains; using System; using System.Collections.Generic; using System.Linq; @@ -21,8 +21,7 @@ public class IdServerConfiguration { private static AuthenticationSchemeProviderDefinition Facebook = AuthenticationSchemeProviderDefinitionBuilder.Create("facebook", "Facebook", typeof(FacebookHandler), typeof(FacebookOptionsLite)).Build(); private static AuthenticationSchemeProviderDefinition Google = AuthenticationSchemeProviderDefinitionBuilder.Create("google", "Google", typeof(GoogleHandler), typeof(GoogleOptionsLite)).Build(); - private static AuthenticationSchemeProviderDefinition Negotiate = AuthenticationSchemeProviderDefinitionBuilder.Create("negotiate", "Negotiate", typeof(NegotiateHandler), typeof(NegotiateOptionsLite)).Build(); - + private static IdentityProvisioningDefinition Scim = IdentityProvisioningDefinitionBuilder.Create(SimpleIdServer.IdServer.Provisioning.SCIM.Services.SCIMProvisioningService.NAME, "SCIM") .AddUserSubjectMappingRule("$.userName") .AddUserPropertyMappingRule("$.name.familyName", nameof(User.Lastname)) @@ -59,6 +58,21 @@ public class IdServerConfiguration UpdateDateTime = DateTime.UtcNow }; + public static Scope CtWalletScope = new Scope + { + Id = Guid.NewGuid().ToString(), + Name = "ct_wallet", + Realms = new List + { + StandardRealms.Master + }, + Type = ScopeTypes.APIRESOURCE, + Protocol = ScopeProtocols.OAUTH, + IsExposedInConfigurationEdp = true, + CreateDateTime = DateTime.UtcNow, + UpdateDateTime = DateTime.UtcNow + }; + public static ICollection Scopes => new List { SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, @@ -85,12 +99,17 @@ public class IdServerConfiguration SimpleIdServer.IdServer.Constants.StandardScopes.OfflineAccessScope, SimpleIdServer.IdServer.Constants.StandardScopes.CredentialConfigurations, SimpleIdServer.IdServer.Constants.StandardScopes.CredentialInstances, - UniversityDegreeScope + SimpleIdServer.IdServer.Constants.StandardScopes.DeferredCreds, + UniversityDegreeScope, + CtWalletScope, + SimpleIdServer.IdServer.Federation.IdServerFederationConstants.StandardScopes.FederationEntities, + SimpleIdServer.IdServer.Constants.StandardScopes.WebsiteAdministratorRole }; public static ICollection Users => new List { - UserBuilder.Create("administrator", "password", "Administrator").SetFirstname("Administrator").SetEmail("adm@email.com").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").GenerateRandomTOTPKey().Build(), + SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorUser, + SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorReadonlyUser, UserBuilder.Create("user", "password", "User").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").Build() }; @@ -99,12 +118,13 @@ public class IdServerConfiguration ClientBuilder.BuildWalletClient("walletClient", "password") .SetClientName("Wallet") .Build(), - ClientBuilder.BuildCredentialIssuer("CredentialIssuer", "password", null, "https://localhost:5005/*", "http://localhost:5005/*", "https://credentialissuer.simpleidserver.com/*", "https://credentialissuer.localhost.com/*", "https://credentialissuer.sid.svc.cluster.local/*") + ClientBuilder.BuildCredentialIssuer("CredentialIssuer", "password", null, "https://8028-81-246-134-116.ngrok-free.app/signin-oidc", "https://localhost:5005/*", "http://localhost:5005/*", "https://credentialissuer.simpleidserver.com/*", "https://credentialissuer.localhost.com/*", "https://credentialissuer.sid.svc.cluster.local/*") .SetClientName("Credential issuer") .AddScope( SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, SimpleIdServer.IdServer.Constants.StandardScopes.Profile, - UniversityDegreeScope).Build(), + UniversityDegreeScope, + CtWalletScope).IsTransactionCodeRequired().Build(), ClientBuilder.BuildTraditionalWebsiteClient("CredentialIssuer-manager", "password", null, "https://localhost:5006/*", "https://credentialissuerwebsite.simpleidserver.com/*", "https://credentialissuerwebsite.localhost.com/*", "http://credentialissuerwebsite.localhost.com/*", "https://credentialissuerwebsite.sid.svc.cluster.local/*").EnableClientGrantType().SetRequestObjectEncryption().AddPostLogoutUri("https://localhost:5006/signout-callback-oidc").AddPostLogoutUri("https://credissuer-website.sid.svc.cluster.local/signout-callback-oidc") .AddPostLogoutUri("https://website.simpleidserver.com/signout-callback-oidc") .AddAuthDataTypes("photo") @@ -115,7 +135,8 @@ public class IdServerConfiguration SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, SimpleIdServer.IdServer.Constants.StandardScopes.Profile, SimpleIdServer.IdServer.Constants.StandardScopes.CredentialConfigurations, - SimpleIdServer.IdServer.Constants.StandardScopes.CredentialInstances).Build(), + SimpleIdServer.IdServer.Constants.StandardScopes.CredentialInstances, + SimpleIdServer.IdServer.Constants.StandardScopes.DeferredCreds).Build(), ClientBuilder.BuildTraditionalWebsiteClient("SIDS-manager", "password", null, "https://localhost:5002/*", "https://website.simpleidserver.com/*", "https://website.localhost.com/*", "http://website.localhost.com/*", "https://website.sid.svc.cluster.local/*").EnableClientGrantType().SetRequestObjectEncryption().AddPostLogoutUri("https://localhost:5002/signout-callback-oidc").AddPostLogoutUri("https://website.sid.svc.cluster.local/signout-callback-oidc") .AddPostLogoutUri("https://website.simpleidserver.com/signout-callback-oidc") .AddAuthDataTypes("photo") @@ -123,6 +144,7 @@ public class IdServerConfiguration .SetBackChannelLogoutUrl("https://localhost:5002/bc-logout") .SetClientLogoUri("https://cdn.logo.com/hotlink-ok/logo-social.png") .AddScope( + SimpleIdServer.IdServer.Constants.StandardScopes.Role, SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, SimpleIdServer.IdServer.Constants.StandardScopes.Profile, SimpleIdServer.IdServer.Constants.StandardScopes.Provisioning, @@ -138,7 +160,9 @@ public class IdServerConfiguration SimpleIdServer.IdServer.Constants.StandardScopes.CertificateAuthorities, SimpleIdServer.IdServer.Constants.StandardScopes.Clients, SimpleIdServer.IdServer.Constants.StandardScopes.Realms, - SimpleIdServer.IdServer.Constants.StandardScopes.Groups).Build(), + SimpleIdServer.IdServer.Constants.StandardScopes.Groups, + SimpleIdServer.IdServer.Constants.StandardScopes.WebsiteAdministratorRole, + SimpleIdServer.IdServer.Federation.IdServerFederationConstants.StandardScopes.FederationEntities).Build(), ClientBuilder.BuildTraditionalWebsiteClient("swaggerClient", "password", null, "https://localhost:5001/swagger/oauth2-redirect.html", "https://localhost:5001/(.*)/swagger/oauth2-redirect.html", "http://localhost").AddScope( SimpleIdServer.IdServer.Constants.StandardScopes.Provisioning, SimpleIdServer.IdServer.Constants.StandardScopes.Users, @@ -153,7 +177,8 @@ public class IdServerConfiguration SimpleIdServer.IdServer.Constants.StandardScopes.CertificateAuthorities, SimpleIdServer.IdServer.Constants.StandardScopes.Clients, SimpleIdServer.IdServer.Constants.StandardScopes.Realms, - SimpleIdServer.IdServer.Constants.StandardScopes.Groups).Build(), + SimpleIdServer.IdServer.Constants.StandardScopes.Groups, + SimpleIdServer.IdServer.Federation.IdServerFederationConstants.StandardScopes.FederationEntities).Build(), ClientBuilder.BuildTraditionalWebsiteClient("postman", "password", null, "http://localhost").EnableClientGrantType().AddScope( SimpleIdServer.IdServer.Constants.StandardScopes.Provisioning, SimpleIdServer.IdServer.Constants.StandardScopes.Users, @@ -168,7 +193,8 @@ public class IdServerConfiguration SimpleIdServer.IdServer.Constants.StandardScopes.CertificateAuthorities, SimpleIdServer.IdServer.Constants.StandardScopes.Clients, SimpleIdServer.IdServer.Constants.StandardScopes.Realms, - SimpleIdServer.IdServer.Constants.StandardScopes.Groups).Build(), + SimpleIdServer.IdServer.Constants.StandardScopes.Groups, + SimpleIdServer.IdServer.Federation.IdServerFederationConstants.StandardScopes.FederationEntities).Build(), WsClientBuilder.BuildWsFederationClient("urn:website").SetClientName("NAME").Build(), ClientBuilder.BuildUserAgentClient("oauth", "password", null, "https://oauth.tools/callback/code") .AddScope(SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, SimpleIdServer.IdServer.Constants.StandardScopes.Profile) @@ -199,8 +225,7 @@ public class IdServerConfiguration public static ICollection ProviderDefinitions => new List { Facebook, - Google, - Negotiate + Google }; public static ICollection Languages => new List @@ -212,9 +237,6 @@ public class IdServerConfiguration { AuthenticationSchemeProviderBuilder.Create(Facebook, "Facebook", "Facebook", "Facebook").Build(), AuthenticationSchemeProviderBuilder.Create(Google, "Google", "Google", "Google").Build(), - AuthenticationSchemeProviderBuilder.Create(Negotiate, "Negotiate", "Negotiate", "Negotiate") - .SetMappers(SimpleIdServer.IdServer.Constants.GetNegotiateIdProviderMappers()) - .Build() }; public static ICollection Realms = new List @@ -248,5 +270,17 @@ public class IdServerConfiguration { PresentationDefinitionBuilder.New("universitydegree_vp", "University Degree").AddLdpVcInputDescriptor("UniversityDegree", "UniversityDegree", "UniversityDegree").Build() }; + + public static List FederationEntities = new List + { + new FederationEntity + { + Id = Guid.NewGuid().ToString(), + IsSubordinate = false, + Realm = SimpleIdServer.IdServer.Constants.DefaultRealm, + Sub = "http://localhost:7000", + CreateDateTime = DateTime.UtcNow + } + }; } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Program.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/Program.cs index f7a104ff1..048e68192 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Program.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Program.cs @@ -17,29 +17,33 @@ using SimpleIdServer.Configuration; using SimpleIdServer.Did.Key; using SimpleIdServer.IdServer; +using SimpleIdServer.IdServer.Builders; using SimpleIdServer.IdServer.Console; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Domains.DTOs; using SimpleIdServer.IdServer.Email; using SimpleIdServer.IdServer.Fido; using SimpleIdServer.IdServer.Notification.Gotify; using SimpleIdServer.IdServer.Provisioning.LDAP; using SimpleIdServer.IdServer.Provisioning.SCIM; using SimpleIdServer.IdServer.Pwd; +using SimpleIdServer.IdServer.Seeding; using SimpleIdServer.IdServer.Sms; using SimpleIdServer.IdServer.Startup; using SimpleIdServer.IdServer.Startup.Configurations; using SimpleIdServer.IdServer.Startup.Converters; using SimpleIdServer.IdServer.Store.EF; +using SimpleIdServer.IdServer.Store.EF.Seeding; using SimpleIdServer.IdServer.Swagger; using SimpleIdServer.IdServer.TokenTypes; +using SimpleIdServer.IdServer.UI; using SimpleIdServer.IdServer.VerifiablePresentation; using SimpleIdServer.IdServer.WsFederation; using System; using System.Collections.Generic; using System.Linq; using System.Net; -using SimpleIdServer.IdServer.Seeding; -using SimpleIdServer.IdServer.Store.EF.Seeding; +using System.Threading.Tasks; const string SQLServerCreateTableFormat = "IF NOT EXISTS (SELECT * FROM sysobjects WHERE name='DistributedCache' and xtype='U') " + "CREATE TABLE [dbo].[DistributedCache] (" + @@ -93,12 +97,12 @@ ConfigureIdServer(builder.Services); ConfigureCentralizedConfiguration(builder); -// Uncomment these two lines to enable seed data from JSON file. -// builder.Services.AddJsonSeeding(builder.Configuration); -// builder.Services.AddEntitySeeders(typeof(UserEntitySeeder)); +// Delete these two lines or remove the JSON_SEEDS_FILE_PATH key/content from the configuration to disable seed data from JSON file. +builder.Services.AddJsonSeeding(builder.Configuration); +builder.Services.AddEntitySeeders(typeof(UserEntitySeeder)); var app = builder.Build(); -SeedData(app, identityServerConfiguration.SCIMBaseUrl); +await SeedData(app, identityServerConfiguration.SCIMBaseUrl); app.UseCors("AllowAll"); if (identityServerConfiguration.IsForwardedEnabled) { @@ -131,7 +135,8 @@ .UseFIDO() .UseSamlIdp() .UseGotifyNotification() - .UseAutomaticConfiguration(); + .UseAutomaticConfiguration() + .UseOpenidFederation(); app.Run(); @@ -182,6 +187,10 @@ void ConfigureIdServer(IServiceCollection services) m.AllowedCertificateTypes = CertificateTypes.All; m.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck; }); + }) + .AddOpenidFederation(o => + { + o.IsFederationEnabled = true; }); var isRealmEnabled = identityServerConfiguration.IsRealmEnabled; if (isRealmEnabled) idServerBuilder.UseRealm(); @@ -202,10 +211,12 @@ void ConfigureCentralizedConfiguration(WebApplicationBuilder builder) o.Add(); o.Add(); o.Add(); - o.Add(); + o.Add(); + o.Add(); o.Add(); o.Add(); o.Add(); + o.Add(); o.Add(); o.UseEFConnector(); }); @@ -305,7 +316,7 @@ void ConfigureDataProtection(IDataProtectionBuilder dataProtectionBuilder) dataProtectionBuilder.PersistKeysToDbContext(); } -void SeedData(WebApplication application, string scimBaseUrl) +async Task SeedData(WebApplication application, string scimBaseUrl) { using (var scope = app.Services.GetRequiredService().CreateScope()) { @@ -313,18 +324,12 @@ void SeedData(WebApplication application, string scimBaseUrl) { var isInMemory = dbContext.Database.IsInMemory(); if (!isInMemory) dbContext.Database.Migrate(); + + var masterRealm = dbContext.Realms.FirstOrDefault(r => r.Name == SimpleIdServer.IdServer.Constants.StandardRealms.Master.Name) ?? SimpleIdServer.IdServer.Constants.StandardRealms.Master; if (!dbContext.Realms.Any()) dbContext.Realms.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.Realms); - - if (!dbContext.Scopes.Any()) - dbContext.Scopes.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.Scopes); - - if (!dbContext.Users.Any()) - dbContext.Users.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.Users); - - if (!dbContext.Clients.Any()) - dbContext.Clients.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.Clients); - + var unsupportedScopes = MigrateScopes(dbContext, masterRealm); + MigrateClients(dbContext, unsupportedScopes); if (!dbContext.UmaPendingRequest.Any()) dbContext.UmaPendingRequest.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.PendingRequests); @@ -355,6 +360,8 @@ void SeedData(WebApplication application, string scimBaseUrl) if (!dbContext.RegistrationWorkflows.Any()) dbContext.RegistrationWorkflows.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.RegistrationWorkflows); + var groups = MigrateGroups(dbContext, masterRealm); + MigrateUsers(dbContext, groups.adminGroup, groups.adminRoGroup); if (!dbContext.SerializedFileKeys.Any()) { dbContext.SerializedFileKeys.Add(KeyGenerator.GenerateRSASigningCredentials(SimpleIdServer.IdServer.Constants.StandardRealms.Master, "rsa-1")); @@ -368,6 +375,9 @@ void SeedData(WebApplication application, string scimBaseUrl) if (!dbContext.PresentationDefinitions.Any()) dbContext.PresentationDefinitions.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.PresentationDefinitions); + if (!dbContext.FederationEntities.Any()) + dbContext.FederationEntities.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.FederationEntities); + if (!dbContext.Acrs.Any()) { dbContext.Acrs.Add(SimpleIdServer.IdServer.Constants.StandardAcrs.FirstLevelAssurance); @@ -417,18 +427,20 @@ void SeedData(WebApplication application, string scimBaseUrl) AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); - AddMissingConfigurationDefinition(dbContext); + AddMissingConfigurationDefinition(dbContext); + AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); + AddMissingConfigurationDefinition(dbContext); EnableIsolationLevel(dbContext); dbContext.SaveChanges(); - // Uncomment these two lines to enable seed data from an external resource like JSON file. - // ISeedStrategy seedingService = scope.ServiceProvider.GetService(); - // seedingService.SeedDataAsync().Wait(); + // Delete these two lines to disable seed data from an external resource like JSON file. + ISeedStrategy seedingService = scope.ServiceProvider.GetService(); + await seedingService.SeedDataAsync(); } void EnableIsolationLevel(StoreDbContext dbContext) @@ -504,5 +516,134 @@ void AddMissingAuthenticationSchemeProviders(StoreDbContext dbContext) } } } + + List MigrateScopes(StoreDbContext dbContext, Realm masterRealm) + { + var allScopeNames = dbContext.Scopes.Select(s => s.Name); + var unsupportedScopes = SimpleIdServer.IdServer.Startup.IdServerConfiguration.Scopes.Where(s => !allScopeNames.Contains(s.Name)); + foreach (var scope in unsupportedScopes) + scope.Realms = new List + { + masterRealm + }; + dbContext.Scopes.AddRange(unsupportedScopes); + return unsupportedScopes.ToList(); + } + + void MigrateClients(StoreDbContext dbContext, List unsupportedScopes) + { + var confClientIds = SimpleIdServer.IdServer.Startup.IdServerConfiguration.Clients.Select(c => c.ClientId); + var allClientIds = dbContext.Clients.Select(s => s.ClientId); + var unknownClients = SimpleIdServer.IdServer.Startup.IdServerConfiguration.Clients.Where(c => !allClientIds.Contains(c.ClientId)); + var knownClients = dbContext.Clients + .Include(c => c.Scopes) + .Where(c => confClientIds.Contains(c.ClientId)); + foreach (var unknownClient in unknownClients) + dbContext.Clients.Add(unknownClient); + foreach (var knownClient in knownClients) + { + var cl = SimpleIdServer.IdServer.Startup.IdServerConfiguration.Clients.Single(c => c.ClientId == knownClient.ClientId); + foreach (var scope in cl.Scopes) + { + if (!knownClient.Scopes.Any(s => s.Name == scope.Name)) + { + var existingScope = dbContext.Scopes.SingleOrDefault(s => s.Name == scope.Name) ?? unsupportedScopes.Single(s => s.Name == scope.Name); + knownClient.Scopes.Add(existingScope); + } + } + } + } + + (Group adminGroup, Group adminRoGroup) MigrateGroups(StoreDbContext dbContext, Realm masterRealm) + { + var admGroup = dbContext.Groups.Include(g => g.Realms) + .Include(g => g.Roles) + .FirstOrDefault(g => g.Name == SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorGroup.Name); + var admRoGroup = dbContext.Groups.Include(g => g.Realms) + .Include(g => g.Roles) + .FirstOrDefault(g => g.Name == SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorReadonlyGroup.Name); + if (admGroup == null) + { + admGroup = SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorGroup; + admGroup.Realms = new List(); + masterRealm.Groups.Add(new GroupRealm + { + Group = admGroup + }); + } + + if (admRoGroup == null) + { + admRoGroup = SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorReadonlyGroup; + admRoGroup.Realms = new List(); + masterRealm.Groups.Add(new GroupRealm + { + Group = admRoGroup + }); + } + + var scopes = RealmRoleBuilder.BuildAdministrativeRole(masterRealm); + var allScopeNames = dbContext.Scopes.Select(s => s.Name); + var unknownScopes = scopes.Where(s => !allScopeNames.Contains(s.Name)); + dbContext.Scopes.AddRange(unknownScopes); + foreach (var scope in unknownScopes) + { + if (!admGroup.Roles.Any(r => r.Name == scope.Name)) + admGroup.Roles.Add(scope); + } + + foreach (var scope in unknownScopes.Where(s => s.Action == ComponentActions.View)) + { + if (!admRoGroup.Roles.Any(r => r.Name == scope.Name)) + admRoGroup.Roles.Add(scope); + } + + var existingAdministratorRole = dbContext.Scopes.FirstOrDefault(s => s.Name == SimpleIdServer.IdServer.Constants.StandardScopes.WebsiteAdministratorRole.Name); + if (existingAdministratorRole == null) + { + existingAdministratorRole = SimpleIdServer.IdServer.Constants.StandardScopes.WebsiteAdministratorRole; + existingAdministratorRole.Realms.Clear(); + existingAdministratorRole.Realms.Add(masterRealm); + dbContext.Scopes.Add(existingAdministratorRole); + } + + if (!admGroup.Roles.Any(r => r.Name == SimpleIdServer.IdServer.Constants.StandardScopes.WebsiteAdministratorRole.Name)) + admGroup.Roles.Add(existingAdministratorRole); + + return (admGroup, admRoGroup); + } + + void MigrateUsers(StoreDbContext dbContext, Group adminGroup, Group adminRoGroup) + { + var isUserExists = dbContext.Users + .Any(c => c.Name == "user"); + var existingAdministratorUser = dbContext.Users + .Include(u => u.Groups).ThenInclude(u => u.Group) + .FirstOrDefault(u => u.Name == SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorUser.Name); + var existingAdministratorRoUser = dbContext.Users + .Include(u => u.Groups).ThenInclude(u => u.Group) + .FirstOrDefault(u => u.Name == SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorReadonlyUser.Name); + if (!isUserExists) + dbContext.Users.Add(UserBuilder.Create("user", "password", "User").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").Build()); + if (existingAdministratorRoUser == null) + dbContext.Users.Add(SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorReadonlyUser); + else if (!existingAdministratorRoUser.Groups.Any(g => g.Group.Name == SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorReadonlyGroup.Name)) + { + existingAdministratorRoUser.Groups.Add(new GroupUser + { + Group = adminRoGroup + }); + } + + if (existingAdministratorUser == null) + dbContext.Users.Add(SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorUser); + else if(!existingAdministratorUser.Groups.Any(g => g.Group.Name == SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorGroup.Name)) + { + existingAdministratorUser.Groups.Add(new GroupUser + { + Group = adminGroup + }); + } + } } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.Designer.cs index 85cf58286..1bdb2de9f 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.Designer.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.Designer.cs @@ -167,5 +167,14 @@ public static string title { return ResourceManager.GetString("title", resourceCulture); } } + + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.resx b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.resx index 7684eb17f..0ac144aeb 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.resx +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.resx @@ -153,4 +153,7 @@ Authenticate + + User account is blocked + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.Designer.cs index c3793e47f..581c26ee5 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.Designer.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.Designer.cs @@ -240,6 +240,15 @@ public static string unknown_user { } } + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à User with the same name already exists. /// diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.resx b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.resx index a397ad6ec..a249989a6 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.resx +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.resx @@ -177,6 +177,9 @@ The given email does not correspond to any user + + User account is blocked + User with the same name already exists diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.Designer.cs index 66aec3028..4d7c66b7b 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.Designer.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.Designer.cs @@ -239,5 +239,14 @@ public static string user_already_exists { return ResourceManager.GetString("user_already_exists", resourceCulture); } } + + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.resx b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.resx index a484a120c..f2554b10d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.resx +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.resx @@ -177,4 +177,7 @@ User with same login already exists + + User account is blocked + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.Designer.cs index f7042cd03..a9ca775af 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.Designer.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.Designer.cs @@ -221,5 +221,14 @@ public static string unknown_user { return ResourceManager.GetString("unknown_user", resourceCulture); } } + + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.resx b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.resx index 61889b61e..21044ba94 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.resx +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.resx @@ -171,4 +171,7 @@ The given login does not correspond to any user + + User account is blocked + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.Designer.cs index 2366cf167..0b91936e3 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.Designer.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.Designer.cs @@ -203,5 +203,14 @@ public static string unknown_user { return ResourceManager.GetString("unknown_user", resourceCulture); } } + + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.resx b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.resx index 4b6c78595..2e1d091e2 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.resx +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.resx @@ -165,4 +165,7 @@ The user doesn't exist + + User account is blocked + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.Designer.cs index c4b6ec5b5..b8b81d8b7 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.Designer.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.Designer.cs @@ -204,6 +204,15 @@ public static string unknown_user { } } + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à User with the same name already exists. /// diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.resx b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.resx index 99abff959..4f5d82432 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.resx +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.resx @@ -165,6 +165,9 @@ The given phone number does not correspond to any user + + User account is blocked + User with the same name already exists diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.Designer.cs index 46e95e8df..670b844c4 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.Designer.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.Designer.cs @@ -221,5 +221,14 @@ public static string user_already_exists { return ResourceManager.GetString("user_already_exists", resourceCulture); } } + + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.resx b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.resx index 2eeb5bbf7..d7bff20c8 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.resx +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.resx @@ -171,4 +171,7 @@ User with same login already exists + + User account is blocked + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/Seed.json b/src/IdServer/SimpleIdServer.IdServer.Startup/Seed.json index f59a0bc2c..3393267e6 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/Seed.json +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/Seed.json @@ -1,15 +1,31 @@ { + "Realms": [ + { + "Name": "testing" + } + ], + "Scopes": [ + { + "Name": "testing_scope", + "Type": "APIRESOURCE", + "Protocol": "OAUTH", + "Description": "Access to view the home page", + "IsExposedInConfigurationEdp": true, + "Realm": "testing" + } + ], "Users": [ { - "Login": "user2", + "Login": "user-seeded-testing", "Password": "password", "FirstName": "User", - "LastName": "2", - "Email": "user2@email.com", - "Roles": ["user", "local"] + "LastName": "Seeded Testing", + "Email": "user-seeded-testing@email.com", + "Roles": [ "user", "local" ], + "Realm": "testing" }, { - "Login": "user3", + "Login": "user-seeded-master", "Password": "password" } ] diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/SimpleIdServer.IdServer.Startup.csproj b/src/IdServer/SimpleIdServer.IdServer.Startup/SimpleIdServer.IdServer.Startup.csproj index ee4e4815e..302c76263 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/SimpleIdServer.IdServer.Startup.csproj +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/SimpleIdServer.IdServer.Startup.csproj @@ -10,6 +10,7 @@ + diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/appsettings.Docker.json b/src/IdServer/SimpleIdServer.IdServer.Startup/appsettings.Docker.json index 78eff2c49..6dcdd9e24 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/appsettings.Docker.json +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/appsettings.Docker.json @@ -73,10 +73,13 @@ "ResetPasswordLinkExpirationInSeconds": "30", "CanResetPassword": "true" }, - "FidoOptions": { + "MobileOptions": { "U2FExpirationTimeInSeconds": "300", "IsDeveloperModeEnabled": false }, + "WebauthnOptions": { + "U2FExpirationTimeInSeconds": "300" + }, "IdServerConsoleOptions": { "Message": "The confirmation code is {0}", "OTPType": "TOTP", @@ -93,5 +96,9 @@ }, "IdServerVpOptions": { + }, + "UserLockingOptions": { + "LockTimeInSeconds": "300", + "MaxLoginAttempts": "5" } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Startup/appsettings.json b/src/IdServer/SimpleIdServer.IdServer.Startup/appsettings.json index e3c682ad9..48ce1c13f 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Startup/appsettings.json +++ b/src/IdServer/SimpleIdServer.IdServer.Startup/appsettings.json @@ -89,10 +89,13 @@ "ResetPasswordLinkExpirationInSeconds": "30", "CanResetPassword": "true" }, - "FidoOptions": { + "MobileOptions": { "U2FExpirationTimeInSeconds": "300", "IsDeveloperModeEnabled": false }, + "WebauthnOptions": { + "U2FExpirationTimeInSeconds": "300" + }, "IdServerConsoleOptions": { "Message": "The confirmation code is {0}", "OTPType": "TOTP", @@ -109,6 +112,10 @@ }, "IdServerVpOptions": { + }, + "UserLockingOptions": { + "LockTimeInSeconds": "300", + "MaxLoginAttempts": "5" }, "JSON_SEEDS_FILE_PATH": "Seed.json" } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ApiResourceRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ApiResourceRepository.cs index 33b7a2c96..73faa9b5d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ApiResourceRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ApiResourceRepository.cs @@ -4,6 +4,7 @@ using Microsoft.EntityFrameworkCore; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Linq.Dynamic.Core; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuditEventRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuditEventRepository.cs index c3cdfaaf5..306def9af 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuditEventRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuditEventRepository.cs @@ -5,6 +5,7 @@ using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Events; using SimpleIdServer.IdServer.ExternalEvents; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Linq.Dynamic.Core; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuthenticationSchemeProviderDefinitionRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuthenticationSchemeProviderDefinitionRepository.cs index 31c115820..3133c5a2f 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuthenticationSchemeProviderDefinitionRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuthenticationSchemeProviderDefinitionRepository.cs @@ -15,6 +15,11 @@ public AuthenticationSchemeProviderDefinitionRepository(StoreDbContext dbContext _dbContext= dbContext; } + public void Add(AuthenticationSchemeProviderDefinition definition) + { + _dbContext.AuthenticationSchemeProviderDefinitions.Add(definition); + } + public Task Get(string name, CancellationToken cancellationToken) { return _dbContext.AuthenticationSchemeProviderDefinitions.SingleOrDefaultAsync(a => a.Name == name, cancellationToken); diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuthenticationSchemeProviderRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuthenticationSchemeProviderRepository.cs index 782edee8b..20be8e2c9 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuthenticationSchemeProviderRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/AuthenticationSchemeProviderRepository.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.EntityFrameworkCore; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Linq.Dynamic.Core; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ClientCertificateAuthorityRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ClientCertificateAuthorityRepository.cs index 85753c99e..b2d141dac 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ClientCertificateAuthorityRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ClientCertificateAuthorityRepository.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.EntityFrameworkCore; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Linq.Dynamic.Core; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ClientRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ClientRepository.cs index 86e8dec67..0cb09e6ec 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ClientRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ClientRepository.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.EntityFrameworkCore; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Linq.Dynamic.Core; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ConfigurationDefinitionStore.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ConfigurationDefinitionStore.cs index afd5d112e..738281ef7 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ConfigurationDefinitionStore.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ConfigurationDefinitionStore.cs @@ -15,6 +15,11 @@ public ConfigurationDefinitionStore(StoreDbContext dbContext) _dbContext = dbContext; } + public void Add(ConfigurationDefinition configurationDefinition) + { + _dbContext.Definitions.Add(configurationDefinition); + } + public Task> GetAll(CancellationToken cancellationToken) => _dbContext.Definitions.Include(c => c.Records).ThenInclude(r => r.Values).ThenInclude(r => r.Translations) .Include(c => c.Records).ThenInclude(r => r.Translations) diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/Configurations/ClientConfiguration.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Configurations/ClientConfiguration.cs index b73a1eacf..905443e1e 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/Configurations/ClientConfiguration.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Configurations/ClientConfiguration.cs @@ -11,6 +11,9 @@ public class ClientConfiguration : IEntityTypeConfiguration public void Configure(EntityTypeBuilder builder) { builder.HasKey(c => c.Id); + builder.Property(a => a.ClientRegistrationTypesSupported).HasConversion( + v => string.Join(',', v), + v => v.Split(',', StringSplitOptions.None).ToList()); builder.Property(a => a.GrantTypes).HasConversion( v => string.Join(',', v), v => v.Split(',', StringSplitOptions.None).ToList()); @@ -32,6 +35,9 @@ public void Configure(EntityTypeBuilder builder) builder.Property(a => a.AuthorizationDataTypes).HasConversion( v => string.Join(',', v), v => v.Split(',', StringSplitOptions.None).ToList()); + builder.Property(a => a.SubjectSyntaxTypesSupported).HasConversion( + v => string.Join(',', v), + v => v.Split(',', StringSplitOptions.None).ToList()); builder.HasMany(c => c.Translations).WithOne().OnDelete(DeleteBehavior.Cascade); builder.HasMany(c => c.SerializedJsonWebKeys).WithOne().OnDelete(DeleteBehavior.Cascade); builder.HasMany(c => c.DeviceAuthCodes).WithOne(a => a.Client).OnDelete(DeleteBehavior.Cascade); diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/Configurations/FederationEntityConfiguration.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Configurations/FederationEntityConfiguration.cs new file mode 100644 index 000000000..9b966e8e9 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Configurations/FederationEntityConfiguration.cs @@ -0,0 +1,16 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Metadata.Builders; +using SimpleIdServer.OpenidFederation.Domains; + +namespace SimpleIdServer.IdServer.Store.EF.Configurations; + +public class FederationEntityConfiguration : IEntityTypeConfiguration +{ + public void Configure(EntityTypeBuilder builder) + { + builder.HasKey(e => e.Id); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/Configurations/MessageBusErrorMessageConfiguration.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Configurations/MessageBusErrorMessageConfiguration.cs new file mode 100644 index 000000000..5fa1c37eb --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Configurations/MessageBusErrorMessageConfiguration.cs @@ -0,0 +1,18 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Metadata.Builders; +using SimpleIdServer.IdServer.Domains; + +namespace SimpleIdServer.IdServer.Store.EF.Configurations; + +public class MessageBusErrorMessageConfiguration : IEntityTypeConfiguration +{ + public void Configure(EntityTypeBuilder builder) + { + builder.HasKey(m => m.Id); + builder.Property(a => a.Exceptions).HasConversion( + v => string.Join(',', v), + v => v.Split(',', StringSplitOptions.None).ToList()); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/DeviceAuthCodeRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/DeviceAuthCodeRepository.cs index 5b1a21e92..4b404150d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/DeviceAuthCodeRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/DeviceAuthCodeRepository.cs @@ -29,8 +29,6 @@ public Task GetByUserCode(string userCode, CancellationToken can public void Add(DeviceAuthCode deviceAuthCode) => _dbContext.DeviceAuthCodes.Add(deviceAuthCode); - public Task SaveChanges(CancellationToken cancellationToken) => _dbContext.SaveChangesAsync(cancellationToken); - public void Update(DeviceAuthCode deviceAuthCode) { } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/FederationEntityStore.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/FederationEntityStore.cs new file mode 100644 index 000000000..70f741489 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/FederationEntityStore.cs @@ -0,0 +1,77 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.EntityFrameworkCore; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.OpenidFederation.Domains; +using SimpleIdServer.OpenidFederation.Stores; +using System.Linq.Dynamic.Core; + +namespace SimpleIdServer.IdServer.Store.EF; + +public class FederationEntityStore : IFederationEntityStore +{ + private readonly StoreDbContext _dbContext; + + public FederationEntityStore(StoreDbContext dbContext) + { + _dbContext = dbContext; + } + + public Task GetSubordinate(string sub, string realm, CancellationToken cancellationToken) + { + return _dbContext.FederationEntities.FirstOrDefaultAsync(r => r.Sub == sub && r.Realm == realm && r.IsSubordinate == true, cancellationToken); + } + + public Task> GetAllSubordinates(string realm, CancellationToken cancellationToken) + { + return _dbContext.FederationEntities.Where(f => f.Realm == realm && f.IsSubordinate == true).ToListAsync(cancellationToken); + } + + public Task> GetAllAuthorities(string realm, CancellationToken cancellationToken) + { + return _dbContext.FederationEntities.Where(f => f.Realm == realm && f.IsSubordinate == false).ToListAsync(cancellationToken); + } + + public void Add(FederationEntity federationEntity) + { + _dbContext.FederationEntities.Add(federationEntity); + } + + public Task GetByUrl(string realm, string url, CancellationToken cancellationToken) + { + return _dbContext.FederationEntities.SingleOrDefaultAsync(f => f.Sub == url && f.Realm == realm, cancellationToken); + } + + public async Task> Search(string realm, SearchRequest request, CancellationToken cancellationToken) + { + IQueryable query = _dbContext.FederationEntities + .Where(p => p.Realm == realm) + .AsNoTracking(); + if (!string.IsNullOrWhiteSpace(request.Filter)) + query = query.Where(request.Filter); + + if (!string.IsNullOrWhiteSpace(request.OrderBy)) + query = query.OrderBy(request.OrderBy); + else + query = query.OrderByDescending(r => r.CreateDateTime); + + var nb = query.Count(); + var federationEntities = await query.Skip(request.Skip.Value).Take(request.Take.Value).ToListAsync(); + return new SearchResult + { + Count = nb, + Content = federationEntities + }; + } + + public Task Get(string id, CancellationToken cancellationToken) + { + return _dbContext.FederationEntities.SingleOrDefaultAsync(e => e.Id == id, cancellationToken); + } + + public void Remove(FederationEntity federationEntity) + { + _dbContext.FederationEntities.Remove(federationEntity); + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/GroupRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/GroupRepository.cs index 66b4a47f8..98c350e62 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/GroupRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/GroupRepository.cs @@ -4,6 +4,7 @@ using Microsoft.EntityFrameworkCore; using SimpleIdServer.IdServer.Api.Groups; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Linq.Dynamic.Core; @@ -45,7 +46,7 @@ public Task Get(string realm, string id, CancellationToken cancellationTo => _dbContext.Groups .Include(c => c.Realms) .Include(c => c.Children) - .Include(c => c.Roles) + .Include(c => c.Roles).ThenInclude(c => c.Realms) .SingleOrDefaultAsync(g => g.Realms.Any(r => r.RealmsName == realm) && g.Id == id, cancellationToken); public Task GetByStrictFullPath(string realm, string fullPath, CancellationToken cancellationToken) @@ -62,7 +63,7 @@ public Task> GetAllByFullPath(string realm, string fullPath, Cancell public Task> GetAllByStrictFullPath(string realm, List fullPathLst, CancellationToken cancellationToken) => _dbContext.Groups - .Include(g => g.Roles) + .Include(g => g.Roles).ThenInclude(r => r.Realms) .Include(c => c.Realms) .Where(g => fullPathLst.Contains(g.FullPath) && g.Realms.Any(r => r.RealmsName == realm)) .ToListAsync(cancellationToken); diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/IdServerInMemoryStoreBuilder.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/IdServerInMemoryStoreBuilder.cs index 71523fdf2..0dcb06e5a 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/IdServerInMemoryStoreBuilder.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/IdServerInMemoryStoreBuilder.cs @@ -4,6 +4,7 @@ using Microsoft.IdentityModel.Tokens; using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.OpenidFederation.Domains; namespace SimpleIdServer.IdServer.Store.EF; @@ -196,6 +197,17 @@ public IdServerInMemoryStoreBuilder AddInMemoryDeviceCodes(ICollection federationEntities) + { + var storeDbContext = _serviceProvider.GetService(); + if (!storeDbContext.FederationEntities.Any()) + { + storeDbContext.FederationEntities.AddRange(federationEntities); + } + + return this; + } + public IdServerInMemoryStoreBuilder AddInMemoryKeys(Domains.Realm realm, ICollection signingCredentials, ICollection encryptingCredentials) { var storeDbContext = _serviceProvider.GetService(); diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/IdentityProvisioningStore.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/IdentityProvisioningStore.cs index 11bf539fb..de198376f 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/IdentityProvisioningStore.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/IdentityProvisioningStore.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.EntityFrameworkCore; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Linq.Dynamic.Core; @@ -55,6 +56,11 @@ public void Update(IdentityProvisioning identityProvisioning) } + public void Add(IdentityProvisioningDefinition identityProvisioningDefinition) + { + _dbContext.IdentityProvisioningDefinitions.Add(identityProvisioningDefinition); + } + public void Update(IdentityProvisioningDefinition identityProvisioningDefinition) { diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/KeyValueRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/KeyValueRepository.cs index 4af6896b2..faac00cea 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/KeyValueRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/KeyValueRepository.cs @@ -27,9 +27,9 @@ public Task Get(string key, CancellationToken c => _dbContext.ConfigurationKeyPairValueRecords.SingleOrDefaultAsync(c => c.Name == key, cancellationToken); public Task> GetAll(CancellationToken cancellationToken) - => _dbContext.ConfigurationKeyPairValueRecords.ToListAsync(cancellationToken); - - public Task SaveChanges(CancellationToken cancellationToken) - => _dbContext.SaveChangesAsync(cancellationToken); + { + if (!_dbContext.Database.IsInMemory() && _dbContext.Database.GetPendingMigrations().Any()) return Task.FromResult(new List()); + return _dbContext.ConfigurationKeyPairValueRecords.ToListAsync(cancellationToken); + } } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/LanguageRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/LanguageRepository.cs index 56695caf7..8ee2dd8f3 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/LanguageRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/LanguageRepository.cs @@ -16,6 +16,11 @@ public LanguageRepository(StoreDbContext dbContext) _dbContext = dbContext; } + public void Add(Language language) + { + _dbContext.Languages.Add(language); + } + public async Task> GetAll(CancellationToken cancellationToken) { var languages = await _dbContext.Languages.ToListAsync(cancellationToken); diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/MessageBusErrorStore.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/MessageBusErrorStore.cs new file mode 100644 index 000000000..b39b2768e --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/MessageBusErrorStore.cs @@ -0,0 +1,35 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.EntityFrameworkCore; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Stores; + +namespace SimpleIdServer.IdServer.Store.EF +{ + public class MessageBusErrorStore : IMessageBusErrorStore + { + private readonly StoreDbContext _dbContext; + + public MessageBusErrorStore(StoreDbContext dbContext) + { + _dbContext = dbContext; + } + + public void Add(MessageBusErrorMessage message) + { + _dbContext.MessageBusErrorMessages.Add(message); + } + + public void Delete(MessageBusErrorMessage message) + { + _dbContext.MessageBusErrorMessages.Remove(message); + } + + public Task Get(string id, CancellationToken cancellationToken) + => _dbContext.MessageBusErrorMessages.SingleOrDefaultAsync(m => m.Id == id, cancellationToken); + + public Task> GetAllByExternalId(List externalIds, CancellationToken cancellationToken) => + _dbContext.MessageBusErrorMessages.Where(m => externalIds.Contains(m.ExternalId)).ToListAsync(cancellationToken); + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/PresentationDefinitionStore.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/PresentationDefinitionStore.cs index b8f16990e..4a7167e1d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/PresentationDefinitionStore.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/PresentationDefinitionStore.cs @@ -16,6 +16,11 @@ public PresentationDefinitionStore(StoreDbContext dbContext) _dbContext = dbContext; } + public void Add(PresentationDefinition presentationDefinition) + { + _dbContext.PresentationDefinitions.Add(presentationDefinition); + } + public Task> GetAll(string realm, CancellationToken cancellationToken) { var result = _dbContext.PresentationDefinitions diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ScopeRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ScopeRepository.cs index ebf115149..366829611 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ScopeRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ScopeRepository.cs @@ -3,6 +3,7 @@ using Microsoft.EntityFrameworkCore; using SimpleIdServer.IdServer.Api.Scopes; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Linq.Dynamic.Core; @@ -17,6 +18,15 @@ public ScopeRepository(StoreDbContext dbContext) _dbContext = dbContext; } + public Task> Get(List ids, CancellationToken cancellationToken) + { + return _dbContext.Scopes + .Include(s => s.Realms) + .Include(s => s.ClaimMappers) + .Where(s => ids.Contains(s.Id)) + .ToListAsync(cancellationToken); + } + public Task Get(string realm, string id, CancellationToken cancellationToken) { return _dbContext.Scopes @@ -59,6 +69,14 @@ public Task> GetAll(string realm, List scopeNames, Cancellat .ToListAsync(cancellationToken); } + public Task> GetAllRealmScopes(string realm, CancellationToken cancellationToken) + { + return _dbContext.Scopes + .Include(s => s.Realms) + .Where(s => s.Component != null && s.Realms.Any(r => r.Name == realm)) + .ToListAsync(cancellationToken); + } + public async Task> Search(string realm, SearchScopeRequest request, CancellationToken cancellationToken) { var query = _dbContext.Scopes diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/Seeding/RealmEntitySeeder.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Seeding/RealmEntitySeeder.cs new file mode 100644 index 000000000..b50294f82 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Seeding/RealmEntitySeeder.cs @@ -0,0 +1,55 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license informa +using Microsoft.EntityFrameworkCore; +using Microsoft.Extensions.Logging; +using SimpleIdServer.IdServer.Builders; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Seeding; + +namespace SimpleIdServer.IdServer.Store.EF.Seeding; + +/// +/// Implements the method that allows to seed records of realms. +/// +public class RealmEntitySeeder : IEntitySeeder +{ + private readonly ILogger _logger; + private readonly StoreDbContext _storeDbContext; + + public RealmEntitySeeder(ILogger logger, StoreDbContext storeDbContext) + { + _logger = logger; + _storeDbContext = storeDbContext; + } + + public async Task SeedAsync(IReadOnlyCollection records, CancellationToken cancellationToken = default) + { + string[] dbRealmNames = await _storeDbContext.Realms.Select(r => r.Name.ToUpper()) + .ToArrayAsync(cancellationToken); + + RealmSeedDto[] realmsNotInDb = (from r in records + join ln in dbRealmNames on r.Name.ToUpper() equals ln + into qry + from l_join in qry.DefaultIfEmpty() + where l_join == null + select r).ToArray(); + + if (realmsNotInDb.Length > 0) + { + var realmsToCreate = new List(); + + foreach (var realm in realmsNotInDb) + { + string description = !string.IsNullOrEmpty(realm.Description) ? realm.Description : realm.Name; + RealmBuilder builder = RealmBuilder.Create(realm.Name, description); + + realmsToCreate.Add(builder.Build()); + } + + await _storeDbContext.Realms.AddRangeAsync(realmsToCreate, cancellationToken); + await _storeDbContext.SaveChangesAsync(cancellationToken); + } + + _logger.LogInformation("{count} realms seeded.", realmsNotInDb.Length); + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/Seeding/ScopeEntitySeeder.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Seeding/ScopeEntitySeeder.cs new file mode 100644 index 000000000..db7e5f6a3 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Seeding/ScopeEntitySeeder.cs @@ -0,0 +1,80 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license informa +using Microsoft.EntityFrameworkCore; +using Microsoft.Extensions.Logging; +using SimpleIdServer.IdServer.Builders; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Seeding; + +namespace SimpleIdServer.IdServer.Store.EF.Seeding +{ + /// + /// Implements the method that allows to seed records of scopes. + /// + public class ScopeEntitySeeder : IEntitySeeder + { + private readonly ILogger _logger; + private readonly StoreDbContext _storeDbContext; + + public ScopeEntitySeeder(ILogger logger, StoreDbContext storeDbContext) + { + _logger = logger; + _storeDbContext = storeDbContext; + } + + public async Task SeedAsync(IReadOnlyCollection records, CancellationToken cancellationToken = default) + { + string[] dbScopeNames = await _storeDbContext.Scopes.Select(u => u.Name.ToUpper()) + .ToArrayAsync(cancellationToken); + + ScopeSeedDto[] scopesNotInDb = (from r in records + join ln in dbScopeNames on r.Name.ToUpper() equals ln + into qry + from l_join in qry.DefaultIfEmpty() + where l_join == null + select r).ToArray(); + + if (scopesNotInDb.Length > 0) + { + var scopesToCreate = new List(); + + foreach (ScopeSeedDto scope in scopesNotInDb) + { + Realm? realm = null; + + if (!string.IsNullOrEmpty(scope.Realm)) + { + realm = await _storeDbContext.Realms + .FirstOrDefaultAsync(r => r.Name.ToUpper() == scope.Realm.ToUpper(), cancellationToken); + } + + ScopeBuilder builder = ScopeBuilder.Create(scope.Name, scope.IsExposedInConfigurationEdp, realm) + .SetDescription(scope.Description) + .SetComponent(scope.Component); + + if (!string.IsNullOrEmpty(scope.Type) && Enum.TryParse(scope.Type, out ScopeTypes type)) + { + builder.SetType(type); + } + + if (!string.IsNullOrEmpty(scope.Protocol) && Enum.TryParse(scope.Protocol, out ScopeProtocols protocol)) + { + builder.SetProtocol(protocol); + } + + if (!string.IsNullOrEmpty(scope.ComponentAction) && Enum.TryParse(scope.ComponentAction, out ComponentActions componentAction)) + { + builder.SetComponentAction(componentAction); + } + + scopesToCreate.Add(builder.Build()); + } + + await _storeDbContext.Scopes.AddRangeAsync(scopesToCreate, cancellationToken); + await _storeDbContext.SaveChangesAsync(cancellationToken); + } + + _logger.LogInformation("{count} scopes seeded.", scopesNotInDb.Length); + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/Seeding/UserEntitySeeder.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Seeding/UserEntitySeeder.cs index 58641043b..4676213e1 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/Seeding/UserEntitySeeder.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/Seeding/UserEntitySeeder.cs @@ -38,13 +38,21 @@ from l_join in qry.DefaultIfEmpty() { var usersToCreate = new List(); - foreach (var user in usersNotInDb) + foreach (UserSeedDto user in usersNotInDb) { - var builder = UserBuilder.Create(user.Login, user.Password, user.FirstName) + Realm? realm = null; + + if (!string.IsNullOrEmpty(user.Realm)) + { + realm = await _storeDbContext.Realms + .FirstOrDefaultAsync(r => r.Name.ToUpper() == user.Realm.ToUpper(), cancellationToken); + } + + UserBuilder builder = UserBuilder.Create(user.Login, user.Password, user.FirstName, realm) .SetLastname(user.LastName) .SetEmail(user.Email); - foreach (var role in user.Roles) { builder.AddRole(role); } + foreach (string role in user.Roles) { builder.AddRole(role); } usersToCreate.Add(builder.Build()); } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ServiceCollectionExtensions.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ServiceCollectionExtensions.cs index 4b12aaace..25adaaccf 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/ServiceCollectionExtensions.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/ServiceCollectionExtensions.cs @@ -3,6 +3,7 @@ using Microsoft.EntityFrameworkCore; using SimpleIdServer.IdServer.Store.EF; using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.OpenidFederation.Stores; namespace Microsoft.Extensions.DependencyInjection { @@ -56,7 +57,9 @@ private static void RegisterDepedencies(IServiceCollection services) services.AddTransient(); services.AddTransient(); services.AddTransient(); + services.AddTransient(); services.AddTransient(); + services.AddTransient(); } } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/SimpleIdServer.IdServer.Store.EF.csproj b/src/IdServer/SimpleIdServer.IdServer.Store.EF/SimpleIdServer.IdServer.Store.EF.csproj index 331c47cb2..5ce6327ad 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/SimpleIdServer.IdServer.Store.EF.csproj +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/SimpleIdServer.IdServer.Store.EF.csproj @@ -14,5 +14,6 @@ + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/StoreDbContext.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/StoreDbContext.cs index cc15daf17..88daa1112 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/StoreDbContext.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/StoreDbContext.cs @@ -4,6 +4,8 @@ using Microsoft.EntityFrameworkCore; using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Store.Configurations; +using SimpleIdServer.IdServer.Store.EF.Configurations; +using SimpleIdServer.OpenidFederation.Domains; namespace SimpleIdServer.IdServer.Store.EF { @@ -48,6 +50,8 @@ public StoreDbContext(DbContextOptions options) : base(options) public DbSet GroupUser { get; set; } public DbSet GotifySessions { get; set; } public DbSet PresentationDefinitions { get; set; } + public DbSet MessageBusErrorMessages { get; set; } + public DbSet FederationEntities { get; set; } protected override void OnModelCreating(ModelBuilder builder) { @@ -108,6 +112,8 @@ protected override void OnModelCreating(ModelBuilder builder) builder.ApplyConfiguration(new PresentationDefinitionFormatConfiguration()); builder.ApplyConfiguration(new PresentationDefinitionInputDescriptorConfiguration()); builder.ApplyConfiguration(new PresentationDefinitionInputDescriptorConstraintConfiguration()); + builder.ApplyConfiguration(new MessageBusErrorMessageConfiguration()); + builder.ApplyConfiguration(new FederationEntityConfiguration()); } } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/UserRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/UserRepository.cs index 52eb3c7fb..143419929 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/UserRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/UserRepository.cs @@ -3,6 +3,7 @@ using LinqToDB.EntityFrameworkCore; using Microsoft.EntityFrameworkCore; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Linq.Dynamic.Core; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.EF/UserSessionRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.EF/UserSessionRepository.cs index 812a30b2d..32fd7b72d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.EF/UserSessionRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.EF/UserSessionRepository.cs @@ -3,6 +3,7 @@ using Microsoft.EntityFrameworkCore; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Linq.Dynamic.Core; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ApiResourceRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ApiResourceRepository.cs index 6de547640..647be0c0e 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ApiResourceRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ApiResourceRepository.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using MassTransit.Initializers; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Store.SqlSugar.Models; using SimpleIdServer.IdServer.Stores; using SqlSugar; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuditEventRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuditEventRepository.cs index 2522a3088..5ea5ccb2d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuditEventRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuditEventRepository.cs @@ -3,6 +3,7 @@ using SimpleIdServer.IdServer.Api.Auditing; using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.ExternalEvents; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Store.SqlSugar.Models; using SimpleIdServer.IdServer.Stores; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuthenticationSchemeProviderDefinitionRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuthenticationSchemeProviderDefinitionRepository.cs index 128d0572c..e27467016 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuthenticationSchemeProviderDefinitionRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuthenticationSchemeProviderDefinitionRepository.cs @@ -16,6 +16,14 @@ public AuthenticationSchemeProviderDefinitionRepository(DbContext dbContext) _dbContext = dbContext; } + public void Add(AuthenticationSchemeProviderDefinition definition) + { + _dbContext.Client.InsertNav(SugarAuthenticationSchemeProviderDefinition.Transform(definition)) + .Include(d => d.AuthSchemeProviders).ThenInclude(d => d.Mappers) + .Include(d => d.AuthSchemeProviders).ThenInclude(d => d.Realms) + .ExecuteCommand(); + } + public async Task Get(string name, CancellationToken cancellationToken) { var result = await _dbContext.Client.Queryable() diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuthenticationSchemeProviderRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuthenticationSchemeProviderRepository.cs index 362ff8452..81d73f31e 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuthenticationSchemeProviderRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/AuthenticationSchemeProviderRepository.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Store.SqlSugar.Models; using SimpleIdServer.IdServer.Stores; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/CertificateAuthorityRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/CertificateAuthorityRepository.cs index 87cdd624d..7c4d08120 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/CertificateAuthorityRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/CertificateAuthorityRepository.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Store.SqlSugar.Models; using SimpleIdServer.IdServer.Stores; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ClientRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ClientRepository.cs index 46a490c03..9e0d177ad 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ClientRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ClientRepository.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Store.SqlSugar.Models; using SimpleIdServer.IdServer.Stores; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ConfigurationDefinitionStore.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ConfigurationDefinitionStore.cs index bb43db81c..6779bbb09 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ConfigurationDefinitionStore.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ConfigurationDefinitionStore.cs @@ -16,6 +16,14 @@ public ConfigurationDefinitionStore(DbContext dbContext) _dbContext = dbContext; } + public void Add(ConfigurationDefinition cnfigurationDefinition) + { + _dbContext.Client.InsertNav(SugarConfigurationDefinition.Transform(cnfigurationDefinition)) + .Include(c => c.ConfigurationDefinitionRecords).ThenInclude(c => c.Values).ThenInclude(c => c.Translations) + .Include(c => c.ConfigurationDefinitionRecords).ThenInclude(c => c.Translations) + .ExecuteCommand(); + } + public async Task> GetAll(CancellationToken cancellationToken) { var result = await _dbContext.Client.Queryable() diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/DbContext.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/DbContext.cs index 65542c4ac..72e54d6a9 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/DbContext.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/DbContext.cs @@ -22,6 +22,87 @@ public DbContext(IOptions options) public SimpleClient UserSessions { get; set; } public SimpleClient Users { get; set; } + public SqlSugarScope SqlSugarClient + { + get + { + return _client; + } + } + + public void Migrate() + { + _client.DbMaintenance.CreateDatabase(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + _client.CodeFirst.InitTables(); + } public SqlSugarScope Client { diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/DeviceAuthCodeRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/DeviceAuthCodeRepository.cs index 0509c4728..043868f3b 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/DeviceAuthCodeRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/DeviceAuthCodeRepository.cs @@ -44,11 +44,6 @@ public async Task GetByUserCode(string userCode, CancellationTok return result?.ToDomain(); } - public Task SaveChanges(CancellationToken cancellationToken) - { - throw new NotImplementedException(); - } - private static SugarDeviceAuthCode Transform(DeviceAuthCode authCode) { return new SugarDeviceAuthCode diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/GroupRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/GroupRepository.cs index bd399087d..e0575f8ae 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/GroupRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/GroupRepository.cs @@ -3,6 +3,7 @@ using SimpleIdServer.IdServer.Api.Groups; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Store.SqlSugar.Models; using SimpleIdServer.IdServer.Stores; @@ -80,7 +81,7 @@ public async Task> GetAllByFullPath(string realm, string id, string public async Task> GetAllByStrictFullPath(string realm, List fullPathLst, CancellationToken cancellationToken) { var result = await _dbContext.Client.Queryable() - .Includes(g => g.Roles) + .Includes(g => g.Roles, r => r.Realms) .Includes(c => c.Realms) .Where(g => fullPathLst.Contains(g.FullPath) && g.Realms.Any(r => r.RealmsName == realm)) .ToListAsync(cancellationToken); diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/IdentityProvisioningStore.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/IdentityProvisioningStore.cs index 65ad0416e..f116496e2 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/IdentityProvisioningStore.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/IdentityProvisioningStore.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Store.SqlSugar.Models; using SimpleIdServer.IdServer.Stores; using SqlSugar; @@ -47,6 +48,13 @@ public void Update(IdentityProvisioning identityProvisioning) .ExecuteCommand(); } + public void Add(IdentityProvisioningDefinition identityProvisioningDefinition) + { + _dbContext.Client.InsertNav(SugarIdentityProvisioningDefinition.Transform(identityProvisioningDefinition)) + .Include(c => c.MappingRules) + .ExecuteCommand(); + } + public void Update(IdentityProvisioningDefinition identityProvisioningDefinition) { _dbContext.Client.UpdateNav(SugarIdentityProvisioningDefinition.Transform(identityProvisioningDefinition)) diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/KeyValueRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/KeyValueRepository.cs index 324bae3bb..6a39589b4 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/KeyValueRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/KeyValueRepository.cs @@ -41,11 +41,6 @@ public async Task> GetAll(CancellationToke return result.Select(r => r.ToDomain()).ToList(); } - public Task SaveChanges(CancellationToken cancellationToken) - { - throw new NotImplementedException(); - } - private static SugarConfigurationKeyPairValueRecord Transform(ConfigurationKeyPairValueRecord keyValue) { return new SugarConfigurationKeyPairValueRecord diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/LanguageRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/LanguageRepository.cs index de8d217fe..49b0de341 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/LanguageRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/LanguageRepository.cs @@ -16,6 +16,11 @@ public LanguageRepository(DbContext dbContext) _dbContext = dbContext; } + public void Add(Language language) + { + _dbContext.Client.Insertable(SugarLanguage.Transform(language)).ExecuteCommand(); + } + public async Task> GetAll(CancellationToken cancellationToken) { var result = await _dbContext.Client.Queryable().ToListAsync(cancellationToken); diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/MessageBusErrorStore.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/MessageBusErrorStore.cs new file mode 100644 index 000000000..3198f4faa --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/MessageBusErrorStore.cs @@ -0,0 +1,44 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Store.SqlSugar.Models; +using SimpleIdServer.IdServer.Stores; + +namespace SimpleIdServer.IdServer.Store.SqlSugar; + +public class MessageBusErrorStore : IMessageBusErrorStore +{ + private readonly DbContext _dbContext; + + public MessageBusErrorStore(DbContext dbContext) + { + _dbContext = dbContext; + } + + public void Add(MessageBusErrorMessage message) + { + _dbContext.Client.Insertable(SugarMessageBusErrorMessage.Transform(message)) + .ExecuteCommand(); + } + + public void Delete(MessageBusErrorMessage message) + { + _dbContext.Client.Deleteable(SugarMessageBusErrorMessage.Transform(message)) + .ExecuteCommand(); + } + + public async Task Get(string id, CancellationToken cancellationToken) + { + var result = await _dbContext.Client.Queryable() + .SingleAsync(r => r.Id == id); + return result?.ToDomain(); + } + + public async Task> GetAllByExternalId(List externalIds, CancellationToken cancellationToken) + { + var result = await _dbContext.Client.Queryable() + .Where(r => externalIds.Contains(r.ExternalId)) + .ToListAsync(); + return result.Select(r => r.ToDomain()).ToList(); + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarApiResource.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarApiResource.cs index 031a20169..f692224b4 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarApiResource.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarApiResource.cs @@ -12,7 +12,9 @@ public class SugarApiResource [SugarColumn(IsPrimaryKey = true)] public string Id { get; set; } public string Name { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Audience { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Description { get; set; } = null; public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuditEvent.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuditEvent.cs index 96f9d016f..1afa30680 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuditEvent.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuditEvent.cs @@ -15,12 +15,18 @@ public class SugarAuditEvent public string Realm { get; set; } = null!; public bool IsError { get; set; } public string Description { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? ErrorMessage { get; set; } = null; public DateTime CreateDateTime { get; set; } + [SugarColumn(IsNullable = true)] public string? ClientId { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? UserName { get; set; } = null; + [SugarColumn(IsNullable = true, Length = 5000)] public string? RequestJSON { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? RedirectUrl { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? AuthMethod { get; set; } = null; public string Scopes { get; set; } = null!; public string Claims { get; set; } = null!; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationContextClassReference.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationContextClassReference.cs index 06190055e..bbc413ebe 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationContextClassReference.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationContextClassReference.cs @@ -16,6 +16,7 @@ public class SugarAuthenticationContextClassReference public string AuthenticationMethodReferences { get; set; } = null!; public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } + [SugarColumn(IsNullable = true)] public string? RegistrationWorkflowId { get; set; } [Navigate(NavigateType.ManyToOne, nameof(RegistrationWorkflowId))] public SugarRegistrationWorkflow? RegistrationWorkflow { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProvider.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProvider.cs index 6c2981cf1..5c5a8d68b 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProvider.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProvider.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.Extensions.Logging.Abstractions; using SimpleIdServer.IdServer.Domains; using SqlSugar; @@ -12,7 +13,9 @@ public class SugarAuthenticationSchemeProvider [SugarColumn(IsPrimaryKey = true)] public string Id { get; set; } = null!; public string Name { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? DisplayName { get; set; } + [SugarColumn(IsNullable = true)] public string? Description { get; set; } public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } @@ -24,6 +27,24 @@ public class SugarAuthenticationSchemeProvider [Navigate(NavigateType.ManyToOne, nameof(AuthSchemeProviderDefinitionName))] public SugarAuthenticationSchemeProviderDefinition AuthSchemeProviderDefinition { get; set; } + public static SugarAuthenticationSchemeProvider Transform(AuthenticationSchemeProvider provider) + { + return new SugarAuthenticationSchemeProvider + { + Id = provider.Id, + Name = provider.Name, + DisplayName = provider.DisplayName, + Description = provider.Description, + CreateDateTime = provider.CreateDateTime, + UpdateDateTime = provider.UpdateDateTime, + Mappers = provider.Mappers == null ? new List() : provider.Mappers.Select(m => SugarAuthenticationSchemeProviderMapper.Transform(m)).ToList(), + Realms = provider.Realms == null ? new List() : provider.Realms.Select(r => new SugarRealm + { + RealmsName = r.Name + }).ToList() + }; + } + public AuthenticationSchemeProvider ToDomain() { return new AuthenticationSchemeProvider diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProviderDefinition.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProviderDefinition.cs index 1c69bde5d..5d8ec96dd 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProviderDefinition.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProviderDefinition.cs @@ -11,10 +11,15 @@ public class SugarAuthenticationSchemeProviderDefinition { [SugarColumn(IsPrimaryKey = true)] public string Name { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Description { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Image { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? HandlerFullQualifiedName { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? OptionsFullQualifiedName { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? OptionsName { get; set; } = null; [Navigate(NavigateType.OneToMany, nameof(SugarAuthenticationSchemeProvider.AuthSchemeProviderDefinitionName))] public List AuthSchemeProviders { get; set; } @@ -31,4 +36,18 @@ public AuthenticationSchemeProviderDefinition ToDomain() OptionsName = OptionsName }; } + + public static SugarAuthenticationSchemeProviderDefinition Transform(AuthenticationSchemeProviderDefinition def) + { + return new SugarAuthenticationSchemeProviderDefinition + { + Description = def.Description, + HandlerFullQualifiedName = def.HandlerFullQualifiedName, + Image = def.Image, + OptionsName = def.OptionsName, + OptionsFullQualifiedName = def.OptionsFullQualifiedName, + Name = def.Name, + AuthSchemeProviders = def.AuthSchemeProviders == null ? new List() : def.AuthSchemeProviders.Select(p => SugarAuthenticationSchemeProvider.Transform(p)).ToList() + }; + } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProviderMapper.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProviderMapper.cs index 1e69508c5..3dcb6ceb3 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProviderMapper.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthenticationSchemeProviderMapper.cs @@ -3,6 +3,7 @@ using SimpleIdServer.IdServer.Domains; using SqlSugar; +using static MassTransit.Logging.OperationName; namespace SimpleIdServer.IdServer.Store.SqlSugar.Models; @@ -12,14 +13,30 @@ public class SugarAuthenticationSchemeProviderMapper [SugarColumn(IsPrimaryKey = true)] public string Id { get; set; } = null!; public string Name { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? SourceClaimName { get; set; } = null; public MappingRuleTypes MapperType { get; set; } + [SugarColumn(IsNullable = true)] public string? TargetUserAttribute { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? TargetUserProperty { get; set; } = null; public string IdProviderId { get; set; } = null!; [Navigate(NavigateType.ManyToOne, nameof(IdProviderId))] public AuthenticationSchemeProvider IdProvider { get; set; } = null!; + public static SugarAuthenticationSchemeProviderMapper Transform(AuthenticationSchemeProviderMapper mapper) + { + return new SugarAuthenticationSchemeProviderMapper + { + Id = mapper.Id, + Name = mapper.Name, + SourceClaimName = mapper.SourceClaimName, + MapperType = mapper.MapperType, + TargetUserAttribute = mapper.TargetUserAttribute, + TargetUserProperty = mapper.TargetUserProperty + }; + } + public AuthenticationSchemeProviderMapper ToDomain() { return new AuthenticationSchemeProviderMapper diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthorizedResource.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthorizedResource.cs index b98721396..f5a0ba548 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthorizedResource.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarAuthorizedResource.cs @@ -12,7 +12,9 @@ public class SugarAuthorizedResource [SugarColumn(IsPrimaryKey = true, IsIdentity = true)] public int Id { get; set; } public string Resource { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Audience { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? AuthorizedScopeId { get; set; } = null; public static SugarAuthorizedResource Transform(AuthorizedResource a) diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarBCAuthorize.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarBCAuthorize.cs index 38d218b3c..789f6897c 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarBCAuthorize.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarBCAuthorize.cs @@ -11,18 +11,27 @@ public class SugarBCAuthorize { [SugarColumn(IsPrimaryKey = true)] public string Id { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? ClientId { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? UserId { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? NotificationToken { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? NotificationMode { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? NotificationEdp { get; set; } = null; + [SugarColumn(IsNullable = true)] public int? Interval { get; set; } = null; public BCAuthorizeStatus LastStatus { get; set; } public DateTime ExpirationDateTime { get; set; } public DateTime UpdateDateTime { get; set; } + [SugarColumn(IsNullable = true)] public DateTime? RejectionSentDateTime { get; set; } + [SugarColumn(IsNullable = true)] public DateTime? NextFetchTime { get; set; } public string Realm { get; set; } = null!; + [SugarColumn(IsNullable = true, Length = 5000)] public string? SerializedAuthorizationDetails { get; set; } = null; public string Scopes { get; set; } [Navigate(NavigateType.OneToMany, nameof(SugarBCAuthorizeHistory.BCAuthorizeId))] diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarBCAuthorizeHistory.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarBCAuthorizeHistory.cs index b73666953..a3755cba6 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarBCAuthorizeHistory.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarBCAuthorizeHistory.cs @@ -12,7 +12,9 @@ public class SugarBCAuthorizeHistory [SugarColumn(IsPrimaryKey = true)] public int Id { get; set; } public DateTime StartDateTime { get; set; } + [SugarColumn(IsNullable = true)] public DateTime? EndDateTime { get; set; } + [SugarColumn(IsNullable = true)] public string? Message { get; set; } = null; public BCAuthorizeStatus Status { get; set; } public string BCAuthorizeId { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarCertificateAuthority.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarCertificateAuthority.cs index b8afef8a9..71c4eb48c 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarCertificateAuthority.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarCertificateAuthority.cs @@ -13,11 +13,17 @@ public class SugarCertificateAuthority public string Id { get; set; } = null!; public string SubjectName { get; set; } = null!; public CertificateAuthoritySources Source { get; set; } + [SugarColumn(IsNullable = true)] public StoreLocation? StoreLocation { get; set; } = null; + [SugarColumn(IsNullable = true)] public StoreName? StoreName { get; set; } = null; + [SugarColumn(IsNullable = true)] public X509FindType? FindType { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? FindValue { get; set; } = null; + [SugarColumn(IsNullable = true, Length = 5000)] public string? PublicKey { get; set; } = null; + [SugarColumn(IsNullable = true, Length = 5000)] public string? PrivateKey { get; set; } = null; public DateTime StartDateTime { get; set; } public DateTime EndDateTime { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClient.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClient.cs index ed1011a39..518f28379 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClient.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClient.cs @@ -13,75 +13,123 @@ public class SugarClient public string Id { get; set; } public string ClientId { get; set; } = null!; public string ClientSecret { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? RegistrationAccessToken { get; set; } = null; public string GrantTypes { get; set; } public string RedirectionUrls { get; set; } + [SugarColumn(IsNullable = true)] public string? TokenEndPointAuthMethod { get; set; } = null; public string ResponseTypes { get; set; } + [SugarColumn] + public string SubjectSyntaxTypesSupported { get; set; } + [SugarColumn(IsNullable = true)] public string? JwksUri { get; set; } = null; public string Contacts { get; set; } + [SugarColumn(IsNullable = true)] public string? SoftwareId { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? SoftwareVersion { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? TlsClientAuthSubjectDN { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? TlsClientAuthSanDNS { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? TlsClientAuthSanURI { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? TlsClientAuthSanIP { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? TlsClientAuthSanEmail { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? AuthenticationContextClassReferenceId { get; set; } = null; + [SugarColumn(IsNullable = true)] public DateTime? ClientSecretExpirationTime { get; set; } public DateTime UpdateDateTime { get; set; } public DateTime CreateDateTime { get; set; } public bool IsTokenExchangeEnabled { get; set; } + [SugarColumn(IsNullable = true)] public TokenExchangeTypes? TokenExchangeType { get; set; } + [SugarColumn(IsNullable = true)] public double? TokenExpirationTimeInSeconds { get; set; } + [SugarColumn(IsNullable = true)] public double? CNonceExpirationTimeInSeconds { get; set; } + [SugarColumn(IsNullable = true)] public double? RefreshTokenExpirationTimeInSeconds { get; set; } + [SugarColumn(IsNullable = true)] public string? TokenSignedResponseAlg { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? TokenEncryptedResponseAlg { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? TokenEncryptedResponseEnc { get; set; } = null; public string PostLogoutRedirectUris { get; set; } public bool RedirectToRevokeSessionUI { get; set; } + [SugarColumn(IsNullable = true)] public string? PreferredTokenProfile { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? RequestObjectSigningAlg { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? RequestObjectEncryptionAlg { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? RequestObjectEncryptionEnc { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? SubjectType { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? PairWiseIdentifierSalt { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? SectorIdentifierUri { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? IdTokenSignedResponseAlg { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? IdTokenEncryptedResponseAlg { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? IdTokenEncryptedResponseEnc { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? BCTokenDeliveryMode { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? BCClientNotificationEndpoint { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? BCAuthenticationRequestSigningAlg { get; set; } + [SugarColumn(IsNullable = true)] public string? UserInfoSignedResponseAlg { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? UserInfoEncryptedResponseAlg { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? UserInfoEncryptedResponseEnc { get; set; } = null; public bool BCUserCodeParameter { get; set; } + [SugarColumn(IsNullable = true)] public string? FrontChannelLogoutUri { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? CredentialOfferEndpoint { get; set; } = null; public bool IsTransactionCodeRequired { get; set; } public double PreAuthCodeExpirationTimeInSeconds { get; set; } public bool FrontChannelLogoutSessionRequired { get; set; } public bool BackChannelLogoutSessionRequired { get; set; } + [SugarColumn(IsNullable = true)] public double? DefaultMaxAge { get; set; } = null; public bool TlsClientCertificateBoundAccessToken { get; set; } + [SugarColumn(IsNullable = true)] public string? BackChannelLogoutUri { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? ApplicationType { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? InitiateLoginUri { get; set; } public bool RequireAuthTime { get; set; } + [SugarColumn(IsNullable = true)] public string? AuthorizationSignedResponseAlg { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? AuthorizationEncryptedResponseAlg { get; set; } = null; public string AuthorizationDataTypes { get; set; } + [SugarColumn(IsNullable = true)] public string? AuthorizationEncryptedResponseEnc { get; set; } = null; public bool DPOPBoundAccessTokens { get; set; } public bool IsConsentDisabled { get; set; } public bool IsResourceParameterRequired { get; set; } public int AuthReqIdExpirationTimeInSeconds { get; set; } + [SugarColumn(IsNullable = true)] public string? ClientType { get; set; } = null; public bool IsDPOPNonceRequired { get; set; } public double DPOPNonceLifetimeInSeconds { get; set; } public bool IsRedirectUrlCaseSensitive { get; set; } + [SugarColumn(IsNullable = true, Length = 5000)] public string? SerializedParameters { get; set; } = null; public string DefaultAcrValues { get; set; } public int BCIntervalSeconds { get; set; } @@ -169,6 +217,7 @@ public static SugarClient Transform(Client client) TokenExchangeType = client.TokenExchangeType, TokenExpirationTimeInSeconds = client.TokenExpirationTimeInSeconds, TokenSignedResponseAlg = client.TokenSignedResponseAlg, + SubjectSyntaxTypesSupported = client.SubjectSyntaxTypesSupported == null ? string.Empty : string.Join(",", client.SubjectSyntaxTypesSupported), ResponseTypes = client.ResponseTypes == null ? string.Empty : string.Join(",", client.ResponseTypes), RedirectionUrls = client.RedirectionUrls == null ? string.Empty : string.Join(",", client.RedirectionUrls), PostLogoutRedirectUris = client.PostLogoutRedirectUris == null ? string.Empty : string.Join(",", client.PostLogoutRedirectUris), @@ -285,6 +334,7 @@ public Client ToDomain() UserInfoEncryptedResponseAlg = UserInfoEncryptedResponseAlg, UpdateDateTime = UpdateDateTime, CreateDateTime = CreateDateTime, + SubjectSyntaxTypesSupported = SubjectSyntaxTypesSupported == null ? new List() : SubjectSyntaxTypesSupported.Split(',').ToList(), ResponseTypes = ResponseTypes == null ? new List() : ResponseTypes.Split(','), RedirectionUrls = RedirectionUrls == null ? new List() : RedirectionUrls.Split(','), PostLogoutRedirectUris = PostLogoutRedirectUris == null ? new List() : PostLogoutRedirectUris.Split(','), @@ -296,7 +346,7 @@ public Client ToDomain() Translations = Translations == null ? new List() : Translations.Select(r => r.ToDomain()).ToList(), DeviceAuthCodes = DeviceAuthCodes == null ? new List() : DeviceAuthCodes.Select(r => r.ToDomain()).ToList(), SerializedJsonWebKeys = SerializedJsonWebKeys == null ? new List() : SerializedJsonWebKeys.Select(j => j.ToDomain()).ToList(), - Scopes = ClientScopes == null ? new List() : ClientScopes.Select(s => s.Scope.ToDomain()).ToList(), + Scopes = ClientScopes == null ? new List() : ClientScopes.Where(s => s.Scope != null).Select(s => s.Scope.ToDomain()).ToList(), Id = Id }; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClientCertificate.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClientCertificate.cs index 94406768d..403d93d1d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClientCertificate.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClientCertificate.cs @@ -15,7 +15,9 @@ public class SugarClientCertificate public DateTime StartDateTime { get; set; } public DateTime EndDateTime { get; set; } public DateTime CreateDateTime { get; set; } + [SugarColumn(Length = 5000)] public string PublicKey { get; set; } = null!; + [SugarColumn(Length = 5000)] public string PrivateKey { get; set; } = null!; public string CertificateAuthorityId { get; set; } [Navigate(NavigateType.ManyToOne, nameof(CertificateAuthorityId))] diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClientJsonWebKey.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClientJsonWebKey.cs index 91c1041fa..c0f05e036 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClientJsonWebKey.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarClientJsonWebKey.cs @@ -13,7 +13,9 @@ public class SugarClientJsonWebKey public string Kid { get; set; } = null!; public string Alg { get; set; } = null!; public string Usage { get; set; } = null!; + [SugarColumn(IsNullable = true)] public SecurityKeyTypes? KeyType { get; set; } = null; + [SugarColumn(Length = 5000)] public string SerializedJsonWebKey { get; set; } = null!; public string ClientId { get; set; } = null; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinition.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinition.cs index bfa4aeec4..93ac3221d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinition.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinition.cs @@ -17,6 +17,18 @@ public class SugarConfigurationDefinition [Navigate(NavigateType.OneToMany, nameof(SugarConfigurationDefinitionRecord.ConfigurationDefinitionId))] public List ConfigurationDefinitionRecords { get; set; } + public static SugarConfigurationDefinition Transform(ConfigurationDefinition configurationDefinition) + { + return new SugarConfigurationDefinition + { + Id = configurationDefinition.Id, + CreateDateTime = configurationDefinition.CreateDateTime, + UpdateDateTime = configurationDefinition.UpdateDateTime, + FullQualifiedName = configurationDefinition.FullQualifiedName, + ConfigurationDefinitionRecords = configurationDefinition.Records == null ? new List() : configurationDefinition.Records.Select(r => SugarConfigurationDefinitionRecord.Transform(r)).ToList() + }; + } + public ConfigurationDefinition ToDomain() { return new ConfigurationDefinition diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinitionRecord.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinitionRecord.cs index 1c1079323..8ed3a8707 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinitionRecord.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinitionRecord.cs @@ -18,12 +18,30 @@ public class SugarConfigurationDefinitionRecord public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } public int Order { get; set; } + [SugarColumn(IsNullable = true)] public string? DisplayCondition { get; set; } [Navigate(typeof(SugarConfigurationDefinitionRecordTranslation), nameof(SugarConfigurationDefinitionRecordTranslation.ConfigurationDefinitionRecordId), nameof(SugarConfigurationDefinitionRecordTranslation.TranslationsId))] public List Translations { get; set; } [Navigate(NavigateType.OneToMany, nameof(SugarConfigurationDefinitionRecordValue.ConfigurationDefinitionRecordId))] public List Values { get; set; } + public static SugarConfigurationDefinitionRecord Transform(ConfigurationDefinitionRecord record) + { + return new SugarConfigurationDefinitionRecord + { + Id = record.Id, + Name = record.Name, + IsRequired = record.IsRequired, + Type = record.Type, + CreateDateTime = record.CreateDateTime, + UpdateDateTime = record.UpdateDateTime, + Order = record.Order, + DisplayCondition = record.DisplayCondition, + Translations = record.Translations == null ? new List() : record.Translations.Select(t => SugarTranslation.Transform(t)).ToList(), + Values = record.Values == null ? new List() : record.Values.Select(v => SugarConfigurationDefinitionRecordValue.Transform(v)).ToList() + }; + } + public ConfigurationDefinitionRecord ToDomain() { return new ConfigurationDefinitionRecord diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinitionRecordValue.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinitionRecordValue.cs index cd451b50f..d07d930ed 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinitionRecordValue.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConfigurationDefinitionRecordValue.cs @@ -16,6 +16,16 @@ public class SugarConfigurationDefinitionRecordValue [Navigate(typeof(SugarConfigurationDefinitionRecordValueTranslation), nameof(SugarConfigurationDefinitionRecordValueTranslation.ConfigurationDefinitionRecordValueId), nameof(SugarConfigurationDefinitionRecordValueTranslation.TranslationsId))] public List Translations { get; set; } + public static SugarConfigurationDefinitionRecordValue Transform(ConfigurationDefinitionRecordValue value) + { + return new SugarConfigurationDefinitionRecordValue + { + Id = value.Id, + Value = value.Value, + Translations = value.Translations == null ? new List() : value.Translations.Select(t => SugarTranslation.Transform(t)).ToList() + }; + } + public ConfigurationDefinitionRecordValue ToDomain() { return new ConfigurationDefinitionRecordValue diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConsent.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConsent.cs index 336bf4912..0f47b8ef2 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConsent.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarConsent.cs @@ -15,10 +15,13 @@ public class SugarConsent public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } public string UserId { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? ScopeId { get; set; } = null; public ConsentStatus Status { get; set; } public string Realm { get; set; } + [SugarColumn(Length = 5000)] public string Claims { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? SerializedAuthorizationDetails { get; set; } = null; [Navigate(NavigateType.ManyToOne, nameof(UserId))] public SugarUser User { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarDataProtection.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarDataProtection.cs index cc0be974f..9b17e3b7b 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarDataProtection.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarDataProtection.cs @@ -10,6 +10,8 @@ public class SugarDataProtection { [SugarColumn(IsPrimaryKey = true, IsIdentity = true)] public int Id { get; set; } + [SugarColumn(IsNullable = true)] public string? FriendlyName { get; set; } + [SugarColumn(IsNullable = true, Length = 5000)] public string? Xml { get; set; } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarDeviceAuthCode.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarDeviceAuthCode.cs index 9c38a8dd3..eecac82aa 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarDeviceAuthCode.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarDeviceAuthCode.cs @@ -15,11 +15,13 @@ public class SugarDeviceAuthCode public string UserCode { get; set; } = null!; public string ClientId { get; set; } = null!; public string UserId { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? UserLogin { get; set; } = null; public string Scopes { get; set; } = null!; public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } public DateTime ExpirationDateTime { get; set; } + [SugarColumn(IsNullable = true)] public DateTime? NextAccessDateTime { get; set; } = null; public DeviceAuthCodeStatus Status { get; set; } public DateTime LastAccessTime { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarExtractedRepresentationStaging.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarExtractedRepresentationStaging.cs index c6bd45fc2..0a94c0423 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarExtractedRepresentationStaging.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarExtractedRepresentationStaging.cs @@ -13,6 +13,7 @@ public class SugarExtractedRepresentationStaging public string Id { get; set; } = null!; public string RepresentationId { get; set; } = null!; public string RepresentationVersion { get; set; } = null!; + [SugarColumn(IsNullable = true, Length = 5000)] public string? Values { get; set; } = null; public string IdProvisioningProcessId { get; set; } = null!; public string GroupIds { get; set; } = null!; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarGroup.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarGroup.cs index da8d3103a..e4e56e740 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarGroup.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarGroup.cs @@ -13,9 +13,11 @@ public class SugarGroup public string Id { get; set; } = null!; public string Name { get; set; } = null!; public string FullPath { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Description { get; set; } = null; public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } + [SugarColumn(IsNullable = true)] public string? ParentGroupId { get; set; } = null; [Navigate(NavigateType.ManyToOne, nameof(ParentGroupId))] public SugarGroup? ParentGroup { get; set; } = null; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioning.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioning.cs index 131ac2792..c4c521308 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioning.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioning.cs @@ -11,7 +11,9 @@ public class SugarIdentityProvisioning { [SugarColumn(IsPrimaryKey = true)] public string Id { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Name { get; set; } + [SugarColumn(IsNullable = true)] public string? Description { get; set; } public string DefinitionName { get; set; } = null!; public bool IsEnabled { get; set; } = true; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioningDefinition.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioningDefinition.cs index 07a8a23b3..4bb1ca422 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioningDefinition.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioningDefinition.cs @@ -11,6 +11,7 @@ public class SugarIdentityProvisioningDefinition { [SugarColumn(IsPrimaryKey = true)] public string Name { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Description { get; set; } = null; public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioningMappingRule.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioningMappingRule.cs index b17f9bb88..ab410e441 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioningMappingRule.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarIdentityProvisioningMappingRule.cs @@ -13,7 +13,9 @@ public class SugarIdentityProvisioningMappingRule public string Id { get; set; } = null!; public string From { get; set; } = null!; public MappingRuleTypes MapperType { get; set; } + [SugarColumn(IsNullable = true)] public string? TargetUserAttribute { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? TargetUserProperty { get; set; } = null; public bool HasMultipleAttribute { get; set; } = false; public string IdentityProvisioningDefinitionName { get; set; } = null!; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarLanguage.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarLanguage.cs index 0303aa7f3..b9dbdfedb 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarLanguage.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarLanguage.cs @@ -13,6 +13,18 @@ public class SugarLanguage public string Code { get; set; } = null!; public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } + [Navigate(NavigateType.OneToMany, nameof(SugarTranslation.Language))] + public List Translations { get; set; } + + public static SugarLanguage Transform(Language language) + { + return new SugarLanguage + { + Code = language.Code, + CreateDateTime = language.CreateDateTime, + UpdateDateTime = language.UpdateDateTime + }; + } public Language ToDomain() { diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarMessageBusErrorMessage.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarMessageBusErrorMessage.cs new file mode 100644 index 000000000..3eb95e7df --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarMessageBusErrorMessage.cs @@ -0,0 +1,55 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.SubjectTypeBuilders; +using SqlSugar; + +namespace SimpleIdServer.IdServer.Store.SqlSugar.Models; + +[SugarTable("MessageBusErrorMessages")] +public class SugarMessageBusErrorMessage +{ + [SugarColumn(IsPrimaryKey = true)] + public string Id { get; set; } = null!; + [SugarColumn(IsNullable = true)] + public string? ExternalId { get; set; } = null; + public string Name { get; set; } = null!; + public string FullName { get; set; } = null!; + [SugarColumn(Length = 5000)] + public string Content { get; set; } = null!; + [SugarColumn(Length = 5000)] + public string Exceptions { get; set; } = null!; + public DateTime ReceivedDateTime { get; set; } + public string QueueName { get; set; } = null!; + + public static SugarMessageBusErrorMessage Transform(MessageBusErrorMessage messageBusError) + { + return new SugarMessageBusErrorMessage + { + ReceivedDateTime = messageBusError.ReceivedDateTime, + QueueName = messageBusError.QueueName, + Name = messageBusError.Name, + Id = messageBusError.Id, + FullName = messageBusError.FullName, + Exceptions = messageBusError.Exceptions == null ? string.Empty : string.Join(",", messageBusError.Exceptions), + Content = messageBusError.Content, + ExternalId = messageBusError.ExternalId + }; + } + + + public MessageBusErrorMessage ToDomain() + { + return new MessageBusErrorMessage + { + ExternalId = ExternalId, + Content = Content, + Exceptions = string.IsNullOrWhiteSpace(Exceptions) ? new List() : Exceptions.Split(',').ToList(), + FullName = FullName, + Id = Id, + Name = Name, + QueueName = QueueName, + ReceivedDateTime = ReceivedDateTime + }; + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinition.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinition.cs index c56da7dec..41067bda1 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinition.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinition.cs @@ -12,7 +12,9 @@ public class SugarPresentationDefinition [SugarColumn(IsPrimaryKey = true)] public string Id { get; set; } = null!; public string PublicId { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Name { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Purpose { get; set; } = null; public string RealmName { get; set; } = null!; [Navigate(NavigateType.ManyToOne, nameof(RealmName))] @@ -20,6 +22,19 @@ public class SugarPresentationDefinition [Navigate(NavigateType.OneToMany, nameof(SugarPresentationDefinitionInputDescriptor.PresentationDefinitionId))] public List InputDescriptors { get; set; } + public static SugarPresentationDefinition Transform(PresentationDefinition presentationDefinition) + { + return new SugarPresentationDefinition + { + Id = presentationDefinition.Id, + Name = presentationDefinition.Name, + PublicId = presentationDefinition.PublicId, + Purpose = presentationDefinition.Purpose, + RealmName = presentationDefinition.Realm == null ? presentationDefinition.RealmName : presentationDefinition.Realm.Name, + InputDescriptors = presentationDefinition.InputDescriptors == null ? new List() : presentationDefinition.InputDescriptors.Select(d => SugarPresentationDefinitionInputDescriptor.Transform(d)).ToList() + }; + } + public PresentationDefinition ToDomain() { return new PresentationDefinition diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionFormat.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionFormat.cs index 4ddfa6b3a..7d2e62d84 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionFormat.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionFormat.cs @@ -15,6 +15,16 @@ public class SugarPresentationDefinitionFormat public string ProofType { get; set; } public string PresentationDefinitionInputDescriptorId { get; set; } + public static SugarPresentationDefinitionFormat Transform(PresentationDefinitionFormat format) + { + return new SugarPresentationDefinitionFormat + { + Id = format.Id, + Format = format.Format, + ProofType = format.ProofType + }; + } + public PresentationDefinitionFormat ToDomain() { return new PresentationDefinitionFormat diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionInputDescriptor.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionInputDescriptor.cs index bdf9b312b..38de85444 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionInputDescriptor.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionInputDescriptor.cs @@ -3,8 +3,6 @@ using SimpleIdServer.IdServer.Domains; using SqlSugar; -using System.Text.Json.Nodes; -using System.Text.Json.Serialization; namespace SimpleIdServer.IdServer.Store.SqlSugar.Models; @@ -14,8 +12,11 @@ public class SugarPresentationDefinitionInputDescriptor [SugarColumn(IsPrimaryKey = true)] public string Id { get; set; } = null!; public string PublicId { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Name { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Purpose { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? PresentationDefinitionId { get; set; } = null; [Navigate(NavigateType.OneToMany, nameof(SugarPresentationDefinitionFormat.PresentationDefinitionInputDescriptorId))] @@ -23,6 +24,19 @@ public class SugarPresentationDefinitionInputDescriptor [Navigate(NavigateType.OneToMany, nameof(SugarPresentationDefinitionInputDescriptorConstraint.PresentationDefinitionInputDescriptorId))] public List Constraints { get; set; } + public static SugarPresentationDefinitionInputDescriptor Transform(PresentationDefinitionInputDescriptor descriptor) + { + return new SugarPresentationDefinitionInputDescriptor + { + Id = descriptor.Id, + PublicId = descriptor.PublicId, + Name = descriptor.Name, + Purpose = descriptor.Purpose, + Format = descriptor.Format == null ? new List() : descriptor.Format.Select(f => SugarPresentationDefinitionFormat.Transform(f)).ToList(), + Constraints = descriptor.Constraints == null ? new List() : descriptor.Constraints.Select(c => SugarPresentationDefinitionInputDescriptorConstraint.Transform(c)).ToList() + }; + } + public PresentationDefinitionInputDescriptor ToDomain() { return new PresentationDefinitionInputDescriptor diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionInputDescriptorConstraint.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionInputDescriptorConstraint.cs index b8b51b90c..62697930f 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionInputDescriptorConstraint.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarPresentationDefinitionInputDescriptorConstraint.cs @@ -15,6 +15,16 @@ public class SugarPresentationDefinitionInputDescriptorConstraint public string Filter { get; set; } = null!; public string PresentationDefinitionInputDescriptorId { get; set; } + public static SugarPresentationDefinitionInputDescriptorConstraint Transform(PresentationDefinitionInputDescriptorConstraint constraint) + { + return new SugarPresentationDefinitionInputDescriptorConstraint + { + Id = constraint.Id, + Path = constraint.Path == null ? "" : string.Join(",", constraint.Path), + Filter = constraint.Filter + }; + } + public PresentationDefinitionInputDescriptorConstraint ToDomain() { return new PresentationDefinitionInputDescriptorConstraint diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarRealm.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarRealm.cs index 8bf23ce7d..836c42397 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarRealm.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarRealm.cs @@ -19,6 +19,14 @@ public class SugarRealm [Navigate(NavigateType.OneToMany, nameof(SugarPresentationDefinition.RealmName))] public List PresentationDefinitions { get; set; } + public static SugarRealm Transform(Realm realm) => new() + { + CreateDateTime = realm.CreateDateTime, + UpdateDateTime = realm.UpdateDateTime, + Description = realm.Description ?? realm.Name, + RealmsName = realm.Name + }; + public Realm ToDomain() { return new Realm diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarScope.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarScope.cs index d531c1ae5..5c7841826 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarScope.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarScope.cs @@ -13,10 +13,17 @@ public class SugarScope public string Name { get; set; } = null!; public ScopeTypes Type { get; set; } = ScopeTypes.IDENTITY; public ScopeProtocols Protocol { get; set; } = ScopeProtocols.OPENID; + [SugarColumn(IsNullable = true)] public string? Description { get; set; } = null; public bool IsExposedInConfigurationEdp { get; set; } public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } + + [SugarColumn(IsNullable = true)] + public ComponentActions? Action { get; set; } + + [SugarColumn(IsNullable = true)] + public string? Component { set; get; } = null; [Navigate(NavigateType.OneToMany, nameof(SugarScopeClaimMapper.ScopeId))] public List ClaimMappers { get; set; } @@ -36,6 +43,8 @@ public static SugarScope Transform(Scope scope) IsExposedInConfigurationEdp = scope.IsExposedInConfigurationEdp, Type = scope.Type, UpdateDateTime = scope.UpdateDateTime, + Component = scope.Component, + Action = scope.Action, Protocol = scope.Protocol, Realms = scope.Realms == null ? new List() : scope.Realms.Select(r => new SugarRealm { @@ -58,6 +67,8 @@ public Scope ToDomain() IsExposedInConfigurationEdp = IsExposedInConfigurationEdp, CreateDateTime = CreateDateTime, UpdateDateTime = UpdateDateTime, + Component = Component, + Action = Action, ClaimMappers = ClaimMappers == null ? new List() : ClaimMappers.Select(m => m.ToDomain()).ToList(), Realms = Realms == null ? new List() : Realms.Select(r => r.ToDomain()).ToList(), ApiResources = ApiResources == null ? new List() : ApiResources.Select(r => r.ToDomain()).ToList() diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarScopeClaimMapper.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarScopeClaimMapper.cs index c52cc70f6..07c613deb 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarScopeClaimMapper.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarScopeClaimMapper.cs @@ -14,11 +14,16 @@ public class SugarScopeClaimMapper public string ScopeClaimMapperId { get; set; } = null!; public string Name { get; set; } = null!; public MappingRuleTypes MapperType { get; set; } + [SugarColumn(IsNullable = true)] public string? SourceUserAttribute { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? SourceUserProperty { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? TargetClaimPath { get; set; } = null; public bool IncludeInAccessToken { get; set; } = false; + [SugarColumn(IsNullable = true)] public string? SAMLAttributeName { get; set; } = null; + [SugarColumn(IsNullable = true)] public TokenClaimJsonTypes? TokenClaimJsonType { get; set; } = null; public bool IsMultiValued { get; set; } = false; public string ScopeId { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarSerializedFileKey.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarSerializedFileKey.cs index 056606bfc..1c8d93937 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarSerializedFileKey.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarSerializedFileKey.cs @@ -14,13 +14,16 @@ public class SugarSerializedFileKey public string KeyId { get; set; } = null!; public string Usage { get; set; } = null!; public string Alg { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Enc { get; set; } + [SugarColumn(IsNullable = true, Length = 5000)] public string? PublicKeyPem { get; set; } = null; + [SugarColumn(IsNullable = true, Length = 5000)] public string? PrivateKeyPem { get; set; } = null; public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } public bool IsSymmetric { get; set; } = false; - public byte[]? Key { get; set; } = null; + public byte[] Key { get; set; } = new byte[0]; [Navigate(typeof(SugarRealmSerializedFileKey), nameof(SugarRealmSerializedFileKey.SerializedFileKeysId), nameof(SugarRealmSerializedFileKey.RealmsName))] public List Realms { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarToken.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarToken.cs index 3cdefea4c..1dcec3fa1 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarToken.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarToken.cs @@ -11,16 +11,25 @@ public class SugarToken { [SugarColumn(IsPrimaryKey = true, IsIdentity = true)] public int PkID { get; set; } + [SugarColumn(Length = 5000)] public string Id { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? SessionId { get; set; } = null; public string ClientId { get; set; } = null!; public string TokenType { get; set; } = null!; + [SugarColumn(IsNullable = true)] public AccessTokenTypes? AccessTokenType { get; set; } = null; + [SugarColumn(IsNullable = true, Length = 5000)] public string? Data { get; set; } = null; + [SugarColumn(IsNullable = true, Length = 5000)] public string? OriginalData { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? AuthorizationCode { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? GrantId { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Jkt { get; set; } = null; + [SugarColumn(IsNullable = true)] public DateTime? ExpirationTime { get; set; } public DateTime CreateDateTime { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarTranslation.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarTranslation.cs index 0b9ee9688..bfa54feaa 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarTranslation.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarTranslation.cs @@ -3,6 +3,7 @@ using SimpleIdServer.IdServer.Domains; using SqlSugar; +using SqlSugar.Extensions; namespace SimpleIdServer.IdServer.Store.SqlSugar.Models; @@ -12,9 +13,22 @@ public class SugarTranslation [SugarColumn(IsPrimaryKey = true, IsIdentity = true)] public int Id { get; set; } public string Key { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Value { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Language { get; set; } = null; - public string ClientId { get; set; } = null; + [SugarColumn(IsNullable = true)] + public string? ClientId { get; set; } = null; + + public static SugarTranslation Transform(Translation translation) + { + return new SugarTranslation + { + Key = translation.Key, + Language = translation.Language, + Value = translation.Value + }; + } public Translation ToDomain() { diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAPendingRequest.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAPendingRequest.cs index 3c75b1d3b..375c327a3 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAPendingRequest.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAPendingRequest.cs @@ -12,7 +12,9 @@ public class SugarUMAPendingRequest [SugarColumn(IsPrimaryKey = true, IsIdentity = true)] public int Id { get; set; } public string TicketId { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Requester { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Owner { get; set; } = null!; public string Scopes { get; set; } = null!; public DateTime CreateDateTime { get; set; } @@ -32,6 +34,7 @@ public UMAPendingRequest ToDomain() CreateDateTime = CreateDateTime, Status = Status, Realm = Realm, + Resource = Resource?.ToDomain(), Scopes = Scopes.Split(',').ToList() }; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAResource.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAResource.cs index 71c72f756..4ccadbdc2 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAResource.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAResource.cs @@ -11,8 +11,11 @@ public class SugarUMAResource { [SugarColumn(IsPrimaryKey = true)] public string Id { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? IconUri { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Type { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Subject { get; set; } = null; public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAResourcePermissionClaim.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAResourcePermissionClaim.cs index 2c373cce7..7ef54cd49 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAResourcePermissionClaim.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUMAResourcePermissionClaim.cs @@ -11,7 +11,9 @@ public class SugarUMAResourcePermissionClaim { [SugarColumn(IsPrimaryKey = true, IsIdentity = true)] public int Id { get; set; } + [SugarColumn(IsNullable = true)] public string? ClaimType { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? FriendlyName { get; set; } = null; public string Name { get; set; } = null!; public string Value { get; set; } = null!; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUser.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUser.cs index 8a83223bb..ad4994cf1 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUser.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUser.cs @@ -11,16 +11,25 @@ public class SugarUser [SugarColumn(IsPrimaryKey = true)] public string Id { get; set; } = null!; public string Name { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Firstname { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Lastname { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Email { get; set; } = null; public bool EmailVerified { get; set; } = false; + [SugarColumn(IsNullable = true)] public string? DeviceRegistrationToken { get; set; } public UserStatus Status { get; set; } public DateTime CreateDateTime { get; set; } public DateTime UpdateDateTime { get; set; } + [SugarColumn(IsNullable = true)] public string? Source { get; set; } = null; + public DateTime? UnblockDateTime { get; set; } + public int NbLoginAttempt { get; set; } + [SugarColumn(IsNullable = true)] public string? IdentityProvisioningId { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? EncodedPicture { get; set; } = null; public string NotificationMode { get; set; } [Navigate(NavigateType.ManyToOne, nameof(IdentityProvisioningId))] @@ -58,6 +67,8 @@ public static SugarUser Transform(User user) Name = user.Name, Source = user.Source, Status = user.Status, + UnblockDateTime = user.UnblockDateTime, + NbLoginAttempt = user.NbLoginAttempt, IdentityProvisioningId = user.IdentityProvisioningId, EncodedPicture = user.EncodedPicture, UpdateDateTime = user.UpdateDateTime, @@ -89,6 +100,8 @@ public User ToDomain() IdentityProvisioningId = IdentityProvisioningId, Source = Source, Email = Email, + UnblockDateTime = UnblockDateTime, + NbLoginAttempt = NbLoginAttempt, EmailVerified = EmailVerified, Firstname = Firstname, Status = Status, diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserClaim.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserClaim.cs index e0d0ff988..d1062fd48 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserClaim.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserClaim.cs @@ -12,7 +12,9 @@ public class SugarUserClaim public string Id { get; set; } = null!; public string Name { get; set; } = null!; public string Value { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? Type { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? UserId { get; set; } = null; public static SugarUserClaim Transform(UserClaim cl) diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserCredential.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserCredential.cs index 2631a6c1d..35073b0ca 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserCredential.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserCredential.cs @@ -13,6 +13,7 @@ public class SugarUserCredential public string Id { get; set; } = null!; public string CredentialType { get; set; } = null!; public string Value { get; set; } = null!; + [SugarColumn(IsNullable = true)] public OTPAlgs? OTPAlg { get; set; } = null; public bool IsActive { get; set; } public int OTPCounter { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserDevice.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserDevice.cs index 7afff110a..2002396be 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserDevice.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Models/SugarUserDevice.cs @@ -11,12 +11,19 @@ public class SugarUserDevice { [SugarColumn(IsPrimaryKey = true)] public string Id { get; set; } = null!; + [SugarColumn(IsNullable = true)] public string? DeviceType { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Model { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Manufacturer { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Name { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? Version { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? PushToken { get; set; } = null; + [SugarColumn(IsNullable = true)] public string? PushType { get; set; } = null; public DateTime CreateDateTime { get; set; } public string UserId { get; set; } = null!; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/PresentationDefinitionStore.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/PresentationDefinitionStore.cs index 50b53f24c..4b4771018 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/PresentationDefinitionStore.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/PresentationDefinitionStore.cs @@ -16,6 +16,14 @@ public PresentationDefinitionStore(DbContext dbContext) _dbContext = dbContext; } + public void Add(PresentationDefinition presentationDefinition) + { + _dbContext.Client.InsertNav(SugarPresentationDefinition.Transform(presentationDefinition)) + .Include(p => p.InputDescriptors).ThenInclude(p => p.Format) + .Include(p => p.InputDescriptors).ThenInclude(p => p.Constraints) + .ExecuteCommand(); + } + public async Task> GetAll(string realm, CancellationToken cancellationToken) { var result = await _dbContext.Client.Queryable() diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/RealmRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/RealmRepository.cs index 6bcbfcd84..a377b2c27 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/RealmRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/RealmRepository.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Store.SqlSugar.Models; using SimpleIdServer.IdServer.Stores; using SqlSugar; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ScopeRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ScopeRepository.cs index db8254ce0..cf158ca22 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ScopeRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ScopeRepository.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Api.Scopes; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Store.SqlSugar.Models; using SimpleIdServer.IdServer.Stores; @@ -16,6 +17,11 @@ public ScopeRepository(DbContext dbContext) _dbContext = dbContext; } + public Task> Get(List ids, CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + public void Add(Scope scope) { _dbContext.Client.InsertNav(SugarScope.Transform(scope)) @@ -119,5 +125,14 @@ public async Task> Search(string realm, SearchScopeRequest r Content = scopes.Select(s => s.ToDomain()).ToList() }; } + + public async Task> GetAllRealmScopes(string realm, CancellationToken cancellationToken) + { + var result = await _dbContext.Client.Queryable() + .Includes(s => s.Realms) + .Where(s => s.Component != null && s.Realms.Any(r => r.RealmsName == realm)) + .ToListAsync(cancellationToken); + return result.Select(s => s.ToDomain()).ToList(); + } } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Seeding/RealmEntitySeeder.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Seeding/RealmEntitySeeder.cs new file mode 100644 index 000000000..8c4b88eea --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Seeding/RealmEntitySeeder.cs @@ -0,0 +1,56 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license informa +using Microsoft.Extensions.Logging; +using SimpleIdServer.IdServer.Builders; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Seeding; +using SimpleIdServer.IdServer.Store.SqlSugar.Models; + +namespace SimpleIdServer.IdServer.Store.SqlSugar.Seeding; + +/// +/// Implements the method that allows to seed records of realms. +/// +public class RealmEntitySeeder : IEntitySeeder +{ + private readonly ILogger _logger; + private readonly DbContext _dbContext; + + public RealmEntitySeeder(ILogger logger, DbContext dbContext) + { + _logger = logger; + _dbContext = dbContext; + } + + public async Task SeedAsync(IReadOnlyCollection records, CancellationToken cancellationToken = default) + { + string[] dbRealmNames = await _dbContext.Client.Queryable() + .Select(u => u.RealmsName.ToUpper()) + .ToArrayAsync(); + + RealmSeedDto[] realmsNotInDb = (from r in records + join ln in dbRealmNames on r.Name.ToUpper() equals ln + into qry + from l_join in qry.DefaultIfEmpty() + where l_join == null + select r).ToArray(); + + if (realmsNotInDb.Length > 0) + { + var realmsToCreate = new List(); + + foreach (RealmSeedDto realm in realmsNotInDb) + { + string description = !string.IsNullOrEmpty(realm.Description) ? realm.Description : realm.Name; + RealmBuilder builder = RealmBuilder.Create(realm.Name, description); + SugarRealm sugarRealm = SugarRealm.Transform(builder.Build()); + + realmsToCreate.Add(sugarRealm); + } + + await _dbContext.Client.Insertable(realmsToCreate).ExecuteCommandAsync(cancellationToken); + } + + _logger.LogInformation("{count} realms seeded.", realmsNotInDb.Length); + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Seeding/ScopeEntitySeeder.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Seeding/ScopeEntitySeeder.cs new file mode 100644 index 000000000..05cd60114 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Seeding/ScopeEntitySeeder.cs @@ -0,0 +1,83 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license informa +using Microsoft.Extensions.Logging; +using SimpleIdServer.IdServer.Builders; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Seeding; +using SimpleIdServer.IdServer.Store.SqlSugar.Models; + +namespace SimpleIdServer.IdServer.Store.SqlSugar.Seeding; + +/// +/// Implements the method that allows to seed records of scopes. +/// +public class ScopeEntitySeeder : IEntitySeeder +{ + private readonly ILogger _logger; + private readonly DbContext _dbContext; + + public ScopeEntitySeeder(ILogger logger, DbContext dbContext) + { + _logger = logger; + _dbContext = dbContext; + } + + public async Task SeedAsync(IReadOnlyCollection records, CancellationToken cancellationToken = default) + { + string[] dbLoginNames = await _dbContext.Client.Queryable() + .Select(u => u.Name.ToUpper()) + .ToArrayAsync(); + + ScopeSeedDto[] scopesNotInDb = (from r in records + join ln in dbLoginNames on r.Name.ToUpper() equals ln + into qry + from l_join in qry.DefaultIfEmpty() + where l_join == null + select r).ToArray(); + + if (scopesNotInDb.Length > 0) + { + var scopesToCreate = new List(); + + foreach (ScopeSeedDto scope in scopesNotInDb) + { + Realm? realm = null; + + if (!string.IsNullOrEmpty(scope.Realm)) + { + SugarRealm sugarRealm = await _dbContext.Client.Queryable() + .FirstAsync(r => r.RealmsName.ToUpper() == scope.Realm.ToUpper(), cancellationToken); + + realm = sugarRealm?.ToDomain(); + } + + ScopeBuilder builder = ScopeBuilder.Create(scope.Name, scope.IsExposedInConfigurationEdp, realm) + .SetDescription(scope.Description) + .SetComponent(scope.Component); + + if (!string.IsNullOrEmpty(scope.Type) && Enum.TryParse(scope.Type, out ScopeTypes type)) + { + builder.SetType(type); + } + + if (!string.IsNullOrEmpty(scope.Protocol) && Enum.TryParse(scope.Protocol, out ScopeProtocols protocol)) + { + builder.SetProtocol(protocol); + } + + if (!string.IsNullOrEmpty(scope.ComponentAction) && Enum.TryParse(scope.ComponentAction, out ComponentActions componentAction)) + { + builder.SetComponentAction(componentAction); + } + + SugarScope sugarScope = SugarScope.Transform(builder.Build()); + + scopesToCreate.Add(sugarScope); + } + + await _dbContext.Client.Insertable(scopesToCreate).ExecuteCommandAsync(cancellationToken); + } + + _logger.LogInformation("{count} scopes seeded.", scopesNotInDb.Length); + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Seeding/UserEntitySeeder.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Seeding/UserEntitySeeder.cs index efe57366a..2036fbaeb 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Seeding/UserEntitySeeder.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/Seeding/UserEntitySeeder.cs @@ -2,7 +2,9 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license informa using Microsoft.Extensions.Logging; using SimpleIdServer.IdServer.Builders; +using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Seeding; +using SimpleIdServer.IdServer.Store.SqlSugar.Models; namespace SimpleIdServer.IdServer.Store.SqlSugar.Seeding; @@ -22,7 +24,7 @@ public UserEntitySeeder(ILogger logger, DbContext dbContext) public async Task SeedAsync(IReadOnlyCollection records, CancellationToken cancellationToken = default) { - string[] dbLoginNames = await _dbContext.Client.Queryable() + string[] dbLoginNames = await _dbContext.Client.Queryable() .Select(u => u.Name.ToUpper()) .ToArrayAsync(); @@ -35,22 +37,32 @@ from l_join in qry.DefaultIfEmpty() if (usersNotInDb.Length > 0) { - var usersToCreate = new List(); + var usersToCreate = new List(); - foreach (var user in usersNotInDb) + foreach (UserSeedDto user in usersNotInDb) { - var builder = UserBuilder.Create(user.Login, user.Password, user.FirstName) + Realm? realm = null; + + if (!string.IsNullOrEmpty(user.Realm)) + { + SugarRealm sugarRealm = await _dbContext.Client.Queryable() + .FirstAsync(r => r.RealmsName.ToUpper() == user.Realm.ToUpper(), cancellationToken); + + realm = sugarRealm?.ToDomain(); + } + + UserBuilder builder = UserBuilder.Create(user.Login, user.Password, user.FirstName, realm) .SetLastname(user.LastName) .SetEmail(user.Email); - foreach (var role in user.Roles) { builder.AddRole(role); } + foreach (string role in user.Roles) { builder.AddRole(role); } - Models.SugarUser sugarUser = Models.SugarUser.Transform(builder.Build()); + SugarUser sugarUser = SugarUser.Transform(builder.Build()); usersToCreate.Add(sugarUser); } - await _dbContext.Client.Insertable(usersToCreate).ExecuteCommandAsync(cancellationToken); + await _dbContext.Client.Insertable(usersToCreate).ExecuteCommandAsync(cancellationToken); } _logger.LogInformation("{count} users seeded.", usersNotInDb.Length); diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/SerializedFileKeyStore.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/SerializedFileKeyStore.cs index a76d10d74..6bbeb9c90 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/SerializedFileKeyStore.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/SerializedFileKeyStore.cs @@ -66,7 +66,7 @@ private static SugarSerializedFileKey Transform(SerializedFileKey fileKey) Enc = fileKey.Enc, Id = fileKey.Id, IsSymmetric = fileKey.IsSymmetric, - Key = fileKey.Key, + Key = fileKey.Key ?? new byte[0], KeyId = fileKey.KeyId, PrivateKeyPem = fileKey.PrivateKeyPem, PublicKeyPem = fileKey.PublicKeyPem, diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ServiceCollectionExtensions.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ServiceCollectionExtensions.cs index 1a71694a2..87004092d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ServiceCollectionExtensions.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ServiceCollectionExtensions.cs @@ -41,6 +41,7 @@ public static IServiceCollection AddSqlSugarStore(this IServiceCollection servic services.AddTransient(); services.AddTransient(); services.AddTransient(); + services.AddTransient(); return services; } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UmaPendingRequestRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UmaPendingRequestRepository.cs index 33f4d0e79..38872da88 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UmaPendingRequestRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UmaPendingRequestRepository.cs @@ -54,7 +54,8 @@ private static SugarUMAPendingRequest Transform(UMAPendingRequest request) Realm = request.Realm, Requester = request.Requester, Scopes = request.Scopes == null ? string.Empty : string.Join(",", request.Scopes), - Status = request.Status + Status = request.Status, + ResourceId = request.Resource?.Id }; } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UmaResourceRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UmaResourceRepository.cs index e5d53e27b..c241d73d0 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UmaResourceRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UmaResourceRepository.cs @@ -90,7 +90,7 @@ private static SugarUMAResource Transform(UMAResource resource) { Key = t.Key, Value = t.Value, - Language = t.Language + Language = t.Language, }).ToList() }; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UserRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UserRepository.cs index d25a171cb..c14815d79 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UserRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UserRepository.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Store.SqlSugar.Models; using SimpleIdServer.IdServer.Stores; using SqlSugar; diff --git a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UserSessionRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UserSessionRepository.cs index 0bc682ff5..4f6be8774 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UserSessionRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/UserSessionRepository.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Store.SqlSugar.Models; using SimpleIdServer.IdServer.Stores; diff --git a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Apis/Authorization/VpAuthorizeController.cs b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Apis/Authorization/VpAuthorizeController.cs new file mode 100644 index 000000000..52ee86a12 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Apis/Authorization/VpAuthorizeController.cs @@ -0,0 +1,26 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Http.HttpResults; +using Microsoft.AspNetCore.Mvc; +using SimpleIdServer.IdServer.Exceptions; +using SimpleIdServer.IdServer.VerifiablePresentation.DTOs; + +namespace SimpleIdServer.IdServer.VerifiablePresentation.Apis.Authorization; + +public class VpAuthorizeController : Controller +{ + [HttpPost] + public IActionResult Post([FromQuery] IdTokenResponse idTokenResponse) + { + + var request = Request; + return NoContent(); + } + + private async Task Validate(IdTokenResponse idTokenResponse) + { + if (idTokenResponse == null) throw new OAuthException(null, null); + if(string.IsNullOrWhiteSpace(idTokenResponse.IdToken)) throw new OAuthException(null, null); + + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Apis/Authorization/WalletOAuthAuthorizationService.cs b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Apis/Authorization/WalletOAuthAuthorizationService.cs new file mode 100644 index 000000000..d1d671904 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Apis/Authorization/WalletOAuthAuthorizationService.cs @@ -0,0 +1,63 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.IdServer.Api; +using SimpleIdServer.IdServer.Api.Authorization; +using SimpleIdServer.IdServer.Api.Authorization.ResponseTypes; +using SimpleIdServer.IdServer.DTOs; +using SimpleIdServer.IdServer.Jwt; +using System.Text.Json.Nodes; + +namespace SimpleIdServer.IdServer.VerifiablePresentation.Apis.Authorization; + +/* +public class WalletOAuthAuthorizationService : IWalletOAuthAuthorizationService +{ + private readonly IJwtBuilder _jwtBuilder; + + public WalletOAuthAuthorizationService(IJwtBuilder jwtBuilder) + { + _jwtBuilder = jwtBuilder; + } + + public string Amr { get; } = Constants.AMR; + + public async Task Handle(HandlerContext context, CancellationToken cancellationToken) + { + // https://hub.ebsi.eu/conformance/learn/verifiable-credential-issuance#id-token-request + var targetUri = context.Request.RequestData.GetRedirectUriFromAuthorizationRequest(); + var scopes = context.Request.RequestData.GetScopesFromAuthorizationRequest(); + var nonce = context.Request.RequestData.GetNonceFromAuthorizationRequest(); + var state = context.Request.RequestData.GetStateFromAuthorizationRequest(); + var clientId = $"{context.GetIssuer()}/{IdServer.Constants.EndPoints.Authorization}"; + var redirectUri = $"{context.GetIssuer()}/{Constants.Endpoints.VpAuthorizePost}"; + var descriptor = new SecurityTokenDescriptor + { + Issuer = context.GetIssuer(), + Audience = context.Client.ClientId, + Claims = new Dictionary + { + { AuthorizationRequestParameters.ResponseType, IdTokenResponseTypeHandler.RESPONSE_TYPE }, + { AuthorizationRequestParameters.ResponseMode, "direct_post" }, + { AuthorizationRequestParameters.ClientId, clientId }, + { AuthorizationRequestParameters.RedirectUri, redirectUri }, + { AuthorizationRequestParameters.Scope, string.Join(" ", scopes) }, + { AuthorizationRequestParameters.Nonce, nonce } + } + }; + if (!string.IsNullOrWhiteSpace(state)) + descriptor.Claims.Add(AuthorizationRequestParameters.State, state); + var jwt = await _jwtBuilder.BuildClientToken(context.Realm, context.Client, descriptor, context.Client.AuthorizationSignedResponseAlg ?? SecurityAlgorithms.RsaSha256, context.Client.AuthorizationEncryptedResponseAlg, context.Client.AuthorizationEncryptedResponseEnc, cancellationToken); + var dic = new Dictionary + { + { AuthorizationRequestParameters.ClientId, clientId }, + { AuthorizationRequestParameters.ResponseType, IdTokenResponseTypeHandler.RESPONSE_TYPE }, + { AuthorizationRequestParameters.ResponseMode, "direct_post" }, + { AuthorizationRequestParameters.Scope, string.Join(" ", scopes) }, + { AuthorizationRequestParameters.RedirectUri, redirectUri }, + { AuthorizationRequestParameters.Request, jwt } + }; + return new RedirectURLAuthorizationResponse(targetUri, dic); + } +} +*/ \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Constants.cs b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Constants.cs index c9cf2793e..c4167bf62 100644 --- a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Constants.cs +++ b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Constants.cs @@ -16,5 +16,6 @@ public static class Endpoints public const string VpAuthorizeQrCode = $"{VpAuthorize}/qr"; public const string VpRegisterStatus = $"{VpRegister}/status"; public const string VpEndRegister = $"{VpRegister}/end"; + public const string VpAuthorizePost = $"{IdServer.Constants.EndPoints.Authorization}/post"; } } diff --git a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/DTOs/AuthorizationRequestClientMetadata.cs b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/DTOs/AuthorizationRequestClientMetadata.cs new file mode 100644 index 000000000..70b181e7f --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/DTOs/AuthorizationRequestClientMetadata.cs @@ -0,0 +1,12 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer.Domains.DTOs; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.IdServer.VerifiablePresentation.DTOs; + +public class AuthorizationRequestClientMetadata +{ + [JsonPropertyName(OAuthClientParameters.JwksUri)] + public string JwksUri { get; set; } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/DTOs/AuthorizationRequestNames.cs b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/DTOs/AuthorizationRequestNames.cs new file mode 100644 index 000000000..89d250d1e --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/DTOs/AuthorizationRequestNames.cs @@ -0,0 +1,8 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +namespace SimpleIdServer.IdServer.VerifiablePresentation.DTOs; + +public static class AuthorizationRequestNames +{ + public const string ClientMetadata = "client_metadata"; +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/DTOs/IdTokenResponse.cs b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/DTOs/IdTokenResponse.cs new file mode 100644 index 000000000..edc051433 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/DTOs/IdTokenResponse.cs @@ -0,0 +1,10 @@ +using Microsoft.AspNetCore.Mvc; +using SimpleIdServer.IdServer.DTOs; + +namespace SimpleIdServer.IdServer.VerifiablePresentation.DTOs; + +public class IdTokenResponse +{ + [FromQuery(Name = AuthorizationResponseParameters.IdToken)] + public string IdToken { get; set; } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Extensions/JsonObjectExtensions.cs b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Extensions/JsonObjectExtensions.cs new file mode 100644 index 000000000..86cd1dd5a --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/Extensions/JsonObjectExtensions.cs @@ -0,0 +1,15 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer.VerifiablePresentation.DTOs; + +namespace System.Text.Json.Nodes; + +public static class JsonObjectExtensions +{ + public static AuthorizationRequestClientMetadata GetClientMetadata(this JsonObject jsonObj) + { + if (!jsonObj.ContainsKey(AuthorizationRequestNames.ClientMetadata)) return null; + var clientMetadata = jsonObj[AuthorizationRequestNames.ClientMetadata].ToJsonString(); + return JsonSerializer.Deserialize(clientMetadata); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/IdServerBuilderExtensions.cs b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/IdServerBuilderExtensions.cs index 681c64d90..06a5d8bf0 100644 --- a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/IdServerBuilderExtensions.cs +++ b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/IdServerBuilderExtensions.cs @@ -2,9 +2,9 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer; -using SimpleIdServer.IdServer.Api; -using SimpleIdServer.IdServer.UI.Services; +using SimpleIdServer.IdServer.Api.Authorization; using SimpleIdServer.IdServer.VerifiablePresentation; +using SimpleIdServer.IdServer.VerifiablePresentation.Apis.Authorization; namespace Microsoft.Extensions.DependencyInjection { diff --git a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/VpAuthenticationMethodService.cs b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/VpAuthenticationMethodService.cs index bc1529824..064dfcef7 100644 --- a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/VpAuthenticationMethodService.cs +++ b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/VpAuthenticationMethodService.cs @@ -13,7 +13,7 @@ public class VpAuthenticationMethodService : IAuthenticationMethodService public Type? OptionsType => typeof(IdServerVpOptions); - public AuthenticationMethodCapabilities Capabilities => AuthenticationMethodCapabilities.USERREGISTRATION; + public AuthenticationMethodCapabilities Capabilities => AuthenticationMethodCapabilities.USERREGISTRATION | AuthenticationMethodCapabilities.USERAUTHENTICATION; public bool IsCredentialExists(User user) { diff --git a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/WebApplicationExtensions.cs b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/WebApplicationExtensions.cs index e75d388c5..ce152e522 100644 --- a/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/WebApplicationExtensions.cs +++ b/src/IdServer/SimpleIdServer.IdServer.VerifiablePresentation/WebApplicationExtensions.cs @@ -32,6 +32,9 @@ public static WebApplication UseVerifiablePresentation(this WebApplication webAp pattern: (usePrefix ? "{prefix}/" : string.Empty) + SimpleIdServer.IdServer.VerifiablePresentation.Constants.Endpoints.VpEndRegister, defaults: new { controller = "VpRegister", action = "EndRegister" }); + webApplication.SidMapControllerRoute("vpAuthorizePost", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + SimpleIdServer.IdServer.VerifiablePresentation.Constants.Endpoints.VpAuthorizePost, + defaults: new { controller = "VpAuthorize", action = "Post" }); return webApplication; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website.Startup/Program.cs b/src/IdServer/SimpleIdServer.IdServer.Website.Startup/Program.cs index 985a1c8fb..495a662e4 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website.Startup/Program.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website.Startup/Program.cs @@ -6,18 +6,19 @@ .AddEnvironmentVariables(); builder.Services.AddRazorPages(); builder.Services.AddServerSideBlazor(); +var isRealmEnabled = bool.Parse(builder.Configuration["IsRealmEnabled"]); builder.Services.AddSIDWebsite(o => { o.IdServerBaseUrl = builder.Configuration["IdServerBaseUrl"]; o.SCIMUrl = builder.Configuration["ScimBaseUrl"]; - o.IsReamEnabled = bool.Parse(builder.Configuration["IsRealmEnabled"]); + o.IsReamEnabled = isRealmEnabled; }); bool forceHttps = false; var forceHttpsStr = builder.Configuration["forceHttps"]; if (!string.IsNullOrWhiteSpace(forceHttpsStr) && bool.TryParse(forceHttpsStr, out bool r)) forceHttps = r; -builder.Services.AddDefaultSecurity(builder.Configuration); +builder.Services.AddDefaultSecurity(builder.Configuration, isRealmEnabled); builder.Services.AddLocalization(); var app = builder.Build(); @@ -31,6 +32,7 @@ app.UseExceptionHandler("/Error"); } +app.Services.AddSIDWebsite(); app.UseStaticFiles(); app.UseRequestLocalization(e => { @@ -38,6 +40,7 @@ e.AddSupportedCultures("en"); e.AddSupportedUICultures("en"); }); +app.UseSidWebsite(); app.UseRouting(); app.UseCookiePolicy(); app.UseAuthentication(); diff --git a/src/IdServer/SimpleIdServer.IdServer.Website.Startup/appsettings.Docker.json b/src/IdServer/SimpleIdServer.IdServer.Website.Startup/appsettings.Docker.json index 7046d3e08..fa2c228f6 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website.Startup/appsettings.Docker.json +++ b/src/IdServer/SimpleIdServer.IdServer.Website.Startup/appsettings.Docker.json @@ -11,7 +11,7 @@ "IdServerBaseUrl": "https://openid.simpleidserver.com", "ScimBaseUrl": "https://scim.simpleidserver.com", "DefaultSecurityOptions": { - "Issuer": "https://openid.simpleidserver.com/master", + "Issuer": "https://openid.simpleidserver.com", "ClientId": "SIDS-manager", "ClientSecret": "password", "Scope": "openid profile", diff --git a/src/IdServer/SimpleIdServer.IdServer.Website.Startup/appsettings.json b/src/IdServer/SimpleIdServer.IdServer.Website.Startup/appsettings.json index 8a90c4a11..2eb600ab0 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website.Startup/appsettings.json +++ b/src/IdServer/SimpleIdServer.IdServer.Website.Startup/appsettings.json @@ -11,10 +11,10 @@ "IdServerBaseUrl": "https://localhost:5001", "ScimBaseUrl": "https://localhost:5003", "DefaultSecurityOptions": { - "Issuer": "https://localhost:5001/master", + "Issuer": "https://localhost:5001", "ClientId": "SIDS-manager", "ClientSecret": "password", - "Scope": "openid profile", + "Scope": "openid profile role", "IgnoreCertificateError": false }, "DetailedErrors": true diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/ApplicationBuilderExtensions.cs b/src/IdServer/SimpleIdServer.IdServer.Website/ApplicationBuilderExtensions.cs new file mode 100644 index 000000000..7414c9287 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/ApplicationBuilderExtensions.cs @@ -0,0 +1,15 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Builder; +using SimpleIdServer.IdServer.Website.Middlewares; + +namespace Microsoft.AspNetCore.Builder; + +public static class ApplicationBuilderExtensions +{ + public static IApplicationBuilder UseSidWebsite(this IApplicationBuilder builder) + { + builder.UseMiddleware(); + return builder; + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Controllers/LogoutController.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Controllers/LogoutController.cs index 0348dd305..b649666a5 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Controllers/LogoutController.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Controllers/LogoutController.cs @@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Caching.Distributed; +using Microsoft.Extensions.Options; using Microsoft.IdentityModel.JsonWebTokens; namespace SimpleIdServer.IdServer.Website.Controllers @@ -12,11 +13,12 @@ namespace SimpleIdServer.IdServer.Website.Controllers public class LogoutController : Controller { private readonly IDistributedCache _distributedCache; + private readonly IdServerWebsiteOptions _options; - public LogoutController(IDistributedCache distributedCache) + public LogoutController(IDistributedCache distributedCache, IOptions options) { _distributedCache = distributedCache; - + _options = options.Value; } [Route("logout")] @@ -31,10 +33,10 @@ public IActionResult SignOut() [Route("oidccallback")] public IActionResult OidcSignoutCallback() - { + { return SignOut(new AuthenticationProperties { - RedirectUri = Url.Content("~/") + RedirectUri = Url.Content(_options.IsReamEnabled ? "~/master/clients" : "~/") }, CookieAuthenticationDefaults.AuthenticationScheme); } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/CookieConfigureNamedOptions.cs b/src/IdServer/SimpleIdServer.IdServer.Website/CookieConfigureNamedOptions.cs new file mode 100644 index 000000000..72c5faa5c --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/CookieConfigureNamedOptions.cs @@ -0,0 +1,37 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Authentication.Cookies; +using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.Options; + +namespace SimpleIdServer.IdServer.Website; + +public class CookieConfigureNamedOptions : IConfigureNamedOptions +{ + private readonly IHttpContextAccessor _httpContextAccessor; + private readonly Action _configureAction; + + public CookieConfigureNamedOptions(IHttpContextAccessor httpContextAccessor, Action configureAction) + { + _httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor)); + _configureAction = configureAction ?? throw new ArgumentNullException(nameof(configureAction)); + } + + public void Configure(string name, CookieAuthenticationOptions options) + { + if (!string.Equals(name, CookieAuthenticationDefaults.AuthenticationScheme, StringComparison.Ordinal)) + { + return; + } + + if (_httpContextAccessor?.HttpContext == null) + { + throw new InvalidOperationException("HttpContext is not available."); + } + + _configureAction(options, _httpContextAccessor.HttpContext); + } + + public void Configure(CookieAuthenticationOptions options) + => Configure(string.Empty, options); +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/CookieOptionsMonitor.cs b/src/IdServer/SimpleIdServer.IdServer.Website/CookieOptionsMonitor.cs new file mode 100644 index 000000000..7e27664f5 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/CookieOptionsMonitor.cs @@ -0,0 +1,25 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Authentication.Cookies; +using Microsoft.Extensions.Options; + +namespace SimpleIdServer.IdServer.Website; + +public class CookieOptionsMonitor : IOptionsMonitor +{ + private readonly IOptionsFactory _optionsFactory; + + public CookieOptionsMonitor(IOptionsFactory optionsFactory) + { + _optionsFactory = optionsFactory; + } + + public CookieAuthenticationOptions CurrentValue => Get(string.Empty); + + public CookieAuthenticationOptions Get(string name) + { + return _optionsFactory.Create(name); + } + + public IDisposable OnChange(Action listener) => null; +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Helpers/UrlHelper.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Helpers/UrlHelper.cs new file mode 100644 index 000000000..dfcb3c781 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Helpers/UrlHelper.cs @@ -0,0 +1,28 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.Extensions.Options; + +namespace SimpleIdServer.IdServer.Website.Helpers; + +public interface IUrlHelper +{ + string GetUrl(string url); +} + +public class UrlHelper : IUrlHelper +{ + private readonly IdServerWebsiteOptions _options; + + public UrlHelper(IOptions options) + { + _options = options.Value; + } + + public string GetUrl(string url) + { + if (!_options.IsReamEnabled) return url; + var realmContext = IdServer.Helpers.RealmContext.Instance(); + return string.IsNullOrWhiteSpace(realmContext.Realm) ? url : $"/{realmContext.Realm}{url}"; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/IdServerRouter.razor b/src/IdServer/SimpleIdServer.IdServer.Website/IdServerRouter.razor index 88ef990f1..e781b08d8 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/IdServerRouter.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/IdServerRouter.razor @@ -1,14 +1,18 @@ - +@using SimpleIdServer.IdServer.Website.Infrastructures; - - - - - - - Not found - -

Sorry, there's nothing at this address.

- - - \ No newline at end of file + + + + + + + + + + Not found + +

Sorry, there's nothing at this address.

+ + + + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Infrastructures/RealmMiddleware.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Infrastructures/RealmMiddleware.cs new file mode 100644 index 000000000..6ffbd9b4f --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Infrastructures/RealmMiddleware.cs @@ -0,0 +1,99 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.Options; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; +using System.Net; + +namespace SimpleIdServer.IdServer.Website.Middlewares; + +public class RealmMiddleware +{ + private static List _excludedRoutes = new List + { + "/_blazor", + "/logout", + "/Culture", + "/login", + "/callback", + "/signout-callback-oidc", + "/oidccallback", + "/bc-logout" + }; + private static List _excludedFileExtensions = new List + { + ".js", + ".css", + ".woff" + }; + private readonly RequestDelegate _next; + private readonly IdServerWebsiteOptions _options; + private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; + + public RealmMiddleware( + RequestDelegate next, + IOptions options, + IWebsiteHttpClientFactory websiteHttpClientFactory) + { + _next = next; + _options = options.Value; + _websiteHttpClientFactory = websiteHttpClientFactory; + } + + public async Task InvokeAsync(HttpContext context) + { + var path = context.Request.Path.Value; + if(_excludedFileExtensions.Any(r => path.EndsWith(r)) + || _excludedRoutes.Any(r => path.StartsWith(r)) + || !_options.IsReamEnabled) + { + await _next.Invoke(context); + return; + } + + if(string.IsNullOrWhiteSpace(path)) + { + ReturnNotFound(context); + return; + } + + var splitted = path.Split('/').Where(p => !string.IsNullOrWhiteSpace(p)); + if(splitted.Count() < 2) + { + ReturnNotFound(context); + return; + } + + var currentRealm = splitted.First(); + var existingRealms = await GetRealms(); + if(!existingRealms.Any(r => r.Name == currentRealm)) + { + ReturnNotFound(context); + return; + } + + RealmContext.Instance().Realm = currentRealm; + await _next.Invoke(context); + } + + private void ReturnNotFound(HttpContext context) + { + context.Response.StatusCode = (int)HttpStatusCode.NotFound; + } + + private async Task> GetRealms() + { + var url = $"{_options.IdServerBaseUrl}/realms"; + var httpClient = await _websiteHttpClientFactory.Build(Constants.DefaultRealm); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri(url), + Method = HttpMethod.Get + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var realms = SidJsonSerializer.Deserialize>(json); + return realms; + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Infrastructures/RealmRouter.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Infrastructures/RealmRouter.cs new file mode 100644 index 000000000..8f8056a3d --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Infrastructures/RealmRouter.cs @@ -0,0 +1,146 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.Components; +using Microsoft.AspNetCore.Components.Routing; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Options; +using SimpleIdServer.IdServer.Domains; +using System.Reflection; +using System.Text.RegularExpressions; + +namespace SimpleIdServer.IdServer.Website.Infrastructures; + +public class RealmRouter : IComponent, IHandleAfterRender, IDisposable +{ + private RenderHandle _renderHandle; + private Dictionary> _routeableComponents; + internal static IServiceProvider _serviceProvider; + [Inject] private NavigationManager NavigationManager { get; set; } + [Parameter] public Assembly AppAssembly { get; set; } + [Parameter] public RenderFragment Found { get; set; } + [Parameter] public RenderFragment NotFound { get; set; } + + public void Attach(RenderHandle renderHandle) + { + _renderHandle = renderHandle; + NavigationManager.LocationChanged += OnLocationChanged; + _routeableComponents = GetRouteableComponents(); + } + + public async Task SetParametersAsync(ParameterView parameters) + { + parameters.SetParameterProperties(this); + var locationPath = NavigationManager.ToBaseRelativePath(NavigationManager.Uri); + await Navigate(locationPath); + } + + public void Dispose() + { + NavigationManager.LocationChanged -= OnLocationChanged; + } + + public Task OnAfterRenderAsync() + { + return Task.CompletedTask; + } + + private async Task Navigate(string locationPath) + { + var options = _serviceProvider.GetRequiredService>(); + var routeParameters = new Dictionary(); + Type handlerContext = null; + if (!options.Value.IsReamEnabled) + { + if (!locationPath.StartsWith("/")) + locationPath = $"/{locationPath}"; + if (!IsMatch(locationPath, _routeableComponents, out routeParameters, out handlerContext)) + { + _renderHandle.Render(NotFound); + return; + } + + var routeData = new RouteData(handlerContext, routeParameters); + _renderHandle.Render(Found(routeData)); + return; + } + else + { + var realms = await GetRealms(options); + var realm = string.IsNullOrWhiteSpace(locationPath) ? Constants.DefaultRealm : locationPath.Split("/").First(); + var pathWithoutRealm = locationPath.Replace(realm, string.Empty); + if (!IsMatch(pathWithoutRealm, _routeableComponents, out routeParameters, out handlerContext)) + { + _renderHandle.Render(NotFound); + return; + } + + var routeData = new RouteData(handlerContext, routeParameters); + _renderHandle.Render(Found(routeData)); + } + } + + private async void OnLocationChanged(object sender, LocationChangedEventArgs args) + { + if(_renderHandle.IsInitialized && _routeableComponents != null) + { + var locationPath = NavigationManager.ToBaseRelativePath(args.Location); + _ = Navigate(locationPath); + } + } + + private async Task> GetRealms(IOptions options) + { + var httpClientFactory = _serviceProvider.GetRequiredService(); + var url = $"{options.Value.IdServerBaseUrl}/realms"; + var httpClient = await httpClientFactory.Build(); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri(url), + Method = HttpMethod.Get + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var realms = SidJsonSerializer.Deserialize>(json); + return realms; + } + + private bool IsMatch(string path, Dictionary> routableComponents, out Dictionary parameters, out Type handlerContext) + { + parameters = new Dictionary(); + handlerContext = null; + var context = routableComponents.FirstOrDefault(c => c.Value.Any(r => Regex.IsMatch(path, r.Value))); + if (context.Key == null) return false; + handlerContext = context.Key; + var kvp = context.Value.First(c => Regex.IsMatch(path, c.Value)); + var templateElements = kvp.Key.Split("/"); + var urlElements = path.Split("/"); + for(var i = 0; i < templateElements.Count(); i++) + { + var elt = templateElements[i]; + if (Regex.IsMatch(elt, "^{\\w*}$")) + parameters.Add(elt.Replace("{", "").Replace("}", ""), urlElements.ElementAt(i)); + } + + return true; + } + + private Dictionary> GetRouteableComponents() + { + var assembly = typeof(RealmRouter).Assembly; + var components = new List(); + var dic = new Dictionary>(); + foreach(var type in assembly.ExportedTypes) + { + if(typeof(IComponent).IsAssignableFrom(type) && type.IsDefined(typeof(RouteAttribute))) + { + var routeAttributes = type.GetCustomAttributes(inherit: false); + var templates = routeAttributes.ToDictionary(r => r.Template, r => $"^{Regex.Replace(r.Template, "{\\w*}", "(\\d|\\w|-)*")}$"); + if(!templates.ContainsKey(@"/")) + dic.Add(type, templates); + } + } + + return dic; + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Infrastructures/UserSessionRepository.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Infrastructures/UserSessionRepository.cs new file mode 100644 index 000000000..f452b15ab --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Infrastructures/UserSessionRepository.cs @@ -0,0 +1,59 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.Extensions.Caching.Distributed; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; + +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.IdServer.Stores; + +namespace SimpleIdServer.IdServer.Website.Infrastructures; + +public class UserSessionRepository : IUserSessionResitory +{ + private readonly IDistributedCache _distributedCache; + + public UserSessionRepository(IDistributedCache distributedCache) + { + _distributedCache = distributedCache; + } + + public void Add(UserSession session) + { + throw new NotImplementedException(); + } + + public Task> GetActive(string userId, string realm, CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + + public async Task GetById(string sessionId, string realm, CancellationToken cancellationToken) + { + var cacheValue = await _distributedCache.GetStringAsync(sessionId); + if (cacheValue == null) return new UserSession + { + ExpirationDateTime = DateTime.UtcNow.AddDays(2) + }; + await _distributedCache.RemoveAsync(sessionId); + return null; + } + + public Task> GetInactiveAndNotNotified(CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + + public Task> Search(string userId, string realm, SearchRequest request, CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + + public void Update(UserSession session) + { + throw new NotImplementedException(); + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Acrs.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Acrs.razor index e2dc2dfb4..0198cdb8d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Acrs.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Acrs.razor @@ -2,13 +2,14 @@ @using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; @using Microsoft.AspNetCore.Http; @using Microsoft.Extensions.Options; +@using SimpleIdServer.IdServer.Helpers +@using SimpleIdServer.IdServer.Website.Infrastructures @using SimpleIdServer.IdServer.Website.Resources; @using SimpleIdServer.IdServer.Website.Stores.AcrsStore; @using SimpleIdServer.IdServer.Website.Stores.RealmStore; @using SimpleIdServer.IdServer.Website.Stores.RegistrationWorkflowStore; @inherits Fluxor.Blazor.Web.Components.FluxorComponent @inject DialogService dialogService -@inject ProtectedSessionStorage sessionStorage @inject ContextMenuService contextMenuService @inject NotificationService notificationService @inject IOptions Options; @@ -18,82 +19,97 @@ @inject IState registrationWorkflowsState @inject DefaultSecurityOptions securityOptions -
-
- -

- @Global.AcrsDescription -

-
-
- -
-
+ + +
+
+ +

+ @Global.AcrsDescription +

+
+
+ + + + + +
+
- - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + @Global.NotAuthorized + + @code { RadzenDataGrid acrsGrid; @@ -110,7 +126,7 @@ notificationService.Notify(new NotificationMessage { Severity = NotificationSeverity.Success, Summary = Global.SelectedAcrsRemoved }); StateHasChanged(); }); - if (!acrsState.Value.IsLoading) + if (!acrsState.Value.IsLoading && acrsGrid != null) acrsGrid.Reload(); } } @@ -184,8 +200,7 @@ async Task GetRealm() { - var realm = await sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realmStr = !string.IsNullOrWhiteSpace(RealmContext.Instance()?.Realm) ? RealmContext.Instance()?.Realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return realmStr; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AddRealm.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AddRealm.razor index 163b26ec7..1fb2d740e 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AddRealm.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AddRealm.razor @@ -1,4 +1,4 @@ -@page "/realm/add" +@page "/addrealm" @using SimpleIdServer.IdServer.Website.Stores.RealmStore; @using SimpleIdServer.IdServer.Website.Resources @inject IState updateRealmState @@ -6,6 +6,7 @@ @inject IDispatcher dispatcher @inject NotificationService notificationService @inject NavigationManager navigationManager +@inject IUrlHelper urlHelper @@ -46,7 +47,7 @@ SubscribeToAction((act) => { notificationService.Notify(new NotificationMessage { Severity = NotificationSeverity.Success, Summary = Global.RealmAdded }); - navigationManager.NavigateTo("/clients"); + navigationManager.NavigateTo(urlHelper.GetUrl("/realm/overview")); }); } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Auditing.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Auditing.razor index 672baab3b..0ad0b247e 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Auditing.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Auditing.razor @@ -7,47 +7,53 @@ @using SimpleIdServer.IdServer.Website.Stores.Auditing; @using SimpleIdServer.IdServer.Website.Stores.RealmStore; + + + - +
+ + +
-
- - -
- - - - - - - - - - - - - + + + + + + + + + + + + + + + @Global.NotAuthorized + + @code { RadzenDataGrid auditEvtsGrid; @@ -58,11 +64,6 @@ base.OnAfterRender(firstRender); if(firstRender) { - SubscribeToAction((act) => - { - auditEvtsGrid.Reload(); - StateHasChanged(); - }); if (!searchAuditingRecordsState.Value.IsLoading) auditEvtsGrid.Reload(); } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AuthMethod.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AuthMethod.razor index 3c6b7d61c..0d8fccbef 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AuthMethod.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AuthMethod.razor @@ -3,13 +3,14 @@ @inject IDispatcher dispatcher @inject NotificationService notificationService @inject ContextMenuService contextMenuService +@inject IUrlHelper urlHelper @inherits Fluxor.Blazor.Web.Components.FluxorComponent @using SimpleIdServer.IdServer.Website.Resources; @using SimpleIdServer.IdServer.Api.AuthenticationMethods @using SimpleIdServer.IdServer.Website.Stores.AuthMethodsStore; - + diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AuthMethods.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AuthMethods.razor index ed372fdf9..b9179df5d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AuthMethods.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/AuthMethods.razor @@ -1,5 +1,6 @@ @inject IState authMethodsState @inject IDispatcher dispatcher +@inject IUrlHelper urlHelper @inherits Fluxor.Blazor.Web.Components.FluxorComponent @using SimpleIdServer.IdServer.Website.Resources; @using SimpleIdServer.IdServer.Api.AuthenticationMethods @@ -160,7 +161,7 @@ string GetAuthMethodUrl(AuthenticationMethodResult authMethod) { if (string.IsNullOrWhiteSpace(authMethod.OptionsName)) return null; - return "/authentications/authmethods/" + authMethod.Id + "/options"; + return urlHelper.GetUrl("/authentications/authmethods/" + authMethod.Id + "/options"); } string GetPicture(AuthenticationMethodResult authMethod) diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Authentications.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Authentications.razor index d19ad8d40..f696e7c43 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Authentications.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Authentications.razor @@ -7,28 +7,39 @@ @inject NavigationManager navigationManager @inherits Fluxor.Blazor.Web.Components.FluxorLayout -
- -
+ + +
+ +
- - - - - - - - - - - - + + + + + + + + + + + + + + + + + + @Global.NotAuthorized + + @code { Dictionary mappingActionNameToIndex = new Dictionary { { "authmethods", 0 }, - { "idproviders", 1 } + { "idproviders", 1 }, + { "lockaccount", 2 } }; [Parameter] @@ -49,6 +60,10 @@ { isLoading = false; }); + SubscribeToAction((act) => + { + isLoading = false; + }); } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorities.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorities.razor index bf00327e8..3f1a2b236 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorities.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorities.razor @@ -7,68 +7,84 @@ @using System.Security.Cryptography.X509Certificates; @inject ContextMenuService contextMenuService @inject DialogService dialogService +@inject IUrlHelper urlHelper @inject NotificationService notificationService @inject IJSRuntime JS @inject IDispatcher dispatcher @inject IState searchCertificateAuthoritiesState -
-
- -

- @((MarkupString)(Global.CertificateAuthoritiesDescription)) -

-
-
- -
-
+ + +
+
+ +

+ @((MarkupString)(Global.CertificateAuthoritiesDescription)) +

+
+
+ + + + + +
+
- - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + @Global.NotAuthorized + + @code { bool selectAll = false; @@ -79,11 +95,6 @@ base.OnAfterRender(firstRender); if (firstRender) { - SubscribeToAction((act) => - { - caGrid.Reload(); - StateHasChanged(); - }); SubscribeToAction((act) => { notificationService.Notify(new NotificationMessage { Severity = NotificationSeverity.Success, Summary = Global.SelectedCertificateAuthoritiesRemoved }); diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthority.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthority.razor index b0d15bfd8..23ad19163 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthority.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthority.razor @@ -7,33 +7,41 @@ @inject NavigationManager navigationManager @inject IState certificateAuthorityState @inject IDispatcher dispatcher +@inject IUrlHelper urlHelper - - - - + + + + + + - + -@if (certificateAuthorityState.Value.CertificateAuthority != null) -{ -
- -
-} + @if (certificateAuthorityState.Value.CertificateAuthority != null) + { +
+ +
+ } - - - - - - - - - - - - + + + + + + + + + + + + + + + @Global.NotAuthorized + + @code { Dictionary mappingActionNameToIndex = new Dictionary @@ -53,13 +61,6 @@ protected override void OnAfterRender(bool firstRender) { base.OnAfterRender(firstRender); - if (firstRender) - { - SubscribeToAction((act) => - { - navigationManager.NavigateTo("/certificateauthorities"); - }); - } } protected override void OnParametersSet() @@ -74,6 +75,6 @@ void OnChange(int index) { var rec = mappingActionNameToIndex.Single(kvp => kvp.Value == index); - navigationManager.NavigateTo($"/certificateauthorities/{id}/{rec.Key}"); + navigationManager.NavigateTo(urlHelper.GetUrl($"/certificateauthorities/{id}/{rec.Key}")); } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorityClients.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorityClients.razor index 5152e04ac..c27519415 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorityClients.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorityClients.razor @@ -10,7 +10,11 @@ @inject DialogService dialogService @inject ContextMenuService contextMenuService - + + + + + diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorityDetails.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorityDetails.razor index 9a4eb910c..8b5ed9808 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorityDetails.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/CertificateAuthorityDetails.razor @@ -73,7 +73,11 @@ break; } - Download()) Variant="Variant.Flat" ButtonType="ButtonType.Button" ButtonStyle="ButtonStyle.Primary" Text="@Global.Download" /> + + + Download()) Variant="Variant.Flat" ButtonType="ButtonType.Button" ButtonStyle="ButtonStyle.Primary" Text="@Global.Download" /> + + } @code { diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Client.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Client.razor index 1652c7cc8..40a6d8ff3 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Client.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Client.razor @@ -1,4 +1,5 @@ @page "/clients/{id}/{action}" +@using SimpleIdServer.IdServer.Website.Infrastructures @using SimpleIdServer.IdServer.Website.Resources; @using SimpleIdServer.IdServer.Website.Stores.ClientStore; @using SimpleIdServer.IdServer.Website.Stores.RealmStore; @@ -6,45 +7,56 @@ @inherits Fluxor.Blazor.Web.Components.FluxorLayout @inject NotificationService notificationService @inject NavigationManager navigationManager +@inject IUrlHelper urlHelper @layout MainLayout @inject IState clientState @inject IDispatcher dispatcher - - - - + + + + + + - + -
- -
+
+ +
- - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

@Global.NotAuthorized

+ + @code { Dictionary mappingActionNameToIndex = new Dictionary @@ -54,7 +66,8 @@ { "keys", 2 }, { "credentials", 3 }, { "roles", 4 }, - { "advanced", 5 } + { "advanced", 5 }, + { "realms", 6 } }; [Parameter] @@ -68,13 +81,6 @@ protected override void OnAfterRender(bool firstRender) { base.OnAfterRender(firstRender); - if(firstRender) - { - SubscribeToAction((act) => - { - navigationManager.NavigateTo("/clients"); - }); - } } protected override void OnParametersSet() @@ -94,6 +100,6 @@ void OnChange(int index) { var rec = mappingActionNameToIndex.Single(kvp => kvp.Value == index); - navigationManager.NavigateTo($"/clients/{id}/{rec.Key}"); + navigationManager.NavigateTo(urlHelper.GetUrl($"/clients/{System.Web.HttpUtility.UrlEncode(id)}/{rec.Key}")); } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientAdvanced.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientAdvanced.razor index cf170b8cf..6934c2361 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientAdvanced.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientAdvanced.razor @@ -121,7 +121,11 @@ - + + + + + @code { diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientCredentials.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientCredentials.razor index 9cf82818a..4162e8436 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientCredentials.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientCredentials.razor @@ -65,7 +65,11 @@ break; } - + + + + + @code { diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientKeys.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientKeys.razor index 62bf51fc4..d0d154b8a 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientKeys.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/ClientKeys.razor @@ -20,14 +20,22 @@ - + + + + +
- + + + + + - @@ -58,7 +64,11 @@ diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/UserSettings.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/UserSettings.razor index 461c475fa..df43b41d2 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/UserSettings.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/UserSettings.razor @@ -20,6 +20,19 @@ @Global.Name
+ + @if(updateUserSettings.UnblockDateTime != null) + { +
+ @Global.UnblockDateTime + +
+ } + +
+ @Global.NbLoginAttempt + +
@Global.CreatedAt @@ -60,8 +73,13 @@ @bind-Value=@updateUserSettings.NotificationMode>
- + + + + + + @code { [Parameter] public SimpleIdServer.IdServer.Domains.User User { get; set; } @@ -78,6 +96,8 @@ public string? Firstname { get; set; } = null; public string? Lastname { get; set; } = null; public string? NotificationMode { get; set; } = null; + public DateTime? UnblockDateTime { get; set; } = null; + public int NbLoginAttempt { get; set; } } protected override void OnAfterRender(bool firstRender) @@ -90,6 +110,11 @@ notificationService.Notify(new NotificationMessage { Severity = NotificationSeverity.Success, Summary = Global.UserDetailsUpdated }); StateHasChanged(); }); + SubscribeToAction((act) => + { + notificationService.Notify(new NotificationMessage { Severity = NotificationSeverity.Error, Summary = act.ErrorMessage }); + StateHasChanged(); + }); } } @@ -106,7 +131,9 @@ Email = this.User.Email, Firstname = this.User.Firstname, Lastname = this.User.Lastname, - NotificationMode = this.User.NotificationMode + NotificationMode = this.User.NotificationMode, + UnblockDateTime = this.User.UnblockDateTime, + NbLoginAttempt = this.User.NbLoginAttempt }; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Users.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Users.razor index 667855211..7e03cdbbe 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Users.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Pages/Users.razor @@ -4,73 +4,89 @@ @inject NotificationService notificationService @inject DialogService dialogService @inject ContextMenuService contextMenuService +@inject IUrlHelper urlHelper @inherits Fluxor.Blazor.Web.Components.FluxorComponent @using SimpleIdServer.IdServer.Website.Resources; @using SimpleIdServer.IdServer.Website.Stores.RealmStore; @using SimpleIdServer.IdServer.Website.Stores.UserStore; -
-
- -

- @Global.UsersDescription -

-
-
- -
-
+ + +
+
+ +

+ @Global.UsersDescription +

+
+
+ + + + + +
+
- - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + @Global.NotAuthorized + + @code { bool selectAll = false; @@ -86,11 +102,6 @@ base.OnAfterRender(firstRender); if(firstRender) { - SubscribeToAction((act) => - { - gridUsers.Reload(); - StateHasChanged(); - }); SubscribeToAction(async (act) => { notificationService.Notify(new NotificationMessage { Severity = NotificationSeverity.Success, Summary = Global.UserAdded }); diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Resources/Global.Designer.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Resources/Global.Designer.cs index 7c01af5df..606b4c6aa 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Resources/Global.Designer.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Resources/Global.Designer.cs @@ -231,6 +231,15 @@ public static string AddCredential { } } + /// + /// Recherche une chaîne localisée semblable à Add federation entity. + /// + public static string AddFederationEntity { + get { + return ResourceManager.GetString("AddFederationEntity", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Add group. /// @@ -285,6 +294,15 @@ public static string AddMember { } } + /// + /// Recherche une chaîne localisée semblable à Add permission. + /// + public static string AddPermission { + get { + return ResourceManager.GetString("AddPermission", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Add realm. /// @@ -321,6 +339,15 @@ public static string AddScope { } } + /// + /// Recherche une chaîne localisée semblable à Add trust anchor. + /// + public static string AddTrustAnchor { + get { + return ResourceManager.GetString("AddTrustAnchor", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Add user. /// @@ -429,6 +456,15 @@ public static string AssignedGroups { } } + /// + /// Recherche une chaîne localisée semblable à Assigned realms. + /// + public static string AssignedRealms { + get { + return ResourceManager.GetString("AssignedRealms", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Assigned resources. /// @@ -447,6 +483,15 @@ public static string AssignGroups { } } + /// + /// Recherche une chaîne localisée semblable à Assign realms. + /// + public static string AssignRealms { + get { + return ResourceManager.GetString("AssignRealms", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Assign. /// @@ -672,6 +717,15 @@ public static string AutomaticIdentityProvisioning { } } + /// + /// Recherche une chaîne localisée semblable à Available realms. + /// + public static string AvailableRealms { + get { + return ResourceManager.GetString("AvailableRealms", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Available resources. /// @@ -717,6 +771,15 @@ public static string BackChannelLogoutUriTooltip { } } + /// + /// Recherche une chaîne localisée semblable à Blocked. + /// + public static string Blocked { + get { + return ResourceManager.GetString("Blocked", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Realm cannot be added because the option is disabled. /// @@ -1005,6 +1068,15 @@ public static string ClientDetailsTitle { } } + /// + /// Recherche une chaîne localisée semblable à Expiration time. + /// + public static string ClientExpirationTime { + get { + return ResourceManager.GetString("ClientExpirationTime", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Client identifier. /// @@ -1014,6 +1086,24 @@ public static string ClientIdentifier { } } + /// + /// Recherche une chaîne localisée semblable à Select one or more realms. + /// + public static string ClientRealmsDescription { + get { + return ResourceManager.GetString("ClientRealmsDescription", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Client registration types. + /// + public static string ClientRegistrationTypes { + get { + return ResourceManager.GetString("ClientRegistrationTypes", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Client role has been added. /// @@ -1140,6 +1230,15 @@ public static string ClientSettingsUpdated { } } + /// + /// Recherche une chaîne localisée semblable à The client realms have been updated. + /// + public static string ClientsRealmsUpdated { + get { + return ResourceManager.GetString("ClientsRealmsUpdated", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Clients. /// @@ -1149,6 +1248,15 @@ public static string ClientsTitle { } } + /// + /// Recherche une chaîne localisée semblable à Component. + /// + public static string Component { + get { + return ResourceManager.GetString("Component", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Configure. /// @@ -1599,6 +1707,15 @@ public static string ErrorMessage { } } + /// + /// Recherche une chaîne localisée semblable à Errors. + /// + public static string Errors { + get { + return ResourceManager.GetString("Errors", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Ethereum contract has been deployed. /// @@ -1626,6 +1743,15 @@ public static string EthrNetworkExists { } } + /// + /// Recherche une chaîne localisée semblable à Exception. + /// + public static string Exception { + get { + return ResourceManager.GetString("Exception", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Execution history.. /// @@ -1725,6 +1851,33 @@ public static string ExtractionResult { } } + /// + /// Recherche une chaîne localisée semblable à Manage the trust anchors used by the identity server.. + /// + public static string FederationEntitiesDescription { + get { + return ResourceManager.GetString("FederationEntitiesDescription", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Federation entities. + /// + public static string FederationEntitiesTitle { + get { + return ResourceManager.GetString("FederationEntitiesTitle", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Entity type. + /// + public static string FederationEntityType { + get { + return ResourceManager.GetString("FederationEntityType", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Filter the authentication methods by their capabilities. /// @@ -2580,6 +2733,15 @@ public static string Loading { } } + /// + /// Recherche une chaîne localisée semblable à Lock account. + /// + public static string LockAccount { + get { + return ResourceManager.GetString("LockAccount", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Login. /// @@ -2834,6 +2996,15 @@ public static string NameIsRequired { } } + /// + /// Recherche une chaîne localisée semblable à Number of login attempts. + /// + public static string NbLoginAttempt { + get { + return ResourceManager.GetString("NbLoginAttempt", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à No. /// @@ -2852,6 +3023,15 @@ public static string NoProperties { } } + /// + /// Recherche une chaîne localisée semblable à You are not authorized. + /// + public static string NotAuthorized { + get { + return ResourceManager.GetString("NotAuthorized", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Notification mode. /// @@ -3005,6 +3185,15 @@ public static string Pending { } } + /// + /// Recherche une chaîne localisée semblable à Permissions. + /// + public static string Permissions { + get { + return ResourceManager.GetString("Permissions", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à It introduces a secret generated by the calling application that can be validated by the authorization server.. /// @@ -3167,6 +3356,42 @@ public static string RealmExists { } } + /// + /// Recherche une chaîne localisée semblable à Realm permissions. + /// + public static string RealmPermissions { + get { + return ResourceManager.GetString("RealmPermissions", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Select one or more permissions assigned to the realm. You must reconnect to the administration website for the changes to take effect.. + /// + public static string RealmPermissionsDescription { + get { + return ResourceManager.GetString("RealmPermissionsDescription", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Roles have been updated. + /// + public static string RealmRoleScopesUpdated { + get { + return ResourceManager.GetString("RealmRoleScopesUpdated", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Realms. + /// + public static string Realms { + get { + return ResourceManager.GetString("Realms", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Redirection URLs. /// @@ -3302,6 +3527,15 @@ public static string Rejected { } } + /// + /// Recherche une chaîne localisée semblable à {0} errors. + /// + public static string RelaunchErrors { + get { + return ResourceManager.GetString("RelaunchErrors", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Remove. /// @@ -3365,6 +3599,15 @@ public static string Resource { } } + /// + /// Recherche une chaîne localisée semblable à Resources. + /// + public static string Resources { + get { + return ResourceManager.GetString("Resources", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Resource type. /// @@ -3835,6 +4078,15 @@ public static string SelectedEthrNetworksRemoved { } } + /// + /// Recherche une chaîne localisée semblable à The selected federation entities have been removed. + /// + public static string SelectedFederationEntitiesRemoved { + get { + return ResourceManager.GetString("SelectedFederationEntitiesRemoved", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Selected grants have been rejected. /// @@ -3889,6 +4141,15 @@ public static string SelectedIdProvidersRemoved { } } + /// + /// Recherche une chaîne localisée semblable à the selected realm roles are removed. + /// + public static string SelectedRealmRolesRemoved { + get { + return ResourceManager.GetString("SelectedRealmRolesRemoved", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Selected registration workflows have been removed. /// @@ -4422,6 +4683,69 @@ public static string TotpDescription { } } + /// + /// Recherche une chaîne localisée semblable à Trust anchor. + /// + public static string TrustAnchor { + get { + return ResourceManager.GetString("TrustAnchor", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Trust anchor has been added. + /// + public static string TrustAnchorAdded { + get { + return ResourceManager.GetString("TrustAnchorAdded", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à A Trust Anchor is an Entity whose main purpose is to issue statements about Entities. + /// + public static string TrustAnchorDescription { + get { + return ResourceManager.GetString("TrustAnchorDescription", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à TODO. + /// + public static string TrustAnchorsDescription { + get { + return ResourceManager.GetString("TrustAnchorsDescription", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Entity that represents a trusted third party. + /// + public static string TrustAnchorShortDescription { + get { + return ResourceManager.GetString("TrustAnchorShortDescription", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Trust anchors. + /// + public static string TrustAnchorsTitle { + get { + return ResourceManager.GetString("TrustAnchorsTitle", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Trust entity. + /// + public static string TrustEntity { + get { + return ResourceManager.GetString("TrustEntity", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Try to extract the users. /// @@ -4458,6 +4782,15 @@ public static string Unassign { } } + /// + /// Recherche une chaîne localisée semblable à Unassign realms. + /// + public static string UnassignRealms { + get { + return ResourceManager.GetString("UnassignRealms", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Unassign. /// @@ -4467,6 +4800,15 @@ public static string UnassignResources { } } + /// + /// Recherche une chaîne localisée semblable à Unblock datetime. + /// + public static string UnblockDateTime { + get { + return ResourceManager.GetString("UnblockDateTime", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à The client '{0}' doesn't exist. /// @@ -4584,6 +4926,15 @@ public static string Url { } } + /// + /// Recherche une chaîne localisée semblable à Url is required. + /// + public static string UrlIsRequired { + get { + return ResourceManager.GetString("UrlIsRequired", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à URL is required. /// @@ -4827,6 +5178,15 @@ public static string UserIdentifierDescription { } } + /// + /// Recherche une chaîne localisée semblable à Options have been updated. + /// + public static string UserLockingOptionsUpdated { + get { + return ResourceManager.GetString("UserLockingOptionsUpdated", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à User management. /// @@ -5097,6 +5457,15 @@ public static string WebAuthn { } } + /// + /// Recherche une chaîne localisée semblable à Welcome {0}. + /// + public static string Welcome { + get { + return ResourceManager.GetString("Welcome", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Workflow. /// diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Resources/Global.resx b/src/IdServer/SimpleIdServer.IdServer.Website/Resources/Global.resx index 557029356..2ecfd1328 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Resources/Global.resx +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Resources/Global.resx @@ -1824,4 +1824,127 @@ The <b>authorization_signed_response_alg</b> will be set to <b> Support user registration + + Errors + + + {0} errors + + + Exception + + + Lock account + + + Options have been updated + + + Blocked + + + Unblock datetime + + + Number of login attempts + + + Client registration types + + + Expiration time + + + Add trust anchor + + + TODO + + + Trust anchors + + + Add federation entity + + + Manage the trust anchors used by the identity server. + + + Federation entities + + + Trust anchor + + + Trust entity + + + Entity that represents a trusted third party + + + A Trust Anchor is an Entity whose main purpose is to issue statements about Entities + + + Url is required + + + Trust anchor has been added + + + Entity type + + + The selected federation entities have been removed + + + Resources + + + Realms + + + Assigned realms + + + Assign realms + + + Available realms + + + Unassign realms + + + Select one or more realms + + + The client realms have been updated + + + You are not authorized + + + the selected realm roles are removed + + + Permissions + + + Component + + + Add permission + + + Roles have been updated + + + Realm permissions + + + Select one or more permissions assigned to the realm. You must reconnect to the administration website for the changes to take effect. + + + Welcome {0} + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/ServiceCollectionExtensions.cs b/src/IdServer/SimpleIdServer.IdServer.Website/ServiceCollectionExtensions.cs index cfd72dffb..ec170060c 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/ServiceCollectionExtensions.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/ServiceCollectionExtensions.cs @@ -8,8 +8,11 @@ using Microsoft.Extensions.Configuration; using Microsoft.IdentityModel.Tokens; using Radzen; +using SimpleIdServer.IdServer.Stores; using SimpleIdServer.IdServer.UI; using SimpleIdServer.IdServer.Website; +using SimpleIdServer.IdServer.Website.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using SimpleIdServer.IdServer.Website.Stores.GroupStore; using System.Security.Claims; @@ -19,6 +22,8 @@ public static class ServiceCollectionExtensions { public static IServiceCollection AddSIDWebsite(this IServiceCollection services, Action? callbackOptions = null) { + var opts = new IdServerWebsiteOptions(); + if (callbackOptions != null) callbackOptions(opts); services.AddFluxor(o => { o.ScanAssemblies(typeof(ServiceCollectionExtensions).Assembly); @@ -27,7 +32,9 @@ public static IServiceCollection AddSIDWebsite(this IServiceCollection services, rdt.Name = "SimpleIdServer"; }); }); - services.AddTransient(); + services.AddHttpContextAccessor(); + services.AddTransient(); + services.AddTransient(); services.AddScoped(); services.AddScoped(); services.AddScoped(); @@ -40,7 +47,7 @@ public static IServiceCollection AddSIDWebsite(this IServiceCollection services, return services; } - public static IServiceCollection AddDefaultSecurity(this IServiceCollection services, IConfiguration configuration) + public static IServiceCollection AddDefaultSecurity(this IServiceCollection services, IConfiguration configuration, bool isRealmEnabled) { string authoritySectionName = nameof(IdServerWebsiteOptions.IdServerBaseUrl); string defaultSecurityOptionsSectionName = nameof(DefaultSecurityOptions); @@ -64,12 +71,11 @@ public static IServiceCollection AddDefaultSecurity(this IServiceCollection serv options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = "oidc"; }) - .AddCookie(options => + .AddIdServerCookie(CookieAuthenticationDefaults.AuthenticationScheme, null, options => { options.Cookie.SameSite = SameSiteMode.None; options.Cookie.SecurePolicy = CookieSecurePolicy.Always; options.Cookie.HttpOnly = true; - options.EventsType = typeof(SidCookieEventHandler); }) .AddCustomOpenIdConnect("oidc", config => { @@ -85,6 +91,7 @@ public static IServiceCollection AddDefaultSecurity(this IServiceCollection serv config.BackchannelHttpHandler = handler; } + config.IsRealmEnabled = isRealmEnabled; config.NonceCookie.SecurePolicy = CookieSecurePolicy.Always; config.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always; config.Authority = defaultSecurityOptions.Issuer; diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/ServiceProviderExtensions.cs b/src/IdServer/SimpleIdServer.IdServer.Website/ServiceProviderExtensions.cs new file mode 100644 index 000000000..28a5f5780 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/ServiceProviderExtensions.cs @@ -0,0 +1,15 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.IdServer.Website.Infrastructures; + +namespace System; + +public static class ServiceProviderExtensions +{ + public static IServiceProvider AddSIDWebsite(this IServiceProvider serviceProvider) + { + RealmRouter._serviceProvider = serviceProvider; + return serviceProvider; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/AddClientScopeDialog.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/AddClientScopeDialog.razor index dcabdde8b..40d485f89 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/AddClientScopeDialog.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/AddClientScopeDialog.razor @@ -7,6 +7,7 @@ @inject Radzen.DialogService dialogService @inject NotificationService notificationService @inject IState updateClientState +@inject IUrlHelper urlHelper @inject IDispatcher dispatcher diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/AddFederationEntityDialog.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/AddFederationEntityDialog.razor new file mode 100644 index 000000000..18273f91a --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/AddFederationEntityDialog.razor @@ -0,0 +1,104 @@ +@using SimpleIdServer.IdServer.Website.Resources; +@using SimpleIdServer.IdServer.Website.Stores.AcrsStore; +@using SimpleIdServer.IdServer.Website.Stores.AuthMethodsStore; +@using SimpleIdServer.IdServer.Website.Stores.IdServerConfigurationStore; +@using SimpleIdServer.IdServer.Website.Stores.FederationEntityStore; +@inherits Fluxor.Blazor.Web.Components.FluxorComponent +@inject IState updateAcrState +@inject IState authMethodsStates +@inject NotificationService notificationService +@inject Radzen.DialogService dialogService +@inject IDispatcher dispatcher +@inject IState addFederationEntityState + + + + +
+ @foreach (var federationType in FederationEntityTypes) + { +
+ +
+
+ +
+
+
@federationType.Name
+

@(new MarkupString(federationType.ShortDescription))

+
+
+ +
+ } +
+ +
+ + @if (SelectedFederationEntityType != null) + { +
@SelectedFederationEntityType.Name
+

@(new MarkupString(SelectedFederationEntityType.Description))

+ } + + + + @if (!addFederationEntityState.Value.IsAdding && !string.IsNullOrWhiteSpace(addFederationEntityState.Value.ErrorMessage)) + { + @addFederationEntityState.Value.ErrorMessage + } +
+ @Global.Url + + +
+ + + + + + +@code { + record FederationEntityType + { + public string Name { get; set; } = null!; + public string ShortDescription { get; set; } = null!; + public string Description { get; set; } = null!; + public string PictureUrl { get; set; } = null!; + } + + record TrustAnchor + { + public string Url { get; set; } + } + + ICollection FederationEntityTypes { get; set; } = new List + { + new FederationEntityType { Name = Global.TrustAnchor, ShortDescription = Global.TrustAnchorShortDescription, Description = Global.TrustAnchorDescription, PictureUrl = "_content/SimpleIdServer.IdServer.Website/images/trust-anchor.png" } + }; + + TrustAnchor trustAnchor { get; set; } = new TrustAnchor(); + FederationEntityType? SelectedFederationEntityType { get; set; } = null; + + protected override async Task OnInitializedAsync() + { + await base.OnInitializedAsync(); + SubscribeToAction(async (act) => + { + dialogService.Close(); + notificationService.Notify(new NotificationMessage { Severity = NotificationSeverity.Success, Summary = Global.TrustAnchorAdded }); + StateHasChanged(); + }); + dispatcher.Dispatch(new StartAddTrustAnchorAction()); + } + + void SelectFederationType(FederationEntityType federationEntityType) + { + SelectedFederationEntityType = federationEntityType; + } + + void AddTrustAnchor(TrustAnchor trustAnchor) + { + dispatcher.Dispatch(new AddTrustedAnchorAction { Url = trustAnchor.Url }); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/AddFederationEntityDialog.razor.css b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/AddFederationEntityDialog.razor.css new file mode 100644 index 000000000..5f282702b --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/AddFederationEntityDialog.razor.css @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/EditConfiguration.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/EditConfiguration.razor index 5344f9668..d4ceb77b6 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/EditConfiguration.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/EditConfiguration.razor @@ -98,7 +98,7 @@ {
- +

@property.Description

@@ -108,7 +108,10 @@ } - + @if(IsEnabled) + { + + } } @@ -122,6 +125,8 @@ [Parameter] public bool IsAddForm { get; set; } = false; [Parameter] + public bool IsEnabled { get; set; } = true; + [Parameter] public EventCallback> PropertiesSaved { get; set; } List AllProperties { get; set; } List Properties { get; set; } @@ -190,11 +195,17 @@ Refresh(); } + private void Select(EditableProperty p, bool o) + { + p.Value = o.ToString(); + Refresh(); + } + private void Refresh() { var values = GetValues(); var configuration = configurationDefsState.Value.ConfigurationDefs.Single(c => c.Id == Name); - Properties = AllProperties.Where(p => DisplayConditionEvaluator.IsValid(values, p.DisplayCondition)).ToList(); + Properties = AllProperties.Where(p => DisplayConditionEvaluator.IsLogicalOperationValid(values, p.DisplayCondition)).ToList(); } private Dictionary GetValues() diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/IdentityProvisioningErrorsDialog.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/IdentityProvisioningErrorsDialog.razor new file mode 100644 index 000000000..ffb6a6505 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/IdentityProvisioningErrorsDialog.razor @@ -0,0 +1,26 @@ +@using SimpleIdServer.IdServer.Api.Provisioning +@using SimpleIdServer.IdServer.Website.Resources + +@if (IdentityProvisioningProcess != null) +{ + + + + + +} + +@code { + [Parameter] + public IdentityProvisioningProcessResult IdentityProvisioningProcess { get; set; } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/MainLayout.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/MainLayout.razor index 2dd579e13..524f9cae2 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/MainLayout.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/MainLayout.razor @@ -1,4 +1,6 @@ -@using SimpleIdServer.IdServer.Website.Stores.AcrsStore; +@using SimpleIdServer.IdServer.Helpers +@using SimpleIdServer.IdServer.Website.Infrastructures +@using SimpleIdServer.IdServer.Website.Stores.AcrsStore; @using SimpleIdServer.IdServer.Website.Stores.AuthMethodsStore; @using SimpleIdServer.IdServer.Website.Stores.ConfigurationDefinitionStore; @using SimpleIdServer.IdServer.Website.Stores.LanguageStore; @@ -11,6 +13,7 @@ @inject IState languagesState @inject ContextMenuService contextMenuService @inject IDispatcher dispatcher +@inject IUrlHelper urlHelper @inject DialogService dialogService @inject NavigationManager Navigation @@ -34,6 +37,9 @@
+
+ +
@if(!languagesState.Value.IsLoading) { @@ -53,25 +59,26 @@ { - + - - + + - - + + - - + + - - + + - - + + + @@ -90,6 +97,8 @@ bool sidebarExpanded = true; bool isLoading = true; string activeRealm; + string userName { get; set; } + @inject AuthenticationStateProvider GetAuthenticationStateAsync public string CurrentLanguage { @@ -115,22 +124,14 @@ base.OnAfterRender(firstRender); if(firstRender) { + this.activeRealm = RealmContext.Instance()?.Realm; SubscribeToAction((act) => { isLoading = false; StateHasChanged(); }); - SubscribeToAction((act) => - { - activeRealm = act.Realm; - dispatcher.Dispatch(new GetAllConfigurationDefinitionsAction()); - StateHasChanged(); - }); - SubscribeToAction((act) => - { - activeRealm = act.Realm; - StateHasChanged(); - }); + var authState = GetAuthenticationStateAsync.GetAuthenticationStateAsync().Result; + userName = authState.User.Identity.Name; } } @@ -138,11 +139,11 @@ { base.OnInitialized(); this.isLoading = true; - dispatcher.Dispatch(new GetActiveRealmAction()); dispatcher.Dispatch(new GetAllRealmAction()); dispatcher.Dispatch(new GetAllAuthMethodAction()); dispatcher.Dispatch(new GetLanguagesAction()); dispatcher.Dispatch(new GetAllRegistrationWorkflowsAction()); dispatcher.Dispatch(new GetAllAcrsAction()); + dispatcher.Dispatch(new GetAllConfigurationDefinitionsAction()); } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/PasswordCredential.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/PasswordCredential.razor index caa7b8418..d946095a8 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/PasswordCredential.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/PasswordCredential.razor @@ -36,6 +36,6 @@ async void SubmitPassword(PasswordForm pwdForm) { - await CredentialSaved.InvokeAsync(new UserCredential { Value = PasswordHelper.ComputeHash(pwdForm.Password) }); + await CredentialSaved.InvokeAsync(new UserCredential { Value = pwdForm.Password }); } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/SelectRealmDialog.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/SelectRealmDialog.razor index 3f63fdf85..037d7c6e6 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/SelectRealmDialog.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/SelectRealmDialog.razor @@ -4,6 +4,7 @@ @inject IDispatcher dispatcher @inject NavigationManager navigationManager @inject Radzen.DialogService dialogService +@inject IUrlHelper urlHelper @@ -35,7 +36,6 @@ void SubmitSelectRealm(RealmForm realm) { - dispatcher.Dispatch(new SelectRealmAction { Realm = realm.Name }); - this.dialogService.Close(); + navigationManager.NavigateTo($"/{realm.Name}/realm/overview", true); } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/SidAuthorizeView.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/SidAuthorizeView.razor new file mode 100644 index 000000000..665072501 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/SidAuthorizeView.razor @@ -0,0 +1,38 @@ +@using System.Security.Claims +@using Microsoft.Extensions.Options +@using SimpleIdServer.IdServer.Website +@inject IOptions options + +@if (isAuthorized) +{ + @Authorized +} +else if (NotAuthorized != null) +{ + @NotAuthorized +} + +@code { + [Parameter] public RenderFragment Authorized { get; set; } + [Parameter] public RenderFragment NotAuthorized { get; set; } + [Parameter] public string Roles { get; set; } + [Parameter] public bool IsRealmEnabled { get; set;} = true; + [CascadingParameter] private Task authenticationStateTask { get; set; } + public bool isAuthorized { get; set; } + + protected override void OnAfterRender(bool firstRender) + { + if (firstRender) + { + var authState = authenticationStateTask.Result; + var user = authState.User; + var roles = IsRealmEnabled ? Roles.Split(',').Select(r => + { + var realm = !options.Value.IsReamEnabled ? SimpleIdServer.IdServer.Constants.DefaultRealm : SimpleIdServer.IdServer.Helpers.RealmContext.Instance().Realm; + return $"{realm}{r}"; + }) : Roles.Split(','); + isAuthorized = user.Claims.Any(c => c.Type == ClaimTypes.Role && roles.Contains(c.Value)); + StateHasChanged(); + } + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/ViewAddedClientDialog.razor b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/ViewAddedClientDialog.razor index 5c76bf74b..7c2841b35 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Shared/ViewAddedClientDialog.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Shared/ViewAddedClientDialog.razor @@ -1,5 +1,7 @@ @using Microsoft.AspNetCore.Html; @using Microsoft.Extensions.Options; +@using SimpleIdServer.IdServer.Helpers +@using SimpleIdServer.IdServer.Website.Infrastructures @using SimpleIdServer.IdServer.Website.Resources; @using SimpleIdServer.IdServer.Website.Stores.ClientStore; @using SimpleIdServer.IdServer.Website.Stores.RealmStore; @@ -72,7 +74,7 @@ string GetOpenIdConnectUrl() => $"{GetBaseUrl()}/.well-known/openid-configuration"; string GetFederationMetadataUrl() => $"{GetBaseUrl()}/FederationMetadata/2007-06/FederationMetadata.xml"; string GetSamlMetadataUrl() => $"{GetBaseUrl()}/saml/metadata"; - string GetBaseUrl() => Options.Value.IsReamEnabled ? $"{Options.Value.IdServerBaseUrl}/{realmsState.Value.ActiveRealm}" : Options.Value.IdServerBaseUrl; + string GetBaseUrl() => Options.Value.IsReamEnabled ? $"{Options.Value.IdServerBaseUrl}/{RealmContext.Instance().Realm}" : Options.Value.IdServerBaseUrl; [Parameter] public AddClientSuccessAction Client { get; set; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/SidCookieEventHandler.cs b/src/IdServer/SimpleIdServer.IdServer.Website/SidCookieEventHandler.cs deleted file mode 100644 index 932e5e512..000000000 --- a/src/IdServer/SimpleIdServer.IdServer.Website/SidCookieEventHandler.cs +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (c) SimpleIdServer. All rights reserved. -// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using Microsoft.AspNetCore.Authentication; -using Microsoft.AspNetCore.Authentication.Cookies; -using Microsoft.Extensions.Caching.Distributed; -using System.IdentityModel.Tokens.Jwt; - -namespace SimpleIdServer.IdServer.Website; - -public class SidCookieEventHandler : CookieAuthenticationEvents -{ - private readonly IDistributedCache _distributedCache; - - public SidCookieEventHandler(IDistributedCache distributedCache) - { - _distributedCache = distributedCache; - } - - public override async Task ValidatePrincipal(CookieValidatePrincipalContext context) - { - if (context.Principal.Identity.IsAuthenticated) - { - var sessionId = context.Principal.FindFirst(JwtRegisteredClaimNames.Sid)?.Value; - var cacheValue = await _distributedCache.GetStringAsync(sessionId); - if (!string.IsNullOrWhiteSpace(cacheValue)) - { - context.RejectPrincipal(); - await context.HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); - await _distributedCache.RemoveAsync(sessionId); - } - } - } -} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/SidJsonSerializer.cs b/src/IdServer/SimpleIdServer.IdServer.Website/SidJsonSerializer.cs index 9f283fc00..ffa6f8ef9 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/SidJsonSerializer.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/SidJsonSerializer.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Text.Json; diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/SimpleIdServer.IdServer.Website.csproj b/src/IdServer/SimpleIdServer.IdServer.Website/SimpleIdServer.IdServer.Website.csproj index 830610173..f930b511a 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/SimpleIdServer.IdServer.Website.csproj +++ b/src/IdServer/SimpleIdServer.IdServer.Website/SimpleIdServer.IdServer.Website.csproj @@ -15,6 +15,7 @@ + diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AcrsStore/AcrEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AcrsStore/AcrEffects.cs index 81382dd38..7b8fb982d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AcrsStore/AcrEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AcrsStore/AcrEffects.cs @@ -6,6 +6,8 @@ using SimpleIdServer.IdServer.Api.AuthenticationClassReferences; using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Domains.DTOs; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using System.Text; using System.Text.Json; using System.Text.Json.Nodes; @@ -16,16 +18,13 @@ public class AcrEffects { private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; public AcrEffects( IWebsiteHttpClientFactory websiteHttpClientFactory, - IOptions options, - ProtectedSessionStorage sessionStorage) + IOptions options) { _websiteHttpClientFactory = websiteHttpClientFactory; _options = options.Value; - _sessionStorage = sessionStorage; } @@ -118,8 +117,8 @@ private async Task GetBaseUrl() { if(_options.IsReamEnabled) { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return $"{_options.IdServerBaseUrl}/{realmStr}/acrs"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ApiResourceStore/ApiResourceEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ApiResourceStore/ApiResourceEffects.cs index acc3b8691..42c1b55c5 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ApiResourceStore/ApiResourceEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ApiResourceStore/ApiResourceEffects.cs @@ -1,13 +1,12 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.ApiResources; using SimpleIdServer.IdServer.Api.Scopes; using SimpleIdServer.IdServer.Domains; -using SimpleIdServer.IdServer.DTOs; -using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using System.Linq.Dynamic.Core; using System.Text; using System.Text.Json; @@ -19,13 +18,13 @@ public class ApiResourceEffects { private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - public ApiResourceEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage sessionStorage) + public ApiResourceEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) { _websiteHttpClientFactory = websiteHttpClientFactory; _options = options.Value; - _sessionStorage = sessionStorage; } [EffectMethod] @@ -153,8 +152,8 @@ private async Task GetBaseUrl(string subUrl) { if (_options.IsReamEnabled) { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return $"{_options.IdServerBaseUrl}/{realmStr}/{subUrl}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/Auditing/AuditingRecordEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/Auditing/AuditingRecordEffects.cs index 370eaf15c..dc46d0d5c 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/Auditing/AuditingRecordEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/Auditing/AuditingRecordEffects.cs @@ -1,12 +1,11 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.Auditing; using SimpleIdServer.IdServer.Domains; -using SimpleIdServer.IdServer.DTOs; -using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using System.Text; using System.Text.Json; @@ -16,13 +15,13 @@ public class AuditingRecordEffects { private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - public AuditingRecordEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage protectedSessionStorage) + public AuditingRecordEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) { _websiteHttpClientFactory = websiteHttpClientFactory; _options = options.Value; - _sessionStorage = protectedSessionStorage; } [EffectMethod] @@ -55,8 +54,8 @@ private async Task GetBaseUrl() { if (_options.IsReamEnabled) { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return $"{_options.IdServerBaseUrl}/{realmStr}/auditing"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AuthMethodsStore/AuthMethodEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AuthMethodsStore/AuthMethodEffects.cs index 8e935cb4f..6af3fdca9 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AuthMethodsStore/AuthMethodEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AuthMethodsStore/AuthMethodEffects.cs @@ -2,9 +2,11 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.AuthenticationMethods; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; +using System.Text; using System.Text.Json; using System.Text.Json.Nodes; @@ -14,13 +16,13 @@ public class AuthMethodEffects { private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - public AuthMethodEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage sessionStorage) + public AuthMethodEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) { _websiteHttpClientFactory = websiteHttpClientFactory; _options = options.Value; - _sessionStorage = sessionStorage; } [EffectMethod] @@ -93,12 +95,46 @@ public async Task Handle(UpdateAuthMethodAction action, IDispatcher dispatcher) } } + [EffectMethod] + public async Task Handle(GetUserLockingOptionsAction action, IDispatcher dispatcher) + { + var baseUrl = await GetBaseUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Get, + RequestUri = new Uri($"{baseUrl}/userlockingoptions") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var result = JsonSerializer.Deserialize(json); + dispatcher.Dispatch(new GetUserLockingOptionsSuccessAction { UserLocking = result }); + } + + [EffectMethod] + public async Task Handle(UpdateUserLockingOptionsAction action, IDispatcher dispatcher) + { + var baseUrl = await GetBaseUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Put, + RequestUri = new Uri($"{baseUrl}/userlockingoptions"), + Content = new StringContent(JsonSerializer.Serialize(new UpdateUserLockingRequest + { + Values = action.Values + }), Encoding.UTF8, "application/json") + }; + await httpClient.SendAsync(requestMessage); + dispatcher.Dispatch(new UpdateUserLockingOptionsSuccessAction()); + } + private async Task GetBaseUrl() { if(_options.IsReamEnabled) { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return $"{_options.IdServerBaseUrl}/{realmStr}/authmethods"; } @@ -151,4 +187,24 @@ public class UpdateAuthMethodFailureAction public class StartAddAcrMethodAction { +} + +public class GetUserLockingOptionsAction +{ + +} + +public class GetUserLockingOptionsSuccessAction +{ + public UserLockingResult UserLocking { get; set; } +} + +public class UpdateUserLockingOptionsAction +{ + public Dictionary Values { get; set; } +} + +public class UpdateUserLockingOptionsSuccessAction +{ + } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AuthMethodsStore/AuthMethodReducers.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AuthMethodsStore/AuthMethodReducers.cs index 8794e9b10..5cf683fcf 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AuthMethodsStore/AuthMethodReducers.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AuthMethodsStore/AuthMethodReducers.cs @@ -66,4 +66,32 @@ public static AuthMethodState Reduce(AuthMethodState state, UpdateAuthMethodFail } #endregion + + #region UserLockingOptionsState + + [ReducerMethod] + public static UserLockingOptionsState Reduce(UserLockingOptionsState state, GetUserLockingOptionsAction act) => new(true, null); + + [ReducerMethod] + public static UserLockingOptionsState Reduce(UserLockingOptionsState state, GetUserLockingOptionsSuccessAction act) => new(false, act.UserLocking); + + [ReducerMethod] + public static UserLockingOptionsState Reduce(UserLockingOptionsState state, UpdateUserLockingOptionsAction act) + { + return state with + { + IsLoading = true + }; + } + + [ReducerMethod] + public static UserLockingOptionsState Reduce(UserLockingOptionsState state, UpdateUserLockingOptionsSuccessAction act) + { + return state with + { + IsLoading = false + }; + } + + #endregion } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AuthMethodsStore/UserLockingOptionsState.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AuthMethodsStore/UserLockingOptionsState.cs new file mode 100644 index 000000000..36c7c8943 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/AuthMethodsStore/UserLockingOptionsState.cs @@ -0,0 +1,24 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Fluxor; +using SimpleIdServer.IdServer.Api.AuthenticationMethods; + +namespace SimpleIdServer.IdServer.Website.Stores.AuthMethodsStore; + +[FeatureState] +public record UserLockingOptionsState +{ + public UserLockingOptionsState() + { + + } + public UserLockingOptionsState(bool isLoading, UserLockingResult options) + { + IsLoading = isLoading; + Options = options; + } + + public bool IsLoading { get; set; } + public UserLockingResult Options { get; set; } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/CertificateAuthorityStore/CertificateAuthorityEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/CertificateAuthorityStore/CertificateAuthorityEffects.cs index adad5579e..8978779c1 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/CertificateAuthorityStore/CertificateAuthorityEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/CertificateAuthorityStore/CertificateAuthorityEffects.cs @@ -1,376 +1,375 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.CertificateAuthorities; using SimpleIdServer.IdServer.Domains; -using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using System.Security.Cryptography.X509Certificates; using System.Text; using System.Text.Json; using System.Text.Json.Nodes; -namespace SimpleIdServer.IdServer.Website.Stores.CertificateAuthorityStore +namespace SimpleIdServer.IdServer.Website.Stores.CertificateAuthorityStore; + +public class CertificateAuthorityEffects { - public class CertificateAuthorityEffects + private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; + private readonly IdServerWebsiteOptions _options; + + public CertificateAuthorityEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) { - private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; - private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; + _websiteHttpClientFactory = websiteHttpClientFactory; + _options = options.Value; + } - public CertificateAuthorityEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage sessionStorage) + [EffectMethod] + public async Task Handle(SearchCertificateAuthoritiesAction action, IDispatcher dispatcher) + { + var baseUrl = await GetBaseUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - _websiteHttpClientFactory = websiteHttpClientFactory; - _options = options.Value; - _sessionStorage = sessionStorage; - } + RequestUri = new Uri($"{baseUrl}/.search"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new SearchRequest + { + Filter = SanitizeExpression(action.Filter), + OrderBy = SanitizeExpression(action.OrderBy), + Skip = action.Skip, + Take = action.Take + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var searchResult = SidJsonSerializer.Deserialize>(json); + dispatcher.Dispatch(new SearchCertificateAuthoritiesSuccessAction { CertificateAuthorities = searchResult.Content, Count = searchResult.Count }); + + string SanitizeExpression(string expression) => expression.Replace("Value.", ""); + } - [EffectMethod] - public async Task Handle(SearchCertificateAuthoritiesAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(GenerateCertificateAuthorityAction action, IDispatcher dispatcher) + { + var baseUrl = await GetBaseUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - var baseUrl = await GetBaseUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var requestMessage = new HttpRequestMessage + RequestUri = new Uri($"{baseUrl}/generate"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new GenerateCertificateAuthorityRequest { - RequestUri = new Uri($"{baseUrl}/.search"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new SearchRequest - { - Filter = SanitizeExpression(action.Filter), - OrderBy = SanitizeExpression(action.OrderBy), - Skip = action.Skip, - Take = action.Take - }), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - var searchResult = SidJsonSerializer.Deserialize>(json); - dispatcher.Dispatch(new SearchCertificateAuthoritiesSuccessAction { CertificateAuthorities = searchResult.Content, Count = searchResult.Count }); - - string SanitizeExpression(string expression) => expression.Replace("Value.", ""); + NumberOfDays = action.NumberOfDays, + SubjectName = action.SubjectName + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + var certificateAuthority = SidJsonSerializer.Deserialize(json); + dispatcher.Dispatch(new GenerateCertificateAuthoritySuccessAction { CertificateAuthority = certificateAuthority }); } - - [EffectMethod] - public async Task Handle(GenerateCertificateAuthorityAction action, IDispatcher dispatcher) + catch { - var baseUrl = await GetBaseUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/generate"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new GenerateCertificateAuthorityRequest - { - NumberOfDays = action.NumberOfDays, - SubjectName = action.SubjectName - }), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try - { - httpResult.EnsureSuccessStatusCode(); - var certificateAuthority = SidJsonSerializer.Deserialize(json); - dispatcher.Dispatch(new GenerateCertificateAuthoritySuccessAction { CertificateAuthority = certificateAuthority }); - } - catch - { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new GenerateCertificateAuthorityFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); - } + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new GenerateCertificateAuthorityFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); } + } - [EffectMethod] - public async Task Handle(ImportCertificateAuthorityAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(ImportCertificateAuthorityAction action, IDispatcher dispatcher) + { + var baseUrl = await GetBaseUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - var baseUrl = await GetBaseUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/import"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new ImportCertificateAuthorityRequest - { - FindType = action.FindType, - FindValue = action.FindValue, - StoreLocation = action.StoreLocation, - StoreName = action.StoreName - }), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try - { - httpResult.EnsureSuccessStatusCode(); - var certificateAuthority = SidJsonSerializer.Deserialize(json); - dispatcher.Dispatch(new GenerateCertificateAuthoritySuccessAction { CertificateAuthority = certificateAuthority }); - } - catch + RequestUri = new Uri($"{baseUrl}/import"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new ImportCertificateAuthorityRequest { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new GenerateCertificateAuthorityFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); - } + FindType = action.FindType, + FindValue = action.FindValue, + StoreLocation = action.StoreLocation, + StoreName = action.StoreName + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + var certificateAuthority = SidJsonSerializer.Deserialize(json); + dispatcher.Dispatch(new GenerateCertificateAuthoritySuccessAction { CertificateAuthority = certificateAuthority }); } - - [EffectMethod] - public async Task Handle(SaveCertificateAuthorityAction action, IDispatcher dispatcher) + catch { - var baseUrl = await GetBaseUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - action.CertificateAuthority.StartDateTime = action.CertificateAuthority.StartDateTime.ToUniversalTime(); - action.CertificateAuthority.EndDateTime = action.CertificateAuthority.EndDateTime.ToUniversalTime(); - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri(baseUrl), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(action.CertificateAuthority), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try - { - httpResult.EnsureSuccessStatusCode(); - var certificateAuthority = SidJsonSerializer.Deserialize(json); - dispatcher.Dispatch(new SaveCertificateAuthoritySuccessAction { CertificateAuthority = certificateAuthority }); - } - catch - { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new SaveCertificateAuthorityFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); - } + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new GenerateCertificateAuthorityFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); } + } - [EffectMethod] - public async Task Handle(RemoveSelectedCertificateAuthoritiesAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(SaveCertificateAuthorityAction action, IDispatcher dispatcher) + { + var baseUrl = await GetBaseUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + action.CertificateAuthority.StartDateTime = action.CertificateAuthority.StartDateTime.ToUniversalTime(); + action.CertificateAuthority.EndDateTime = action.CertificateAuthority.EndDateTime.ToUniversalTime(); + var requestMessage = new HttpRequestMessage { - var baseUrl = await GetBaseUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - foreach (var id in action.Ids) - { - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{id}"), - Method = HttpMethod.Delete - }; - await httpClient.SendAsync(requestMessage); - } - - dispatcher.Dispatch(new RemoveSelectedCertificateAuthoritiesSuccessAction { Ids = action.Ids }); + RequestUri = new Uri(baseUrl), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(action.CertificateAuthority), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + var certificateAuthority = SidJsonSerializer.Deserialize(json); + dispatcher.Dispatch(new SaveCertificateAuthoritySuccessAction { CertificateAuthority = certificateAuthority }); + } + catch + { + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new SaveCertificateAuthorityFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); } + } - [EffectMethod] - public async Task Handle(GetCertificateAuthorityAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(RemoveSelectedCertificateAuthoritiesAction action, IDispatcher dispatcher) + { + var baseUrl = await GetBaseUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + foreach (var id in action.Ids) { - var baseUrl = await GetBaseUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); var requestMessage = new HttpRequestMessage { - RequestUri = new Uri($"{baseUrl}/{action.Id}"), - Method = HttpMethod.Get + RequestUri = new Uri($"{baseUrl}/{id}"), + Method = HttpMethod.Delete }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - var certificateAuthority = SidJsonSerializer.Deserialize(json); - var store = new IdServer.Stores.CertificateAuthorityStore(null); - var certificate = store.Get(certificateAuthority); - dispatcher.Dispatch(new GetCertificateAuthoritySuccessAction { CertificateAuthority = certificateAuthority, Certificate = certificate }); + await httpClient.SendAsync(requestMessage); } - [EffectMethod] - public async Task Handle(RemoveSelectedClientCertificatesAction action, IDispatcher dispatcher) + dispatcher.Dispatch(new RemoveSelectedCertificateAuthoritiesSuccessAction { Ids = action.Ids }); + } + + [EffectMethod] + public async Task Handle(GetCertificateAuthorityAction action, IDispatcher dispatcher) + { + var baseUrl = await GetBaseUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - var baseUrl = await GetBaseUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - foreach (var id in action.CertificateClientIds) - { - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{action.CertificateAuthorityId}/clientcertificates/{id}"), - Method = HttpMethod.Delete - }; - await httpClient.SendAsync(requestMessage); - } - - dispatcher.Dispatch(new RemoveSelectedClientCertificatesSuccessAction { CertificateAuthorityId = action.CertificateAuthorityId, CertificateClientIds = action.CertificateClientIds }); - } + RequestUri = new Uri($"{baseUrl}/{action.Id}"), + Method = HttpMethod.Get + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var certificateAuthority = SidJsonSerializer.Deserialize(json); + var store = new IdServer.Stores.CertificateAuthorityStore(null); + var certificate = store.Get(certificateAuthority); + dispatcher.Dispatch(new GetCertificateAuthoritySuccessAction { CertificateAuthority = certificateAuthority, Certificate = certificate }); + } - [EffectMethod] - public async Task Handle(AddClientCertificateAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(RemoveSelectedClientCertificatesAction action, IDispatcher dispatcher) + { + var baseUrl = await GetBaseUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + foreach (var id in action.CertificateClientIds) { - var baseUrl = await GetBaseUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); var requestMessage = new HttpRequestMessage { - RequestUri = new Uri($"{baseUrl}/{action.CertificateAuthorityId}/clientcertificates"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new AddClientCertificateRequest - { - NbDays = action.NbDays, - SubjectName = action.SubjectName - }), Encoding.UTF8, "application/json") + RequestUri = new Uri($"{baseUrl}/{action.CertificateAuthorityId}/clientcertificates/{id}"), + Method = HttpMethod.Delete }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try - { - httpResult.EnsureSuccessStatusCode(); - var clientCertificate = SidJsonSerializer.Deserialize(json); - dispatcher.Dispatch(new AddClientCertificateSuccessAction { CertificateAuthorityId = action.CertificateAuthorityId, ClientCertificate = clientCertificate }); - } - catch - { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new AddClientCertificateFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); - } + await httpClient.SendAsync(requestMessage); } - private async Task GetBaseUrl() + dispatcher.Dispatch(new RemoveSelectedClientCertificatesSuccessAction { CertificateAuthorityId = action.CertificateAuthorityId, CertificateClientIds = action.CertificateClientIds }); + } + + [EffectMethod] + public async Task Handle(AddClientCertificateAction action, IDispatcher dispatcher) + { + var baseUrl = await GetBaseUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - if (_options.IsReamEnabled) + RequestUri = new Uri($"{baseUrl}/{action.CertificateAuthorityId}/clientcertificates"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new AddClientCertificateRequest { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; - return $"{_options.IdServerBaseUrl}/{realmStr}/cas"; - } - - return $"{_options.IdServerBaseUrl}/cas"; + NbDays = action.NbDays, + SubjectName = action.SubjectName + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + var clientCertificate = SidJsonSerializer.Deserialize(json); + dispatcher.Dispatch(new AddClientCertificateSuccessAction { CertificateAuthorityId = action.CertificateAuthorityId, ClientCertificate = clientCertificate }); + } + catch + { + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new AddClientCertificateFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); } } - public class SearchCertificateAuthoritiesAction + private async Task GetBaseUrl() { - public string? Filter { get; set; } = null; - public string? OrderBy { get; set; } = null; - public int? Skip { get; set; } = null; - public int? Take { get; set; } = null; - } + if (_options.IsReamEnabled) + { + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; + return $"{_options.IdServerBaseUrl}/{realmStr}/cas"; + } - public class SearchCertificateAuthoritiesSuccessAction - { - public IEnumerable CertificateAuthorities { get; set; } = new List(); - public int Count { get; set; } + return $"{_options.IdServerBaseUrl}/cas"; } +} - public class ToggleAllCertificateAuthoritySelectionAction - { - public bool IsSelected { get; set; } - } +public class SearchCertificateAuthoritiesAction +{ + public string? Filter { get; set; } = null; + public string? OrderBy { get; set; } = null; + public int? Skip { get; set; } = null; + public int? Take { get; set; } = null; +} - public class ToggleCertificateAuthoritySelectionAction - { - public bool IsSelected { get; set; } - public string Id { get; set; } - } +public class SearchCertificateAuthoritiesSuccessAction +{ + public IEnumerable CertificateAuthorities { get; set; } = new List(); + public int Count { get; set; } +} - public class RemoveSelectedCertificateAuthoritiesAction - { - public IEnumerable Ids { get; set; } - } +public class ToggleAllCertificateAuthoritySelectionAction +{ + public bool IsSelected { get; set; } +} - public class RemoveSelectedCertificateAuthoritiesSuccessAction - { - public IEnumerable Ids { get; set; } - } +public class ToggleCertificateAuthoritySelectionAction +{ + public bool IsSelected { get; set; } + public string Id { get; set; } +} - public class GenerateCertificateAuthorityAction - { - public string SubjectName { get; set; } - public int NumberOfDays { get; set; } - } +public class RemoveSelectedCertificateAuthoritiesAction +{ + public IEnumerable Ids { get; set; } +} - public class ImportCertificateAuthorityAction - { - public StoreLocation StoreLocation { get; set; } - public StoreName StoreName { get; set; } - public X509FindType FindType { get; set; } - public string FindValue { get; set; } - } +public class RemoveSelectedCertificateAuthoritiesSuccessAction +{ + public IEnumerable Ids { get; set; } +} - public class GenerateCertificateAuthoritySuccessAction - { - public CertificateAuthority CertificateAuthority { get; set; } - } +public class GenerateCertificateAuthorityAction +{ + public string SubjectName { get; set; } + public int NumberOfDays { get; set; } +} - public class GenerateCertificateAuthorityFailureAction - { - public string ErrorMessage { get; set; } - } +public class ImportCertificateAuthorityAction +{ + public StoreLocation StoreLocation { get; set; } + public StoreName StoreName { get; set; } + public X509FindType FindType { get; set; } + public string FindValue { get; set; } +} - public class SaveCertificateAuthorityAction - { - public CertificateAuthority CertificateAuthority { get; set; } - } +public class GenerateCertificateAuthoritySuccessAction +{ + public CertificateAuthority CertificateAuthority { get; set; } +} - public class SaveCertificateAuthoritySuccessAction - { - public CertificateAuthority CertificateAuthority { get; set; } - } +public class GenerateCertificateAuthorityFailureAction +{ + public string ErrorMessage { get; set; } +} - public class SaveCertificateAuthorityFailureAction - { - public string ErrorMessage { get; set; } - } +public class SaveCertificateAuthorityAction +{ + public CertificateAuthority CertificateAuthority { get; set; } +} - public class SelectCertificateAuthoritySourceAction - { - public CertificateAuthoritySources Source { get; set; } - } +public class SaveCertificateAuthoritySuccessAction +{ + public CertificateAuthority CertificateAuthority { get; set; } +} - public class GetCertificateAuthorityAction - { - public string Id { get; set; } - } +public class SaveCertificateAuthorityFailureAction +{ + public string ErrorMessage { get; set; } +} - public class GetCertificateAuthoritySuccessAction - { - public CertificateAuthority CertificateAuthority { get; set; } - public X509Certificate2 Certificate { get; set; } - } +public class SelectCertificateAuthoritySourceAction +{ + public CertificateAuthoritySources Source { get; set; } +} - public class ToggleClientCertificateSelectionAction - { - public string Id { get; set; } - public bool IsSelected { get; set; } - } +public class GetCertificateAuthorityAction +{ + public string Id { get; set; } +} - public class ToggleAllClientCertificatesSelectionAction - { - public bool IsSelected { get; set; } - } +public class GetCertificateAuthoritySuccessAction +{ + public CertificateAuthority CertificateAuthority { get; set; } + public X509Certificate2 Certificate { get; set; } +} - public class RemoveSelectedClientCertificatesAction - { - public string CertificateAuthorityId { get; set; } - public IEnumerable CertificateClientIds { get; set; } - } +public class ToggleClientCertificateSelectionAction +{ + public string Id { get; set; } + public bool IsSelected { get; set; } +} - public class RemoveSelectedClientCertificatesSuccessAction - { - public string CertificateAuthorityId { get; set; } - public IEnumerable CertificateClientIds { get; set; } - } +public class ToggleAllClientCertificatesSelectionAction +{ + public bool IsSelected { get; set; } +} - public class AddClientCertificateAction - { - public string CertificateAuthorityId { get; set; } - public string SubjectName { get; set; } - public int NbDays { get; set; } - } +public class RemoveSelectedClientCertificatesAction +{ + public string CertificateAuthorityId { get; set; } + public IEnumerable CertificateClientIds { get; set; } +} - public class AddClientCertificateSuccessAction - { - public string CertificateAuthorityId { get; set; } - public ClientCertificate ClientCertificate { get; set; } - } +public class RemoveSelectedClientCertificatesSuccessAction +{ + public string CertificateAuthorityId { get; set; } + public IEnumerable CertificateClientIds { get; set; } +} - public class AddClientCertificateFailureAction - { - public string ErrorMessage { get; set; } - } +public class AddClientCertificateAction +{ + public string CertificateAuthorityId { get; set; } + public string SubjectName { get; set; } + public int NbDays { get; set; } +} - public class StartAddCertificateAuthorityAction - { +public class AddClientCertificateSuccessAction +{ + public string CertificateAuthorityId { get; set; } + public ClientCertificate ClientCertificate { get; set; } +} + +public class AddClientCertificateFailureAction +{ + public string ErrorMessage { get; set; } +} + +public class StartAddCertificateAuthorityAction +{ - } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ClientStore/ClientEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ClientStore/ClientEffects.cs index 06a5b01be..503470160 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ClientStore/ClientEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ClientStore/ClientEffects.cs @@ -1,7 +1,6 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; using SimpleIdServer.DPoP; @@ -9,8 +8,9 @@ using SimpleIdServer.IdServer.Api.Token.Handlers; using SimpleIdServer.IdServer.Builders; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Saml.Idp.Extensions; -using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.Website.Infrastructures; using SimpleIdServer.IdServer.WsFederation; using System.Globalization; using System.Linq.Dynamic.Core; @@ -18,1240 +18,1262 @@ using System.Text.Json; using System.Text.Json.Nodes; -namespace SimpleIdServer.IdServer.Website.Stores.ClientStore +namespace SimpleIdServer.IdServer.Website.Stores.ClientStore; + +public class ClientEffects { - public class ClientEffects + private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; + private readonly IdServerWebsiteOptions _configuration; + + public ClientEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions configuration) { - private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; - private readonly IdServerWebsiteOptions _configuration; - private readonly ProtectedSessionStorage _sessionStorage; + _websiteHttpClientFactory = websiteHttpClientFactory; + _configuration = configuration.Value; + } - public ClientEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions configuration, ProtectedSessionStorage sessionStorage) + [EffectMethod] + public async Task Handle(SearchClientsAction action, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - _websiteHttpClientFactory = websiteHttpClientFactory; - _configuration = configuration.Value; - _sessionStorage = sessionStorage; - } + RequestUri = new Uri($"{baseUrl}/.search"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new SearchRequest + { + Filter = SanitizeExpression(action.Filter), + OrderBy = SanitizeExpression(action.OrderBy), + Skip = action.Skip, + Take = action.Take + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var searchResult = SidJsonSerializer.DeserializeSearchClients(json); + dispatcher.Dispatch(new SearchClientsSuccessAction { Clients = searchResult.Content, Count = searchResult.Count }); + string SanitizeExpression(string expression) => expression.Replace("Value.", ""); + } - [EffectMethod] - public async Task Handle(SearchClientsAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(GetAllClientsAction action, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/.search"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new SearchRequest - { - Filter = SanitizeExpression(action.Filter), - OrderBy = SanitizeExpression(action.OrderBy), - Skip = action.Skip, - Take = action.Take - }), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - var searchResult = SidJsonSerializer.DeserializeSearchClients(json); - dispatcher.Dispatch(new SearchClientsSuccessAction { Clients = searchResult.Content, Count = searchResult.Count }); - string SanitizeExpression(string expression) => expression.Replace("Value.", ""); - } + RequestUri = new Uri(baseUrl), + Method = HttpMethod.Get + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var clients = SidJsonSerializer.DeserializeClients(json); + dispatcher.Dispatch(new SearchClientsSuccessAction { Clients = clients, Count = clients.Count() }); + } - [EffectMethod] - public async Task Handle(GetAllClientsAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(AddSpaClientAction action, IDispatcher dispatcher) + { + var newClientBuilder = ClientBuilder.BuildUserAgentClient(action.ClientId, Guid.NewGuid().ToString(), null, action.RedirectionUrls.ToArray()) + .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + var newClient = newClientBuilder.Build(); + await CreateClient(newClient, dispatcher, ClientTypes.SPA); + } + + [EffectMethod] + public async Task Handle(AddMachineClientApplicationAction action, IDispatcher dispatcher) + { + var newClientBuilder = ClientBuilder.BuildApiClient(action.ClientId, action.ClientSecret, null); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + var newClient = newClientBuilder.Build(); + await CreateClient(newClient, dispatcher, ClientTypes.MACHINE); + } + + [EffectMethod] + public async Task Handle(AddWebsiteApplicationAction action, IDispatcher dispatcher) + { + var newClientBuilder = ClientBuilder.BuildTraditionalWebsiteClient(action.ClientId, action.ClientSecret, null, action.RedirectionUrls.ToArray()) + .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + var newClient = newClientBuilder.Build(); + await CreateClient(newClient, dispatcher, ClientTypes.WEBSITE); + } + + [EffectMethod] + public async Task Handle(AddHighlySecuredWebsiteApplicationAction action, IDispatcher dispatcher) + { + var newClientBuilder = ClientBuilder.BuildTraditionalWebsiteClient(action.ClientId, action.ClientSecret, null, action.RedirectionUrls.ToArray()) + .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + + // FAPI2.0 + newClientBuilder.SetSigAuthorizationResponse(SecurityAlgorithms.EcdsaSha256); + newClientBuilder.SetIdTokenSignedResponseAlg(SecurityAlgorithms.EcdsaSha256); + newClientBuilder.SetRequestObjectSigning(SecurityAlgorithms.EcdsaSha256); + var ecdsaSig = ClientKeyGenerator.GenerateECDsaSignatureKey("keyId", SecurityAlgorithms.EcdsaSha256); + var jsonWebKeyStr = ecdsaSig.SerializeJWKStr(); + newClientBuilder.AddSigningKey(ecdsaSig, SecurityAlgorithms.EcdsaSha256, SecurityKeyTypes.ECDSA); + if (action.IsDPoP) { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri(baseUrl), - Method = HttpMethod.Get - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - var clients = SidJsonSerializer.DeserializeClients(json); - dispatcher.Dispatch(new SearchClientsSuccessAction { Clients = clients, Count = clients.Count() }); + newClientBuilder.UseClientPrivateKeyJwtAuthentication(); + newClientBuilder.UseDPOPProof(false); } - - [EffectMethod] - public async Task Handle(AddSpaClientAction action, IDispatcher dispatcher) + else { - var newClientBuilder = ClientBuilder.BuildUserAgentClient(action.ClientId, Guid.NewGuid().ToString(), null, action.RedirectionUrls.ToArray()) - .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - var newClient = newClientBuilder.Build(); - await CreateClient(newClient, dispatcher, ClientTypes.SPA); + newClientBuilder.UseClientTlsAuthentication(action.SubjectName); } - [EffectMethod] - public async Task Handle(AddMachineClientApplicationAction action, IDispatcher dispatcher) + var newClient = newClientBuilder.Build(); + await CreateClient(newClient, dispatcher, ClientTypes.HIGHLYSECUREDWEBSITE, jsonWebKey : jsonWebKeyStr); + } + + [EffectMethod] + public async Task Handle(AddHighlySecuredWebsiteApplicationWithGrantMgtSupportAction action, IDispatcher dispatcher) + { + var newClientBuilder = ClientBuilder.BuildTraditionalWebsiteClient(action.ClientId, action.ClientSecret, null, action.RedirectionUrls.ToArray()) + .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + + // FAPI2.0 + newClientBuilder.SetSigAuthorizationResponse(SecurityAlgorithms.EcdsaSha256); + newClientBuilder.SetIdTokenSignedResponseAlg(SecurityAlgorithms.EcdsaSha256); + newClientBuilder.SetRequestObjectSigning(SecurityAlgorithms.EcdsaSha256); + var ecdsaSig = ClientKeyGenerator.GenerateECDsaSignatureKey("keyId", SecurityAlgorithms.EcdsaSha256); + var jsonWebKeyStr = ecdsaSig.SerializeJWKStr(); + newClientBuilder.AddSigningKey(ecdsaSig, SecurityAlgorithms.EcdsaSha256, SecurityKeyTypes.ECDSA); + if (action.IsDPoP) { - var newClientBuilder = ClientBuilder.BuildApiClient(action.ClientId, action.ClientSecret, null); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - var newClient = newClientBuilder.Build(); - await CreateClient(newClient, dispatcher, ClientTypes.MACHINE); + newClientBuilder.UseClientPrivateKeyJwtAuthentication(); + newClientBuilder.UseDPOPProof(false); } - - [EffectMethod] - public async Task Handle(AddWebsiteApplicationAction action, IDispatcher dispatcher) + else { - var newClientBuilder = ClientBuilder.BuildTraditionalWebsiteClient(action.ClientId, action.ClientSecret, null, action.RedirectionUrls.ToArray()) - .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - var newClient = newClientBuilder.Build(); - await CreateClient(newClient, dispatcher, ClientTypes.WEBSITE); + newClientBuilder.UseClientTlsAuthentication(action.SubjectName); } - [EffectMethod] - public async Task Handle(AddHighlySecuredWebsiteApplicationAction action, IDispatcher dispatcher) - { - var newClientBuilder = ClientBuilder.BuildTraditionalWebsiteClient(action.ClientId, action.ClientSecret, null, action.RedirectionUrls.ToArray()) - .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - - // FAPI2.0 - newClientBuilder.SetSigAuthorizationResponse(SecurityAlgorithms.EcdsaSha256); - newClientBuilder.SetIdTokenSignedResponseAlg(SecurityAlgorithms.EcdsaSha256); - newClientBuilder.SetRequestObjectSigning(SecurityAlgorithms.EcdsaSha256); - var ecdsaSig = ClientKeyGenerator.GenerateECDsaSignatureKey("keyId", SecurityAlgorithms.EcdsaSha256); - var jsonWebKeyStr = ecdsaSig.SerializeJWKStr(); - newClientBuilder.AddSigningKey(ecdsaSig, SecurityAlgorithms.EcdsaSha256, SecurityKeyTypes.ECDSA); - if (action.IsDPoP) - { - newClientBuilder.UseClientPrivateKeyJwtAuthentication(); - newClientBuilder.UseDPOPProof(false); - } - else - { - newClientBuilder.UseClientTlsAuthentication(action.SubjectName); - } + // Grant management + newClientBuilder.AddScope(new Domains.Scope { Name = Constants.StandardScopes.GrantManagementQuery.Name }, new Domains.Scope { Name = Constants.StandardScopes.GrantManagementRevoke.Name }); + var authDataTypes = string.IsNullOrWhiteSpace(action.AuthDataTypes) || action.AuthDataTypes == null ? null : action.AuthDataTypes.Split(';'); + if (authDataTypes != null) + newClientBuilder.AddAuthDataTypes(authDataTypes); - var newClient = newClientBuilder.Build(); - await CreateClient(newClient, dispatcher, ClientTypes.HIGHLYSECUREDWEBSITE, jsonWebKey : jsonWebKeyStr); - } + var newClient = newClientBuilder.Build(); + await CreateClient(newClient, dispatcher, ClientTypes.GRANTMANAGEMENT, jsonWebKey: jsonWebKeyStr); + } - [EffectMethod] - public async Task Handle(AddHighlySecuredWebsiteApplicationWithGrantMgtSupportAction action, IDispatcher dispatcher) - { - var newClientBuilder = ClientBuilder.BuildTraditionalWebsiteClient(action.ClientId, action.ClientSecret, null, action.RedirectionUrls.ToArray()) - .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - - // FAPI2.0 - newClientBuilder.SetSigAuthorizationResponse(SecurityAlgorithms.EcdsaSha256); - newClientBuilder.SetIdTokenSignedResponseAlg(SecurityAlgorithms.EcdsaSha256); - newClientBuilder.SetRequestObjectSigning(SecurityAlgorithms.EcdsaSha256); - var ecdsaSig = ClientKeyGenerator.GenerateECDsaSignatureKey("keyId", SecurityAlgorithms.EcdsaSha256); - var jsonWebKeyStr = ecdsaSig.SerializeJWKStr(); - newClientBuilder.AddSigningKey(ecdsaSig, SecurityAlgorithms.EcdsaSha256, SecurityKeyTypes.ECDSA); - if (action.IsDPoP) - { - newClientBuilder.UseClientPrivateKeyJwtAuthentication(); - newClientBuilder.UseDPOPProof(false); - } - else - { - newClientBuilder.UseClientTlsAuthentication(action.SubjectName); - } + [EffectMethod] + public async Task Handle(AddMobileApplicationAction action, IDispatcher dispatcher) + { + var newClientBuilder = ClientBuilder.BuildMobileApplication(action.ClientId, Guid.NewGuid().ToString(), null, action.RedirectionUrls.ToArray()) + .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + var newClient = newClientBuilder.Build(); + await CreateClient(newClient, dispatcher, ClientTypes.MOBILE); + } - // Grant management - newClientBuilder.AddScope(new Domains.Scope { Name = Constants.StandardScopes.GrantManagementQuery.Name }, new Domains.Scope { Name = Constants.StandardScopes.GrantManagementRevoke.Name }); - var authDataTypes = string.IsNullOrWhiteSpace(action.AuthDataTypes) || action.AuthDataTypes == null ? null : action.AuthDataTypes.Split(';'); - if (authDataTypes != null) - newClientBuilder.AddAuthDataTypes(authDataTypes); + [EffectMethod] + public async Task Handle(AddExternalDeviceApplicationAction action, IDispatcher dispatcher) + { + var newClientBuilder = ClientBuilder.BuildExternalAuthDeviceClient(action.ClientId, action.SubjectName, null) + .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + var newClient = newClientBuilder.Build(); + await CreateClient(newClient, dispatcher, ClientTypes.EXTERNAL); + } - var newClient = newClientBuilder.Build(); - await CreateClient(newClient, dispatcher, ClientTypes.GRANTMANAGEMENT, jsonWebKey: jsonWebKeyStr); - } + [EffectMethod] + public async Task Handle(AddDeviceApplicationAction action, IDispatcher dispatcher) + { + var newClientBuilder = ClientBuilder.BuildDeviceClient(action.ClientId, action.ClientSecret, null) + .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + var newClient = newClientBuilder.Build(); + await CreateClient(newClient, dispatcher, ClientTypes.DEVICE); + } - [EffectMethod] - public async Task Handle(AddMobileApplicationAction action, IDispatcher dispatcher) - { - var newClientBuilder = ClientBuilder.BuildMobileApplication(action.ClientId, Guid.NewGuid().ToString(), null, action.RedirectionUrls.ToArray()) - .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - var newClient = newClientBuilder.Build(); - await CreateClient(newClient, dispatcher, ClientTypes.MOBILE); - } + [EffectMethod] + public async Task Handle(AddCredentialIssuerApplicationAction action, IDispatcher dispatcher) + { + var newClientBuilder = ClientBuilder.BuildCredentialIssuer(action.ClientId, action.ClientSecret, null, action.RedirectionUrls.ToArray()) + .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + var newClient = newClientBuilder.Build(); + await CreateClient(newClient, dispatcher, ClientTypes.CREDENTIAL_ISSUER); + } - [EffectMethod] - public async Task Handle(AddExternalDeviceApplicationAction action, IDispatcher dispatcher) - { - var newClientBuilder = ClientBuilder.BuildExternalAuthDeviceClient(action.ClientId, action.SubjectName, null) - .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - var newClient = newClientBuilder.Build(); - await CreateClient(newClient, dispatcher, ClientTypes.EXTERNAL); - } + [EffectMethod] + public async Task Handle(AddWalletAction action, IDispatcher dispatcher) + { + var newClientBuilder = ClientBuilder.BuildWalletClient(action.ClientId, action.ClientSecret, null); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + var newClient = newClientBuilder.Build(); + await CreateClient(newClient, dispatcher, ClientTypes.WALLET); + } - [EffectMethod] - public async Task Handle(AddDeviceApplicationAction action, IDispatcher dispatcher) - { - var newClientBuilder = ClientBuilder.BuildDeviceClient(action.ClientId, action.ClientSecret, null) - .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - var newClient = newClientBuilder.Build(); - await CreateClient(newClient, dispatcher, ClientTypes.DEVICE); - } + [EffectMethod] + public async Task Handle(AddWsFederationApplicationAction action, IDispatcher dispatcher) + { + var newClientBuilder = WsClientBuilder.BuildWsFederationClient(action.ClientId, null); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + var newClient = newClientBuilder.Build(); + await CreateClient(newClient, dispatcher, WsFederationConstants.CLIENT_TYPE); + } - [EffectMethod] - public async Task Handle(AddCredentialIssuerApplicationAction action, IDispatcher dispatcher) - { - var newClientBuilder = ClientBuilder.BuildCredentialIssuer(action.ClientId, action.ClientSecret, null, action.RedirectionUrls.ToArray()) - .AddScope(new Domains.Scope { Name = Constants.StandardScopes.OpenIdScope.Name }, new Domains.Scope { Name = Constants.StandardScopes.Profile.Name }); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - var newClient = newClientBuilder.Build(); - await CreateClient(newClient, dispatcher, ClientTypes.CREDENTIAL_ISSUER); - } + [EffectMethod] + public async Task Handle(AddSamlSpApplicationAction action, IDispatcher dispatcher) + { + var certificate = KeyGenerator.GenerateSelfSignedCertificate(); + var securityKey = new X509SecurityKey(certificate, Guid.NewGuid().ToString()); + var newClientBuilder = SamlSpClientBuilder.BuildSamlSpClient(action.ClientIdentifier, action.MetadataUrl, certificate, null); + if (!string.IsNullOrWhiteSpace(action.ClientName)) + newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); + newClientBuilder.SetUseAcsArtifact(action.UseAcs); + var newClient = newClientBuilder.Build(); + var pemResult = PemConverter.ConvertFromSecurityKey(securityKey); + await CreateClient(newClient, dispatcher, Saml.Idp.Constants.CLIENT_TYPE, pemResult); + } - [EffectMethod] - public async Task Handle(AddWalletAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(RemoveSelectedClientsAction action, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + foreach(var clientId in action.ClientIds) { - var newClientBuilder = ClientBuilder.BuildWalletClient(action.ClientId, action.ClientSecret, null); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - var newClient = newClientBuilder.Build(); - await CreateClient(newClient, dispatcher, ClientTypes.WALLET); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(clientId)}"), + Method = HttpMethod.Delete + }; + await httpClient.SendAsync(requestMessage); } - [EffectMethod] - public async Task Handle(AddWsFederationApplicationAction action, IDispatcher dispatcher) - { - var newClientBuilder = WsClientBuilder.BuildWsFederationClient(action.ClientId, null); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - var newClient = newClientBuilder.Build(); - await CreateClient(newClient, dispatcher, WsFederationConstants.CLIENT_TYPE); - } + dispatcher.Dispatch(new RemoveSelectedClientsSuccessAction { ClientIds = action.ClientIds }); + } - [EffectMethod] - public async Task Handle(AddSamlSpApplicationAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(GetClientAction action, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - var certificate = KeyGenerator.GenerateSelfSignedCertificate(); - var securityKey = new X509SecurityKey(certificate, Guid.NewGuid().ToString()); - var newClientBuilder = SamlSpClientBuilder.BuildSamlSpClient(action.ClientIdentifier, action.MetadataUrl, certificate, null); - if (!string.IsNullOrWhiteSpace(action.ClientName)) - newClientBuilder.SetClientName(action.ClientName, CultureInfo.CurrentCulture.TwoLetterISOLanguageName); - newClientBuilder.SetUseAcsArtifact(action.UseAcs); - var newClient = newClientBuilder.Build(); - var pemResult = PemConverter.ConvertFromSecurityKey(securityKey); - await CreateClient(newClient, dispatcher, Saml.Idp.Constants.CLIENT_TYPE, pemResult); + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(action.ClientId)}"), + Method = HttpMethod.Get + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + var client = JsonSerializer.Deserialize(json); + dispatcher.Dispatch(new GetClientSuccessAction { Client = client }); } - - [EffectMethod] - public async Task Handle(RemoveSelectedClientsAction action, IDispatcher dispatcher) + catch { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - foreach(var clientId in action.ClientIds) - { - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{clientId}"), - Method = HttpMethod.Delete - }; - await httpClient.SendAsync(requestMessage); - } - - dispatcher.Dispatch(new RemoveSelectedClientsSuccessAction { ClientIds = action.ClientIds }); + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new GetClientFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); } + } - [EffectMethod] - public async Task Handle(GetClientAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(UpdateClientDetailsAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var isTokenExchangeEnabled = false; + var grantTypes = new List(); + if (act.IsClientCredentialsGrantTypeEnabled) + grantTypes.Add(ClientCredentialsHandler.GRANT_TYPE); + if (act.IsPasswordGrantTypeEnabled) + grantTypes.Add(PasswordHandler.GRANT_TYPE); + if (act.IsRefreshTokenGrantTypeEnabled) + grantTypes.Add(RefreshTokenHandler.GRANT_TYPE); + if (act.IsAuthorizationCodeGrantTypeEnabled) + grantTypes.Add(AuthorizationCodeHandler.GRANT_TYPE); + if (act.IsCIBAGrantTypeEnabled) + grantTypes.Add(CIBAHandler.GRANT_TYPE); + if (act.IsUMAGrantTypeEnabled) + grantTypes.Add(UmaTicketHandler.GRANT_TYPE); + if (act.IsDeviceGrantTypeEnabled) + grantTypes.Add(DeviceCodeHandler.GRANT_TYPE); + if (act.IsTokenExchangePreAuthorizedCodeEnabled) + grantTypes.Add(TokenExchangePreAuthorizedCodeHandler.GRANT_TYPE); + if (act.IsTokenExchangeEnabled) { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{action.ClientId}"), - Method = HttpMethod.Get - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try - { - var client = JsonSerializer.Deserialize(json); - dispatcher.Dispatch(new GetClientSuccessAction { Client = client }); - } - catch - { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new GetClientFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); - } + grantTypes.Add(TokenExchangeHandler.GRANT_TYPE); + isTokenExchangeEnabled = true; } - [EffectMethod] - public async Task Handle(UpdateClientDetailsAction act, IDispatcher dispatcher) + var request = new UpdateClientRequest { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var isTokenExchangeEnabled = false; - var grantTypes = new List(); - if (act.IsClientCredentialsGrantTypeEnabled) - grantTypes.Add(ClientCredentialsHandler.GRANT_TYPE); - if (act.IsPasswordGrantTypeEnabled) - grantTypes.Add(PasswordHandler.GRANT_TYPE); - if (act.IsRefreshTokenGrantTypeEnabled) - grantTypes.Add(RefreshTokenHandler.GRANT_TYPE); - if (act.IsAuthorizationCodeGrantTypeEnabled) - grantTypes.Add(AuthorizationCodeHandler.GRANT_TYPE); - if (act.IsCIBAGrantTypeEnabled) - grantTypes.Add(CIBAHandler.GRANT_TYPE); - if (act.IsUMAGrantTypeEnabled) - grantTypes.Add(UmaTicketHandler.GRANT_TYPE); - if (act.IsDeviceGrantTypeEnabled) - grantTypes.Add(DeviceCodeHandler.GRANT_TYPE); - if (act.IsTokenExchangePreAuthorizedCodeEnabled) - grantTypes.Add(TokenExchangePreAuthorizedCodeHandler.GRANT_TYPE); - if (act.IsTokenExchangeEnabled) + RedirectionUrls = act.RedirectionUrls.Split(';'), + ClientName = act.ClientName, + PostLogoutRedirectUris = act.PostLogoutRedirectUris.Split(';'), + FrontChannelLogoutSessionRequired = act.FrontChannelLogoutSessionRequired, + FrontChannelLogoutUri = act.FrontChannelLogoutUri, + BackChannelLogoutUri = act.BackChannelLogoutUri, + BackChannelLogoutSessionRequired = act.BackChannelLogoutSessionRequired, + TokenExchangeType = act.TokenExchangeType, + GrantTypes = grantTypes, + IsTokenExchangeEnabled = isTokenExchangeEnabled, + IsConsentDisabled = !act.IsConsentEnabled, + JwksUrl = act.JwksUrl, + IsRedirectUrlCaseSensitive = act.IsRedirectUrlCaseSensitive, + AccessTokenType = act.AccessTokenType, + RedirectToRevokeSessionUI = act.RedirectToRevokeSessionUI, + DefaultAcrValues = act.DefaultAcrValues, + Parameters = new Dictionary { - grantTypes.Add(TokenExchangeHandler.GRANT_TYPE); - isTokenExchangeEnabled = true; + { ClientExtensions.SAML2_USE_ACS_ARTIFACT_NAME, act.UseAcs.ToString() }, + { ClientExtensions.SAML2_SP_METADATA_NAME, act.MetadataUrl } } - - var request = new UpdateClientRequest + }; + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}"), + Method = HttpMethod.Put, + Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + dispatcher.Dispatch(new UpdateClientDetailsSuccessAction { - RedirectionUrls = act.RedirectionUrls.Split(';'), + ClientId = act.ClientId, ClientName = act.ClientName, - PostLogoutRedirectUris = act.PostLogoutRedirectUris.Split(';'), + RedirectionUrls = act.RedirectionUrls, + PostLogoutRedirectUris = act.PostLogoutRedirectUris, FrontChannelLogoutSessionRequired = act.FrontChannelLogoutSessionRequired, FrontChannelLogoutUri = act.FrontChannelLogoutUri, BackChannelLogoutUri = act.BackChannelLogoutUri, BackChannelLogoutSessionRequired = act.BackChannelLogoutSessionRequired, + IsClientCredentialsGrantTypeEnabled = act.IsClientCredentialsGrantTypeEnabled, + IsPasswordGrantTypeEnabled = act.IsPasswordGrantTypeEnabled, + IsRefreshTokenGrantTypeEnabled = act.IsRefreshTokenGrantTypeEnabled, + IsAuthorizationCodeGrantTypeEnabled = act.IsAuthorizationCodeGrantTypeEnabled, + IsCIBAGrantTypeEnabled = act.IsCIBAGrantTypeEnabled, + IsUMAGrantTypeEnabled = act.IsUMAGrantTypeEnabled, + IsConsentEnabled = act.IsConsentEnabled, + IsDeviceGrantTypeEnabled = act.IsDeviceGrantTypeEnabled, TokenExchangeType = act.TokenExchangeType, - GrantTypes = grantTypes, - IsTokenExchangeEnabled = isTokenExchangeEnabled, - IsConsentDisabled = !act.IsConsentEnabled, - JwksUrl = act.JwksUrl, + IsTokenExchangeEnabled = act.IsTokenExchangeEnabled, IsRedirectUrlCaseSensitive = act.IsRedirectUrlCaseSensitive, - AccessTokenType = act.AccessTokenType, + UseAcs = act.UseAcs, + MetadataUrl = act.MetadataUrl, RedirectToRevokeSessionUI = act.RedirectToRevokeSessionUI, - DefaultAcrValues = act.DefaultAcrValues, - Parameters = new Dictionary - { - { ClientExtensions.SAML2_USE_ACS_ARTIFACT_NAME, act.UseAcs.ToString() }, - { ClientExtensions.SAML2_SP_METADATA_NAME, act.MetadataUrl } - } - }; - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}"), - Method = HttpMethod.Put, - Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try - { - httpResult.EnsureSuccessStatusCode(); - dispatcher.Dispatch(new UpdateClientDetailsSuccessAction - { - ClientId = act.ClientId, - ClientName = act.ClientName, - RedirectionUrls = act.RedirectionUrls, - PostLogoutRedirectUris = act.PostLogoutRedirectUris, - FrontChannelLogoutSessionRequired = act.FrontChannelLogoutSessionRequired, - FrontChannelLogoutUri = act.FrontChannelLogoutUri, - BackChannelLogoutUri = act.BackChannelLogoutUri, - BackChannelLogoutSessionRequired = act.BackChannelLogoutSessionRequired, - IsClientCredentialsGrantTypeEnabled = act.IsClientCredentialsGrantTypeEnabled, - IsPasswordGrantTypeEnabled = act.IsPasswordGrantTypeEnabled, - IsRefreshTokenGrantTypeEnabled = act.IsRefreshTokenGrantTypeEnabled, - IsAuthorizationCodeGrantTypeEnabled = act.IsAuthorizationCodeGrantTypeEnabled, - IsCIBAGrantTypeEnabled = act.IsCIBAGrantTypeEnabled, - IsUMAGrantTypeEnabled = act.IsUMAGrantTypeEnabled, - IsConsentEnabled = act.IsConsentEnabled, - IsDeviceGrantTypeEnabled = act.IsDeviceGrantTypeEnabled, - TokenExchangeType = act.TokenExchangeType, - IsTokenExchangeEnabled = act.IsTokenExchangeEnabled, - IsRedirectUrlCaseSensitive = act.IsRedirectUrlCaseSensitive, - UseAcs = act.UseAcs, - MetadataUrl = act.MetadataUrl, - RedirectToRevokeSessionUI = act.RedirectToRevokeSessionUI, - AccessTokenType = act.AccessTokenType, - DefaultAcrValues = act.DefaultAcrValues - }); - } - catch - { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new UpdateClientDetailsFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); - } + AccessTokenType = act.AccessTokenType, + DefaultAcrValues = act.DefaultAcrValues + }); } - - [EffectMethod] - public async Task Handle(RemoveSelectedClientScopesAction act, IDispatcher dispatcher) + catch { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - foreach (var scopeName in act.ScopeNames) - { - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}/scopes/{scopeName}"), - Method = HttpMethod.Delete - }; - await httpClient.SendAsync(requestMessage); - } - - dispatcher.Dispatch(new RemoveSelectedClientScopesSuccessAction { ClientId = act.ClientId, ScopeNames = act.ScopeNames }); + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new UpdateClientDetailsFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); } + } - [EffectMethod] - public async Task Handle(AddClientScopesAction act, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(RemoveSelectedClientScopesAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + foreach (var scopeName in act.ScopeNames) { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - foreach (var scope in act.Scopes) + var requestMessage = new HttpRequestMessage { - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}/scopes"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new AddClientScopeRequest - { - Name = scope.Name - }), Encoding.UTF8, "application/json") - }; - await httpClient.SendAsync(requestMessage); - } - - dispatcher.Dispatch(new AddClientScopesSuccessAction { ClientId = act.ClientId, Scopes = act.Scopes }); + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}/scopes/{scopeName}"), + Method = HttpMethod.Delete + }; + await httpClient.SendAsync(requestMessage); } - [EffectMethod] - public async Task Handle(GenerateSigKeyAction act, IDispatcher dispatcher) + dispatcher.Dispatch(new RemoveSelectedClientScopesSuccessAction { ClientId = act.ClientId, ScopeNames = act.ScopeNames }); + } + + [EffectMethod] + public async Task Handle(AddClientScopesAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + foreach (var scope in act.Scopes) { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); var requestMessage = new HttpRequestMessage { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}/sigkey/generate"), + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}/scopes"), Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new GenerateSigKeyRequest + Content = new StringContent(JsonSerializer.Serialize(new AddClientScopeRequest { - Alg = act.Alg, - KeyId = act.KeyId, - KeyType = act.KeyType + Name = scope.Name }), Encoding.UTF8, "application/json") }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try - { - httpResult.EnsureSuccessStatusCode(); - var pemResult = PemResult.Deserialize(json); - SigningCredentials sigCredentials = null; - switch (act.KeyType) - { - case SecurityKeyTypes.RSA: - sigCredentials = new SigningCredentials(PemImporter.Import(pemResult, act.KeyId), act.Alg); - break; - case SecurityKeyTypes.CERTIFICATE: - sigCredentials = new SigningCredentials(PemImporter.Import(pemResult, act.KeyId), act.Alg); - break; - case SecurityKeyTypes.ECDSA: - sigCredentials = new SigningCredentials(PemImporter.Import(pemResult, act.KeyId), act.Alg); - break; - } - - dispatcher.Dispatch(new GenerateSigKeySuccessAction { Alg = act.Alg, KeyId = act.KeyId, Credentials = sigCredentials, Pem = pemResult, KeyType = act.KeyType, JsonWebKey = sigCredentials.SerializeJWKStr() }); - } - catch - { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new GenerateKeyFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); - } + await httpClient.SendAsync(requestMessage); } - [EffectMethod] - public async Task Handle(GenerateEncKeyAction act, IDispatcher dispatcher) + dispatcher.Dispatch(new AddClientScopesSuccessAction { ClientId = act.ClientId, Scopes = act.Scopes }); + } + + [EffectMethod] + public async Task Handle(GenerateSigKeyAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}/enckey/generate"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new GenerateEncKeyRequest - { - Alg = act.Alg, - KeyId = act.KeyId, - KeyType = act.KeyType, - Enc = act.Enc - }), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}/sigkey/generate"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new GenerateSigKeyRequest { - httpResult.EnsureSuccessStatusCode(); - var pemResult = PemResult.Deserialize(json); - EncryptingCredentials encCredentials = null; - switch (act.KeyType) - { - case SecurityKeyTypes.RSA: - encCredentials = new EncryptingCredentials(PemImporter.Import(pemResult, act.KeyId), act.Alg, act.Enc); - break; - case SecurityKeyTypes.CERTIFICATE: - encCredentials = new EncryptingCredentials(PemImporter.Import(pemResult, act.KeyId), act.Alg, act.Enc); - break; - } - - dispatcher.Dispatch(new GenerateEncKeySuccessAction { Alg = act.Alg, KeyId = act.KeyId, Credentials = encCredentials, Pem = pemResult, KeyType = act.KeyType, Enc = act.Enc, JsonWebKey = encCredentials.SerializeJWKStr() }); - } - catch + Alg = act.Alg, + KeyId = act.KeyId, + KeyType = act.KeyType + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + var pemResult = PemResult.Deserialize(json); + SigningCredentials sigCredentials = null; + switch (act.KeyType) { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new GenerateKeyFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); + case SecurityKeyTypes.RSA: + sigCredentials = new SigningCredentials(PemImporter.Import(pemResult, act.KeyId), act.Alg); + break; + case SecurityKeyTypes.CERTIFICATE: + sigCredentials = new SigningCredentials(PemImporter.Import(pemResult, act.KeyId), act.Alg); + break; + case SecurityKeyTypes.ECDSA: + sigCredentials = new SigningCredentials(PemImporter.Import(pemResult, act.KeyId), act.Alg); + break; } - } - [EffectMethod] - public async Task Handle(AddSigKeyAction act, IDispatcher dispatcher) + dispatcher.Dispatch(new GenerateSigKeySuccessAction { Alg = act.Alg, KeyId = act.KeyId, Credentials = sigCredentials, Pem = pemResult, KeyType = act.KeyType, JsonWebKey = sigCredentials.SerializeJWKStr() }); + } + catch { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var jsonWebKey = act.Credentials.SerializePublicJWK(); - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}/sigkey"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new AddSigKeyRequest - { - Alg = act.Alg, - KeyId = act.KeyId, - KeyType = act.KeyType, - SerializedJsonWebKey = JsonWebKeySerializer.Write(jsonWebKey), - }), Encoding.UTF8, "application/json") - }; - await httpClient.SendAsync(requestMessage); - dispatcher.Dispatch(new AddSigKeySuccessAction { Alg = act.Alg, ClientId = act.ClientId, Credentials = act.Credentials, KeyId = act.KeyId, KeyType = act.KeyType }); + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new GenerateKeyFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); } + } - [EffectMethod] - public async Task Handle(AddEncKeyAction act, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(GenerateEncKeyAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var jsonWebKey = act.Credentials.SerializePublicJWK(); - var requestMessage = new HttpRequestMessage + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}/enckey/generate"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new GenerateEncKeyRequest { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}/enckey"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new AddSigKeyRequest - { - Alg = act.Alg, - KeyId = act.KeyId, - KeyType = act.KeyType, - SerializedJsonWebKey = JsonWebKeySerializer.Write(jsonWebKey), - }), Encoding.UTF8, "application/json") - }; - await httpClient.SendAsync(requestMessage); - dispatcher.Dispatch(new AddEncKeySuccessAction { Alg = act.Alg, ClientId = act.ClientId, Credentials = act.Credentials, KeyId = act.KeyId, KeyType = act.KeyType, Enc = act.Enc }); - } - - [EffectMethod] - public async Task Handle(RemoveSelectedClientKeysAction act, IDispatcher dispatcher) + Alg = act.Alg, + KeyId = act.KeyId, + KeyType = act.KeyType, + Enc = act.Enc + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - foreach(var keyId in act.KeyIds) + httpResult.EnsureSuccessStatusCode(); + var pemResult = PemResult.Deserialize(json); + EncryptingCredentials encCredentials = null; + switch (act.KeyType) { - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}/keys/{keyId}"), - Method = HttpMethod.Delete - }; - await httpClient.SendAsync(requestMessage); + case SecurityKeyTypes.RSA: + encCredentials = new EncryptingCredentials(PemImporter.Import(pemResult, act.KeyId), act.Alg, act.Enc); + break; + case SecurityKeyTypes.CERTIFICATE: + encCredentials = new EncryptingCredentials(PemImporter.Import(pemResult, act.KeyId), act.Alg, act.Enc); + break; } - dispatcher.Dispatch(new RemoveSelectedClientKeysSuccessAction { ClientId = act.ClientId, KeyIds = act.KeyIds }); + dispatcher.Dispatch(new GenerateEncKeySuccessAction { Alg = act.Alg, KeyId = act.KeyId, Credentials = encCredentials, Pem = pemResult, KeyType = act.KeyType, Enc = act.Enc, JsonWebKey = encCredentials.SerializeJWKStr() }); + } + catch + { + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new GenerateKeyFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); } + } - [EffectMethod] - public async Task Handle(UpdateJWKSUrlAction act, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(AddSigKeyAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var jsonWebKey = act.Credentials.SerializePublicJWK(); + var requestMessage = new HttpRequestMessage { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var request = new UpdateClientRequest - { - RedirectionUrls = act.Client.RedirectionUrls, - ClientName = act.Client.ClientName, - PostLogoutRedirectUris = act.Client.PostLogoutRedirectUris, - FrontChannelLogoutSessionRequired = act.Client.FrontChannelLogoutSessionRequired, - FrontChannelLogoutUri = act.Client.FrontChannelLogoutUri, - BackChannelLogoutUri = act.Client.BackChannelLogoutUri, - BackChannelLogoutSessionRequired = act.Client.BackChannelLogoutSessionRequired, - TokenExchangeType = act.Client.TokenExchangeType, - GrantTypes = act.Client.GrantTypes, - IsTokenExchangeEnabled = act.Client.IsTokenExchangeEnabled, - IsConsentDisabled = act.Client.IsConsentDisabled, - Parameters = new Dictionary(), - JwksUrl = act.JWKSUrl - }; - var requestMessage = new HttpRequestMessage + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}/sigkey"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new AddSigKeyRequest { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}"), - Method = HttpMethod.Put, - Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json") - }; - await httpClient.SendAsync(requestMessage); - dispatcher.Dispatch(new UpdateJWKSUrlSuccessAction { ClientId = act.ClientId, JWKSUrl = act.JWKSUrl }); - } + Alg = act.Alg, + KeyId = act.KeyId, + KeyType = act.KeyType, + SerializedJsonWebKey = JsonWebKeySerializer.Write(jsonWebKey), + }), Encoding.UTF8, "application/json") + }; + await httpClient.SendAsync(requestMessage); + dispatcher.Dispatch(new AddSigKeySuccessAction { Alg = act.Alg, ClientId = act.ClientId, Credentials = act.Credentials, KeyId = act.KeyId, KeyType = act.KeyType }); + } - [EffectMethod] - public async Task Handle(UpdateClientCredentialsAction act, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(AddEncKeyAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var jsonWebKey = act.Credentials.SerializePublicJWK(); + var requestMessage = new HttpRequestMessage { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var request = new UpdateClientCredentialsRequest + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}/enckey"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new AddSigKeyRequest { - ClientSecret = act.ClientSecret, - TlsClientAuthSanDNS = act.TlsClientAuthSanDNS, - TlsClientAuthSanEmail = act.TlsClientAuthSanEmail, - TlsClientAuthSanIp = act.TlsClientAuthSanIP, - TlsClientAuthSubjectDN = act.TlsClientAuthSubjectDN, - TokenEndpointAuthMethod = act.AuthMethod - }; + Alg = act.Alg, + KeyId = act.KeyId, + KeyType = act.KeyType, + SerializedJsonWebKey = JsonWebKeySerializer.Write(jsonWebKey), + }), Encoding.UTF8, "application/json") + }; + await httpClient.SendAsync(requestMessage); + dispatcher.Dispatch(new AddEncKeySuccessAction { Alg = act.Alg, ClientId = act.ClientId, Credentials = act.Credentials, KeyId = act.KeyId, KeyType = act.KeyType, Enc = act.Enc }); + } + + [EffectMethod] + public async Task Handle(RemoveSelectedClientKeysAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + foreach(var keyId in act.KeyIds) + { var requestMessage = new HttpRequestMessage { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}/credentials"), - Method = HttpMethod.Put, - Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json") + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}/keys/{keyId}"), + Method = HttpMethod.Delete }; await httpClient.SendAsync(requestMessage); - dispatcher.Dispatch(new UpdateClientCredentialsSuccessAction - { - AuthMethod = act.AuthMethod, - ClientId = act.ClientId, - ClientSecret = act.ClientSecret, - TlsClientAuthSubjectDN = act.TlsClientAuthSubjectDN, - TlsClientAuthSanDNS = act.TlsClientAuthSanDNS, - TlsClientAuthSanEmail = act.TlsClientAuthSanEmail, - TlsClientAuthSanIP = act.TlsClientAuthSanIP - }); } - [EffectMethod] - public async Task Handle(AddClientRoleAction act, IDispatcher dispatcher) + dispatcher.Dispatch(new RemoveSelectedClientKeysSuccessAction { ClientId = act.ClientId, KeyIds = act.KeyIds }); + } + + [EffectMethod] + public async Task Handle(UpdateJWKSUrlAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var request = new UpdateClientRequest { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var request = new AddClientRoleRequest - { - Description = act.Description, - Name = act.Name - }; - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}/roles"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try - { - httpResult.EnsureSuccessStatusCode(); - var newScope = JsonSerializer.Deserialize(json); - dispatcher.Dispatch(new AddClientRoleSuccessAction - { - Scope = newScope - }); - } - catch + RedirectionUrls = act.Client.RedirectionUrls, + ClientName = act.Client.ClientName, + PostLogoutRedirectUris = act.Client.PostLogoutRedirectUris, + FrontChannelLogoutSessionRequired = act.Client.FrontChannelLogoutSessionRequired, + FrontChannelLogoutUri = act.Client.FrontChannelLogoutUri, + BackChannelLogoutUri = act.Client.BackChannelLogoutUri, + BackChannelLogoutSessionRequired = act.Client.BackChannelLogoutSessionRequired, + TokenExchangeType = act.Client.TokenExchangeType, + GrantTypes = act.Client.GrantTypes, + IsTokenExchangeEnabled = act.Client.IsTokenExchangeEnabled, + IsConsentDisabled = act.Client.IsConsentDisabled, + Parameters = new Dictionary(), + JwksUrl = act.JWKSUrl + }; + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}"), + Method = HttpMethod.Put, + Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json") + }; + await httpClient.SendAsync(requestMessage); + dispatcher.Dispatch(new UpdateJWKSUrlSuccessAction { ClientId = act.ClientId, JWKSUrl = act.JWKSUrl }); + } + + [EffectMethod] + public async Task Handle(UpdateClientCredentialsAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var request = new UpdateClientCredentialsRequest + { + ClientSecret = act.ClientSecret, + TlsClientAuthSanDNS = act.TlsClientAuthSanDNS, + TlsClientAuthSanEmail = act.TlsClientAuthSanEmail, + TlsClientAuthSanIp = act.TlsClientAuthSanIP, + TlsClientAuthSubjectDN = act.TlsClientAuthSubjectDN, + TokenEndpointAuthMethod = act.AuthMethod + }; + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}/credentials"), + Method = HttpMethod.Put, + Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json") + }; + await httpClient.SendAsync(requestMessage); + dispatcher.Dispatch(new UpdateClientCredentialsSuccessAction + { + AuthMethod = act.AuthMethod, + ClientId = act.ClientId, + ClientSecret = act.ClientSecret, + TlsClientAuthSubjectDN = act.TlsClientAuthSubjectDN, + TlsClientAuthSanDNS = act.TlsClientAuthSanDNS, + TlsClientAuthSanEmail = act.TlsClientAuthSanEmail, + TlsClientAuthSanIP = act.TlsClientAuthSanIP + }); + } + + [EffectMethod] + public async Task Handle(AddClientRoleAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var request = new AddClientRoleRequest + { + Description = act.Description, + Name = act.Name + }; + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}/roles"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + var newScope = JsonSerializer.Deserialize(json); + dispatcher.Dispatch(new AddClientRoleSuccessAction { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new AddClientRoleFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); - } + Scope = newScope + }); } + catch + { + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new AddClientRoleFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); + } + } - [EffectMethod] - public async Task Handle(UpdateAdvancedClientSettingsAction act, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(UpdateAdvancedClientSettingsAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var request = new UpdateAdvancedClientSettingsRequest { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var request = new UpdateAdvancedClientSettingsRequest + TokenSignedResponseAlg = act.TokenSignedResponseAlg, + IdTokenSignedResponseAlg = act.IdTokenSignedResponseAlg, + AuthorizationSignedResponseAlg = act.AuthorizationSignedResponseAlg, + AuthorizationDataTypes = string.IsNullOrWhiteSpace(act.AuthorizationDataTypes) ? new List() : act.AuthorizationDataTypes.Split(';'), + ResponseTypes = act.ResponseTypes?.ToList(), + DPOPBoundAccessTokens = act.IsDPoPRequired, + DPOPNonceLifetimeInSeconds = act.DPOPNonceLifetimeInSeconds, + IsDPOPNonceRequired = act.IsDPoPNonceRequired, + TokenExpirationTimeInSeconds = act.TokenExpirationTimeInSeconds + }; + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}/advanced"), + Method = HttpMethod.Put, + Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + dispatcher.Dispatch(new UpdateAdvancedClientSettingsSuccessAction { - TokenSignedResponseAlg = act.TokenSignedResponseAlg, - IdTokenSignedResponseAlg = act.IdTokenSignedResponseAlg, + TokenSignedResponseAlg = request.TokenSignedResponseAlg, + AuthorizationDataTypes = request.AuthorizationDataTypes, + ResponseTypes = act.ResponseTypes, AuthorizationSignedResponseAlg = act.AuthorizationSignedResponseAlg, - AuthorizationDataTypes = string.IsNullOrWhiteSpace(act.AuthorizationDataTypes) ? new List() : act.AuthorizationDataTypes.Split(';'), - ResponseTypes = act.ResponseTypes?.ToList(), - DPOPBoundAccessTokens = act.IsDPoPRequired, + IdTokenSignedResponseAlg = act.IdTokenSignedResponseAlg, DPOPNonceLifetimeInSeconds = act.DPOPNonceLifetimeInSeconds, - IsDPOPNonceRequired = act.IsDPoPNonceRequired, + IsDPoPNonceRequired = act.IsDPoPNonceRequired, + IsDPoPRequired = act.IsDPoPRequired, TokenExpirationTimeInSeconds = act.TokenExpirationTimeInSeconds - }; - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{act.ClientId}/advanced"), - Method = HttpMethod.Put, - Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try - { - httpResult.EnsureSuccessStatusCode(); - dispatcher.Dispatch(new UpdateAdvancedClientSettingsSuccessAction - { - TokenSignedResponseAlg = request.TokenSignedResponseAlg, - AuthorizationDataTypes = request.AuthorizationDataTypes, - ResponseTypes = act.ResponseTypes, - AuthorizationSignedResponseAlg = act.AuthorizationSignedResponseAlg, - IdTokenSignedResponseAlg = act.IdTokenSignedResponseAlg, - DPOPNonceLifetimeInSeconds = act.DPOPNonceLifetimeInSeconds, - IsDPoPNonceRequired = act.IsDPoPNonceRequired, - IsDPoPRequired = act.IsDPoPRequired, - TokenExpirationTimeInSeconds = act.TokenExpirationTimeInSeconds - }); - } - catch - { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new UpdateAdvancedClientSettingsFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); - } + }); } - - private async Task CreateClient(Domains.Client client, IDispatcher dispatcher, string clientType, PemResult pemResult = null, string jsonWebKey = null) + catch { - var baseUrl = await GetClientsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri(baseUrl), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(client), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try - { - httpResult.EnsureSuccessStatusCode(); - dispatcher.Dispatch(new AddClientSuccessAction { ClientId = client.ClientId, ClientName = client.ClientName, Language = client.Translations.FirstOrDefault()?.Language, ClientType = clientType, Pem = pemResult, JsonWebKeyStr = jsonWebKey }); - } - catch - { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new AddClientFailureAction { ClientId = client.ClientId, ErrorMessage = jsonObj["error_description"].GetValue() }); - } + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new UpdateAdvancedClientSettingsFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); } + } - private Task GetClientsUrl() => GetBaseUrl("clients"); - - private async Task GetBaseUrl(string subUrl) + [EffectMethod] + public async Task Handle(UpdateClientRealmsAction act, IDispatcher dispatcher) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var request = new UpdateClientRealmsRequest { - if (_configuration.IsReamEnabled) - { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; - return $"{_configuration.IdServerBaseUrl}/{realmStr}/{subUrl}"; - } + Realms = act.Realms + }; + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri($"{baseUrl}/{System.Web.HttpUtility.UrlEncode(act.ClientId)}/realms"), + Method = HttpMethod.Put, + Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json") + }; + await httpClient.SendAsync(requestMessage); + dispatcher.Dispatch(new UpdateClientRealmsSuccessAction()); + } - return $"{_configuration.IdServerBaseUrl}/{subUrl}"; + private async Task CreateClient(Domains.Client client, IDispatcher dispatcher, string clientType, PemResult pemResult = null, string jsonWebKey = null) + { + var baseUrl = await GetClientsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri(baseUrl), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(client), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + dispatcher.Dispatch(new AddClientSuccessAction { ClientId = client.ClientId, ClientName = client.ClientName, Language = client.Translations.FirstOrDefault()?.Language, ClientType = clientType, Pem = pemResult, JsonWebKeyStr = jsonWebKey }); } - - private async Task GetRealm() + catch { - if (!_configuration.IsReamEnabled) return SimpleIdServer.IdServer.Constants.DefaultRealm; - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; - return realmStr; + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new AddClientFailureAction { ClientId = client.ClientId, ErrorMessage = jsonObj["error_description"].GetValue() }); } } - public class SearchClientsAction - { - public string? Filter { get; set; } = null; - public string? OrderBy { get; set; } = null; - public int? Skip { get; set; } = null; - public int? Take { get; set; } = null; - } + private Task GetClientsUrl() => GetBaseUrl("clients"); - public class GetAllClientsAction + private async Task GetBaseUrl(string subUrl) { - } + if (_configuration.IsReamEnabled) + { + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; + return $"{_configuration.IdServerBaseUrl}/{realmStr}/{subUrl}"; + } - public class SearchClientsSuccessAction - { - public IEnumerable Clients { get; set; } = new List(); - public int Count { get; set; } + return $"{_configuration.IdServerBaseUrl}/{subUrl}"; } +} - public class AddSpaClientAction - { - public IEnumerable RedirectionUrls { get; set; } = new List(); - public string ClientId { get; set; } = null!; - public string? ClientName { get; set; } = null; - } +public class SearchClientsAction +{ + public string? Filter { get; set; } = null; + public string? OrderBy { get; set; } = null; + public int? Skip { get; set; } = null; + public int? Take { get; set; } = null; +} - public class AddWebsiteApplicationAction - { - public IEnumerable RedirectionUrls { get; set; } = new List(); - public string ClientId { get; set; } = null!; - public string ClientSecret { get; set; } = null!; - public string? ClientName { get; set; } = null; - } +public class GetAllClientsAction +{ +} - public class AddSamlSpApplicationAction - { - public string ClientName { get; set; } = null!; - public string ClientIdentifier { get; set; } = null!; - public string MetadataUrl { get; set; } = null!; - public bool UseAcs { get; set; } = false; - } +public class SearchClientsSuccessAction +{ + public IEnumerable Clients { get; set; } = new List(); + public int Count { get; set; } +} - public class AddHighlySecuredWebsiteApplicationAction - { - public IEnumerable RedirectionUrls { get; set; } = new List(); - public string ClientId { get; set; } = null!; - public string ClientSecret { get; set; } = null!; - public string? ClientName { get; set; } = null; - public string? SubjectName { get; set; } = null; - public bool IsDPoP { get; set; } = false; - } +public class AddSpaClientAction +{ + public IEnumerable RedirectionUrls { get; set; } = new List(); + public string ClientId { get; set; } = null!; + public string? ClientName { get; set; } = null; +} - public class AddHighlySecuredWebsiteApplicationWithGrantMgtSupportAction - { - public IEnumerable RedirectionUrls { get; set; } = new List(); - public string ClientId { get; set; } = null!; - public string ClientSecret { get; set; } = null!; - public string? ClientName { get; set; } = null; - public string? SubjectName { get; set; } = null; - public bool IsDPoP { get; set; } = false; - public string? AuthDataTypes { get; set; } = null; - } +public class AddWebsiteApplicationAction +{ + public IEnumerable RedirectionUrls { get; set; } = new List(); + public string ClientId { get; set; } = null!; + public string ClientSecret { get; set; } = null!; + public string? ClientName { get; set; } = null; +} - public class AddMobileApplicationAction - { - public IEnumerable RedirectionUrls { get; set; } = new List(); - public string ClientId { get; set; } = null!; - public string? ClientName { get; set; } = null; - } +public class AddSamlSpApplicationAction +{ + public string ClientName { get; set; } = null!; + public string ClientIdentifier { get; set; } = null!; + public string MetadataUrl { get; set; } = null!; + public bool UseAcs { get; set; } = false; +} - public class AddExternalDeviceApplicationAction - { - public string ClientId { get; set; } = null!; - public string? ClientName { get; set; } = null; - public string SubjectName { get; set; } = null!; - } +public class AddHighlySecuredWebsiteApplicationAction +{ + public IEnumerable RedirectionUrls { get; set; } = new List(); + public string ClientId { get; set; } = null!; + public string ClientSecret { get; set; } = null!; + public string? ClientName { get; set; } = null; + public string? SubjectName { get; set; } = null; + public bool IsDPoP { get; set; } = false; +} - public class AddDeviceApplicationAction - { - public string ClientId { get; set; } = null!; - public string ClientName { get; set; } = null!; - public string ClientSecret { get; set; } = null!; - } +public class AddHighlySecuredWebsiteApplicationWithGrantMgtSupportAction +{ + public IEnumerable RedirectionUrls { get; set; } = new List(); + public string ClientId { get; set; } = null!; + public string ClientSecret { get; set; } = null!; + public string? ClientName { get; set; } = null; + public string? SubjectName { get; set; } = null; + public bool IsDPoP { get; set; } = false; + public string? AuthDataTypes { get; set; } = null; +} - public class AddCredentialIssuerApplicationAction - { - public string ClientId { get; set; } = null!; - public string ClientName { get; set; } = null!; - public string ClientSecret { get; set; } = null!; - public IEnumerable RedirectionUrls { get; set; } = new List(); - } +public class AddMobileApplicationAction +{ + public IEnumerable RedirectionUrls { get; set; } = new List(); + public string ClientId { get; set; } = null!; + public string? ClientName { get; set; } = null; +} - public class AddWalletAction - { - public string ClientId { get; set; } - public string ClientSecret { get; set; } - public string ClientName { get; set; } - } +public class AddExternalDeviceApplicationAction +{ + public string ClientId { get; set; } = null!; + public string? ClientName { get; set; } = null; + public string SubjectName { get; set; } = null!; +} - public class AddWsFederationApplicationAction - { - public string ClientId { get; set; } = null!; - public string? ClientName { get; set; } = null; - } +public class AddDeviceApplicationAction +{ + public string ClientId { get; set; } = null!; + public string ClientName { get; set; } = null!; + public string ClientSecret { get; set; } = null!; +} - public class AddMachineClientApplicationAction - { - public string ClientId { get; set; } = null!; - public string ClientSecret { get; set; } = null!; - public string? ClientName { get; set; } = null; - } +public class AddCredentialIssuerApplicationAction +{ + public string ClientId { get; set; } = null!; + public string ClientName { get; set; } = null!; + public string ClientSecret { get; set; } = null!; + public IEnumerable RedirectionUrls { get; set; } = new List(); +} - public class AddClientFailureAction - { - public string ClientId { get; set; } = null!; - public string ErrorMessage { get; set; } = null; - } +public class AddWalletAction +{ + public string ClientId { get; set; } + public string ClientSecret { get; set; } + public string ClientName { get; set; } +} - public class AddClientSuccessAction - { - public string ClientId { get; set; } = null!; - public string? ClientName { get; set; } = null; - public string? Language { get; set; } = null; - public string ClientType { get; set; } - public string? JsonWebKeyStr { get; set; } = null; - public PemResult? Pem { get; set; } = null; - } +public class AddWsFederationApplicationAction +{ + public string ClientId { get; set; } = null!; + public string? ClientName { get; set; } = null; +} - public class RemoveSelectedClientsAction - { - public IEnumerable ClientIds { get; set; } = new List(); - } +public class AddMachineClientApplicationAction +{ + public string ClientId { get; set; } = null!; + public string ClientSecret { get; set; } = null!; + public string? ClientName { get; set; } = null; +} - public class RemoveSelectedClientsSuccessAction - { - public IEnumerable ClientIds { get; set; } = new List(); - } +public class AddClientFailureAction +{ + public string ClientId { get; set; } = null!; + public string ErrorMessage { get; set; } = null; +} - public class ToggleClientSelectionAction - { - public bool IsSelected { get; set; } = false; - public string ClientId { get; set; } = null!; - } +public class AddClientSuccessAction +{ + public string ClientId { get; set; } = null!; + public string? ClientName { get; set; } = null; + public string? Language { get; set; } = null; + public string ClientType { get; set; } + public string? JsonWebKeyStr { get; set; } = null; + public PemResult? Pem { get; set; } = null; +} - public class ToggleAllClientSelectionAction - { - public bool IsSelected { get; set; } = false; - } +public class RemoveSelectedClientsAction +{ + public IEnumerable ClientIds { get; set; } = new List(); +} - public class GetClientAction - { - public string ClientId { get; set; } = null!; - } +public class RemoveSelectedClientsSuccessAction +{ + public IEnumerable ClientIds { get; set; } = new List(); +} - public class GetClientFailureAction - { - public string ErrorMessage { get; set; } = null!; - } +public class ToggleClientSelectionAction +{ + public bool IsSelected { get; set; } = false; + public string ClientId { get; set; } = null!; +} - public class GetClientSuccessAction - { - public Domains.Client Client { get; set; } = null!; - } +public class ToggleAllClientSelectionAction +{ + public bool IsSelected { get; set; } = false; +} - public class UpdateClientDetailsAction - { - public string ClientId { get; set; } = null!; - public string? ClientName { get; set; } = null; - public string? RedirectionUrls { get; set; } = null; - public string? PostLogoutRedirectUris { get; set; } = null; - public bool FrontChannelLogoutSessionRequired { get; set; } - public string? FrontChannelLogoutUri { get; set; } = null; - public string? BackChannelLogoutUri { get; set; } = null; - public bool BackChannelLogoutSessionRequired { get; set; } - public bool IsClientCredentialsGrantTypeEnabled { get; set; } - public bool IsPasswordGrantTypeEnabled { get; set; } - public bool IsRefreshTokenGrantTypeEnabled { get; set; } - public bool IsAuthorizationCodeGrantTypeEnabled { get; set; } - public bool IsCIBAGrantTypeEnabled { get; set; } - public bool IsUMAGrantTypeEnabled { get; set; } - public bool IsConsentEnabled { get; set; } - public bool IsDeviceGrantTypeEnabled { get; set; } - public bool IsTokenExchangeEnabled { get; set; } - public bool UseAcs { get; set; } - public string MetadataUrl { get; set; } - public string JwksUrl { get; set; } - public TokenExchangeTypes? TokenExchangeType { get; set; } - public bool IsRedirectUrlCaseSensitive { get; set; } - public AccessTokenTypes AccessTokenType { get; set; } - public bool RedirectToRevokeSessionUI { get; set; } - public bool IsTokenExchangePreAuthorizedCodeEnabled { get; set; } - public ICollection DefaultAcrValues { get; set; } - } +public class GetClientAction +{ + public string ClientId { get; set; } = null!; +} - public class UpdateClientDetailsSuccessAction - { - public string ClientId { get; set; } = null!; - public string? ClientName { get; set; } = null; - public string? RedirectionUrls { get; set; } = null; - public string? PostLogoutRedirectUris { get; set; } = null; - public bool FrontChannelLogoutSessionRequired { get; set; } - public string? FrontChannelLogoutUri { get; set; } = null; - public string? BackChannelLogoutUri { get; set; } = null; - public bool BackChannelLogoutSessionRequired { get; set; } - public bool IsClientCredentialsGrantTypeEnabled { get; set; } - public bool IsPasswordGrantTypeEnabled { get; set; } - public bool IsRefreshTokenGrantTypeEnabled { get; set; } - public bool IsAuthorizationCodeGrantTypeEnabled { get; set; } - public bool IsCIBAGrantTypeEnabled { get; set; } - public bool IsUMAGrantTypeEnabled { get; set; } - public bool IsConsentEnabled { get; set; } - public bool IsDeviceGrantTypeEnabled { get; set; } - public TokenExchangeTypes? TokenExchangeType { get; set; } - public bool IsTokenExchangeEnabled { get; set; } - public bool IsRedirectUrlCaseSensitive { get; set; } - public bool UseAcs { get; set; } - public string MetadataUrl { get; set; } - public AccessTokenTypes AccessTokenType { get; set; } - public bool RedirectToRevokeSessionUI { get; set; } - public ICollection DefaultAcrValues { get; set; } - } +public class GetClientFailureAction +{ + public string ErrorMessage { get; set; } = null!; +} - public class UpdateClientDetailsFailureAction - { - public string ErrorMessage { get; set; } - } +public class GetClientSuccessAction +{ + public Domains.Client Client { get; set; } = null!; +} - public class ToggleAllClientScopeSelectionAction - { - public bool IsSelected { get; set; } = false; - } +public class UpdateClientDetailsAction +{ + public string ClientId { get; set; } = null!; + public string? ClientName { get; set; } = null; + public string? RedirectionUrls { get; set; } = null; + public string? PostLogoutRedirectUris { get; set; } = null; + public bool FrontChannelLogoutSessionRequired { get; set; } + public string? FrontChannelLogoutUri { get; set; } = null; + public string? BackChannelLogoutUri { get; set; } = null; + public bool BackChannelLogoutSessionRequired { get; set; } + public bool IsClientCredentialsGrantTypeEnabled { get; set; } + public bool IsPasswordGrantTypeEnabled { get; set; } + public bool IsRefreshTokenGrantTypeEnabled { get; set; } + public bool IsAuthorizationCodeGrantTypeEnabled { get; set; } + public bool IsCIBAGrantTypeEnabled { get; set; } + public bool IsUMAGrantTypeEnabled { get; set; } + public bool IsConsentEnabled { get; set; } + public bool IsDeviceGrantTypeEnabled { get; set; } + public bool IsTokenExchangeEnabled { get; set; } + public bool UseAcs { get; set; } + public string MetadataUrl { get; set; } + public string JwksUrl { get; set; } + public TokenExchangeTypes? TokenExchangeType { get; set; } + public bool IsRedirectUrlCaseSensitive { get; set; } + public AccessTokenTypes AccessTokenType { get; set; } + public bool RedirectToRevokeSessionUI { get; set; } + public bool IsTokenExchangePreAuthorizedCodeEnabled { get; set; } + public ICollection DefaultAcrValues { get; set; } +} - public class ToggleClientScopeSelectionAction - { - public string ClientId { get; set; } = null!; - public string ScopeName { get; set; } = null!; - public bool IsSelected { get; set; } - } +public class UpdateClientDetailsSuccessAction +{ + public string ClientId { get; set; } = null!; + public string? ClientName { get; set; } = null; + public string? RedirectionUrls { get; set; } = null; + public string? PostLogoutRedirectUris { get; set; } = null; + public bool FrontChannelLogoutSessionRequired { get; set; } + public string? FrontChannelLogoutUri { get; set; } = null; + public string? BackChannelLogoutUri { get; set; } = null; + public bool BackChannelLogoutSessionRequired { get; set; } + public bool IsClientCredentialsGrantTypeEnabled { get; set; } + public bool IsPasswordGrantTypeEnabled { get; set; } + public bool IsRefreshTokenGrantTypeEnabled { get; set; } + public bool IsAuthorizationCodeGrantTypeEnabled { get; set; } + public bool IsCIBAGrantTypeEnabled { get; set; } + public bool IsUMAGrantTypeEnabled { get; set; } + public bool IsConsentEnabled { get; set; } + public bool IsDeviceGrantTypeEnabled { get; set; } + public TokenExchangeTypes? TokenExchangeType { get; set; } + public bool IsTokenExchangeEnabled { get; set; } + public bool IsRedirectUrlCaseSensitive { get; set; } + public bool UseAcs { get; set; } + public string MetadataUrl { get; set; } + public AccessTokenTypes AccessTokenType { get; set; } + public bool RedirectToRevokeSessionUI { get; set; } + public ICollection DefaultAcrValues { get; set; } +} - public class RemoveSelectedClientScopesAction - { - public string ClientId { get; set; } = null!; - public IEnumerable ScopeNames { get; set; } = new List(); - } +public class UpdateClientDetailsFailureAction +{ + public string ErrorMessage { get; set; } +} - public class RemoveSelectedClientScopesSuccessAction - { - public string ClientId { get; set; } = null!; - public IEnumerable ScopeNames { get; set; } = new List(); - } +public class ToggleAllClientScopeSelectionAction +{ + public bool IsSelected { get; set; } = false; +} - public class ToggleEditableClientScopeSelectionAction - { - public bool IsSelected { get; set; } - public string ScopeName { get; set; } = null!; - } +public class ToggleClientScopeSelectionAction +{ + public string ClientId { get; set; } = null!; + public string ScopeName { get; set; } = null!; + public bool IsSelected { get; set; } +} - public class ToggleAllEditableClientScopeSelectionAction - { - public bool IsSelected { get; set; } - } +public class RemoveSelectedClientScopesAction +{ + public string ClientId { get; set; } = null!; + public IEnumerable ScopeNames { get; set; } = new List(); +} - public class AddClientScopesAction - { - public string ClientId { get; set; } = null!; - public IEnumerable Scopes { get; set; } = new List(); - } - public class AddClientScopesSuccessAction - { - public string ClientId { get; set; } = null!; - public IEnumerable Scopes { get; set; } = new List(); - } +public class RemoveSelectedClientScopesSuccessAction +{ + public string ClientId { get; set; } = null!; + public IEnumerable ScopeNames { get; set; } = new List(); +} - public class GenerateSigKeyAction - { - public string ClientId { get; set; } = null!; - public string KeyId { get; set; } = null!; - public SecurityKeyTypes KeyType { get; set; } - public string Alg { get; set; } = null!; - } +public class ToggleEditableClientScopeSelectionAction +{ + public bool IsSelected { get; set; } + public string ScopeName { get; set; } = null!; +} - public class GenerateSigKeySuccessAction - { - public string KeyId { get; set; } = null!; - public string Alg { get; set; } = null!; - public SigningCredentials Credentials { get; set; } = null!; - public SecurityKeyTypes KeyType { get; set; } - public PemResult Pem { get; set; } = null!; - public string JsonWebKey { get; set; } = null!; - } +public class ToggleAllEditableClientScopeSelectionAction +{ + public bool IsSelected { get; set; } +} - public class GenerateEncKeySuccessAction - { - public string KeyId { get; set; } = null!; - public string Alg { get; set; } = null!; - public string Enc { get; set; } = null!; - public EncryptingCredentials Credentials { get; set; } = null!; - public SecurityKeyTypes KeyType { get; set; } - public PemResult Pem { get; set; } = null!; - public string JsonWebKey { get; set; } = null!; - } +public class AddClientScopesAction +{ + public string ClientId { get; set; } = null!; + public IEnumerable Scopes { get; set; } = new List(); +} - public class GenerateEncKeyAction - { - public string ClientId { get; set; } = null!; - public string KeyId { get; set; } = null!; - public SecurityKeyTypes KeyType { get; set; } - public string Alg { get; set; } = null!; - public string Enc { get; set; } = null!; - } +public class AddClientScopesSuccessAction +{ + public string ClientId { get; set; } = null!; + public IEnumerable Scopes { get; set; } = new List(); +} - public class GenerateKeyFailureAction - { - public string ErrorMessage { get; set; } = null!; - } +public class GenerateSigKeyAction +{ + public string ClientId { get; set; } = null!; + public string KeyId { get; set; } = null!; + public SecurityKeyTypes KeyType { get; set; } + public string Alg { get; set; } = null!; +} - public class AddSigKeyAction - { - public string ClientId { get; set; } = null!; - public string KeyId { get; set; } = null!; - public string Alg { get; set; } = null!; - public SecurityKeyTypes KeyType { get; set; } - public SigningCredentials Credentials { get; set; } = null!; - } +public class GenerateSigKeySuccessAction +{ + public string KeyId { get; set; } = null!; + public string Alg { get; set; } = null!; + public SigningCredentials Credentials { get; set; } = null!; + public SecurityKeyTypes KeyType { get; set; } + public PemResult Pem { get; set; } = null!; + public string JsonWebKey { get; set; } = null!; +} - public class AddEncKeyAction - { - public string ClientId { get; set; } = null!; - public string KeyId { get; set; } = null!; - public string Alg { get; set; } = null!; - public string Enc { get; set; } = null!; - public SecurityKeyTypes KeyType { get; set; } - public EncryptingCredentials Credentials { get; set; } = null!; - } +public class GenerateEncKeySuccessAction +{ + public string KeyId { get; set; } = null!; + public string Alg { get; set; } = null!; + public string Enc { get; set; } = null!; + public EncryptingCredentials Credentials { get; set; } = null!; + public SecurityKeyTypes KeyType { get; set; } + public PemResult Pem { get; set; } = null!; + public string JsonWebKey { get; set; } = null!; +} - public class AddSigKeySuccessAction - { - public string ClientId { get; set; } = null!; - public string KeyId { get; set; } = null!; - public string Alg { get; set; } = null!; - public SecurityKeyTypes KeyType { get; set; } - public SigningCredentials Credentials { get; set; } = null!; - } +public class GenerateEncKeyAction +{ + public string ClientId { get; set; } = null!; + public string KeyId { get; set; } = null!; + public SecurityKeyTypes KeyType { get; set; } + public string Alg { get; set; } = null!; + public string Enc { get; set; } = null!; +} - public class AddEncKeySuccessAction - { - public string ClientId { get; set; } = null!; - public string KeyId { get; set; } = null!; - public string Alg { get; set; } = null!; - public string Enc { get; set; } = null!; - public SecurityKeyTypes KeyType { get; set; } - public EncryptingCredentials Credentials { get; set; } = null!; - } +public class GenerateKeyFailureAction +{ + public string ErrorMessage { get; set; } = null!; +} - public class ToggleAllClientKeySelectionAction - { - public bool IsSelected { get; set; } = false; - } +public class AddSigKeyAction +{ + public string ClientId { get; set; } = null!; + public string KeyId { get; set; } = null!; + public string Alg { get; set; } = null!; + public SecurityKeyTypes KeyType { get; set; } + public SigningCredentials Credentials { get; set; } = null!; +} - public class ToggleClientKeySelectionAction - { - public bool IsSelected { get; set; } = false; - public string KeyId { get; set; } = null!; - } +public class AddEncKeyAction +{ + public string ClientId { get; set; } = null!; + public string KeyId { get; set; } = null!; + public string Alg { get; set; } = null!; + public string Enc { get; set; } = null!; + public SecurityKeyTypes KeyType { get; set; } + public EncryptingCredentials Credentials { get; set; } = null!; +} - public class RemoveSelectedClientKeysAction - { - public string ClientId { get; set; } = null!; - public IEnumerable KeyIds { get; set; } = new List(); - } +public class AddSigKeySuccessAction +{ + public string ClientId { get; set; } = null!; + public string KeyId { get; set; } = null!; + public string Alg { get; set; } = null!; + public SecurityKeyTypes KeyType { get; set; } + public SigningCredentials Credentials { get; set; } = null!; +} - public class RemoveSelectedClientKeysSuccessAction - { - public string ClientId { get; set; } = null!; - public IEnumerable KeyIds { get; set; } = new List(); - } +public class AddEncKeySuccessAction +{ + public string ClientId { get; set; } = null!; + public string KeyId { get; set; } = null!; + public string Alg { get; set; } = null!; + public string Enc { get; set; } = null!; + public SecurityKeyTypes KeyType { get; set; } + public EncryptingCredentials Credentials { get; set; } = null!; +} - public class UpdateJWKSUrlAction - { - public string ClientId { get; set; } = null!; - public string JWKSUrl { get; set; } = null!; - public Domains.Client Client { get; set; } = null!; - } +public class ToggleAllClientKeySelectionAction +{ + public bool IsSelected { get; set; } = false; +} - public class UpdateJWKSUrlSuccessAction - { - public string ClientId { get; set; } = null!; - public string JWKSUrl { get; set; } = null!; - } +public class ToggleClientKeySelectionAction +{ + public bool IsSelected { get; set; } = false; + public string KeyId { get; set; } = null!; +} - public class UpdateClientCredentialsAction - { - public string ClientId { get; set; } - public string AuthMethod { get; set; } = null!; - public string? ClientSecret { get; set; } = null; - public string? TlsClientAuthSubjectDN { get; set; } = null; - public string? TlsClientAuthSanDNS { get; set; } = null; - public string? TlsClientAuthSanEmail { get; set; } = null; - public string? TlsClientAuthSanIP { get; set; } = null; - } +public class RemoveSelectedClientKeysAction +{ + public string ClientId { get; set; } = null!; + public IEnumerable KeyIds { get; set; } = new List(); +} - public class UpdateClientCredentialsSuccessAction - { - public string ClientId { get; set; } - public string AuthMethod { get; set; } = null!; - public string? ClientSecret { get; set; } = null; - public string? TlsClientAuthSubjectDN { get; set; } = null; - public string? TlsClientAuthSanDNS { get; set; } = null; - public string? TlsClientAuthSanEmail { get; set; } = null; - public string? TlsClientAuthSanIP { get; set; } = null; - } +public class RemoveSelectedClientKeysSuccessAction +{ + public string ClientId { get; set; } = null!; + public IEnumerable KeyIds { get; set; } = new List(); +} - public class AddClientRoleAction - { - public string ClientId { get; set; } - public string Name { get; set; } - public string Description { get; set; } - } +public class UpdateJWKSUrlAction +{ + public string ClientId { get; set; } = null!; + public string JWKSUrl { get; set; } = null!; + public SimpleIdServer.IdServer.Domains.Client Client { get; set; } = null!; +} - public class AddClientRoleSuccessAction - { - public Domains.Scope Scope { get; set; } - } +public class UpdateJWKSUrlSuccessAction +{ + public string ClientId { get; set; } = null!; + public string JWKSUrl { get; set; } = null!; +} - public class AddClientRoleFailureAction - { - public string ErrorMessage { get; set; } - } +public class UpdateClientCredentialsAction +{ + public string ClientId { get; set; } + public string AuthMethod { get; set; } = null!; + public string? ClientSecret { get; set; } = null; + public string? TlsClientAuthSubjectDN { get; set; } = null; + public string? TlsClientAuthSanDNS { get; set; } = null; + public string? TlsClientAuthSanEmail { get; set; } = null; + public string? TlsClientAuthSanIP { get; set; } = null; +} - public class ToggleClientRoleAction - { - public string RoleId { get; set; } - public bool IsSelected { get; set; } - } +public class UpdateClientCredentialsSuccessAction +{ + public string ClientId { get; set; } + public string AuthMethod { get; set; } = null!; + public string? ClientSecret { get; set; } = null; + public string? TlsClientAuthSubjectDN { get; set; } = null; + public string? TlsClientAuthSanDNS { get; set; } = null; + public string? TlsClientAuthSanEmail { get; set; } = null; + public string? TlsClientAuthSanIP { get; set; } = null; +} - public class ToggleAllClientRolesAction - { - public bool IsSelected { get; set; } - } +public class AddClientRoleAction +{ + public string ClientId { get; set; } + public string Name { get; set; } + public string Description { get; set; } +} - public class UpdateAdvancedClientSettingsAction - { - public string ClientId { get; set; } = null!; - public string? TokenSignedResponseAlg { get; set; } - public string? IdTokenSignedResponseAlg { get; set; } - public string? AuthorizationSignedResponseAlg { get; set; } - public string? AuthorizationDataTypes { get; set; } - public IEnumerable ResponseTypes { get; set; } - public bool IsDPoPRequired { get; set; } = false; - public bool IsDPoPNonceRequired { get; set; } = false; - public double DPOPNonceLifetimeInSeconds { get; set; } - public double TokenExpirationTimeInSeconds { get; set; } - } +public class AddClientRoleSuccessAction +{ + public SimpleIdServer.IdServer.Domains.Scope Scope { get; set; } +} - public class UpdateAdvancedClientSettingsSuccessAction - { - public string? IdTokenSignedResponseAlg { get; set; } - public string? AuthorizationSignedResponseAlg { get; set; } - public IEnumerable AuthorizationDataTypes { get; set; } - public IEnumerable ResponseTypes { get; set; } - public bool IsDPoPRequired { get; set; } = false; - public bool IsDPoPNonceRequired { get; set; } = false; - public double DPOPNonceLifetimeInSeconds { get; set; } - public double TokenExpirationTimeInSeconds { get; set; } - public string? TokenSignedResponseAlg { get; set; } - } +public class AddClientRoleFailureAction +{ + public string ErrorMessage { get; set; } +} - public class UpdateAdvancedClientSettingsFailureAction - { - public string ErrorMessage { get; set; } - } +public class ToggleClientRoleAction +{ + public string RoleId { get; set; } + public bool IsSelected { get; set; } +} - public class GenerateClientSigKeyAction - { +public class ToggleAllClientRolesAction +{ + public bool IsSelected { get; set; } +} - } +public class UpdateAdvancedClientSettingsAction +{ + public string ClientId { get; set; } = null!; + public string? TokenSignedResponseAlg { get; set; } + public string? IdTokenSignedResponseAlg { get; set; } + public string? AuthorizationSignedResponseAlg { get; set; } + public string? AuthorizationDataTypes { get; set; } + public IEnumerable ResponseTypes { get; set; } + public bool IsDPoPRequired { get; set; } = false; + public bool IsDPoPNonceRequired { get; set; } = false; + public double DPOPNonceLifetimeInSeconds { get; set; } + public double TokenExpirationTimeInSeconds { get; set; } +} - public class StartAddClientAction - { +public class UpdateAdvancedClientSettingsSuccessAction +{ + public string? IdTokenSignedResponseAlg { get; set; } + public string? AuthorizationSignedResponseAlg { get; set; } + public IEnumerable AuthorizationDataTypes { get; set; } + public IEnumerable ResponseTypes { get; set; } + public bool IsDPoPRequired { get; set; } = false; + public bool IsDPoPNonceRequired { get; set; } = false; + public double DPOPNonceLifetimeInSeconds { get; set; } + public double TokenExpirationTimeInSeconds { get; set; } + public string? TokenSignedResponseAlg { get; set; } +} - } +public class UpdateAdvancedClientSettingsFailureAction +{ + public string ErrorMessage { get; set; } +} + +public class GenerateClientSigKeyAction +{ + +} + +public class StartAddClientAction +{ - public class StartGenerateClientKeyAction { } } + +public class StartGenerateClientKeyAction { } + +public class UpdateClientRealmsAction +{ + public string ClientId { get; set; } + public List Realms { get; set; } +} + +public class UpdateClientRealmsSuccessAction +{ + +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ClientStore/ClientReducers.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ClientStore/ClientReducers.cs index 694238f89..c2d46244b 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ClientStore/ClientReducers.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ClientStore/ClientReducers.cs @@ -8,8 +8,6 @@ using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Saml.Idp.Extensions; using SimpleIdServer.IdServer.Website.Stores.ScopeStore; -using SimpleIdServer.IdServer.Website.Stores.UserStore; -using System.IdentityModel.Tokens.Jwt; namespace SimpleIdServer.IdServer.Website.Stores.ClientStore { diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ConfigurationDefinitionStore/ConfigurationDefinitionEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ConfigurationDefinitionStore/ConfigurationDefinitionEffects.cs index dd2a25639..ab55221a9 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ConfigurationDefinitionStore/ConfigurationDefinitionEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ConfigurationDefinitionStore/ConfigurationDefinitionEffects.cs @@ -4,6 +4,8 @@ using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using SimpleIdServer.Configuration.DTOs; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using System.Text.Json; namespace SimpleIdServer.IdServer.Website.Stores.ConfigurationDefinitionStore; @@ -12,13 +14,13 @@ public class ConfigurationDefinitionEffects { private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - public ConfigurationDefinitionEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage sessionStorage) + public ConfigurationDefinitionEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) { _websiteHttpClientFactory = websiteHttpClientFactory; _options = options.Value; - _sessionStorage = sessionStorage; } [EffectMethod] @@ -40,8 +42,8 @@ private async Task GetBaseUrl() { if(_options.IsReamEnabled) { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return $"{_options.IdServerBaseUrl}/{realmStr}/confdefs"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/AddFederationEntityState.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/AddFederationEntityState.cs new file mode 100644 index 000000000..5bcd89756 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/AddFederationEntityState.cs @@ -0,0 +1,20 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Fluxor; + +namespace SimpleIdServer.IdServer.Website.Stores.FederationEntityStore; + +[FeatureState] +public record AddFederationEntityState +{ + public AddFederationEntityState() { } + + public AddFederationEntityState(bool isAdding) + { + IsAdding = isAdding; + } + + public bool IsAdding { get; set; } = false; + public string ErrorMessage { get; set; } +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/FederationEntityEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/FederationEntityEffects.cs new file mode 100644 index 000000000..954acabc7 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/FederationEntityEffects.cs @@ -0,0 +1,168 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Fluxor; +using Microsoft.Extensions.Options; +using SimpleIdServer.IdServer.Federation.Apis.FederationEntity; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; +using SimpleIdServer.OpenidFederation.Domains; +using System.Text; +using System.Text.Json; +using System.Text.Json.Nodes; + +namespace SimpleIdServer.IdServer.Website.Stores.FederationEntityStore; + +public class FederationEntityEffects +{ + private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; + private readonly IdServerWebsiteOptions _options; + + public FederationEntityEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) + { + _websiteHttpClientFactory = websiteHttpClientFactory; + _options = options.Value; + } + + [EffectMethod] + public async Task Handle(SearchFederationEntitiesAction action, IDispatcher dispatcher) + { + var baseUrl = await GetFederationEntitiesUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri($"{baseUrl}/.search"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new SearchRequest + { + Filter = SanitizeExpression(action.Filter), + OrderBy = SanitizeExpression(action.OrderBy), + Skip = action.Skip, + Take = action.Take + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var searchResult = SidJsonSerializer.Deserialize>(json); + dispatcher.Dispatch(new SearchFederationEntitiesSuccessAction { FederationEntities = searchResult.Content, Count = searchResult.Count }); + + string SanitizeExpression(string expression) => expression.Replace("FederationEntity.", "").Replace("Value", ""); + } + + [EffectMethod] + public async Task Handle(AddTrustedAnchorAction action, IDispatcher dispatcher) + { + var baseUrl = await GetFederationEntitiesUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri($"{baseUrl}/trustanchors"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new AddTrustedAnchorRequest + { + Url = action.Url + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + var federationEntity = SidJsonSerializer.Deserialize(json); + dispatcher.Dispatch(new AddTrustedAnchorSuccessAction { FederationEntity = federationEntity }); + } + catch + { + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new AddTrustedAnchorFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); + } + } + + [EffectMethod] + public async Task Handle(RemoveFederationEntitiesAction action, IDispatcher dispatcher) + { + var baseUrl = await GetFederationEntitiesUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + foreach(var id in action.Ids) + { + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri($"{baseUrl}/{id}"), + Method = HttpMethod.Delete + }; + await httpClient.SendAsync(requestMessage); + } + + dispatcher.Dispatch(new RemoveFederationEntitiesSuccessAction { Ids = action.Ids }); + } + + private async Task GetFederationEntitiesUrl() + { + if (_options.IsReamEnabled) + { + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; + return $"{_options.IdServerBaseUrl}/{realmStr}/federationentities"; + } + + return $"{_options.IdServerBaseUrl}/federationentities"; + } +} + +public class SearchFederationEntitiesAction +{ + public string? Filter { get; set; } = null; + public string? OrderBy { get; set; } = null; + public int? Skip { get; set; } = null; + public int? Take { get; set; } = null; + public bool OnlyRoot { get; set; } = true; +} + +public class SearchFederationEntitiesSuccessAction +{ + public IEnumerable FederationEntities { get; set; } = new List(); + public int Count { get; set; } +} + +public class AddTrustedAnchorAction +{ + public string Url { get; set; } +} + +public class AddTrustedAnchorSuccessAction +{ + public FederationEntity FederationEntity { get; set; } +} + +public class AddTrustedAnchorFailureAction +{ + public string ErrorMessage { get; set; } +} + +public class StartAddTrustAnchorAction +{ + +} + +public class ToggleFederationEntityAction +{ + public bool IsSelected { get; set; } = false; + public string Id { get; set; } = null!; +} + +public class ToggleAllFederationEntitiesAction +{ + public bool IsSelected { get; set; } = false; +} + +public class RemoveFederationEntitiesAction +{ + public List Ids { get; set; } +} + +public class RemoveFederationEntitiesSuccessAction +{ + public List Ids { get; set; } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/FederationEntityReducers.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/FederationEntityReducers.cs new file mode 100644 index 000000000..1d4852250 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/FederationEntityReducers.cs @@ -0,0 +1,150 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Fluxor; +using SimpleIdServer.IdServer.Website.Pages; +using SimpleIdServer.OpenidFederation.Domains; + +namespace SimpleIdServer.IdServer.Website.Stores.FederationEntityStore; + +public static class FederationEntityReducers +{ + #region SearchFederationEntitiesState + + [ReducerMethod] + public static SearchFederationEntitiesState ReduceSearchFederationEntitiesAction(SearchFederationEntitiesState state, SearchFederationEntitiesAction act) => new(true, new List(), 0); + + [ReducerMethod] + public static SearchFederationEntitiesState ReduceSearchFederationEntitiesAction(SearchFederationEntitiesState state, RemoveFederationEntitiesAction act) + { + return state with + { + IsLoading = true + }; + } + + [ReducerMethod] + public static SearchFederationEntitiesState ReduceSearchFederationEntitiesSuccessAction(SearchFederationEntitiesState state, SearchFederationEntitiesSuccessAction act) + { + return state with + { + IsLoading = false, + FederationEntities = act.FederationEntities.Select(c => new SelectableFederationEntity(c)), + Count = act.Count + }; + } + + [ReducerMethod] + public static SearchFederationEntitiesState ReduceAddTrustedAnchorAction(SearchFederationEntitiesState state, AddTrustedAnchorAction act) + { + return state with + { + IsLoading = true + }; + } + + [ReducerMethod] + public static SearchFederationEntitiesState ReduceAddTrustedAnchorSuccessAction(SearchFederationEntitiesState state, AddTrustedAnchorSuccessAction act) + { + var federationEntities = state.FederationEntities?.ToList(); + if (federationEntities == null) return state; + federationEntities.Add(new SelectableFederationEntity(act.FederationEntity) { IsNew = true }); + return state with + { + FederationEntities = federationEntities, + Count = federationEntities.Count(), + IsLoading = false + }; + } + + [ReducerMethod] + public static SearchFederationEntitiesState ReduceAddTrustedAnchorFailureAction(SearchFederationEntitiesState state, AddTrustedAnchorFailureAction act) + { + return state with + { + IsLoading = false + }; + } + + [ReducerMethod] + public static SearchFederationEntitiesState ReduceRemoveFederationEntitiesSuccessAction(SearchFederationEntitiesState state, RemoveFederationEntitiesSuccessAction act) + { + var federationEntities = state.FederationEntities.ToList(); + var filteredFederationEntities = federationEntities.Where(f => !act.Ids.Contains(f.FederationEntity.Id)); + return state with + { + IsLoading = false, + Count = filteredFederationEntities.Count(), + FederationEntities = filteredFederationEntities + }; + } + + [ReducerMethod] + public static SearchFederationEntitiesState ReduceToggleFederationEntityAction(SearchFederationEntitiesState state, ToggleFederationEntityAction act) + { + var federationEntities = state.FederationEntities.ToList(); + var record = federationEntities.Single(e => e.FederationEntity.Id == act.Id); + record.IsSelected = act.IsSelected; + return state with + { + FederationEntities = federationEntities + }; + } + + [ReducerMethod] + public static SearchFederationEntitiesState ReduceToggleAllFederationEntitiesAction(SearchFederationEntitiesState state, ToggleAllFederationEntitiesAction act) + { + var federationEntities = state.FederationEntities; + foreach (var federationEntity in federationEntities) + federationEntity.IsSelected = act.IsSelected; + return state with + { + FederationEntities = federationEntities + }; + } + + #endregion + + #region AddFederationEntityState + + [ReducerMethod] + public static AddFederationEntityState ReduceStartAddTrustAnchorAction(AddFederationEntityState state, StartAddTrustAnchorAction act) + { + return state with + { + IsAdding = false, + ErrorMessage = null + }; + } + + [ReducerMethod] + public static AddFederationEntityState ReduceAddTrustedAnchorAction(AddFederationEntityState state, AddTrustedAnchorAction act) + { + return state with + { + IsAdding = true, + ErrorMessage = null + }; + } + + [ReducerMethod] + public static AddFederationEntityState ReduceAddTrustedAnchorSuccessAction(AddFederationEntityState state, AddTrustedAnchorSuccessAction act) + { + return state with + { + IsAdding = false, + ErrorMessage = null + }; + } + + [ReducerMethod] + public static AddFederationEntityState ReduceAddTrustedAnchorFailureAction(AddFederationEntityState state, AddTrustedAnchorFailureAction act) + { + return state with + { + IsAdding = false, + ErrorMessage = act.ErrorMessage + }; + } + + #endregion +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/SearchFederationEntitiesState.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/SearchFederationEntitiesState.cs new file mode 100644 index 000000000..e14caf201 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/FederationEntityStore/SearchFederationEntitiesState.cs @@ -0,0 +1,40 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Fluxor; +using SimpleIdServer.OpenidFederation.Domains; + +namespace SimpleIdServer.IdServer.Website.Stores.FederationEntityStore; + +[FeatureState] +public record SearchFederationEntitiesState +{ + public SearchFederationEntitiesState() + { + + } + + public SearchFederationEntitiesState(bool isLoading, IEnumerable federationEntities, int nb) + { + FederationEntities = federationEntities.Select(g => new SelectableFederationEntity(g)); + IsLoading = isLoading; + Count = nb; + } + + public IEnumerable? FederationEntities { get; set; } = null; + public int Count { get; set; } = 0; + public bool IsLoading { get; set; } = true; +} + +public class SelectableFederationEntity +{ + public SelectableFederationEntity(FederationEntity federationEntity) + { + FederationEntity = federationEntity; + } + + public bool IsSelected { get; set; } = false; + public bool IsNew { get; set; } = false; + public FederationEntity FederationEntity { get; set; } + +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupEffects.cs index e355afc46..1a87fea28 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupEffects.cs @@ -1,346 +1,345 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.Groups; using SimpleIdServer.IdServer.Domains; -using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using System.Text; using System.Text.Json; using System.Text.Json.Nodes; -namespace SimpleIdServer.IdServer.Website.Stores.GroupStore +namespace SimpleIdServer.IdServer.Website.Stores.GroupStore; + +public interface IGroupService { - public interface IGroupService + Task Get(string id); +} + +public class GroupEffects : IGroupService +{ + private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; + private readonly IdServerWebsiteOptions _options; + + public GroupEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) { - Task Get(string id); + _websiteHttpClientFactory = websiteHttpClientFactory; + _options = options.Value; } - public class GroupEffects : IGroupService + public async Task Get(string id) { - private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; - private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - - public GroupEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage sessionStorage) + var baseUrl = await GetGroupsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - _websiteHttpClientFactory = websiteHttpClientFactory; - _options = options.Value; - _sessionStorage = sessionStorage; - } + RequestUri = new Uri($"{baseUrl}/{id}"), + Method = HttpMethod.Get + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var getResult = SidJsonSerializer.Deserialize(json); + return getResult; + } - public async Task Get(string id) + [EffectMethod] + public async Task Handle(SearchGroupsAction action, IDispatcher dispatcher) + { + var baseUrl = await GetGroupsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - var baseUrl = await GetGroupsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var requestMessage = new HttpRequestMessage + RequestUri = new Uri($"{baseUrl}/.search"), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new SearchGroupsRequest { - RequestUri = new Uri($"{baseUrl}/{id}"), - Method = HttpMethod.Get - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - var getResult = SidJsonSerializer.Deserialize(json); - return getResult; - } + Filter = SanitizeExpression(action.Filter), + OrderBy = SanitizeExpression(action.OrderBy), + Skip = action.Skip, + Take = action.Take, + OnlyRoot = action.OnlyRoot + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var searchResult = SidJsonSerializer.Deserialize>(json); + dispatcher.Dispatch(new SearchGroupsSuccessAction { Groups = searchResult.Content, Count = searchResult.Count }); + + string SanitizeExpression(string expression) => expression.Replace("Group.", "").Replace("Value", ""); + } - [EffectMethod] - public async Task Handle(SearchGroupsAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(RemoveSelectedGroupsAction action, IDispatcher dispatcher) + { + var baseUrl = await GetGroupsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + foreach(var fullPath in action.FullPathLst) { - var baseUrl = await GetGroupsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); var requestMessage = new HttpRequestMessage { - RequestUri = new Uri($"{baseUrl}/.search"), + RequestUri = new Uri($"{baseUrl}/delete"), Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new SearchGroupsRequest + Content = new StringContent(JsonSerializer.Serialize(new RemoveGroupRequest { - Filter = SanitizeExpression(action.Filter), - OrderBy = SanitizeExpression(action.OrderBy), - Skip = action.Skip, - Take = action.Take, - OnlyRoot = action.OnlyRoot + FullPath = fullPath }), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - var searchResult = SidJsonSerializer.Deserialize>(json); - dispatcher.Dispatch(new SearchGroupsSuccessAction { Groups = searchResult.Content, Count = searchResult.Count }); - - string SanitizeExpression(string expression) => expression.Replace("Group.", "").Replace("Value", ""); + }; + await httpClient.SendAsync(requestMessage); } - [EffectMethod] - public async Task Handle(RemoveSelectedGroupsAction action, IDispatcher dispatcher) + dispatcher.Dispatch(new RemoveSelectedGroupsSuccessAction { FullPathLst = action.FullPathLst }); + } + + [EffectMethod] + public async Task Handle(AddGroupAction action, IDispatcher dispatcher) + { + var baseUrl = await GetGroupsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - var baseUrl = await GetGroupsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - foreach(var fullPath in action.FullPathLst) + RequestUri = new Uri(baseUrl), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(new AddGroupRequest { - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/delete"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new RemoveGroupRequest - { - FullPath = fullPath - }), Encoding.UTF8, "application/json") - }; - await httpClient.SendAsync(requestMessage); - } - - dispatcher.Dispatch(new RemoveSelectedGroupsSuccessAction { FullPathLst = action.FullPathLst }); + Description = action.Description, + Name = action.Name, + ParentGroupId = action.ParentId + }), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + var newGroup = JsonSerializer.Deserialize(json); + dispatcher.Dispatch(new AddGroupSuccessAction + { + Description = action.Description, + Id = newGroup.Id, + Name = action.Name, + ParentGroupId = action.ParentId, + FullPath = newGroup.FullPath + }); } + catch + { + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new AddGroupFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); + } + } - [EffectMethod] - public async Task Handle(AddGroupAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(GetGroupAction action, IDispatcher dispatcher) + { + var getResult = await Get(action.Id); + dispatcher.Dispatch(new GetGroupSuccessAction { Group = getResult.Target, RootGroup = getResult.Root }); + } + + [EffectMethod] + public async Task Handle(AddGroupRolesAction action, IDispatcher dispatcher) + { + var baseUrl = await GetGroupsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var roles = new List(); + foreach(var scopeName in action.ScopeNames) { - var baseUrl = await GetGroupsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); var requestMessage = new HttpRequestMessage { - RequestUri = new Uri(baseUrl), + RequestUri = new Uri($"{baseUrl}/{action.GroupId}/roles"), Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new AddGroupRequest + Content = new StringContent(JsonSerializer.Serialize(new AddGroupRoleRequest { - Description = action.Description, - Name = action.Name, - ParentGroupId = action.ParentId + Scope = scopeName }), Encoding.UTF8, "application/json") }; var httpResult = await httpClient.SendAsync(requestMessage); var json = await httpResult.Content.ReadAsStringAsync(); - try - { - httpResult.EnsureSuccessStatusCode(); - var newGroup = JsonSerializer.Deserialize(json); - dispatcher.Dispatch(new AddGroupSuccessAction - { - Description = action.Description, - Id = newGroup.Id, - Name = action.Name, - ParentGroupId = action.ParentId, - FullPath = newGroup.FullPath - }); - } - catch - { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new AddGroupFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); - } - } - - [EffectMethod] - public async Task Handle(GetGroupAction action, IDispatcher dispatcher) - { - var getResult = await Get(action.Id); - dispatcher.Dispatch(new GetGroupSuccessAction { Group = getResult.Target, RootGroup = getResult.Root }); - } - - [EffectMethod] - public async Task Handle(AddGroupRolesAction action, IDispatcher dispatcher) - { - var baseUrl = await GetGroupsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var roles = new List(); - foreach(var scopeName in action.ScopeNames) - { - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{action.GroupId}/roles"), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(new AddGroupRoleRequest - { - Scope = scopeName - }), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - roles.Add(SidJsonSerializer.Deserialize(json)); - } - - dispatcher.Dispatch(new AddGroupRolesSuccessAction { Roles = roles }); + roles.Add(SidJsonSerializer.Deserialize(json)); } - [EffectMethod] - public async Task Handle(RemoveSelectedGroupRolesAction action, IDispatcher dispatcher) - { - var baseUrl = await GetGroupsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - foreach (var roleId in action.RoleIds) - { - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri($"{baseUrl}/{action.Id}/roles/{roleId}"), - Method = HttpMethod.Delete - }; - await httpClient.SendAsync(requestMessage); - } - - dispatcher.Dispatch(new RemoveSelectedGroupRolesSuccessAction { Id = action.Id, RoleIds = action.RoleIds }); - } + dispatcher.Dispatch(new AddGroupRolesSuccessAction { Roles = roles }); + } - [EffectMethod] - public async Task Handle(GetHierarchicalGroupAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(RemoveSelectedGroupRolesAction action, IDispatcher dispatcher) + { + var baseUrl = await GetGroupsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + foreach (var roleId in action.RoleIds) { - var baseUrl = await GetGroupsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); var requestMessage = new HttpRequestMessage { - RequestUri = new Uri($"{baseUrl}/{action.GroupId}/hierarchy"), - Method = HttpMethod.Get + RequestUri = new Uri($"{baseUrl}/{action.Id}/roles/{roleId}"), + Method = HttpMethod.Delete }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - var result = JsonSerializer.Deserialize>(json); - dispatcher.Dispatch(new GetHierarchicalGroupSuccessAction { GroupId = action.GroupId, Result = result }); + await httpClient.SendAsync(requestMessage); } - private async Task GetGroupsUrl() - { - if (_options.IsReamEnabled) - { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; - return $"{_options.IdServerBaseUrl}/{realmStr}/groups"; - } - - return $"{_options.IdServerBaseUrl}/groups"; - } + dispatcher.Dispatch(new RemoveSelectedGroupRolesSuccessAction { Id = action.Id, RoleIds = action.RoleIds }); } - public class SearchGroupsAction + [EffectMethod] + public async Task Handle(GetHierarchicalGroupAction action, IDispatcher dispatcher) { - public string? Filter { get; set; } = null; - public string? OrderBy { get; set; } = null; - public int? Skip { get; set; } = null; - public int? Take { get; set; } = null; - public bool OnlyRoot { get; set; } = true; + var baseUrl = await GetGroupsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage + { + RequestUri = new Uri($"{baseUrl}/{action.GroupId}/hierarchy"), + Method = HttpMethod.Get + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var result = JsonSerializer.Deserialize>(json); + dispatcher.Dispatch(new GetHierarchicalGroupSuccessAction { GroupId = action.GroupId, Result = result }); } - public class SearchGroupsSuccessAction + private async Task GetGroupsUrl() { - public IEnumerable Groups { get; set; } = new List(); - public int Count { get; set; } - } + if (_options.IsReamEnabled) + { + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; + return $"{_options.IdServerBaseUrl}/{realmStr}/groups"; + } - public class ToggleAllGroupSelectionAction - { - public bool IsSelected { get; set; } + return $"{_options.IdServerBaseUrl}/groups"; } +} - public class ToggleGroupSelectionAction - { - public bool IsSelected { get; set; } - public string GroupId { get; set; } - } +public class SearchGroupsAction +{ + public string? Filter { get; set; } = null; + public string? OrderBy { get; set; } = null; + public int? Skip { get; set; } = null; + public int? Take { get; set; } = null; + public bool OnlyRoot { get; set; } = true; +} - public class RemoveSelectedGroupsAction - { - public IEnumerable FullPathLst { get; set; } - } +public class SearchGroupsSuccessAction +{ + public IEnumerable Groups { get; set; } = new List(); + public int Count { get; set; } +} - public class RemoveSelectedGroupsSuccessAction - { - public IEnumerable FullPathLst { get; set; } - } +public class ToggleAllGroupSelectionAction +{ + public bool IsSelected { get; set; } +} - public class AddGroupAction - { - public string Name { get; set; } - public string Description { get; set; } - public string ParentId { get; set; } - } +public class ToggleGroupSelectionAction +{ + public bool IsSelected { get; set; } + public string GroupId { get; set; } +} - public class AddGroupFailureAction - { - public string ErrorMessage { get; set; } - } +public class RemoveSelectedGroupsAction +{ + public IEnumerable FullPathLst { get; set; } +} - public class AddGroupSuccessAction - { - public string Id { get; set; } - public string Name { get; set; } - public string Description { get; set; } - public string ParentGroupId { get; set; } - public string FullPath { get; set; } - } +public class RemoveSelectedGroupsSuccessAction +{ + public IEnumerable FullPathLst { get; set; } +} - public class GetGroupAction - { - public string Id { get; set; } - } +public class AddGroupAction +{ + public string Name { get; set; } + public string Description { get; set; } + public string ParentId { get; set; } +} - public class GetGroupSuccessAction - { - public Group Group { get; set; } - public Group RootGroup { get; set; } - } +public class AddGroupFailureAction +{ + public string ErrorMessage { get; set; } +} - public class GetGroupFailureAction - { - public string ErrorMessage { get; set; } - } +public class AddGroupSuccessAction +{ + public string Id { get; set; } + public string Name { get; set; } + public string Description { get; set; } + public string ParentGroupId { get; set; } + public string FullPath { get; set; } +} - public class SelectAllGroupMembersAction - { - public bool IsSelected { get; set; } - } +public class GetGroupAction +{ + public string Id { get; set; } +} - public class SelectGroupMemberAction - { - public string MemberId { get; set; } - public bool IsSelected { get; set; } - } - - public class ToggleAllGroupRolesAction - { - public bool IsSelected { get; set; } - } +public class GetGroupSuccessAction +{ + public Group Group { get; set; } + public Group RootGroup { get; set; } +} - public class ToggleGroupRoleAction - { - public bool IsSelected { get; set; } - public string Id { get; set; } - } +public class GetGroupFailureAction +{ + public string ErrorMessage { get; set; } +} - public class RemoveSelectedGroupRolesAction - { - public string Id { get; set; } - public IEnumerable RoleIds { get; set; } - } +public class SelectAllGroupMembersAction +{ + public bool IsSelected { get; set; } +} - public class RemoveSelectedGroupRolesSuccessAction - { - public string Id { get; set; } - public IEnumerable RoleIds { get; set; } - } +public class SelectGroupMemberAction +{ + public string MemberId { get; set; } + public bool IsSelected { get; set; } +} - public class AddGroupRolesAction - { - public string GroupId { get; set; } = null!; - public IEnumerable ScopeNames { get; set; } = new List(); - } +public class ToggleAllGroupRolesAction +{ + public bool IsSelected { get; set; } +} - public class AddGroupRolesSuccessAction - { - public IEnumerable Roles { get; set; } - } +public class ToggleGroupRoleAction +{ + public bool IsSelected { get; set; } + public string Id { get; set; } +} - public class StartAddGroupAction - { +public class RemoveSelectedGroupRolesAction +{ + public string Id { get; set; } + public IEnumerable RoleIds { get; set; } +} - } +public class RemoveSelectedGroupRolesSuccessAction +{ + public string Id { get; set; } + public IEnumerable RoleIds { get; set; } +} - public class GetHierarchicalGroupAction - { - public string GroupId { get; set; } - } +public class AddGroupRolesAction +{ + public string GroupId { get; set; } = null!; + public IEnumerable ScopeNames { get; set; } = new List(); +} - public class GetHierarchicalGroupSuccessAction - { - public string GroupId { get; set; } - public List Result { get; set; } - } +public class AddGroupRolesSuccessAction +{ + public IEnumerable Roles { get; set; } +} + +public class StartAddGroupAction +{ + +} + +public class GetHierarchicalGroupAction +{ + public string GroupId { get; set; } +} + +public class GetHierarchicalGroupSuccessAction +{ + public string GroupId { get; set; } + public List Result { get; set; } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupReducers.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupReducers.cs index 5c6ea4417..a04cf46da 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupReducers.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupReducers.cs @@ -362,7 +362,7 @@ public static GroupRolesState ReduceSearchScopesSuccessAction(GroupRolesState st if (state.GroupRoles == null) return state; var result = act.Scopes.OrderBy(s => s.Name).Select(s => new EditableGroupScope(s) { - IsPresent = state.GroupRoles.Any(sc => sc.Value.Name == s.Name) + IsPresent = state.GroupRoles.Any(sc => sc.Value.Id == s.Id) }).ToList(); return state with { diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupRolesState.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupRolesState.cs index 009ebcf26..50a152747 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupRolesState.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/GroupStore/GroupRolesState.cs @@ -2,7 +2,6 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; using SimpleIdServer.IdServer.Domains; -using SimpleIdServer.IdServer.Website.Stores.ClientStore; namespace SimpleIdServer.IdServer.Website.Stores.GroupStore { diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdProviderStore/IdProviderEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdProviderStore/IdProviderEffects.cs index 8b10cbf64..7cd8c60e3 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdProviderStore/IdProviderEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdProviderStore/IdProviderEffects.cs @@ -1,11 +1,11 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.AuthenticationSchemeProviders; using SimpleIdServer.IdServer.Domains; -using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using System.Text; using System.Text.Json; using System.Text.Json.Nodes; @@ -16,13 +16,13 @@ public class IdProviderEffects { private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - public IdProviderEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage sessionStorage) + public IdProviderEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) { _websiteHttpClientFactory = websiteHttpClientFactory; _options = options.Value; - _sessionStorage = sessionStorage; } [EffectMethod] @@ -264,8 +264,8 @@ private async Task GetBaseUrl() { if(_options.IsReamEnabled) { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return $"{_options.IdServerBaseUrl}/{realmStr}/idproviders"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdServerConfigurationStore/IdServerConfigurationEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdServerConfigurationStore/IdServerConfigurationEffects.cs index 97496cfff..d9fa6cc58 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdServerConfigurationStore/IdServerConfigurationEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdServerConfigurationStore/IdServerConfigurationEffects.cs @@ -1,8 +1,9 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using System.Net.Http.Json; using System.Text.Json.Serialization; @@ -12,13 +13,13 @@ public class IdServerConfigurationEffects { private readonly IWebsiteHttpClientFactory _httpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - public IdServerConfigurationEffects(IWebsiteHttpClientFactory httpClientFactory, IOptions options, ProtectedSessionStorage sessionStorage) + public IdServerConfigurationEffects( + IWebsiteHttpClientFactory httpClientFactory, + IOptions options) { _httpClientFactory = httpClientFactory; _options = options.Value; - _sessionStorage = sessionStorage; } [EffectMethod] @@ -43,8 +44,8 @@ private async Task GetBaseUrl() { if(_options.IsReamEnabled) { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return $"{_options.IdServerBaseUrl}/{realmStr}"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdentityProvisioningStore/IdentityProvisioningEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdentityProvisioningStore/IdentityProvisioningEffects.cs index 4866183b2..16f5c3c32 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdentityProvisioningStore/IdentityProvisioningEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdentityProvisioningStore/IdentityProvisioningEffects.cs @@ -1,12 +1,13 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; +using SimpleIdServer.IdServer.Api.ErrorMessages; using SimpleIdServer.IdServer.Api.Provisioning; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Provisioning; -using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.Website.Infrastructures; using System.Text; using System.Text.Json; using System.Text.Json.Nodes; @@ -17,13 +18,13 @@ public class IdentityProvisioningEffects { private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - public IdentityProvisioningEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage sessionStorage) + public IdentityProvisioningEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) { _websiteHttpClientFactory = websiteHttpClientFactory; _options = options.Value; - _sessionStorage = sessionStorage; } [EffectMethod] @@ -295,12 +296,38 @@ public async Task Handle(LaunchIdentityProvisioningImportAction action, IDispatc } } + [EffectMethod] + public async Task Handle(RelaunchIdentityProvisioningErrorsAction action, IDispatcher dispatcher) + { + var baseUrl = $"{_options.IdServerBaseUrl}/errormessages"; + if (_options.IsReamEnabled) + { + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; + baseUrl = $"{_options.IdServerBaseUrl}/{realmStr}/errormessages"; + } + + var httpClient = await _websiteHttpClientFactory.Build(); + var request = new RelaunchAllErrorMessagesByExternalIdRequest + { + ExternalId = action.ExternalId + }; + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(request), Encoding.UTF8, "application/json"), + RequestUri = new Uri($"{baseUrl}/relaunch") + }; + await httpClient.SendAsync(requestMessage); + dispatcher.Dispatch(new RelaunchIdentityProvisioningErrorsSuccessAction { ExternalId = action.ExternalId }); + } + private async Task GetBaseUrl() { if(_options.IsReamEnabled) { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return $"{_options.IdServerBaseUrl}/{realmStr}/provisioning"; } @@ -513,4 +540,14 @@ public class LaunchIdentityProvisioningImportFailureAction { public string ErrorMessage { get; set; } } + + public class RelaunchIdentityProvisioningErrorsAction + { + public string ExternalId { get; set; } + } + + public class RelaunchIdentityProvisioningErrorsSuccessAction + { + public string ExternalId { get; set; } + } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdentityProvisioningStore/IdentityProvisioningReducers.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdentityProvisioningStore/IdentityProvisioningReducers.cs index 617510d8f..979c05bb0 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdentityProvisioningStore/IdentityProvisioningReducers.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/IdentityProvisioningStore/IdentityProvisioningReducers.cs @@ -178,6 +178,19 @@ public static IdentityProvisioningState ReduceUpdateIdProvisioningDetailSuccessA }; } + [ReducerMethod] + public static IdentityProvisioningState ReduceRelaunchIdentityProvisioningErrorsSuccessAction(IdentityProvisioningState state, RelaunchIdentityProvisioningErrorsSuccessAction act) + { + var idProvisioning = state.IdentityProvisioning; + var process = idProvisioning.Processes.Single(p => p.Id == act.ExternalId); + process.Errors = new List(); + return state with + { + IsLoading = false, + IdentityProvisioning = idProvisioning + }; + } + #endregion #region SearchIdentityProvisioningMappingRuleState diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/LanguageStore/LanguageEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/LanguageStore/LanguageEffects.cs index f28d51be7..8906f6a06 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/LanguageStore/LanguageEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/LanguageStore/LanguageEffects.cs @@ -3,7 +3,6 @@ using Fluxor; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Domains; -using System.Text.Json; namespace SimpleIdServer.IdServer.Website.Stores.LanguageStore; diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmEffects.cs index b2075fc42..dab08a346 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmEffects.cs @@ -2,7 +2,6 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.Realms; using SimpleIdServer.IdServer.Domains; @@ -11,144 +10,102 @@ using System.Text.Json; using System.Text.Json.Nodes; -namespace SimpleIdServer.IdServer.Website.Stores.RealmStore +namespace SimpleIdServer.IdServer.Website.Stores.RealmStore; + +public class RealmEffects { - public class RealmEffects - { - private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; - private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; + private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; + private readonly IdServerWebsiteOptions _options; - public RealmEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage protectedSessionStorage) - { - _websiteHttpClientFactory = websiteHttpClientFactory; - _options = options.Value; - _sessionStorage = protectedSessionStorage; - } + public RealmEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options) + { + _websiteHttpClientFactory = websiteHttpClientFactory; + _options = options.Value; + } - [EffectMethod] - public async Task Handle(GetAllRealmAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(GetAllRealmAction action, IDispatcher dispatcher) + { + var url = GetRealmsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage { - var url = GetRealmsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri(url), - Method = HttpMethod.Get - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - var realms = SidJsonSerializer.Deserialize>(json); - dispatcher.Dispatch(new GetAllRealmSuccessAction { Realms = realms }); - } + RequestUri = new Uri(url), + Method = HttpMethod.Get + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var realms = SidJsonSerializer.Deserialize>(json); + dispatcher.Dispatch(new GetAllRealmSuccessAction { Realms = realms }); + } - [EffectMethod] - public async Task Handle(AddRealmAction action, IDispatcher dispatcher) + [EffectMethod] + public async Task Handle(AddRealmAction action, IDispatcher dispatcher) + { + if(!_options.IsReamEnabled) { - if(!_options.IsReamEnabled) - { - dispatcher.Dispatch(new AddRealmFailureAction { ErrorMessage = Global.CannotAddRealmBecauseOptionIsDisabled }); - return; - } - - var url = GetRealmsUrl(); - var httpClient = await _websiteHttpClientFactory.Build(); - var req = new AddRealmRequest - { - Name = action.Name, - Description = action.Description - }; - var requestMessage = new HttpRequestMessage - { - RequestUri = new Uri(url), - Method = HttpMethod.Post, - Content = new StringContent(JsonSerializer.Serialize(req), Encoding.UTF8, "application/json") - }; - var httpResult = await httpClient.SendAsync(requestMessage); - var json = await httpResult.Content.ReadAsStringAsync(); - try - { - httpResult.EnsureSuccessStatusCode(); - dispatcher.Dispatch(new AddRealmSuccessAction - { - Description = action.Description, - Name = action.Name - }); - dispatcher.Dispatch(new SelectRealmAction - { - Realm = action.Name - }); - } - catch - { - var jsonObj = JsonObject.Parse(json); - dispatcher.Dispatch(new AddRealmFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); - } + dispatcher.Dispatch(new AddRealmFailureAction { ErrorMessage = Global.CannotAddRealmBecauseOptionIsDisabled }); + return; } - [EffectMethod] - public async Task Handle(SelectRealmAction action, IDispatcher dispatcher) + var url = GetRealmsUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var req = new AddRealmRequest + { + Name = action.Name, + Description = action.Description + }; + var requestMessage = new HttpRequestMessage { - await _sessionStorage.SetAsync("realm", action.Realm); - dispatcher.Dispatch(new SelectRealmSuccessAction { Realm = action.Realm }); + RequestUri = new Uri(url), + Method = HttpMethod.Post, + Content = new StringContent(JsonSerializer.Serialize(req), Encoding.UTF8, "application/json") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + try + { + httpResult.EnsureSuccessStatusCode(); + dispatcher.Dispatch(new AddRealmSuccessAction + { + Description = action.Description, + Name = action.Name + }); } - - [EffectMethod] - public async Task Handle(GetActiveRealmAction action, IDispatcher dispatcher) + catch { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; - dispatcher.Dispatch(new GetActiveSuccessRealmAction { Realm = realmStr }); + var jsonObj = JsonObject.Parse(json); + dispatcher.Dispatch(new AddRealmFailureAction { ErrorMessage = jsonObj["error_description"].GetValue() }); } - - private string GetRealmsUrl() => $"{_options.IdServerBaseUrl}/realms"; } - public class GetActiveRealmAction - { - - } - - public class GetActiveSuccessRealmAction - { - public string Realm { get; set; } - } - - public class GetAllRealmAction - { - public IEnumerable Realms { get; set; } - } - - public class GetAllRealmSuccessAction - { - public IEnumerable Realms { get; set; } - } - - public class SelectRealmAction - { - public string Realm { get; set; } - } + private string GetRealmsUrl() => $"{_options.IdServerBaseUrl}/realms"; +} - public class SelectRealmSuccessAction - { - public string Realm { get; set; } - } +public class GetAllRealmAction +{ + public IEnumerable Realms { get; set; } +} - public class AddRealmAction - { - public string Name { get; set; } - public string Description { get; set; } - } +public class GetAllRealmSuccessAction +{ + public IEnumerable Realms { get; set; } +} - public class AddRealmFailureAction - { - public string ErrorMessage { get; set; } - } +public class AddRealmAction +{ + public string Name { get; set; } + public string Description { get; set; } +} - public class AddRealmSuccessAction - { - public string Name { get; set; } - public string Description { get; set; } - } +public class AddRealmFailureAction +{ + public string ErrorMessage { get; set; } } + +public class AddRealmSuccessAction +{ + public string Name { get; set; } + public string Description { get; set; } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmReducers.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmReducers.cs index aba18792b..d700cc5ca 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmReducers.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmReducers.cs @@ -2,7 +2,6 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using SimpleIdServer.IdServer.Domains; namespace SimpleIdServer.IdServer.Website.Stores.RealmStore { @@ -16,36 +15,6 @@ public class RealmReducers [ReducerMethod] public static RealmsState ReduceGetAllRealmSuccessAction(RealmsState state, GetAllRealmSuccessAction act) => new(false, act.Realms); - [ReducerMethod] - public static RealmsState ReduceSelectRealmAction(RealmsState state, SelectRealmAction act) - { - return state with - { - ActiveRealm = null, - IsLoading = true - }; - } - - [ReducerMethod] - public static RealmsState ReduceGetActiveSuccessRealmAction(RealmsState state, GetActiveSuccessRealmAction act) - { - return state with - { - IsLoading = false, - ActiveRealm = act.Realm - }; - } - - [ReducerMethod] - public static RealmsState ReduceSelectRealmSuccessAction(RealmsState state, SelectRealmSuccessAction act) - { - return state with - { - IsLoading = false, - ActiveRealm = act.Realm - }; - } - [ReducerMethod] public static RealmsState ReduceAddRealmSuccessAction(RealmsState state, AddRealmSuccessAction act) { @@ -59,8 +28,7 @@ public static RealmsState ReduceAddRealmSuccessAction(RealmsState state, AddReal }); return state with { - Realms = realms, - ActiveRealm = act.Name + Realms = realms }; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmsState.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmsState.cs index 094b63169..87757ae1d 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmsState.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RealmStore/RealmsState.cs @@ -17,6 +17,5 @@ public RealmsState(bool isLoading, IEnumerable realms) public bool IsLoading { get; set; } = true; public IEnumerable Realms { get; set; } - public string? ActiveRealm { get; set; } = SimpleIdServer.IdServer.Constants.DefaultRealm; } } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RegistrationWorkflowStore/RegistrationWorkflowEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RegistrationWorkflowStore/RegistrationWorkflowEffects.cs index b4c3b0a7a..45e2bcc7f 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RegistrationWorkflowStore/RegistrationWorkflowEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/RegistrationWorkflowStore/RegistrationWorkflowEffects.cs @@ -2,9 +2,10 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.RegistrationWorkflows; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using System.Text; using System.Text.Json; using System.Text.Json.Nodes; @@ -15,13 +16,13 @@ public class RegistrationWorkflowEffects { private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - public RegistrationWorkflowEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage sessionStorage) + public RegistrationWorkflowEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) { _websiteHttpClientFactory = websiteHttpClientFactory; _options = options.Value; - _sessionStorage = sessionStorage; } [EffectMethod] @@ -150,8 +151,8 @@ private async Task GetBaseUrl() { if(_options.IsReamEnabled) { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return $"{_options.IdServerBaseUrl}/{realmStr}/registrationworkflows"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ScopeStore/RealmScopesState.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ScopeStore/RealmScopesState.cs new file mode 100644 index 000000000..db0cf2492 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ScopeStore/RealmScopesState.cs @@ -0,0 +1,24 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Fluxor; + +namespace SimpleIdServer.IdServer.Website.Stores.ScopeStore; + +[FeatureState] +public record RealmScopesState +{ + public RealmScopesState() + { + + } + + public RealmScopesState(bool isLoading, List scopes) + { + IsLoading = isLoading; + Scopes = scopes; + } + + public bool IsLoading { get; set; } = true; + public List Scopes { get; set; } = new List(); +} diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ScopeStore/ResourceReducers.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ScopeStore/ResourceReducers.cs index 7d8a94a63..d9865e76a 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ScopeStore/ResourceReducers.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ScopeStore/ResourceReducers.cs @@ -330,5 +330,24 @@ public static ScopeMappersState ReduceAddScopeClaimMapperSuccessAction(ScopeMapp } #endregion + + #region RealmScopesState + + + [ReducerMethod] + public static RealmScopesState ReduceGetAllRealmScopesAction(RealmScopesState state, GetAllRealmScopesAction act) => state with + { + IsLoading = true + }; + + + [ReducerMethod] + public static RealmScopesState ReduceGetAllRealmScopesSuccessAction(RealmScopesState state, GetAllRealmScopesSuccessAction act) => state with + { + IsLoading = false, + Scopes = act.Scopes + }; + + #endregion } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ScopeStore/ScopeEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ScopeStore/ScopeEffects.cs index 756241c8d..614198ed2 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ScopeStore/ScopeEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/ScopeStore/ScopeEffects.cs @@ -1,11 +1,10 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.Scopes; using SimpleIdServer.IdServer.Domains; -using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.Helpers; using System.Text; using System.Text.Json; using System.Text.Json.Nodes; @@ -16,13 +15,13 @@ public class ScopeEffects { private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - public ScopeEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage sessionStorage) + public ScopeEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) { _websiteHttpClientFactory = websiteHttpClientFactory; _options = options.Value; - _sessionStorage = sessionStorage; } @@ -277,12 +276,28 @@ public async Task Handle(UpdateScopeClaimMapperAction action, IDispatcher dispat } } + [EffectMethod] + public async Task Handle(GetAllRealmScopesAction action, IDispatcher dispatcher) + { + var baseUrl = await GetScopesUrl(); + var httpClient = await _websiteHttpClientFactory.Build(); + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Get, + RequestUri = new Uri($"{baseUrl}/realmscopes") + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var content = await httpResult.Content.ReadAsStringAsync(); + var scopes = JsonSerializer.Deserialize>(content); + dispatcher.Dispatch(new GetAllRealmScopesSuccessAction { Scopes = scopes }); + } + private async Task GetScopesUrl() { if (_options.IsReamEnabled) { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return $"{_options.IdServerBaseUrl}/{realmStr}/scopes"; } @@ -452,4 +467,14 @@ public class AddApiScopeAction public class StartAddScopeAction { } public class StartUpdateScopeMapperAction { } + + public class GetAllRealmScopesAction + { + + } + + public class GetAllRealmScopesSuccessAction + { + public List Scopes { get; set; } + } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/StatisticStore/StatisticEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/StatisticStore/StatisticEffects.cs index 61378320f..f63826db5 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/StatisticStore/StatisticEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/StatisticStore/StatisticEffects.cs @@ -4,6 +4,8 @@ using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.Statistics; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using System.Text.Json; namespace SimpleIdServer.IdServer.Website.Stores.StatisticStore @@ -12,13 +14,13 @@ public class StatisticEffects { private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - public StatisticEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, IOptions options, ProtectedSessionStorage sessionStorage) + public StatisticEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions options) { _websiteHttpClientFactory = websiteHttpClientFactory; _options = options.Value; - _sessionStorage= sessionStorage; } [EffectMethod] @@ -41,8 +43,8 @@ private async Task GetStatsUrl() { if (_options.IsReamEnabled) { - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return $"{_options.IdServerBaseUrl}/{realmStr}/stats"; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/UserStore/UserEffects.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/UserStore/UserEffects.cs index e0f9b5136..ed039ec98 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/UserStore/UserEffects.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/UserStore/UserEffects.cs @@ -1,13 +1,12 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Fluxor; -using Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage; using Microsoft.Extensions.Options; using Radzen; using SimpleIdServer.IdServer.Api.Users; using SimpleIdServer.IdServer.Domains; -using SimpleIdServer.IdServer.DTOs; -using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Website.Infrastructures; using SimpleIdServer.IdServer.Website.Stores.Base; using System.Linq.Dynamic.Core; using System.Text; @@ -20,12 +19,12 @@ public class UserEffects { private readonly IWebsiteHttpClientFactory _websiteHttpClientFactory; private readonly IdServerWebsiteOptions _options; - private readonly ProtectedSessionStorage _sessionStorage; - public UserEffects(IWebsiteHttpClientFactory websiteHttpClientFactory, ProtectedSessionStorage sessionStorage, IOptions websiteOptions) + public UserEffects( + IWebsiteHttpClientFactory websiteHttpClientFactory, + IOptions websiteOptions) { _websiteHttpClientFactory = websiteHttpClientFactory; - _sessionStorage = sessionStorage; _options = websiteOptions.Value; } @@ -113,8 +112,18 @@ public async Task Handle(UpdateUserDetailsAction action, IDispatcher dispatcher) Method = HttpMethod.Put, Content = new StringContent(JsonSerializer.Serialize(req), Encoding.UTF8, "application/json") }; - await httpClient.SendAsync(requestMessage); - dispatcher.Dispatch(new UpdateUserDetailsSuccessAction { Email = action.Email, Firstname = action.Firstname, Lastname = action.Lastname, UserId = action.UserId, NotificationMode = action.NotificationMode }); + var httpResult = await httpClient.SendAsync(requestMessage); + try + { + httpResult.EnsureSuccessStatusCode(); + dispatcher.Dispatch(new UpdateUserDetailsSuccessAction { Email = action.Email, Firstname = action.Firstname, Lastname = action.Lastname, UserId = action.UserId, NotificationMode = action.NotificationMode }); + } + catch + { + var json = await httpResult.Content.ReadAsStringAsync(); + var jObj = JsonObject.Parse(json); + dispatcher.Dispatch(new UpdateUserDetailsFailureAction { ErrorMessage = jObj["error_description"].GetValue() }); + } } [EffectMethod] @@ -406,8 +415,8 @@ private async Task GetBaseUrl() private async Task GetRealm() { if (!_options.IsReamEnabled) return SimpleIdServer.IdServer.Constants.DefaultRealm; - var realm = await _sessionStorage.GetAsync("realm"); - var realmStr = !string.IsNullOrWhiteSpace(realm.Value) ? realm.Value : SimpleIdServer.IdServer.Constants.DefaultRealm; + var realm = RealmContext.Instance()?.Realm; + var realmStr = !string.IsNullOrWhiteSpace(realm) ? realm : SimpleIdServer.IdServer.Constants.DefaultRealm; return realmStr; } } @@ -486,6 +495,11 @@ public class UpdateUserDetailsSuccessAction public string? NotificationMode { get; set; } = null; } + public class UpdateUserDetailsFailureAction + { + public string ErrorMessage { get; set; } + } + public class RevokeUserConsentAction { public string UserId { get; set; } = null!; diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/UserStore/UserReducer.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/UserStore/UserReducer.cs index 48edd50b6..bb6fe08ad 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/Stores/UserStore/UserReducer.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/Stores/UserStore/UserReducer.cs @@ -268,6 +268,9 @@ public static UpdateUserState ReduceStartAddUserAction(UpdateUserState state, St [ReducerMethod] public static UpdateUserState ReduceUpdateUserDetailsAction(UpdateUserState state, UpdateUserDetailsSuccessAction act) => new(false); + [ReducerMethod] + public static UpdateUserState ReduceUpdateUserDetailsAction(UpdateUserState state, UpdateUserDetailsFailureAction act) => new(false); + [ReducerMethod] public static UpdateUserState ReduceRevokeUserConsentAction(UpdateUserState state, RevokeUserConsentAction act) => new(true); @@ -591,6 +594,7 @@ public static UserGroupsState ReduceAssignUserGroupsSuccessAction(UserGroupsStat { IsLoading = false, Groups = groups, + Count = groups.Count() }; } diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/WebsiteHttpClientFactory.cs b/src/IdServer/SimpleIdServer.IdServer.Website/WebsiteHttpClientFactory.cs index bd804875c..d9aea1d16 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/WebsiteHttpClientFactory.cs +++ b/src/IdServer/SimpleIdServer.IdServer.Website/WebsiteHttpClientFactory.cs @@ -1,5 +1,6 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.Extensions.Options; using Microsoft.IdentityModel.JsonWebTokens; using System.Globalization; using System.Text.Json.Nodes; @@ -8,21 +9,23 @@ namespace SimpleIdServer.IdServer.Website { public interface IWebsiteHttpClientFactory { - Task Build(); + Task Build(string realm = null); HttpClient Get(); } public class WebsiteHttpClientFactory : IWebsiteHttpClientFactory { private readonly DefaultSecurityOptions _securityOptions; + private readonly IdServerWebsiteOptions _idServerWebsiteOptions; private static SemaphoreSlim _lck = new SemaphoreSlim(1); private readonly HttpClient _httpClient; private readonly JsonWebTokenHandler _jsonWebTokenHandler; private GetAccessTokenResult _accessToken; - public WebsiteHttpClientFactory(DefaultSecurityOptions securityOptions) + public WebsiteHttpClientFactory(DefaultSecurityOptions securityOptions, IOptions idServerWebsiteOptions) { _securityOptions = securityOptions; + _idServerWebsiteOptions = idServerWebsiteOptions.Value; var handler = new HttpClientHandler { ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, cetChain, policyErrors) => @@ -34,23 +37,23 @@ public WebsiteHttpClientFactory(DefaultSecurityOptions securityOptions) _jsonWebTokenHandler = new JsonWebTokenHandler(); } - public async Task Build() + public async Task Build(string realm = null) { - var token = await GetAccessToken(); + var token = await GetAccessToken(realm); _httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token.AccessToken); var acceptLanguage = CultureInfo.CurrentCulture.TwoLetterISOLanguageName; - if(_httpClient.DefaultRequestHeaders.Contains("Language")) + if (_httpClient.DefaultRequestHeaders.Contains("Language")) { _httpClient.DefaultRequestHeaders.Remove("Language"); } _httpClient.DefaultRequestHeaders.Add("Language", acceptLanguage); - return _httpClient; + return _httpClient; } public HttpClient Get() => _httpClient; - private async Task GetAccessToken() + private async Task GetAccessToken(string realm = null) { await _lck.WaitAsync(); if (_accessToken != null && _accessToken.IsValid) @@ -62,16 +65,20 @@ private async Task GetAccessToken() try { var content = new List> - { - new KeyValuePair("client_id", _securityOptions.ClientId), - new KeyValuePair("client_secret", _securityOptions.ClientSecret), - new KeyValuePair("scope", "provisioning users acrs configurations authenticationschemeproviders authenticationmethods registrationworkflows apiresources auditing certificateauthorities clients realms groups scopes"), - new KeyValuePair("grant_type", "client_credentials") - }; + { + new KeyValuePair("client_id", _securityOptions.ClientId), + new KeyValuePair("client_secret", _securityOptions.ClientSecret), + new KeyValuePair("scope", "provisioning users acrs configurations authenticationschemeproviders authenticationmethods registrationworkflows apiresources auditing certificateauthorities clients realms groups scopes federation_entities"), + new KeyValuePair("grant_type", "client_credentials") + }; + var url = _securityOptions.Issuer; + if (!string.IsNullOrWhiteSpace(realm)) + url += $"/{realm}"; + url += "/token"; var httpRequest = new HttpRequestMessage { Method = HttpMethod.Post, - RequestUri = new Uri($"{_securityOptions.Issuer}/token"), + RequestUri = new Uri(url), Content = new FormUrlEncodedContent(content) }; _httpClient.DefaultRequestHeaders.Clear(); diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/_Imports.razor b/src/IdServer/SimpleIdServer.IdServer.Website/_Imports.razor index 0bdc1a3c5..5252c4b1e 100644 --- a/src/IdServer/SimpleIdServer.IdServer.Website/_Imports.razor +++ b/src/IdServer/SimpleIdServer.IdServer.Website/_Imports.razor @@ -12,4 +12,5 @@ @using Radzen @using Radzen.Blazor @using SimpleIdServer.IdServer.Domains -@using Fluxor \ No newline at end of file +@using Fluxor +@using SimpleIdServer.IdServer.Website.Helpers \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/wwwroot/images/trust-anchor.png b/src/IdServer/SimpleIdServer.IdServer.Website/wwwroot/images/trust-anchor.png new file mode 100644 index 000000000..2474b11ab Binary files /dev/null and b/src/IdServer/SimpleIdServer.IdServer.Website/wwwroot/images/trust-anchor.png differ diff --git a/src/IdServer/SimpleIdServer.IdServer.WsFederation/Auth/IdServerWsFederationConfigurationManager.cs b/src/IdServer/SimpleIdServer.IdServer.WsFederation/Auth/IdServerWsFederationConfigurationManager.cs index ff4ce3da0..3c15327c6 100644 --- a/src/IdServer/SimpleIdServer.IdServer.WsFederation/Auth/IdServerWsFederationConfigurationManager.cs +++ b/src/IdServer/SimpleIdServer.IdServer.WsFederation/Auth/IdServerWsFederationConfigurationManager.cs @@ -3,6 +3,7 @@ using Microsoft.IdentityModel.Protocols; using Microsoft.IdentityModel.Protocols.WsFederation; using SimpleIdServer.IdServer.Auth; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Middlewares; namespace SimpleIdServer.IdServer.WsFederation.Auth diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/ApiResources/ApiResourcesController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/ApiResources/ApiResourcesController.cs index 845fa8356..d010acd68 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/ApiResources/ApiResourcesController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/ApiResources/ApiResourcesController.cs @@ -7,6 +7,7 @@ using SimpleIdServer.IdServer.Domains.DTOs; using SimpleIdServer.IdServer.Exceptions; using SimpleIdServer.IdServer.ExternalEvents; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Jwt; using SimpleIdServer.IdServer.Resources; using SimpleIdServer.IdServer.Stores; diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Auditing/AuditingController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Auditing/AuditingController.cs index 4c512087f..3f6f79194 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Auditing/AuditingController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Auditing/AuditingController.cs @@ -23,6 +23,7 @@ public AuditingController( [HttpPost] public async Task Search([FromRoute] string prefix, [FromBody] SearchAuditingRequest request, CancellationToken cancellationToken) { + prefix = prefix ?? Constants.DefaultRealm; await CheckAccessToken(prefix, Constants.StandardScopes.Auditing.Name); prefix = prefix ?? Constants.DefaultRealm; var result = await _repository.Search(prefix, request, cancellationToken); diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Auditing/SearchAuditingRequest.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Auditing/SearchAuditingRequest.cs index 89a24f149..f62f6453d 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Auditing/SearchAuditingRequest.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Auditing/SearchAuditingRequest.cs @@ -1,5 +1,6 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System.Text.Json.Serialization; diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationMethods/AuthenticationMethodsController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationMethods/AuthenticationMethodsController.cs index fe9b1a965..58fe4f5b0 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationMethods/AuthenticationMethodsController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationMethods/AuthenticationMethodsController.cs @@ -7,6 +7,7 @@ using SimpleIdServer.IdServer.Jwt; using SimpleIdServer.IdServer.Resources; using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.UI; using System.Collections.Generic; using System.Linq; using System.Reflection; @@ -102,5 +103,56 @@ public async Task Get([FromRoute] string prefix, string amr) return BuildError(ex); } } + + [HttpGet] + public async Task GetUserLockingOptions([FromRoute] string prefix) + { + try + { + await CheckAccessToken(prefix, Constants.StandardScopes.AuthenticationMethods.Name); + var userLockingOptions = typeof(UserLockingOptions); + var section = _configuration.GetSection(userLockingOptions.Name); + var configuration = section.Get(userLockingOptions); + var values = new Dictionary(); + if (configuration != null) + { + var type = configuration.GetType(); + var properties = type.GetProperties(BindingFlags.Instance | BindingFlags.Public); + foreach (var property in properties) + { + var value = property.GetValue(configuration)?.ToString(); + if (!string.IsNullOrWhiteSpace(value)) values.Add(property.Name, value); + } + } + + var result = new UserLockingResult + { + OptionsName = userLockingOptions.Name, + Values = values + }; + return new OkObjectResult(result); + } + catch (OAuthException ex) + { + return BuildError(ex); + } + } + + [HttpPut] + public async Task UpdateUserLockingOptions([FromRoute] string prefix, [FromBody] UpdateUserLockingRequest request) + { + try + { + var type = typeof(UserLockingOptions); + await CheckAccessToken(prefix, Constants.StandardScopes.AuthenticationMethods.Name); + foreach (var kvp in request.Values) + _configuration[$"{type.Name}:{kvp.Key}"] = kvp.Value; + return NoContent(); + } + catch (OAuthException ex) + { + return BuildError(ex); + } + } } } diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationMethods/UpdateUserLockingRequest.cs b/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationMethods/UpdateUserLockingRequest.cs new file mode 100644 index 000000000..a82703937 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationMethods/UpdateUserLockingRequest.cs @@ -0,0 +1,14 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.IdServer.DTOs; +using System.Collections.Generic; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.IdServer.Api.AuthenticationMethods; + +public class UpdateUserLockingRequest +{ + [JsonPropertyName(AuthenticationMethodNames.Values)] + public Dictionary Values { get; set; } +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationMethods/UserLockingResult.cs b/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationMethods/UserLockingResult.cs new file mode 100644 index 000000000..872eae45d --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationMethods/UserLockingResult.cs @@ -0,0 +1,16 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.IdServer.DTOs; +using System.Collections.Generic; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.IdServer.Api.AuthenticationMethods; + +public class UserLockingResult +{ + [JsonPropertyName(AuthenticationMethodNames.OptionsName)] + public string OptionsName { get; set; } + [JsonPropertyName(AuthenticationMethodNames.Values)] + public Dictionary Values { get; set; } +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationSchemeProviders/AuthenticationSchemeProvidersController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationSchemeProviders/AuthenticationSchemeProvidersController.cs index d3a672d14..a943b357b 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationSchemeProviders/AuthenticationSchemeProvidersController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/AuthenticationSchemeProviders/AuthenticationSchemeProvidersController.cs @@ -6,6 +6,7 @@ using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.DTOs; using SimpleIdServer.IdServer.Exceptions; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Jwt; using SimpleIdServer.IdServer.Resources; using SimpleIdServer.IdServer.Stores; diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationCallbackRequestHandler.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationCallbackRequestHandler.cs new file mode 100644 index 000000000..d52ecc99c --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationCallbackRequestHandler.cs @@ -0,0 +1,55 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.IdServer.Api.Authorization.ResponseTypes; +using SimpleIdServer.IdServer.Authenticate.Handlers; +using SimpleIdServer.IdServer.DTOs; +using System.Collections.Generic; +using System.Linq; +using System.Text.Json.Nodes; +using System.Threading; +using System.Threading.Tasks; + +namespace SimpleIdServer.IdServer.Api.Authorization; + +public interface IAuthorizationCallbackRequestHandler +{ + Task Handle(HandlerContext context, CancellationToken cancellationToken); +} + +public class AuthorizationCallbackRequestHandler : IAuthorizationCallbackRequestHandler +{ + private readonly IAuthorizationCallbackRequestValidator _validator; + private readonly IEnumerable _responseTypes; + + public AuthorizationCallbackRequestHandler( + IAuthorizationCallbackRequestValidator validator, + IEnumerable responseTypes) + { + _validator = validator; + _responseTypes = responseTypes; + } + + public async Task Handle(HandlerContext context, CancellationToken cancellationToken) + { + var record = await _validator.Validate(context, cancellationToken); + var responseTypes = record.GetResponseTypesFromAuthorizationRequest(); + var authorizationDetails = record.GetAuthorizationDetailsFromAuthorizationRequest(); + var scopes = record.GetScopesFromAuthorizationRequest(); + var redirectUri = record.GetRedirectUriFromAuthorizationRequest(); + var state = record.GetStateFromAuthorizationRequest(); + var filteredResponseTypeHandlers = _responseTypes.Where(r => responseTypes.Contains(r.ResponseType)); + context.Request.SetRequestData(record); + context.SetClient(new Domains.Client + { + TokenEndPointAuthMethod = OAuthPKCEAuthenticationHandler.AUTH_METHOD + }); + foreach(var responseTypeHandler in filteredResponseTypeHandlers) + await responseTypeHandler.Enrich(new EnrichParameter { AuthorizationDetails = authorizationDetails, Scopes = scopes }, context, cancellationToken); + + if (!string.IsNullOrWhiteSpace(state)) + context.Response.Add(AuthorizationRequestParameters.State, state); + + return new RedirectURLAuthorizationResponse(redirectUri, context.Response.Parameters); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationCallbackRequestValidator.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationCallbackRequestValidator.cs new file mode 100644 index 000000000..ac54587e8 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationCallbackRequestValidator.cs @@ -0,0 +1,68 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.Did; +using SimpleIdServer.Did.Jwt; +using SimpleIdServer.DPoP; +using SimpleIdServer.IdServer.DTOs; +using SimpleIdServer.IdServer.Exceptions; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Resources; +using System; +using System.Text.Json.Nodes; +using System.Threading; +using System.Threading.Tasks; + +namespace SimpleIdServer.IdServer.Api.Authorization; + +public interface IAuthorizationCallbackRequestValidator +{ + Task Validate(HandlerContext context, CancellationToken cancellationToken); +} + +public class AuthorizationCallbackRequestValidator : IAuthorizationCallbackRequestValidator +{ + private readonly IGrantedTokenHelper _grantedTokenHelper; + private readonly IDidFactoryResolver _resolver; + + public AuthorizationCallbackRequestValidator( + IGrantedTokenHelper grantedTokenHelper, + IDidFactoryResolver resolver) + { + _grantedTokenHelper = grantedTokenHelper; + _resolver = resolver; + } + + public async Task Validate(HandlerContext context, CancellationToken cancellationToken) + { + var idToken = context.Request.RequestData.GetIdTokenFromAuthorizationRequestCallback(); + if (idToken == null) throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.MissingParameter, AuthorizationResponseParameters.IdToken)); + var handler = new JsonWebTokenHandler(); + if (!handler.CanReadToken(idToken)) throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.InvalidJwt); + + var jsonWebToken = handler.ReadJsonWebToken(idToken); + var nonce = jsonWebToken.Nonce(); + if (string.IsNullOrWhiteSpace(nonce)) throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.IdTokenNonceMissing); + var authorizationRequestCallback = await _grantedTokenHelper.GetAuthorizationRequestCallback(nonce, cancellationToken); + if (authorizationRequestCallback == null) throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.InvalidNonce); + + bool isValid = false; + TokenValidationResult validationResult; + try + { + var didHandler = DidJsonWebTokenHandler.New(); + isValid = await didHandler.CheckJwt(idToken, _resolver, cancellationToken); + } + catch(Exception ex) + { + throw new OAuthException(ErrorCodes.INVALID_REQUEST, ex.Message); + } + + if (!isValid) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.BadIdToken); + + return authorizationRequestCallback; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationController.cs index 226d5345c..43937f1a4 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationController.cs @@ -19,6 +19,7 @@ using System.Net; using System.Security.Claims; using System.Text; +using System.Text.Json; using System.Text.Json.Nodes; using System.Threading; using System.Threading.Tasks; @@ -29,19 +30,22 @@ namespace SimpleIdServer.IdServer.Api.Authorization; public class AuthorizationController : Controller { private readonly IAuthorizationRequestHandler _authorizationRequestHandler; + private readonly IAuthorizationCallbackRequestHandler _authorizationCallbackRequestHandler; private readonly IResponseModeHandler _responseModeHandler; private readonly IDataProtector _dataProtector; private readonly IBusControl _busControl; private readonly IdServerHostOptions _options; public AuthorizationController( - IAuthorizationRequestHandler authorizationRequestHandler, + IAuthorizationRequestHandler authorizationRequestHandler, + IAuthorizationCallbackRequestHandler authorizationCallbackRequestHandler, IResponseModeHandler responseModeHandler, IDataProtectionProvider dataProtectionProvider, IBusControl busControl, IOptions options) { _authorizationRequestHandler = authorizationRequestHandler; + _authorizationCallbackRequestHandler = authorizationCallbackRequestHandler; _responseModeHandler = responseModeHandler; _dataProtector = dataProtectionProvider.CreateProtector("Authorization"); _busControl = busControl; @@ -55,10 +59,13 @@ public async Task Get([FromRoute] string prefix, [FromQuery] AuthorizationReques { var jObjBody = Request.Query.ToJObject(); var claimName = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier); + var claimAmrs = User.Claims.FirstOrDefault(c => c.Type == Constants.UserClaims.Amrs); var userSubject = claimName == null ? string.Empty : claimName.Value; + var userAmrs = claimAmrs == null ? new List() : claimAmrs.Value.Split(" ").ToList(); var referer = string.Empty; if (Request.Headers.Referer.Any()) referer = Request.Headers.Referer.First(); var context = new HandlerContext(new HandlerContextRequest(Request.GetAbsoluteUriWithVirtualPath(), userSubject, jObjBody, null, Request.Cookies, referer), prefix ?? Constants.DefaultRealm, _options, new HandlerContextResponse(Response.Cookies)); + context.Request.SetUserAmrs(userAmrs); activity?.SetTag("realm", context.Realm); try { @@ -95,6 +102,11 @@ await _busControl.Publish(new AuthorizationSuccessEvent catch { } } + if(redirectActionAuthorizationResponse.AmrAuthInfo != null) + { + HttpContext.Response.Cookies.Append(Constants.DefaultCurrentAmrCookieName, JsonSerializer.Serialize(redirectActionAuthorizationResponse.AmrAuthInfo)); + } + var parameters = new List>(); foreach (var record in redirectActionAuthorizationResponse.QueryParameters) { @@ -155,6 +167,44 @@ await _busControl.Publish(new AuthorizationFailureEvent } } + [HttpPost] + public async Task Callback([FromRoute] string prefix, CancellationToken cancellationToken) + { + var jObjBody = Request.Form.ToJsonObject(); + prefix = prefix ?? Constants.DefaultRealm; + var referer = string.Empty; + if (Request.Headers.Referer.Any()) referer = Request.Headers.Referer.First(); + var context = new HandlerContext(new HandlerContextRequest(Request.GetAbsoluteUriWithVirtualPath(), null, jObjBody, null, Request.Cookies, referer), prefix ?? Constants.DefaultRealm, _options, new HandlerContextResponse(Response.Cookies)); + using (var activity = Tracing.IdServerActivitySource.StartActivity("Get authorization callback")) + { + try + { + activity?.SetTag("realm", prefix); + var authorizationResponse = await _authorizationCallbackRequestHandler.Handle(context, cancellationToken); + _responseModeHandler.Handle(context, authorizationResponse, HttpContext); + activity?.SetStatus(ActivityStatusCode.Ok, "Authorization Success"); + await _busControl.Publish(new AuthorizationSuccessEvent + { + ClientId = context.Client.ClientId, + Realm = context.Realm, + RequestJSON = jObjBody.ToString() + }); + } + catch (OAuthException ex) + { + activity?.SetStatus(ActivityStatusCode.Error, ex.Message); + await _busControl.Publish(new AuthorizationFailureEvent + { + ClientId = context.Client?.ClientId, + Realm = context.Realm, + RequestJSON = jObjBody.ToString(), + ErrorMessage = ex.Message + }); + await BuildErrorResponse(context, ex); + } + } + } + private async Task BuildErrorResponse(HandlerContext context, OAuthException ex, bool returnsJSON = false) { var redirectUri = context.Request.RequestData.GetRedirectUriFromAuthorizationRequest(); diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationRequestHandler.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationRequestHandler.cs index b2d76b257..33281c46d 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationRequestHandler.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/AuthorizationRequestHandler.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.Tokens; using SimpleIdServer.IdServer.Api.Authorization.ResponseTypes; using SimpleIdServer.IdServer.Api.Authorization.Validators; using SimpleIdServer.IdServer.Api.Token.TokenProfiles; @@ -8,9 +9,11 @@ using SimpleIdServer.IdServer.DTOs; using SimpleIdServer.IdServer.Exceptions; using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Jwt; using SimpleIdServer.IdServer.Options; using SimpleIdServer.IdServer.Resources; using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.UI.ViewModels; using System; using System.Collections.Generic; using System.Linq; @@ -30,27 +33,39 @@ public interface IAuthorizationRequestHandler public class AuthorizationRequestHandler : IAuthorizationRequestHandler { private readonly IAuthorizationRequestValidator _validator; + private readonly IAuthenticationHelper _authenticationHelper; private readonly IEnumerable _tokenProfiles; private readonly IAuthorizationRequestEnricher _authorizationRequestEnricher; private readonly IUserRepository _userRepository; private readonly IUserSessionResitory _userSessionRepository; private readonly ITransactionBuilder _transactionBuilder; + private readonly IJwtBuilder _jwtBuilder; + private readonly IGrantedTokenHelper _grantedTokenHelper; + private readonly IClientHelper _clientHelper; private readonly IdServerHostOptions _options; public AuthorizationRequestHandler(IAuthorizationRequestValidator validator, + IAuthenticationHelper authenticationHelper, IEnumerable tokenProfiles, IAuthorizationRequestEnricher authorizationRequestEnricher, IUserRepository userRepository, IUserSessionResitory userSessionResitory, ITransactionBuilder transactionBuilder, + IJwtBuilder jwtBuilder, + IGrantedTokenHelper grantedTokenHelper, + IClientHelper clientHelper, IOptions options) { _validator = validator; + _authenticationHelper = authenticationHelper; _tokenProfiles = tokenProfiles; _authorizationRequestEnricher = authorizationRequestEnricher; _userRepository = userRepository; _userSessionRepository = userSessionResitory; _transactionBuilder = transactionBuilder; + _jwtBuilder = jwtBuilder; + _grantedTokenHelper = grantedTokenHelper; + _clientHelper = clientHelper; _options = options.Value; } @@ -58,14 +73,14 @@ public virtual async Task Handle(HandlerContext context, { try { - var result = await BuildResponse(context, token); - var display = context.Request.RequestData.GetDisplayFromAuthorizationRequest(); - if (!string.IsNullOrWhiteSpace(display)) - context.Response.Add(AuthorizationRequestParameters.Display, display); - var sessionState = BuildSessionState(context); - if (!string.IsNullOrWhiteSpace(sessionState)) - context.Response.Add(AuthorizationRequestParameters.SessionState, sessionState); - return result; + var result = await BuildResponse(context, token); + var display = context.Request.RequestData.GetDisplayFromAuthorizationRequest(); + if (!string.IsNullOrWhiteSpace(display)) + context.Response.Add(AuthorizationRequestParameters.Display, display); + var sessionState = BuildSessionState(context); + if (!string.IsNullOrWhiteSpace(sessionState)) + context.Response.Add(AuthorizationRequestParameters.SessionState, sessionState); + return result; } catch (OAuthUserConsentRequiredException ex) { @@ -82,13 +97,39 @@ public virtual async Task Handle(HandlerContext context, context.Request.RequestData.Remove(AuthorizationRequestParameters.Prompt); return new RedirectActionAuthorizationResponse("Index", "Accounts", context.Request.OriginalRequestData); } + catch(OAuthAuthenticatedUserAmrMissingException ex) + { + var login = _authenticationHelper.GetLogin(context.User); + var amrAuthInfo = new AmrAuthInfo(context.User.Id, login, context.User.Email, new List>(), ex.AllAmrs, ex.Acr, ex.Amr); + return new RedirectActionAuthorizationResponse("Index", "Authenticate", context.Request.OriginalRequestData, ex.Amr, false, new List { _options.GetSessionCookieName(), Constants.DefaultCurrentAmrCookieName }, amrAuthInfo); + } } protected async Task BuildResponse(HandlerContext context, CancellationToken cancellationToken) { using (var transaction = _transactionBuilder.Build()) { - var validationResult = await _validator.ValidateAuthorizationRequest(context, cancellationToken); + var clientId = context.Request.RequestData.GetClientIdFromAuthorizationRequest(); + if (string.IsNullOrWhiteSpace(clientId)) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.MissingParameter, AuthorizationRequestParameters.ClientId)); + var client = await _clientHelper.ResolveClient(context.Realm, clientId, cancellationToken); + if (client != null) + context.SetClient(client); + if (_clientHelper.IsNonPreRegisteredRelyingParty(clientId) || (client != null && client.IsSelfIssueEnabled)) + return await BuildSelfIssuedResponse(context, cancellationToken); + + return await BuildStandardResponse(transaction, context, cancellationToken); + } + } + + protected async Task BuildStandardResponse( + ITransaction transaction, + HandlerContext context, + CancellationToken cancellationToken) + { + try + { + var validationResult = await _validator.ValidateStandardAuthorizationRequest(context, cancellationToken); var user = await _userRepository.GetBySubject(context.Request.UserSubject, context.Realm, cancellationToken); var activeSession = await GetActiveSession(context, cancellationToken); context.SetUser(user, activeSession); @@ -101,25 +142,62 @@ protected async Task BuildResponse(HandlerContext context context.Response.Add(AuthorizationResponseParameters.State, state); _authorizationRequestEnricher.Enrich(context); - try - { - var grant = await ExecuteGrantManagementAction(grantRequest, context, cancellationToken); - foreach (var responseTypeHandler in responseTypeHandlers) - await responseTypeHandler.Enrich(new EnrichParameter { AuthorizationDetails = grantRequest.AuthorizationDetails, Scopes = grantRequest.Scopes, Audiences = grantRequest.Audiences, GrantId = grant?.Id, Claims = context.Request.RequestData.GetClaimsFromAuthorizationRequest() }, context, cancellationToken); - - _tokenProfiles.First(t => t.Profile == (context.Client.PreferredTokenProfile ?? _options.DefaultTokenProfile)).Enrich(context); - UpdateSession(context); - _userSessionRepository.Update(context.Session); - return new RedirectURLAuthorizationResponse(redirectUri, context.Response.Parameters); - } - finally - { + var grant = await ExecuteGrantManagementAction(grantRequest, context, cancellationToken); + foreach (var responseTypeHandler in responseTypeHandlers) + await responseTypeHandler.Enrich(new EnrichParameter { AuthorizationDetails = grantRequest.AuthorizationDetails, Scopes = grantRequest.Scopes, Audiences = grantRequest.Audiences, GrantId = grant?.Id, Claims = context.Request.RequestData.GetClaimsFromAuthorizationRequest() }, context, cancellationToken); + + _tokenProfiles.First(t => t.Profile == (context.Client.PreferredTokenProfile ?? _options.DefaultTokenProfile)).Enrich(context); + UpdateSession(context); + _userSessionRepository.Update(context.Session); + return new RedirectURLAuthorizationResponse(redirectUri, context.Response.Parameters); + } + finally + { + if(context.User != null) _userRepository.Update(context.User); - await transaction.Commit(cancellationToken); - } + await transaction.Commit(cancellationToken); } } + protected async Task BuildSelfIssuedResponse(HandlerContext context, CancellationToken cancellationToken) + { + await _validator.ValidateSelfIssuedAuthorizationRequest(context, cancellationToken); + var redirectUri = $"{context.GetIssuer()}/{Constants.EndPoints.AuthorizationCallback}"; + var targetUri = context.Request.RequestData.GetRedirectUriFromAuthorizationRequest(); + var scopes = context.Request.RequestData.GetScopesFromAuthorizationRequest(); + var state = context.Request.RequestData.GetStateFromAuthorizationRequest(); + var nonce = Guid.NewGuid().ToString(); + var descriptor = new SecurityTokenDescriptor + { + Issuer = context.GetIssuer(), + Audience = context.Client.ClientId, + Claims = new Dictionary + { + { AuthorizationRequestParameters.ResponseType, IdTokenResponseTypeHandler.RESPONSE_TYPE }, + { AuthorizationRequestParameters.ResponseMode, Constants.StandardResponseModes.DirectPost }, + { AuthorizationRequestParameters.ClientId, context.Client.ClientId }, + { AuthorizationRequestParameters.RedirectUri, redirectUri }, + { AuthorizationRequestParameters.Scope, string.Join(" ", scopes) }, + { AuthorizationRequestParameters.Nonce, nonce } + } + }; + if (!string.IsNullOrWhiteSpace(state)) + descriptor.Claims.Add(AuthorizationRequestParameters.State, state); + var jwt = await _jwtBuilder.BuildClientToken(context.Realm, context.Client, descriptor, context.Client.AuthorizationSignedResponseAlg ?? SecurityAlgorithms.EcdsaSha256, context.Client.AuthorizationEncryptedResponseAlg, context.Client.AuthorizationEncryptedResponseEnc, cancellationToken); + var dic = new Dictionary + { + { AuthorizationRequestParameters.ClientId, context.Client.ClientId }, + { AuthorizationRequestParameters.ResponseType, IdTokenResponseTypeHandler.RESPONSE_TYPE }, + { AuthorizationRequestParameters.ResponseMode, Constants.StandardResponseModes.DirectPost }, + { AuthorizationRequestParameters.Scope, string.Join(" ", scopes) }, + { AuthorizationRequestParameters.RedirectUri, redirectUri }, + { AuthorizationRequestParameters.Request, jwt }, + { AuthorizationRequestParameters.Nonce, nonce } + }; + await _grantedTokenHelper.AddAuthorizationRequestCallback(nonce, context.Request.RequestData, _options.DefaultAuthorizationRequestCallbackExpirationTimeInSeconds, cancellationToken); + return new RedirectURLAuthorizationResponse(targetUri, dic); + } + protected async Task GetActiveSession(HandlerContext context, CancellationToken cancellationToken) { var kvp = context.Request.Cookies.SingleOrDefault(c => c.Key == _options.GetSessionCookieName()); diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/IWalletOAuthAuthorizationService.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/IWalletOAuthAuthorizationService.cs new file mode 100644 index 000000000..cc376eb63 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/IWalletOAuthAuthorizationService.cs @@ -0,0 +1,12 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using System.Threading.Tasks; +using System.Threading; + +namespace SimpleIdServer.IdServer.Api.Authorization; + +public interface IWalletOAuthAuthorizationService +{ + string Amr { get; } + Task Handle(HandlerContext context, CancellationToken cancellationToken); +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/RedirectActionAuthorizationResponse.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/RedirectActionAuthorizationResponse.cs index d4015d93e..2662debf7 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/RedirectActionAuthorizationResponse.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/RedirectActionAuthorizationResponse.cs @@ -1,5 +1,6 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer.UI.ViewModels; using System.Collections.Generic; using System.Text.Json.Nodes; @@ -14,11 +15,12 @@ public RedirectActionAuthorizationResponse(string action, string controllerName, QueryParameters = queryParameters; } - public RedirectActionAuthorizationResponse(string action, string controllerName, JsonObject queryParameters, string area, bool disconnect = false, List cookiesToRemove = null) : this(action, controllerName, queryParameters) + public RedirectActionAuthorizationResponse(string action, string controllerName, JsonObject queryParameters, string area, bool disconnect = false, List cookiesToRemove = null, AmrAuthInfo amrAuthInfo = null) : this(action, controllerName, queryParameters) { Area = area; Disconnect = disconnect; CookiesToRemove = cookiesToRemove; + AmrAuthInfo = amrAuthInfo; } public string Action { get; private set; } @@ -27,5 +29,6 @@ public RedirectActionAuthorizationResponse(string action, string controllerName, public string Area { get; private set; } public bool Disconnect { get; private set; } public List CookiesToRemove { get; private set; } + public AmrAuthInfo AmrAuthInfo { get; private set; } } } diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/ResponseTypes/AuthorizationCodeResponseTypeHandler.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/ResponseTypes/AuthorizationCodeResponseTypeHandler.cs index 69a457a26..fd3102b3e 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/ResponseTypes/AuthorizationCodeResponseTypeHandler.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/ResponseTypes/AuthorizationCodeResponseTypeHandler.cs @@ -44,10 +44,9 @@ public AuthorizationCodeResponseTypeHandler( public async Task Enrich(EnrichParameter parameter, HandlerContext context, CancellationToken cancellationToken) { var activeSession = context.Session; - var dic = new JsonObject - { - [JwtRegisteredClaimNames.Sub] = context.User.Name - }; + var dic = new JsonObject(); + if (context.User != null) + dic.Add(JwtRegisteredClaimNames.Sub, context.User.Name); if (activeSession != null) dic.Add(JwtRegisteredClaimNames.AuthTime, activeSession.AuthenticationDateTime.ConvertToUnixTimestamp()); diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/Validators/IAuthorizationRequestValidator.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/Validators/IAuthorizationRequestValidator.cs index ad1819dde..2f5ef08be 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/Validators/IAuthorizationRequestValidator.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/Validators/IAuthorizationRequestValidator.cs @@ -10,8 +10,9 @@ namespace SimpleIdServer.IdServer.Api.Authorization.Validators { public interface IAuthorizationRequestValidator { - Task ValidateAuthorizationRequest(HandlerContext context, CancellationToken cancellationToken); - Task ValidateAuthorizationRequest(HandlerContext context, string clientId, CancellationToken cancellationToken); + Task ValidateStandardAuthorizationRequest(HandlerContext context, CancellationToken cancellationToken); + Task ValidateStandardAuthorizationRequest(HandlerContext context, string clientId, CancellationToken cancellationToken); + Task ValidateSelfIssuedAuthorizationRequest(HandlerContext context, CancellationToken cancellationToken); Task ValidateAuthorizationRequestWhenUserIsAuthenticated(GrantRequest request, HandlerContext context, CancellationToken cancellationToken); } diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/Validators/OAuthAuthorizationRequestValidator.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/Validators/OAuthAuthorizationRequestValidator.cs index 6c18b2a31..2ee997ef8 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/Validators/OAuthAuthorizationRequestValidator.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Authorization/Validators/OAuthAuthorizationRequestValidator.cs @@ -10,7 +10,6 @@ using SimpleIdServer.IdServer.Jwt; using SimpleIdServer.IdServer.Options; using SimpleIdServer.IdServer.Resources; -using SimpleIdServer.IdServer.Stores; using System; using System.Collections.Generic; using System.Linq; @@ -25,7 +24,6 @@ public class OAuthAuthorizationRequestValidator : IAuthorizationRequestValidator { private readonly IEnumerable _responseTypeHandlers; private readonly IUserHelper _userHelper; - private readonly IClientRepository _clientRepository; private readonly IGrantHelper _grantHelper; private readonly IAmrHelper _amrHelper; private readonly IExtractRequestHelper _extractRequestHelper; @@ -37,18 +35,16 @@ public class OAuthAuthorizationRequestValidator : IAuthorizationRequestValidator public OAuthAuthorizationRequestValidator( IEnumerable responseTypeHandlers, IUserHelper userHelper, - IClientRepository clientRepository, IGrantHelper grantHelper, IAmrHelper amrHelper, IExtractRequestHelper extractRequestHelper, IEnumerable oauthResponseModes, IClientHelper clientHelper, - IJwtBuilder jwtBuilder, + IJwtBuilder jwtBuilder, IOptions options) { _responseTypeHandlers = responseTypeHandlers; _userHelper = userHelper; - _clientRepository = clientRepository; _grantHelper = grantHelper; _amrHelper = amrHelper; _extractRequestHelper = extractRequestHelper; @@ -58,15 +54,135 @@ public OAuthAuthorizationRequestValidator( _options = options.Value; } - public virtual Task ValidateAuthorizationRequest(HandlerContext context, CancellationToken cancellationToken) + public virtual Task ValidateStandardAuthorizationRequest(HandlerContext context, CancellationToken cancellationToken) { var clientId = context.Request.RequestData.GetClientIdFromAuthorizationRequest(); - return ValidateAuthorizationRequest(context, clientId, cancellationToken); + return ValidateStandardAuthorizationRequest(context, clientId, cancellationToken); } - public virtual async Task ValidateAuthorizationRequest(HandlerContext context, string clientId, CancellationToken cancellationToken) + public virtual async Task ValidateStandardAuthorizationRequest(HandlerContext context, string clientId, CancellationToken cancellationToken) + { + if (context.Client == null) + throw new OAuthException(ErrorCodes.INVALID_CLIENT, string.Format(Global.UnknownClient, clientId)); + return await CommonValidationAuthorizationRequest(context, cancellationToken); + } + + public virtual async Task ValidateSelfIssuedAuthorizationRequest(HandlerContext context, CancellationToken cancellationToken) + { + await ValidateClient(); + var scopes = context.Request.RequestData.GetScopes(); + var unexpectedScopes = scopes.Where(s => s != Constants.StandardScopes.OpenIdScope.Name); + if (unexpectedScopes.Any()) throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.ScopeDifferentToOpenidCannotBeSelfIssued); + var result = await CommonValidationAuthorizationRequest(context, cancellationToken); + return result; + + async Task ValidateClient() + { + var clientMetadataUri = context.Request.RequestData.GetClientMetadataUri(); + var clientMetadata = context.Request.RequestData.GetClientMetadata(); + if (!string.IsNullOrWhiteSpace(clientMetadataUri) && clientMetadata != null) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.CannotUseClientMetadataAndClientMetadataUri); + + if (context.Client != null) + { + if (clientMetadata != null || !string.IsNullOrWhiteSpace(clientMetadataUri)) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.ClientMetadataCannotBeUsedWithRegisteredClient); + } + else + { + var clientId = context.Request.RequestData.GetClientIdFromAuthorizationRequest(); + var authDetails = context.Request.RequestData.GetAuthorizationDetailsFromAuthorizationRequest(); + var responseTypes = context.Request.RequestData.GetResponseTypesFromAuthorizationRequest(); + if (clientMetadata == null && string.IsNullOrWhiteSpace(clientMetadataUri)) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.RequiredClientMetadataOrClientMetadataUri); + clientMetadata = await _clientHelper.ResolveSelfDeclaredClient(context.Request.RequestData, cancellationToken); + if ((clientMetadata.AuthorizationDataTypes == null || !clientMetadata.AuthorizationDataTypes.Any()) && authDetails != null && authDetails.Any()) + clientMetadata.AuthorizationDataTypes = authDetails.Select(a => a.Type).ToList(); + if(responseTypes != null) + clientMetadata.ResponseTypes = responseTypes.ToList(); + clientMetadata.ClientId = clientId; + context.SetClient(clientMetadata); + } + } + } + + public virtual async Task ValidateAuthorizationRequestWhenUserIsAuthenticated(GrantRequest request, HandlerContext context, CancellationToken cancellationToken) + { + var openidClient = context.Client; + var authDetails = request.AuthorizationDetails; + var scopes = request.Scopes; + var clientId = context.Request.RequestData.GetClientIdFromAuthorizationRequest(); + var acrValues = context.Request.RequestData.GetAcrValuesFromAuthorizationRequest(); + var prompt = context.Request.RequestData.GetPromptFromAuthorizationRequest(); + var claims = context.Request.RequestData.GetClaimsFromAuthorizationRequest(); + if (context.User == null) + { + if (prompt == PromptParameters.None) + throw new OAuthException(ErrorCodes.LOGIN_REQUIRED, Global.LoginIsRequired); + + throw new OAuthLoginRequiredException(await GetFirstAmr(context.Realm, acrValues, claims, openidClient, cancellationToken)); + } + + var activeSession = context.Session; + if (activeSession == null) + throw new OAuthLoginRequiredException(await GetFirstAmr(context.Realm, acrValues, claims, openidClient, cancellationToken), true); + + var maxAge = context.Request.RequestData.GetMaxAgeFromAuthorizationRequest(); + var idTokenHint = context.Request.RequestData.GetIdTokenHintFromAuthorizationRequest(); + if (maxAge != null) + { + if (DateTime.UtcNow > activeSession.AuthenticationDateTime.AddSeconds(maxAge.Value)) + throw new OAuthLoginRequiredException(await GetFirstAmr(context.Realm, acrValues, claims, openidClient, cancellationToken)); + } + else if (openidClient.DefaultMaxAge != null && DateTime.UtcNow > activeSession.AuthenticationDateTime.AddSeconds(openidClient.DefaultMaxAge.Value)) + throw new OAuthLoginRequiredException(await GetFirstAmr(context.Realm, acrValues, claims, openidClient, cancellationToken)); + + if (!string.IsNullOrWhiteSpace(idTokenHint)) + { + var payload = ExtractIdTokenHint(context.Realm, idTokenHint); + if (context.User.Name != payload.Subject) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.InvalidSubjectIdTokenHint); + + if (!payload.Audiences.Contains(context.GetIssuer())) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.InvalidAudienceIdTokenHint); + } + + switch (prompt) + { + case PromptParameters.Login: + throw new OAuthLoginRequiredException(await GetFirstAmr(context.Realm, acrValues, claims, openidClient, cancellationToken)); + case PromptParameters.Consent: + RedirectToConsentView(context); + break; + case PromptParameters.SelectAccount: + throw new OAuthSelectAccountRequiredException(); + } + + var grantManagementAction = context.Request.RequestData.GetGrantManagementActionFromAuthorizationRequest(); + if (string.IsNullOrWhiteSpace(grantManagementAction) && !_userHelper.HasOpenIDConsent(context.User, context.Realm, clientId, request, claims, authDetails)) + { + RedirectToConsentView(context); + } + + if (claims != null) + { + var idtokenClaims = claims.Where(cl => cl.Type == AuthorizationClaimTypes.IdToken && cl.IsEssential && Constants.AllUserClaims.Contains(cl.Name)); + var invalidClaims = idtokenClaims.Where(icl => !context.User.Claims.Any(cl => cl.Type == icl.Name && (icl.Values == null || !icl.Values.Any() || icl.Values.Contains(cl.Value)))); + if (invalidClaims.Any()) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.InvalidClaims, string.Join(",", invalidClaims.Select(i => i.Name)))); + } + + if(context.Request.Amrs.Any()) + { + var acr = await _amrHelper.FetchDefaultAcr(context.Realm, acrValues, claims, openidClient, cancellationToken); + var notAuthorizedAmrs = acr.AuthenticationMethodReferences.Where(c => !context.Request.Amrs.Contains(c)); + if (notAuthorizedAmrs.Any()) + throw new OAuthAuthenticatedUserAmrMissingException(acr.Name, notAuthorizedAmrs.First(), acr.AuthenticationMethodReferences); + } + } + + protected async Task CommonValidationAuthorizationRequest(HandlerContext context, CancellationToken cancellationToken) { - context.SetClient(await AuthenticateClient(context.Realm, clientId, cancellationToken)); await _extractRequestHelper.Extract(context); var requestedResponseTypes = context.Request.RequestData.GetResponseTypesFromAuthorizationRequest(); if (!requestedResponseTypes.Any()) @@ -89,7 +205,7 @@ public virtual async Task ValidateAuthoriz if (unsupportedScopes.Any()) throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.UnsupportedScopes, string.Join(",", unsupportedScopes))); - if(authDetails != null && authDetails.Any(d => string.IsNullOrWhiteSpace(d.Type))) + if (authDetails != null && authDetails.Any(d => string.IsNullOrWhiteSpace(d.Type))) throw new OAuthException(ErrorCodes.INVALID_AUTHORIZATION_DETAILS, Global.AuthorizationDetailsTypeRequired); var unsupportedAuthorizationDetailsTypes = authDetails.Where(d => !context.Client.AuthorizationDataTypes.Contains(d.Type)); @@ -97,7 +213,7 @@ public virtual async Task ValidateAuthoriz throw new OAuthException(ErrorCodes.INVALID_AUTHORIZATION_DETAILS, string.Format(Global.UnsupportedAuthorizationDetailTypes, string.Join(",", unsupportedAuthorizationDetailsTypes.Select(t => t.Type)))); OpenIdCredentialValidator.ValidateOpenIdCredential(authDetails); - await CommonValidate(context, cancellationToken); + await CommonValidate(context, cancellationToken); var nonce = context.Request.RequestData.GetNonceFromAuthorizationRequest(); var redirectUri = context.Request.RequestData.GetRedirectUriFromAuthorizationRequest(); var responseTypes = context.Request.RequestData.GetResponseTypesFromAuthorizationRequest(); @@ -132,18 +248,6 @@ async Task CommonValidate(HandlerContext context, CancellationToken cancellation if (unsupportedResponseTypes.Any()) throw new OAuthException(ErrorCodes.UNSUPPORTED_RESPONSE_TYPE, string.Format(Global.BadResponseTypesClient, string.Join(",", unsupportedResponseTypes))); } - async Task AuthenticateClient(string realm, string clientId, CancellationToken cancellationToken) - { - if (string.IsNullOrWhiteSpace(clientId)) - throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.MissingParameter, AuthorizationRequestParameters.ClientId)); - - var client = await _clientRepository.GetByClientId(realm, clientId, cancellationToken); - if (client == null) - throw new OAuthException(ErrorCodes.INVALID_CLIENT, string.Format(Global.UnknownClient, clientId)); - - return client; - } - void CheckGrantIdAndAction(HandlerContext context) { var grantId = context.Request.RequestData.GetGrantIdFromAuthorizationRequest(); @@ -162,73 +266,6 @@ void CheckGrantIdAndAction(HandlerContext context) } } - public virtual async Task ValidateAuthorizationRequestWhenUserIsAuthenticated(GrantRequest request, HandlerContext context, CancellationToken cancellationToken) - { - var openidClient = context.Client; - var authDetails = request.AuthorizationDetails; - var scopes = request.Scopes; - var clientId = context.Request.RequestData.GetClientIdFromAuthorizationRequest(); - var acrValues = context.Request.RequestData.GetAcrValuesFromAuthorizationRequest(); - var prompt = context.Request.RequestData.GetPromptFromAuthorizationRequest(); - var claims = context.Request.RequestData.GetClaimsFromAuthorizationRequest(); - if (context.User == null) - { - if (prompt == PromptParameters.None) - throw new OAuthException(ErrorCodes.LOGIN_REQUIRED, Global.LoginIsRequired); - - throw new OAuthLoginRequiredException(await GetFirstAmr(context.Realm, acrValues, claims, openidClient, cancellationToken)); - } - - var activeSession = context.Session; - if (activeSession == null) - throw new OAuthLoginRequiredException(await GetFirstAmr(context.Realm, acrValues, claims, openidClient, cancellationToken), true); - - var maxAge = context.Request.RequestData.GetMaxAgeFromAuthorizationRequest(); - var idTokenHint = context.Request.RequestData.GetIdTokenHintFromAuthorizationRequest(); - if (maxAge != null) - { - if (DateTime.UtcNow > activeSession.AuthenticationDateTime.AddSeconds(maxAge.Value)) - throw new OAuthLoginRequiredException(await GetFirstAmr(context.Realm, acrValues, claims, openidClient, cancellationToken)); - } - else if (openidClient.DefaultMaxAge != null && DateTime.UtcNow > activeSession.AuthenticationDateTime.AddSeconds(openidClient.DefaultMaxAge.Value)) - throw new OAuthLoginRequiredException(await GetFirstAmr(context.Realm, acrValues, claims, openidClient, cancellationToken)); - - if (!string.IsNullOrWhiteSpace(idTokenHint)) - { - var payload = ExtractIdTokenHint(context.Realm, idTokenHint); - if (context.User.Name != payload.Subject) - throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.InvalidSubjectIdTokenHint); - - if (!payload.Audiences.Contains(context.GetIssuer())) - throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.InvalidAudienceIdTokenHint); - } - - switch (prompt) - { - case PromptParameters.Login: - throw new OAuthLoginRequiredException(await GetFirstAmr(context.Realm, acrValues, claims, openidClient, cancellationToken)); - case PromptParameters.Consent: - RedirectToConsentView(context); - break; - case PromptParameters.SelectAccount: - throw new OAuthSelectAccountRequiredException(); - } - - var grantManagementAction = context.Request.RequestData.GetGrantManagementActionFromAuthorizationRequest(); - if (string.IsNullOrWhiteSpace(grantManagementAction) && !_userHelper.HasOpenIDConsent(context.User, context.Realm, clientId, request, claims, authDetails)) - { - RedirectToConsentView(context); - } - - if (claims != null) - { - var idtokenClaims = claims.Where(cl => cl.Type == AuthorizationClaimTypes.IdToken && cl.IsEssential && Constants.AllUserClaims.Contains(cl.Name)); - var invalidClaims = idtokenClaims.Where(icl => !context.User.Claims.Any(cl => cl.Type == icl.Name && (icl.Values == null || !icl.Values.Any() || icl.Values.Contains(cl.Value)))); - if (invalidClaims.Any()) - throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.InvalidClaims, string.Join(",", invalidClaims.Select(i => i.Name)))); - } - } - protected virtual void RedirectToConsentView(HandlerContext context) { if (context.Client.IsConsentDisabled) return; diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/BCAuthorize/BCAuthorizeRequestValidator.cs b/src/IdServer/SimpleIdServer.IdServer/Api/BCAuthorize/BCAuthorizeRequestValidator.cs index ea6ec46db..ebff80be0 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/BCAuthorize/BCAuthorizeRequestValidator.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/BCAuthorize/BCAuthorizeRequestValidator.cs @@ -146,8 +146,8 @@ protected virtual void CheckUserCode(User user, string userCode) { if (string.IsNullOrWhiteSpace(userCode)) return; var credential = user.Credentials.FirstOrDefault(c => c.CredentialType == Constants.Areas.Password && c.IsActive); - var hash = PasswordHelper.ComputeHash(userCode); - if (credential == null || credential.Value != PasswordHelper.ComputeHash(userCode)) + var hash = PasswordHelper.ComputeHash(userCode, _options.IsPasswordEncodeInBase64); + if (credential == null || credential.Value != PasswordHelper.ComputeHash(userCode, _options.IsPasswordEncodeInBase64)) throw new OAuthException(ErrorCodes.INVALID_CREDENTIALS, Global.InvalidUserCode); } diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/CertificateAuthorities/CertificateAuthoritiesController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/CertificateAuthorities/CertificateAuthoritiesController.cs index 8dede5701..97c3d054e 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/CertificateAuthorities/CertificateAuthoritiesController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/CertificateAuthorities/CertificateAuthoritiesController.cs @@ -8,6 +8,7 @@ using SimpleIdServer.IdServer.Domains.DTOs; using SimpleIdServer.IdServer.Exceptions; using SimpleIdServer.IdServer.ExternalEvents; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Jwt; using SimpleIdServer.IdServer.Resources; using SimpleIdServer.IdServer.Stores; diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Clients/ClientsController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Clients/ClientsController.cs index 2535792b9..1ba8f6ac0 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Clients/ClientsController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Clients/ClientsController.cs @@ -8,6 +8,7 @@ using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Exceptions; using SimpleIdServer.IdServer.ExternalEvents; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Jwt; using SimpleIdServer.IdServer.Resources; using SimpleIdServer.IdServer.Stores; @@ -152,6 +153,7 @@ public async Task Get([FromRoute] string prefix, string id, Cance prefix = prefix ?? Constants.DefaultRealm; try { + id = System.Web.HttpUtility.UrlDecode(id); await CheckAccessToken(prefix, Constants.StandardScopes.Clients.Name); var result = await _clientRepository.GetByClientId(prefix, id, cancellationToken); if (result == null) throw new OAuthException(HttpStatusCode.NotFound, ErrorCodes.NOT_FOUND, string.Format(Global.UnknownClient, id)); @@ -741,4 +743,35 @@ await _busControl.Publish(new AddClientRoleFailureEvent } } } + + [HttpPut] + public async Task UpdateRealms([FromRoute] string prefix, string id, [FromBody] UpdateClientRealmsRequest request, CancellationToken cancellationToken) + { + prefix = prefix ?? Constants.DefaultRealm; + using (var activity = Tracing.IdServerActivitySource.StartActivity("Update client realms")) + { + try + { + using (var transaction = _transactionBuilder.Build()) + { + activity?.SetTag("realm", prefix); + await CheckAccessToken(prefix, Constants.StandardScopes.Clients.Name); + var result = await _clientRepository.GetByClientId(prefix, id, cancellationToken); + if (result == null) throw new OAuthException(HttpStatusCode.NotFound, ErrorCodes.NOT_FOUND, string.Format(Global.UnknownClient, id)); + var realms = await _realmRepository.GetAll(cancellationToken); + result.Realms = realms.Where(r => r.Name == prefix || request.Realms.Contains(r.Name)).ToList(); + result.UpdateDateTime = DateTime.UtcNow; + _clientRepository.Update(result); + await transaction.Commit(cancellationToken); + return new NoContentResult(); + } + } + catch (OAuthException ex) + { + _logger.LogError(ex.ToString()); + activity?.SetStatus(System.Diagnostics.ActivityStatusCode.Error, ex.Message); + return BuildError(ex); + } + } + } } diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Clients/UpdateClientRealmsRequest.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Clients/UpdateClientRealmsRequest.cs new file mode 100644 index 000000000..443502329 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Clients/UpdateClientRealmsRequest.cs @@ -0,0 +1,13 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer.Domains.DTOs; +using System.Collections.Generic; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.IdServer.Api.Clients; + +public class UpdateClientRealmsRequest +{ + [JsonPropertyName(OAuthClientParameters.Realms)] + public List Realms { get; set; } = new List(); +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/ErrorMessages/ErrorMessagesController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/ErrorMessages/ErrorMessagesController.cs new file mode 100644 index 000000000..fe80ec22b --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Api/ErrorMessages/ErrorMessagesController.cs @@ -0,0 +1,84 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using MassTransit; +using Microsoft.AspNetCore.Mvc; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Exceptions; +using SimpleIdServer.IdServer.Jwt; +using SimpleIdServer.IdServer.Resources; +using SimpleIdServer.IdServer.Stores; +using System; +using System.Collections.Generic; +using System.Net; +using System.Text.Json; +using System.Threading; +using System.Threading.Tasks; + +namespace SimpleIdServer.IdServer.Api.ErrorMessages; + +public class ErrorMessagesController : BaseController +{ + private readonly IMessageBusErrorStore _messageBusErrorStore; + private readonly IBusControl _busControl; + private readonly ITransactionBuilder _transactionBuilder; + + public ErrorMessagesController( + IMessageBusErrorStore messageBusErrorStore, + ITokenRepository tokenRepository, + IJwtBuilder jwtBuilder, + IBusControl busControl, + ITransactionBuilder transactionBuilder) : base(tokenRepository, jwtBuilder) + { + _messageBusErrorStore = messageBusErrorStore; + _busControl = busControl; + _transactionBuilder = transactionBuilder; + } + + [HttpGet] + public async Task Relaunch([FromRoute] string prefix, string id, CancellationToken cancellationToken) + { + try + { + using (var transaction = _transactionBuilder.Build()) + { + var messageBusError = await _messageBusErrorStore.Get(id, cancellationToken); + if (messageBusError == null) throw new OAuthException(HttpStatusCode.NotFound, ErrorCodes.NOT_FOUND, string.Format(Global.UnknownErrorMessage, id)); + await Relaunch(messageBusError, cancellationToken); + _messageBusErrorStore.Delete(messageBusError); + await transaction.Commit(cancellationToken); + return new NoContentResult(); + } + + } + catch(OAuthException ex) + { + return BuildError(ex); + } + } + + [HttpPost] + public async Task RelaunchAllByExternalId([FromRoute] string prefix, [FromBody] RelaunchAllErrorMessagesByExternalIdRequest request, CancellationToken cancellationToken) + { + using (var transaction = _transactionBuilder.Build()) + { + var errorMessages = await _messageBusErrorStore.GetAllByExternalId(new List { request.ExternalId }, cancellationToken); + foreach (var errorMessage in errorMessages) + { + await Relaunch(errorMessage, cancellationToken); + _messageBusErrorStore.Delete(errorMessage); + } + + await transaction.Commit(cancellationToken); + return new NoContentResult(); + } + } + + private async Task Relaunch(MessageBusErrorMessage errorMessage, CancellationToken cancellationToken) + { + var sendEndpoint = await _busControl.GetSendEndpoint(new Uri($"queue:{errorMessage.QueueName}")); + var typeCmd = Type.GetType(errorMessage.FullName); + var cmd = JsonSerializer.Deserialize(errorMessage.Content, typeCmd); + await sendEndpoint.Send(cmd, cancellationToken); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/ErrorMessages/RelaunchAllErrorMessagesByExternalIdRequest.cs b/src/IdServer/SimpleIdServer.IdServer/Api/ErrorMessages/RelaunchAllErrorMessagesByExternalIdRequest.cs new file mode 100644 index 000000000..3f5efe2a1 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Api/ErrorMessages/RelaunchAllErrorMessagesByExternalIdRequest.cs @@ -0,0 +1,12 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System.Text.Json.Serialization; + +namespace SimpleIdServer.IdServer.Api.ErrorMessages; + +public class RelaunchAllErrorMessagesByExternalIdRequest +{ + [JsonPropertyName("externalid")] + public string ExternalId { get; set; } +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Groups/GroupsController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Groups/GroupsController.cs index 242661982..d76218139 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Groups/GroupsController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Groups/GroupsController.cs @@ -74,6 +74,7 @@ public async Task Get([FromRoute] string prefix, string id, Cance var rootGroup = result; if (splittedFullPath.Count() > 1) rootGroup = await _groupRepository.GetByStrictFullPath(prefix, splittedFullPath[0], cancellationToken); + result.Roles = result.Roles.Where(r => r.Realms.Any(re => re.Name == prefix)).ToList(); return new OkObjectResult(new GetGroupResult { Target = result, diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Groups/SearchGroupsRequest.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Groups/SearchGroupsRequest.cs index bf9d2fad0..48082eab5 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Groups/SearchGroupsRequest.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Groups/SearchGroupsRequest.cs @@ -1,7 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Newtonsoft.Json; -using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.Helpers; namespace SimpleIdServer.IdServer.Api.Groups; diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/HandlerContext.cs b/src/IdServer/SimpleIdServer.IdServer/Api/HandlerContext.cs index 61241b44a..fa7ba24c4 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/HandlerContext.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/HandlerContext.cs @@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.IdentityModel.JsonWebTokens; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Middlewares; using SimpleIdServer.IdServer.Options; using System.Collections.Generic; @@ -112,6 +113,12 @@ public HandlerContextRequest(string issuerName, string userSubject, JsonObject d public X509Certificate2 Certificate { get; set; } public string Referer { get; set; } public string HttpMethod { get; set; } + public List Amrs { get; private set; } = new List(); + + public void SetUserAmrs(List amrs) + { + Amrs = amrs; + } public void SetRequestData(JsonObject data) { diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/OAuthConfiguration/OAuthConfigurationController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/OAuthConfiguration/OAuthConfigurationController.cs index 7f6361948..085df1081 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/OAuthConfiguration/OAuthConfigurationController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/OAuthConfiguration/OAuthConfigurationController.cs @@ -2,7 +2,6 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; -using SimpleIdServer.IdServer.DTOs; using System.Text.Json.Nodes; using System.Threading; using System.Threading.Tasks; @@ -33,29 +32,10 @@ public virtual async Task Get([FromRoute] string prefix, Cancella return new OkObjectResult(await Build(prefix, token)); } - protected async Task Build(string prefix, CancellationToken cancellationToken) + protected Task Build(string prefix, CancellationToken cancellationToken) { - var subUrl = string.Empty; var issuer = Request.GetAbsoluteUriWithVirtualPath(); - var issuerStr = issuer; - if (!string.IsNullOrWhiteSpace(prefix)) - { - issuerStr = $"{issuer}/{prefix}"; - subUrl = $"{prefix}/"; - } - - var jObj = new JsonObject - { - [OAuthConfigurationNames.Issuer] = issuerStr, - [OAuthConfigurationNames.AuthorizationEndpoint] = $"{issuer}/{subUrl}{Constants.EndPoints.Authorization}", - [OAuthConfigurationNames.RegistrationEndpoint] = $"{issuer}/{subUrl}{Constants.EndPoints.Registration}", - [OAuthConfigurationNames.TokenEndpoint] = $"{issuer}/{subUrl}{Constants.EndPoints.Token}", - [OAuthConfigurationNames.RevocationEndpoint] = $"{issuer}/{subUrl}{Constants.EndPoints.Token}/revoke", - [OAuthConfigurationNames.JwksUri] = $"{issuer}/{subUrl}{Constants.EndPoints.Jwks}", - [OAuthConfigurationNames.IntrospectionEndpoint] = $"{issuer}/{subUrl}{Constants.EndPoints.TokenInfo}" - }; - await _configurationRequestHandler.Enrich(prefix, jObj, issuer, cancellationToken); - return jObj; + return _configurationRequestHandler.Handle(prefix, issuer, cancellationToken); } } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/OAuthConfiguration/OAuthConfigurationRequestHandler.cs b/src/IdServer/SimpleIdServer.IdServer/Api/OAuthConfiguration/OAuthConfigurationRequestHandler.cs index 9bcc61c46..f45c3922d 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/OAuthConfiguration/OAuthConfigurationRequestHandler.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/OAuthConfiguration/OAuthConfigurationRequestHandler.cs @@ -1,12 +1,10 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.Authorization; using SimpleIdServer.IdServer.Api.Authorization.ResponseTypes; using SimpleIdServer.IdServer.Api.Token.Handlers; using SimpleIdServer.IdServer.Authenticate; using SimpleIdServer.IdServer.DTOs; -using SimpleIdServer.IdServer.Options; using SimpleIdServer.IdServer.Stores; using System.Collections.Generic; using System.Linq; @@ -19,7 +17,7 @@ namespace SimpleIdServer.IdServer.Api.Configuration { public interface IOAuthConfigurationRequestHandler { - Task Enrich(string prefix, JsonObject jObj, string issuer, CancellationToken cancellationToken); + Task Handle(string prefix, string issuer, CancellationToken cancellationToken); } public class OAuthConfigurationRequestHandler : IOAuthConfigurationRequestHandler @@ -30,7 +28,6 @@ public class OAuthConfigurationRequestHandler : IOAuthConfigurationRequestHandle private readonly IEnumerable _grantTypeHandlers; private readonly IEnumerable _oauthClientAuthenticationHandlers; private readonly IOAuthWorkflowConverter _oauthWorkflowConverter; - private readonly IdServerHostOptions _options; public OAuthConfigurationRequestHandler( IScopeRepository scopeRepository, @@ -38,8 +35,7 @@ public OAuthConfigurationRequestHandler( IEnumerable oauthResponseModes, IEnumerable grantTypeHandlers, IEnumerable oauthClientAuthenticationHandlers, - IOAuthWorkflowConverter oauthWorkflowConverter, - IOptions options) + IOAuthWorkflowConverter oauthWorkflowConverter) { _scopeRepository = scopeRepository; _authorizationGrantTypeHandlers = authorizationGrantTypeHandlers; @@ -47,14 +43,30 @@ public OAuthConfigurationRequestHandler( _grantTypeHandlers = grantTypeHandlers; _oauthClientAuthenticationHandlers = oauthClientAuthenticationHandlers; _oauthWorkflowConverter = oauthWorkflowConverter; - _options = options.Value; } protected IOAuthWorkflowConverter WorkflowConverter => _oauthWorkflowConverter; - public virtual async Task Enrich(string prefix, JsonObject jObj, string issuer, CancellationToken cancellationToken) + public virtual async Task Handle(string prefix, string issuer, CancellationToken cancellationToken) { - var realm = prefix ?? Constants.DefaultRealm; + var subUrl = string.Empty; + var issuerStr = issuer; + if (!string.IsNullOrWhiteSpace(prefix)) + { + issuerStr = $"{issuer}/{prefix}"; + subUrl = $"{prefix}/"; + } + + var jObj = new JsonObject + { + [OAuthConfigurationNames.Issuer] = issuerStr, + [OAuthConfigurationNames.AuthorizationEndpoint] = $"{issuer}/{subUrl}{Constants.EndPoints.Authorization}", + [OAuthConfigurationNames.RegistrationEndpoint] = $"{issuer}/{subUrl}{Constants.EndPoints.Registration}", + [OAuthConfigurationNames.TokenEndpoint] = $"{issuer}/{subUrl}{Constants.EndPoints.Token}", + [OAuthConfigurationNames.RevocationEndpoint] = $"{issuer}/{subUrl}{Constants.EndPoints.Token}/revoke", + [OAuthConfigurationNames.JwksUri] = $"{issuer}/{subUrl}{Constants.EndPoints.Jwks}", + [OAuthConfigurationNames.IntrospectionEndpoint] = $"{issuer}/{subUrl}{Constants.EndPoints.TokenInfo}" + }; var scopes = (await _scopeRepository.GetAllExposedScopes(prefix, cancellationToken)).Select(s => s.Name); jObj.Add(OAuthConfigurationNames.TlsClientCertificateBoundAccessTokens, true); jObj.Add(OAuthConfigurationNames.ScopesSupported, JsonSerializer.SerializeToNode(scopes)); @@ -63,6 +75,7 @@ public virtual async Task Enrich(string prefix, JsonObject jObj, string issuer, jObj.Add(OAuthConfigurationNames.GrantTypesSupported, JsonSerializer.SerializeToNode(GetGrantTypes())); jObj.Add(OAuthConfigurationNames.TokenEndpointAuthMethodsSupported, JsonSerializer.SerializeToNode(_oauthClientAuthenticationHandlers.Select(r => r.AuthMethod))); jObj.Add(OAuthConfigurationNames.TokenEndpointAuthSigningAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); + return jObj; } protected List GetGrantTypes() diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/OpenIdConfiguration/OpenIdConfigurationController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/OpenIdConfiguration/OpenIdConfigurationController.cs index 527e5c9a2..a65dfa723 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/OpenIdConfiguration/OpenIdConfigurationController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/OpenIdConfiguration/OpenIdConfigurationController.cs @@ -2,16 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; -using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api.Configuration; -using SimpleIdServer.IdServer.DTOs; -using SimpleIdServer.IdServer.Options; -using SimpleIdServer.IdServer.Stores; -using SimpleIdServer.IdServer.SubjectTypeBuilders; -using System.Collections.Generic; -using System.Linq; -using System.Text.Json; -using System.Text.Json.Nodes; using System.Threading; using System.Threading.Tasks; @@ -19,22 +10,13 @@ namespace SimpleIdServer.IdServer.Api.OpenIdConfiguration { public class OpenIdConfigurationController : OAuthConfigurationController { - private readonly IEnumerable _subjectTypeBuilders; - private readonly IScopeRepository _scopeRepository; - private readonly IAuthenticationContextClassReferenceRepository _authenticationContextClassReferenceRepository; - private readonly IdServerHostOptions _options; + private readonly IOpenidConfigurationRequestHandler _openidConfigurationRequestHandler; public OpenIdConfigurationController( - IEnumerable subjectTypeBuilders, - IScopeRepository scopeRepository, - IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository, - IOptions options, - IOAuthConfigurationRequestHandler configurationRequestHandler) : base(configurationRequestHandler) + IOAuthConfigurationRequestHandler configurationRequestHandler, + IOpenidConfigurationRequestHandler openidConfigurationRequestHandler) : base(configurationRequestHandler) { - _subjectTypeBuilders = subjectTypeBuilders; - _scopeRepository = scopeRepository; - _authenticationContextClassReferenceRepository = authenticationContextClassReferenceRepository; - _options = options.Value; + _openidConfigurationRequestHandler = openidConfigurationRequestHandler; } /// @@ -47,59 +29,7 @@ public OpenIdConfigurationController( public override async Task Get([FromRoute] string prefix, CancellationToken cancellationToken) { var issuer = Request.GetAbsoluteUriWithVirtualPath(); - var acrLst = await _authenticationContextClassReferenceRepository.GetAll(prefix, cancellationToken); - var result = await Build(prefix, cancellationToken); - var claims = (await _scopeRepository.GetAllExposedScopes(prefix, cancellationToken)).SelectMany(s => s.ClaimMappers); - - if (!string.IsNullOrWhiteSpace(prefix)) - prefix = $"{prefix}/"; - - result.Add(OpenIDConfigurationNames.UserInfoEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.UserInfo}"); - result.Add(OpenIDConfigurationNames.DeviceAuthorizationEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.DeviceAuthorization}"); - result.Add(OpenIDConfigurationNames.CheckSessionIframe, $"{issuer}/{prefix}{Constants.EndPoints.CheckSession}"); - result.Add(OpenIDConfigurationNames.EndSessionEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.EndSession}"); - result.Add(OpenIDConfigurationNames.BackchannelAuthenticationEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.BCAuthorize}"); - result.Add(OpenIDConfigurationNames.PushedAuthorizationRequestEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.PushedAuthorizationRequest}"); - result.Add(OpenIDConfigurationNames.RequestParameterSupported, true); - result.Add(OpenIDConfigurationNames.RequestUriParameterSupported, true); - result.Add(OpenIDConfigurationNames.RequestObjectSigningAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); - result.Add(OpenIDConfigurationNames.RequestObjectEncryptionAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncAlgs)); - result.Add(OpenIDConfigurationNames.RequestObjectEncryptionEncValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncryptions)); - result.Add(OpenIDConfigurationNames.SubjectTypesSupported, JsonSerializer.SerializeToNode(_subjectTypeBuilders.Select(r => r.SubjectType))); - result.Add(OpenIDConfigurationNames.AcrValuesSupported, JsonSerializer.SerializeToNode(acrLst.Select(_ => _.Name))); - result.Add(OpenIDConfigurationNames.IdTokenSigningAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); - result.Add(OpenIDConfigurationNames.IdTokenEncryptionAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncAlgs)); - result.Add(OpenIDConfigurationNames.IdTokenEncryptionEncValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncryptions)); - result.Add(OpenIDConfigurationNames.UserInfoSigningAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); - result.Add(OpenIDConfigurationNames.UserInfoEncryptionAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncAlgs)); - result.Add(OpenIDConfigurationNames.UserInfoEncryptionEncValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncryptions)); - result.Add(OpenIDConfigurationNames.ClaimsSupported, JsonSerializer.SerializeToNode(claims.DistinctBy(c => c.TargetClaimPath).Select(c => c.TargetClaimPath))); - result.Add(OpenIDConfigurationNames.ClaimsParameterSupported, true); - result.Add(OpenIDConfigurationNames.BackchannelTokenDeliveryModesSupported, JsonSerializer.SerializeToNode(Constants.AllStandardNotificationModes)); - result.Add(OpenIDConfigurationNames.BackchannelAuthenticationRequestSigningAlgValues, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); - result.Add(OpenIDConfigurationNames.BackchannelUserCodeParameterSupported, false); - result.Add(OpenIDConfigurationNames.FrontChannelLogoutSupported, true); - result.Add(OpenIDConfigurationNames.FrontChannelLogoutSessionSupported, true); - result.Add(OpenIDConfigurationNames.BackchannelLogoutSupported, true); - result.Add(OpenIDConfigurationNames.BackchannelLogoutSessionSupported, true); - result.Add(OpenIDConfigurationNames.GrantManagementActionRequired, _options.GrantManagementActionRequired); - result.Add(OpenIDConfigurationNames.GrantManagementEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.Grants}"); - result.Add(OpenIDConfigurationNames.GrantManagementActionsSupported, JsonSerializer.SerializeToNode(Constants.AllStandardGrantManagementActions)); - result.Add(OpenIDConfigurationNames.AuthorizationSigningAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); - result.Add(OpenIDConfigurationNames.AuthorizationEncryptionAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncAlgs)); - result.Add(OpenIDConfigurationNames.AuthorizationEncryptionEncValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncryptions)); - result.Add(OpenIDConfigurationNames.RequirePushedAuthorizationRequests, _options.RequiredPushedAuthorizationRequest); - result.Add(OpenIDConfigurationNames.AuthorizationDetailsSupported, true); - result.Add(OpenIDConfigurationNames.DPOPSigningAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); - if (_options.MtlsEnabled) - { - result.Add(OpenIDConfigurationNames.MtlsEndpointAliases, JsonSerializer.SerializeToNode(new JsonObject - { - { OAuthConfigurationNames.TokenEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.MtlsToken}" }, - { OpenIDConfigurationNames.BackchannelAuthenticationEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.MtlsBCAuthorize}" } - })); - } - + var result = await _openidConfigurationRequestHandler.Handle(issuer, prefix, cancellationToken); return new OkObjectResult(result); } } diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/OpenIdConfiguration/OpenidConfigurationRequestHandler.cs b/src/IdServer/SimpleIdServer.IdServer/Api/OpenIdConfiguration/OpenidConfigurationRequestHandler.cs new file mode 100644 index 000000000..515672122 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Api/OpenIdConfiguration/OpenidConfigurationRequestHandler.cs @@ -0,0 +1,103 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.Extensions.Options; +using SimpleIdServer.IdServer.Api.Configuration; +using SimpleIdServer.IdServer.DTOs; +using SimpleIdServer.IdServer.Options; +using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.SubjectTypeBuilders; +using System.Collections.Generic; +using System.Linq; +using System.Text.Json; +using System.Text.Json.Nodes; +using System.Threading; +using System.Threading.Tasks; + +namespace SimpleIdServer.IdServer.Api.OpenIdConfiguration; + +public interface IOpenidConfigurationRequestHandler +{ + Task Handle(string issuer, string prefix, CancellationToken cancellationToken); +} + +public class OpenidConfigurationRequestHandler : IOpenidConfigurationRequestHandler +{ + private readonly IEnumerable _subjectTypeBuilders; + private readonly IScopeRepository _scopeRepository; + private readonly IAuthenticationContextClassReferenceRepository _authenticationContextClassReferenceRepository; + private readonly IOAuthConfigurationRequestHandler _oauthConfigurationRequestHandler; + private readonly IdServerHostOptions _options; + + public OpenidConfigurationRequestHandler( + IEnumerable subjectTypeBuilders, + IScopeRepository scopeRepository, + IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository, + IOptions options, + IOAuthConfigurationRequestHandler configurationRequestHandler) + { + _subjectTypeBuilders = subjectTypeBuilders; + _scopeRepository = scopeRepository; + _authenticationContextClassReferenceRepository = authenticationContextClassReferenceRepository; + _options = options.Value; + _oauthConfigurationRequestHandler = configurationRequestHandler; + } + + public virtual async Task Handle(string issuer, string prefix, CancellationToken cancellationToken) + { + var result = await _oauthConfigurationRequestHandler.Handle(prefix, issuer, cancellationToken); + var acrLst = await _authenticationContextClassReferenceRepository.GetAll(prefix, cancellationToken); + var claims = (await _scopeRepository.GetAllExposedScopes(prefix, cancellationToken)).SelectMany(s => s.ClaimMappers); + + if (!string.IsNullOrWhiteSpace(prefix)) + prefix = $"{prefix}/"; + + result.Add(OpenIDConfigurationNames.UserInfoEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.UserInfo}"); + result.Add(OpenIDConfigurationNames.DeviceAuthorizationEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.DeviceAuthorization}"); + result.Add(OpenIDConfigurationNames.CheckSessionIframe, $"{issuer}/{prefix}{Constants.EndPoints.CheckSession}"); + result.Add(OpenIDConfigurationNames.EndSessionEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.EndSession}"); + result.Add(OpenIDConfigurationNames.BackchannelAuthenticationEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.BCAuthorize}"); + result.Add(OpenIDConfigurationNames.PushedAuthorizationRequestEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.PushedAuthorizationRequest}"); + result.Add(OpenIDConfigurationNames.RequestParameterSupported, true); + result.Add(OpenIDConfigurationNames.RequestUriParameterSupported, true); + result.Add(OpenIDConfigurationNames.RequestObjectSigningAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); + result.Add(OpenIDConfigurationNames.RequestObjectEncryptionAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncAlgs)); + result.Add(OpenIDConfigurationNames.RequestObjectEncryptionEncValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncryptions)); + result.Add(OpenIDConfigurationNames.SubjectTypesSupported, JsonSerializer.SerializeToNode(_subjectTypeBuilders.Select(r => r.SubjectType))); + result.Add(OpenIDConfigurationNames.AcrValuesSupported, JsonSerializer.SerializeToNode(acrLst.Select(_ => _.Name))); + result.Add(OpenIDConfigurationNames.IdTokenSigningAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); + result.Add(OpenIDConfigurationNames.IdTokenEncryptionAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncAlgs)); + result.Add(OpenIDConfigurationNames.IdTokenEncryptionEncValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncryptions)); + result.Add(OpenIDConfigurationNames.UserInfoSigningAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); + result.Add(OpenIDConfigurationNames.UserInfoEncryptionAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncAlgs)); + result.Add(OpenIDConfigurationNames.UserInfoEncryptionEncValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncryptions)); + result.Add(OpenIDConfigurationNames.ClaimsSupported, JsonSerializer.SerializeToNode(claims.DistinctBy(c => c.TargetClaimPath).Select(c => c.TargetClaimPath))); + result.Add(OpenIDConfigurationNames.ClaimsParameterSupported, true); + result.Add(OpenIDConfigurationNames.BackchannelTokenDeliveryModesSupported, JsonSerializer.SerializeToNode(Constants.AllStandardNotificationModes)); + result.Add(OpenIDConfigurationNames.BackchannelAuthenticationRequestSigningAlgValues, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); + result.Add(OpenIDConfigurationNames.BackchannelUserCodeParameterSupported, false); + result.Add(OpenIDConfigurationNames.FrontChannelLogoutSupported, true); + result.Add(OpenIDConfigurationNames.FrontChannelLogoutSessionSupported, true); + result.Add(OpenIDConfigurationNames.BackchannelLogoutSupported, true); + result.Add(OpenIDConfigurationNames.BackchannelLogoutSessionSupported, true); + result.Add(OpenIDConfigurationNames.GrantManagementActionRequired, _options.GrantManagementActionRequired); + result.Add(OpenIDConfigurationNames.GrantManagementEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.Grants}"); + result.Add(OpenIDConfigurationNames.GrantManagementActionsSupported, JsonSerializer.SerializeToNode(Constants.AllStandardGrantManagementActions)); + result.Add(OpenIDConfigurationNames.AuthorizationSigningAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); + result.Add(OpenIDConfigurationNames.AuthorizationEncryptionAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncAlgs)); + result.Add(OpenIDConfigurationNames.AuthorizationEncryptionEncValuesSupported, JsonSerializer.SerializeToNode(Constants.AllEncryptions)); + result.Add(OpenIDConfigurationNames.RequirePushedAuthorizationRequests, _options.RequiredPushedAuthorizationRequest); + result.Add(OpenIDConfigurationNames.AuthorizationDetailsSupported, true); + result.Add(OpenIDConfigurationNames.DPOPSigningAlgValuesSupported, JsonSerializer.SerializeToNode(Constants.AllSigningAlgs)); + if (_options.MtlsEnabled) + { + result.Add(OpenIDConfigurationNames.MtlsEndpointAliases, JsonSerializer.SerializeToNode(new JsonObject + { + { OAuthConfigurationNames.TokenEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.MtlsToken}" }, + { OpenIDConfigurationNames.BackchannelAuthenticationEndpoint, $"{issuer}/{prefix}{Constants.EndPoints.MtlsBCAuthorize}" } + })); + } + + return result; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/OpenIdCredentialValidator.cs b/src/IdServer/SimpleIdServer.IdServer/Api/OpenIdCredentialValidator.cs index bdfceab40..e1c0212a6 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/OpenIdCredentialValidator.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/OpenIdCredentialValidator.cs @@ -16,6 +16,10 @@ public static void ValidateOpenIdCredential(ICollection authD var openidCredentials = authDetails.Where(t => t.Type == Constants.StandardAuthorizationDetails.OpenIdCredential); if (!openidCredentials.Any()) return; foreach (var openidCredential in openidCredentials) - if (!openidCredential.AdditionalData.ContainsKey(Constants.StandardAuthorizationDetails.CredentialConfigurationId)) throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.MissingParameter, Constants.StandardAuthorizationDetails.CredentialConfigurationId)); + { + if (!openidCredential.AdditionalData.ContainsKey(Constants.StandardAuthorizationDetails.CredentialConfigurationId) && + !openidCredential.AdditionalData.ContainsKey(Constants.StandardAuthorizationDetails.Format)) + throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.MissingParameter, Constants.StandardAuthorizationDetails.CredentialConfigurationId)); + } } } diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Provisioning/IdentityProvisioningController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Provisioning/IdentityProvisioningController.cs index d39cc673c..04a5328c1 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Provisioning/IdentityProvisioningController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Provisioning/IdentityProvisioningController.cs @@ -6,6 +6,7 @@ using Microsoft.Extensions.Configuration; using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Exceptions; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Jwt; using SimpleIdServer.IdServer.Provisioning; using SimpleIdServer.IdServer.Resources; @@ -28,6 +29,7 @@ public class IdentityProvisioningController : BaseController private readonly IConfiguration _configuration; private readonly IEnumerable _provisioningServices; private readonly ITransactionBuilder _transactionBuilder; + private readonly IMessageBusErrorStore _messageBrokerErrorStore; public IdentityProvisioningController( IBusControl busControl, @@ -36,13 +38,15 @@ public IdentityProvisioningController( IJwtBuilder jwtBuilder, IConfiguration configuration, IEnumerable provisioningServices, - ITransactionBuilder transactionBuilder) : base(tokenRepository, jwtBuilder) + ITransactionBuilder transactionBuilder, + IMessageBusErrorStore messageBusErrorStore) : base(tokenRepository, jwtBuilder) { _busControl = busControl; _identityProvisioningStore = identityProvisioningStore; _configuration = configuration; _provisioningServices = provisioningServices; _transactionBuilder = transactionBuilder; + _messageBrokerErrorStore = messageBusErrorStore; } [HttpPost] @@ -79,7 +83,22 @@ public async Task Get([FromRoute] string prefix, string id, Cance var section = _configuration.GetSection(optionKey); var configuration = section.Get(optionType); var provisioningService = _provisioningServices.Single(p => p.Name == result.Definition.Name); - return new OkObjectResult(Build(result, configuration)); + var externalIds = result.Processes.Select(h => h.Id).ToList(); + var messageErrors = await _messageBrokerErrorStore.GetAllByExternalId(externalIds, cancellationToken); + var res = Build(result, configuration); + res.Processes.ForEach(p => + { + var filteredMessageErrors = messageErrors.Where(e => e.ExternalId == p.Id); + if (filteredMessageErrors.Any()) + { + p.Errors = filteredMessageErrors.Select(e => new IdentityProvisioningProcessMessageErrorResult + { + Id = e.Id, + Exceptions = e.Exceptions + }).ToList(); + } + }); + return new OkObjectResult(res); } catch (OAuthException ex) { diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Provisioning/IdentityProvisioningResult.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Provisioning/IdentityProvisioningResult.cs index ce781a614..5d3eef03c 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Provisioning/IdentityProvisioningResult.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Provisioning/IdentityProvisioningResult.cs @@ -66,4 +66,22 @@ public class IdentityProvisioningProcessResult public int TotalPageToExtract { get; set; } [JsonPropertyName(IdentityProvisioningNames.TotalPageToImport)] public int TotalPageToImport { get; set; } + [JsonPropertyName(IdentityProvisioningNames.Errors)] + public List Errors { get; set; } +} + +public class IdentityProvisioningProcessMessageErrorResult +{ + [JsonPropertyName(IdentityProvisioningNames.Id)] + public string Id { get; set; } + + [JsonPropertyName(IdentityProvisioningNames.Exceptions)] + public List Exceptions { get; set; } + public string Exception + { + get + { + return string.Join(",", Exceptions); + } + } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/PushedAuthorization/PushedAuthorizationController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/PushedAuthorization/PushedAuthorizationController.cs index d10c98db6..c4dc72e0d 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/PushedAuthorization/PushedAuthorizationController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/PushedAuthorization/PushedAuthorizationController.cs @@ -11,8 +11,10 @@ using SimpleIdServer.IdServer.DTOs; using SimpleIdServer.IdServer.Exceptions; using SimpleIdServer.IdServer.ExternalEvents; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Options; using SimpleIdServer.IdServer.Resources; +using SimpleIdServer.IdServer.Stores; using System; using System.Collections.Generic; using System.Diagnostics; @@ -32,6 +34,8 @@ public class PushedAuthorizationController : Controller private readonly IBusControl _busControl; private readonly IDistributedCache _distributedCache; private readonly IEnumerable _authenticationHandlers; + private readonly IClientHelper _clientHelper; + private readonly ITransactionBuilder _transactionBuilder; private readonly IdServerHostOptions _options; public PushedAuthorizationController( @@ -40,6 +44,8 @@ public PushedAuthorizationController( IBusControl busControl, IDistributedCache distributedCache, IEnumerable authenticationHandlers, + IClientHelper clientHelper, + ITransactionBuilder transactionBuilder, IOptions options) { _validator = validator; @@ -47,6 +53,8 @@ public PushedAuthorizationController( _busControl = busControl; _distributedCache = distributedCache; _authenticationHandlers = authenticationHandlers; + _clientHelper = clientHelper; + _transactionBuilder = transactionBuilder; _options = options.Value; } @@ -61,46 +69,53 @@ public async Task Post([FromRoute] string prefix, CancellationTok activity?.SetTag("realm", context.Realm); try { - Validate(context); - string clientId; - var authenticateInstruction = new AuthenticateInstruction + using (var transaction = _transactionBuilder.Build()) { - ClientAssertion = jObjBody.GetClientAssertion(), - ClientAssertionType = jObjBody.GetClientAssertionType(), - ClientIdFromHttpRequestBody = jObjBody.GetClientId() - }; - if (!_authenticateClient.TryGetClientId(authenticateInstruction, out clientId)) throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.MissingClientId); - var validationResult = await _validator.ValidateAuthorizationRequest(context, clientId, token); - if(!string.IsNullOrWhiteSpace(authenticateInstruction.ClientAssertion)) - { - var authHandler = _authenticationHandlers.Single(a => a.AuthMethod == OAuthClientPrivateKeyJwtAuthenticationHandler.AUTH_METHOD); - if (!(await authHandler.Handle(authenticateInstruction, context.Client, context.GetIssuer(), token))) - throw new OAuthException(ErrorCodes.INVALID_CLIENT, Global.BadClientCredential); - } + Validate(context); + string clientId; + var authenticateInstruction = new AuthenticateInstruction + { + ClientAssertion = jObjBody.GetClientAssertion(), + ClientAssertionType = jObjBody.GetClientAssertionType(), + ClientIdFromHttpRequestBody = jObjBody.GetClientId() + }; + if (!_authenticateClient.TryGetClientId(authenticateInstruction, out clientId)) throw new OAuthException(ErrorCodes.INVALID_REQUEST, Global.MissingClientId); + var client = await _clientHelper.ResolveClient(context.Realm, clientId, token); + if (client != null) + context.SetClient(client); + var validationResult = await _validator.ValidateStandardAuthorizationRequest(context, clientId, token); + if (!string.IsNullOrWhiteSpace(authenticateInstruction.ClientAssertion)) + { + var authHandler = _authenticationHandlers.Single(a => a.AuthMethod == OAuthClientPrivateKeyJwtAuthenticationHandler.AUTH_METHOD); + if (!(await authHandler.Handle(authenticateInstruction, context.Client, context.GetIssuer(), token))) + throw new OAuthException(ErrorCodes.INVALID_CLIENT, Global.BadClientCredential); + } - activity?.SetStatus(ActivityStatusCode.Ok, "Pushed Authorization Request is granted"); - var pushedAuthorizationRequestId = $"{Constants.ParFormatKey}:{Guid.NewGuid()}"; - await _distributedCache.SetAsync(pushedAuthorizationRequestId, Encoding.UTF8.GetBytes(context.Request.RequestData.ToJsonString()), new DistributedCacheEntryOptions - { - SlidingExpiration = TimeSpan.FromSeconds(_options.PARExpirationTimeInSeconds) - }, token); - await _busControl.Publish(new PushedAuthorizationRequestSuccessEvent - { - ClientId = context.Client?.ClientId, - Realm = context.Realm, - RequestJSON = jObjBody.ToString() - }); - var jObj = new JsonObject - { - { AuthorizationRequestParameters.RequestUri, pushedAuthorizationRequestId }, - { AuthorizationResponseParameters.ExpiresIn, _options.PARExpirationTimeInSeconds } - }; - return new ContentResult - { - ContentType = "application/json", - StatusCode = (int)HttpStatusCode.Created, - Content = jObj.ToJsonString() - }; + activity?.SetStatus(ActivityStatusCode.Ok, "Pushed Authorization Request is granted"); + var pushedAuthorizationRequestId = $"{Constants.ParFormatKey}:{Guid.NewGuid()}"; + await _distributedCache.SetAsync(pushedAuthorizationRequestId, Encoding.UTF8.GetBytes(context.Request.RequestData.ToJsonString()), new DistributedCacheEntryOptions + { + SlidingExpiration = TimeSpan.FromSeconds(_options.PARExpirationTimeInSeconds) + }, token); + await _busControl.Publish(new PushedAuthorizationRequestSuccessEvent + { + ClientId = context.Client?.ClientId, + Realm = context.Realm, + RequestJSON = jObjBody.ToString() + }); + await transaction.Commit(token); + var jObj = new JsonObject + { + { AuthorizationRequestParameters.RequestUri, pushedAuthorizationRequestId }, + { AuthorizationResponseParameters.ExpiresIn, _options.PARExpirationTimeInSeconds } + }; + return new ContentResult + { + ContentType = "application/json", + StatusCode = (int)HttpStatusCode.Created, + Content = jObj.ToJsonString() + }; + } } catch(OAuthException ex) { diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Realms/RealmsController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Realms/RealmsController.cs index be002c905..505e3fd85 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Realms/RealmsController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Realms/RealmsController.cs @@ -1,9 +1,10 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. - +using MassTransit.Initializers; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging; +using SimpleIdServer.IdServer.Builders; using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Exceptions; using SimpleIdServer.IdServer.Jwt; @@ -11,11 +12,12 @@ using SimpleIdServer.IdServer.Stores; using System; using System.Diagnostics; +using System.Linq; using System.Net; using System.Text.Json; using System.Threading; using System.Threading.Tasks; -using static System.Formats.Asn1.AsnWriter; +using static SimpleIdServer.IdServer.Constants; namespace SimpleIdServer.IdServer.Api.Realms; @@ -26,6 +28,7 @@ public class RealmsController : BaseController private readonly IClientRepository _clientRepository; private readonly IScopeRepository _scopeRepository; private readonly IFileSerializedKeyStore _fileSerializedKeyStore; + private readonly IGroupRepository _groupRepository; private readonly IAuthenticationContextClassReferenceRepository _authenticationContextClassReferenceRepository; private readonly ITransactionBuilder _transactionBuilder; private readonly ILogger _logger; @@ -36,6 +39,7 @@ public RealmsController( IClientRepository clientRepository, IScopeRepository scopeRepository, IFileSerializedKeyStore fileSerializedKeyStore, + IGroupRepository groupRepository, IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository, ITransactionBuilder transactionBuilder, ITokenRepository tokenRepository, @@ -47,6 +51,7 @@ public RealmsController( _clientRepository = clientRepository; _scopeRepository = scopeRepository; _fileSerializedKeyStore = fileSerializedKeyStore; + _groupRepository = groupRepository; _transactionBuilder = transactionBuilder; _authenticationContextClassReferenceRepository = authenticationContextClassReferenceRepository; _logger = logger; @@ -81,7 +86,9 @@ public async Task Add([FromBody] AddRealmRequest request, Cancell var existingRealm = await _realmRepository.Get(request.Name, cancellationToken); if (existingRealm != null) throw new OAuthException(System.Net.HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, string.Format(Global.RealmExists, request.Name)); var realm = new Realm { Name = request.Name, Description = request.Description, CreateDateTime = DateTime.UtcNow, UpdateDateTime = DateTime.UtcNow }; + var administratorRole = RealmRoleBuilder.BuildAdministrativeRole(realm); var users = await _userRepository.GetUsersBySubjects(Constants.RealmStandardUsers, Constants.DefaultRealm, cancellationToken); + var groups = await _groupRepository.GetAllByStrictFullPath(Constants.DefaultRealm, Constants.RealmStandardGroupsFullPath, cancellationToken); var clients = await _clientRepository.GetAll(Constants.DefaultRealm, Constants.RealmStandardClients, cancellationToken); var scopes = await _scopeRepository.GetAll(Constants.DefaultRealm, Constants.RealmStandardScopes, cancellationToken); var keys = await _fileSerializedKeyStore.GetAll(Constants.DefaultRealm, cancellationToken); @@ -93,6 +100,18 @@ public async Task Add([FromBody] AddRealmRequest request, Cancell _userRepository.Update(user); } + foreach(var group in groups) + { + group.Realms.Add(new GroupRealm { RealmsName = request.Name }); + if(group.FullPath == StandardGroups.AdministratorGroup.FullPath) + { + foreach(var scope in administratorRole) + group.Roles.Add(scope); + } + + _groupRepository.Update(group); + } + foreach (var client in clients) { client.Realms.Add(realm); diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Realms/UpdateRealmRolesRequest.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Realms/UpdateRealmRolesRequest.cs new file mode 100644 index 000000000..786e176ce --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Realms/UpdateRealmRolesRequest.cs @@ -0,0 +1,11 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System.Collections.Generic; + +namespace SimpleIdServer.IdServer.Api.Realms; + +public class UpdateRealmRolesRequest +{ + public List ScopeIds { get; set; } +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Scopes/ScopesController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Scopes/ScopesController.cs index a27e3d7a7..5b6507fde 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Scopes/ScopesController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Scopes/ScopesController.cs @@ -88,6 +88,23 @@ public async Task Get([FromRoute] string prefix, string id, Cance } } + [HttpGet] + public async Task GetAllRealmScopes([FromRoute] string prefix, CancellationToken cancellationToken) + { + prefix = prefix ?? Constants.DefaultRealm; + try + { + await CheckAccessToken(prefix, Constants.StandardScopes.Scopes.Name); + var scopes = await _scopeRepository.GetAllRealmScopes(prefix, cancellationToken); + return new OkObjectResult(scopes); + } + catch (OAuthException ex) + { + _logger.LogError(ex.ToString()); + return BuildError(ex); + } + } + #endregion #region CRUD diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Scopes/SearchScopeRequest.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Scopes/SearchScopeRequest.cs index 4ecdedf8e..249d91a21 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Scopes/SearchScopeRequest.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Scopes/SearchScopeRequest.cs @@ -2,7 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.Domains.DTOs; -using SimpleIdServer.IdServer.Stores; +using SimpleIdServer.IdServer.Helpers; using System.Collections.Generic; using System.Text.Json.Serialization; diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/AuthorizationCodeHandler.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/AuthorizationCodeHandler.cs index d08f47427..e913c9cf5 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/AuthorizationCodeHandler.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/AuthorizationCodeHandler.cs @@ -27,181 +27,204 @@ using System.Threading; using System.Threading.Tasks; -namespace SimpleIdServer.IdServer.Api.Token.Handlers +namespace SimpleIdServer.IdServer.Api.Token.Handlers; + +public class AuthorizationCodeHandler : BaseCredentialsHandler { - public class AuthorizationCodeHandler : BaseCredentialsHandler + private readonly IGrantedTokenHelper _grantedTokenHelper; + private readonly IAuthorizationCodeGrantTypeValidator _authorizationCodeGrantTypeValidator; + private readonly IEnumerable _tokenBuilders; + private readonly IUserRepository _userRepository; + private readonly IUserSessionResitory _userSessionRepository; + private readonly IGrantHelper _audienceHelper; + private readonly IBusControl _busControl; + private readonly IDPOPProofValidator _dpopProofValidator; + private readonly IClientHelper _clientHelper; + private readonly ILogger _logger; + + public AuthorizationCodeHandler( + IGrantedTokenHelper grantedTokenHelper, + IAuthorizationCodeGrantTypeValidator authorizationCodeGrantTypeValidator, + IEnumerable tokenBuilders, + IUserRepository usrRepository, + IUserSessionResitory userSessionRepository, + IClientAuthenticationHelper clientAuthenticationHelper, + IGrantHelper audienceHelper, + IBusControl busControl, + IDPOPProofValidator dpopProofValidator, + IOptions options, + IEnumerable tokenProfiles, + IClientHelper clientHelper, + ILogger logger) : base(clientAuthenticationHelper, tokenProfiles, options) { - private readonly IGrantedTokenHelper _grantedTokenHelper; - private readonly IAuthorizationCodeGrantTypeValidator _authorizationCodeGrantTypeValidator; - private readonly IEnumerable _tokenBuilders; - private readonly IUserRepository _userRepository; - private readonly IUserSessionResitory _userSessionRepository; - private readonly IGrantHelper _audienceHelper; - private readonly IBusControl _busControl; - private readonly IDPOPProofValidator _dpopProofValidator; - private readonly ILogger _logger; - - public AuthorizationCodeHandler( - IGrantedTokenHelper grantedTokenHelper, - IAuthorizationCodeGrantTypeValidator authorizationCodeGrantTypeValidator, - IEnumerable tokenBuilders, - IUserRepository usrRepository, - IUserSessionResitory userSessionRepository, - IClientAuthenticationHelper clientAuthenticationHelper, - IGrantHelper audienceHelper, - IBusControl busControl, - IDPOPProofValidator dpopProofValidator, - IOptions options, - IEnumerable tokenProfiles, - ILogger logger) : base(clientAuthenticationHelper, tokenProfiles, options) - { - _grantedTokenHelper = grantedTokenHelper; - _authorizationCodeGrantTypeValidator = authorizationCodeGrantTypeValidator; - _tokenBuilders = tokenBuilders; - _userRepository = usrRepository; - _userSessionRepository = userSessionRepository; - _audienceHelper = audienceHelper; - _busControl = busControl; - _dpopProofValidator = dpopProofValidator; - _logger = logger; - } + _grantedTokenHelper = grantedTokenHelper; + _authorizationCodeGrantTypeValidator = authorizationCodeGrantTypeValidator; + _tokenBuilders = tokenBuilders; + _userRepository = usrRepository; + _userSessionRepository = userSessionRepository; + _audienceHelper = audienceHelper; + _busControl = busControl; + _dpopProofValidator = dpopProofValidator; + _clientHelper = clientHelper; + _logger = logger; + } - public override string GrantType => GRANT_TYPE; - public const string GRANT_TYPE = "authorization_code"; + public override string GrantType => GRANT_TYPE; + public const string GRANT_TYPE = "authorization_code"; - public override async Task Handle(HandlerContext context, CancellationToken cancellationToken) + public override async Task Handle(HandlerContext context, CancellationToken cancellationToken) + { + IEnumerable scopeLst = new string[0]; + using (var activity = Tracing.IdServerActivitySource.StartActivity("Get Token")) { - IEnumerable scopeLst = new string[0]; - using (var activity = Tracing.IdServerActivitySource.StartActivity("Get Token")) + try { - try + activity?.SetTag("grant_type", GRANT_TYPE); + activity?.SetTag("realm", context.Realm); + _authorizationCodeGrantTypeValidator.Validate(context); + var code = context.Request.RequestData.GetAuthorizationCode(); + var redirectUri = context.Request.RequestData.GetRedirectUri(); + var authCode = await _grantedTokenHelper.GetAuthorizationCode(code, cancellationToken); + var previousRequest = authCode?.OriginalRequest; + if (previousRequest == null) { - activity?.SetTag("grant_type", GRANT_TYPE); - activity?.SetTag("realm", context.Realm); - _authorizationCodeGrantTypeValidator.Validate(context); - var oauthClient = await AuthenticateClient(context, cancellationToken); - context.SetClient(oauthClient); - activity?.SetTag("client_id", oauthClient.ClientId); - await _dpopProofValidator.Validate(context); - var code = context.Request.RequestData.GetAuthorizationCode(); - var redirectUri = context.Request.RequestData.GetRedirectUri(); - var authCode = await _grantedTokenHelper.GetAuthorizationCode(code, cancellationToken); - var previousRequest = authCode?.OriginalRequest; - if (previousRequest == null) + // https://tools.ietf.org/html/rfc6749#section-4.1.2 + var searchResult = await _grantedTokenHelper.GetTokensByAuthorizationCode(code, cancellationToken); + if (searchResult.Any()) { - // https://tools.ietf.org/html/rfc6749#section-4.1.2 - var searchResult = await _grantedTokenHelper.GetTokensByAuthorizationCode(code, cancellationToken); - if (searchResult.Any()) - { - await _grantedTokenHelper.RemoveTokens(searchResult, cancellationToken); - _logger.LogError($"authorization code '{code}' has already been used, all tokens previously issued have been revoked"); - return BuildError(HttpStatusCode.BadRequest, ErrorCodes.INVALID_GRANT, Global.AuthorizationCodeAlreadyUsed); - } - - return BuildError(HttpStatusCode.BadRequest, ErrorCodes.INVALID_GRANT, Global.BadAuthorizationCode); + await _grantedTokenHelper.RemoveTokens(searchResult, cancellationToken); + _logger.LogError($"authorization code '{code}' has already been used, all tokens previously issued have been revoked"); + return BuildError(HttpStatusCode.BadRequest, ErrorCodes.INVALID_GRANT, Global.AuthorizationCodeAlreadyUsed); } - CheckDPOPJkt(context, authCode); - var previousClientId = previousRequest.GetClientId(); - var previousRedirectUrl = previousRequest.GetRedirectUri(); - var claims = previousRequest.GetClaimsFromAuthorizationRequest(); - if (!previousClientId.Equals(oauthClient.ClientId, StringComparison.InvariantCultureIgnoreCase)) return BuildError(HttpStatusCode.BadRequest, ErrorCodes.INVALID_GRANT, Global.AuthorizationCodeNotIssuedByClient); - if (!previousRedirectUrl.Equals(redirectUri, StringComparison.InvariantCultureIgnoreCase)) return BuildError(HttpStatusCode.BadRequest, ErrorCodes.INVALID_GRANT, Global.NotSameRedirectUri); - await _grantedTokenHelper.RemoveAuthorizationCode(code, cancellationToken); - - var scopes = GetScopes(previousRequest, context); - var resources = GetResources(previousRequest, context); - var authDetails = previousRequest.GetAuthorizationDetailsFromAuthorizationRequest(); - var extractionResult = await _audienceHelper.Extract(context.Realm ?? Constants.DefaultRealm, scopes, resources, new List(), authDetails, cancellationToken); - scopeLst = extractionResult.Scopes; - activity?.SetTag("scopes", string.Join(",", extractionResult.Scopes)); - var result = BuildResult(context, extractionResult.Scopes); - await Authenticate(previousRequest, context, authCode, cancellationToken); - context.SetOriginalRequest(previousRequest); - var parameters = new BuildTokenParameter { AuthorizationDetails = extractionResult.AuthorizationDetails, Scopes = extractionResult.Scopes, Audiences = extractionResult.Audiences, Claims = claims, GrantId = authCode.GrantId }; - foreach (var tokenBuilder in _tokenBuilders) - { - if (tokenBuilder.Name == TokenResponseParameters.RefreshToken && !extractionResult.Scopes.Contains(Constants.StandardScopes.OfflineAccessScope.Name)) continue; - await tokenBuilder.Build(parameters, context, cancellationToken, true); - } - - AddTokenProfile(context); - foreach (var kvp in context.Response.Parameters) - result.Add(kvp.Key, kvp.Value); + return BuildError(HttpStatusCode.BadRequest, ErrorCodes.INVALID_GRANT, Global.BadAuthorizationCode); + } - if (!string.IsNullOrWhiteSpace(authCode.GrantId)) - result.Add(TokenResponseParameters.GrantId, authCode.GrantId); + await AuthenticateClient(context, authCode, cancellationToken); + if (!context.Client.IsSelfIssueEnabled && string.IsNullOrWhiteSpace(context.Request.RequestData.GetStr(TokenRequestParameters.RedirectUri))) throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.MissingParameter, TokenRequestParameters.RedirectUri)); + activity?.SetTag("client_id", context.Client.ClientId); + CheckDPOPJkt(context, authCode); + var previousClientId = previousRequest.GetClientId(); + var previousRedirectUrl = previousRequest.GetRedirectUri(); + var claims = previousRequest.GetClaimsFromAuthorizationRequest(); + if (!previousClientId.Equals(context.Client.ClientId, StringComparison.InvariantCultureIgnoreCase)) return BuildError(HttpStatusCode.BadRequest, ErrorCodes.INVALID_GRANT, Global.AuthorizationCodeNotIssuedByClient); + if (!context.Client.IsSelfIssueEnabled && !previousRedirectUrl.Equals(redirectUri, StringComparison.InvariantCultureIgnoreCase)) return BuildError(HttpStatusCode.BadRequest, ErrorCodes.INVALID_GRANT, Global.NotSameRedirectUri); + await _grantedTokenHelper.RemoveAuthorizationCode(code, cancellationToken); - await Enrich(context, result, cancellationToken); - await _busControl.Publish(new TokenIssuedSuccessEvent + var scopes = GetScopes(previousRequest, context); + var resources = GetResources(previousRequest, context); + var authDetails = previousRequest.GetAuthorizationDetailsFromAuthorizationRequest(); + var extractionResult = await _audienceHelper.Extract(context.Realm ?? Constants.DefaultRealm, scopes, resources, new List(), authDetails, cancellationToken); + scopeLst = extractionResult.Scopes; + activity?.SetTag("scopes", string.Join(",", extractionResult.Scopes)); + var result = BuildResult(context, extractionResult.Scopes); + if(!context.Client.IsSelfIssueEnabled) await Authenticate(previousRequest, context, authCode, cancellationToken); + else + context.SetUser(new User { - GrantType = GRANT_TYPE, - ClientId = context.Client.ClientId, - Scopes = extractionResult.Scopes, - Realm = context.Realm - }); - activity?.SetStatus(ActivityStatusCode.Ok, "Token has been issued"); - return new OkObjectResult(result); - } - catch (OAuthUnauthorizedException ex) + Name = context.Client.ClientId + }, null); + + context.SetOriginalRequest(previousRequest); + var additionalClaims = new Dictionary(); + var parameters = new BuildTokenParameter { AuthorizationDetails = extractionResult.AuthorizationDetails, Scopes = extractionResult.Scopes, Audiences = extractionResult.Audiences, Claims = claims, GrantId = authCode.GrantId, AdditionalClaims = additionalClaims }; + foreach (var tokenBuilder in _tokenBuilders) { - await _busControl.Publish(new TokenIssuedFailureEvent - { - GrantType = GRANT_TYPE, - ClientId = context.Client?.ClientId, - Scopes = scopeLst, - Realm = context.Realm, - ErrorMessage = ex.Message - }); - activity?.SetStatus(ActivityStatusCode.Error, ex.Message); - return BuildError(HttpStatusCode.Unauthorized, ex.Code, ex.Message); + if (tokenBuilder.Name == TokenResponseParameters.RefreshToken && !extractionResult.Scopes.Contains(Constants.StandardScopes.OfflineAccessScope.Name)) continue; + await tokenBuilder.Build(parameters, context, cancellationToken, true); } - catch (OAuthDPoPRequiredException ex) + + AddTokenProfile(context); + foreach (var kvp in context.Response.Parameters) + result.Add(kvp.Key, kvp.Value); + + if (!string.IsNullOrWhiteSpace(authCode.GrantId)) + result.Add(TokenResponseParameters.GrantId, authCode.GrantId); + + await Enrich(context, result, cancellationToken); + await _busControl.Publish(new TokenIssuedSuccessEvent { - activity?.SetStatus(ActivityStatusCode.Error, ex.Message); - context.Response.Response.Headers.Add(Constants.DPOPNonceHeaderName, ex.Nonce); - return BuildError(HttpStatusCode.Unauthorized, ex.Code, ex.Message); - } - catch (OAuthException ex) + GrantType = GRANT_TYPE, + ClientId = context.Client.ClientId, + Scopes = extractionResult.Scopes, + Realm = context.Realm + }); + activity?.SetStatus(ActivityStatusCode.Ok, "Token has been issued"); + return new OkObjectResult(result); + } + catch (OAuthUnauthorizedException ex) + { + await _busControl.Publish(new TokenIssuedFailureEvent { - await _busControl.Publish(new TokenIssuedFailureEvent - { - GrantType = GRANT_TYPE, - ClientId = context.Client?.ClientId, - Scopes = scopeLst, - Realm = context.Realm, - ErrorMessage = ex.Message - }); - activity?.SetStatus(ActivityStatusCode.Error, ex.Message); - return BuildError(HttpStatusCode.BadRequest, ex.Code, ex.Message); - } + GrantType = GRANT_TYPE, + ClientId = context.Client?.ClientId, + Scopes = scopeLst, + Realm = context.Realm, + ErrorMessage = ex.Message + }); + activity?.SetStatus(ActivityStatusCode.Error, ex.Message); + return BuildError(HttpStatusCode.Unauthorized, ex.Code, ex.Message); + } + catch (OAuthDPoPRequiredException ex) + { + activity?.SetStatus(ActivityStatusCode.Error, ex.Message); + context.Response.Response.Headers.Add(Constants.DPOPNonceHeaderName, ex.Nonce); + return BuildError(HttpStatusCode.Unauthorized, ex.Code, ex.Message); + } + catch (OAuthException ex) + { + await _busControl.Publish(new TokenIssuedFailureEvent + { + GrantType = GRANT_TYPE, + ClientId = context.Client?.ClientId, + Scopes = scopeLst, + Realm = context.Realm, + ErrorMessage = ex.Message + }); + activity?.SetStatus(ActivityStatusCode.Error, ex.Message); + return BuildError(HttpStatusCode.BadRequest, ex.Code, ex.Message); } } + } - protected virtual Task Enrich(HandlerContext handlerContext, JsonObject result, CancellationToken cancellationToken) + protected async Task AuthenticateClient(HandlerContext context, AuthCode authCode, CancellationToken cancellationToken) + { + var clientId = context.Request.RequestData.GetClientId(); + if(_clientHelper.IsNonPreRegisteredRelyingParty(clientId)) { - return Task.CompletedTask; + var client = await _clientHelper.ResolveSelfDeclaredClient(authCode.OriginalRequest, cancellationToken); + context.SetClient(client); + return; } - async Task Authenticate(JsonObject previousQueryParameters, HandlerContext handlerContext, AuthCode authCode, CancellationToken token) - { - if (!previousQueryParameters.ContainsKey(JwtRegisteredClaimNames.Sub)) - return; - var user = await _userRepository.GetBySubject(previousQueryParameters[JwtRegisteredClaimNames.Sub].GetValue(), handlerContext.Realm, token); - UserSession session = null; - if(!string.IsNullOrWhiteSpace(authCode.SessionId)) - { - session = await _userSessionRepository.GetById(authCode.SessionId, handlerContext.Realm, token); - if (session != null && !session.IsActive()) session = null; - } + var oauthClient = await AuthenticateClient(context, cancellationToken); + context.SetClient(oauthClient); + await _dpopProofValidator.Validate(context); + } - handlerContext.SetUser(user, session); - } + protected virtual Task Enrich(HandlerContext handlerContext, JsonObject result, CancellationToken cancellationToken) + { + return Task.CompletedTask; + } - void CheckDPOPJkt(HandlerContext context, AuthCode authCode) + async Task Authenticate(JsonObject previousQueryParameters, HandlerContext handlerContext, AuthCode authCode, CancellationToken token) + { + if (!previousQueryParameters.ContainsKey(JwtRegisteredClaimNames.Sub)) + return; + var user = await _userRepository.GetBySubject(previousQueryParameters[JwtRegisteredClaimNames.Sub].GetValue(), handlerContext.Realm, token); + UserSession session = null; + if(!string.IsNullOrWhiteSpace(authCode.SessionId)) { - if (context.DPOPProof == null || string.IsNullOrWhiteSpace(authCode.DPOPJkt)) return; - if (context.DPOPProof.PublicKey().CreateThumbprint() != authCode.DPOPJkt) throw new OAuthException(ErrorCodes.INVALID_DPOP_PROOF, Global.DpopJktMismatch); + session = await _userSessionRepository.GetById(authCode.SessionId, handlerContext.Realm, token); + if (session != null && !session.IsActive()) session = null; } + + handlerContext.SetUser(user, session); + } + + void CheckDPOPJkt(HandlerContext context, AuthCode authCode) + { + if (context.DPOPProof == null || string.IsNullOrWhiteSpace(authCode.DPOPJkt)) return; + if (context.DPOPProof.PublicKey().CreateThumbprint() != authCode.DPOPJkt) throw new OAuthException(ErrorCodes.INVALID_DPOP_PROOF, Global.DpopJktMismatch); } } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/BaseCredentialsHandler.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/BaseCredentialsHandler.cs index bd3b21ad8..7888f0172 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/BaseCredentialsHandler.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/BaseCredentialsHandler.cs @@ -96,7 +96,7 @@ protected JsonObject BuildResult(HandlerContext context, IEnumerable sco { return new JsonObject { - [TokenResponseParameters.ExpiresIn] = context.Client.TokenExpirationTimeInSeconds ?? _options.DefaultTokenExpirationTimeInSeconds, + [TokenResponseParameters.ExpiresIn] = context.Client?.TokenExpirationTimeInSeconds ?? _options.DefaultTokenExpirationTimeInSeconds, [TokenResponseParameters.Scope] = string.Join(" ", scopes) }; } diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/DeviceCodeHandler.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/DeviceCodeHandler.cs index 8796bd527..a8830b496 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/DeviceCodeHandler.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/DeviceCodeHandler.cs @@ -28,6 +28,7 @@ public class DeviceCodeHandler : BaseCredentialsHandler private readonly IAuthenticationHelper _authenticationHelper; private readonly IBusControl _busControl; private readonly IDPOPProofValidator _dpopProofValidator; + private readonly ITransactionBuilder _transactionBuilder; public DeviceCodeHandler( IClientAuthenticationHelper clientAuthenticationHelper, @@ -38,7 +39,8 @@ public DeviceCodeHandler( IDeviceCodeGrantTypeValidator validator, IAuthenticationHelper authenticationHelper, IBusControl busControl, - IDPOPProofValidator dpopProofValidator) : base(clientAuthenticationHelper, tokenProfiles, options) + IDPOPProofValidator dpopProofValidator, + ITransactionBuilder transactionBuilder) : base(clientAuthenticationHelper, tokenProfiles, options) { _validator = validator; _busControl = busControl; @@ -46,6 +48,7 @@ public DeviceCodeHandler( _tokenBuilders = tokenBuilders; _authenticationHelper = authenticationHelper; _dpopProofValidator = dpopProofValidator; + _transactionBuilder = transactionBuilder; } public override string GrantType => GRANT_TYPE; @@ -56,54 +59,57 @@ public override async Task Handle(HandlerContext context, Cancell IEnumerable scopeLst = null; using (var activity = Tracing.IdServerActivitySource.StartActivity("Get Token")) { - try + using (var transaction = _transactionBuilder.Build()) { - activity?.SetTag("grant_type", GRANT_TYPE); - activity?.SetTag("realm", context.Realm); - var oauthClient = await AuthenticateClient(context, cancellationToken); - context.SetClient(oauthClient); - activity?.SetTag("client_id", oauthClient.ClientId); - await _dpopProofValidator.Validate(context); - var deviceAuthCode = await _validator.Validate(context, cancellationToken); - scopeLst = deviceAuthCode.Scopes; - activity?.SetTag("scopes", string.Join(",", deviceAuthCode.Scopes)); - var user = await _authenticationHelper.GetUserByLogin(deviceAuthCode.UserLogin, context.Realm, cancellationToken); - context.SetUser(user, null); - foreach (var tokenBuilder in _tokenBuilders) - await tokenBuilder.Build(new BuildTokenParameter { Scopes = deviceAuthCode.Scopes }, context, cancellationToken); + try + { + activity?.SetTag("grant_type", GRANT_TYPE); + activity?.SetTag("realm", context.Realm); + var oauthClient = await AuthenticateClient(context, cancellationToken); + context.SetClient(oauthClient); + activity?.SetTag("client_id", oauthClient.ClientId); + await _dpopProofValidator.Validate(context); + var deviceAuthCode = await _validator.Validate(context, cancellationToken); + scopeLst = deviceAuthCode.Scopes; + activity?.SetTag("scopes", string.Join(",", deviceAuthCode.Scopes)); + var user = await _authenticationHelper.GetUserByLogin(deviceAuthCode.UserLogin, context.Realm, cancellationToken); + context.SetUser(user, null); + foreach (var tokenBuilder in _tokenBuilders) + await tokenBuilder.Build(new BuildTokenParameter { Scopes = deviceAuthCode.Scopes }, context, cancellationToken); - AddTokenProfile(context); - var result = BuildResult(context, deviceAuthCode.Scopes); - foreach (var kvp in context.Response.Parameters) - result.Add(kvp.Key, kvp.Value); + AddTokenProfile(context); + var result = BuildResult(context, deviceAuthCode.Scopes); + foreach (var kvp in context.Response.Parameters) + result.Add(kvp.Key, kvp.Value); - deviceAuthCode.Send(); - await _busControl.Publish(new TokenIssuedSuccessEvent + deviceAuthCode.Send(); + await _busControl.Publish(new TokenIssuedSuccessEvent + { + GrantType = GRANT_TYPE, + ClientId = context.Client.ClientId, + Scopes = deviceAuthCode.Scopes, + Realm = context.Realm + }); + activity?.SetStatus(ActivityStatusCode.Ok, "Token has been issued"); + return new OkObjectResult(result); + } + catch (OAuthException ex) { - GrantType = GRANT_TYPE, - ClientId = context.Client.ClientId, - Scopes = deviceAuthCode.Scopes, - Realm = context.Realm - }); - activity?.SetStatus(ActivityStatusCode.Ok, "Token has been issued"); - return new OkObjectResult(result); - } - catch(OAuthException ex) - { - await _busControl.Publish(new TokenIssuedFailureEvent + await _busControl.Publish(new TokenIssuedFailureEvent + { + GrantType = GRANT_TYPE, + ClientId = context.Client?.ClientId, + Scopes = scopeLst, + Realm = context.Realm, + ErrorMessage = ex.Message + }); + activity?.SetStatus(ActivityStatusCode.Error, ex.Message); + return BuildError(HttpStatusCode.BadRequest, ex.Code, ex.Message); + } + finally { - GrantType = GRANT_TYPE, - ClientId = context.Client?.ClientId, - Scopes = scopeLst, - Realm = context.Realm, - ErrorMessage = ex.Message - }); - activity?.SetStatus(ActivityStatusCode.Error, ex.Message); - return BuildError(HttpStatusCode.BadRequest, ex.Code, ex.Message); - } - finally - { - await _deviceAuthCodeRepository.SaveChanges(cancellationToken); + await transaction.Commit(cancellationToken); + } } } } diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/PreAuthorizedCodeHandler.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/PreAuthorizedCodeHandler.cs index 2dcaf2d4f..a4836756c 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/PreAuthorizedCodeHandler.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Token/Handlers/PreAuthorizedCodeHandler.cs @@ -19,6 +19,7 @@ using System.Diagnostics; using System.Linq; using System.Net; +using System.Text.Json.Nodes; using System.Threading; using System.Threading.Tasks; @@ -71,10 +72,18 @@ public override async Task Handle(HandlerContext context, Cancell { activity?.SetTag("grant_type", GRANT_TYPE); activity?.SetTag("realm", context.Realm); - var oauthClient = await AuthenticateClient(context, cancellationToken); + var clientId = context.Request.RequestData.GetClientId(); + var oauthClient = new Client(); + bool isClientExists = false; + if(!string.IsNullOrWhiteSpace(clientId)) + { + oauthClient = await AuthenticateClient(context, cancellationToken); + isClientExists = true; + } + context.SetClient(oauthClient); - activity?.SetTag("client_id", oauthClient.Id); var preAuthCode = await _validator.Validate(context, cancellationToken); + activity?.SetTag("client_id", oauthClient.Id); await _dpopProofValidator.Validate(context); var scopes = preAuthCode.Scopes; var extractionResult = await _audienceHelper.Extract(context.Realm ?? Constants.DefaultRealm, scopes, new List(), new List(), new List(), cancellationToken); diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Token/Validators/AuthorizationCodeGrantTypeValidator.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Token/Validators/AuthorizationCodeGrantTypeValidator.cs index 7ef9e7a6c..f2feb32c2 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Token/Validators/AuthorizationCodeGrantTypeValidator.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Token/Validators/AuthorizationCodeGrantTypeValidator.cs @@ -17,7 +17,6 @@ public class AuthorizationCodeGrantTypeValidator : IAuthorizationCodeGrantTypeVa public void Validate(HandlerContext context) { if (string.IsNullOrWhiteSpace(context.Request.RequestData.GetStr(TokenRequestParameters.Code))) throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.MissingParameter, TokenRequestParameters.Code)); - if (string.IsNullOrWhiteSpace(context.Request.RequestData.GetStr(TokenRequestParameters.RedirectUri))) throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.MissingParameter, TokenRequestParameters.RedirectUri)); var authDetails = context.Request.RequestData.GetAuthorizationDetailsFromAuthorizationRequest(); OpenIdCredentialValidator.ValidateOpenIdCredential(authDetails); } diff --git a/src/IdServer/SimpleIdServer.IdServer/Api/Users/UsersController.cs b/src/IdServer/SimpleIdServer.IdServer/Api/Users/UsersController.cs index 884858f22..ba760383e 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Api/Users/UsersController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Api/Users/UsersController.cs @@ -132,7 +132,7 @@ public async Task ResolveRoles([FromRoute] string prefix, string if (user == null) return new NotFoundResult(); var grpPathLst = user.Groups.SelectMany(g => g.Group.ResolveAllPath()).Distinct().ToList(); var allGroups = await _groupRepository.GetAllByStrictFullPath(prefix, grpPathLst, cancellationToken); - var roles = allGroups.SelectMany(g => g.Roles).Select(r => r.Name).Distinct(); + var roles = allGroups.SelectMany(g => g.Roles).Where(r => r.Realms.Any(re => re.Name == prefix)).Select(r => r.Name).Distinct(); return new OkObjectResult(roles); } catch (OAuthException ex) @@ -229,6 +229,12 @@ public async Task Update([FromRoute] string prefix, string id, [F if (request == null) throw new OAuthException(HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, Global.InvalidIncomingRequest); var user = await _userRepository.GetById(id, prefix, cancellationToken); if (user == null) throw new OAuthException(HttpStatusCode.NotFound, ErrorCodes.NOT_FOUND, string.Format(Global.UnknownUser, id)); + if (!string.IsNullOrWhiteSpace(request.Email)) + { + var existingUser = await _userRepository.GetByEmail(request.Email, prefix, cancellationToken); + if (existingUser != null && existingUser.Id != id) throw new OAuthException(HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, Global.EmailIsTaken); + } + user.UpdateEmail(request.Email); user.UpdateName(request.Name); user.UpdateLastname(request.Lastname); @@ -347,6 +353,11 @@ public async Task AddCredential([FromRoute] string prefix, string request.Credential.IsActive = true; } + if(request.Credential.CredentialType == Constants.Areas.Password) + { + request.Credential.Value = PasswordHelper.ComputeHash(request.Credential.Value, _options.IsPasswordEncodeInBase64); + } + request.Credential.Id = Guid.NewGuid().ToString(); user.Credentials.Add(request.Credential); user.UpdateDateTime = DateTime.UtcNow; @@ -386,7 +397,11 @@ public async Task UpdateCredential([FromRoute] string prefix, str if (user == null) return new NotFoundResult(); var existingCredential = user.Credentials.SingleOrDefault(c => c.Id == credentialId); if (existingCredential == null) throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.UnknownUserCredential, credentialId)); - existingCredential.Value = request.Value; + if(existingCredential.CredentialType == Constants.Areas.Password) + existingCredential.Value = PasswordHelper.ComputeHash(request.Value, _options.IsPasswordEncodeInBase64); + else + existingCredential.Value = request.Value; + existingCredential.OTPAlg = request.OTPAlg; user.UpdateDateTime = DateTime.UtcNow; _userRepository.Update(user); diff --git a/src/IdServer/SimpleIdServer.IdServer/Auth/IdServerCookieAuthenticationHandler.cs b/src/IdServer/SimpleIdServer.IdServer/Auth/IdServerCookieAuthenticationHandler.cs index 36e014c9b..eccaa13a0 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Auth/IdServerCookieAuthenticationHandler.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Auth/IdServerCookieAuthenticationHandler.cs @@ -7,7 +7,7 @@ using Microsoft.AspNetCore.Http.Features; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; -using SimpleIdServer.IdServer.Middlewares; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Options; using SimpleIdServer.IdServer.Stores; using System; diff --git a/src/IdServer/SimpleIdServer.IdServer/Auth/IdServerOpenIdConfigurationManager.cs b/src/IdServer/SimpleIdServer.IdServer/Auth/IdServerOpenIdConfigurationManager.cs index e122c34b9..2619cce54 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Auth/IdServerOpenIdConfigurationManager.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Auth/IdServerOpenIdConfigurationManager.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.IdentityModel.Protocols; using Microsoft.IdentityModel.Protocols.OpenIdConnect; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Middlewares; namespace SimpleIdServer.IdServer.Auth diff --git a/src/IdServer/SimpleIdServer.IdServer/AuthBuilder.cs b/src/IdServer/SimpleIdServer.IdServer/AuthBuilder.cs index 7a514c475..f90baa2d0 100644 --- a/src/IdServer/SimpleIdServer.IdServer/AuthBuilder.cs +++ b/src/IdServer/SimpleIdServer.IdServer/AuthBuilder.cs @@ -2,13 +2,9 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Certificate; -using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Options; -using SimpleIdServer.IdServer.Auth; using SimpleIdServer.IdServer.Options; using System; -using System.Threading.Tasks; namespace SimpleIdServer.IdServer { diff --git a/src/IdServer/SimpleIdServer.IdServer/Builders/RealmRoleBuilder.cs b/src/IdServer/SimpleIdServer.IdServer/Builders/RealmRoleBuilder.cs new file mode 100644 index 000000000..2ac049288 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Builders/RealmRoleBuilder.cs @@ -0,0 +1,80 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer.Domains; +using System; +using System.Collections.Generic; +using System.Linq; + +namespace SimpleIdServer.IdServer.Builders; + +public class RealmRoleBuilder +{ + private static List _allComponents = new List + { + "realms", + "clients", + "scopes", + "users", + "groups", + "acrs", + "authentication", + "manualidprovisioning", + "automaticidprovisioning", + "certificateauthorities", + "auditing", + "trustanchors" + }; + + public static List BuildAdministrativeRole(Realm realm) + { + var realmScopes = BuildScopes(realm); + return realmScopes; + } + + private static List BuildScopes(Realm realm, bool isReadOnly = false) + => _allComponents.SelectMany(c => BuildComponentScopes(c, realm, isReadOnly)).ToList(); + + private static List BuildComponentScopes(string componentName, Realm realm, bool isReadOnly = false) + { + var roles = new List + { + new Domains.Scope + { + Id = Guid.NewGuid().ToString(), + Name = $"{realm.Name}/{componentName}/view", + Component = componentName, + Action = ComponentActions.View, + Type = ScopeTypes.ROLE, + Realms = new List + { + realm + }, + Protocol = ScopeProtocols.OAUTH, + Description = $"View {realm.Name} {componentName}", + CreateDateTime = DateTime.UtcNow, + UpdateDateTime = DateTime.UtcNow, + } + }; + if (!isReadOnly) + { + roles.Add(new Domains.Scope + { + Id = Guid.NewGuid().ToString(), + Name = $"{realm.Name}/{componentName}/manage", + Component = componentName, + Action = ComponentActions.Manage, + Type = ScopeTypes.ROLE, + Realms = new List + { + realm + }, + Protocol = ScopeProtocols.OAUTH, + Description = $"Manage {realm.Name} {componentName}", + CreateDateTime = DateTime.UtcNow, + UpdateDateTime = DateTime.UtcNow, + }); + } + + return roles; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Builders/ScopeBuilder.cs b/src/IdServer/SimpleIdServer.IdServer/Builders/ScopeBuilder.cs index 3e2b53cfe..fa2ce9118 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Builders/ScopeBuilder.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Builders/ScopeBuilder.cs @@ -15,6 +15,22 @@ private ScopeBuilder(Scope scope) _scope = scope; } + public static ScopeBuilder Create(string name, bool isExposed = false, Realm realm = null) + { + return new ScopeBuilder(new Scope + { + Id = Guid.NewGuid().ToString(), + Name = name, + CreateDateTime = DateTime.Now, + UpdateDateTime = DateTime.Now, + IsExposedInConfigurationEdp = isExposed, + Realms = new List + { + realm ?? Constants.StandardRealms.Master + } + }); + } + public static ScopeBuilder CreateApiScope(string name, bool isExposed = false) { return new ScopeBuilder(new Scope @@ -51,6 +67,36 @@ public static ScopeBuilder CreateRoleScope(Client client, string name, string de }); } + public ScopeBuilder SetDescription(string description) + { + _scope.Description = description; + return this; + } + + public ScopeBuilder SetType(ScopeTypes type) + { + _scope.Type = type; + return this; + } + + public ScopeBuilder SetProtocol(ScopeProtocols protocol) + { + _scope.Protocol = protocol; + return this; + } + + public ScopeBuilder SetComponent(string component) + { + _scope.Component = component; + return this; + } + + public ScopeBuilder SetComponentAction(ComponentActions componentAction) + { + _scope.Action = componentAction; + return this; + } + public Scope Build() => _scope; } } diff --git a/src/IdServer/SimpleIdServer.IdServer/Builders/UserBuilder.cs b/src/IdServer/SimpleIdServer.IdServer/Builders/UserBuilder.cs index e4349749a..e68d751cc 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Builders/UserBuilder.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Builders/UserBuilder.cs @@ -27,7 +27,7 @@ private UserBuilder() /// (Optional) The user's first name. /// (Optional) The realm to asign. /// An instace for building an user. - public static UserBuilder Create(string login, string password, string name = null, Domains.Realm realm = null) + public static UserBuilder Create(string login, string password, string name = null, Domains.Realm realm = null, bool isBase64Encoded = false) { var result = new UserBuilder(); result._user.Id = Guid.NewGuid().ToString(); @@ -37,7 +37,7 @@ public static UserBuilder Create(string login, string password, string name = nu Id = Guid.NewGuid().ToString(), CredentialType = "pwd", IsActive = true, - Value = PasswordHelper.ComputeHash(password) + Value = PasswordHelper.ComputeHash(password, isBase64Encoded) }); if (realm == null) result._user.Realms.Add(new RealmUser { RealmsName = Constants.StandardRealms.Master.Name }); else result._user.Realms.Add(new RealmUser { RealmsName = realm.Name }); diff --git a/src/IdServer/SimpleIdServer.IdServer/ClaimsEnricher/HttpClaimsExtractor.cs b/src/IdServer/SimpleIdServer.IdServer/ClaimsEnricher/HttpClaimsExtractor.cs index 407bf5a07..b11afc325 100644 --- a/src/IdServer/SimpleIdServer.IdServer/ClaimsEnricher/HttpClaimsExtractor.cs +++ b/src/IdServer/SimpleIdServer.IdServer/ClaimsEnricher/HttpClaimsExtractor.cs @@ -18,9 +18,9 @@ namespace SimpleIdServer.IdServer.ClaimsEnricher /// public class HttpClaimsExtractor : IRelayClaimsExtractor { - private readonly Infrastructures.IHttpClientFactory _httpClientFactory; + private readonly Helpers.IHttpClientFactory _httpClientFactory; - public HttpClaimsExtractor(Infrastructures.IHttpClientFactory httpClientFactory) + public HttpClaimsExtractor(Helpers.IHttpClientFactory httpClientFactory) { _httpClientFactory = httpClientFactory; } diff --git a/src/IdServer/SimpleIdServer.Configuration/ConfigurationRecordAttribute.cs b/src/IdServer/SimpleIdServer.IdServer/ConfigurationRecordAttribute.cs similarity index 51% rename from src/IdServer/SimpleIdServer.Configuration/ConfigurationRecordAttribute.cs rename to src/IdServer/SimpleIdServer.IdServer/ConfigurationRecordAttribute.cs index e4922f72a..35b7336c8 100644 --- a/src/IdServer/SimpleIdServer.Configuration/ConfigurationRecordAttribute.cs +++ b/src/IdServer/SimpleIdServer.IdServer/ConfigurationRecordAttribute.cs @@ -4,20 +4,20 @@ using System; using System.Collections.Generic; -namespace SimpleIdServer.Configuration; +namespace SimpleIdServer.IdServer; [AttributeUsage(AttributeTargets.Property)] public class ConfigurationRecordAttribute : Attribute { - public ConfigurationRecordAttribute(string displayName, string description = null, int order = 0) - { - DisplayName = displayName; - Description = description; - Order = order; - } - - public ConfigurationRecordAttribute(string displayName, string description = null, int order = 0, string displayCondition = null) : this(displayName, description, order) - { + public ConfigurationRecordAttribute(string displayName, string description = null, int order = 0) + { + DisplayName = displayName; + Description = description; + Order = order; + } + + public ConfigurationRecordAttribute(string displayName, string description = null, int order = 0, string displayCondition = null) : this(displayName, description, order) + { DisplayCondition = displayCondition; } @@ -27,18 +27,18 @@ public ConfigurationRecordAttribute(string displayName, string description, int } public string DisplayName { get; set; } = null!; - public string? Description { get; set; } = null; - public int Order { get; set; } = 0; - public string DisplayCondition { get; set; } - public bool IsRequired { get; set; } - public CustomConfigurationRecordType? CustomType { get; set; } = null; + public string? Description { get; set; } = null; + public int Order { get; set; } = 0; + public string DisplayCondition { get; set; } + public bool IsRequired { get; set; } + public CustomConfigurationRecordType? CustomType { get; set; } = null; public Dictionary? Values { get; set; } = null; } public enum CustomConfigurationRecordType { - OTPVALUE = 0, - PASSWORD = 1, - NOTIFICATIONMODE = 2 -} + OTPVALUE = 0, + PASSWORD = 1, + NOTIFICATIONMODE = 2 +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Constants.cs b/src/IdServer/SimpleIdServer.IdServer/Constants.cs index f41dda03c..6ac45f2a7 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Constants.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Constants.cs @@ -3,6 +3,7 @@ using Microsoft.IdentityModel.JsonWebTokens; using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.IdServer.Builders; using SimpleIdServer.IdServer.Domains; using System; using System.Collections.Generic; @@ -20,28 +21,42 @@ public static class JWKUsages public static List RealmStandardUsers = new List { - "administrator" + StandardUsers.AdministratorUser.Name + }; + + public static List RealmStandardGroupsFullPath = new List + { + StandardGroups.AdministratorGroup.FullPath }; public static List RealmStandardClients = new List { "website", - "urn:website" + "urn:website", + "SIDS-manager" }; public static List RealmStandardScopes = new List { StandardScopes.OpenIdScope.Name, StandardScopes.Profile.Name, - StandardScopes.SAMLProfile.Name + StandardScopes.SAMLProfile.Name, + StandardScopes.WebsiteAdministratorRole.Name, + StandardScopes.Role.Name }; public static class StandardAuthorizationDetails { public const string OpenIdCredential = "openid_credential"; public const string CredentialConfigurationId = "credential_configuration_id"; + public const string Format = "format"; } + public static class StandardResponseModes + { + public const string DirectPost = "direct_post"; + } + public static class EndPoints { public const string Token = "token"; @@ -49,6 +64,7 @@ public static class EndPoints public const string TokenInfo = "token_info"; public const string Jwks = "jwks"; public const string Authorization = "authorization"; + public const string AuthorizationCallback = "authorization/callback"; public const string Registration = "register"; public const string OAuthConfiguration = ".well-known/oauth-authorization-server"; public const string OpenIDConfiguration = ".well-known/openid-configuration"; @@ -91,6 +107,7 @@ public static class EndPoints public const string Realms = "realms"; public const string Groups = "groups"; public const string Languages = "languages"; + public const string ErrorMessages = "errormessages"; } public static List AllStandardNotificationModes = new List @@ -194,6 +211,7 @@ public static class UserClaims public static string ScimId = "scim_id"; public static string ScimLocation = "scim_location"; public static string Events = "events"; + public static string Amrs = "amrs"; } public static class StandardClaims @@ -623,6 +641,20 @@ public static class StandardScopes CreateDateTime = DateTime.UtcNow, UpdateDateTime = DateTime.UtcNow }; + public static Scope DeferredCreds = new Scope + { + Id = Guid.NewGuid().ToString(), + Type = ScopeTypes.APIRESOURCE, + Name = "deferredcreds", + Realms = new List + { + StandardRealms.Master + }, + Protocol = ScopeProtocols.OAUTH, + IsExposedInConfigurationEdp = true, + CreateDateTime = DateTime.UtcNow, + UpdateDateTime = DateTime.UtcNow + }; public static Scope Acrs = new Scope { Id = Guid.NewGuid().ToString(), @@ -735,6 +767,64 @@ public static class StandardScopes CreateDateTime = DateTime.UtcNow, UpdateDateTime = DateTime.UtcNow }; + public static Scope WebsiteAdministratorRole = new Scope + { + Id = Guid.NewGuid().ToString(), + Name = "SIDS-manager/administrator", + Type = ScopeTypes.ROLE, + Realms = new List + { + StandardRealms.Master + }, + Protocol = ScopeProtocols.OAUTH, + Description = "Administrator", + CreateDateTime = DateTime.UtcNow, + UpdateDateTime = DateTime.UtcNow, + }; + } + + public static class StandardGroups + { + public static Domains.Group AdministratorGroup = new Domains.Group + { + Id = "9795f2aa-3a86-4e21-a098-d0443e0391d4", + CreateDateTime = DateTime.UtcNow, + FullPath = "administrator", + Realms = new List + { + new GroupRealm + { + RealmsName = StandardRealms.Master.Name + } + }, + Name = "administrator", + Description = "Administration role", + Roles = new List + { + StandardScopes.WebsiteAdministratorRole + } + }; + public static Domains.Group AdministratorReadonlyGroup = new Domains.Group + { + Id = "7a3014a3-5985-4986-bfcc-8e574fb6da27", + CreateDateTime = DateTime.UtcNow, + FullPath = "administrator-ro", + Realms = new List + { + new GroupRealm + { + RealmsName = StandardRealms.Master.Name + } + }, + Name = "administrator-ro", + Description = "Administration role readonly" + }; + } + + public static class StandardUsers + { + public static User AdministratorUser = UserBuilder.Create("administrator", "password", "Administrator").SetFirstname("Administrator").SetEmail("adm@email.com").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").AddGroup(StandardGroups.AdministratorGroup).GenerateRandomTOTPKey().Build(); + public static User AdministratorReadonlyUser = UserBuilder.Create("administrator-ro", "password", "AdministratorRo").SetFirstname("AdministratorRo").SetEmail("adm@email.com").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").AddGroup(StandardGroups.AdministratorReadonlyGroup).GenerateRandomTOTPKey().Build(); } public static class StandardAcrs @@ -762,7 +852,7 @@ public static class StandardAcrs { StandardRealms.Master } - }; + }; } public static class StandardRealms diff --git a/src/IdServer/SimpleIdServer.IdServer/DTOs/AuthorizationRequestParameters.cs b/src/IdServer/SimpleIdServer.IdServer/DTOs/AuthorizationRequestParameters.cs index 6fcb85e68..9012924f7 100644 --- a/src/IdServer/SimpleIdServer.IdServer/DTOs/AuthorizationRequestParameters.cs +++ b/src/IdServer/SimpleIdServer.IdServer/DTOs/AuthorizationRequestParameters.cs @@ -39,5 +39,6 @@ public static class AuthorizationRequestParameters public const string UserHint = "user_hint"; public const string IssuerState = "issuer_state"; public const string DPOPJkt = "dpop_jkt"; + public const string ResponseUri = "response_uri"; } } diff --git a/src/IdServer/SimpleIdServer.IdServer/DTOs/IdentityProvisioningNames.cs b/src/IdServer/SimpleIdServer.IdServer/DTOs/IdentityProvisioningNames.cs index 20fb08765..b5462c476 100644 --- a/src/IdServer/SimpleIdServer.IdServer/DTOs/IdentityProvisioningNames.cs +++ b/src/IdServer/SimpleIdServer.IdServer/DTOs/IdentityProvisioningNames.cs @@ -30,4 +30,6 @@ public class IdentityProvisioningNames public const string NbImportedUsers = "nb_imported_users"; public const string NbImportedGroups = "nb_imported_groups"; public const string NbFilteredRepresentations = "nb_filtered_representations"; + public const string Errors = "errors"; + public const string Exceptions = "exceptions"; } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/ErrorCodes.cs b/src/IdServer/SimpleIdServer.IdServer/ErrorCodes.cs index c918d2eb9..884cecdc0 100644 --- a/src/IdServer/SimpleIdServer.IdServer/ErrorCodes.cs +++ b/src/IdServer/SimpleIdServer.IdServer/ErrorCodes.cs @@ -1,46 +1,48 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -namespace SimpleIdServer.IdServer +namespace SimpleIdServer.IdServer; + +public static class ErrorCodes { - public static class ErrorCodes - { - public const string INVALID_REQUEST = "invalid_request"; - public const string INVALID_CLIENT = "invalid_client"; - public const string INVALID_REDIRECT_URI = "invalid_redirect_uri"; - public const string INVALID_CLIENT_METADATA = "invalid_client_metadata"; - public const string INVALID_SOFTWARE_STATEMENT = "invalid_software_statement"; - public const string INVALID_NETWORK = "invalid_network"; - public const string INVALID_GRANT = "invalid_grant"; - public const string INVALID_TOKEN = "invalid_token"; - public const string INVALID_SCOPE = "invalid_scope"; - public const string INVALID_DEVICE_CODE = "invalid_device_code"; - public const string INVALID_DPOP_PROOF = "invalid_dpop_proof"; - public const string INVALID_REQUEST_OBJECT = "invalid_request_object"; - public const string UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type"; - public const string UNSUPPORTED_TOKEN_TYPE = "unsupported_token_type"; - public const string UNSUPPORTED_RESPONSE_MODE = "unsupported_response_mode"; - public const string UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type"; - public const string LOGIN_REQUIRED = "login_required"; - public const string ACCESS_DENIED = "access_denied"; - public const string INVALID_BINDING_MESSAGE = "invalid_binding_message"; - public const string EXPIRED_LOGIN_HINT_TOKEN = "expired_login_hint_token"; - public const string UNKNOWN_USER_ID = "unknown_user_id"; - public const string AUTHORIZATION_PENDING = "authorization_pending"; - public const string EXPIRED_TOKEN = "expired_token"; - public const string SLOW_DOWN = "slow_down"; - public const string UNKNOWN_USER = "unknown_user"; - public const string UNKNOWN_ACR = "unknown_acr"; - public const string UNKNOWN_AMR = "unknown_amr"; - public const string INVALID_CREDENTIALS = "invalid_credentials"; - public const string INVALID_TARGET = "invalid_target"; - public const string REQUEST_DENIED = "request_denied"; - public const string INVALID_GRANT_ID = "invalid_grant_id"; - public const string INVALID_RESOURCE_ID = "invalid_resource_id"; - public const string NOT_FOUND = "not_found"; - public const string INVALID_AUTHORIZATION_DETAILS = "invalid_authorization_details"; - public const string UNEXPECTED_ERROR = "unexpected_error"; - public const string USE_DPOP_NONCE = "use_dpop_nonce"; - public const string INACTIVE_SESSION = "inactive_session"; - public const string NO_ACTIVE_OTP = "no_active_otp"; - } + public const string INVALID_REQUEST = "invalid_request"; + public const string INVALID_CLIENT = "invalid_client"; + public const string INVALID_REDIRECT_URI = "invalid_redirect_uri"; + public const string INVALID_CLIENT_METADATA = "invalid_client_metadata"; + public const string INVALID_CLIENT_METADATA_URI = "invalid_client_metadata_uri"; + public const string INVALID_SOFTWARE_STATEMENT = "invalid_software_statement"; + public const string INVALID_NETWORK = "invalid_network"; + public const string INVALID_GRANT = "invalid_grant"; + public const string INVALID_TOKEN = "invalid_token"; + public const string INVALID_SCOPE = "invalid_scope"; + public const string INVALID_DEVICE_CODE = "invalid_device_code"; + public const string INVALID_DPOP_PROOF = "invalid_dpop_proof"; + public const string INVALID_REQUEST_OBJECT = "invalid_request_object"; + public const string UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type"; + public const string UNSUPPORTED_TOKEN_TYPE = "unsupported_token_type"; + public const string UNSUPPORTED_RESPONSE_MODE = "unsupported_response_mode"; + public const string UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type"; + public const string LOGIN_REQUIRED = "login_required"; + public const string ACCESS_DENIED = "access_denied"; + public const string INVALID_BINDING_MESSAGE = "invalid_binding_message"; + public const string EXPIRED_LOGIN_HINT_TOKEN = "expired_login_hint_token"; + public const string UNKNOWN_USER_ID = "unknown_user_id"; + public const string AUTHORIZATION_PENDING = "authorization_pending"; + public const string EXPIRED_TOKEN = "expired_token"; + public const string SLOW_DOWN = "slow_down"; + public const string UNKNOWN_USER = "unknown_user"; + public const string UNKNOWN_ACR = "unknown_acr"; + public const string UNKNOWN_AMR = "unknown_amr"; + public const string INVALID_CREDENTIALS = "invalid_credentials"; + public const string INVALID_TARGET = "invalid_target"; + public const string REQUEST_DENIED = "request_denied"; + public const string INVALID_GRANT_ID = "invalid_grant_id"; + public const string INVALID_RESOURCE_ID = "invalid_resource_id"; + public const string NOT_FOUND = "not_found"; + public const string INVALID_AUTHORIZATION_DETAILS = "invalid_authorization_details"; + public const string UNEXPECTED_ERROR = "unexpected_error"; + public const string USE_DPOP_NONCE = "use_dpop_nonce"; + public const string INACTIVE_SESSION = "inactive_session"; + public const string NO_ACTIVE_OTP = "no_active_otp"; + public const string VALIDATION_FAILED = "validation_failed"; + public const string MISSING_TRUST_ANCHOR = "missing_trust_anchor"; } diff --git a/src/IdServer/SimpleIdServer.IdServer/Exceptions/OAuthAuthenticatedUserAmrMissingException.cs b/src/IdServer/SimpleIdServer.IdServer/Exceptions/OAuthAuthenticatedUserAmrMissingException.cs new file mode 100644 index 000000000..4572baa79 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Exceptions/OAuthAuthenticatedUserAmrMissingException.cs @@ -0,0 +1,19 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using System.Collections.Generic; + +namespace SimpleIdServer.IdServer.Exceptions; + +public class OAuthAuthenticatedUserAmrMissingException : OAuthException +{ + public OAuthAuthenticatedUserAmrMissingException(string acr, string amr, IEnumerable allAmrs) : base(string.Empty, string.Empty) + { + Acr = acr; + Amr = amr; + AllAmrs = allAmrs; + } + + public string Acr { get; set; } + public string Amr { get; set; } + public IEnumerable AllAmrs { get; set; } +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Exceptions/OAuthLoginRequiredException.cs b/src/IdServer/SimpleIdServer.IdServer/Exceptions/OAuthLoginRequiredException.cs index 5bed70319..ec58d1f2e 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Exceptions/OAuthLoginRequiredException.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Exceptions/OAuthLoginRequiredException.cs @@ -1,5 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using static SimpleIdServer.IdServer.Constants; + namespace SimpleIdServer.IdServer.Exceptions { public class OAuthLoginRequiredException : OAuthException diff --git a/src/IdServer/SimpleIdServer.IdServer/Extensions/JsonObjectExtensions.cs b/src/IdServer/SimpleIdServer.IdServer/Extensions/JsonObjectExtensions.cs index a99c77e43..bef11ce0c 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Extensions/JsonObjectExtensions.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Extensions/JsonObjectExtensions.cs @@ -13,6 +13,7 @@ using System.Runtime.CompilerServices; using System.Security.Claims; using System.Security.Cryptography.X509Certificates; +using System.Text.Json.Serialization; using System.Web; namespace System.Text.Json.Nodes @@ -136,6 +137,15 @@ public static IEnumerable GetAcrValuesFromAuthorizationRequest(this Json public static string GetNonceFromAuthorizationRequest(this JsonObject jObj) => jObj.GetStr(AuthorizationRequestParameters.Nonce); + public static string GetClientMetadataUri(this JsonObject jObj) => jObj.GetStr(AuthorizationRequestParameters.ClientMetadataUri); + + public static Client GetClientMetadata(this JsonObject jObj) + { + var clientMetadata = jObj.GetStr(AuthorizationRequestParameters.ClientMetadata); + if (clientMetadata == null) return null; + return JsonSerializer.Deserialize(clientMetadata); + } + /// /// This parameter can be used to bind the issued authorization code to a specific key. /// @@ -188,6 +198,8 @@ public static IEnumerable GetUILocalesFromAuthorizationRequest(this Json public static string GetResponseModeFromAuthorizationRequest(this JsonObject jObj) => jObj.GetStr(AuthorizationRequestParameters.ResponseMode); + public static string GetResponseUriFromAuthorizationRequest(this JsonObject jObj) => jObj.GetStr(AuthorizationRequestParameters.ResponseUri); + public static string GetRedirectUriFromAuthorizationRequest(this JsonObject jObj) { var result = jObj.GetStr(AuthorizationRequestParameters.RedirectUri); @@ -283,6 +295,17 @@ public static IEnumerable ExtractClaims(this JsonObject jObj, A #endregion + #region Authorization request callback + + /// + /// Get the id_token from the authorization request callback request. + /// + /// + /// + public static string GetIdTokenFromAuthorizationRequestCallback(this JsonObject jObj) => jObj.GetStr(AuthorizationResponseParameters.IdToken); + + #endregion + #region Token request public static string GetPreAuthorizedCode(this JsonObject jObj) => jObj.GetStr(TokenRequestParameters.PreAuthorizedCode); diff --git a/src/IdServer/SimpleIdServer.IdServer/Extractors/ClaimsExtractor.cs b/src/IdServer/SimpleIdServer.IdServer/Extractors/ClaimsExtractor.cs index 7b80f50c3..d432695e0 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Extractors/ClaimsExtractor.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Extractors/ClaimsExtractor.cs @@ -37,7 +37,7 @@ public async Task> ResolveGroupsAndExtract(HandlerCon { var grpPathLst = newContext.User.Groups.SelectMany(g => g.Group.ResolveAllPath()).Distinct().ToList(); var allGroups = await _groupRepository.GetAllByStrictFullPath(context.Realm, grpPathLst, CancellationToken.None); - var roles = allGroups.SelectMany(g => g.Roles).Select(r => r.Name).Distinct(); + var roles = allGroups.SelectMany(g => g.Roles).Where(r => r.Realms.Any(re => re.Name == context.Realm)).Select(r => r.Name).Distinct(); foreach (var role in roles) newContext.User.AddClaim(Constants.UserClaims.Role, role); } diff --git a/src/IdServer/SimpleIdServer.IdServer/Helpers/AmrHelper.cs b/src/IdServer/SimpleIdServer.IdServer/Helpers/AmrHelper.cs index 1fe4e744e..6664ccaa0 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Helpers/AmrHelper.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Helpers/AmrHelper.cs @@ -53,7 +53,8 @@ public async Task FetchDefaultAcr( if (defaultAcr == null) { var acrs = new List(); - acrs.AddRange(client.DefaultAcrValues); + if(client != null && client.DefaultAcrValues != null) + acrs.AddRange(client.DefaultAcrValues); acrs.Add(_options.DefaultAcrValue); defaultAcr = await GetSupportedAcr(realm, acrs, cancellationToken); } diff --git a/src/IdServer/SimpleIdServer.IdServer/Helpers/ExtractRequestHelper.cs b/src/IdServer/SimpleIdServer.IdServer/Helpers/ExtractRequestHelper.cs index 40669da38..eba7cf046 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Helpers/ExtractRequestHelper.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Helpers/ExtractRequestHelper.cs @@ -28,13 +28,13 @@ public interface IExtractRequestHelper public class ExtractRequestHelper : IExtractRequestHelper { - private readonly Infrastructures.IHttpClientFactory _httpClientFactory; + private readonly Helpers.IHttpClientFactory _httpClientFactory; private readonly IJwtBuilder _jwtBuilder; private readonly IDistributedCache _distributedCache; private readonly IdServerHostOptions _options; public ExtractRequestHelper( - Infrastructures.IHttpClientFactory httpClientFactory, + Helpers.IHttpClientFactory httpClientFactory, IJwtBuilder jwtBuilder, IDistributedCache distributedCache, IOptions options) diff --git a/src/IdServer/SimpleIdServer.IdServer/Helpers/GrantedTokenHelper.cs b/src/IdServer/SimpleIdServer.IdServer/Helpers/GrantedTokenHelper.cs index 5fdbec879..254b4aa48 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Helpers/GrantedTokenHelper.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Helpers/GrantedTokenHelper.cs @@ -45,6 +45,8 @@ public interface IGrantedTokenHelper Task RemovePreAuthCode(string preAuthorizationCode, CancellationToken cancellationToken); Task AddResetPasswordLink(string otpCode, string login, string realm, double expirationTimeInSeconds, CancellationToken cancellationToken); Task GetResetPasswordLink(string otpCode, CancellationToken cancellationToken); + Task AddAuthorizationRequestCallback(string nonce, JsonObject request, double validityPeriodsInSeconds, CancellationToken cancellationToken); + Task GetAuthorizationRequestCallback(string nonce, CancellationToken cancellationToken); } public class AuthCode @@ -361,6 +363,25 @@ public async Task GetResetPasswordLink(string otpCode, Cancel #endregion + #region Authorization request callback + + public async Task AddAuthorizationRequestCallback(string nonce, JsonObject record, double validityPeriodsInSeconds, CancellationToken cancellationToken) + { + await _distributedCache.SetAsync(nonce, Encoding.UTF8.GetBytes(record.ToString()), new DistributedCacheEntryOptions + { + SlidingExpiration = TimeSpan.FromSeconds(validityPeriodsInSeconds) + }, cancellationToken); + } + + public async Task GetAuthorizationRequestCallback(string nonce, CancellationToken cancellationToken) + { + var cache = await _distributedCache.GetAsync(nonce, cancellationToken); + if (cache == null) return null; + return JsonSerializer.Deserialize(Encoding.UTF8.GetString(cache)); + } + + #endregion + public object BuildScopeClaim(IEnumerable scopes) { if (_oauthHostOptions.IsScopeClaimConcatenationEnabled) return string.Join(" ", scopes); diff --git a/src/IdServer/SimpleIdServer.IdServer/Helpers/IClientHelper.cs b/src/IdServer/SimpleIdServer.IdServer/Helpers/IClientHelper.cs index 81b41a6fa..9fc15fba0 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Helpers/IClientHelper.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Helpers/IClientHelper.cs @@ -2,90 +2,155 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.IdentityModel.Tokens; using SimpleIdServer.IdServer.Domains; -using SimpleIdServer.IdServer.Infrastructures; +using SimpleIdServer.IdServer.Exceptions; +using SimpleIdServer.IdServer.Resources; +using SimpleIdServer.IdServer.Stores; using System; using System.Collections.Generic; -using System.IdentityModel.Tokens.Jwt; using System.Linq; using System.Text.Json; using System.Text.Json.Nodes; using System.Threading; using System.Threading.Tasks; -namespace SimpleIdServer.IdServer.Helpers +namespace SimpleIdServer.IdServer.Helpers; + +public interface IClientHelper +{ + Task> GetRedirectionUrls(Client client, CancellationToken cancellationToken); + Task> GetSectorIdentifierUrls(Client client, CancellationToken cancellationToken); + Task ResolveJsonWebKey(Client client, string kid, CancellationToken cancellationToken); + Task> ResolveJsonWebKeys(Client client, CancellationToken cancellationToken); + Task> ResolveJsonWebKeys(string jwksUri, CancellationToken cancellationToken); + bool IsNonPreRegisteredRelyingParty(string clientId); + Task ResolveClient(string realm, string clientId, CancellationToken cancellationToken); + Task ResolveSelfDeclaredClient(JsonObject request, CancellationToken cancellationToken); +} + +public class StandardClientHelper : IClientHelper { - public interface IClientHelper + private readonly Helpers.IHttpClientFactory _httpClientFactory; + private readonly IClientRepository _clientRepository; + + public StandardClientHelper( + Helpers.IHttpClientFactory httpClientFactory, + IClientRepository clientRepository) { - Task> GetRedirectionUrls(Client client, CancellationToken cancellationToken); - Task> GetSectorIdentifierUrls(Client client, CancellationToken cancellationToken); - Task ResolveJsonWebKey(Client client, string kid, CancellationToken cancellationToken); - Task> ResolveJsonWebKeys(Client client, CancellationToken cancellationToken); + _httpClientFactory = httpClientFactory; + _clientRepository = clientRepository; } - public class OAuthClientHelper : IClientHelper + protected IHttpClientFactory HttpClientFactory { - private readonly IHttpClientFactory _httpClientFactory; - - public OAuthClientHelper(IHttpClientFactory httpClientFactory) + get { - _httpClientFactory = httpClientFactory; + return _httpClientFactory; } + } - public virtual async Task> GetRedirectionUrls(Client client, CancellationToken cancellationToken) + protected IClientRepository ClientRepository + { + get { - List result = client.RedirectionUrls == null ? new List() : client.RedirectionUrls.ToList(); - result.AddRange(await GetSectorIdentifierUrls(client, cancellationToken)); - return result; + return _clientRepository; } + } + + public virtual async Task> GetRedirectionUrls(Client client, CancellationToken cancellationToken) + { + List result = client.RedirectionUrls == null ? new List() : client.RedirectionUrls.ToList(); + result.AddRange(await GetSectorIdentifierUrls(client, cancellationToken)); + return result; + } - public async Task> GetSectorIdentifierUrls(Client client, CancellationToken cancellationToken) + public async Task> GetSectorIdentifierUrls(Client client, CancellationToken cancellationToken) + { + var result = new List(); + if (!string.IsNullOrWhiteSpace(client.SectorIdentifierUri)) { - var result = new List(); - if (!string.IsNullOrWhiteSpace(client.SectorIdentifierUri)) + using (var httpClient = _httpClientFactory.GetHttpClient()) { - using (var httpClient = _httpClientFactory.GetHttpClient()) + var httpResult = await httpClient.GetAsync(client.SectorIdentifierUri, cancellationToken); + if (httpResult.IsSuccessStatusCode) { - var httpResult = await httpClient.GetAsync(client.SectorIdentifierUri, cancellationToken); - if (httpResult.IsSuccessStatusCode) + var json = await httpResult.Content.ReadAsStringAsync(); + if (!string.IsNullOrWhiteSpace(json)) { - var json = await httpResult.Content.ReadAsStringAsync(); - if (!string.IsNullOrWhiteSpace(json)) + var jArr = JsonSerializer.Deserialize>(json); + if (jArr != null) { - var jArr = JsonSerializer.Deserialize>(json); - if (jArr != null) - { - foreach (var record in jArr) - result.Add(record.ToString()); - } + foreach (var record in jArr) + result.Add(record.ToString()); } } } } - - return result; } - public async Task ResolveJsonWebKey(Client client, string kid, CancellationToken cancellationToken) + return result; + } + + public async Task ResolveJsonWebKey(Client client, string kid, CancellationToken cancellationToken) + { + var jwks = await ResolveJsonWebKeys(client, cancellationToken); + return jwks.FirstOrDefault(j => j.KeyId == kid); + } + + public async Task> ResolveJsonWebKeys(Client client, CancellationToken cancellationToken) + { + if (client.JsonWebKeys != null && client.JsonWebKeys.Any()) return client.JsonWebKeys; + return await ResolveJsonWebKeys(client.JwksUri, cancellationToken); + } + + public async Task> ResolveJsonWebKeys(string jwksUri, CancellationToken cancellationToken) + { + Uri uri = null; + if (string.IsNullOrWhiteSpace(jwksUri) || !Uri.TryCreate(jwksUri, UriKind.Absolute, out uri)) return new JsonWebKey[0]; + using (var httpClient = _httpClientFactory.GetHttpClient()) { - var jwks = await ResolveJsonWebKeys(client, cancellationToken); - return jwks.FirstOrDefault(j => j.KeyId == kid); + httpClient.BaseAddress = uri; + var request = await httpClient.GetAsync(uri.AbsoluteUri, cancellationToken).ConfigureAwait(false); + request.EnsureSuccessStatusCode(); + var json = await request.Content.ReadAsStringAsync().ConfigureAwait(false); + var keysJson = JsonObject.Parse(json)["keys"].AsArray(); + var jsonWebKeys = keysJson.Select(k => new JsonWebKey(k.ToString())); + return jsonWebKeys; } + } + + public bool IsNonPreRegisteredRelyingParty(string clientId) + { + if (clientId.StartsWith($"{SimpleIdServer.Did.Constants.Scheme}:")) return true; + return false; + } - public async Task> ResolveJsonWebKeys(Client client, CancellationToken cancellationToken) + public virtual Task ResolveClient(string realm, string clientId, CancellationToken cancellationToken) + => _clientRepository.GetByClientId(realm, clientId, cancellationToken); + + public async Task ResolveSelfDeclaredClient(JsonObject request, CancellationToken cancellationToken) + { + var clientMetadataUri = request.GetClientMetadataUri(); + var clientMetadata = request.GetClientMetadata(); + var clientId = request.GetClientId(); + if (clientMetadata == null) { - if (client.JsonWebKeys != null && client.JsonWebKeys.Any()) return client.JsonWebKeys; - Uri uri = null; - if (string.IsNullOrWhiteSpace(client.JwksUri) || !Uri.TryCreate(client.JwksUri, UriKind.Absolute, out uri)) return new JsonWebKey[0]; using (var httpClient = _httpClientFactory.GetHttpClient()) { - httpClient.BaseAddress = uri; - var request = await httpClient.GetAsync(uri.AbsoluteUri, cancellationToken).ConfigureAwait(false); - request.EnsureSuccessStatusCode(); - var json = await request.Content.ReadAsStringAsync().ConfigureAwait(false); - var keysJson = JsonObject.Parse(json)["keys"].AsArray(); - var jsonWebKeys = keysJson.Select(k => new JsonWebKey(k.ToString())); - return jsonWebKeys; + var requestMessage = new System.Net.Http.HttpRequestMessage + { + Method = System.Net.Http.HttpMethod.Get, + RequestUri = new Uri(clientMetadataUri) + }; + var httpResponse = await httpClient.SendAsync(requestMessage, cancellationToken); + if (!httpResponse.IsSuccessStatusCode) + throw new OAuthException(ErrorCodes.INVALID_CLIENT_METADATA_URI, Global.InvalidClientMetadataUri); + var json = await httpResponse.Content.ReadAsStringAsync(cancellationToken); + clientMetadata = JsonSerializer.Deserialize(json); } } + + clientMetadata.ClientId = clientId; + clientMetadata.IsSelfIssueEnabled = true; + return clientMetadata; } } diff --git a/src/IdServer/SimpleIdServer.IdServer/Helpers/SessionHelper.cs b/src/IdServer/SimpleIdServer.IdServer/Helpers/SessionHelper.cs index 3f59b01d4..16d33cfc3 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Helpers/SessionHelper.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Helpers/SessionHelper.cs @@ -23,13 +23,13 @@ public interface ISessionHelper public class SessionHelper : ISessionHelper { - private readonly IdServer.Infrastructures.IHttpClientFactory _httpClientFactory; + private readonly Helpers.IHttpClientFactory _httpClientFactory; private readonly IJwtBuilder _jwtBuilder; private readonly IdServerHostOptions _options; private readonly ILogger _logger; public SessionHelper( - IdServer.Infrastructures.IHttpClientFactory httpClientFactory, + Helpers.IHttpClientFactory httpClientFactory, IJwtBuilder jwtBuilder, IOptions options, ILogger logger) diff --git a/src/IdServer/SimpleIdServer.IdServer/IdServerBuilder.cs b/src/IdServer/SimpleIdServer.IdServer/IdServerBuilder.cs index 9f81ea6c3..f9a583ac7 100644 --- a/src/IdServer/SimpleIdServer.IdServer/IdServerBuilder.cs +++ b/src/IdServer/SimpleIdServer.IdServer/IdServerBuilder.cs @@ -110,6 +110,8 @@ public IdServerBuilder UseInMemoryMassTransit() { o.AddPublishMessageScheduler(); o.AddHangfireConsumers(); + o.AddConsumer(); + o.AddConsumer(); o.AddConsumer(); o.AddConsumer(); o.AddConsumer(); diff --git a/src/IdServer/SimpleIdServer.IdServer/Jobs/BCNotificationJob.cs b/src/IdServer/SimpleIdServer.IdServer/Jobs/BCNotificationJob.cs index e10bfc88c..f60e17aa7 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Jobs/BCNotificationJob.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Jobs/BCNotificationJob.cs @@ -25,7 +25,7 @@ public class BCNotificationJob : IJob { private readonly IBCAuthorizeRepository _repository; private readonly ILogger _logger; - private readonly Infrastructures.IHttpClientFactory _httpClientFactory; + private readonly Helpers.IHttpClientFactory _httpClientFactory; private readonly IEnumerable _tokenBuilders; private readonly IUserRepository _userRepository; private readonly IClientRepository _clientRepository; @@ -35,7 +35,7 @@ public class BCNotificationJob : IJob public BCNotificationJob( IBCAuthorizeRepository repository, ILogger logger, - Infrastructures.IHttpClientFactory httpClientFactory, + Helpers.IHttpClientFactory httpClientFactory, IEnumerable tokenBuilders, IUserRepository userRepository, IClientRepository clientRepository, diff --git a/src/IdServer/SimpleIdServer.IdServer/Jwt/JwtBuilder.cs b/src/IdServer/SimpleIdServer.IdServer/Jwt/JwtBuilder.cs index 91c6d665c..ca094a47e 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Jwt/JwtBuilder.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Jwt/JwtBuilder.cs @@ -29,6 +29,7 @@ public interface IJwtBuilder string Encrypt(string jws, string jweEnc, JsonWebKey jsonWebKey, string password); ReadJsonWebTokenResult ReadSelfIssuedJsonWebToken(string realm, string jwt); Task ReadJsonWebToken(string realm, string jwt, Client client, string sigAlg, string encAlg, CancellationToken cancellationToken); + Task ReadJsonWebToken(string realm, string jwt, JsonWebToken jsonWebToken, Client client, string sigAlg, string encAlg, CancellationToken cancellationToken); } public class ReadJsonWebTokenResult @@ -148,23 +149,29 @@ public ReadJsonWebTokenResult ReadSelfIssuedJsonWebToken(string realm, string jw return ReadJsonWebTokenResult.Ok(jsonWebToken, encJwt); } - public async Task ReadJsonWebToken(string realm, string jwt, Client client, string sigAlg, string encAlg, CancellationToken cancellationToken) + public Task ReadJsonWebToken(string realm, string jwt, Client client, string sigAlg, string encAlg, CancellationToken cancellationToken) { var handler = new JsonWebTokenHandler(); - if (!handler.CanReadToken(jwt)) return ReadJsonWebTokenResult.BuildError(Global.InvalidJwt); + if (!handler.CanReadToken(jwt)) return Task.FromResult(ReadJsonWebTokenResult.BuildError(Global.InvalidJwt)); var jsonWebToken = handler.ReadJsonWebToken(jwt); + return ReadJsonWebToken(realm, jwt, jsonWebToken, client, sigAlg, encAlg, cancellationToken); + } + + public async Task ReadJsonWebToken(string realm, string jwt, JsonWebToken jsonWebToken, Client client, string sigAlg, string encAlg, CancellationToken cancellationToken) + { + var handler = new JsonWebTokenHandler(); JsonWebToken encJwt = null; - if( + if ( (!string.IsNullOrWhiteSpace(encAlg) && !jsonWebToken.IsEncrypted) || (!string.IsNullOrWhiteSpace(encAlg) && jsonWebToken.IsEncrypted && jsonWebToken.Alg != encAlg) ) return ReadJsonWebTokenResult.BuildError(string.Format(Global.JwtMustBeEncrypted, encAlg)); - if(string.IsNullOrWhiteSpace(encAlg) && jsonWebToken.IsEncrypted) return ReadJsonWebTokenResult.BuildError(Global.JwtCannotBeEncrypted); + if (string.IsNullOrWhiteSpace(encAlg) && jsonWebToken.IsEncrypted) return ReadJsonWebTokenResult.BuildError(Global.JwtCannotBeEncrypted); if (jsonWebToken.IsEncrypted) { // symmetric key. - if(jsonWebToken.Alg == Constants.AlgDir) + if (jsonWebToken.Alg == Constants.AlgDir) { try { @@ -209,7 +216,7 @@ public async Task ReadJsonWebToken(string realm, string jsonWebToken = encJwt; } - if(sigAlg != jsonWebToken.Alg) return ReadJsonWebTokenResult.BuildError(string.Format(Global.JwtMustBeSigned, sigAlg)); + if (sigAlg != jsonWebToken.Alg) return ReadJsonWebTokenResult.BuildError(string.Format(Global.JwtMustBeSigned, sigAlg)); var jsonWebKey = await _clientHelper.ResolveJsonWebKey(client, jsonWebToken.Kid, cancellationToken); if (jsonWebToken == null) return ReadJsonWebTokenResult.BuildError(string.Format(Global.NoJwkFoundToCheckSig, jsonWebToken.Kid)); diff --git a/src/IdServer/SimpleIdServer.IdServer/Middlewares/RealmMiddleware.cs b/src/IdServer/SimpleIdServer.IdServer/Middlewares/RealmMiddleware.cs index 369e91d05..5a634718e 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Middlewares/RealmMiddleware.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Middlewares/RealmMiddleware.cs @@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Http; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Stores; using System; using System.Collections.Generic; diff --git a/src/IdServer/SimpleIdServer.IdServer/Options/IdServerHostOptions.cs b/src/IdServer/SimpleIdServer.IdServer/Options/IdServerHostOptions.cs index 13f9f19a0..a3e643ed2 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Options/IdServerHostOptions.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Options/IdServerHostOptions.cs @@ -6,6 +6,7 @@ using SimpleIdServer.IdServer.Api.Token.TokenProfiles; using SimpleIdServer.IdServer.Authenticate.Handlers; using SimpleIdServer.IdServer.ClaimTokenFormats; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Middlewares; using SimpleIdServer.IdServer.SubjectTypeBuilders; using System.Collections.Generic; @@ -65,6 +66,10 @@ public class IdServerHostOptions /// public double DefaultRefreshTokenExpirationTimeInSeconds { get; set; } = 60 * 30; /// + /// Default expiration time of the authorization request callback. + /// + public double DefaultAuthorizationRequestCallbackExpirationTimeInSeconds { get; set; } = 60 * 30; + /// /// Default OTP issuer. /// public string OTPIssuer { get; set; } = "SimpleIdServer"; @@ -203,6 +208,11 @@ public class IdServerHostOptions /// public int EndSessionRedirectionTimeInMS { get; set; } = 3 * 1000; + /// + /// Set if the password is encoded in base64. + /// + public bool IsPasswordEncodeInBase64 { get; set; } = false; + public int GetIntParameter(string name) => int.Parse(Parameters[name]); public string GetStringParameter(string name) => Parameters[name]; diff --git a/src/IdServer/SimpleIdServer.IdServer/Provisioning/ExtractUsersFaultConsumer.cs b/src/IdServer/SimpleIdServer.IdServer/Provisioning/ExtractUsersFaultConsumer.cs new file mode 100644 index 000000000..bc8634b9b --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Provisioning/ExtractUsersFaultConsumer.cs @@ -0,0 +1,48 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using MassTransit; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Stores; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text.Json; +using System.Threading.Tasks; + +namespace SimpleIdServer.IdServer.Provisioning +{ + public class ExtractUsersFaultConsumer : IConsumer> + { + private readonly ITransactionBuilder _transactionBuilder; + private readonly IMessageBusErrorStore _messageBusErrorStore; + + public ExtractUsersFaultConsumer(ITransactionBuilder transactionBuilder, IMessageBusErrorStore messageBusErrorStore) + { + _transactionBuilder = transactionBuilder; + _messageBusErrorStore = messageBusErrorStore; + } + + public async Task Consume(ConsumeContext> context) + { + using (var transaction = _transactionBuilder.Build()) + { + var type = typeof(ExtractUsersCommand); + var exceptions = context.Message.Exceptions == null ? new List() : context.Message.Exceptions.Select(e => e.Message).ToList(); + var message = new MessageBusErrorMessage + { + Id = Guid.NewGuid().ToString(), + Content = JsonSerializer.Serialize(context.Message.Message), + ExternalId = context.Message.Message.ProcessId, + FullName = type.AssemblyQualifiedName, + Name = type.Name, + Exceptions = exceptions, + ReceivedDateTime = DateTime.UtcNow, + QueueName = ExtractUsersConsumer.Queuename + }; + _messageBusErrorStore.Add(message); + await transaction.Commit(context.CancellationToken); + } + } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Provisioning/ImportUsersConsumer.cs b/src/IdServer/SimpleIdServer.IdServer/Provisioning/ImportUsersConsumer.cs index 764be5e21..ee67eaa9e 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Provisioning/ImportUsersConsumer.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Provisioning/ImportUsersConsumer.cs @@ -215,7 +215,8 @@ private ExtractionUserResult ExtractUsersAndClaims(IdentityProvisioning idProvis Id = extractedUser.RepresentationId, Source = idProvisioning.Definition.Name, IdentityProvisioningId = idProvisioning.Id, - UpdateDateTime = DateTime.UtcNow + UpdateDateTime = DateTime.UtcNow, + CreateDateTime = DateTime.UtcNow }; if (!string.IsNullOrWhiteSpace(extractedUser.Values)) { diff --git a/src/IdServer/SimpleIdServer.IdServer/Provisioning/ImportUsersFaultConsumer.cs b/src/IdServer/SimpleIdServer.IdServer/Provisioning/ImportUsersFaultConsumer.cs new file mode 100644 index 000000000..1615060e3 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Provisioning/ImportUsersFaultConsumer.cs @@ -0,0 +1,48 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using MassTransit; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Stores; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text.Json; +using System.Threading.Tasks; + +namespace SimpleIdServer.IdServer.Provisioning +{ + public class ImportUsersFaultConsumer : IConsumer> + { + private readonly ITransactionBuilder _transactionBuilder; + private readonly IMessageBusErrorStore _messageBusErrorStore; + + public ImportUsersFaultConsumer(ITransactionBuilder transactionBuilder, IMessageBusErrorStore messageBusErrorStore) + { + _transactionBuilder = transactionBuilder; + _messageBusErrorStore = messageBusErrorStore; + } + + public async Task Consume(ConsumeContext> context) + { + using (var transaction = _transactionBuilder.Build()) + { + var type = typeof(ImportUsersCommand); + var exceptions = context.Message.Exceptions == null ? new List() : context.Message.Exceptions.Select(e => e.Message).ToList(); + var message = new MessageBusErrorMessage + { + Id = Guid.NewGuid().ToString(), + Content = JsonSerializer.Serialize(context.Message.Message), + ExternalId = context.Message.Message.ProcessId, + FullName = type.AssemblyQualifiedName, + Name = type.Name, + Exceptions = exceptions, + ReceivedDateTime = DateTime.UtcNow, + QueueName = ImportUsersConsumer.Queuename + }; + _messageBusErrorStore.Add(message); + await transaction.Commit(context.CancellationToken); + } + } + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Resources/Global.Designer.cs b/src/IdServer/SimpleIdServer.IdServer/Resources/Global.Designer.cs index bfbd6e861..ee21524c8 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Resources/Global.Designer.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Resources/Global.Designer.cs @@ -492,6 +492,15 @@ public static string BadGrantType { } } + /// + /// Recherche une chaîne localisée semblable à the identity token is invalid. + /// + public static string BadIdToken { + get { + return ResourceManager.GetString("BadIdToken", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à signature of the id_token_hint is not correct. /// @@ -699,6 +708,15 @@ public static string CannotReadCertificateStore { } } + /// + /// Recherche une chaîne localisée semblable à the parameters client_metadata and client_metadata_uri cannot be used the same time. + /// + public static string CannotUseClientMetadataAndClientMetadataUri { + get { + return ResourceManager.GetString("CannotUseClientMetadataAndClientMetadataUri", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à the certificate cannot be generated. /// @@ -906,6 +924,15 @@ public static string ClientIdentifierMustBeIdentical { } } + /// + /// Recherche une chaîne localisée semblable à the client_metadata or client_metadata_uri parameter cannot be used with a pre-registered client. + /// + public static string ClientMetadataCannotBeUsedWithRegisteredClient { + get { + return ResourceManager.GetString("ClientMetadataCannotBeUsedWithRegisteredClient", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à client_notification_token must not exceed 1024 characters. /// @@ -978,6 +1005,15 @@ public static string DuplicateScopes { } } + /// + /// Recherche une chaîne localisée semblable à The email is taken. + /// + public static string EmailIsTaken { + get { + return ResourceManager.GetString("EmailIsTaken", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à the authorization request is expired. /// @@ -1041,6 +1077,15 @@ public static string IdProvisioningTypeUnique { } } + /// + /// Recherche une chaîne localisée semblable à the nonce claim is missing in the id_token. + /// + public static string IdTokenNonceMissing { + get { + return ResourceManager.GetString("IdTokenNonceMissing", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à the session is not active. /// @@ -1185,6 +1230,15 @@ public static string InvalidClientIdTokenHint { } } + /// + /// Recherche une chaîne localisée semblable à the client_metadata_uri in the Authorization Request returns an error or contains invalid data. + /// + public static string InvalidClientMetadataUri { + get { + return ResourceManager.GetString("InvalidClientMetadataUri", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à DPoP must be bound to the access token. /// @@ -1338,6 +1392,15 @@ public static string InvalidLocahostRedirectUri { } } + /// + /// Recherche une chaîne localisée semblable à the nonce is invalid and doesn't match the nonce present in the authorization request. + /// + public static string InvalidNonce { + get { + return ResourceManager.GetString("InvalidNonce", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à authorization request is still pending as the end user hasn't yet completed the user-interation steps. /// @@ -1617,6 +1680,15 @@ public static string MissingIdTokenHint { } } + /// + /// Recherche une chaîne localisée semblable à the openid_relying_party doesn't exist in the entity statement. + /// + public static string MissingOpenidRpInEntityStatement { + get { + return ResourceManager.GetString("MissingOpenidRpInEntityStatement", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à missing parameter {0}. /// @@ -1968,6 +2040,15 @@ public static string RequestUriIsRequired { } } + /// + /// Recherche une chaîne localisée semblable à the parameter client_metadata or client_metadata_uri is required. + /// + public static string RequiredClientMetadataOrClientMetadataUri { + get { + return ResourceManager.GetString("RequiredClientMetadataOrClientMetadataUri", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à scope '{0}' already exists. /// @@ -2004,6 +2085,15 @@ public static string ScopeClaimMapperTokenClaimNameMustBeUnique { } } + /// + /// Recherche une chaîne localisée semblable à self-issued request cannot request access to scope different to OPENID. + /// + public static string ScopeDifferentToOpenidCannotBeSelfIssued { + get { + return ResourceManager.GetString("ScopeDifferentToOpenidCannotBeSelfIssued", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à The same mapping type cannot be added twice.. /// @@ -2247,6 +2337,15 @@ public static string UnknownDeviceType { } } + /// + /// Recherche une chaîne localisée semblable à The error message {0} is unknown. + /// + public static string UnknownErrorMessage { + get { + return ResourceManager.GetString("UnknownErrorMessage", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à the grant {0} doesn't exist. /// @@ -2346,6 +2445,24 @@ public static string UnknownPresentationDefinition { } } + /// + /// Recherche une chaîne localisée semblable à the realm {0} doesn't exist. + /// + public static string UnknownRealm { + get { + return ResourceManager.GetString("UnknownRealm", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the realm role {0} doesn't exist. + /// + public static string UnknownRealmRole { + get { + return ResourceManager.GetString("UnknownRealmRole", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à no registration workflow has been resolved. /// diff --git a/src/IdServer/SimpleIdServer.IdServer/Resources/Global.resx b/src/IdServer/SimpleIdServer.IdServer/Resources/Global.resx index 158606a1a..b322ca471 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Resources/Global.resx +++ b/src/IdServer/SimpleIdServer.IdServer/Resources/Global.resx @@ -261,6 +261,9 @@ bad grant type + + the identity token is invalid + signature of the id_token_hint is not correct @@ -330,6 +333,9 @@ You don't have the permission to read the certificate store + + the parameters client_metadata and client_metadata_uri cannot be used the same time + the certificate cannot be generated @@ -399,6 +405,9 @@ client identifier must be identical + + the client_metadata or client_metadata_uri parameter cannot be used with a pre-registered client + client_notification_token must not exceed 1024 characters @@ -423,6 +432,9 @@ duplicate scopes : {0} + + The email is taken + the authorization request is expired @@ -444,6 +456,9 @@ The same mapping type cannot be added twice. + + the nonce claim is missing in the id_token + the session is not active @@ -492,6 +507,9 @@ client_id contained in the id_token_hint is invalid + + the client_metadata_uri in the Authorization Request returns an error or contains invalid data + DPoP must be bound to the access token @@ -543,6 +561,9 @@ redirect_uri must not contain localhost + + the nonce is invalid and doesn't match the nonce present in the authorization request + authorization request is still pending as the end user hasn't yet completed the user-interation steps @@ -636,6 +657,9 @@ id_token_hint parameter is missing + + the openid_relying_party doesn't exist in the entity statement + missing parameter {0} @@ -753,6 +777,9 @@ the request_uri is required + + the parameter client_metadata or client_metadata_uri is required + scope '{0}' already exists @@ -765,6 +792,9 @@ Token claim name must be unique + + self-issued request cannot request access to scope different to OPENID + The same mapping type cannot be added twice. @@ -846,6 +876,9 @@ the device {0} is not supported + + The error message {0} is unknown + the grant {0} doesn't exist @@ -879,6 +912,12 @@ the presentation definition {0} doesn't exist + + the realm {0} doesn't exist + + + the realm role {0} doesn't exist + no registration workflow has been resolved diff --git a/src/IdServer/SimpleIdServer.IdServer/Seeding/JsonSeedStrategy.cs b/src/IdServer/SimpleIdServer.IdServer/Seeding/JsonSeedStrategy.cs index 331f227d6..52a170fb5 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Seeding/JsonSeedStrategy.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Seeding/JsonSeedStrategy.cs @@ -17,18 +17,25 @@ public class JsonSeedStrategy : ISeedStrategy { private readonly JsonSeedingOptions _jsonSeedingOptions; private readonly ILogger _logger; - private readonly IEntitySeeder _userSeederService; + private readonly IEntitySeeder _realmsSeeder; + private readonly IEntitySeeder _scopesSeeder; + private readonly IEntitySeeder _usersSeeder; public JsonSeedStrategy( IOptions jsonSeedingOptions, ILogger logger, - IEntitySeeder userSeederService) + IEntitySeeder realmsSeeder, + IEntitySeeder scopesSeeder, + IEntitySeeder usersSeeder) { _jsonSeedingOptions = jsonSeedingOptions.Value; _logger = logger; - _userSeederService = userSeederService; + _realmsSeeder = realmsSeeder; + _scopesSeeder = scopesSeeder; + _usersSeeder = usersSeeder; } + /// public async Task GetDataFromResourceAsync(CancellationToken cancellationToken = default) { string jsonText = await File.ReadAllTextAsync(_jsonSeedingOptions.JsonFilePath, cancellationToken); @@ -37,6 +44,7 @@ public JsonSeedStrategy( return seedsDto; } + /// public async Task SeedDataAsync(CancellationToken cancellationToken = default) { if (_jsonSeedingOptions.SeedFromJson) @@ -48,11 +56,22 @@ public async Task SeedDataAsync(CancellationToken cancellationToken = default) } } + /// public async Task SeedDataAsync(SeedsDto seeds, CancellationToken cancellationToken = default) { + if (seeds.Realms.Count > 0) + { + await _realmsSeeder?.SeedAsync(seeds.Realms , cancellationToken); + } + + if (seeds.Scopes.Count > 0) + { + await _scopesSeeder?.SeedAsync(seeds.Scopes, cancellationToken); + } + if (seeds.Users.Count > 0) { - await _userSeederService.SeedAsync(seeds.Users, cancellationToken); + await _usersSeeder?.SeedAsync(seeds.Users, cancellationToken); } } } diff --git a/src/IdServer/SimpleIdServer.IdServer/Seeding/RealmSeedDto.cs b/src/IdServer/SimpleIdServer.IdServer/Seeding/RealmSeedDto.cs new file mode 100644 index 000000000..05c2eeefc --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Seeding/RealmSeedDto.cs @@ -0,0 +1,20 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +namespace SimpleIdServer.IdServer.Seeding +{ + /// + /// Represents a realm to seed. + /// + public class RealmSeedDto + { + /// + /// The realm's name. + /// + public string Name { get; set; } + + /// + /// The realm's description. + /// + public string Description { get; set; } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Seeding/ScopeSeedDto.cs b/src/IdServer/SimpleIdServer.IdServer/Seeding/ScopeSeedDto.cs new file mode 100644 index 000000000..1a8414379 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Seeding/ScopeSeedDto.cs @@ -0,0 +1,50 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +namespace SimpleIdServer.IdServer.Seeding +{ + /// + /// Represents a scope to seed. + /// + public class ScopeSeedDto + { + /// + /// The scope's name. + /// + public string Name { get; set; } + + /// + /// The scope's type. Possible Values are IDENTITY, APIRESOURCE and ROLE + /// + public string Type { get; set; } + + /// + /// The scope's protocol. Possible Values are OPENID, SAML and OAUTH. + /// + public string Protocol { get; set; } + + /// + /// The scope's description. + /// + public string Description { get; set; } + + /// + /// Indicates if this scope should appears in the Discovery endpoint. + /// + public bool IsExposedInConfigurationEdp { get; set; } + + /// + /// The scope's component. + /// + public string Component { set; get; } + + /// + /// The scope's component action. Possible Values are Manage and View. + /// + public string ComponentAction { get; set; } + + /// + /// Realm to relate. + /// + public string Realm { get; set; } + } +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Seeding/SeedsDto.cs b/src/IdServer/SimpleIdServer.IdServer/Seeding/SeedsDto.cs index 61ee3faf3..5b7ce6f8c 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Seeding/SeedsDto.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Seeding/SeedsDto.cs @@ -9,5 +9,18 @@ namespace SimpleIdServer.IdServer.Seeding; /// public class SeedsDto { + /// + /// Realms to seed. + /// + public IReadOnlyCollection Realms { get; set; } = []; + + /// + /// Scopes to seed. + /// + public IReadOnlyCollection Scopes { get; set; } = []; + + /// + /// Users to seed. + /// public IReadOnlyCollection Users { get; set; } = []; } diff --git a/src/IdServer/SimpleIdServer.IdServer/Seeding/UserSeedDto.cs b/src/IdServer/SimpleIdServer.IdServer/Seeding/UserSeedDto.cs index 453dd4567..e576b0e33 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Seeding/UserSeedDto.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Seeding/UserSeedDto.cs @@ -36,4 +36,9 @@ public class UserSeedDto /// (Optional) Array of user roles. /// public string[] Roles { get; set; } = []; + + /// + /// Realm to relate. + /// + public string Realm { get; set; } } diff --git a/src/IdServer/SimpleIdServer.IdServer/ServiceCollectionExtensions.cs b/src/IdServer/SimpleIdServer.IdServer/ServiceCollectionExtensions.cs index 0f890af4c..eb1e97fe2 100644 --- a/src/IdServer/SimpleIdServer.IdServer/ServiceCollectionExtensions.cs +++ b/src/IdServer/SimpleIdServer.IdServer/ServiceCollectionExtensions.cs @@ -21,6 +21,7 @@ using SimpleIdServer.IdServer.Api.Configuration; using SimpleIdServer.IdServer.Api.DeviceAuthorization; using SimpleIdServer.IdServer.Api.Jwks; +using SimpleIdServer.IdServer.Api.OpenIdConfiguration; using SimpleIdServer.IdServer.Api.Register; using SimpleIdServer.IdServer.Api.Token; using SimpleIdServer.IdServer.Api.Token.Handlers; @@ -39,7 +40,6 @@ using SimpleIdServer.IdServer.Extractors; using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Infastructures; -using SimpleIdServer.IdServer.Infrastructures; using SimpleIdServer.IdServer.Jobs; using SimpleIdServer.IdServer.Jwt; using SimpleIdServer.IdServer.Options; @@ -298,7 +298,7 @@ private static IServiceCollection AddOAuthTokenApi(this IServiceCollection servi services.AddTransient(); services.AddTransient(); services.AddTransient(); - services.AddTransient(); + services.AddTransient(); services.AddTransient(); services.AddTransient(); services.AddTransient(); @@ -336,6 +336,8 @@ private static IServiceCollection AddOAuthAuthorizationApi(this IServiceCollecti services.AddTransient(); services.AddTransient(); services.AddTransient(); + services.AddTransient(); + services.AddTransient(); return services; } @@ -369,6 +371,7 @@ private static IServiceCollection AddLib(this IServiceCollection services) private static IServiceCollection AddConfigurationApi(this IServiceCollection services) { services.AddTransient(); + services.AddTransient(); services.AddTransient(); return services; } diff --git a/src/IdServer/SimpleIdServer.IdServer/SimpleIdServer.IdServer.csproj b/src/IdServer/SimpleIdServer.IdServer/SimpleIdServer.IdServer.csproj index 44788e482..9a4e76e38 100644 --- a/src/IdServer/SimpleIdServer.IdServer/SimpleIdServer.IdServer.csproj +++ b/src/IdServer/SimpleIdServer.IdServer/SimpleIdServer.IdServer.csproj @@ -18,6 +18,7 @@ + diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IApiResourceRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IApiResourceRepository.cs index 21e8f9e3b..f34ab5624 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IApiResourceRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IApiResourceRepository.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IAuditEventRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IAuditEventRepository.cs index 86f901ec7..4a6376190 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IAuditEventRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IAuditEventRepository.cs @@ -3,6 +3,7 @@ using SimpleIdServer.IdServer.Api.Auditing; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using System; using System.Threading; using System.Threading.Tasks; diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IAuthenticationSchemeProviderDefinitionRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IAuthenticationSchemeProviderDefinitionRepository.cs index 0d9df2488..950a1adfa 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IAuthenticationSchemeProviderDefinitionRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IAuthenticationSchemeProviderDefinitionRepository.cs @@ -12,4 +12,5 @@ public interface IAuthenticationSchemeProviderDefinitionRepository { Task Get(string name, CancellationToken cancellationToken); Task> GetAll(CancellationToken cancellationToken); + void Add(AuthenticationSchemeProviderDefinition definition); } diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IAuthenticationSchemeProviderRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IAuthenticationSchemeProviderRepository.cs index f6538c674..5446baf99 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IAuthenticationSchemeProviderRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IAuthenticationSchemeProviderRepository.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/ICertificateAuthorityRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/ICertificateAuthorityRepository.cs index a4510d145..ef9324645 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/ICertificateAuthorityRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/ICertificateAuthorityRepository.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using System.Threading; using System.Threading.Tasks; diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IClientRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IClientRepository.cs index e2278b9c1..e51a9f0b1 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IClientRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IClientRepository.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IConfigurationDefinitionStore.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IConfigurationDefinitionStore.cs index dae348906..2a95ef7ed 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IConfigurationDefinitionStore.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IConfigurationDefinitionStore.cs @@ -9,5 +9,6 @@ namespace SimpleIdServer.IdServer.Stores; public interface IConfigurationDefinitionStore { + void Add(ConfigurationDefinition configurationDefinition); Task> GetAll(CancellationToken cancellationToken); } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IDeviceAuthCodeRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IDeviceAuthCodeRepository.cs index 52f09ae7a..971fde235 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IDeviceAuthCodeRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IDeviceAuthCodeRepository.cs @@ -13,5 +13,4 @@ public interface IDeviceAuthCodeRepository void Delete(DeviceAuthCode deviceAuthCode); void Add(DeviceAuthCode deviceAuthCode); void Update(DeviceAuthCode deviceAuthCode); - Task SaveChanges(CancellationToken cancellationToken); } diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IGroupRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IGroupRepository.cs index cc73d3dca..88af29ac0 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IGroupRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IGroupRepository.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Api.Groups; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IIdentityProvisioningStore.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IIdentityProvisioningStore.cs index 35bc2f6d9..87a186b26 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IIdentityProvisioningStore.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IIdentityProvisioningStore.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; @@ -14,5 +15,6 @@ public interface IIdentityProvisioningStore void DeleteRange(IEnumerable identityProvisioningLst); void Remove(IdentityProvisioning identityProvisioning); void Update(IdentityProvisioning identityProvisioning); + void Add(IdentityProvisioningDefinition identityProvisioning); void Update(IdentityProvisioningDefinition identityProvisioningDefinition); } diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IKeyValueRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IKeyValueRepository.cs index aeadcdeb5..046a9cfb5 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IKeyValueRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IKeyValueRepository.cs @@ -14,5 +14,4 @@ public interface IKeyValueRepository Task> GetAll(CancellationToken cancellationToken); void Add(ConfigurationKeyPairValueRecord keyValue); void Update(ConfigurationKeyPairValueRecord keyValue); - Task SaveChanges(CancellationToken cancellationToken); } diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/ILanguageRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/ILanguageRepository.cs index 9a9b9681e..0ff37609b 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/ILanguageRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/ILanguageRepository.cs @@ -10,5 +10,6 @@ namespace SimpleIdServer.IdServer.Stores; public interface ILanguageRepository { + void Add(Language language); Task> GetAll(CancellationToken cancellationToken); } diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IMessageBusErrorStore.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IMessageBusErrorStore.cs new file mode 100644 index 000000000..8e99371d3 --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IMessageBusErrorStore.cs @@ -0,0 +1,17 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.IdServer.Domains; +using System.Collections.Generic; +using System.Threading; +using System.Threading.Tasks; + +namespace SimpleIdServer.IdServer.Stores; + +public interface IMessageBusErrorStore +{ + Task Get(string id, CancellationToken cancellationToken); + void Add(MessageBusErrorMessage message); + void Delete(MessageBusErrorMessage message); + Task> GetAllByExternalId(List externalIds, CancellationToken cancellationToken); +} diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IPresentationDefinitionStore.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IPresentationDefinitionStore.cs index d25187258..d8dcdabde 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IPresentationDefinitionStore.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IPresentationDefinitionStore.cs @@ -10,6 +10,7 @@ namespace SimpleIdServer.IdServer.Stores; public interface IPresentationDefinitionStore { + void Add(PresentationDefinition presentationDefinition); Task> GetAll(string realm, CancellationToken cancellationToken); Task GetByPublicId(string id, string realm, CancellationToken cancellationToken); } \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IRealmRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IRealmRepository.cs index d52b83367..8425e3b60 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IRealmRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IRealmRepository.cs @@ -1,6 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IScopeRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IScopeRepository.cs index 83f3d67da..6d34d5c9d 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IScopeRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IScopeRepository.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Api.Scopes; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; @@ -10,13 +11,15 @@ namespace SimpleIdServer.IdServer.Stores; public interface IScopeRepository { + Task> Get(List ids, CancellationToken cancellationToken); Task Get(string realm, string id, CancellationToken cancellationToken); Task GetByName(string realm, string scopeName, CancellationToken cancellationToken); Task> GetByNames(string realm, List scopeNames, CancellationToken cancellationToken); Task> GetAllExposedScopes(string realm, CancellationToken cancellationToken); Task> GetAll(string realm, List scopeNames, CancellationToken cancellationToken); + Task> GetAllRealmScopes(string realm, CancellationToken cancellationToken); Task> Search(string realm, SearchScopeRequest request, CancellationToken cancellationToken); void Add(Scope scope); void Update(Scope scope); void DeleteRange(IEnumerable scopes); -} +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IUserRepository.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IUserRepository.cs index 12486dfdb..3f4356305 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IUserRepository.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IUserRepository.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; @@ -31,4 +32,4 @@ public interface IUserRepository Task BulkUpdate(List users); Task BulkUpdate(List userRealms); Task BulkUpdate(List groupUsers); -} +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/Stores/IUserSessionResitory.cs b/src/IdServer/SimpleIdServer.IdServer/Stores/IUserSessionResitory.cs index 1dc4ce1a8..02e7a6f5c 100644 --- a/src/IdServer/SimpleIdServer.IdServer/Stores/IUserSessionResitory.cs +++ b/src/IdServer/SimpleIdServer.IdServer/Stores/IUserSessionResitory.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using System.Collections.Generic; using System.Linq; using System.Threading; diff --git a/src/IdServer/SimpleIdServer.IdServer/UI/AuthProviders/DynamicAuthenticationHandlerProvider.cs b/src/IdServer/SimpleIdServer.IdServer/UI/AuthProviders/DynamicAuthenticationHandlerProvider.cs index b108265c2..3a65e7ca8 100644 --- a/src/IdServer/SimpleIdServer.IdServer/UI/AuthProviders/DynamicAuthenticationHandlerProvider.cs +++ b/src/IdServer/SimpleIdServer.IdServer/UI/AuthProviders/DynamicAuthenticationHandlerProvider.cs @@ -26,6 +26,7 @@ public async Task GetHandlerAsync(HttpContext context, s return value; var scheme = await _authenticationSchemeProvider.GetSIDSchemeAsync(authenticationScheme); + if (scheme == null) return null; var handlerType = scheme.AuthScheme.HandlerType; var handler = context.RequestServices.GetService(handlerType) as IAuthenticationHandler; if (handler == null) diff --git a/src/IdServer/SimpleIdServer.IdServer/UI/AuthProviders/DynamicAuthenticationSchemeProvider.cs b/src/IdServer/SimpleIdServer.IdServer/UI/AuthProviders/DynamicAuthenticationSchemeProvider.cs index 61806effa..62b984d0b 100644 --- a/src/IdServer/SimpleIdServer.IdServer/UI/AuthProviders/DynamicAuthenticationSchemeProvider.cs +++ b/src/IdServer/SimpleIdServer.IdServer/UI/AuthProviders/DynamicAuthenticationSchemeProvider.cs @@ -6,6 +6,7 @@ using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Options; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Middlewares; using SimpleIdServer.IdServer.Options; using SimpleIdServer.IdServer.Stores; @@ -42,7 +43,7 @@ public SIDAuthenticationScheme(AuthenticationScheme authScheme, object optionsMo public class DynamicAuthenticationSchemeProvider : AuthenticationSchemeProvider, ISIDAuthenticationSchemeProvider { - private readonly IdServer.Infrastructures.IHttpClientFactory _httpClientFactory; + private readonly Helpers.IHttpClientFactory _httpClientFactory; private readonly IConfiguration _configuration; private readonly IServiceProvider _serviceProvider; private readonly IdServerHostOptions _options; @@ -53,7 +54,7 @@ public class DynamicAuthenticationSchemeProvider : AuthenticationSchemeProvider, private DateTime? _nextExpirationTime; public DynamicAuthenticationSchemeProvider( - IdServer.Infrastructures.IHttpClientFactory httpClientFactory, + Helpers.IHttpClientFactory httpClientFactory, IConfiguration configuration, IServiceProvider serviceProvider, IOptions opts, @@ -95,7 +96,7 @@ public async Task GetSIDSchemeAsync(string name) var providers = await GetAuthenticationSchemeProviders(); var provider = providers.FirstOrDefault(p => p.Name == name); - return providers == null ? null : Convert(provider); + return provider == null ? null : Convert(provider); } private async Task> GetAuthenticationSchemeProviders() diff --git a/src/IdServer/SimpleIdServer.IdServer/UI/BackChannelConsentsController.cs b/src/IdServer/SimpleIdServer.IdServer/UI/BackChannelConsentsController.cs index 78fb8b29d..eee549e34 100644 --- a/src/IdServer/SimpleIdServer.IdServer/UI/BackChannelConsentsController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/UI/BackChannelConsentsController.cs @@ -24,7 +24,7 @@ public class BackChannelConsentsController : Controller { private readonly IDataProtector _dataProtector; private readonly IClientRepository _clientRepository; - private readonly IdServer.Infrastructures.IHttpClientFactory _httpClientFactory; + private readonly Helpers.IHttpClientFactory _httpClientFactory; private readonly IAuthenticationHelper _authenticationHelper; private readonly IBCAuthorizeRepository _bcAuthorizeRepository; private readonly ILogger _logger; @@ -32,7 +32,7 @@ public class BackChannelConsentsController : Controller public BackChannelConsentsController( IDataProtectionProvider dataProtectionProvider, IClientRepository clientRepository, - IdServer.Infrastructures.IHttpClientFactory httpClientFactory, + Helpers.IHttpClientFactory httpClientFactory, IAuthenticationHelper authenticationHelper, IBCAuthorizeRepository bcAuthorizeRepository, ILogger logger) diff --git a/src/IdServer/SimpleIdServer.IdServer/UI/BaseAuthenticateController.cs b/src/IdServer/SimpleIdServer.IdServer/UI/BaseAuthenticateController.cs index 4595da322..87554fe15 100644 --- a/src/IdServer/SimpleIdServer.IdServer/UI/BaseAuthenticateController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/UI/BaseAuthenticateController.cs @@ -106,7 +106,7 @@ protected async Task Authenticate(string realm, string returnUrl, { if (!IsProtected(returnUrl)) { - return await Sign(realm, returnUrl, currentAmr, user, null, token, rememberLogin.Value); + return await Sign(realm, null, returnUrl, currentAmr, user, null, token, rememberLogin.Value); } var unprotectedUrl = Unprotect(returnUrl); @@ -127,7 +127,7 @@ protected async Task Authenticate(string realm, string returnUrl, rememberLogin = false; } - return await Sign(realm, unprotectedUrl, currentAmr, user, client, token, rememberLogin.Value); + return await Sign(realm, acr, unprotectedUrl, currentAmr, user, client, token, rememberLogin.Value); } using (var transaction = TransactionBuilder.Build()) @@ -144,12 +144,14 @@ protected async Task Authenticate(string realm, string returnUrl, } } - protected async Task Sign(string realm, string returnUrl, string currentAmr, User user, Client client, CancellationToken token, bool rememberLogin = false) + protected async Task Sign(string realm, AuthenticationContextClassReference acr, string returnUrl, string currentAmr, User user, Client client, CancellationToken token, bool rememberLogin = false) { var expirationTimeInSeconds = GetCookieExpirationTimeInSeconds(client); await AddSession(realm, user, client, token, rememberLogin); var offset = DateTimeOffset.UtcNow.AddSeconds(expirationTimeInSeconds); var claims = _userTransformer.Transform(user); + if(acr != null) + claims.Add(new Claim(Constants.UserClaims.Amrs, string.Join(" ", acr.AuthenticationMethodReferences))); var claimsIdentity = new ClaimsIdentity(claims, currentAmr); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); if (rememberLogin) diff --git a/src/IdServer/SimpleIdServer.IdServer/UI/BaseAuthenticationMethodController.cs b/src/IdServer/SimpleIdServer.IdServer/UI/BaseAuthenticationMethodController.cs index 1bae9a575..594c71169 100644 --- a/src/IdServer/SimpleIdServer.IdServer/UI/BaseAuthenticationMethodController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/UI/BaseAuthenticationMethodController.cs @@ -6,6 +6,7 @@ using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Domains; using SimpleIdServer.IdServer.ExternalEvents; @@ -30,12 +31,14 @@ namespace SimpleIdServer.IdServer.UI { public abstract class BaseAuthenticationMethodController : BaseAuthenticateController where T : BaseAuthenticateViewModel { + private readonly IConfiguration _configuration; private readonly IAuthenticationSchemeProvider _authenticationSchemeProvider; private readonly IUserAuthenticationService _authenticationService; private readonly IAntiforgery _antiforgery; private readonly IAuthenticationContextClassReferenceRepository _authenticationContextClassReferenceRepository; public BaseAuthenticationMethodController( + IConfiguration configuration, IOptions options, IAuthenticationSchemeProvider authenticationSchemeProvider, IUserAuthenticationService userAuthenticationService, @@ -53,6 +56,7 @@ public BaseAuthenticationMethodController( IAntiforgery antiforgery, IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(clientRepository, userRepository, userSessionRepository, amrHelper, busControl, userTransformer, dataProtectionProvider, authenticationHelper, transactionBuilder, tokenRepository, jwtBuilder, options) { + _configuration = configuration; _authenticationSchemeProvider = authenticationSchemeProvider; _authenticationService = userAuthenticationService; _antiforgery = antiforgery; @@ -154,7 +158,7 @@ public async virtual Task Index([FromRoute] string prefix, T view } var returnUrl = viewModel.ReturnUrl; - if(!IsProtected(returnUrl)) + if (!IsProtected(returnUrl)) { return Redirect(returnUrl); } @@ -165,10 +169,10 @@ public async virtual Task Index([FromRoute] string prefix, T view viewModel.Realm = prefix; prefix = prefix ?? Constants.DefaultRealm; - if (viewModel == null) + if (viewModel == null) return RedirectToAction("Index", "Errors", new { code = "invalid_request", ReturnUrl = $"{Request.Path}{Request.QueryString}", area = string.Empty }); AmrAuthInfo amrInfo = null; - if(IsProtected(viewModel.ReturnUrl)) + if (IsProtected(viewModel.ReturnUrl)) { var query = ExtractQuery(viewModel.ReturnUrl); var clientId = query.GetClientIdFromAuthorizationRequest(); @@ -189,7 +193,7 @@ public async virtual Task Index([FromRoute] string prefix, T view else authenticationResult = await _authenticationService.Validate(prefix, amrInfo?.UserId, viewModel, token); if (authenticationResult.Status != ValidationStatus.AUTHENTICATE) { - switch(authenticationResult.Status) + switch (authenticationResult.Status) { case ValidationStatus.UNKNOWN_USER: ModelState.AddModelError("unknown_user", "unknown_user"); @@ -201,26 +205,38 @@ await Bus.Publish(new UserLoginFailureEvent }); return View(viewModel); case ValidationStatus.NOCONTENT: - if(!string.IsNullOrWhiteSpace(authenticationResult.ErrorCode) && !string.IsNullOrWhiteSpace(authenticationResult.ErrorMessage)) ModelState.AddModelError(authenticationResult.ErrorCode, authenticationResult.ErrorMessage); + if (!string.IsNullOrWhiteSpace(authenticationResult.ErrorCode) && !string.IsNullOrWhiteSpace(authenticationResult.ErrorMessage)) ModelState.AddModelError(authenticationResult.ErrorCode, authenticationResult.ErrorMessage); return View(viewModel); case ValidationStatus.INVALIDCREDENTIALS: - ModelState.AddModelError("invalid_credential", "invalid_credential"); - await Bus.Publish(new UserLoginFailureEvent + using (var transaction = TransactionBuilder.Build()) { - Realm = prefix, - Amr = Amr, - Login = viewModel.Login - }); - return View(viewModel); + var options = GetOptions(); + ModelState.AddModelError("invalid_credential", "invalid_credential"); + await Bus.Publish(new UserLoginFailureEvent + { + Realm = prefix, + Amr = Amr, + Login = viewModel.Login + }); + if(authenticationResult.AuthenticatedUser != null) + { + authenticationResult.AuthenticatedUser.LoginAttempt(options.MaxLoginAttempts, options.LockTimeInSeconds); + UserRepository.Update(authenticationResult.AuthenticatedUser); + } + + await transaction.Commit(token); + return View(viewModel); + } } } - return await Authenticate(prefix, - viewModel.ReturnUrl, - Amr, - authenticationResult.AuthenticatedUser, - token, - !viewModel.IsFirstAmr ? null : viewModel.RememberLogin); + authenticationResult.AuthenticatedUser.ResetLoginAttempt(); + return await Authenticate(prefix, + viewModel.ReturnUrl, + Amr, + authenticationResult.AuthenticatedUser, + token, + !viewModel.IsFirstAmr ? null : viewModel.RememberLogin); } protected abstract Task CustomAuthenticate(string prefix, string authenticatedUserId, T viewModel, CancellationToken cancellationToken); @@ -271,6 +287,12 @@ protected AmrAuthInfo GetAmrInfo() var amr = JsonSerializer.Deserialize(HttpContext.Request.Cookies[Constants.DefaultCurrentAmrCookieName]); return amr; } + + protected UserLockingOptions GetOptions() + { + var section = _configuration.GetSection(typeof(UserLockingOptions).Name); + return section.Get(); + } } public record UserAuthenticationResult diff --git a/src/IdServer/SimpleIdServer.IdServer/UI/BaseOTPAuthenticateController.cs b/src/IdServer/SimpleIdServer.IdServer/UI/BaseOTPAuthenticateController.cs index f08e38c88..6b07359fb 100644 --- a/src/IdServer/SimpleIdServer.IdServer/UI/BaseOTPAuthenticateController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/UI/BaseOTPAuthenticateController.cs @@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Antiforgery; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.DataProtection; +using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Options; using SimpleIdServer.IdServer.Api; using SimpleIdServer.IdServer.Helpers; @@ -25,6 +26,7 @@ public abstract class BaseOTPAuthenticateController : BaseAuthenticationMetho private readonly IEnumerable _otpAuthenticators; protected BaseOTPAuthenticateController( + IConfiguration configuration, IEnumerable notificationServices, IEnumerable otpAuthenticators, IUserAuthenticationService userAuthenticationService, @@ -42,7 +44,7 @@ protected BaseOTPAuthenticateController( IJwtBuilder jwtBuilder, IBusControl busControl, IAntiforgery antiforgery, - IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(options, authenticationSchemeProvider, userAuthenticationService, dataProtectionProvider, tokenRepository, transactionBuilder, jwtBuilder, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, busControl, antiforgery, authenticationContextClassReferenceRepository) + IAuthenticationContextClassReferenceRepository authenticationContextClassReferenceRepository) : base(configuration, options, authenticationSchemeProvider, userAuthenticationService, dataProtectionProvider, tokenRepository, transactionBuilder, jwtBuilder, authenticationHelper, clientRepository, amrHelper, userRepository, userSessionRepository, userTransformer, busControl, antiforgery, authenticationContextClassReferenceRepository) { _notificationServices = notificationServices; _otpAuthenticators = otpAuthenticators; diff --git a/src/IdServer/SimpleIdServer.IdServer/UI/ExternalAuthenticateController.cs b/src/IdServer/SimpleIdServer.IdServer/UI/ExternalAuthenticateController.cs index 7b615ce33..0d9449a38 100644 --- a/src/IdServer/SimpleIdServer.IdServer/UI/ExternalAuthenticateController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/UI/ExternalAuthenticateController.cs @@ -75,7 +75,7 @@ public async Task Login([FromRoute] string prefix, string scheme, var user = await JustInTimeProvision(prefix, scheme, result, cancellationToken); if (!string.IsNullOrWhiteSpace(returnUrl)) return await Authenticate(prefix, returnUrl, Constants.Areas.Password, user, cancellationToken, false); - return await Sign(prefix, "~/", Constants.Areas.Password, user, null, cancellationToken, false); + return await Sign(prefix, null, "~/", Constants.Areas.Password, user, null, cancellationToken, false); } var items = new Dictionary @@ -114,7 +114,7 @@ public async Task Callback([FromRoute] string prefix, Cancellatio if (result.Properties.Items.ContainsKey(RETURN_URL_NAME)) return await Authenticate(prefix, result.Properties.Items[RETURN_URL_NAME], Constants.Areas.Password, user, cancellationToken, false); - return await Sign(prefix, "~/", Constants.Areas.Password, user, null, cancellationToken, false); + return await Sign(prefix, null, "~/", Constants.Areas.Password, user, null, cancellationToken, false); } private async Task JustInTimeProvision(string realm, string scheme, AuthenticateResult authResult, CancellationToken cancellationToken) diff --git a/src/IdServer/SimpleIdServer.IdServer/UI/HomeController.cs b/src/IdServer/SimpleIdServer.IdServer/UI/HomeController.cs index 6de1ce5e3..52b96a560 100644 --- a/src/IdServer/SimpleIdServer.IdServer/UI/HomeController.cs +++ b/src/IdServer/SimpleIdServer.IdServer/UI/HomeController.cs @@ -412,7 +412,8 @@ async Task> GetConsents() var oauthClients = await _clientRepository.GetByClientIds(prefix, clientIds, cancellationToken); foreach (var consent in filteredConsents) { - var oauthClient = oauthClients.Single(c => c.ClientId == consent.ClientId); + var oauthClient = oauthClients.SingleOrDefault(c => c.ClientId == consent.ClientId); + if (oauthClient == null) continue; consents.Add(new ConsentViewModel( consent.Id, string.IsNullOrWhiteSpace(oauthClient.ClientName) ? oauthClient.ClientId : oauthClient.ClientName, diff --git a/src/IdServer/SimpleIdServer.IdServer/UI/Services/BaseOTPAuthenticationService.cs b/src/IdServer/SimpleIdServer.IdServer/UI/Services/BaseOTPAuthenticationService.cs index 2b2f09a92..3b58984f1 100644 --- a/src/IdServer/SimpleIdServer.IdServer/UI/Services/BaseOTPAuthenticationService.cs +++ b/src/IdServer/SimpleIdServer.IdServer/UI/Services/BaseOTPAuthenticationService.cs @@ -32,10 +32,11 @@ protected override async Task Validate(string realm protected override Task Validate(string realm, User authenticatedUser, BaseOTPAuthenticateViewModel viewModel, CancellationToken cancellationToken) { + if (authenticatedUser.IsBlocked()) return Task.FromResult(CredentialsValidationResult.Error("user_blocked", "user_blocked")); if (authenticatedUser.ActiveOTP == null) return Task.FromResult(CredentialsValidationResult.Error("no_active_otp", "no_active_otp")); var activeOtp = authenticatedUser.ActiveOTP; var otpAuthenticator = _otpAuthenticators.Single(a => a.Alg == activeOtp.OTPAlg); - if (!otpAuthenticator.Verify(viewModel.OTPCode, activeOtp)) return Task.FromResult(CredentialsValidationResult.Error(ValidationStatus.INVALIDCREDENTIALS)); + if (!otpAuthenticator.Verify(viewModel.OTPCode, activeOtp)) return Task.FromResult(CredentialsValidationResult.InvalidCredentials(authenticatedUser)); return Task.FromResult(CredentialsValidationResult.Ok(authenticatedUser)); } } diff --git a/src/IdServer/SimpleIdServer.IdServer/UI/Services/IUserAuthenticationService.cs b/src/IdServer/SimpleIdServer.IdServer/UI/Services/IUserAuthenticationService.cs index e1f14ea9d..352024f34 100644 --- a/src/IdServer/SimpleIdServer.IdServer/UI/Services/IUserAuthenticationService.cs +++ b/src/IdServer/SimpleIdServer.IdServer/UI/Services/IUserAuthenticationService.cs @@ -19,7 +19,8 @@ public enum ValidationStatus AUTHENTICATE = 0, INVALIDCREDENTIALS = 1, NOCONTENT = 2, - UNKNOWN_USER = 3 + UNKNOWN_USER = 3, + BLOCKED = 4 } public record CredentialsValidationResult @@ -44,6 +45,11 @@ private CredentialsValidationResult(ValidationStatus status) public static CredentialsValidationResult Error(ValidationStatus status) => new CredentialsValidationResult(status); + public static CredentialsValidationResult InvalidCredentials(User authenticatedUser) => new CredentialsValidationResult(ValidationStatus.INVALIDCREDENTIALS) + { + AuthenticatedUser = authenticatedUser + }; + public static CredentialsValidationResult Error(string errorCode, string errorMessage) => new CredentialsValidationResult(ValidationStatus.NOCONTENT) { ErrorCode = errorCode, diff --git a/src/IdServer/SimpleIdServer.IdServer/UI/UserLockingOptions.cs b/src/IdServer/SimpleIdServer.IdServer/UI/UserLockingOptions.cs new file mode 100644 index 000000000..714125ceb --- /dev/null +++ b/src/IdServer/SimpleIdServer.IdServer/UI/UserLockingOptions.cs @@ -0,0 +1,11 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +namespace SimpleIdServer.IdServer.UI; + +public class UserLockingOptions +{ + [ConfigurationRecord("Account lock time", "Lock time of the user account (in seconds)", order: 1)] + public int LockTimeInSeconds { get; set; } + [ConfigurationRecord("Max login attempts", "Number of login attempts", order: 2)] + public int MaxLoginAttempts { get; set; } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.IdServer/WebApplicationExtensions.cs b/src/IdServer/SimpleIdServer.IdServer/WebApplicationExtensions.cs index b43d512f6..bde55e622 100644 --- a/src/IdServer/SimpleIdServer.IdServer/WebApplicationExtensions.cs +++ b/src/IdServer/SimpleIdServer.IdServer/WebApplicationExtensions.cs @@ -47,6 +47,10 @@ public static WebApplication UseSID(this WebApplication webApplication, bool coo pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.Authorization, defaults: new { controller = "Authorization", action = "Get" }); + webApplication.SidMapControllerRoute("authorizationCallback", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.AuthorizationCallback, + defaults: new { controller = "Authorization", action = "Callback" }); + webApplication.SidMapControllerRoute("token", pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.Token, defaults: new { controller = "Token", action = "Post" }); @@ -75,6 +79,7 @@ public static WebApplication UseSID(this WebApplication webApplication, bool coo pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.Registration + "/{id?}", defaults: new { controller = "Registration", action = "Update" }); + webApplication.SidMapControllerRoute("userInfoGet", pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.UserInfo, defaults: new { controller = "UserInfo", action = "Get" }); @@ -96,7 +101,7 @@ public static WebApplication UseSID(this WebApplication webApplication, bool coo pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.MtlsPrefix + "/" + Constants.EndPoints.TokenRevoke, defaults: new { controller = "Token", action = "Revoke" }); - if(opts.IsBCEnabled) + if (opts.IsBCEnabled) { webApplication.SidMapControllerRoute("bcAuthorizeMtls", pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.MtlsBCAuthorize, @@ -104,7 +109,7 @@ public static WebApplication UseSID(this WebApplication webApplication, bool coo } } - if(opts.IsBCEnabled) + if (opts.IsBCEnabled) { // Occurs every 15 seconds. reccuringJobManager.AddOrUpdate(nameof(BCNotificationJob), j => webApplication.Services.GetRequiredService().Execute(), "*/15 * * * * *"); @@ -117,7 +122,7 @@ public static WebApplication UseSID(this WebApplication webApplication, bool coo defaults: new { controller = "BCCallback", action = "Post" }); } - if(opts.IsUMAEnabled) + if (opts.IsUMAEnabled) { webApplication.SidMapControllerRoute("umaConfiguration", pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.UMAConfiguration, @@ -157,6 +162,13 @@ public static WebApplication UseSID(this WebApplication webApplication, bool coo defaults: new { controller = "UMAResources", action = "DeletePermissions" }); } + webApplication.SidMapControllerRoute("relaunchErrorMessage", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.ErrorMessages + "/{id}/relaunch", + defaults: new { controller = "ErrorMessages", action = "Relaunch" }); + webApplication.SidMapControllerRoute("relaunchErrorMessagesByExternalid", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.ErrorMessages + "/relaunch", + defaults: new { controller = "ErrorMessages", action = "RelaunchAllByExternalId" }); + webApplication.SidMapControllerRoute("getGrant", pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.Grants + "/{id}", defaults: new { controller = "Grants", action = "Get" }); @@ -353,6 +365,12 @@ public static WebApplication UseSID(this WebApplication webApplication, bool coo pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.FidoConfiguration, defaults: new { controller = "FidoConfiguration", action = "Index" }); + webApplication.SidMapControllerRoute("GetUserLockingOptions", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.AuthMethods + "/userlockingoptions", + defaults: new { controller = "AuthenticationMethods", action = "GetUserLockingOptions" }); + webApplication.SidMapControllerRoute("UpdateUserLockingOptions", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.AuthMethods + "/userlockingoptions", + defaults: new { controller = "AuthenticationMethods", action = "UpdateUserLockingOptions" }); webApplication.SidMapControllerRoute("getAllAuthMethods", pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.AuthMethods, defaults: new { controller = "AuthenticationMethods", action = "GetAll" }); @@ -393,6 +411,9 @@ public static WebApplication UseSID(this WebApplication webApplication, bool coo pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.Auditing + "/.search", defaults: new { controller = "Auditing", action = "Search" }); + webApplication.SidMapControllerRoute("getAllRealmScopes", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.Scopes + "/realmscopes", + defaults: new { controller = "Scopes", action = "GetAllRealmScopes" }); webApplication.SidMapControllerRoute("searchScopes", pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.Scopes + "/.search", defaults: new { controller = "Scopes", action = "Search" }); @@ -494,6 +515,9 @@ public static WebApplication UseSID(this WebApplication webApplication, bool coo webApplication.SidMapControllerRoute("addClientRole", pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.Clients + "/{id}/roles", defaults: new { controller = "Clients", action = "AddRole" }); + webApplication.SidMapControllerRoute("updateClientRealms", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.Clients + "/{id}/realms", + defaults: new { controller = "Clients", action = "UpdateRealms" }); webApplication.SidMapControllerRoute("searchGroups", pattern: (usePrefix ? "{prefix}/" : string.Empty) + Constants.EndPoints.Groups + "/.search", @@ -527,6 +551,18 @@ public static WebApplication UseSID(this WebApplication webApplication, bool coo webApplication.SidMapControllerRoute("addRealm", pattern: Constants.EndPoints.Realms, defaults: new { controller = "Realms", action = "Add" }); + webApplication.SidMapControllerRoute("searchRealmRoles", + pattern: Constants.EndPoints.Realms + "/{id}/roles/.search", + defaults: new { controller = "Realms", action = "SearchRoles" }); + webApplication.SidMapControllerRoute("getRealmRole", + pattern: Constants.EndPoints.Realms + "/{id}/roles/{roleId}", + defaults: new { controller = "Realms", action = "GetRole" }); + webApplication.SidMapControllerRoute("removeRealmRole", + pattern: Constants.EndPoints.Realms + "/{id}/roles/{roleId}", + defaults: new { controller = "Realms", action = "RemoveRole" }); + webApplication.SidMapControllerRoute("updateRealmRoles", + pattern: Constants.EndPoints.Realms + "/{id}/roles/{roleId}", + defaults: new { controller = "Realms", action = "UpdateRoleScopes" }); webApplication.SidMapControllerRoute("getAllLanguages", pattern: Constants.EndPoints.Languages, diff --git a/src/IdServer/SimpleIdServer.OpenIdConnect/CustomOpenIdConnectHandler.cs b/src/IdServer/SimpleIdServer.OpenIdConnect/CustomOpenIdConnectHandler.cs index 5a63c29ae..5d63fb07c 100644 --- a/src/IdServer/SimpleIdServer.OpenIdConnect/CustomOpenIdConnectHandler.cs +++ b/src/IdServer/SimpleIdServer.OpenIdConnect/CustomOpenIdConnectHandler.cs @@ -9,9 +9,11 @@ using Microsoft.Extensions.Options; using Microsoft.Extensions.Primitives; using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Protocols; using Microsoft.IdentityModel.Protocols.OpenIdConnect; using Microsoft.IdentityModel.Tokens; using SimpleIdServer.DPoP; +using SimpleIdServer.IdServer.Helpers; using System; using System.Collections.Generic; using System.Globalization; @@ -33,6 +35,8 @@ namespace SimpleIdServer.OpenIdConnect { public class CustomOpenIdConnectHandler : RemoteAuthenticationHandler, IAuthenticationSignOutHandler { + private Dictionary> RealmConfigurationManagers = new Dictionary>(); + private Dictionary RealmOpenidConfigurations = new Dictionary(); private const string NonceProperty = "N"; private const string HeaderValueEpocDate = "Thu, 01 Jan 1970 00:00:00 GMT"; private const string PushedAuthorizationRequestEndpoint = "pushed_authorization_request_endpoint"; @@ -68,6 +72,16 @@ public CustomOpenIdConnectHandler(IOptionsMonitor op { } + public override Task ShouldHandleRequestAsync() + { + if(Options.IsRealmEnabled) + { + return Task.FromResult($"/{RealmContext.Instance().Realm}{Options.CallbackPath}" == Request.Path); + } + + return Task.FromResult(Options.CallbackPath == Request.Path); + } + public override Task HandleRequestAsync() { if (Options.RemoteSignOutPath.HasValue && Options.RemoteSignOutPath == Request.Path) @@ -246,15 +260,11 @@ public async Task SignOutAsync(AuthenticationProperties properties) Logger.EnteringOpenIdAuthenticationHandlerHandleSignOutAsync(GetType().FullName!); - if (_configuration == null && Options.ConfigurationManager != null) - { - _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); - } - + var configuration = await GetConfiguration(); var message = new OpenIdConnectMessage() { EnableTelemetryParameters = !Options.DisableTelemetry, - IssuerAddress = _configuration?.EndSessionEndpoint ?? string.Empty, + IssuerAddress = configuration?.EndSessionEndpoint ?? string.Empty, // Redirect back to SigneOutCallbackPath first before user agent is redirected to actual post logout redirect uri PostLogoutRedirectUri = BuildRedirectUriIfRelative(Options.SignedOutCallbackPath) @@ -456,13 +466,10 @@ protected async override Task HandleRemoteAuthenticateAsync return HandleRequestResult.Fail(CreateOpenIdConnectProtocolException(authorizationResponse, response: null), properties); } - if (_configuration == null && Options.ConfigurationManager != null) - { - Logger.UpdatingConfiguration(); - _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); - } - PopulateSessionProperties(authorizationResponse, properties); + var configuration = await GetConfiguration(); + + PopulateSessionProperties(authorizationResponse, properties, configuration); ClaimsPrincipal? user = null; JwtSecurityToken? jwt = null; @@ -473,7 +480,7 @@ protected async override Task HandleRemoteAuthenticateAsync if (!string.IsNullOrEmpty(authorizationResponse.IdToken)) { Logger.ReceivedIdToken(); - user = ValidateToken(authorizationResponse.IdToken, properties, validationParameters, out jwt); + user = ValidateToken(authorizationResponse.IdToken, properties, validationParameters, configuration, out jwt); nonce = jwt.Payload.Nonce; if (!string.IsNullOrEmpty(nonce)) @@ -521,7 +528,7 @@ protected async override Task HandleRemoteAuthenticateAsync if (!authorizationCodeReceivedContext.HandledCodeRedemption) { - tokenEndpointResponse = await RedeemAuthorizationCodeAsync(tokenEndpointRequest!); + tokenEndpointResponse = await RedeemAuthorizationCodeAsync(tokenEndpointRequest!, configuration: configuration); } var tokenResponseReceivedContext = await RunTokenResponseReceivedEventAsync(authorizationResponse, tokenEndpointResponse!, user, properties); @@ -541,7 +548,7 @@ protected async override Task HandleRemoteAuthenticateAsync // At least a cursory validation is required on the new IdToken, even if we've already validated the one from the authorization response. // And we'll want to validate the new JWT in ValidateTokenResponse. - var tokenEndpointUser = ValidateToken(tokenEndpointResponse.IdToken, properties, validationParameters, out var tokenEndpointJwt); + var tokenEndpointUser = ValidateToken(tokenEndpointResponse.IdToken, properties, validationParameters, configuration, out var tokenEndpointJwt); // Avoid reading & deleting the nonce cookie, running the event, etc, if it was already done as part of the authorization response validation. if (user == null) @@ -595,7 +602,7 @@ protected async override Task HandleRemoteAuthenticateAsync if (Options.GetClaimsFromUserInfoEndpoint) { - return await GetUserInformationAsync(tokenEndpointResponse ?? authorizationResponse, jwt!, user!, properties!); + return await GetUserInformationAsync(tokenEndpointResponse ?? authorizationResponse, jwt!, user!, properties!, configuration); } else { @@ -644,10 +651,9 @@ protected async Task ExtractAuthorizationResponse var response = dic.First(kvp => kvp.Key == ResponseParameterName).Value[0]; var handler = new JsonWebTokenHandler(); var payload = handler.ReadJsonWebToken(response); - if (_configuration == null && Options.ConfigurationManager != null) - _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); + var configuration = await GetConfiguration(); - var jsonWebKey = _configuration.JsonWebKeySet.Keys.FirstOrDefault(k => k.KeyId == payload.Kid); + var jsonWebKey = configuration.JsonWebKeySet.Keys.FirstOrDefault(k => k.KeyId == payload.Kid); if (jsonWebKey == null) return new AuthorizationExtractionResult { IsValid = false, ErrorResult = CustomHandlerRequestResults.UnknownJWK }; var validationResult = new JsonWebTokenHandler().ValidateToken(response, new TokenValidationParameters @@ -675,9 +681,10 @@ protected async Task ExtractAuthorizationResponse /// which is used to determine if the remote authentication was successful. protected virtual async Task GetUserInformationAsync( OpenIdConnectMessage message, JwtSecurityToken jwt, - ClaimsPrincipal principal, AuthenticationProperties properties) + ClaimsPrincipal principal, AuthenticationProperties properties, + OpenIdConnectConfiguration configuration) { - var userInfoEndpoint = _configuration?.UserInfoEndpoint; + var userInfoEndpoint = configuration?.UserInfoEndpoint; if (string.IsNullOrEmpty(userInfoEndpoint)) { @@ -833,18 +840,14 @@ private async Task HandleChallengeAsyncInternal(AuthenticationProperties propert } Logger.PostAuthenticationLocalRedirect(properties.RedirectUri); - if (_configuration == null && Options.ConfigurationManager != null) - { - _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); - } - - CheckOptions(); + var configuration = await GetConfiguration(); + CheckOptions(configuration); var message = new OpenIdConnectMessage { ClientId = Options.ClientId, EnableTelemetryParameters = !Options.DisableTelemetry, - IssuerAddress = _configuration?.AuthorizationEndpoint ?? string.Empty, - RedirectUri = properties.GetParameter(OpenIdConnectParameterNames.RedirectUri) ?? BuildRedirectUri(Options.CallbackPath), + IssuerAddress = configuration?.AuthorizationEndpoint ?? string.Empty, + RedirectUri = properties.GetParameter(OpenIdConnectParameterNames.RedirectUri) ?? BuildRedirectUri(Options.IsRealmEnabled ? $"/{RealmContext.Instance().Realm}{Options.CallbackPath}" : Options.CallbackPath), Resource = Options.Resource, ResponseType = Options.ResponseType, Prompt = properties.GetParameter(OpenIdConnectParameterNames.Prompt) ?? Options.Prompt, @@ -895,6 +898,7 @@ private async Task HandleChallengeAsyncInternal(AuthenticationProperties propert WriteNonceCookie(message.Nonce); } + Options.CorrelationCookie.Path = Options.IsRealmEnabled ? $"/{RealmContext.Instance().Realm}{Options.CallbackPath}" : Options.CallbackPath; GenerateCorrelationId(properties); var redirectContext = new RedirectContext(Context, Scheme, Options, properties) @@ -927,7 +931,7 @@ private async Task HandleChallengeAsyncInternal(AuthenticationProperties propert "Cannot redirect to the authorization endpoint, the configuration may be missing or invalid."); } - await BuildAuthorizationRequest(message); + await BuildAuthorizationRequest(message, configuration); if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet) { var redirectUri = message.CreateAuthenticationRequestUrl(); @@ -966,6 +970,7 @@ private void WriteNonceCookie(string nonce) throw new ArgumentNullException(nameof(nonce)); } + Options.NonceCookie.Path = Options.IsRealmEnabled ? $"/{RealmContext.Instance().Realm}{Options.CallbackPath}" : Options.CallbackPath; var cookieOptions = Options.NonceCookie.Build(Context, Clock.UtcNow); Response.Cookies.Append( @@ -1210,7 +1215,7 @@ private async Task RunAuthenticationFailedEventAsyn } // Note this modifies properties if Options.UseTokenLifetime - private ClaimsPrincipal ValidateToken(string idToken, AuthenticationProperties properties, TokenValidationParameters validationParameters, out JwtSecurityToken jwt) + private ClaimsPrincipal ValidateToken(string idToken, AuthenticationProperties properties, TokenValidationParameters validationParameters, OpenIdConnectConfiguration configuration, out JwtSecurityToken jwt) { if (!Options.SecurityTokenValidator.CanReadToken(idToken)) { @@ -1218,13 +1223,13 @@ private ClaimsPrincipal ValidateToken(string idToken, AuthenticationProperties p throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.UnableToValidateToken, idToken)); } - if (_configuration != null) + if (configuration != null) { - var issuer = new[] { _configuration.Issuer }; + var issuer = new[] { configuration.Issuer }; validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(issuer) ?? issuer; - validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys) - ?? _configuration.SigningKeys; + validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(configuration.SigningKeys) + ?? configuration.SigningKeys; } var principal = Options.SecurityTokenValidator.ValidateToken(idToken, validationParameters, out SecurityToken validatedToken); @@ -1262,7 +1267,7 @@ private ClaimsPrincipal ValidateToken(string idToken, AuthenticationProperties p return principal; } - private async Task BuildAuthorizationRequest(OpenIdConnectMessage message) + private async Task BuildAuthorizationRequest(OpenIdConnectMessage message, OpenIdConnectConfiguration configuration) { if (Options.RequestType == RequestTypes.NONE) return; switch (Options.RequestType) @@ -1287,7 +1292,7 @@ private async Task BuildAuthorizationRequest(OpenIdConnectMessage message) return; } - var parUrl = _configuration.AdditionalData[PushedAuthorizationRequestEndpoint].ToString(); + var parUrl = configuration.AdditionalData[PushedAuthorizationRequestEndpoint].ToString(); var dic = new Dictionary { { RequestParameterName, request }, @@ -1311,15 +1316,15 @@ private async Task BuildAuthorizationRequest(OpenIdConnectMessage message) throw new NotImplementedException($"Request {Options.RequestType} is not yet implemented"); } - private void CheckOptions() + private void CheckOptions(OpenIdConnectConfiguration configuration) { if ((Options.RequestType == RequestTypes.REQUEST || Options.RequestType == RequestTypes.PAR) && Options.SigningCredentials == null) throw new InvalidOperationException("SigningCredentials is required when request type is equals to request"); - if(!_configuration.AdditionalData.ContainsKey(PushedAuthorizationRequestEndpoint) && Options.RequestType == RequestTypes.PAR) + if(!configuration.AdditionalData.ContainsKey(PushedAuthorizationRequestEndpoint) && Options.RequestType == RequestTypes.PAR) throw new InvalidOperationException("Identity Server doesn't support PAR request"); - if (_configuration.AdditionalData.ContainsKey(RequirePushedAuthorizationRequests) && bool.TryParse(_configuration.AdditionalData[RequirePushedAuthorizationRequests].ToString(), out bool requiredPushedAuthorizationRequests) && requiredPushedAuthorizationRequests && Options.RequestType != RequestTypes.PAR) + if (configuration.AdditionalData.ContainsKey(RequirePushedAuthorizationRequests) && bool.TryParse(configuration.AdditionalData[RequirePushedAuthorizationRequests].ToString(), out bool requiredPushedAuthorizationRequests) && requiredPushedAuthorizationRequests && Options.RequestType != RequestTypes.PAR) throw new InvalidOperationException("Pushed Authorization Request must be used"); if (Options.ClientAuthenticationType == ClientAuthenticationTypes.CLIENT_SECRET_POST && string.IsNullOrWhiteSpace(Options.ClientSecret)) @@ -1338,16 +1343,16 @@ private class PARResponse public string RequestUri { get; set; } } - private void PopulateSessionProperties(OpenIdConnectMessage message, AuthenticationProperties properties) + private void PopulateSessionProperties(OpenIdConnectMessage message, AuthenticationProperties properties, OpenIdConnectConfiguration configuration) { if (!string.IsNullOrEmpty(message.SessionState)) { properties.Items[OpenIdConnectSessionProperties.SessionState] = message.SessionState; } - if (!string.IsNullOrEmpty(_configuration?.CheckSessionIframe)) + if (!string.IsNullOrEmpty(configuration?.CheckSessionIframe)) { - properties.Items[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe; + properties.Items[OpenIdConnectSessionProperties.CheckSessionIFrame] = configuration.CheckSessionIframe; } } @@ -1356,10 +1361,10 @@ private void PopulateSessionProperties(OpenIdConnectMessage message, Authenticat /// /// The request that will be sent to the token endpoint and is available for customization. /// OpenIdConnect message that has tokens inside it. - protected virtual async Task RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest, string dpopNonce = null) + protected virtual async Task RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest, string dpopNonce = null, OpenIdConnectConfiguration configuration = null) { Logger.RedeemingCodeForTokens(); - var requestMessage = new HttpRequestMessage(HttpMethod.Post, tokenEndpointRequest.TokenEndpoint ?? _configuration?.TokenEndpoint); + var requestMessage = new HttpRequestMessage(HttpMethod.Post, tokenEndpointRequest.TokenEndpoint ?? configuration?.TokenEndpoint); requestMessage.Content = new FormUrlEncodedContent(tokenEndpointRequest.Parameters); HttpResponseMessage responseMessage = null; switch(Options.ClientAuthenticationType) @@ -1371,7 +1376,7 @@ protected virtual async Task RedeemAuthorizationCodeAsync( else responseMessage = await Backchannel.SendAsync(requestMessage, Context.RequestAborted); break; case ClientAuthenticationTypes.TLS_CLIENT_AUTH: - var mtlsEndpointAliases = _configuration.AdditionalData[MtlsEndpointAliasesName]; + var mtlsEndpointAliases = configuration.AdditionalData[MtlsEndpointAliasesName]; var type = mtlsEndpointAliases.GetType(); var getValueMethod = type.GetMethods(System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.Public).First(m => m.Name == "GetValue" && m.GetParameters().Length == 1); var val = getValueMethod.Invoke(mtlsEndpointAliases, new object[] { TokenEndpointParameterName }); @@ -1420,7 +1425,7 @@ protected virtual async Task RedeemAuthorizationCodeAsync( if (!responseMessage.IsSuccessStatusCode) { - if (message.Error == "use_dpop_nonce") return await RedeemAuthorizationCodeAsync(tokenEndpointRequest, responseMessage.Headers.First(h => h.Key == "DPoP-Nonce").Value.First()); + if (message.Error == "use_dpop_nonce") return await RedeemAuthorizationCodeAsync(tokenEndpointRequest, responseMessage.Headers.First(h => h.Key == "DPoP-Nonce").Value.First(), configuration); throw CreateOpenIdConnectProtocolException(message, responseMessage); } @@ -1430,7 +1435,7 @@ async Task RequestTokenWithDPoP() { RotateDPoPSecurityKey(); var handler = new DPoPHandler(); - var dpop = handler.Create("POST", _configuration.TokenEndpoint, _dPoPSecurityKey, SecurityAlgorithms.EcdsaSha256, dpopNonce); + var dpop = handler.Create("POST", configuration.TokenEndpoint, _dPoPSecurityKey, SecurityAlgorithms.EcdsaSha256, dpopNonce); requestMessage.Headers.Add("DPoP", dpop.Token); return await Backchannel.SendAsync(requestMessage, Context.RequestAborted); } @@ -1463,6 +1468,46 @@ private string BuildRedirectUriIfRelative(string uri) return BuildRedirectUri(uri); } + private async Task GetConfiguration() + { + if (this.Options.IsRealmEnabled) + { + var realm = RealmContext.Instance().Realm ?? "master"; + if (!RealmConfigurationManagers.ContainsKey(realm)) + { + var metadataAdr = Options.Authority; + if (!metadataAdr.EndsWith('/')) + metadataAdr += "/"; + metadataAdr += $"{realm}/.well-known/openid-configuration"; + var configurationManager = new ConfigurationManager(metadataAdr, new OpenIdConnectConfigurationRetriever(), new HttpDocumentRetriever(Options.Backchannel) + { + RequireHttps = Options.RequireHttpsMetadata + }) + { + RefreshInterval = Options.RefreshInterval, + AutomaticRefreshInterval = Options.AutomaticRefreshInterval + }; + RealmConfigurationManagers.Add(realm, configurationManager); + } + + if(!RealmOpenidConfigurations.ContainsKey(realm)) + { + var configuration = await RealmConfigurationManagers[realm].GetConfigurationAsync(Context.RequestAborted); + RealmOpenidConfigurations.Add(realm, configuration); + } + + return RealmOpenidConfigurations[realm]; + } + + if (_configuration == null && Options.ConfigurationManager != null) + { + Logger.UpdatingConfiguration(); + _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); + } + + return _configuration; + } + private OpenIdConnectProtocolException CreateOpenIdConnectProtocolException(OpenIdConnectMessage message, HttpResponseMessage? response) { var description = message.ErrorDescription ?? "error_description is null"; diff --git a/src/IdServer/SimpleIdServer.OpenIdConnect/CustomOpenIdConnectOptions.cs b/src/IdServer/SimpleIdServer.OpenIdConnect/CustomOpenIdConnectOptions.cs index 6ab1cbb1d..e27fd7bba 100644 --- a/src/IdServer/SimpleIdServer.OpenIdConnect/CustomOpenIdConnectOptions.cs +++ b/src/IdServer/SimpleIdServer.OpenIdConnect/CustomOpenIdConnectOptions.cs @@ -21,6 +21,7 @@ public class CustomOpenIdConnectOptions : OpenIdConnectOptions public bool IsDPoPUsed { get; private set; } = false; public bool IsDPoPNonceEnabled { get; private set; } = false; public double DPoPSecurityKeyRotationInSeconds { get; private set; } = 5 * 60; + public bool IsRealmEnabled { get; set; } = false; /// /// Use MTLS as Proof of Possession. @@ -50,6 +51,13 @@ public void UseDPoPProof(SigningCredentials signingCredentials, bool isNonceEnab DPoPSecurityKeyRotationInSeconds = dpopSecuritykeyRotationInSeconds; } + public void UseFederationAutomaticRegistration(SigningCredentials signingCredentials) + { + RequestType = RequestTypes.REQUEST; + ClientAuthenticationType = ClientAuthenticationTypes.PRIVATE_KEY_JWT; + SigningCredentials = signingCredentials; + } + /// /// Send large authorization by using PAR. /// diff --git a/src/IdServer/SimpleIdServer.OpenIdConnect/SimpleIdServer.OpenIdConnect.csproj b/src/IdServer/SimpleIdServer.OpenIdConnect/SimpleIdServer.OpenIdConnect.csproj index 2c5882672..63af357c9 100644 --- a/src/IdServer/SimpleIdServer.OpenIdConnect/SimpleIdServer.OpenIdConnect.csproj +++ b/src/IdServer/SimpleIdServer.OpenIdConnect/SimpleIdServer.OpenIdConnect.csproj @@ -5,9 +5,11 @@ + + diff --git a/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/Configurations/FederationEntityConfiguration.cs b/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/Configurations/FederationEntityConfiguration.cs new file mode 100644 index 000000000..452d525d5 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/Configurations/FederationEntityConfiguration.cs @@ -0,0 +1,16 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Metadata.Builders; +using SimpleIdServer.OpenidFederation.Domains; + +namespace SimpleIdServer.OpenidFederation.Store.EF.Configurations; + +public class FederationEntityConfiguration : IEntityTypeConfiguration +{ + public void Configure(EntityTypeBuilder builder) + { + builder.HasKey(f => f.Id); + } +} diff --git a/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/OpenidFederationDbContext.cs b/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/OpenidFederationDbContext.cs new file mode 100644 index 000000000..77ca16623 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/OpenidFederationDbContext.cs @@ -0,0 +1,21 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.EntityFrameworkCore; +using SimpleIdServer.OpenidFederation.Domains; +using SimpleIdServer.OpenidFederation.Store.EF.Configurations; + +namespace SimpleIdServer.OpenidFederation.Store.EF; + +public class OpenidFederationDbContext : DbContext +{ + public OpenidFederationDbContext(DbContextOptions options) : base(options) { } + + public DbSet FederationEntities { get; set; } + + protected override void OnModelCreating(ModelBuilder modelBuilder) + { + base.OnModelCreating(modelBuilder); + modelBuilder.ApplyConfiguration(new FederationEntityConfiguration()); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/ServiceCollectionExtensions.cs b/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/ServiceCollectionExtensions.cs new file mode 100644 index 000000000..dcaf677e6 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/ServiceCollectionExtensions.cs @@ -0,0 +1,19 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.EntityFrameworkCore; +using SimpleIdServer.OpenidFederation.Store.EF; +using SimpleIdServer.OpenidFederation.Store.EF.Stores; +using SimpleIdServer.OpenidFederation.Stores; + +namespace Microsoft.Extensions.DependencyInjection; + +public static class ServiceCollectionExtensions +{ + public static IServiceCollection AddOpenidFederationStore(this IServiceCollection services, Action cb = null) + { + if (cb != null) services.AddDbContext(cb); + else services.AddDbContext(c => c.UseInMemoryDatabase("openidFederation")); + services.AddTransient(); + return services; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/SimpleIdServer.OpenidFederation.Store.EF.csproj b/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/SimpleIdServer.OpenidFederation.Store.EF.csproj new file mode 100644 index 000000000..9a8600ba7 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/SimpleIdServer.OpenidFederation.Store.EF.csproj @@ -0,0 +1,16 @@ + + + net8.0 + enable + enable + Use EF to store federation entity. + + + + + + + + + + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/Stores/FederationEntityStore.cs b/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/Stores/FederationEntityStore.cs new file mode 100644 index 000000000..386293ba0 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation.Store.EF/Stores/FederationEntityStore.cs @@ -0,0 +1,77 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.EntityFrameworkCore; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.OpenidFederation.Domains; +using SimpleIdServer.OpenidFederation.Stores; +using System.Linq.Dynamic.Core; + +namespace SimpleIdServer.OpenidFederation.Store.EF.Stores; + +public class FederationEntityStore : IFederationEntityStore +{ + private readonly OpenidFederationDbContext _dbContext; + + public FederationEntityStore(OpenidFederationDbContext dbContext) + { + _dbContext = dbContext; + } + + public Task GetSubordinate(string sub, string realm, CancellationToken cancellationToken) + { + return _dbContext.FederationEntities.FirstOrDefaultAsync(r => r.Sub == sub && r.Realm == realm && r.IsSubordinate == true, cancellationToken); + } + + public Task> GetAllSubordinates(string realm, CancellationToken cancellationToken) + { + return _dbContext.FederationEntities.Where(f => f.Realm == realm && f.IsSubordinate == true).ToListAsync(cancellationToken); + } + + public Task> GetAllAuthorities(string realm, CancellationToken cancellationToken) + { + return _dbContext.FederationEntities.Where(f => f.Realm == realm && f.IsSubordinate == false).ToListAsync(cancellationToken); + } + + public void Add(FederationEntity federationEntity) + { + _dbContext.FederationEntities.Add(federationEntity); + } + + public Task GetByUrl(string realm, string url, CancellationToken cancellationToken) + { + return _dbContext.FederationEntities.SingleOrDefaultAsync(f => f.Sub == url && f.Realm == realm, cancellationToken); + } + + public async Task> Search(string realm, SearchRequest request, CancellationToken cancellationToken) + { + IQueryable query = _dbContext.FederationEntities + .Where(p => p.Realm == realm) + .AsNoTracking(); + if (!string.IsNullOrWhiteSpace(request.Filter)) + query = query.Where(request.Filter); + + if (!string.IsNullOrWhiteSpace(request.OrderBy)) + query = query.OrderBy(request.OrderBy); + else + query = query.OrderByDescending(r => r.CreateDateTime); + + var nb = query.Count(); + var federationEntities = await query.Skip(request.Skip.Value).Take(request.Take.Value).ToListAsync(); + return new SearchResult + { + Count = nb, + Content = federationEntities + }; + } + + public Task Get(string id, CancellationToken cancellationToken) + { + return _dbContext.FederationEntities.SingleOrDefaultAsync(f => f.Id == id, cancellationToken); + } + + public void Remove(FederationEntity federationEntity) + { + _dbContext.FederationEntities.Remove(federationEntity); + } +} diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Apis/BaseOpenidFederationController.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/BaseOpenidFederationController.cs new file mode 100644 index 000000000..ea42b8376 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/BaseOpenidFederationController.cs @@ -0,0 +1,22 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.Mvc; +using System.Net; +using System.Text.Json.Nodes; + +namespace SimpleIdServer.OpenidFederation.Apis; + +public class BaseOpenidFederationController : Controller +{ + protected IActionResult Error(HttpStatusCode statusCode, string errorCode, string errorMessage) => new ContentResult + { + StatusCode = (int)statusCode, + Content = new JsonObject + { + ["error"] = errorCode, + ["error_description"] = errorMessage + }.ToJsonString(), + ContentType = "application/json" + }; +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Apis/FederationFetch/BaseFederationFetchController.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/FederationFetch/BaseFederationFetchController.cs new file mode 100644 index 000000000..35ee4a088 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/FederationFetch/BaseFederationFetchController.cs @@ -0,0 +1,130 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Caching.Distributed; +using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using SimpleIdServer.OpenidFederation.Builders; +using SimpleIdServer.OpenidFederation.Clients; +using SimpleIdServer.OpenidFederation.Resources; +using SimpleIdServer.OpenidFederation.Stores; +using System.Net; +using System.Text.Json; + +namespace SimpleIdServer.OpenidFederation.Apis.FederationFetch; + +public abstract class BaseFederationFetchController : BaseOpenidFederationController +{ + private readonly IFederationEntityStore _federationEntityStore; + private readonly IDistributedCache _distributedCache; + private readonly IdServer.Helpers.IHttpClientFactory _httpClientFactory; + + public BaseFederationFetchController( + IFederationEntityStore federationEntityStore, + IDistributedCache distributedCache, + IdServer.Helpers.IHttpClientFactory httpClientFactory) + { + _federationEntityStore = federationEntityStore; + _distributedCache = distributedCache; + _httpClientFactory = httpClientFactory; + } + + protected async Task Get(FederationFetchRequest request, string realm, string issuer, CancellationToken cancellationToken) + { + var signingCredential = GetSigningCredential(realm); + if (signingCredential == null) return Error(HttpStatusCode.InternalServerError, ErrorCodes.INVALID_ISSUER, Global.CannotExtractSignatureKey); + var validationResult = await Validate( + request, + signingCredential, + realm, + issuer, + cancellationToken); + if (validationResult.ErrorCode != null) return Error(validationResult.HttpStatusCode, validationResult.ErrorCode, validationResult.ErrorMessage); + var handler = new JsonWebTokenHandler(); + var jws = handler.CreateToken(JsonSerializer.Serialize(validationResult.OpenidFederationResult), new SigningCredentials(signingCredential.Key, signingCredential.Algorithm)); + return new ContentResult + { + StatusCode = (int)HttpStatusCode.OK, + Content = jws, + ContentType = OpenidFederationConstants.EntityStatementContentType + }; + } + + protected abstract Task BuildSelfIssuedFederationEntity(BuildFederationEntityRequest request, CancellationToken cancellationToken); + + protected abstract SigningCredentials GetSigningCredential(string realm); + + private async Task Validate( + FederationFetchRequest request, + SigningCredentials signingCredentials, + string realm, + string issuer, + CancellationToken cancellationToken) + { + if (request == null) return FederationFetchValidationResult.Error(ErrorCodes.INVALID_REQUEST, Resources.Global.InvalidIncomingRequest); + if (string.IsNullOrWhiteSpace(request.Iss)) return FederationFetchValidationResult.Error(ErrorCodes.INVALID_REQUEST, string.Format(Resources.Global.MissingParameter, "iss")); + if (request.Iss != issuer) return FederationFetchValidationResult.Error(ErrorCodes.INVALID_ISSUER, Resources.Global.InvalidIssuer); + if(!string.IsNullOrWhiteSpace(request.Sub)) + { + var cacheKey = GetCacheKey(request.Sub); + var entityStatement = await _federationEntityStore.GetSubordinate(request.Sub, realm, cancellationToken); + if (entityStatement == null) return FederationFetchValidationResult.Error(ErrorCodes.NOT_FOUND, string.Format(Resources.Global.UnknownEntityStatement, request.Sub)); + var cacheOpenidFederation = await _distributedCache.GetAsync(cacheKey, cancellationToken); + if (cacheOpenidFederation == null) + { + using (var resolver = TrustChainResolver.New(_httpClientFactory.GetHttpClient())) + { + var resolvedOpenidFederation = await resolver.ResolveOpenidFederation(request.Sub, cancellationToken); + if(resolvedOpenidFederation == null) return FederationFetchValidationResult.Error(ErrorCodes.INVALID_REQUEST, Resources.Global.ImpossibleToExtractOpenidFederation); + var openidFederation = new OpenidFederationResult + { + Iat = resolvedOpenidFederation.FederationResult.Iat, + Exp = resolvedOpenidFederation.FederationResult.Exp, + Iss = issuer, + Sub = resolvedOpenidFederation.FederationResult.Sub, + Jwks = resolvedOpenidFederation.FederationResult.Jwks + }; + await _distributedCache.SetStringAsync(cacheKey, JsonSerializer.Serialize(openidFederation), new DistributedCacheEntryOptions + { + AbsoluteExpiration = openidFederation.ValidTo + }, cancellationToken); + return FederationFetchValidationResult.Ok(openidFederation); + } + } + + return FederationFetchValidationResult.Ok(JsonSerializer.Deserialize(cacheOpenidFederation)); + } + + var selfIssuedEntityStatement = await BuildSelfIssuedFederationEntity(new BuildFederationEntityRequest + { + Credential = signingCredentials, + Issuer = this.GetAbsoluteUriWithVirtualPath(), + Realm = realm + }, cancellationToken); + return FederationFetchValidationResult.Ok(selfIssuedEntityStatement); + } + + private static string GetCacheKey(string sub) + => $"OpenidFederation_{sub}"; + + private class FederationFetchValidationResult + { + private FederationFetchValidationResult() + { + + } + + public string ErrorCode { get; private set; } + public string ErrorMessage { get; private set; } + public HttpStatusCode HttpStatusCode { get; private set; } + public OpenidFederationResult OpenidFederationResult { get; private set; } + + public static FederationFetchValidationResult Error(string code, string message, HttpStatusCode httpStatusCode = HttpStatusCode.BadRequest) + => new FederationFetchValidationResult { ErrorCode = code, ErrorMessage = message, HttpStatusCode = httpStatusCode }; + + public static FederationFetchValidationResult Ok(OpenidFederationResult openidFederationResult) + => new FederationFetchValidationResult { OpenidFederationResult = openidFederationResult }; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Apis/FederationFetch/FederationFetchRequest.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/FederationFetch/FederationFetchRequest.cs new file mode 100644 index 000000000..1a8e1abbf --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/FederationFetch/FederationFetchRequest.cs @@ -0,0 +1,18 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System.Text.Json.Serialization; + +namespace SimpleIdServer.OpenidFederation.Apis.FederationFetch; + +public class FederationFetchRequest +{ + /// + /// The Entity Identifier of the issuer from which the Entity Statement is issued. + /// + [JsonPropertyName("iss")] + public string Iss { get; set; } = null!; + [JsonPropertyName("sub")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string Sub { get; set; } = null; +} diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/FederationEntityResult.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/FederationEntityResult.cs new file mode 100644 index 000000000..f56495c86 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/FederationEntityResult.cs @@ -0,0 +1,47 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System.Text.Json.Serialization; + +namespace SimpleIdServer.OpenidFederation.Apis.OpenidFederation; + +/// +/// https://openid.net/specs/openid-federation-1_0.html#section-5.1.1. +/// All Entities in a federation MAY use this Entity Type. +/// The Entities that provide federation API endpoints MUST use this Entity Type. +/// +public class FederationEntityResult +{ + [JsonPropertyName("organization_name")] + public string OrganizationName { get; set; } + /// + /// The fetch endpoint. + /// + [JsonPropertyName("federation_fetch_endpoint")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? FederationFetchEndpoint { get; set; } = null; + /// + /// The list endpoint. + /// + [JsonPropertyName("federation_list_endpoint")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? FederationListEndpoint { get; set; } = null; + /// + /// The resolve endpoint. + /// + [JsonPropertyName("federation_resolve_endpoint")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? FederationResolveEndpoint { get; set; } = null; + /// + /// The Trust Mark status endpoint. + /// + [JsonPropertyName("federation_trust_mark_status_endpoint")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? FederationTrustMarkStatusEndpoint { get; set; } + [JsonPropertyName("federation_trust_mark_list_endpoint")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? FederationTrustMarkEndpoint { get; set; } + [JsonPropertyName("federation_historical_keys_endpoint")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? FederationHistoricalKeysEndpoint { get; set; } +} diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationJwksResult.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationJwksResult.cs new file mode 100644 index 000000000..a4d5a7e0f --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationJwksResult.cs @@ -0,0 +1,13 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System.Text.Json.Nodes; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.OpenidFederation.Apis.OpenidFederation; + +public class OpenidFederationJwksResult +{ + [JsonPropertyName("keys")] + public ICollection JsonWebKeys { get; set; } = new List(); +} diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationMetadataJsonConverter.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationMetadataJsonConverter.cs new file mode 100644 index 000000000..b6c0a4041 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationMetadataJsonConverter.cs @@ -0,0 +1,59 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System.Reflection; +using System.Text.Json; +using System.Text.Json.Nodes; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.OpenidFederation.Apis.OpenidFederation; + +public class OpenidFederationMetadataJsonConverter : JsonConverter +{ + public override OpenidFederationMetadataResult? Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options) + { + var node = JsonNode.Parse(ref reader).AsObject(); + var result = new OpenidFederationMetadataResult(); + var properties = typeof(OpenidFederationMetadataResult).GetProperties(BindingFlags.Public | BindingFlags.Instance); + var props = properties.Select(p => + { + var attr = p.GetCustomAttribute(); + return attr == null ? (p, null) : (p, attr.Name); + }).Where(kvp => kvp.Name != null); + foreach (var kvp in node) + { + var nodeVal = node[kvp.Key]; + var prop = props.FirstOrDefault(p => p.Name == kvp.Key); + if (prop.p == null) + { + result.OtherParameters.Add(kvp.Key, JsonNode.Parse(kvp.Value.ToJsonString()).AsObject()); + continue; + } + + var setMethod = prop.p.GetSetMethod(); + if (setMethod == null) continue; + var val = nodeVal.Deserialize(prop.p.PropertyType); + prop.p.SetValue(result, val); + } + + return result; + } + + public override void Write(Utf8JsonWriter writer, OpenidFederationMetadataResult value, JsonSerializerOptions options) + { + writer.WriteStartObject(); + if (value.FederationEntity != null) + { + writer.WritePropertyName("federation_entity"); + writer.WriteRawValue(JsonSerializer.Serialize(value.FederationEntity)); + } + + foreach (var kvp in value.OtherParameters) + { + writer.WritePropertyName(kvp.Key); + writer.WriteRawValue(JsonSerializer.Serialize(kvp.Value)); + } + + writer.WriteEndObject(); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationMetadataResult.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationMetadataResult.cs new file mode 100644 index 000000000..eee251ab9 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationMetadataResult.cs @@ -0,0 +1,15 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System.Text.Json.Nodes; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.OpenidFederation.Apis.OpenidFederation; + +[JsonConverter(typeof(OpenidFederationMetadataJsonConverter))] +public class OpenidFederationMetadataResult +{ + [JsonPropertyName(EntityStatementTypes.FederationEntity)] + public FederationEntityResult FederationEntity { get; set; } + public Dictionary OtherParameters { get; set; } = new Dictionary(); +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationResult.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationResult.cs new file mode 100644 index 000000000..a3cf79b35 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Apis/OpenidFederation/OpenidFederationResult.cs @@ -0,0 +1,75 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.IdentityModel.Tokens; +using System.Diagnostics; +using System.Text.Json.Serialization; + +namespace SimpleIdServer.OpenidFederation.Apis.OpenidFederation; + +[DebuggerDisplay("Subject = {Sub}")] +public class OpenidFederationResult +{ + [JsonIgnore] + public DateTime? ValidTo + { + get + { + return GetDateTime(Exp); + } + } + + [JsonIgnore] + public DateTime? IssuedAt + { + get + { + return GetDateTime(Iat); + } + } + + /// + /// The Entity Identifier of the issuer of the Entity Statement. + /// + [JsonPropertyName("iss")] + public string Iss { get; set; } = null!; + /// + /// The Entity Identifier of the subject. + /// + [JsonPropertyName("sub")] + public string Sub { get; set; } = null!; + /// + /// Number. Time when this statement was issued + /// + [JsonPropertyName("iat")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public long? Iat { get; set; } + /// + /// Number. Expiration time after which the statement MUST NOT be accepted for processing. + /// + [JsonPropertyName("exp")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public long? Exp { get; set; } + /// + /// A JSON Web Key Set (JWKS) [RFC7517] representing the public part of the subject's Federation Entity signing keys. + /// + [JsonPropertyName("jwks")] + public OpenidFederationJwksResult Jwks { get; set; } = new OpenidFederationJwksResult(); + /// + /// An array of strings representing the Entity Identifiers of Intermediate Entities or Trust Anchors that MAY issue Subordinate Statements about the Entity. + /// + [JsonPropertyName("authority_hints")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public List AuthorityHints { get; set; } + [JsonPropertyName("metadata")] + public OpenidFederationMetadataResult Metadata { get; set; } = new OpenidFederationMetadataResult(); + [JsonPropertyName("trust_anchor_id")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] + public string? TrustAnchorId { get; set; } = null; + + private DateTime? GetDateTime(long? time) + { + if (time == null) return null; + return EpochTime.DateTime(time.Value); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Builders/BaseFederationEntityBuilder.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Builders/BaseFederationEntityBuilder.cs new file mode 100644 index 000000000..29ec9857e --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Builders/BaseFederationEntityBuilder.cs @@ -0,0 +1,76 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using SimpleIdServer.OpenidFederation.Stores; +using System.Text.Json; +using System.Text.Json.Nodes; + +namespace SimpleIdServer.OpenidFederation.Builders; + +public abstract class BaseFederationEntityBuilder +{ + private readonly IFederationEntityStore _federationEntityStore; + + protected BaseFederationEntityBuilder(IFederationEntityStore federationEntityStore) + { + _federationEntityStore = federationEntityStore; + } + + public async Task BuildSelfIssued(BuildFederationEntityRequest request, CancellationToken cancellationToken) + { + var authorities = await _federationEntityStore.GetAllAuthorities(request.Realm ?? string.Empty, cancellationToken); + var currentDateTime = DateTime.UtcNow; + var result = new OpenidFederationResult + { + Iss = request.Issuer, + Sub = request.Issuer, + Iat = EpochTime.GetIntDate(currentDateTime), + Exp = EpochTime.GetIntDate(currentDateTime.AddMinutes(5)) // Expiration time - 5 minutes. + }; + var jwks = new OpenidFederationJwksResult + { + JsonWebKeys = new List + { + ConvertSigningKey(request.Credential) + } + }; + result.Jwks = jwks; + result.AuthorityHints = authorities.Select(a => a.Sub).ToList(); + var prefix = request.Realm; + if (!string.IsNullOrWhiteSpace(prefix)) + prefix = $"{prefix}/"; + if (IsFederationEnabled) + { + result.Metadata.FederationEntity = new FederationEntityResult + { + FederationFetchEndpoint = $"{request.Issuer}/{prefix}{OpenidFederationConstants.EndPoints.FederationFetch}", + FederationListEndpoint = $"{request.Issuer}/{prefix}{OpenidFederationConstants.EndPoints.FederationList}", + OrganizationName = OrganizationName + }; + } + + await EnrichSelfIssued(result, request, cancellationToken); + return result; + } + + protected abstract bool IsFederationEnabled { get; } + + protected abstract string OrganizationName { get; } + + protected abstract Task EnrichSelfIssued(OpenidFederationResult federationEntity, BuildFederationEntityRequest request, CancellationToken cancellationToken); + + private JsonObject ConvertSigningKey(SigningCredentials signingCredentials) + { + var publicJwk = signingCredentials.SerializePublicJWK(); + return JsonNode.Parse(JsonSerializer.Serialize(publicJwk)).AsObject(); + } +} + +public class BuildFederationEntityRequest +{ + public string Issuer { get; set; } + public string Realm { get; set; } + public SigningCredentials Credential { get; set; } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/ClientRegistrationMethods.cs b/src/IdServer/SimpleIdServer.OpenidFederation/ClientRegistrationMethods.cs new file mode 100644 index 000000000..c1c732467 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/ClientRegistrationMethods.cs @@ -0,0 +1,10 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +namespace SimpleIdServer.OpenidFederation; + +public static class ClientRegistrationMethods +{ + public const string Automatic = "automatic"; + public const string Explicit = "explicit"; +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Clients/OpenidTrustChain.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Clients/OpenidTrustChain.cs new file mode 100644 index 000000000..29980587b --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Clients/OpenidTrustChain.cs @@ -0,0 +1,92 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using SimpleIdServer.OpenidFederation.Resources; + +namespace SimpleIdServer.OpenidFederation.Clients; + +public class OpenidTrustChain +{ + public OpenidTrustChain(List entityStatements, string path) + { + EntityStatements = entityStatements; + Path = path; + } + + public List EntityStatements { get; private set; } + public string Path { get; set; } + public EntityStatement? TrustAnchor + { + get + { + return EntityStatements.LastOrDefault(); + } + } + public DateTime? ExpirationDateTime + { + get + { + return EntityStatements == null ? null : EntityStatements.Select(s => s.FederationResult.ValidTo).Where(v => v != null).Min(); + } + } + + public OpenidTrustChainValidationResult Validate() + { + var validationResult = new OpenidTrustChainValidationResult(); + var currentDateTime = DateTime.UtcNow; + for (var i = 0; i < EntityStatements.Count; i++) + { + var entityStatement = EntityStatements.ElementAt(i); + if (entityStatement.FederationResult.ValidTo != null && entityStatement.FederationResult.ValidTo < currentDateTime) + validationResult.AddError(string.Format(Global.EntityStatementIsExpired, entityStatement.FederationResult.Sub)); + + if(i == 0 || i == EntityStatements.Count() - 1) + { + if (entityStatement.FederationResult.Iss != entityStatement.FederationResult.Sub) + validationResult.AddError(Global.IssuerMustBeEqualsToSubject); + + if (!VerifySignature(entityStatement.Jws, entityStatement.FederationResult)) + validationResult.AddError(string.Format(Global.EntityStatementSignatureIsInvalid, entityStatement.FederationResult.Sub)); + } + else + { + var nextEntityStatement = EntityStatements.ElementAt(i + 1); + if (entityStatement.FederationResult.Iss != nextEntityStatement.FederationResult.Sub) + validationResult.AddError(Global.SubDifferentToPreviousIssuer); + if (!VerifySignature(entityStatement.Jws, nextEntityStatement.FederationResult)) + validationResult.AddError(string.Format(Global.EntityStatementSignatureIsInvalid, nextEntityStatement.FederationResult.Sub)); + } + } + + return validationResult; + } + + private bool VerifySignature(string jws, OpenidFederationResult federationResult) + { + var handler = new JsonWebTokenHandler(); + var jsonWebKey = new JsonWebKey(federationResult.Jwks.JsonWebKeys.Single().ToString()); + var validationResult = handler.ValidateToken(jws, new TokenValidationParameters + { + ValidateIssuer = false, + ValidateLifetime = false, + ValidateAudience = false, + IssuerSigningKey = jsonWebKey + }); + return validationResult.IsValid; + } +} + +public class EntityStatement +{ + public EntityStatement(string jws, OpenidFederationResult federationResult) + { + Jws = jws; + FederationResult = federationResult; + } + + public string Jws { get; private set; } = null!; + public OpenidFederationResult FederationResult { get; private set; } = null!; +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Clients/OpenidTrustChainValidationResult.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Clients/OpenidTrustChainValidationResult.cs new file mode 100644 index 000000000..02ff15892 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Clients/OpenidTrustChainValidationResult.cs @@ -0,0 +1,12 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +namespace SimpleIdServer.OpenidFederation.Clients; + +public class OpenidTrustChainValidationResult +{ + public List ErrorMessages { get; private set; } = new List(); + + public void AddError(string errorMessage) + => ErrorMessages.Add(errorMessage); +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Clients/TrustChainResolver.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Clients/TrustChainResolver.cs new file mode 100644 index 000000000..6b99a8f0b --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Clients/TrustChainResolver.cs @@ -0,0 +1,192 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.WebUtilities; +using Microsoft.IdentityModel.JsonWebTokens; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using SimpleIdServer.OpenidFederation.Resources; +using System.Collections.Concurrent; +using System.Text; +using System.Text.Json; + +namespace SimpleIdServer.OpenidFederation.Clients; + +public class TrustChainResolver : IDisposable +{ + private const string separator = ";"; + private readonly HttpClient _httpClient; + + private TrustChainResolver(HttpClient httpClient) + { + _httpClient = httpClient; + } + + public static TrustChainResolver New() + => new TrustChainResolver(new HttpClient()); + + public static TrustChainResolver New(HttpClient httpClient) + => new TrustChainResolver(httpClient); + + public async Task> ResolveTrustChainsFromClientId(string entityId, CancellationToken cancellationToken) + { + var entityStatement = await GetOpenidFederation(entityId, cancellationToken); + if (entityStatement == null) return new List(); + return await ResolveTrustChains(entityStatement, cancellationToken); + } + + public async Task> ResolveTrustChains(string content, CancellationToken cancellationToken) + { + var entityStatement = DeserializeEntityStatement(content); + if (entityStatement == null) return new List(); + var dic = new ConcurrentDictionary(); + await ExtractTrustChainFromRp(entityStatement, dic, entityStatement.FederationResult.Sub, cancellationToken); + return Transform(dic); + } + + public static List Transform(ConcurrentDictionary dic) + { + var result = new List(); + var levels = dic.ToDictionary(v => v.Key, v => v.Key.Split(separator).Count()); + var maxLevel = levels.Values.Max(); + for (var level = 1; level <= maxLevel; level++) + { + var filteredKeys = levels.Where(kvp => kvp.Value == level).Select(kvp => kvp.Key); + foreach (var key in filteredKeys) + { + var entityStatement = dic[key]; + if (level == 1) + result.Add(new OpenidTrustChain(new List { entityStatement }, key)); + else + { + var parentPath = string.Join(separator, key.Split(separator).Take(level - 1)); + var possibleParents = result.Where(r => r.Path.StartsWith(parentPath)); + var orphanParent = possibleParents.FirstOrDefault(p => p.Path == parentPath); + if (orphanParent != null) + { + orphanParent.EntityStatements.Add(entityStatement); + orphanParent.Path = key; + } + else + { + var entityStatements = possibleParents.First().EntityStatements.Take(level - 1).ToList(); + entityStatements.Add(entityStatement); + result.Add(new OpenidTrustChain(entityStatements, key)); + } + } + } + } + + return result; + } + + public Task ResolveOpenidFederation(string entityId, CancellationToken cancellationToken) + => InternalResolveOpenidFederation(entityId, cancellationToken); + + public void Dispose() => + _httpClient.Dispose(); + + private async Task ExtractTrustChainFromRp(EntityStatement entityStatement, ConcurrentDictionary federationLst, string entityId, CancellationToken cancellationToken) + { + if (string.IsNullOrWhiteSpace(entityId)) throw new InvalidOperationException(Global.SubjectIsRequiredInEntityStatement); + federationLst.TryAdd(entityId, entityStatement); + if (entityStatement.FederationResult.AuthorityHints != null && entityStatement.FederationResult.AuthorityHints.Any()) + { + var taskLst = entityStatement.FederationResult.AuthorityHints.Select(h => ExtractTrustChainFromTaOrIntermediate(federationLst, entityId, h, entityId, cancellationToken)).ToList(); + var authorityHintsResult = await Task.WhenAll(taskLst); + if (authorityHintsResult.Any(c => !c)) throw new InvalidOperationException(Global.ImpossibleToResolveTrustChain); + } + + return true; + } + + private async Task ExtractTrustChainFromTaOrIntermediate( + ConcurrentDictionary federationLst, + string entityParentFullPath, + string authorityHint, + string entityId, + CancellationToken cancellationToken) + { + var openidFederation = await InternalResolveOpenidFederation(authorityHint, cancellationToken); + if (openidFederation.FederationResult.Metadata == null || + openidFederation.FederationResult.Metadata.FederationEntity == null || + string.IsNullOrWhiteSpace(openidFederation.FederationResult.Metadata.FederationEntity.FederationFetchEndpoint)) return true; + var fetchResult = await Fetch(openidFederation.FederationResult.Metadata.FederationEntity.FederationFetchEndpoint, + authorityHint, + entityId, + cancellationToken); + if (fetchResult == null) return false; + var fullPath = $"{entityParentFullPath}{separator}{authorityHint}"; + federationLst.TryAdd(fullPath, fetchResult); + if(openidFederation.FederationResult.AuthorityHints != null && openidFederation.FederationResult.AuthorityHints.Any()) + { + var taskLst = openidFederation.FederationResult.AuthorityHints.Select(h => ExtractTrustChainFromTaOrIntermediate(federationLst, fullPath, h, entityId, cancellationToken)).ToList(); + var authorityHintsResult = await Task.WhenAll(taskLst); + if (authorityHintsResult.Any()) return false; + } + else + federationLst.TryAdd($"{fullPath}{separator}{authorityHint}", openidFederation); + + return true; + } + + private async Task InternalResolveOpenidFederation(string entityId, CancellationToken cancellationToken) + { + var content = await GetOpenidFederation(entityId, cancellationToken); + if (content == null) return null; + return DeserializeEntityStatement(content); + } + + private async Task GetOpenidFederation(string entityId, CancellationToken cancellationToken) + { + try + { + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Get, + RequestUri = new Uri($"{entityId}/{OpenidFederationConstants.EndPoints.OpenidFederation}") + }; + var httpResult = await _httpClient.SendAsync(requestMessage, cancellationToken); + if (!httpResult.IsSuccessStatusCode) return null; + var content = await httpResult.Content.ReadAsStringAsync(cancellationToken); + return content; + } + catch + { + throw new InvalidOperationException(Resources.Global.ImpossibleToExtractOpenidFederation); + } + } + + private EntityStatement DeserializeEntityStatement(string content) + { + var handler = new JsonWebTokenHandler(); + if (string.IsNullOrWhiteSpace(content)) throw new InvalidOperationException(Resources.Global.EntityStatementIsRequired); + if (!handler.CanReadToken(content)) throw new InvalidOperationException(Resources.Global.EntityStatementIsNotWellFormatted); + var jwt = handler.ReadJsonWebToken(content); + var json = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(jwt.EncodedPayload)); + return new EntityStatement(content, JsonSerializer.Deserialize(json)); + } + + private async Task Fetch(string fetchUrl, string issuer, string sub, CancellationToken cancellationToken) + { + try + { + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Get, + RequestUri = new Uri($"{fetchUrl}?iss={issuer}&sub={sub}") + }; + var httpResult = await _httpClient.SendAsync(requestMessage, cancellationToken); + if (!httpResult.IsSuccessStatusCode) return null; + var content = await httpResult.Content.ReadAsStringAsync(cancellationToken); + var handler = new JsonWebTokenHandler(); + if (!handler.CanReadToken(content)) return null; + var jwt = handler.ReadJsonWebToken(content); + var json = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(jwt.EncodedPayload)); + return new EntityStatement(content, JsonSerializer.Deserialize(json)); + } + catch + { + throw new InvalidOperationException(Resources.Global.ImpossibleToFetchEntityStatement); + } + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Domains/FederationEntity.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Domains/FederationEntity.cs new file mode 100644 index 000000000..dd86f34f9 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Domains/FederationEntity.cs @@ -0,0 +1,20 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using System.Text.Json.Serialization; + +namespace SimpleIdServer.OpenidFederation.Domains; + +public class FederationEntity +{ + [JsonPropertyName("id")] + public string Id { get; set; } + [JsonPropertyName("sub")] + public string Sub { get; set; } = null!; + [JsonPropertyName("realm")] + public string? Realm { get; set; } = null; + [JsonPropertyName("is_subordinate")] + public bool IsSubordinate { get; set; } = false; + [JsonPropertyName("create_datetime")] + public DateTime CreateDateTime { get; set; } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/EntityStatementTypes.cs b/src/IdServer/SimpleIdServer.OpenidFederation/EntityStatementTypes.cs new file mode 100644 index 000000000..0856d4c72 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/EntityStatementTypes.cs @@ -0,0 +1,11 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +namespace SimpleIdServer.OpenidFederation; + +public static class EntityStatementTypes +{ + public const string OpenidRelyingParty = "openid_relying_party"; + public const string OpenidProvider = "openid_provider"; + public const string FederationEntity = "federation_entity"; +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/ErrorCodes.cs b/src/IdServer/SimpleIdServer.OpenidFederation/ErrorCodes.cs new file mode 100644 index 000000000..240b71d4c --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/ErrorCodes.cs @@ -0,0 +1,13 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +namespace SimpleIdServer.OpenidFederation; + +public static class ErrorCodes +{ + public const string INVALID_REQUEST = "invalid_request"; + public const string INVALID_ISSUER = "invalid_issuer"; + public const string INTERNAL_SERVER_ERROR = "internal_server_error"; + public const string FEDERATION_IS_NOT_ENABLED = "federation_is_not_enabled"; + public const string NOT_FOUND = "not_found"; +} diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Extensions/ControllerExtensions.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Extensions/ControllerExtensions.cs new file mode 100644 index 000000000..7d3e85367 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Extensions/ControllerExtensions.cs @@ -0,0 +1,17 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +namespace Microsoft.AspNetCore.Mvc; + +public static class ControllerExtensions +{ + public static string GetAbsoluteUriWithVirtualPath(this Controller controller) + { + var requestMessage = controller.Request; + var host = requestMessage.Host.Value; + var http = "http://"; + if (requestMessage.IsHttps) http = "https://"; + var relativePath = requestMessage.PathBase.Value; + return http + host + relativePath; + } +} diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/OpenidFederationConstants.cs b/src/IdServer/SimpleIdServer.OpenidFederation/OpenidFederationConstants.cs new file mode 100644 index 000000000..57148b945 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/OpenidFederationConstants.cs @@ -0,0 +1,18 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +namespace SimpleIdServer.OpenidFederation; + +public static class OpenidFederationConstants +{ + public static class EndPoints + { + public const string OpenidFederation = ".well-known/openid-federation"; + public const string FederationFetch = "federation_fetch"; + public const string FederationList = "federation_list"; + public const string FederationRegistration = "federation_registration"; + public const string FederationEntities = "federationentities"; + } + + public const string EntityStatementContentType = "application/entity-statement+jwt"; +} diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Resources/Global.Designer.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Resources/Global.Designer.cs new file mode 100644 index 000000000..ade3fe8d2 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Resources/Global.Designer.cs @@ -0,0 +1,207 @@ +//------------------------------------------------------------------------------ +// +// Ce code a été généré par un outil. +// Version du runtime :4.0.30319.42000 +// +// Les modifications apportées à ce fichier peuvent provoquer un comportement incorrect et seront perdues si +// le code est régénéré. +// +//------------------------------------------------------------------------------ + +namespace SimpleIdServer.OpenidFederation.Resources { + using System; + + + /// + /// Une classe de ressource fortement typée destinée, entre autres, à la consultation des chaînes localisées. + /// + // Cette classe a été générée automatiquement par la classe StronglyTypedResourceBuilder + // à l'aide d'un outil, tel que ResGen ou Visual Studio. + // Pour ajouter ou supprimer un membre, modifiez votre fichier .ResX, puis réexécutez ResGen + // avec l'option /str ou régénérez votre projet VS. + [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "17.0.0.0")] + [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] + [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public class Global { + + private static global::System.Resources.ResourceManager resourceMan; + + private static global::System.Globalization.CultureInfo resourceCulture; + + [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] + internal Global() { + } + + /// + /// Retourne l'instance ResourceManager mise en cache utilisée par cette classe. + /// + [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] + public static global::System.Resources.ResourceManager ResourceManager { + get { + if (object.ReferenceEquals(resourceMan, null)) { + global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("SimpleIdServer.OpenidFederation.Resources.Global", typeof(Global).Assembly); + resourceMan = temp; + } + return resourceMan; + } + } + + /// + /// Remplace la propriété CurrentUICulture du thread actuel pour toutes + /// les recherches de ressources à l'aide de cette classe de ressource fortement typée. + /// + [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] + public static global::System.Globalization.CultureInfo Culture { + get { + return resourceCulture; + } + set { + resourceCulture = value; + } + } + + /// + /// Recherche une chaîne localisée semblable à the signature key cannot be extracted. + /// + public static string CannotExtractSignatureKey { + get { + return ResourceManager.GetString("CannotExtractSignatureKey", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the entity statement {0} is expired. + /// + public static string EntityStatementIsExpired { + get { + return ResourceManager.GetString("EntityStatementIsExpired", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the entity statement is not correctly formatted. + /// + public static string EntityStatementIsNotWellFormatted { + get { + return ResourceManager.GetString("EntityStatementIsNotWellFormatted", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the entity statement is required. + /// + public static string EntityStatementIsRequired { + get { + return ResourceManager.GetString("EntityStatementIsRequired", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the entity statement {0} signature is invalid. + /// + public static string EntityStatementSignatureIsInvalid { + get { + return ResourceManager.GetString("EntityStatementSignatureIsInvalid", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the federation is not enabled. + /// + public static string FederationIsNotEnabled { + get { + return ResourceManager.GetString("FederationIsNotEnabled", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à cannot extract the openid federation. + /// + public static string ImpossibleToExtractOpenidFederation { + get { + return ResourceManager.GetString("ImpossibleToExtractOpenidFederation", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Impossible to fetch the entity statement. + /// + public static string ImpossibleToFetchEntityStatement { + get { + return ResourceManager.GetString("ImpossibleToFetchEntityStatement", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à impossible to resolve the trust chain. + /// + public static string ImpossibleToResolveTrustChain { + get { + return ResourceManager.GetString("ImpossibleToResolveTrustChain", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the incoming request is invalid. + /// + public static string InvalidIncomingRequest { + get { + return ResourceManager.GetString("InvalidIncomingRequest", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the issuer is invalid. + /// + public static string InvalidIssuer { + get { + return ResourceManager.GetString("InvalidIssuer", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the issuer must be equals to the sub in the first entity statement. + /// + public static string IssuerMustBeEqualsToSubject { + get { + return ResourceManager.GetString("IssuerMustBeEqualsToSubject", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the parameter {0} is missing. + /// + public static string MissingParameter { + get { + return ResourceManager.GetString("MissingParameter", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the subject is different from the previous issuer. + /// + public static string SubDifferentToPreviousIssuer { + get { + return ResourceManager.GetString("SubDifferentToPreviousIssuer", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à subject is required in the entity statement. + /// + public static string SubjectIsRequiredInEntityStatement { + get { + return ResourceManager.GetString("SubjectIsRequiredInEntityStatement", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à the entity statement {0} doesn't exist. + /// + public static string UnknownEntityStatement { + get { + return ResourceManager.GetString("UnknownEntityStatement", resourceCulture); + } + } + } +} diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Resources/Global.resx b/src/IdServer/SimpleIdServer.OpenidFederation/Resources/Global.resx new file mode 100644 index 000000000..8fbe9083e --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Resources/Global.resx @@ -0,0 +1,168 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text/microsoft-resx + + + 2.0 + + + System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + + + System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + + + the signature key cannot be extracted + + + the entity statement {0} is expired + + + the entity statement is not correctly formatted + + + the entity statement is required + + + the entity statement {0} signature is invalid + + + the federation is not enabled + + + cannot extract the openid federation + + + Impossible to fetch the entity statement + + + impossible to resolve the trust chain + + + the incoming request is invalid + + + the issuer is invalid + + + the issuer must be equals to the sub in the first entity statement + + + the parameter {0} is missing + + + the subject is different from the previous issuer + + + subject is required in the entity statement + + + the entity statement {0} doesn't exist + + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/SimpleIdServer.OpenidFederation.csproj b/src/IdServer/SimpleIdServer.OpenidFederation/SimpleIdServer.OpenidFederation.csproj new file mode 100644 index 000000000..04922fa7f --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/SimpleIdServer.OpenidFederation.csproj @@ -0,0 +1,28 @@ + + + net8.0 + enable + enable + OPENID federation library. + + + + + + + + + + + True + True + Global.resx + + + + + PublicResXFileCodeGenerator + Global.Designer.cs + + + \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.OpenidFederation/Stores/IFederationEntityStore.cs b/src/IdServer/SimpleIdServer.OpenidFederation/Stores/IFederationEntityStore.cs new file mode 100644 index 000000000..359ee8355 --- /dev/null +++ b/src/IdServer/SimpleIdServer.OpenidFederation/Stores/IFederationEntityStore.cs @@ -0,0 +1,19 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.OpenidFederation.Domains; + +namespace SimpleIdServer.OpenidFederation.Stores; + +public interface IFederationEntityStore +{ + Task Get(string id, CancellationToken cancellationToken); + Task GetByUrl(string realm, string url, CancellationToken cancellationToken); + Task> GetAllSubordinates(string realm, CancellationToken cancellationToken); + Task> GetAllAuthorities(string realm, CancellationToken cancellationToken); + Task GetSubordinate(string sub, string realm, CancellationToken cancellationToken); + Task> Search(string realm, SearchRequest request, CancellationToken cancellationToken); + void Add(FederationEntity federationEntity); + void Remove(FederationEntity federationEntity); +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Rp.Federation/Apis/FederationFetch/FederationFetchController.cs b/src/IdServer/SimpleIdServer.Rp.Federation/Apis/FederationFetch/FederationFetchController.cs new file mode 100644 index 000000000..c04aa1c2c --- /dev/null +++ b/src/IdServer/SimpleIdServer.Rp.Federation/Apis/FederationFetch/FederationFetchController.cs @@ -0,0 +1,50 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Caching.Distributed; +using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Apis.FederationFetch; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using SimpleIdServer.OpenidFederation.Builders; +using SimpleIdServer.OpenidFederation.Stores; +using SimpleIdServer.Rp.Federation.Builders; + +namespace SimpleIdServer.Rp.Federation.Apis.FederationFetch; + +[Route(OpenidFederationConstants.EndPoints.FederationFetch)] +public class FederationFetchController : BaseFederationFetchController +{ + private readonly IRpFederationEntityBuilder _federationEntityBuilder; + private readonly RpFederationOptions _options; + + public FederationFetchController( + IRpFederationEntityBuilder federationEntityBuilder, + IFederationEntityStore federationEntityStore, + IDistributedCache distributedCache, + IdServer.Helpers.IHttpClientFactory httpClientFactory, + IOptions options) : base(federationEntityStore, distributedCache, httpClientFactory) + { + _federationEntityBuilder = federationEntityBuilder; + _options = options.Value; + } + + [HttpGet] + public Task Get( + [FromQuery] FederationFetchRequest request, + CancellationToken cancellationToken) + { + if (!_options.IsFederationEnabled) return Task.FromResult(Error(System.Net.HttpStatusCode.BadRequest, ErrorCodes.FEDERATION_IS_NOT_ENABLED, SimpleIdServer.OpenidFederation.Resources.Global.FederationIsNotEnabled)); + var issuer = this.GetAbsoluteUriWithVirtualPath(); + return Get(request, string.Empty, issuer, cancellationToken); + } + + protected override Task BuildSelfIssuedFederationEntity(BuildFederationEntityRequest request, CancellationToken cancellationToken) + => _federationEntityBuilder.BuildSelfIssued(request, cancellationToken); + + protected override SigningCredentials GetSigningCredential(string realm) + { + return _options.SigningCredentials; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Rp.Federation/Apis/FederationList/FederationListController.cs b/src/IdServer/SimpleIdServer.Rp.Federation/Apis/FederationList/FederationListController.cs new file mode 100644 index 000000000..f497cfe40 --- /dev/null +++ b/src/IdServer/SimpleIdServer.Rp.Federation/Apis/FederationList/FederationListController.cs @@ -0,0 +1,32 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Options; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Apis; +using SimpleIdServer.OpenidFederation.Stores; + +namespace SimpleIdServer.Rp.Federation.Apis.FederationList; + +[Route(OpenidFederationConstants.EndPoints.FederationList)] +public class FederationListController : BaseOpenidFederationController +{ + private readonly IFederationEntityStore _federationEntityStore; + private readonly RpFederationOptions _options; + + public FederationListController( + IFederationEntityStore federationEntityStore, + IOptions options) + { + _federationEntityStore = federationEntityStore; + _options = options.Value; + } + + [HttpGet] + public async Task Get(CancellationToken cancellationToken) + { + if (!_options.IsFederationEnabled) return Error(System.Net.HttpStatusCode.BadRequest, ErrorCodes.FEDERATION_IS_NOT_ENABLED, SimpleIdServer.OpenidFederation.Resources.Global.FederationIsNotEnabled); + var result = await _federationEntityStore.GetAllSubordinates(string.Empty, cancellationToken); + return new OkObjectResult(result.Select(r => r.Sub).ToArray()); + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Rp.Federation/Apis/OpenidFederation/OpenidFederationController.cs b/src/IdServer/SimpleIdServer.Rp.Federation/Apis/OpenidFederation/OpenidFederationController.cs new file mode 100644 index 000000000..22ebbb070 --- /dev/null +++ b/src/IdServer/SimpleIdServer.Rp.Federation/Apis/OpenidFederation/OpenidFederationController.cs @@ -0,0 +1,49 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Apis; +using SimpleIdServer.Rp.Federation.Builders; +using System.Net; +using System.Text.Json; + +namespace SimpleIdServer.Rp.Federation.Apis.OpenidFederation; + +[Route(OpenidFederationConstants.EndPoints.OpenidFederation)] +public class OpenidFederationController : BaseOpenidFederationController +{ + private readonly RpFederationOptions _options; + private readonly IRpFederationEntityBuilder _federationEntityBuilder; + + public OpenidFederationController( + IOptions options, + IRpFederationEntityBuilder federationEntityBuilder) + { + _options = options.Value; + _federationEntityBuilder = federationEntityBuilder; + } + + [HttpGet] + public async Task Get(CancellationToken cancellationToken) + { + var issuer = this.GetAbsoluteUriWithVirtualPath(); + if (_options.SigningCredentials == null) return Error(System.Net.HttpStatusCode.InternalServerError, SimpleIdServer.OpenidFederation.ErrorCodes.INTERNAL_SERVER_ERROR, SimpleIdServer.OpenidFederation.Resources.Global.CannotExtractSignatureKey); + var selfIssuedFederationEntity = await _federationEntityBuilder.BuildSelfIssued(new SimpleIdServer.OpenidFederation.Builders.BuildFederationEntityRequest + { + Credential = _options.SigningCredentials, + Issuer = issuer + }, cancellationToken); + var handler = new JsonWebTokenHandler(); + var jws = handler.CreateToken(JsonSerializer.Serialize(selfIssuedFederationEntity), new SigningCredentials(_options.SigningCredentials.Key, _options.SigningCredentials.Algorithm)); + return new ContentResult + { + StatusCode = (int)HttpStatusCode.OK, + Content = jws, + ContentType = OpenidFederationConstants.EntityStatementContentType + }; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Rp.Federation/Builders/RpFederationEntityBuilder.cs b/src/IdServer/SimpleIdServer.Rp.Federation/Builders/RpFederationEntityBuilder.cs new file mode 100644 index 000000000..fcc336692 --- /dev/null +++ b/src/IdServer/SimpleIdServer.Rp.Federation/Builders/RpFederationEntityBuilder.cs @@ -0,0 +1,40 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.Extensions.Options; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using SimpleIdServer.OpenidFederation.Builders; +using SimpleIdServer.OpenidFederation.Stores; +using System.Text.Json; +using System.Text.Json.Nodes; + +namespace SimpleIdServer.Rp.Federation.Builders; + +public interface IRpFederationEntityBuilder +{ + Task BuildSelfIssued(BuildFederationEntityRequest request, CancellationToken cancellationToken); +} + +public class RpFederationEntityBuilder : BaseFederationEntityBuilder, IRpFederationEntityBuilder +{ + private readonly RpFederationOptions _options; + + public RpFederationEntityBuilder(IOptions options, IFederationEntityStore federationEntityStore) : base(federationEntityStore) + { + _options = options.Value; + } + + protected override bool IsFederationEnabled => _options.IsFederationEnabled; + + protected override string OrganizationName => _options.OrganizationName; + + protected override Task EnrichSelfIssued(OpenidFederationResult federationEntity, BuildFederationEntityRequest request, CancellationToken cancellationToken) + { + if (federationEntity.Metadata.OtherParameters == null) + federationEntity.Metadata.OtherParameters = new Dictionary(); + var client = JsonObject.Parse(JsonSerializer.Serialize(_options.Client)).AsObject(); + federationEntity.Metadata.OtherParameters.Add(EntityStatementTypes.OpenidRelyingParty, client); + return Task.CompletedTask; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Rp.Federation/RpFederationOptions.cs b/src/IdServer/SimpleIdServer.Rp.Federation/RpFederationOptions.cs new file mode 100644 index 000000000..dcc066d54 --- /dev/null +++ b/src/IdServer/SimpleIdServer.Rp.Federation/RpFederationOptions.cs @@ -0,0 +1,27 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.IdServer.Domains; + +namespace SimpleIdServer.Rp.Federation; + +public class RpFederationOptions +{ + /// + /// Enable or disable federation. + /// + public bool IsFederationEnabled { get; set; } + /// + /// Organization name. + /// + public string OrganizationName { get; set; } + /// + /// Key used to sign the response. + /// + public SigningCredentials SigningCredentials { get; set; } + /// + /// OPENID client of the relying party. + /// + public Client Client { get; set; } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Rp.Federation/ServiceCollectionExtensions.cs b/src/IdServer/SimpleIdServer.Rp.Federation/ServiceCollectionExtensions.cs new file mode 100644 index 000000000..ea91eb7ee --- /dev/null +++ b/src/IdServer/SimpleIdServer.Rp.Federation/ServiceCollectionExtensions.cs @@ -0,0 +1,18 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using SimpleIdServer.Rp.Federation; +using SimpleIdServer.Rp.Federation.Builders; + +namespace Microsoft.Extensions.DependencyInjection; + +public static class ServiceCollectionExtensions +{ + public static IServiceCollection AddRpFederation(this IServiceCollection services, Action cbOptions) + { + services.Configure(cbOptions); + services.AddTransient(); + services.AddTransient(); + return services; + } +} \ No newline at end of file diff --git a/src/IdServer/SimpleIdServer.Rp.Federation/SimpleIdServer.Rp.Federation.csproj b/src/IdServer/SimpleIdServer.Rp.Federation/SimpleIdServer.Rp.Federation.csproj new file mode 100644 index 000000000..638747f38 --- /dev/null +++ b/src/IdServer/SimpleIdServer.Rp.Federation/SimpleIdServer.Rp.Federation.csproj @@ -0,0 +1,12 @@ + + + net8.0 + enable + enable + Support OPENID federation - relying party. + + + + + + \ No newline at end of file diff --git a/src/Scim/SimpleIdServer.Scim.MySQLMigrations/Migrations/20240706101356_AddIndexesForRepresentationAttribute.Designer.cs b/src/Scim/SimpleIdServer.Scim.MySQLMigrations/Migrations/20240706101356_AddIndexesForRepresentationAttribute.Designer.cs new file mode 100644 index 000000000..f8ce22de6 --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim.MySQLMigrations/Migrations/20240706101356_AddIndexesForRepresentationAttribute.Designer.cs @@ -0,0 +1,491 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.Scim.Persistence.EF; + +#nullable disable + +namespace SimpleIdServer.Scim.MySQLMigrations.Migrations +{ + [DbContext(typeof(SCIMDbContext))] + [Migration("20240706101356_AddIndexesForRepresentationAttribute")] + partial class AddIndexesForRepresentationAttribute + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasDefaultSchema("dbo") + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 64); + + MySqlModelBuilderExtensions.AutoIncrementColumns(modelBuilder); + + modelBuilder.Entity("SCIMRepresentationSCIMSchema", b => + { + b.Property("RepresentationsId") + .HasColumnType("varchar(255)"); + + b.Property("SchemasId") + .HasColumnType("varchar(255)"); + + b.HasKey("RepresentationsId", "SchemasId"); + + b.HasIndex("SchemasId"); + + b.ToTable("SCIMRepresentationSCIMSchema", "dbo"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("ResourceType") + .HasColumnType("longtext"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime(6)"); + + b.HasKey("Id"); + + b.ToTable("ProvisioningConfigurations", "dbo"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("Exception") + .HasColumnType("longtext"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime(6)"); + + b.Property("ProvisioningConfigurationId") + .HasColumnType("varchar(255)"); + + b.Property("RepresentationId") + .HasColumnType("longtext"); + + b.Property("RepresentationVersion") + .HasColumnType("int"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("WorkflowId") + .HasColumnType("longtext"); + + b.Property("WorkflowInstanceId") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ProvisioningConfigurationId"); + + b.ToTable("ProvisioningConfigurationHistory", "dbo"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id")); + + b.Property("IsArray") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("ProvisioningConfigurationId") + .HasColumnType("varchar(255)"); + + b.Property("ProvisioningConfigurationRecordId") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("ValuesString") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("ProvisioningConfigurationId"); + + b.HasIndex("ProvisioningConfigurationRecordId"); + + b.ToTable("ProvisioningConfigurationRecord", "dbo"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("varchar(255)"); + + b.Property("Owner") + .HasColumnType("longtext"); + + b.HasKey("Name"); + + b.ToTable("Realms", "dbo"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMAttributeMapping", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Mode") + .HasColumnType("int"); + + b.Property("SourceAttributeId") + .HasColumnType("longtext"); + + b.Property("SourceAttributeSelector") + .HasColumnType("longtext"); + + b.Property("SourceResourceType") + .HasColumnType("longtext"); + + b.Property("TargetAttributeId") + .HasColumnType("longtext"); + + b.Property("TargetResourceType") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("SCIMAttributeMappingLst", "dbo"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentation", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Created") + .HasColumnType("datetime(6)"); + + b.Property("DisplayName") + .HasColumnType("longtext"); + + b.Property("ExternalId") + .HasColumnType("longtext"); + + b.Property("LastModified") + .HasColumnType("datetime(6)"); + + b.Property("RealmName") + .HasColumnType("longtext"); + + b.Property("ResourceType") + .HasMaxLength(255) + .HasColumnType("varchar(255)"); + + b.Property("Version") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.ToTable("SCIMRepresentationLst", "dbo"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("AttributeId") + .HasColumnType("longtext"); + + b.Property("ComputedValueIndex") + .HasColumnType("longtext"); + + b.Property("FullPath") + .HasMaxLength(512) + .HasColumnType("varchar(512)"); + + b.Property("IsComputed") + .HasColumnType("tinyint(1)"); + + b.Property("Namespace") + .HasColumnType("longtext"); + + b.Property("ParentAttributeId") + .HasColumnType("varchar(255)"); + + b.Property("RepresentationId") + .HasColumnType("varchar(255)"); + + b.Property("ResourceType") + .HasColumnType("longtext"); + + b.Property("SchemaAttributeId") + .HasColumnType("varchar(255)"); + + b.Property("ValueBinary") + .HasColumnType("longtext"); + + b.Property("ValueBoolean") + .HasColumnType("tinyint(1)"); + + b.Property("ValueDateTime") + .HasColumnType("datetime(6)"); + + b.Property("ValueDecimal") + .HasColumnType("decimal(65,30)"); + + b.Property("ValueInteger") + .HasColumnType("int"); + + b.Property("ValueReference") + .HasColumnType("longtext"); + + b.Property("ValueString") + .HasMaxLength(255) + .HasColumnType("varchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("FullPath"); + + b.HasIndex("ParentAttributeId"); + + b.HasIndex("RepresentationId"); + + b.HasIndex("SchemaAttributeId"); + + b.HasIndex("ValueString"); + + b.ToTable("SCIMRepresentationAttributeLst", "dbo"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchema", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("IsRootSchema") + .HasColumnType("tinyint(1)"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("ResourceType") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("SCIMSchemaLst", "dbo"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaAttribute", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("CanonicalValues") + .HasColumnType("longtext"); + + b.Property("CaseExact") + .HasColumnType("tinyint(1)"); + + b.Property("DefaultValueInt") + .HasColumnType("longtext"); + + b.Property("DefaultValueString") + .HasColumnType("longtext"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("FullPath") + .HasColumnType("longtext"); + + b.Property("MultiValued") + .HasColumnType("tinyint(1)"); + + b.Property("Mutability") + .HasColumnType("int"); + + b.Property("Name") + .HasColumnType("longtext"); + + b.Property("ParentId") + .HasColumnType("longtext"); + + b.Property("ReferenceTypes") + .HasColumnType("longtext"); + + b.Property("Required") + .HasColumnType("tinyint(1)"); + + b.Property("Returned") + .HasColumnType("int"); + + b.Property("SchemaId") + .HasColumnType("varchar(255)"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Uniqueness") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("SchemaId"); + + b.ToTable("SCIMSchemaAttribute", "dbo"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaExtension", b => + { + b.Property("Id") + .HasColumnType("varchar(255)"); + + b.Property("Required") + .HasColumnType("tinyint(1)"); + + b.Property("SCIMSchemaId") + .HasColumnType("varchar(255)"); + + b.Property("Schema") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.HasIndex("SCIMSchemaId"); + + b.ToTable("SCIMSchemaExtension", "dbo"); + }); + + modelBuilder.Entity("SCIMRepresentationSCIMSchema", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMRepresentation", null) + .WithMany() + .HasForeignKey("RepresentationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchema", null) + .WithMany() + .HasForeignKey("SchemasId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationHistory", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", "ProvisioningConfiguration") + .WithMany("HistoryLst") + .HasForeignKey("ProvisioningConfigurationId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("ProvisioningConfiguration"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", null) + .WithMany("Records") + .HasForeignKey("ProvisioningConfigurationId") + .OnDelete(DeleteBehavior.Cascade); + + b.HasOne("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", null) + .WithMany("Values") + .HasForeignKey("ProvisioningConfigurationRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", null) + .WithMany("Children") + .HasForeignKey("ParentAttributeId"); + + b.HasOne("SimpleIdServer.Scim.Domains.SCIMRepresentation", "Representation") + .WithMany("FlatAttributes") + .HasForeignKey("RepresentationId") + .OnDelete(DeleteBehavior.Cascade); + + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchemaAttribute", "SchemaAttribute") + .WithMany() + .HasForeignKey("SchemaAttributeId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("Representation"); + + b.Navigation("SchemaAttribute"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaAttribute", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchema", null) + .WithMany("Attributes") + .HasForeignKey("SchemaId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaExtension", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchema", null) + .WithMany("SchemaExtensions") + .HasForeignKey("SCIMSchemaId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", b => + { + b.Navigation("HistoryLst"); + + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentation", b => + { + b.Navigation("FlatAttributes"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", b => + { + b.Navigation("Children"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchema", b => + { + b.Navigation("Attributes"); + + b.Navigation("SchemaExtensions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/Scim/SimpleIdServer.Scim.MySQLMigrations/Migrations/20240706101356_AddIndexesForRepresentationAttribute.cs b/src/Scim/SimpleIdServer.Scim.MySQLMigrations/Migrations/20240706101356_AddIndexesForRepresentationAttribute.cs new file mode 100644 index 000000000..aac91f9ca --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim.MySQLMigrations/Migrations/20240706101356_AddIndexesForRepresentationAttribute.cs @@ -0,0 +1,67 @@ +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.Scim.MySQLMigrations.Migrations +{ + /// + public partial class AddIndexesForRepresentationAttribute : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AlterColumn( + name: "FullPath", + schema: "dbo", + table: "SCIMRepresentationAttributeLst", + type: "varchar(512)", + maxLength: 512, + nullable: true, + oldClrType: typeof(string), + oldType: "longtext", + oldNullable: true) + .Annotation("MySql:CharSet", "utf8mb4") + .OldAnnotation("MySql:CharSet", "utf8mb4"); + + migrationBuilder.CreateIndex( + name: "IX_SCIMRepresentationAttributeLst_FullPath", + schema: "dbo", + table: "SCIMRepresentationAttributeLst", + column: "FullPath"); + + migrationBuilder.CreateIndex( + name: "IX_SCIMRepresentationAttributeLst_ValueString", + schema: "dbo", + table: "SCIMRepresentationAttributeLst", + column: "ValueString"); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropIndex( + name: "IX_SCIMRepresentationAttributeLst_FullPath", + schema: "dbo", + table: "SCIMRepresentationAttributeLst"); + + migrationBuilder.DropIndex( + name: "IX_SCIMRepresentationAttributeLst_ValueString", + schema: "dbo", + table: "SCIMRepresentationAttributeLst"); + + migrationBuilder.AlterColumn( + name: "FullPath", + schema: "dbo", + table: "SCIMRepresentationAttributeLst", + type: "longtext", + nullable: true, + oldClrType: typeof(string), + oldType: "varchar(512)", + oldMaxLength: 512, + oldNullable: true) + .Annotation("MySql:CharSet", "utf8mb4") + .OldAnnotation("MySql:CharSet", "utf8mb4"); + } + } +} diff --git a/src/Scim/SimpleIdServer.Scim.MySQLMigrations/Migrations/SCIMDbContextModelSnapshot.cs b/src/Scim/SimpleIdServer.Scim.MySQLMigrations/Migrations/SCIMDbContextModelSnapshot.cs index a6ed869c0..4f129d7ce 100644 --- a/src/Scim/SimpleIdServer.Scim.MySQLMigrations/Migrations/SCIMDbContextModelSnapshot.cs +++ b/src/Scim/SimpleIdServer.Scim.MySQLMigrations/Migrations/SCIMDbContextModelSnapshot.cs @@ -2,6 +2,7 @@ using System; using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; using Microsoft.EntityFrameworkCore.Storage.ValueConversion; using SimpleIdServer.Scim.Persistence.EF; @@ -17,7 +18,7 @@ protected override void BuildModel(ModelBuilder modelBuilder) #pragma warning disable 612, 618 modelBuilder .HasDefaultSchema("dbo") - .HasAnnotation("ProductVersion", "7.0.18") + .HasAnnotation("ProductVersion", "8.0.4") .HasAnnotation("Relational:MaxIdentifierLength", 64); modelBuilder.Entity("SCIMRepresentationSCIMSchema", b => @@ -212,7 +213,8 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("longtext"); b.Property("FullPath") - .HasColumnType("longtext"); + .HasMaxLength(512) + .HasColumnType("varchar(512)"); b.Property("IsComputed") .HasColumnType("tinyint(1)"); @@ -256,12 +258,16 @@ protected override void BuildModel(ModelBuilder modelBuilder) b.HasKey("Id"); + b.HasIndex("FullPath"); + b.HasIndex("ParentAttributeId"); b.HasIndex("RepresentationId"); b.HasIndex("SchemaAttributeId"); + b.HasIndex("ValueString"); + b.ToTable("SCIMRepresentationAttributeLst", "dbo"); }); diff --git a/src/Scim/SimpleIdServer.Scim.Persistence.EF/Configurations/SCIMRepresentationAttributeConfiguration.cs b/src/Scim/SimpleIdServer.Scim.Persistence.EF/Configurations/SCIMRepresentationAttributeConfiguration.cs index e891c6d12..9975fbfbf 100644 --- a/src/Scim/SimpleIdServer.Scim.Persistence.EF/Configurations/SCIMRepresentationAttributeConfiguration.cs +++ b/src/Scim/SimpleIdServer.Scim.Persistence.EF/Configurations/SCIMRepresentationAttributeConfiguration.cs @@ -14,7 +14,11 @@ public void Configure(EntityTypeBuilder builder) builder.HasOne(a => a.SchemaAttribute).WithMany().HasForeignKey(a => a.SchemaAttributeId).OnDelete(DeleteBehavior.Cascade); builder.HasMany(a => a.Children).WithOne().HasForeignKey("ParentAttributeId"); builder.Ignore(a => a.CachedChildren); + builder.Property(a => a.FullPath).HasMaxLength(512); builder.Property(a => a.ValueString).HasMaxLength(255); + + builder.HasIndex(a => a.FullPath); + builder.HasIndex(a => a.ValueString); } } } diff --git a/src/Scim/SimpleIdServer.Scim.Persistence.EF/SCIMDbContext.cs b/src/Scim/SimpleIdServer.Scim.Persistence.EF/SCIMDbContext.cs index c18458dae..341ad6ff8 100644 --- a/src/Scim/SimpleIdServer.Scim.Persistence.EF/SCIMDbContext.cs +++ b/src/Scim/SimpleIdServer.Scim.Persistence.EF/SCIMDbContext.cs @@ -11,7 +11,13 @@ public class SCIMDbContext : DbContext { private readonly SCIMEFOptions _options; - public SCIMDbContext(DbContextOptions dbContextOptions, IOptions options) : base(dbContextOptions) + public SCIMDbContext(DbContextOptions dbContextOptions, IOptions options): this((DbContextOptions)dbContextOptions, options) + { + + } + + // protected constructor with generic options simplifies inheritance of the DbContext + protected SCIMDbContext(DbContextOptions dbContextOptions, IOptions options): base(dbContextOptions) { _options = options.Value; } diff --git a/src/Scim/SimpleIdServer.Scim.PostgreMigrations/Migrations/20240706105850_AddIndexesForRepresentationAttribute.Designer.cs b/src/Scim/SimpleIdServer.Scim.PostgreMigrations/Migrations/20240706105850_AddIndexesForRepresentationAttribute.Designer.cs new file mode 100644 index 000000000..305c3966a --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim.PostgreMigrations/Migrations/20240706105850_AddIndexesForRepresentationAttribute.Designer.cs @@ -0,0 +1,491 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata; +using SimpleIdServer.Scim.Persistence.EF; + +#nullable disable + +namespace SimpleIdServer.Scim.PostgreMigrations.Migrations +{ + [DbContext(typeof(SCIMDbContext))] + [Migration("20240706105850_AddIndexesForRepresentationAttribute")] + partial class AddIndexesForRepresentationAttribute + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasDefaultSchema("scim") + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 63); + + NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder); + + modelBuilder.Entity("SCIMRepresentationSCIMSchema", b => + { + b.Property("RepresentationsId") + .HasColumnType("text"); + + b.Property("SchemasId") + .HasColumnType("text"); + + b.HasKey("RepresentationsId", "SchemasId"); + + b.HasIndex("SchemasId"); + + b.ToTable("SCIMRepresentationSCIMSchema", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("ResourceType") + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("UpdateDateTime") + .HasColumnType("timestamp with time zone"); + + b.HasKey("Id"); + + b.ToTable("ProvisioningConfigurations", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("Exception") + .HasColumnType("text"); + + b.Property("ExecutionDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("ProvisioningConfigurationId") + .HasColumnType("text"); + + b.Property("RepresentationId") + .HasColumnType("text"); + + b.Property("RepresentationVersion") + .HasColumnType("integer"); + + b.Property("Status") + .HasColumnType("integer"); + + b.Property("WorkflowId") + .HasColumnType("text"); + + b.Property("WorkflowInstanceId") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ProvisioningConfigurationId"); + + b.ToTable("ProvisioningConfigurationHistory", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("integer"); + + NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property("Id")); + + b.Property("IsArray") + .HasColumnType("boolean"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("ProvisioningConfigurationId") + .HasColumnType("text"); + + b.Property("ProvisioningConfigurationRecordId") + .HasColumnType("integer"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("ValuesString") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("ProvisioningConfigurationId"); + + b.HasIndex("ProvisioningConfigurationRecordId"); + + b.ToTable("ProvisioningConfigurationRecord", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("text"); + + b.Property("Owner") + .HasColumnType("text"); + + b.HasKey("Name"); + + b.ToTable("Realms", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMAttributeMapping", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Mode") + .HasColumnType("integer"); + + b.Property("SourceAttributeId") + .HasColumnType("text"); + + b.Property("SourceAttributeSelector") + .HasColumnType("text"); + + b.Property("SourceResourceType") + .HasColumnType("text"); + + b.Property("TargetAttributeId") + .HasColumnType("text"); + + b.Property("TargetResourceType") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("SCIMAttributeMappingLst", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentation", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Created") + .HasColumnType("timestamp with time zone"); + + b.Property("DisplayName") + .HasColumnType("text"); + + b.Property("ExternalId") + .HasColumnType("text"); + + b.Property("LastModified") + .HasColumnType("timestamp with time zone"); + + b.Property("RealmName") + .HasColumnType("text"); + + b.Property("ResourceType") + .HasMaxLength(255) + .HasColumnType("character varying(255)"); + + b.Property("Version") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.ToTable("SCIMRepresentationLst", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("AttributeId") + .HasColumnType("text"); + + b.Property("ComputedValueIndex") + .HasColumnType("text"); + + b.Property("FullPath") + .HasMaxLength(512) + .HasColumnType("character varying(512)"); + + b.Property("IsComputed") + .HasColumnType("boolean"); + + b.Property("Namespace") + .HasColumnType("text"); + + b.Property("ParentAttributeId") + .HasColumnType("text"); + + b.Property("RepresentationId") + .HasColumnType("text"); + + b.Property("ResourceType") + .HasColumnType("text"); + + b.Property("SchemaAttributeId") + .HasColumnType("text"); + + b.Property("ValueBinary") + .HasColumnType("text"); + + b.Property("ValueBoolean") + .HasColumnType("boolean"); + + b.Property("ValueDateTime") + .HasColumnType("timestamp with time zone"); + + b.Property("ValueDecimal") + .HasColumnType("numeric"); + + b.Property("ValueInteger") + .HasColumnType("integer"); + + b.Property("ValueReference") + .HasColumnType("text"); + + b.Property("ValueString") + .HasMaxLength(255) + .HasColumnType("character varying(255)"); + + b.HasKey("Id"); + + b.HasIndex("FullPath"); + + b.HasIndex("ParentAttributeId"); + + b.HasIndex("RepresentationId"); + + b.HasIndex("SchemaAttributeId"); + + b.HasIndex("ValueString"); + + b.ToTable("SCIMRepresentationAttributeLst", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchema", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("IsRootSchema") + .HasColumnType("boolean"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("ResourceType") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.ToTable("SCIMSchemaLst", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaAttribute", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("CanonicalValues") + .HasColumnType("text"); + + b.Property("CaseExact") + .HasColumnType("boolean"); + + b.Property("DefaultValueInt") + .HasColumnType("text"); + + b.Property("DefaultValueString") + .HasColumnType("text"); + + b.Property("Description") + .HasColumnType("text"); + + b.Property("FullPath") + .HasColumnType("text"); + + b.Property("MultiValued") + .HasColumnType("boolean"); + + b.Property("Mutability") + .HasColumnType("integer"); + + b.Property("Name") + .HasColumnType("text"); + + b.Property("ParentId") + .HasColumnType("text"); + + b.Property("ReferenceTypes") + .HasColumnType("text"); + + b.Property("Required") + .HasColumnType("boolean"); + + b.Property("Returned") + .HasColumnType("integer"); + + b.Property("SchemaId") + .HasColumnType("text"); + + b.Property("Type") + .HasColumnType("integer"); + + b.Property("Uniqueness") + .HasColumnType("integer"); + + b.HasKey("Id"); + + b.HasIndex("SchemaId"); + + b.ToTable("SCIMSchemaAttribute", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaExtension", b => + { + b.Property("Id") + .HasColumnType("text"); + + b.Property("Required") + .HasColumnType("boolean"); + + b.Property("SCIMSchemaId") + .HasColumnType("text"); + + b.Property("Schema") + .HasColumnType("text"); + + b.HasKey("Id"); + + b.HasIndex("SCIMSchemaId"); + + b.ToTable("SCIMSchemaExtension", "scim"); + }); + + modelBuilder.Entity("SCIMRepresentationSCIMSchema", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMRepresentation", null) + .WithMany() + .HasForeignKey("RepresentationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchema", null) + .WithMany() + .HasForeignKey("SchemasId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationHistory", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", "ProvisioningConfiguration") + .WithMany("HistoryLst") + .HasForeignKey("ProvisioningConfigurationId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("ProvisioningConfiguration"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", null) + .WithMany("Records") + .HasForeignKey("ProvisioningConfigurationId") + .OnDelete(DeleteBehavior.Cascade); + + b.HasOne("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", null) + .WithMany("Values") + .HasForeignKey("ProvisioningConfigurationRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", null) + .WithMany("Children") + .HasForeignKey("ParentAttributeId"); + + b.HasOne("SimpleIdServer.Scim.Domains.SCIMRepresentation", "Representation") + .WithMany("FlatAttributes") + .HasForeignKey("RepresentationId") + .OnDelete(DeleteBehavior.Cascade); + + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchemaAttribute", "SchemaAttribute") + .WithMany() + .HasForeignKey("SchemaAttributeId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("Representation"); + + b.Navigation("SchemaAttribute"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaAttribute", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchema", null) + .WithMany("Attributes") + .HasForeignKey("SchemaId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaExtension", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchema", null) + .WithMany("SchemaExtensions") + .HasForeignKey("SCIMSchemaId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", b => + { + b.Navigation("HistoryLst"); + + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentation", b => + { + b.Navigation("FlatAttributes"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", b => + { + b.Navigation("Children"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchema", b => + { + b.Navigation("Attributes"); + + b.Navigation("SchemaExtensions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/Scim/SimpleIdServer.Scim.PostgreMigrations/Migrations/20240706105850_AddIndexesForRepresentationAttribute.cs b/src/Scim/SimpleIdServer.Scim.PostgreMigrations/Migrations/20240706105850_AddIndexesForRepresentationAttribute.cs new file mode 100644 index 000000000..0d753f4c0 --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim.PostgreMigrations/Migrations/20240706105850_AddIndexesForRepresentationAttribute.cs @@ -0,0 +1,62 @@ +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.Scim.PostgreMigrations.Migrations +{ + /// + public partial class AddIndexesForRepresentationAttribute : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AlterColumn( + name: "FullPath", + schema: "scim", + table: "SCIMRepresentationAttributeLst", + type: "character varying(512)", + maxLength: 512, + nullable: true, + oldClrType: typeof(string), + oldType: "text", + oldNullable: true); + + migrationBuilder.CreateIndex( + name: "IX_SCIMRepresentationAttributeLst_FullPath", + schema: "scim", + table: "SCIMRepresentationAttributeLst", + column: "FullPath"); + + migrationBuilder.CreateIndex( + name: "IX_SCIMRepresentationAttributeLst_ValueString", + schema: "scim", + table: "SCIMRepresentationAttributeLst", + column: "ValueString"); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropIndex( + name: "IX_SCIMRepresentationAttributeLst_FullPath", + schema: "scim", + table: "SCIMRepresentationAttributeLst"); + + migrationBuilder.DropIndex( + name: "IX_SCIMRepresentationAttributeLst_ValueString", + schema: "scim", + table: "SCIMRepresentationAttributeLst"); + + migrationBuilder.AlterColumn( + name: "FullPath", + schema: "scim", + table: "SCIMRepresentationAttributeLst", + type: "text", + nullable: true, + oldClrType: typeof(string), + oldType: "character varying(512)", + oldMaxLength: 512, + oldNullable: true); + } + } +} diff --git a/src/Scim/SimpleIdServer.Scim.PostgreMigrations/Migrations/SCIMDbContextModelSnapshot.cs b/src/Scim/SimpleIdServer.Scim.PostgreMigrations/Migrations/SCIMDbContextModelSnapshot.cs index 4800bf931..becbc7a9f 100644 --- a/src/Scim/SimpleIdServer.Scim.PostgreMigrations/Migrations/SCIMDbContextModelSnapshot.cs +++ b/src/Scim/SimpleIdServer.Scim.PostgreMigrations/Migrations/SCIMDbContextModelSnapshot.cs @@ -18,7 +18,7 @@ protected override void BuildModel(ModelBuilder modelBuilder) #pragma warning disable 612, 618 modelBuilder .HasDefaultSchema("scim") - .HasAnnotation("ProductVersion", "7.0.18") + .HasAnnotation("ProductVersion", "8.0.4") .HasAnnotation("Relational:MaxIdentifierLength", 63); NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder); @@ -219,7 +219,8 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("text"); b.Property("FullPath") - .HasColumnType("text"); + .HasMaxLength(512) + .HasColumnType("character varying(512)"); b.Property("IsComputed") .HasColumnType("boolean"); @@ -263,12 +264,16 @@ protected override void BuildModel(ModelBuilder modelBuilder) b.HasKey("Id"); + b.HasIndex("FullPath"); + b.HasIndex("ParentAttributeId"); b.HasIndex("RepresentationId"); b.HasIndex("SchemaAttributeId"); + b.HasIndex("ValueString"); + b.ToTable("SCIMRepresentationAttributeLst", "scim"); }); diff --git a/src/Scim/SimpleIdServer.Scim.SqlServerMigrations/Migrations/20240706105705_AddIndexesForRepresentationAttribute.Designer.cs b/src/Scim/SimpleIdServer.Scim.SqlServerMigrations/Migrations/20240706105705_AddIndexesForRepresentationAttribute.Designer.cs new file mode 100644 index 000000000..f5e2caa6b --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim.SqlServerMigrations/Migrations/20240706105705_AddIndexesForRepresentationAttribute.Designer.cs @@ -0,0 +1,491 @@ +// +using System; +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Infrastructure; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using SimpleIdServer.Scim.Persistence.EF; + +#nullable disable + +namespace SimpleIdServer.Scim.SqlServerMigrations.Migrations +{ + [DbContext(typeof(SCIMDbContext))] + [Migration("20240706105705_AddIndexesForRepresentationAttribute")] + partial class AddIndexesForRepresentationAttribute + { + /// + protected override void BuildTargetModel(ModelBuilder modelBuilder) + { +#pragma warning disable 612, 618 + modelBuilder + .HasDefaultSchema("scim") + .HasAnnotation("ProductVersion", "8.0.4") + .HasAnnotation("Relational:MaxIdentifierLength", 128); + + SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder); + + modelBuilder.Entity("SCIMRepresentationSCIMSchema", b => + { + b.Property("RepresentationsId") + .HasColumnType("nvarchar(450)"); + + b.Property("SchemasId") + .HasColumnType("nvarchar(450)"); + + b.HasKey("RepresentationsId", "SchemasId"); + + b.HasIndex("SchemasId"); + + b.ToTable("SCIMRepresentationSCIMSchema", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("ResourceType") + .HasColumnType("nvarchar(max)"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("UpdateDateTime") + .HasColumnType("datetime2"); + + b.HasKey("Id"); + + b.ToTable("ProvisioningConfigurations", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationHistory", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("Exception") + .HasColumnType("nvarchar(max)"); + + b.Property("ExecutionDateTime") + .HasColumnType("datetime2"); + + b.Property("ProvisioningConfigurationId") + .HasColumnType("nvarchar(450)"); + + b.Property("RepresentationId") + .HasColumnType("nvarchar(max)"); + + b.Property("RepresentationVersion") + .HasColumnType("int"); + + b.Property("Status") + .HasColumnType("int"); + + b.Property("WorkflowId") + .HasColumnType("nvarchar(max)"); + + b.Property("WorkflowInstanceId") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ProvisioningConfigurationId"); + + b.ToTable("ProvisioningConfigurationHistory", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id")); + + b.Property("IsArray") + .HasColumnType("bit"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("ProvisioningConfigurationId") + .HasColumnType("nvarchar(450)"); + + b.Property("ProvisioningConfigurationRecordId") + .HasColumnType("int"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("ValuesString") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("ProvisioningConfigurationId"); + + b.HasIndex("ProvisioningConfigurationRecordId"); + + b.ToTable("ProvisioningConfigurationRecord", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.Realm", b => + { + b.Property("Name") + .HasColumnType("nvarchar(450)"); + + b.Property("Owner") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Name"); + + b.ToTable("Realms", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMAttributeMapping", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Mode") + .HasColumnType("int"); + + b.Property("SourceAttributeId") + .HasColumnType("nvarchar(max)"); + + b.Property("SourceAttributeSelector") + .HasColumnType("nvarchar(max)"); + + b.Property("SourceResourceType") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetAttributeId") + .HasColumnType("nvarchar(max)"); + + b.Property("TargetResourceType") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("SCIMAttributeMappingLst", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentation", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Created") + .HasColumnType("datetime2"); + + b.Property("DisplayName") + .HasColumnType("nvarchar(max)"); + + b.Property("ExternalId") + .HasColumnType("nvarchar(max)"); + + b.Property("LastModified") + .HasColumnType("datetime2"); + + b.Property("RealmName") + .HasColumnType("nvarchar(max)"); + + b.Property("ResourceType") + .HasMaxLength(255) + .HasColumnType("nvarchar(255)"); + + b.Property("Version") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.ToTable("SCIMRepresentationLst", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("AttributeId") + .HasColumnType("nvarchar(max)"); + + b.Property("ComputedValueIndex") + .HasColumnType("nvarchar(max)"); + + b.Property("FullPath") + .HasMaxLength(512) + .HasColumnType("nvarchar(512)"); + + b.Property("IsComputed") + .HasColumnType("bit"); + + b.Property("Namespace") + .HasColumnType("nvarchar(max)"); + + b.Property("ParentAttributeId") + .HasColumnType("nvarchar(450)"); + + b.Property("RepresentationId") + .HasColumnType("nvarchar(450)"); + + b.Property("ResourceType") + .HasColumnType("nvarchar(max)"); + + b.Property("SchemaAttributeId") + .HasColumnType("nvarchar(450)"); + + b.Property("ValueBinary") + .HasColumnType("nvarchar(max)"); + + b.Property("ValueBoolean") + .HasColumnType("bit"); + + b.Property("ValueDateTime") + .HasColumnType("datetime2"); + + b.Property("ValueDecimal") + .HasColumnType("decimal(18,2)"); + + b.Property("ValueInteger") + .HasColumnType("int"); + + b.Property("ValueReference") + .HasColumnType("nvarchar(max)"); + + b.Property("ValueString") + .HasMaxLength(255) + .HasColumnType("nvarchar(255)"); + + b.HasKey("Id"); + + b.HasIndex("FullPath"); + + b.HasIndex("ParentAttributeId"); + + b.HasIndex("RepresentationId"); + + b.HasIndex("SchemaAttributeId"); + + b.HasIndex("ValueString"); + + b.ToTable("SCIMRepresentationAttributeLst", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchema", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("IsRootSchema") + .HasColumnType("bit"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("ResourceType") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.ToTable("SCIMSchemaLst", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaAttribute", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("CanonicalValues") + .HasColumnType("nvarchar(max)"); + + b.Property("CaseExact") + .HasColumnType("bit"); + + b.Property("DefaultValueInt") + .HasColumnType("nvarchar(max)"); + + b.Property("DefaultValueString") + .HasColumnType("nvarchar(max)"); + + b.Property("Description") + .HasColumnType("nvarchar(max)"); + + b.Property("FullPath") + .HasColumnType("nvarchar(max)"); + + b.Property("MultiValued") + .HasColumnType("bit"); + + b.Property("Mutability") + .HasColumnType("int"); + + b.Property("Name") + .HasColumnType("nvarchar(max)"); + + b.Property("ParentId") + .HasColumnType("nvarchar(max)"); + + b.Property("ReferenceTypes") + .HasColumnType("nvarchar(max)"); + + b.Property("Required") + .HasColumnType("bit"); + + b.Property("Returned") + .HasColumnType("int"); + + b.Property("SchemaId") + .HasColumnType("nvarchar(450)"); + + b.Property("Type") + .HasColumnType("int"); + + b.Property("Uniqueness") + .HasColumnType("int"); + + b.HasKey("Id"); + + b.HasIndex("SchemaId"); + + b.ToTable("SCIMSchemaAttribute", "scim"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaExtension", b => + { + b.Property("Id") + .HasColumnType("nvarchar(450)"); + + b.Property("Required") + .HasColumnType("bit"); + + b.Property("SCIMSchemaId") + .HasColumnType("nvarchar(450)"); + + b.Property("Schema") + .HasColumnType("nvarchar(max)"); + + b.HasKey("Id"); + + b.HasIndex("SCIMSchemaId"); + + b.ToTable("SCIMSchemaExtension", "scim"); + }); + + modelBuilder.Entity("SCIMRepresentationSCIMSchema", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMRepresentation", null) + .WithMany() + .HasForeignKey("RepresentationsId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchema", null) + .WithMany() + .HasForeignKey("SchemasId") + .OnDelete(DeleteBehavior.Cascade) + .IsRequired(); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationHistory", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", "ProvisioningConfiguration") + .WithMany("HistoryLst") + .HasForeignKey("ProvisioningConfigurationId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("ProvisioningConfiguration"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", null) + .WithMany("Records") + .HasForeignKey("ProvisioningConfigurationId") + .OnDelete(DeleteBehavior.Cascade); + + b.HasOne("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", null) + .WithMany("Values") + .HasForeignKey("ProvisioningConfigurationRecordId"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", null) + .WithMany("Children") + .HasForeignKey("ParentAttributeId"); + + b.HasOne("SimpleIdServer.Scim.Domains.SCIMRepresentation", "Representation") + .WithMany("FlatAttributes") + .HasForeignKey("RepresentationId") + .OnDelete(DeleteBehavior.Cascade); + + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchemaAttribute", "SchemaAttribute") + .WithMany() + .HasForeignKey("SchemaAttributeId") + .OnDelete(DeleteBehavior.Cascade); + + b.Navigation("Representation"); + + b.Navigation("SchemaAttribute"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaAttribute", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchema", null) + .WithMany("Attributes") + .HasForeignKey("SchemaId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchemaExtension", b => + { + b.HasOne("SimpleIdServer.Scim.Domains.SCIMSchema", null) + .WithMany("SchemaExtensions") + .HasForeignKey("SCIMSchemaId") + .OnDelete(DeleteBehavior.Cascade); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfiguration", b => + { + b.Navigation("HistoryLst"); + + b.Navigation("Records"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.ProvisioningConfigurationRecord", b => + { + b.Navigation("Values"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentation", b => + { + b.Navigation("FlatAttributes"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMRepresentationAttribute", b => + { + b.Navigation("Children"); + }); + + modelBuilder.Entity("SimpleIdServer.Scim.Domains.SCIMSchema", b => + { + b.Navigation("Attributes"); + + b.Navigation("SchemaExtensions"); + }); +#pragma warning restore 612, 618 + } + } +} diff --git a/src/Scim/SimpleIdServer.Scim.SqlServerMigrations/Migrations/20240706105705_AddIndexesForRepresentationAttribute.cs b/src/Scim/SimpleIdServer.Scim.SqlServerMigrations/Migrations/20240706105705_AddIndexesForRepresentationAttribute.cs new file mode 100644 index 000000000..acede52ab --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim.SqlServerMigrations/Migrations/20240706105705_AddIndexesForRepresentationAttribute.cs @@ -0,0 +1,62 @@ +using Microsoft.EntityFrameworkCore.Migrations; + +#nullable disable + +namespace SimpleIdServer.Scim.SqlServerMigrations.Migrations +{ + /// + public partial class AddIndexesForRepresentationAttribute : Migration + { + /// + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.AlterColumn( + name: "FullPath", + schema: "scim", + table: "SCIMRepresentationAttributeLst", + type: "nvarchar(512)", + maxLength: 512, + nullable: true, + oldClrType: typeof(string), + oldType: "nvarchar(max)", + oldNullable: true); + + migrationBuilder.CreateIndex( + name: "IX_SCIMRepresentationAttributeLst_FullPath", + schema: "scim", + table: "SCIMRepresentationAttributeLst", + column: "FullPath"); + + migrationBuilder.CreateIndex( + name: "IX_SCIMRepresentationAttributeLst_ValueString", + schema: "scim", + table: "SCIMRepresentationAttributeLst", + column: "ValueString"); + } + + /// + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropIndex( + name: "IX_SCIMRepresentationAttributeLst_FullPath", + schema: "scim", + table: "SCIMRepresentationAttributeLst"); + + migrationBuilder.DropIndex( + name: "IX_SCIMRepresentationAttributeLst_ValueString", + schema: "scim", + table: "SCIMRepresentationAttributeLst"); + + migrationBuilder.AlterColumn( + name: "FullPath", + schema: "scim", + table: "SCIMRepresentationAttributeLst", + type: "nvarchar(max)", + nullable: true, + oldClrType: typeof(string), + oldType: "nvarchar(512)", + oldMaxLength: 512, + oldNullable: true); + } + } +} diff --git a/src/Scim/SimpleIdServer.Scim.SqlServerMigrations/Migrations/SCIMDbContextModelSnapshot.cs b/src/Scim/SimpleIdServer.Scim.SqlServerMigrations/Migrations/SCIMDbContextModelSnapshot.cs index ae468dfbb..9e0802c3e 100644 --- a/src/Scim/SimpleIdServer.Scim.SqlServerMigrations/Migrations/SCIMDbContextModelSnapshot.cs +++ b/src/Scim/SimpleIdServer.Scim.SqlServerMigrations/Migrations/SCIMDbContextModelSnapshot.cs @@ -18,7 +18,7 @@ protected override void BuildModel(ModelBuilder modelBuilder) #pragma warning disable 612, 618 modelBuilder .HasDefaultSchema("scim") - .HasAnnotation("ProductVersion", "7.0.18") + .HasAnnotation("ProductVersion", "8.0.4") .HasAnnotation("Relational:MaxIdentifierLength", 128); SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder); @@ -219,7 +219,8 @@ protected override void BuildModel(ModelBuilder modelBuilder) .HasColumnType("nvarchar(max)"); b.Property("FullPath") - .HasColumnType("nvarchar(max)"); + .HasMaxLength(512) + .HasColumnType("nvarchar(512)"); b.Property("IsComputed") .HasColumnType("bit"); @@ -263,12 +264,16 @@ protected override void BuildModel(ModelBuilder modelBuilder) b.HasKey("Id"); + b.HasIndex("FullPath"); + b.HasIndex("ParentAttributeId"); b.HasIndex("RepresentationId"); b.HasIndex("SchemaAttributeId"); + b.HasIndex("ValueString"); + b.ToTable("SCIMRepresentationAttributeLst", "scim"); }); diff --git a/src/Scim/SimpleIdServer.Scim.Startup/Program.cs b/src/Scim/SimpleIdServer.Scim.Startup/Program.cs index 26ea974fe..6f9e38ced 100644 --- a/src/Scim/SimpleIdServer.Scim.Startup/Program.cs +++ b/src/Scim/SimpleIdServer.Scim.Startup/Program.cs @@ -233,7 +233,7 @@ void ConfigureMongoDbStorage(StorageConfiguration conf) private static void ConfigureApp(WebApplicationBuilder builder, WebApplication app) { - var opts = app.Services.GetRequiredService>().Value; + var opts = app.Services.GetRequiredService>().Value; app.UseSwagger(); app.UseSwaggerUI(c => { @@ -241,9 +241,9 @@ private static void ConfigureApp(WebApplicationBuilder builder, WebApplication a }); InitializeDatabase(builder, app); app.UseAuthentication(); - app.UseMvc(e => + app.UseMvc(o => { - e.UseScim(opts.EnableRealm); + o.UseScim(opts.EnableRealm); }); } @@ -323,7 +323,7 @@ private static void InitializeDatabase(WebApplicationBuilder builder, IApplicati } if (!context.Realms.Any()) - context.Realms.AddRange(Scim.SCIMConstants.StandardRealms); + context.Realms.AddRange(SimpleIdServer.Scim.SCIMConstants.StandardRealms); context.SaveChanges(); } diff --git a/src/Scim/SimpleIdServer.Scim.SwashbuckleV6/ScimApiDescriptionGroupCollectionProvider.cs b/src/Scim/SimpleIdServer.Scim.SwashbuckleV6/ScimApiDescriptionGroupCollectionProvider.cs new file mode 100644 index 000000000..68eaacf8b --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim.SwashbuckleV6/ScimApiDescriptionGroupCollectionProvider.cs @@ -0,0 +1,804 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Http.Metadata; +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Mvc.Abstractions; +using Microsoft.AspNetCore.Mvc.ActionConstraints; +using Microsoft.AspNetCore.Mvc.ApiExplorer; +using Microsoft.AspNetCore.Mvc.Controllers; +using Microsoft.AspNetCore.Mvc.Formatters; +using Microsoft.AspNetCore.Mvc.Infrastructure; +using Microsoft.AspNetCore.Mvc.ModelBinding; +using Microsoft.AspNetCore.Mvc.ModelBinding.Metadata; +using Microsoft.AspNetCore.Routing; +using Microsoft.AspNetCore.Routing.Template; +using Microsoft.Extensions.Options; +using SimpleIdServer.Scim.Infrastructure; +using System; +using System.Collections.Generic; +using System.ComponentModel; +using System.Linq; +using System.Reflection; +using System.Runtime.Serialization; + +namespace SimpleIdServer.Scim.SwashbuckleV6 +{ + + public class ScimApiDescriptionGroupCollectionProvider : IApiDescriptionGroupCollectionProvider + { + private const string _defaultVersion = "v1"; + private readonly IScimEndpointStore _edpsStore; + private readonly IActionDescriptorCollectionProvider _actionDescriptorCollectionProvider; + private readonly IModelMetadataProvider _modelMetadataProvider; + private readonly IInlineConstraintResolver _constraintResolver; + private readonly MvcOptions _mvcOptions; + private readonly RouteOptions _routeOptions; + private ApiDescriptionGroupCollection? _apiDescriptionGroups; + + public ScimApiDescriptionGroupCollectionProvider( + IScimEndpointStore edpsStore, + IActionDescriptorCollectionProvider actionDescriptorCollectionProvider, + IModelMetadataProvider modelMetadataProvider, + IInlineConstraintResolver constraintResolver, + IOptions optionsAccessor, + IOptions routeOptions) + { + + _edpsStore = edpsStore; + _actionDescriptorCollectionProvider = actionDescriptorCollectionProvider; + _modelMetadataProvider = modelMetadataProvider; + _constraintResolver = constraintResolver; + _mvcOptions = optionsAccessor.Value; + _routeOptions = routeOptions.Value; + } + + public ApiDescriptionGroupCollection ApiDescriptionGroups + { + get + { + if (_apiDescriptionGroups != null) + { + return _apiDescriptionGroups; + } + + var actionDescriptors = _actionDescriptorCollectionProvider.ActionDescriptors; + _apiDescriptionGroups = GetCollection(actionDescriptors); + return _apiDescriptionGroups; + } + } + + private ApiDescriptionGroupCollection GetCollection(ActionDescriptorCollection actionDescriptors) + { + var apiDescriptions = GetApiDescriptions(actionDescriptors.Items); + var groups = apiDescriptions + .GroupBy(d => d.GroupName) + .Select(g => new ApiDescriptionGroup(g.Key, g.ToArray())) + .ToArray(); + var result = new ApiDescriptionGroupCollection(groups, actionDescriptors.Version); + var items = result.Items.SelectMany(i => i.Items); + return result; + } + + private List GetApiDescriptions(IReadOnlyList actions) + { + var result = new List(); + foreach (var action in actions.OfType()) + { + // https://github.com/dotnet/aspnetcore/blob/c5b2625c3141d05027ecb490a4e2ef32e5f9a5ad/src/Mvc/Mvc.ApiExplorer/src/DefaultApiDescriptionProvider.cs#L23 + var routeEndpoints = _edpsStore.Routes.Where(e => + e.Pattern.Defaults["controller"].ToString() == action.ControllerName && + e.Pattern.Defaults["action"].ToString() == action.ActionName); + if (!routeEndpoints.Any()) continue; + + var httpMethods = GetHttpMethods(action); + foreach (var httpMethod in httpMethods) + { + foreach (var routeEndpoint in routeEndpoints) + { + var record = CreateApiDescription(action, httpMethod, _defaultVersion, routeEndpoint); + if (!result.Any(r => r.ActionDescriptor.Id == record.ActionDescriptor.Id)) + result.Add(record); + } + } + } + + return result; + } + + private ApiDescription CreateApiDescription( + ControllerActionDescriptor action, + string? httpMethod, + string? groupName, + ScimConventionalRouteEntry route) + { + // https://github.com/dotnet/aspnetcore/blob/88f9a3686b212c9d5d692b88b6557d5c77fc6155/src/Mvc/Mvc.ApiExplorer/src/DefaultApiDescriptionProvider.cs#L91 + var parsedTemplate = ParseTemplate(route); + var apiDescription = new ApiDescription() + { + ActionDescriptor = action, + GroupName = groupName, + HttpMethod = httpMethod, + RelativePath = GetRelativePath(parsedTemplate), + }; + + var templateParameters = parsedTemplate?.Parameters?.ToList() ?? new List(); + var parameterContext = new ScimApiParameterContext(_modelMetadataProvider, action, templateParameters); + foreach (var parameter in GetParameters(parameterContext)) + { + if (parameter.Name == "prefix") continue; + apiDescription.ParameterDescriptions.Add(parameter); + } + + // action.Parameters + /* + var apiResponseTypes = _responseTypeProvider.GetApiResponseTypes(action); + foreach (var apiResponseType in apiResponseTypes) + { + apiDescription.SupportedResponseTypes.Add(apiResponseType); + } + */ + + // It would be possible here to configure an action with multiple body parameters, in which case you + // could end up with duplicate data. + if (apiDescription.ParameterDescriptions.Count > 0) + { + // Get the most significant accepts metadata + var acceptsMetadata = action.EndpointMetadata.OfType().LastOrDefault(); + var requestMetadataAttributes = GetRequestMetadataAttributes(action); + + var contentTypes = GetDeclaredContentTypes(requestMetadataAttributes, acceptsMetadata); + foreach (var parameter in apiDescription.ParameterDescriptions) + { + if (parameter.Source == BindingSource.Body) + { + // For request body bound parameters, determine the content types supported + // by input formatters. + var requestFormats = GetSupportedFormats(contentTypes, parameter.Type); + foreach (var format in requestFormats) + { + apiDescription.SupportedRequestFormats.Add(format); + } + } + else if (parameter.Source == BindingSource.FormFile) + { + // Add all declared media types since FormFiles do not get processed by formatters. + foreach (var contentType in contentTypes) + { + apiDescription.SupportedRequestFormats.Add(new ApiRequestFormat + { + MediaType = contentType, + }); + } + } + } + } + + return apiDescription; + } + + private IReadOnlyList GetSupportedFormats(MediaTypeCollection contentTypes, Type type) + { + if (contentTypes.Count == 0) + { + contentTypes = new MediaTypeCollection + { + (string)null!, + }; + } + + var results = new List(); + foreach (var contentType in contentTypes) + { + foreach (var formatter in _mvcOptions.InputFormatters) + { + if (formatter is IApiRequestFormatMetadataProvider requestFormatMetadataProvider) + { + var supportedTypes = requestFormatMetadataProvider.GetSupportedContentTypes(contentType, type); + + if (supportedTypes != null) + { + foreach (var supportedType in supportedTypes) + { + results.Add(new ApiRequestFormat() + { + Formatter = formatter, + MediaType = supportedType, + }); + } + } + } + } + } + + return results; + } + + private IList GetParameters(ScimApiParameterContext context) + { + // First, get parameters from the model-binding/parameter-binding side of the world. + if (context.ActionDescriptor.Parameters != null) + { + foreach (var actionParameter in context.ActionDescriptor.Parameters) + { + var visitor = new PseudoModelBindingVisitor(context, actionParameter); + + ModelMetadata metadata; + if (actionParameter is ControllerParameterDescriptor controllerParameterDescriptor && + _modelMetadataProvider is ModelMetadataProvider provider) + { + // The default model metadata provider derives from ModelMetadataProvider + // and can therefore supply information about attributes applied to parameters. + metadata = provider.GetMetadataForParameter(controllerParameterDescriptor.ParameterInfo); + } + else + { + // For backward compatibility, if there's a custom model metadata provider that + // only implements the older IModelMetadataProvider interface, access the more + // limited metadata information it supplies. In this scenario, validation attributes + // are not supported on parameters. + metadata = _modelMetadataProvider.GetMetadataForType(actionParameter.ParameterType); + } + + var bindingContext = new ApiParameterDescriptionContext( + metadata, + actionParameter.BindingInfo, + propertyName: actionParameter.Name); + visitor.WalkParameter(bindingContext); + } + } + + if (context.ActionDescriptor.BoundProperties != null) + { + foreach (var actionParameter in context.ActionDescriptor.BoundProperties) + { + var visitor = new PseudoModelBindingVisitor(context, actionParameter); + var modelMetadata = context.MetadataProvider.GetMetadataForProperty( + containerType: context.ActionDescriptor.ControllerTypeInfo.AsType(), + propertyName: actionParameter.Name); + + var bindingContext = new ApiParameterDescriptionContext( + modelMetadata, + actionParameter.BindingInfo, + propertyName: actionParameter.Name); + + visitor.WalkParameter(bindingContext); + } + } + + for (var i = context.Results.Count - 1; i >= 0; i--) + { + // Remove any 'hidden' parameters. These are things that can't come from user input, + // so they aren't worth showing. + if (!context.Results[i].Source.IsFromRequest) + { + context.Results.RemoveAt(i); + } + } + + // Next, we want to join up any route parameters with those discovered from the action's parameters. + // This will result us in creating a parameter representation for each route parameter that does not + // have a mapping parameter or bound property. + ProcessRouteParameters(context); + + // Set IsRequired=true + ProcessIsRequired(context, _mvcOptions); + + // Set DefaultValue + ProcessParameterDefaultValue(context); + + return context.Results; + } + + private void ProcessRouteParameters(ScimApiParameterContext context) + { + var routeParameters = new Dictionary(StringComparer.OrdinalIgnoreCase); + foreach (var routeParameter in context.RouteParameters) + { + routeParameters.Add(routeParameter.Name!, CreateRouteInfo(routeParameter)); + } + + for (var i = context.Results.Count - 1; i >= 0; i--) + { + var parameter = context.Results[i]; + + if (parameter.Source == BindingSource.Path || + parameter.Source == BindingSource.ModelBinding || + parameter.Source == BindingSource.Custom) + { + if (routeParameters.TryGetValue(parameter.Name, out var routeInfo)) + { + parameter.RouteInfo = routeInfo; + routeParameters.Remove(parameter.Name); + + if (parameter.Source == BindingSource.ModelBinding && + !parameter.RouteInfo.IsOptional) + { + // If we didn't see any information about the parameter, but we have + // a route parameter that matches, let's switch it to path. + parameter.Source = BindingSource.Path; + } + } + else + { + if (parameter.Source == BindingSource.Path && + parameter.ModelMetadata is DefaultModelMetadata defaultModelMetadata && + !defaultModelMetadata.Attributes.Attributes.OfType().Any()) + { + // If we didn't see the parameter in the route and no FromRoute metadata is set, it probably means + // the parameter binding source was inferred (InferParameterBindingInfoConvention) + // probably because another route to this action contains it as route parameter and + // will be removed from the API description + // https://github.com/dotnet/aspnetcore/issues/26234 + context.Results.RemoveAt(i); + } + } + } + } + + // Lastly, create a parameter representation for each route parameter that did not find + // a partner. + foreach (var routeParameter in routeParameters) + { + context.Results.Add(new ApiParameterDescription() + { + Name = routeParameter.Key, + RouteInfo = routeParameter.Value, + Source = BindingSource.Path, + }); + } + } + + private static void ProcessParameterDefaultValue(ScimApiParameterContext context) + { + foreach (var parameter in context.Results) + { + if (parameter.Source == BindingSource.Path) + { + parameter.DefaultValue = parameter.RouteInfo?.DefaultValue; + } + else + { + if (parameter.ParameterDescriptor is ControllerParameterDescriptor controllerParameter && + TryGetDeclaredParameterDefaultValue(controllerParameter.ParameterInfo, out var defaultValue)) + { + parameter.DefaultValue = defaultValue; + } + } + } + } + + private static bool TryGetDeclaredParameterDefaultValue(ParameterInfo parameterInfo, out object? defaultValue) + { + if (TryGetDefaultValue(parameterInfo, out defaultValue)) + { + return true; + } + + var defaultValueAttribute = parameterInfo.GetCustomAttribute(inherit: false); + if (defaultValueAttribute != null) + { + defaultValue = defaultValueAttribute.Value; + return true; + } + + return false; + } + + private static bool TryGetDefaultValue(ParameterInfo parameter, out object? defaultValue) + { + var hasDefaultValue = CheckHasDefaultValue(parameter, out var tryToGetDefaultValue); + defaultValue = null; + + if (parameter.HasDefaultValue) + { + if (tryToGetDefaultValue) + { + defaultValue = parameter.DefaultValue; + } + + bool isNullableParameterType = parameter.ParameterType.IsGenericType && + parameter.ParameterType.GetGenericTypeDefinition() == typeof(Nullable<>); + + // Workaround for https://github.com/dotnet/runtime/issues/18599 + if (defaultValue == null && parameter.ParameterType.IsValueType + && !isNullableParameterType) // Nullable types should be left null + { + defaultValue = CreateValueType(parameter.ParameterType); + } + + // Handle nullable enums + if (defaultValue != null && isNullableParameterType) + { + Type? underlyingType = Nullable.GetUnderlyingType(parameter.ParameterType); + if (underlyingType != null && underlyingType.IsEnum) + { + defaultValue = Enum.ToObject(underlyingType, defaultValue); + } + } + } + + return hasDefaultValue; + } + + private static bool CheckHasDefaultValue(ParameterInfo parameter, out bool tryToGetDefaultValue) + { + tryToGetDefaultValue = true; + try + { + return parameter.HasDefaultValue; + } + catch (FormatException) when (parameter.ParameterType == typeof(DateTime)) + { + // Workaround for https://github.com/dotnet/runtime/issues/18844 + // If HasDefaultValue throws FormatException for DateTime + // we expect it to have default value + tryToGetDefaultValue = false; + return true; + } + } + + private static object? CreateValueType(Type t) => FormatterServices.GetSafeUninitializedObject(t); + + private ApiParameterRouteInfo CreateRouteInfo(TemplatePart routeParameter) + { + var constraints = new List(); + if (routeParameter.InlineConstraints != null) + { + foreach (var constraint in routeParameter.InlineConstraints) + { + constraints.Add(_constraintResolver.ResolveConstraint(constraint.Constraint)!); + } + } + + return new ApiParameterRouteInfo() + { + Constraints = constraints, + DefaultValue = routeParameter.DefaultValue, + IsOptional = routeParameter.IsOptional || routeParameter.DefaultValue != null, + }; + } + + private static IEnumerable GetHttpMethods(ControllerActionDescriptor action) + { + if (action.ActionConstraints != null && action.ActionConstraints.Count > 0) + { + return action.ActionConstraints.OfType().SelectMany(c => c.HttpMethods); + } + else + { + return new string?[] { null }; + } + } + + private static IApiRequestMetadataProvider[]? GetRequestMetadataAttributes(ControllerActionDescriptor action) + { + if (action.FilterDescriptors == null) + { + return null; + } + + return action.FilterDescriptors + .Select(fd => fd.Filter) + .OfType() + .ToArray(); + } + + private static void ProcessIsRequired(ScimApiParameterContext context, MvcOptions mvcOptions) + { + foreach (var parameter in context.Results) + { + if (parameter.Source == BindingSource.Body) + { + if (parameter.BindingInfo == null || parameter.BindingInfo.EmptyBodyBehavior == EmptyBodyBehavior.Default) + { + parameter.IsRequired = !mvcOptions.AllowEmptyInputInBodyModelBinding; + } + else + { + parameter.IsRequired = !(parameter.BindingInfo.EmptyBodyBehavior == EmptyBodyBehavior.Allow); + } + } + + if (parameter.ModelMetadata != null && parameter.ModelMetadata.IsBindingRequired) + { + parameter.IsRequired = true; + } + + if (parameter.Source == BindingSource.Path && parameter.RouteInfo != null && !parameter.RouteInfo.IsOptional) + { + parameter.IsRequired = true; + } + } + } + + private static MediaTypeCollection GetDeclaredContentTypes(IReadOnlyList? requestMetadataAttributes, IAcceptsMetadata? acceptsMetadata) + { + var contentTypes = new MediaTypeCollection(); + + // Walking the content types from the accepts metadata first + // to allow any RequestMetadataProvider to see or override any accepts metadata + // keeping the current behavior. + if (acceptsMetadata != null) + { + foreach (var contentType in acceptsMetadata.ContentTypes) + { + contentTypes.Add(contentType); + } + } + + // Walk through all 'filter' attributes in order, and allow each one to see or override + // the results of the previous ones. This is similar to the execution path for content-negotiation. + if (requestMetadataAttributes != null) + { + foreach (var metadataAttribute in requestMetadataAttributes) + { + metadataAttribute.SetContentTypes(contentTypes); + } + } + + return contentTypes; + } + + private static RouteTemplate? ParseTemplate(ScimConventionalRouteEntry route) + { + if (route.Pattern != null) + { + return TemplateParser.Parse(route.Pattern.RawText); + } + + return null; + } + + private string? GetRelativePath(RouteTemplate? parsedTemplate) + { + if (parsedTemplate == null) + { + return null; + } + + var segments = new List(); + foreach (var segment in parsedTemplate.Segments) + { + var currentSegment = string.Empty; + foreach (var part in segment.Parts) + { + if (part.IsLiteral) + { + currentSegment += _routeOptions.LowercaseUrls ? + part.Text!.ToLowerInvariant() : + part.Text; + } + else if (part.IsParameter) + { + currentSegment += "{" + part.Name + "}"; + } + } + + segments.Add(currentSegment); + } + + return string.Join("/", segments); + } + + private sealed class PseudoModelBindingVisitor + { + public PseudoModelBindingVisitor(ScimApiParameterContext context, ParameterDescriptor parameter) + { + Context = context; + Parameter = parameter; + + Visited = new HashSet(new PropertyKeyEqualityComparer()); + } + + public ScimApiParameterContext Context { get; } + + public ParameterDescriptor Parameter { get; } + + // Avoid infinite recursion by tracking properties. + private HashSet Visited { get; } + + public void WalkParameter(ApiParameterDescriptionContext context) + { + // Attempt to find a binding source for the parameter + // + // The default is ModelBinding (aka all default value providers) + var source = BindingSource.ModelBinding; + Visit(context, source, containerName: string.Empty); + } + + private void Visit( + ApiParameterDescriptionContext bindingContext, + BindingSource ambientSource, + string containerName) + { + var source = bindingContext.BindingSource; + if (source != null && source.IsGreedy) + { + // We have a definite answer for this model. This is a greedy source like + // [FromBody] so there's no need to consider properties. + Context.Results.Add(CreateResult(bindingContext, source, containerName)); + return; + } + + var modelMetadata = bindingContext.ModelMetadata; + + // For any property which is a leaf node, we don't want to keep traversing: + // + // 1) Collections - while it's possible to have binder attributes on the inside of a collection, + // it hardly seems useful, and would result in some very weird binding. + // + // 2) Simple Types - These are generally part of the .net framework - primitives, or types which have a + // type converter from string. + // + // 3) Types with no properties. Obviously nothing to explore there. + // + if (modelMetadata.IsEnumerableType || + !modelMetadata.IsComplexType || + modelMetadata.Properties.Count == 0) + { + Context.Results.Add(CreateResult(bindingContext, source ?? ambientSource, containerName)); + return; + } + + // This will come from composite model binding - so investigate what's going on with each property. + // + // Ex: + // + // public IActionResult PlaceOrder(OrderDTO order) {...} + // + // public class OrderDTO + // { + // public int AccountId { get; set; } + // + // [FromBody] + // public Order { get; set; } + // } + // + // This should result in two parameters: + // + // AccountId - source: Any + // Order - source: Body + // + + // We don't want to append the **parameter** name when building a model name. + var newContainerName = containerName; + if (modelMetadata.ContainerType != null) + { + newContainerName = GetName(containerName, bindingContext); + } + + var metadataProperties = modelMetadata.Properties; + var metadataPropertiesCount = metadataProperties.Count; + for (var i = 0; i < metadataPropertiesCount; i++) + { + var propertyMetadata = metadataProperties[i]; + var key = new PropertyKey(propertyMetadata, source); + var bindingInfo = BindingInfo.GetBindingInfo(Enumerable.Empty(), propertyMetadata); + + var propertyContext = new ApiParameterDescriptionContext( + propertyMetadata, + bindingInfo: bindingInfo, + propertyName: null); + + if (Visited.Add(key)) + { + Visit(propertyContext, source ?? ambientSource, newContainerName); + Visited.Remove(key); + } + else + { + // This is cycle, so just add a result rather than traversing. + Context.Results.Add(CreateResult(propertyContext, source ?? ambientSource, newContainerName)); + } + } + } + + private ApiParameterDescription CreateResult( + ApiParameterDescriptionContext bindingContext, + BindingSource source, + string containerName) + { + return new ApiParameterDescription() + { + ModelMetadata = bindingContext.ModelMetadata, + Name = GetName(containerName, bindingContext), + Source = source, + Type = GetModelType(bindingContext.ModelMetadata), + ParameterDescriptor = Parameter, + BindingInfo = bindingContext.BindingInfo + }; + } + + private static Type GetModelType(ModelMetadata metadata) + { + // IsParseableType || IsConvertibleType + if (!metadata.IsComplexType) + { + return GetDisplayType(metadata.ModelType); + } + + return metadata.ModelType; + } + + private static string GetName(string containerName, ApiParameterDescriptionContext metadata) + { + var propertyName = !string.IsNullOrEmpty(metadata.BinderModelName) ? metadata.BinderModelName : metadata.PropertyName; + return ModelNames.CreatePropertyModelName(containerName, propertyName); + } + + private readonly struct PropertyKey + { + public readonly Type ContainerType; + + public readonly string PropertyName; + + public readonly BindingSource? Source; + + public PropertyKey(ModelMetadata metadata, BindingSource? source) + { + ContainerType = metadata.ContainerType!; + PropertyName = metadata.PropertyName!; + Source = source; + } + } + + private sealed class PropertyKeyEqualityComparer : IEqualityComparer + { + public bool Equals(PropertyKey x, PropertyKey y) + { + return + x.ContainerType == y.ContainerType && + x.PropertyName == y.PropertyName && + x.Source == y.Source; + } + + public int GetHashCode(PropertyKey obj) + { + return HashCode.Combine(obj.ContainerType, obj.PropertyName, obj.Source); + } + } + } + + private sealed class ApiParameterDescriptionContext + { + public ModelMetadata ModelMetadata { get; } + + public string? BinderModelName { get; } + + public BindingSource? BindingSource { get; } + + public string? PropertyName { get; } + + public BindingInfo? BindingInfo { get; } + + public ApiParameterDescriptionContext( + ModelMetadata metadata, + BindingInfo? bindingInfo, + string? propertyName) + { + // BindingMetadata can be null if the metadata represents properties. + ModelMetadata = metadata; + BinderModelName = bindingInfo?.BinderModelName; + BindingSource = bindingInfo?.BindingSource; + PropertyName = propertyName ?? metadata.Name; + BindingInfo = bindingInfo; + } + } + + private static Type GetDisplayType(Type type) + { + var underlyingType = Nullable.GetUnderlyingType(type) ?? type; + return underlyingType.IsPrimitive + // Those additional types have TypeConverter or TryParse and are not primitives + // but should not be considered string in the metadata + || underlyingType == typeof(DateTime) + || underlyingType == typeof(DateTimeOffset) + || underlyingType == typeof(DateOnly) + || underlyingType == typeof(TimeOnly) + || underlyingType == typeof(TimeSpan) + || underlyingType == typeof(decimal) + || underlyingType == typeof(Guid) + || underlyingType == typeof(Uri) ? type : typeof(string); + } + } +} diff --git a/src/Scim/SimpleIdServer.Scim.SwashbuckleV6/ScimApiParameterContext.cs b/src/Scim/SimpleIdServer.Scim.SwashbuckleV6/ScimApiParameterContext.cs new file mode 100644 index 000000000..fac439919 --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim.SwashbuckleV6/ScimApiParameterContext.cs @@ -0,0 +1,33 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Mvc.ApiExplorer; +using Microsoft.AspNetCore.Mvc.Controllers; +using Microsoft.AspNetCore.Mvc.ModelBinding; +using Microsoft.AspNetCore.Routing.Template; +using System.Collections.Generic; + +namespace SimpleIdServer.Scim.SwashbuckleV6 +{ + internal class ScimApiParameterContext + { + public ScimApiParameterContext( + IModelMetadataProvider metadataProvider, + ControllerActionDescriptor actionDescriptor, + IReadOnlyList routeParameters) + { + MetadataProvider = metadataProvider; + ActionDescriptor = actionDescriptor; + RouteParameters = routeParameters; + + Results = new List(); + } + + public ControllerActionDescriptor ActionDescriptor { get; } + + public IModelMetadataProvider MetadataProvider { get; } + + public IList Results { get; } + + public IReadOnlyList RouteParameters { get; } + } +} diff --git a/src/Scim/SimpleIdServer.Scim.SwashbuckleV6/ServiceCollectionExtensions.cs b/src/Scim/SimpleIdServer.Scim.SwashbuckleV6/ServiceCollectionExtensions.cs index e1c7234fd..27e0157ca 100644 --- a/src/Scim/SimpleIdServer.Scim.SwashbuckleV6/ServiceCollectionExtensions.cs +++ b/src/Scim/SimpleIdServer.Scim.SwashbuckleV6/ServiceCollectionExtensions.cs @@ -1,7 +1,10 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Mvc.ApiExplorer; +using Microsoft.Extensions.DependencyInjection.Extensions; using SimpleIdServer.Scim.Swashbuckle; +using SimpleIdServer.Scim.SwashbuckleV6; using Swashbuckle.AspNetCore.SwaggerGen; namespace Microsoft.Extensions.DependencyInjection @@ -10,6 +13,8 @@ public static class SCIMSwashbuckleServiceCollectionExtensions { public static IServiceCollection AddSCIMSwagger(this IServiceCollection services) { + services.RemoveAll(); + services.AddSingleton(); services.AddTransient(); return services; } diff --git a/src/Scim/SimpleIdServer.Scim/Api/BaseApiController.cs b/src/Scim/SimpleIdServer.Scim/Api/BaseApiController.cs index a45b5153e..cd4e1309f 100644 --- a/src/Scim/SimpleIdServer.Scim/Api/BaseApiController.cs +++ b/src/Scim/SimpleIdServer.Scim/Api/BaseApiController.cs @@ -446,7 +446,7 @@ protected async Task InternalUpdate(string prefix, string id, Rep if (!_options.IsFullRepresentationReturned) { var content = representation.ToResponse(location, true, mergeExtensionAttributes: _options.MergeExtensionAttributes); - if (IsPublishEvtsEnabled) await _busControl.Publish(new RepresentationUpdatedEvent(representation.Id, representation.Version, GetResourceType(_resourceType), content, _options.IncludeToken ? Request.GetToken() : string.Empty)); + if (IsPublishEvtsEnabled) await _busControl.Publish(new RepresentationUpdatedEvent(representation.Id, representation.Version, GetResourceType(_resourceType), content, _options.IncludeToken ? Request.GetToken() : string.Empty, updateResult.Result.PatchOperations)); return BuildHTTPResult(HttpStatusCode.OK, location, representation.Version, content); } else @@ -455,7 +455,7 @@ protected async Task InternalUpdate(string prefix, string id, Rep representation = getRepresentationResult.Result; await _attributeReferenceEnricher.Enrich(_resourceType, new List { representation }, _uriProvider.GetAbsoluteUriWithVirtualPath()); var content = representation.ToResponse(location, true, mergeExtensionAttributes: _options.MergeExtensionAttributes); - if (IsPublishEvtsEnabled) await _busControl.Publish(new RepresentationUpdatedEvent(representation.Id, representation.Version, GetResourceType(_resourceType), content, _options.IncludeToken ? Request.GetToken() : string.Empty)); + if (IsPublishEvtsEnabled) await _busControl.Publish(new RepresentationUpdatedEvent(representation.Id, representation.Version, GetResourceType(_resourceType), content, _options.IncludeToken ? Request.GetToken() : string.Empty, updateResult.Result.PatchOperations)); return BuildHTTPResult(HttpStatusCode.OK, location, representation.Version, content); } } @@ -520,7 +520,7 @@ protected async Task InternalPatch(string prefix, string id, Patc { var content = representation.ToResponse(location, true, mergeExtensionAttributes: _options.MergeExtensionAttributes); if (IsPublishEvtsEnabled) - await _busControl.Publish(new RepresentationUpdatedEvent(representation.Id, representation.Version, GetResourceType(_resourceType), content, _options.IncludeToken ? Request.GetToken() : string.Empty)); + await _busControl.Publish(new RepresentationUpdatedEvent(representation.Id, representation.Version, GetResourceType(_resourceType), content, _options.IncludeToken ? Request.GetToken() : string.Empty, patchRes.Result.PatchOperations)); return BuildHTTPResult(HttpStatusCode.OK, location, representation.Version, content); } @@ -530,7 +530,7 @@ protected async Task InternalPatch(string prefix, string id, Patc representation = getRepresentationResult.Result; await _attributeReferenceEnricher.Enrich(_resourceType, new List { representation }, _uriProvider.GetAbsoluteUriWithVirtualPath()); var content = representation.ToResponse(location, true, mergeExtensionAttributes: _options.MergeExtensionAttributes); - if (IsPublishEvtsEnabled) await _busControl.Publish(new RepresentationUpdatedEvent(representation.Id, representation.Version, GetResourceType(_resourceType), content, _options.IncludeToken ? Request.GetToken() : string.Empty)); + if (IsPublishEvtsEnabled) await _busControl.Publish(new RepresentationUpdatedEvent(representation.Id, representation.Version, GetResourceType(_resourceType), content, _options.IncludeToken ? Request.GetToken() : string.Empty, patchRes.Result.PatchOperations)); return BuildHTTPResult(HttpStatusCode.OK, location, representation.Version, content); } } diff --git a/src/Scim/SimpleIdServer.Scim/Commands/Handlers/PatchRepresentationCommandHandler.cs b/src/Scim/SimpleIdServer.Scim/Commands/Handlers/PatchRepresentationCommandHandler.cs index 74d277304..c636fdbc5 100644 --- a/src/Scim/SimpleIdServer.Scim/Commands/Handlers/PatchRepresentationCommandHandler.cs +++ b/src/Scim/SimpleIdServer.Scim/Commands/Handlers/PatchRepresentationCommandHandler.cs @@ -82,7 +82,7 @@ private async Task> UpdateRepresentatio } existingRepresentation.Apply(references, patchResultLst); - return GenericResult.Ok(PatchRepresentationResult.Ok(existingRepresentation)); + return GenericResult.Ok(PatchRepresentationResult.Ok(existingRepresentation, patchResultLst)); } private void CheckParameter(PatchRepresentationParameter patchRepresentation) diff --git a/src/Scim/SimpleIdServer.Scim/Commands/Handlers/ReplaceRepresentationCommandHandler.cs b/src/Scim/SimpleIdServer.Scim/Commands/Handlers/ReplaceRepresentationCommandHandler.cs index 3c3ef8a66..8b128fa84 100644 --- a/src/Scim/SimpleIdServer.Scim/Commands/Handlers/ReplaceRepresentationCommandHandler.cs +++ b/src/Scim/SimpleIdServer.Scim/Commands/Handlers/ReplaceRepresentationCommandHandler.cs @@ -81,7 +81,7 @@ public async virtual Task> Handle(Rep } existingRepresentation.Apply(references, patchOperations); - return GenericResult.Ok(ReplaceRepresentationResult.Ok(existingRepresentation)); + return GenericResult.Ok(ReplaceRepresentationResult.Ok(existingRepresentation, patchOperations)); } private async Task<(SCIMRepresentation, SCIMSchema)> Validate(ReplaceRepresentationCommand replaceRepresentationCommand) diff --git a/src/Scim/SimpleIdServer.Scim/Commands/PatchRepresentationCommand.cs b/src/Scim/SimpleIdServer.Scim/Commands/PatchRepresentationCommand.cs index 8fdbe4b4e..de80678b2 100644 --- a/src/Scim/SimpleIdServer.Scim/Commands/PatchRepresentationCommand.cs +++ b/src/Scim/SimpleIdServer.Scim/Commands/PatchRepresentationCommand.cs @@ -3,6 +3,7 @@ using SimpleIdServer.Scim.Domains; using SimpleIdServer.Scim.DTOs; using SimpleIdServer.Scim.Infrastructure; +using System.Collections.Generic; namespace SimpleIdServer.Scim.Commands { @@ -28,15 +29,16 @@ public class PatchRepresentationResult { public bool IsPatched { get; private set; } public SCIMRepresentation Representation { get; private set; } + public List PatchOperations { get; private set; } = new List(); public static PatchRepresentationResult NoPatch() { return new PatchRepresentationResult { IsPatched = false }; } - public static PatchRepresentationResult Ok(SCIMRepresentation representation) + public static PatchRepresentationResult Ok(SCIMRepresentation representation, List patchOperations) { - return new PatchRepresentationResult { IsPatched = true, Representation = representation }; + return new PatchRepresentationResult { IsPatched = true, Representation = representation, PatchOperations = patchOperations }; } } } diff --git a/src/Scim/SimpleIdServer.Scim/Commands/ReplaceRepresentationCommand.cs b/src/Scim/SimpleIdServer.Scim/Commands/ReplaceRepresentationCommand.cs index 1fd232102..26e663801 100644 --- a/src/Scim/SimpleIdServer.Scim/Commands/ReplaceRepresentationCommand.cs +++ b/src/Scim/SimpleIdServer.Scim/Commands/ReplaceRepresentationCommand.cs @@ -3,6 +3,7 @@ using SimpleIdServer.Scim.Domains; using SimpleIdServer.Scim.DTOs; using SimpleIdServer.Scim.Infrastructure; +using System.Collections.Generic; namespace SimpleIdServer.Scim.Commands { @@ -28,15 +29,16 @@ public class ReplaceRepresentationResult { public bool IsReplaced { get; private set; } public SCIMRepresentation Representation { get; private set; } + public List PatchOperations { get; private set; } = new List(); public ReplaceRepresentationResult() { - } - public ReplaceRepresentationResult(SCIMRepresentation representation) + public ReplaceRepresentationResult(SCIMRepresentation representation, List patchOperations) { Representation = representation; + PatchOperations = patchOperations; } public static ReplaceRepresentationResult NoReplacement() @@ -44,9 +46,9 @@ public static ReplaceRepresentationResult NoReplacement() return new ReplaceRepresentationResult { IsReplaced = false }; } - public static ReplaceRepresentationResult Ok(SCIMRepresentation representation) + public static ReplaceRepresentationResult Ok(SCIMRepresentation representation, List patchOperations) { - return new ReplaceRepresentationResult { IsReplaced = true, Representation = representation }; + return new ReplaceRepresentationResult { IsReplaced = true, Representation = representation, PatchOperations = patchOperations }; } } } diff --git a/src/Scim/SimpleIdServer.Scim/ExternalEvents/PatchAttributeOperation.cs b/src/Scim/SimpleIdServer.Scim/ExternalEvents/PatchAttributeOperation.cs new file mode 100644 index 000000000..1e0dfaf32 --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim/ExternalEvents/PatchAttributeOperation.cs @@ -0,0 +1,40 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.Scim.Domains; +using SimpleIdServer.Scim.DTOs; +using System; +using System.Collections.Generic; +using System.Linq; + +namespace SimpleIdServer.Scim.ExternalEvents; + +public class PatchAttributeOperation +{ + public string Path { get; set; } + public SCIMPatchOperations Operation { get; set; } + public SCIMSchemaAttributeTypes Type { get; set; } + public string ValueString { get; set; } + public bool? ValueBoolean { get; set; } + public int? ValueInteger { get; set; } + public DateTime? ValueDateTime { get; set; } + public string ValueReference { get; set; } + public decimal? ValueDecimal { get; set; } + public string ValueBinary { get; set; } + + public static List Transform(List patchOperations) + { + return patchOperations.Select(o => new PatchAttributeOperation + { + Operation = o.Operation, + Path = o.Path, + Type = o.Attr.SchemaAttribute.Type, + ValueBinary = o.Attr.ValueBinary, + ValueBoolean = o.Attr.ValueBoolean, + ValueDateTime = o.Attr.ValueDateTime, + ValueDecimal = o.Attr.ValueDecimal, + ValueInteger = o.Attr.ValueInteger, + ValueReference = o.Attr.ValueReference, + ValueString = o.Attr.ValueString + }).ToList(); + } +} diff --git a/src/Scim/SimpleIdServer.Scim/ExternalEvents/RepresentationUpdatedEvent.cs b/src/Scim/SimpleIdServer.Scim/ExternalEvents/RepresentationUpdatedEvent.cs index 7ef07fa85..1dcb5d81e 100644 --- a/src/Scim/SimpleIdServer.Scim/ExternalEvents/RepresentationUpdatedEvent.cs +++ b/src/Scim/SimpleIdServer.Scim/ExternalEvents/RepresentationUpdatedEvent.cs @@ -1,6 +1,8 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Newtonsoft.Json.Linq; +using SimpleIdServer.Scim.DTOs; +using System.Collections.Generic; namespace SimpleIdServer.Scim.ExternalEvents { @@ -11,11 +13,13 @@ public RepresentationUpdatedEvent() } - public RepresentationUpdatedEvent(string id, int version, string resourceType, JObject representation, string token) : base(id, version, resourceType, representation) + public RepresentationUpdatedEvent(string id, int version, string resourceType, JObject representation, string token, List patchOperations) : base(id, version, resourceType, representation) { Token = token; + PatchOperations = PatchAttributeOperation.Transform(patchOperations); } public string Token { get; set; } + public List PatchOperations { get; set; } } } diff --git a/src/Scim/SimpleIdServer.Scim/Infrastructure/EndpointRouteBuilderExtensions.cs b/src/Scim/SimpleIdServer.Scim/Infrastructure/EndpointRouteBuilderExtensions.cs new file mode 100644 index 000000000..87a3566d6 --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim/Infrastructure/EndpointRouteBuilderExtensions.cs @@ -0,0 +1,32 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Routing; +using Microsoft.Extensions.DependencyInjection; +using System.Diagnostics.CodeAnalysis; + +namespace SimpleIdServer.Scim.Infrastructure +{ + public static class EndpointRouteBuilderExtensions + { + public static void ScimMapControllerRoute( + this IRouteBuilder builder, + string name, + [StringSyntax("Route")] string pattern, + object? defaults = null, + object? constraints = null, + object? dataTokens = null) + { + builder.MapRoute(name, pattern, defaults, constraints, dataTokens); + var edpsStore = GetEdpsStore(builder); + edpsStore.AddRoute( + name, + pattern, + new RouteValueDictionary(defaults), + new RouteValueDictionary(constraints), + new RouteValueDictionary(dataTokens)); + } + + private static IScimEndpointStore GetEdpsStore(IRouteBuilder builder) => builder.ServiceProvider.GetRequiredService(); + } +} diff --git a/src/Scim/SimpleIdServer.Scim/Infrastructure/ScimConventionalRouteEntry.cs b/src/Scim/SimpleIdServer.Scim/Infrastructure/ScimConventionalRouteEntry.cs new file mode 100644 index 000000000..d3c5a36f5 --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim/Infrastructure/ScimConventionalRouteEntry.cs @@ -0,0 +1,38 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Routing.Patterns; +using Microsoft.AspNetCore.Routing; +using System.Collections.Generic; +using System; + +namespace SimpleIdServer.Scim.Infrastructure; + +public class ScimConventionalRouteEntry +{ + public readonly RoutePattern Pattern; + public readonly string RouteName; + public readonly RouteValueDictionary? DataTokens; + public readonly int Order; + public readonly IReadOnlyList> Conventions; + public readonly IReadOnlyList> FinallyConventions; + + public ScimConventionalRouteEntry( + string routeName, + string pattern, + RouteValueDictionary? defaults, + IDictionary? constraints, + RouteValueDictionary? dataTokens, + int order, + List> conventions, + List> finallyConventions) + { + RouteName = routeName; + DataTokens = dataTokens; + Order = order; + Conventions = conventions; + FinallyConventions = finallyConventions; + Pattern = RoutePatternFactory.Parse(pattern, defaults, constraints); + } +} diff --git a/src/Scim/SimpleIdServer.Scim/Infrastructure/ScimEndpointStore.cs b/src/Scim/SimpleIdServer.Scim/Infrastructure/ScimEndpointStore.cs new file mode 100644 index 000000000..0728322a1 --- /dev/null +++ b/src/Scim/SimpleIdServer.Scim/Infrastructure/ScimEndpointStore.cs @@ -0,0 +1,36 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Routing; +using System; +using System.Collections.Generic; + +namespace SimpleIdServer.Scim.Infrastructure; + +public interface IScimEndpointStore +{ + List Routes { get; } + + void AddRoute(string routeName, + string pattern, + RouteValueDictionary? defaults, + IDictionary? constraints, + RouteValueDictionary? dataTokens); +} + +public class ScimEndpointStore : IScimEndpointStore +{ + public List Routes { get; private set; } = new List(); + + public void AddRoute(string routeName, + string pattern, + RouteValueDictionary? defaults, + IDictionary? constraints, + RouteValueDictionary? dataTokens) + { + var conventions = new List>(); + var finallyConventions = new List>(); + Routes.Add(new ScimConventionalRouteEntry(routeName, pattern, defaults, constraints, dataTokens, 0, conventions, finallyConventions)); + } +} diff --git a/src/Scim/SimpleIdServer.Scim/RouteBuilderExtensions.cs b/src/Scim/SimpleIdServer.Scim/RouteBuilderExtensions.cs index c672bb4a2..9ddfb1667 100644 --- a/src/Scim/SimpleIdServer.Scim/RouteBuilderExtensions.cs +++ b/src/Scim/SimpleIdServer.Scim/RouteBuilderExtensions.cs @@ -1,82 +1,82 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Routing; using SimpleIdServer.Scim.Domains; +using SimpleIdServer.Scim.Infrastructure; namespace Microsoft.AspNetCore.Builder; public static class RouteBuilderExtensions { - public static IRouteBuilder UseScim(this IRouteBuilder routeBuilder, bool usePrefix = false) + public static IRouteBuilder UseScim(this IRouteBuilder webApp, bool usePrefix = false) { - routeBuilder.MapRoute("getResourceTypes", - template: SCIMEndpoints.ResourceType, + webApp.ScimMapControllerRoute("getResourceTypes", + pattern: SCIMEndpoints.ResourceType, defaults: new { controller = "ResourceTypes", action = "GetAll" }); - routeBuilder.MapRoute("getResourceType", - template: SCIMEndpoints.ResourceType + "/{id}", + webApp.ScimMapControllerRoute("getResourceType", + pattern: SCIMEndpoints.ResourceType + "/{id}", defaults: new { controller = "ResourceTypes", action = "Get" }); - routeBuilder.MapRoute("getSchemas", - template: SCIMEndpoints.Schemas, + webApp.ScimMapControllerRoute("getSchemas", + pattern: SCIMEndpoints.Schemas, defaults: new { controller = "Schemas", action = "GetAll" }); - routeBuilder.MapRoute("getSchema", - template: SCIMEndpoints.Schemas + "/{id}", + webApp.ScimMapControllerRoute("getSchema", + pattern: SCIMEndpoints.Schemas + "/{id}", defaults: new { controller = "Schema", action = "Get" }); - routeBuilder.MapRoute("getServiceProviderConfig", - template: SCIMEndpoints.ServiceProviderConfig, + webApp.ScimMapControllerRoute("getServiceProviderConfig", + pattern: SCIMEndpoints.ServiceProviderConfig, defaults: new { controller = "ServiceProviderConfig", action = "Get" }); - routeBuilder.MapRoute("bulk", - template: $"{(usePrefix ? "{prefix}/" : string.Empty)}{SCIMEndpoints.Bulk}", + webApp.ScimMapControllerRoute("bulk", + pattern: $"{(usePrefix ? "{prefix}/" : string.Empty)}{SCIMEndpoints.Bulk}", defaults: new { controller = "Bulk", action = "Index" }); - routeBuilder.UseStandardScimEdp(SCIMEndpoints.User, usePrefix); - routeBuilder.UseStandardScimEdp(SCIMEndpoints.Group, usePrefix); + webApp.UseStandardScimEdp(SCIMEndpoints.User, usePrefix); + webApp.UseStandardScimEdp(SCIMEndpoints.Group, usePrefix); - routeBuilder.MapRoute("catchAllGet", + webApp.MapRoute("catchAllGet", template: "{*url}", defaults: new { controller = "Default", action = "Get" }); - routeBuilder.MapRoute("catchAllPut", + webApp.MapRoute("catchAllPut", template: "{*url}", defaults: new { controller = "Default", action = "Put" }); - routeBuilder.MapRoute("catchAllPost", + webApp.MapRoute("catchAllPost", template: "{*url}", defaults: new { controller = "Default", action = "Post" }); - routeBuilder.MapRoute("catchAllDelete", + webApp.MapRoute("catchAllDelete", template: "{*url}", defaults: new { controller = "Default", action = "Delete" }); - routeBuilder.MapRoute("catchAllPatch", + webApp.MapRoute("catchAllPatch", template: "{*url}", defaults: new { controller = "Default", action = "Patch" }); - return routeBuilder; + return webApp; } - public static IRouteBuilder UseStandardScimEdp(this IRouteBuilder routeBuilder, string controllerName, bool usePrefix) + public static IRouteBuilder UseStandardScimEdp(this IRouteBuilder webApp, string controllerName, bool usePrefix) { - routeBuilder.MapRoute($"get{controllerName}", - template: $"{(usePrefix ? "{prefix}/" : string.Empty)}{controllerName}", + webApp.ScimMapControllerRoute($"get{controllerName}", + pattern: $"{(usePrefix ? "{prefix}/" : string.Empty)}{controllerName}", defaults: new { controller = controllerName, action = "GetAll" }); - routeBuilder.MapRoute($"search{controllerName}", - template: (usePrefix ? "{prefix}/" : string.Empty) + controllerName + "/.search", + webApp.ScimMapControllerRoute($"search{controllerName}", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + controllerName + "/.search", defaults: new { controller = controllerName, action = "Search" }); - routeBuilder.MapRoute($"getUnique{controllerName}", - template: (usePrefix ? "{prefix}/" : string.Empty) + controllerName + "/{id}", + webApp.ScimMapControllerRoute($"getUnique{controllerName}", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + controllerName + "/{id}", defaults: new { controller = controllerName, action = "Get" }); - routeBuilder.MapRoute($"add{controllerName}", - template: (usePrefix ? "{prefix}/" : string.Empty) + controllerName, + webApp.ScimMapControllerRoute($"add{controllerName}", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + controllerName, defaults: new { controller = controllerName, action = "Add" }); - routeBuilder.MapRoute($"delete{controllerName}", - template: (usePrefix ? "{prefix}/" : string.Empty) + controllerName + "/{id}", + webApp.ScimMapControllerRoute($"delete{controllerName}", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + controllerName + "/{id}", defaults: new { controller = controllerName, action = "Delete" }); - routeBuilder.MapRoute($"update{controllerName}", - template: (usePrefix ? "{prefix}/" : string.Empty) + controllerName + "/{id}", + webApp.ScimMapControllerRoute($"update{controllerName}", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + controllerName + "/{id}", defaults: new { controller = controllerName, action = "Update" }); - routeBuilder.MapRoute($"patch{controllerName}", - template: (usePrefix ? "{prefix}/" : string.Empty) + controllerName + "/{id}", + webApp.ScimMapControllerRoute($"patch{controllerName}", + pattern: (usePrefix ? "{prefix}/" : string.Empty) + controllerName + "/{id}", defaults: new { controller = controllerName, action = "Patch" }); - return routeBuilder; + return webApp; } } \ No newline at end of file diff --git a/src/Scim/SimpleIdServer.Scim/ServiceCollectionExtensions.cs b/src/Scim/SimpleIdServer.Scim/ServiceCollectionExtensions.cs index d3df4c182..f6eaafb9f 100644 --- a/src/Scim/SimpleIdServer.Scim/ServiceCollectionExtensions.cs +++ b/src/Scim/SimpleIdServer.Scim/ServiceCollectionExtensions.cs @@ -7,6 +7,7 @@ using SimpleIdServer.Scim.Commands.Handlers; using SimpleIdServer.Scim.Domains; using SimpleIdServer.Scim.Helpers; +using SimpleIdServer.Scim.Infrastructure; using SimpleIdServer.Scim.Persistence; using SimpleIdServer.Scim.Persistence.InMemory; using SimpleIdServer.Scim.Queries; @@ -108,6 +109,7 @@ private static IServiceCollection AddInfrastructure(this IServiceCollection serv services.RegisterAllAssignableType(typeof(BaseApiController), assm, true); } + services.AddSingleton(); return services; } } diff --git a/src/Scim/SimpleIdServer.Scim/SimpleIdServer.Scim.csproj b/src/Scim/SimpleIdServer.Scim/SimpleIdServer.Scim.csproj index b366ce37e..52668ff39 100644 --- a/src/Scim/SimpleIdServer.Scim/SimpleIdServer.Scim.csproj +++ b/src/Scim/SimpleIdServer.Scim/SimpleIdServer.Scim.csproj @@ -3,6 +3,7 @@ net8.0 SCIM2.0 implementation. latest + True diff --git a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/CredentialIssuerConfiguration.cs b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/CredentialIssuerConfiguration.cs index 533521fa3..5eebfc418 100644 --- a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/CredentialIssuerConfiguration.cs +++ b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/CredentialIssuerConfiguration.cs @@ -1,10 +1,11 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using Org.BouncyCastle.Crypto.Agreement; using SimpleIdServer.CredentialIssuer.Builders; using SimpleIdServer.CredentialIssuer.CredentialFormats; using SimpleIdServer.CredentialIssuer.Domains; +using System; using System.Collections.Generic; +using System.Linq; namespace SimpleIdServer.CredentialIssuer.Startup; @@ -13,7 +14,7 @@ public class CredentialIssuerConfiguration public static List CredentialConfigurations => new List { CredentialConfigurationBuilder - .New(LdpVcFormatter.FORMAT, "UniversityDegree", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", scope: "university_degree") + .New(JwtVcJsonFormatter.FORMAT, "UniversityDegree", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", scope: "university_degree") .AddClaim("given_name", "GivenName", (cb) => { cb.AddTranslation("Given Name", "en-US"); @@ -31,6 +32,34 @@ public class CredentialIssuerConfiguration cb.AddTranslation("Name of degree", "en-US"); }) .AddDisplay("University Credential", "en-US", "https://img.freepik.com/premium-vector/logo-university-name-logo-company-called-university_516670-732.jpg", "A square logo of a university", null,"#12107c", "#acd2b1") + .Build(), + CredentialConfigurationBuilder + .New(JwtVcJsonFormatter.FORMAT, "CTWalletSameAuthorisedInTime", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", additionalTypes: new List { "VerifiableAttestation" }, isDeferred: false, scope: "ct_wallet") + .SetSchema("https://api-pilot.ebsi.eu/trusted-schemas-registry/v2/schemas/z3MgUFUkb722uq4x3dv5yAJmnNmzDFeK5UC8x83QoeLJM", "FullJsonSchemaValidator2021") + .Build(), + CredentialConfigurationBuilder + .New(JwtVcJsonFormatter.FORMAT, "CTWalletSameAuthorisedDeferred", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", additionalTypes: new List { "VerifiableAttestation" }, isDeferred: true, id: "6fea9437-9379-4a22-b396-461c9c510011", scope: "ct_wallet") + .SetSchema("https://api-pilot.ebsi.eu/trusted-schemas-registry/v2/schemas/z3MgUFUkb722uq4x3dv5yAJmnNmzDFeK5UC8x83QoeLJM", "FullJsonSchemaValidator2021") + .AddClaim("given_name", "GivenName", (cb) => + { + cb.AddTranslation("Given Name", "en-US"); + }) + .Build(), + CredentialConfigurationBuilder + .New(JwtVcJsonFormatter.FORMAT, "CTWalletSamePreAuthorisedInTime", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", additionalTypes: new List { "VerifiableAttestation" }, scope: "ct_wallet") + .SetSchema("https://api-pilot.ebsi.eu/trusted-schemas-registry/v2/schemas/z3MgUFUkb722uq4x3dv5yAJmnNmzDFeK5UC8x83QoeLJM", "FullJsonSchemaValidator2021") + .AddClaim("given_name", "GivenName", (cb) => + { + cb.AddTranslation("Given Name", "en-US"); + }) + .Build(), + CredentialConfigurationBuilder + .New(JwtVcJsonFormatter.FORMAT, "CTWalletSamePreAuthorisedDeferred", "https://www.w3.org/2018/credentials/examples/v1", "https://www.w3.org/2018/credentials", additionalTypes: new List { "VerifiableAttestation" }, isDeferred: true, scope: "ct_wallet") + .SetSchema("https://api-pilot.ebsi.eu/trusted-schemas-registry/v2/schemas/z3MgUFUkb722uq4x3dv5yAJmnNmzDFeK5UC8x83QoeLJM", "FullJsonSchemaValidator2021") + .AddClaim("given_name", "GivenName", (cb) => + { + cb.AddTranslation("Given Name", "en-US"); + }) .Build() }; @@ -39,4 +68,9 @@ public class CredentialIssuerConfiguration UserCredentialClaimBuilder.Build("administrator", "DegreeName", "Master degree"), UserCredentialClaimBuilder.Build("administrator", "GivenName", "SimpleIdServer") }; + + public static List DeferredCredentials = new List + { + new DeferredCredential { CreateDateTime = DateTime.UtcNow, CredentialConfigurationId = "6fea9437-9379-4a22-b396-461c9c510011", Status = DeferredCredentialStatus.PENDING, TransactionId = Guid.NewGuid().ToString(), FormatterName = JwtVcJsonFormatter.FORMAT } + }; } diff --git a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Program.cs b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Program.cs index 6bd434c2e..5880948a2 100644 --- a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Program.cs +++ b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Program.cs @@ -1,15 +1,23 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Authentication.OpenIdConnect; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; using Microsoft.Extensions.DependencyInjection; using SimpleIdServer.CredentialIssuer.Startup; +using SimpleIdServer.Did.Crypto; +using SimpleIdServer.Did.Key; +using System.IO; using System.Net.Http; +using System.Threading; var builder = WebApplication.CreateBuilder(args); +// GeneratePrivateKey(); + var ignoreCertificateError = bool.Parse(builder.Configuration["Authorization:IgnoreCertificateError"]); builder.Services.AddAuthentication(o => { @@ -61,28 +69,7 @@ }); builder.Services.AddAuthorization(b => { - b.AddPolicy("WebsiteAuthenticated", p => - { - p.RequireAuthenticatedUser(); - }); - b.AddPolicy("ApiAuthenticated", p => - { - p.AuthenticationSchemes.Clear(); - p.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); - p.RequireAuthenticatedUser(); - }); - b.AddPolicy("credconfs", p => - { - p.AuthenticationSchemes.Clear(); - p.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); - p.RequireClaim("scope", "credconfs"); - }); - b.AddPolicy("credinstances", p => - { - p.AuthenticationSchemes.Clear(); - p.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); - p.RequireClaim("scope", "credinstances"); - }); + b.AddDefaultCredentialIssuerAuthorization(); }); builder.Services.AddLocalization(); builder.Services.AddEndpointsApiExplorer(); @@ -92,17 +79,33 @@ builder.Services.AddCredentialIssuer(o => { + var serializedPrivateKey = System.IO.File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "privatekey.json")); + var signatureKey = SignatureKeySerializer.Deserialize(serializedPrivateKey); + var publicDid = builder.Configuration["PublicDid"]; + o.Version = SimpleIdServer.IdServer.CredentialIssuer.CredentialIssuerVersion.ESBI; o.ClientId = builder.Configuration["Authorization:ClientId"]; o.ClientSecret = builder.Configuration["Authorization:ClientSecret"]; o.AuthorizationServer = builder.Configuration["Authorization:Issuer"]; + o.DidDocument = DidKeyResolver.New().Resolve(publicDid, CancellationToken.None).Result; + o.AsymmKey = signatureKey; o.IgnoreHttpsCertificateError = ignoreCertificateError; + o.IsDeveloperModeEnabled = true; }) .UseInMemoryStore(c => { c.AddCredentialConfigurations(CredentialIssuerConfiguration.CredentialConfigurations); c.AddUserCredentialClaims(CredentialIssuerConfiguration.CredentialClaims); + c.AddDeferredCredentials(CredentialIssuerConfiguration.DeferredCredentials); }); +builder.Services.AddDidKey(); + +static void GeneratePrivateKey() +{ + var did = DidKeyGenerator.New().GenerateRandomES256Key().Export(false, true); + var serialized = SignatureKeySerializer.SerializedToJson(did.Key); +} + var app = builder.Build(); app.UseStaticFiles(); app.UseRequestLocalization(e => diff --git a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.Designer.cs b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.Designer.cs index 3f6a217ce..0b517b626 100644 --- a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.Designer.cs +++ b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.Designer.cs @@ -114,6 +114,33 @@ public static string Loading { } } + /// + /// Recherche une chaîne localisée semblable à Pre-authorized. + /// + public static string PreAuthorized { + get { + return ResourceManager.GetString("PreAuthorized", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à QR code. + /// + public static string QrCode { + get { + return ResourceManager.GetString("QrCode", resourceCulture); + } + } + + /// + /// Recherche une chaîne localisée semblable à Requires user PIN. + /// + public static string RequiresUserPin { + get { + return ResourceManager.GetString("RequiresUserPin", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Scan the QR code with your wallet application. /// diff --git a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.resx b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.resx index 92ba92a20..9217ebefa 100644 --- a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.resx +++ b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Resources/Global.resx @@ -135,6 +135,15 @@ Loading + + Pre-authorized + + + QR code + + + Requires user PIN + Scan the QR code with your wallet application diff --git a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/SimpleIdServer.CredentialIssuer.Startup.csproj b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/SimpleIdServer.CredentialIssuer.Startup.csproj index 6df4088fe..23210cf8b 100644 --- a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/SimpleIdServer.CredentialIssuer.Startup.csproj +++ b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/SimpleIdServer.CredentialIssuer.Startup.csproj @@ -1,14 +1,14 @@  - net7.0 + net8.0 Exe - + - - + + diff --git a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Views/Credentials/Index.cshtml b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Views/Credentials/Index.cshtml index 0c97ebbce..6b4e01cc7 100644 --- a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Views/Credentials/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/Views/Credentials/Index.cshtml @@ -1,6 +1,8 @@ @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers +@using Microsoft.Extensions.Options @using SimpleIdServer.CredentialIssuer.Startup.Resources; @using System.Globalization; +@using SimpleIdServer.IdServer.CredentialIssuer @model SimpleIdServer.CredentialIssuer.UI.ViewModels.CredentialsViewModel @{ @@ -30,28 +32,34 @@ var title = display == null ? credentialConfiguration.ServerId : display.Name;
-
-
-
-
- +
+
+
+
+
+ +
+
+
@title
+ @if (display != null) + { +

@display.Description

+ } +
-
-
@title
- @if (display != null) - { -

@display.Description

- } +
+ +
-
-
- +
- +
-
+
}
@@ -64,6 +72,14 @@
+ @if(Model.IsDeveloperModeEnabled) + { +
+
+

@Global.QrCode

+ +
+ }
@@ -92,9 +108,13 @@ $(document).ready(function () { const loadingText = "@Global.Loading"; const shareText = "@Global.Share"; - function displayQrCode(img) { + function displayQrCode(img, qrCode) { $("#qrCodeDialog img").attr("src", img); $("#qrCodeDialog").modal('toggle'); + var qrCodeText = $("#qrCodeText"); + if(qrCodeText.length > 0) { + $("#qrCodeText textarea").val(qrCode); + } } function displayError(json) { @@ -121,7 +141,8 @@ const blob = await response.blob(); const img = URL.createObjectURL(blob); - displayQrCode(img); + const qrCode = response.headers.get('QRCode'); + displayQrCode(img, qrCode); } $("#errorDialog .close").click(function () { @@ -137,7 +158,8 @@ const target = e.target; const shareBtn = $(target).find(".shareBtn"); const configurationId = $(target).find('input[name="configurationId"]').val(); - const body = { configurationId: configurationId }; + const preAuthorized = $(target).find('input[name="preAuthorized"]').is(':checked'); + const body = { configurationId: configurationId, preAuthorized: preAuthorized }; const url = $(target).attr('action'); shareBtn.html(loadingText); shareBtn.prop('disabled', true); diff --git a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/privatekey.json b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/privatekey.json new file mode 100644 index 000000000..4aca57748 --- /dev/null +++ b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Startup/privatekey.json @@ -0,0 +1,4 @@ +{ + "crv_or_size": "P-256", + "jwk": "{\u0022alg\u0022:\u0022ES256\u0022,\u0022crv\u0022:\u0022P-256\u0022,\u0022d\u0022:\u00222F_YZwvrKgfpUZCN0jMeyzRK-jhQGhF67cQaqaB53_I\u0022,\u0022kty\u0022:\u0022EC\u0022,\u0022x\u0022:\u0022ImQHYtAdHDs4JN-doROPPDOUZWWen8PUYFQPW8MGJx0\u0022,\u0022y\u0022:\u0022WtZLCWzzcgF-WNbTM7hS28i7Ty9rsu2TDHSibf01TQ4\u0022}" +} \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Website.Startup/SimpleIdServer.CredentialIssuer.Website.Startup.csproj b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Website.Startup/SimpleIdServer.CredentialIssuer.Website.Startup.csproj index 8545c5318..8fc282960 100644 --- a/src/Templates/templates/SimpleIdServer.CredentialIssuer.Website.Startup/SimpleIdServer.CredentialIssuer.Website.Startup.csproj +++ b/src/Templates/templates/SimpleIdServer.CredentialIssuer.Website.Startup/SimpleIdServer.CredentialIssuer.Website.Startup.csproj @@ -1,10 +1,10 @@  - net7.0 + net8.0 enable enable - + \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/console/Views/Authenticate/Index.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/console/Views/Authenticate/Index.cshtml index 25b6b8ebf..43f9d468b 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/console/Views/Authenticate/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/console/Views/Authenticate/Index.cshtml @@ -9,7 +9,7 @@ ViewBag.Title = AuthenticateConsoleResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/email/Views/Authenticate/Index.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/email/Views/Authenticate/Index.cshtml index ae2e7c98e..9634ae970 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/email/Views/Authenticate/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/email/Views/Authenticate/Index.cshtml @@ -9,7 +9,7 @@ ViewBag.Title = AuthenticateEmailResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Authenticate/Index.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Authenticate/Index.cshtml index 2cbe7fe93..40c8bd33d 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Authenticate/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Authenticate/Index.cshtml @@ -8,22 +8,19 @@ ViewBag.Title = AuthenticateMobileResource.auth_title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } -@if (!ViewData.ModelState.IsValid) -{ -
    - @foreach (var modelState in ViewData.ModelState.Values) +
      + @foreach (var modelState in ViewData.ModelState.Values) + { + foreach (var error in modelState.Errors) { - foreach (var error in modelState.Errors) - { -
    • @AuthenticateMobileResource.ResourceManager.GetString(error.ErrorMessage)
      • - } +
    • @AuthenticateMobileResource.ResourceManager.GetString(error.ErrorMessage)
      • } -
    -} + } +
@if (Model.IsLoginMissing) { diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Register/Index.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Register/Index.cshtml index ad3c0eaa6..9d2dd6155 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Register/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/mobile/Views/Register/Index.cshtml @@ -13,18 +13,15 @@
@(User.Identity.IsAuthenticated ? AuthenticateMobileResource.enroll_mobile : AuthenticateMobileResource.register_mobile)
- @if (!ViewData.ModelState.IsValid) - { -
    - @foreach (var modelState in ViewData.ModelState.Values) +
      + @foreach (var modelState in ViewData.ModelState.Values) + { + foreach (var error in modelState.Errors) { - foreach (var error in modelState.Errors) - { -
    • @AuthenticateWebauthnResource.ResourceManager.GetString(error.ErrorMessage)
      • - } +
    • @AuthenticateWebauthnResource.ResourceManager.GetString(error.ErrorMessage)
      • } -
    - } + } +
diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/otp/Views/Authenticate/Index.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/otp/Views/Authenticate/Index.cshtml index f25b2ef58..7580225b5 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/otp/Views/Authenticate/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/otp/Views/Authenticate/Index.cshtml @@ -9,7 +9,7 @@ ViewBag.Title = AuthenticateOtpResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/pwd/Views/Authenticate/Index.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/pwd/Views/Authenticate/Index.cshtml index 54e97de3b..630ba8873 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/pwd/Views/Authenticate/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/pwd/Views/Authenticate/Index.cshtml @@ -5,7 +5,7 @@ ViewBag.Title = AuthenticatePasswordResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/sms/Views/Authenticate/Index.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/sms/Views/Authenticate/Index.cshtml index e6a95e594..8ed8b42b1 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/sms/Views/Authenticate/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/sms/Views/Authenticate/Index.cshtml @@ -8,7 +8,7 @@ ViewBag.Title = AuthenticateSmsResource.title; Layout = "~/Views/Shared/_AuthenticateLayout.cshtml"; var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/vp/Views/Register/Index.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/vp/Views/Register/Index.cshtml index 4edb4f65c..69ad6ad4d 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/vp/Views/Register/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/vp/Views/Register/Index.cshtml @@ -14,6 +14,9 @@
@RegisterVpResource.enroll_vp
+
    +
+
@foreach (var verifiablePresentation in Model.VerifiablePresentations) { diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml index 823ebe039..7b21c5dbf 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Authenticate/Index.cshtml @@ -10,22 +10,19 @@ var makeAssertionsOptionsUrl = Url.Action("MakeAssertionOptions", "Authenticate", new { area = "webauthn" }); var authenticateUrl = Url.Action("Index", "Authenticate", new { area = "webauthn" }); var returnUrl = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); - var realm = SimpleIdServer.IdServer.Middlewares.RealmContext.Instance()?.Realm; + var realm = SimpleIdServer.IdServer.Helpers.RealmContext.Instance()?.Realm; var registationUrl = $"{(string.IsNullOrWhiteSpace(realm) ? "/" : $"/{realm}/")}Registration?redirectUrl={returnUrl}&workflowName={Model.RegistrationWorkflow?.Name}"; } -@if (!ViewData.ModelState.IsValid) -{ -
    - @foreach (var modelState in ViewData.ModelState.Values) +
      + @foreach (var modelState in ViewData.ModelState.Values) + { + foreach (var error in modelState.Errors) { - foreach (var error in modelState.Errors) - { -
    • @AuthenticateWebauthnResource.ResourceManager.GetString(error.ErrorMessage)
      • - } +
    • @AuthenticateWebauthnResource.ResourceManager.GetString(error.ErrorMessage)
      • } -
    -} + } +
@if (Model.IsLoginMissing) { diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Register/Index.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Register/Index.cshtml index 2d61c5e21..4e756446b 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Register/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Areas/webauthn/Views/Register/Index.cshtml @@ -13,18 +13,15 @@
@(User.Identity.IsAuthenticated ? AuthenticateWebauthnResource.update_webauthn : AuthenticateWebauthnResource.register_webauthn)
- @if (!ViewData.ModelState.IsValid) - { -
    - @foreach (var modelState in ViewData.ModelState.Values) +
      + @foreach (var modelState in ViewData.ModelState.Values) + { + foreach (var error in modelState.Errors) { - foreach (var error in modelState.Errors) - { -
    • @AuthenticateWebauthnResource.ResourceManager.GetString(error.ErrorMessage)
      • - } +
    • @AuthenticateWebauthnResource.ResourceManager.GetString(error.ErrorMessage)
      • } -
    - } + } +
diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/FacebookOptionsLite.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/FacebookOptionsLite.cs index 2c349c2a1..3789de36c 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/FacebookOptionsLite.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/FacebookOptionsLite.cs @@ -7,9 +7,9 @@ namespace SimpleIdServer.IdServer.Startup.Converters { public class FacebookOptionsLite : IDynamicAuthenticationOptions { - [SimpleIdServer.Configuration.ConfigurationRecord("AppId", "Application identifier", 0, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("AppId", "Application identifier", 0, IsRequired = true)] public string AppId { get; set; } - [SimpleIdServer.Configuration.ConfigurationRecord("AppSecret", "Application secret", 1, null, SimpleIdServer.Configuration.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("AppSecret", "Application secret", 1, null, SimpleIdServer.IdServer.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] public string AppSecret { get; set; } public FacebookOptions Convert() => new FacebookOptions diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/GoogleOptionsLite.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/GoogleOptionsLite.cs index ffdb3f88c..25b1dc395 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/GoogleOptionsLite.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/GoogleOptionsLite.cs @@ -7,9 +7,9 @@ namespace SimpleIdServer.IdServer.Startup.Converters; public class GoogleOptionsLite : IDynamicAuthenticationOptions { - [SimpleIdServer.Configuration.ConfigurationRecord("ClientId", "Client identifier", 0, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientId", "Client identifier", 0, IsRequired = true)] public string ClientId { get; set; } - [SimpleIdServer.Configuration.ConfigurationRecord("ClientSecret", "Client secret", 1, null, SimpleIdServer.Configuration.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientSecret", "Client secret", 1, null, SimpleIdServer.IdServer.CustomConfigurationRecordType.PASSWORD, IsRequired = true)] public string ClientSecret { get; set; } public GoogleOptions Convert() => new GoogleOptions diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/OpenIdConnectLiteOptions.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/OpenIdConnectLiteOptions.cs index 435b02e99..efa79922d 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/OpenIdConnectLiteOptions.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Converters/OpenIdConnectLiteOptions.cs @@ -7,9 +7,9 @@ namespace SimpleIdServer.IdServer.Startup.Converters { public class OpenIdConnectLiteOptions : IDynamicAuthenticationOptions { - [SimpleIdServer.Configuration.ConfigurationRecord("ClientId", "Client Identifier", order: 0, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientId", "Client Identifier", order: 0, IsRequired = true)] public string ClientId { get; set; } - [SimpleIdServer.Configuration.ConfigurationRecord("ClientSecret", "Client Secret", order: 1, IsRequired = true)] + [SimpleIdServer.IdServer.ConfigurationRecord("ClientSecret", "Client Secret", order: 1, IsRequired = true)] public string ClientSecret { get; set; } public OpenIdConnectOptions Convert() diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/DbContextFactory.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/DbContextFactory.cs index a5f448d04..fc42858ac 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/DbContextFactory.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/DbContextFactory.cs @@ -1,10 +1,9 @@ using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore.Design; using SimpleIdServer.IdServer.Store; +using SimpleIdServer.IdServer.Store.EF; namespace SimpleIdServer.IdServer.PostgreMigrations; - -/* public class DbContextFactory : IDesignTimeDbContextFactory { public StoreDbContext CreateDbContext(string[] args) @@ -18,5 +17,4 @@ public StoreDbContext CreateDbContext(string[] args) }); return new StoreDbContext(optionsBuilder.Options); } -} -*/ \ No newline at end of file +} \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/IdServerConfiguration.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/IdServerConfiguration.cs index d594d41fb..31ed65400 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/IdServerConfiguration.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/IdServerConfiguration.cs @@ -2,15 +2,14 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. using Microsoft.AspNetCore.Authentication.Facebook; using Microsoft.AspNetCore.Authentication.Google; -using Microsoft.AspNetCore.Authentication.Negotiate; using Microsoft.IdentityModel.JsonWebTokens; using Microsoft.IdentityModel.Tokens; using SimpleIdServer.IdServer.Builders; using SimpleIdServer.IdServer.Domains; -using SimpleIdServer.IdServer.Fido.UI.ViewModels; using SimpleIdServer.IdServer.Provisioning.LDAP; using SimpleIdServer.IdServer.Provisioning.SCIM; using SimpleIdServer.IdServer.Startup.Converters; +using SimpleIdServer.OpenidFederation.Domains; using System; using System.Collections.Generic; using System.Linq; @@ -22,8 +21,7 @@ public class IdServerConfiguration { private static AuthenticationSchemeProviderDefinition Facebook = AuthenticationSchemeProviderDefinitionBuilder.Create("facebook", "Facebook", typeof(FacebookHandler), typeof(FacebookOptionsLite)).Build(); private static AuthenticationSchemeProviderDefinition Google = AuthenticationSchemeProviderDefinitionBuilder.Create("google", "Google", typeof(GoogleHandler), typeof(GoogleOptionsLite)).Build(); - private static AuthenticationSchemeProviderDefinition Negotiate = AuthenticationSchemeProviderDefinitionBuilder.Create("negotiate", "Negotiate", typeof(NegotiateHandler), typeof(NegotiateOptionsLite)).Build(); - + private static IdentityProvisioningDefinition Scim = IdentityProvisioningDefinitionBuilder.Create(SimpleIdServer.IdServer.Provisioning.SCIM.Services.SCIMProvisioningService.NAME, "SCIM") .AddUserSubjectMappingRule("$.userName") .AddUserPropertyMappingRule("$.name.familyName", nameof(User.Lastname)) @@ -60,6 +58,21 @@ public class IdServerConfiguration UpdateDateTime = DateTime.UtcNow }; + public static Scope CtWalletScope = new Scope + { + Id = Guid.NewGuid().ToString(), + Name = "ct_wallet", + Realms = new List + { + StandardRealms.Master + }, + Type = ScopeTypes.APIRESOURCE, + Protocol = ScopeProtocols.OAUTH, + IsExposedInConfigurationEdp = true, + CreateDateTime = DateTime.UtcNow, + UpdateDateTime = DateTime.UtcNow + }; + public static ICollection Scopes => new List { SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, @@ -86,12 +99,17 @@ public class IdServerConfiguration SimpleIdServer.IdServer.Constants.StandardScopes.OfflineAccessScope, SimpleIdServer.IdServer.Constants.StandardScopes.CredentialConfigurations, SimpleIdServer.IdServer.Constants.StandardScopes.CredentialInstances, - UniversityDegreeScope + SimpleIdServer.IdServer.Constants.StandardScopes.DeferredCreds, + UniversityDegreeScope, + CtWalletScope, + SimpleIdServer.IdServer.Federation.IdServerFederationConstants.StandardScopes.FederationEntities, + SimpleIdServer.IdServer.Constants.StandardScopes.WebsiteAdministratorRole }; public static ICollection Users => new List { - UserBuilder.Create("administrator", "password", "Administrator").SetFirstname("Administrator").SetEmail("adm@email.com").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").GenerateRandomTOTPKey().Build(), + SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorUser, + SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorReadonlyUser, UserBuilder.Create("user", "password", "User").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").Build() }; @@ -100,12 +118,13 @@ public class IdServerConfiguration ClientBuilder.BuildWalletClient("walletClient", "password") .SetClientName("Wallet") .Build(), - ClientBuilder.BuildCredentialIssuer("CredentialIssuer", "password", null, "https://localhost:5005/*", "http://localhost:5005/*", "https://credentialissuer.simpleidserver.com/*", "https://credentialissuer.localhost.com/*", "https://credentialissuer.sid.svc.cluster.local/*") + ClientBuilder.BuildCredentialIssuer("CredentialIssuer", "password", null, "https://6991-81-246-134-116.ngrok-free.app/signin-oidc", "https://localhost:5005/*", "http://localhost:5005/*", "https://credentialissuer.simpleidserver.com/*", "https://credentialissuer.localhost.com/*", "https://credentialissuer.sid.svc.cluster.local/*") .SetClientName("Credential issuer") .AddScope( SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, SimpleIdServer.IdServer.Constants.StandardScopes.Profile, - UniversityDegreeScope).Build(), + UniversityDegreeScope, + CtWalletScope).IsTransactionCodeRequired().Build(), ClientBuilder.BuildTraditionalWebsiteClient("CredentialIssuer-manager", "password", null, "https://localhost:5006/*", "https://credentialissuerwebsite.simpleidserver.com/*", "https://credentialissuerwebsite.localhost.com/*", "http://credentialissuerwebsite.localhost.com/*", "https://credentialissuerwebsite.sid.svc.cluster.local/*").EnableClientGrantType().SetRequestObjectEncryption().AddPostLogoutUri("https://localhost:5006/signout-callback-oidc").AddPostLogoutUri("https://credissuer-website.sid.svc.cluster.local/signout-callback-oidc") .AddPostLogoutUri("https://website.simpleidserver.com/signout-callback-oidc") .AddAuthDataTypes("photo") @@ -116,7 +135,8 @@ public class IdServerConfiguration SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, SimpleIdServer.IdServer.Constants.StandardScopes.Profile, SimpleIdServer.IdServer.Constants.StandardScopes.CredentialConfigurations, - SimpleIdServer.IdServer.Constants.StandardScopes.CredentialInstances).Build(), + SimpleIdServer.IdServer.Constants.StandardScopes.CredentialInstances, + SimpleIdServer.IdServer.Constants.StandardScopes.DeferredCreds).Build(), ClientBuilder.BuildTraditionalWebsiteClient("SIDS-manager", "password", null, "https://localhost:5002/*", "https://website.simpleidserver.com/*", "https://website.localhost.com/*", "http://website.localhost.com/*", "https://website.sid.svc.cluster.local/*").EnableClientGrantType().SetRequestObjectEncryption().AddPostLogoutUri("https://localhost:5002/signout-callback-oidc").AddPostLogoutUri("https://website.sid.svc.cluster.local/signout-callback-oidc") .AddPostLogoutUri("https://website.simpleidserver.com/signout-callback-oidc") .AddAuthDataTypes("photo") @@ -124,6 +144,7 @@ public class IdServerConfiguration .SetBackChannelLogoutUrl("https://localhost:5002/bc-logout") .SetClientLogoUri("https://cdn.logo.com/hotlink-ok/logo-social.png") .AddScope( + SimpleIdServer.IdServer.Constants.StandardScopes.Role, SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, SimpleIdServer.IdServer.Constants.StandardScopes.Profile, SimpleIdServer.IdServer.Constants.StandardScopes.Provisioning, @@ -139,7 +160,9 @@ public class IdServerConfiguration SimpleIdServer.IdServer.Constants.StandardScopes.CertificateAuthorities, SimpleIdServer.IdServer.Constants.StandardScopes.Clients, SimpleIdServer.IdServer.Constants.StandardScopes.Realms, - SimpleIdServer.IdServer.Constants.StandardScopes.Groups).Build(), + SimpleIdServer.IdServer.Constants.StandardScopes.Groups, + SimpleIdServer.IdServer.Constants.StandardScopes.WebsiteAdministratorRole, + SimpleIdServer.IdServer.Federation.IdServerFederationConstants.StandardScopes.FederationEntities).Build(), ClientBuilder.BuildTraditionalWebsiteClient("swaggerClient", "password", null, "https://localhost:5001/swagger/oauth2-redirect.html", "https://localhost:5001/(.*)/swagger/oauth2-redirect.html", "http://localhost").AddScope( SimpleIdServer.IdServer.Constants.StandardScopes.Provisioning, SimpleIdServer.IdServer.Constants.StandardScopes.Users, @@ -154,7 +177,8 @@ public class IdServerConfiguration SimpleIdServer.IdServer.Constants.StandardScopes.CertificateAuthorities, SimpleIdServer.IdServer.Constants.StandardScopes.Clients, SimpleIdServer.IdServer.Constants.StandardScopes.Realms, - SimpleIdServer.IdServer.Constants.StandardScopes.Groups).Build(), + SimpleIdServer.IdServer.Constants.StandardScopes.Groups, + SimpleIdServer.IdServer.Federation.IdServerFederationConstants.StandardScopes.FederationEntities).Build(), ClientBuilder.BuildTraditionalWebsiteClient("postman", "password", null, "http://localhost").EnableClientGrantType().AddScope( SimpleIdServer.IdServer.Constants.StandardScopes.Provisioning, SimpleIdServer.IdServer.Constants.StandardScopes.Users, @@ -169,7 +193,8 @@ public class IdServerConfiguration SimpleIdServer.IdServer.Constants.StandardScopes.CertificateAuthorities, SimpleIdServer.IdServer.Constants.StandardScopes.Clients, SimpleIdServer.IdServer.Constants.StandardScopes.Realms, - SimpleIdServer.IdServer.Constants.StandardScopes.Groups).Build(), + SimpleIdServer.IdServer.Constants.StandardScopes.Groups, + SimpleIdServer.IdServer.Federation.IdServerFederationConstants.StandardScopes.FederationEntities).Build(), WsClientBuilder.BuildWsFederationClient("urn:website").SetClientName("NAME").Build(), ClientBuilder.BuildUserAgentClient("oauth", "password", null, "https://oauth.tools/callback/code") .AddScope(SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, SimpleIdServer.IdServer.Constants.StandardScopes.Profile) @@ -200,8 +225,7 @@ public class IdServerConfiguration public static ICollection ProviderDefinitions => new List { Facebook, - Google, - Negotiate + Google }; public static ICollection Languages => new List @@ -213,9 +237,6 @@ public class IdServerConfiguration { AuthenticationSchemeProviderBuilder.Create(Facebook, "Facebook", "Facebook", "Facebook").Build(), AuthenticationSchemeProviderBuilder.Create(Google, "Google", "Google", "Google").Build(), - AuthenticationSchemeProviderBuilder.Create(Negotiate, "Negotiate", "Negotiate", "Negotiate") - .SetMappers(SimpleIdServer.IdServer.Constants.GetNegotiateIdProviderMappers()) - .Build() }; public static ICollection Realms = new List @@ -249,5 +270,17 @@ public class IdServerConfiguration { PresentationDefinitionBuilder.New("universitydegree_vp", "University Degree").AddLdpVcInputDescriptor("UniversityDegree", "UniversityDegree", "UniversityDegree").Build() }; + + public static List FederationEntities = new List + { + new FederationEntity + { + Id = Guid.NewGuid().ToString(), + IsSubordinate = false, + Realm = SimpleIdServer.IdServer.Constants.DefaultRealm, + Sub = "http://localhost:7000", + CreateDateTime = DateTime.UtcNow + } + }; } } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Program.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Program.cs index a3313e811..4f8b49df2 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Program.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Program.cs @@ -15,9 +15,12 @@ using Microsoft.Extensions.Hosting; using NeoSmart.Caching.Sqlite.AspNetCore; using SimpleIdServer.Configuration; +using SimpleIdServer.Did.Key; using SimpleIdServer.IdServer; +using SimpleIdServer.IdServer.Builders; using SimpleIdServer.IdServer.Console; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Domains.DTOs; using SimpleIdServer.IdServer.Email; using SimpleIdServer.IdServer.Fido; using SimpleIdServer.IdServer.Notification.Gotify; @@ -28,16 +31,16 @@ using SimpleIdServer.IdServer.Startup; using SimpleIdServer.IdServer.Startup.Configurations; using SimpleIdServer.IdServer.Startup.Converters; -using SimpleIdServer.IdServer.Store; +using SimpleIdServer.IdServer.Store.EF; using SimpleIdServer.IdServer.Swagger; using SimpleIdServer.IdServer.TokenTypes; +using SimpleIdServer.IdServer.UI; using SimpleIdServer.IdServer.VerifiablePresentation; using SimpleIdServer.IdServer.WsFederation; using System; using System.Collections.Generic; using System.Linq; using System.Net; -using SimpleIdServer.Did.Key; const string SQLServerCreateTableFormat = "IF NOT EXISTS (SELECT * FROM sysobjects WHERE name='DistributedCache' and xtype='U') " + "CREATE TABLE [dbo].[DistributedCache] (" + @@ -46,7 +49,7 @@ "ExpiresAtTime datetimeoffset NOT NULL, " + "SlidingExpirationInSeconds bigint NULL," + "AbsoluteExpiration datetimeoffset NULL, " + - "PRIMARY KEY (Id))"; + "PRIMARY KEY (Id))"; const string MYSQLCreateTableFormat = "CREATE TABLE IF NOT EXISTS DistributedCache (" + @@ -57,7 +60,7 @@ "`Value` longblob NOT NULL," + "PRIMARY KEY(`Id`)," + "KEY `Index_ExpiresAtTime` (`ExpiresAtTime`)" + - ")"; +")"; ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true; var builder = WebApplication.CreateBuilder(args); @@ -74,7 +77,6 @@ if (identityServerConfiguration.ClientCertificateMode != null) o.ClientCertificateMode = identityServerConfiguration.ClientCertificateMode.Value; }); }); -ConfigureCentralizedConfiguration(builder); if (identityServerConfiguration.IsForwardedEnabled) { builder.Services.Configure(options => @@ -90,6 +92,11 @@ .AddRazorRuntimeCompilation(); builder.Services.AddLocalization(); ConfigureIdServer(builder.Services); +ConfigureCentralizedConfiguration(builder); + +// Uncomment these two lines to enable seed data from JSON file. +// builder.Services.AddJsonSeeding(builder.Configuration); +// builder.Services.AddEntitySeeders(typeof(UserEntitySeeder)); var app = builder.Build(); SeedData(app, identityServerConfiguration.SCIMBaseUrl); @@ -125,7 +132,8 @@ .UseFIDO() .UseSamlIdp() .UseGotifyNotification() - .UseAutomaticConfiguration(); + .UseAutomaticConfiguration() + .UseOpenidFederation(); app.Run(); @@ -133,12 +141,12 @@ void ConfigureIdServer(IServiceCollection services) { var idServerBuilder = services.AddSIDIdentityServer(callback: cb => { - if (!string.IsNullOrWhiteSpace(identityServerConfiguration.SessionCookieNamePrefix)) + if (!string.IsNullOrWhiteSpace(identityServerConfiguration.SessionCookieNamePrefix)) cb.SessionCookieName = identityServerConfiguration.SessionCookieNamePrefix; cb.Authority = identityServerConfiguration.Authority; }, cookie: c => { - if(!string.IsNullOrWhiteSpace(identityServerConfiguration.AuthCookieNamePrefix)) + if (!string.IsNullOrWhiteSpace(identityServerConfiguration.AuthCookieNamePrefix)) c.Cookie.Name = identityServerConfiguration.AuthCookieNamePrefix; }, dataProtectionBuilderCallback: ConfigureDataProtection) .UseEFStore(o => ConfigureStorage(o)) @@ -176,6 +184,10 @@ void ConfigureIdServer(IServiceCollection services) m.AllowedCertificateTypes = CertificateTypes.All; m.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck; }); + }) + .AddOpenidFederation(o => + { + o.IsFederationEnabled = true; }); var isRealmEnabled = identityServerConfiguration.IsRealmEnabled; if (isRealmEnabled) idServerBuilder.UseRealm(); @@ -196,32 +208,14 @@ void ConfigureCentralizedConfiguration(WebApplicationBuilder builder) o.Add(); o.Add(); o.Add(); - o.Add(); + o.Add(); + o.Add(); o.Add(); o.Add(); o.Add(); + o.Add(); o.Add(); - o.UseEFConnector(b => - { - switch (conf.Type) - { - case StorageTypes.INMEMORY: - b.UseInMemoryDatabase(conf.ConnectionString); - break; - case StorageTypes.SQLSERVER: - b.UseSqlServer(conf.ConnectionString); - break; - case StorageTypes.POSTGRE: - b.UseNpgsql(conf.ConnectionString); - break; - case StorageTypes.MYSQL: - b.UseMySql(conf.ConnectionString, ServerVersion.AutoDetect(conf.ConnectionString)); - break; - case StorageTypes.SQLITE: - b.UseSqlite(conf.ConnectionString); - break; - } - }); + o.UseEFConnector(); }); } @@ -319,7 +313,7 @@ void ConfigureDataProtection(IDataProtectionBuilder dataProtectionBuilder) dataProtectionBuilder.PersistKeysToDbContext(); } -void SeedData(WebApplication application, string scimBaseUrl) +async void SeedData(WebApplication application, string scimBaseUrl) { using (var scope = app.Services.GetRequiredService().CreateScope()) { @@ -327,18 +321,12 @@ void SeedData(WebApplication application, string scimBaseUrl) { var isInMemory = dbContext.Database.IsInMemory(); if (!isInMemory) dbContext.Database.Migrate(); + + var masterRealm = dbContext.Realms.FirstOrDefault(r => r.Name == SimpleIdServer.IdServer.Constants.StandardRealms.Master.Name) ?? SimpleIdServer.IdServer.Constants.StandardRealms.Master; if (!dbContext.Realms.Any()) dbContext.Realms.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.Realms); - - if (!dbContext.Scopes.Any()) - dbContext.Scopes.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.Scopes); - - if (!dbContext.Users.Any()) - dbContext.Users.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.Users); - - if (!dbContext.Clients.Any()) - dbContext.Clients.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.Clients); - + var unsupportedScopes = MigrateScopes(dbContext, masterRealm); + MigrateClients(dbContext, unsupportedScopes); if (!dbContext.UmaPendingRequest.Any()) dbContext.UmaPendingRequest.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.PendingRequests); @@ -351,7 +339,7 @@ void SeedData(WebApplication application, string scimBaseUrl) foreach (var language in SimpleIdServer.IdServer.Startup.IdServerConfiguration.Languages) AddMissingLanguage(dbContext, language); - foreach(var providerDefinition in SimpleIdServer.IdServer.Startup.IdServerConfiguration.ProviderDefinitions) + foreach (var providerDefinition in SimpleIdServer.IdServer.Startup.IdServerConfiguration.ProviderDefinitions) { if (!dbContext.AuthenticationSchemeProviderDefinitions.Any(d => d.Name == providerDefinition.Name)) { @@ -369,6 +357,8 @@ void SeedData(WebApplication application, string scimBaseUrl) if (!dbContext.RegistrationWorkflows.Any()) dbContext.RegistrationWorkflows.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.RegistrationWorkflows); + var groups = MigrateGroups(dbContext, masterRealm); + MigrateUsers(dbContext, groups.adminGroup, groups.adminRoGroup); if (!dbContext.SerializedFileKeys.Any()) { dbContext.SerializedFileKeys.Add(KeyGenerator.GenerateRSASigningCredentials(SimpleIdServer.IdServer.Constants.StandardRealms.Master, "rsa-1")); @@ -380,14 +370,10 @@ void SeedData(WebApplication application, string scimBaseUrl) dbContext.CertificateAuthorities.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.CertificateAuthorities); if (!dbContext.PresentationDefinitions.Any()) - { - foreach(var processDefinition in SimpleIdServer.IdServer.Startup.IdServerConfiguration.PresentationDefinitions) - { - var realm = dbContext.Realms.Single(r => r.Name == processDefinition.Realm.Name); - processDefinition.Realm = realm; - dbContext.PresentationDefinitions.Add(processDefinition); - } - } + dbContext.PresentationDefinitions.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.PresentationDefinitions); + + if(!dbContext.FederationEntities.Any()) + dbContext.FederationEntities.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.FederationEntities); if (!dbContext.Acrs.Any()) { @@ -438,14 +424,20 @@ void SeedData(WebApplication application, string scimBaseUrl) AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); - AddMissingConfigurationDefinition(dbContext); + AddMissingConfigurationDefinition(dbContext); + AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); AddMissingConfigurationDefinition(dbContext); + AddMissingConfigurationDefinition(dbContext); EnableIsolationLevel(dbContext); dbContext.SaveChanges(); + + // Uncomment these two lines to enable seed data from an external resource like JSON file. + // ISeedStrategy seedingService = scope.ServiceProvider.GetService(); + // seedingService.SeedDataAsync().Wait(); } void EnableIsolationLevel(StoreDbContext dbContext) @@ -466,7 +458,7 @@ void EnableIsolationLevel(StoreDbContext dbContext) } var mysqlConnection = dbConnection as MySqlConnector.MySqlConnection; - if(mysqlConnection != null) + if (mysqlConnection != null) { if (mysqlConnection.State != System.Data.ConnectionState.Open) mysqlConnection.Open(); var cmd = mysqlConnection.CreateCommand(); @@ -479,7 +471,7 @@ void EnableIsolationLevel(StoreDbContext dbContext) void AddMissingConfigurationDefinition(StoreDbContext dbContext) { var name = typeof(T).Name; - if(!dbContext.Definitions.Any(d => d.Id == name)) + if (!dbContext.Definitions.Any(d => d.Id == name)) { dbContext.Definitions.Add(ConfigurationDefinitionExtractor.Extract()); } @@ -487,13 +479,13 @@ void AddMissingConfigurationDefinition(StoreDbContext dbContext) void AddMissingLanguage(StoreDbContext dbContext, Language language) { - if (!dbContext.Languages.Any(l => l.Code == language.Code)) + if (!dbContext.Languages.Any(l => l.Code == language.Code)) dbContext.Languages.Add(language); var keys = language.Descriptions.Select(d => d.Key); var existingTranslations = dbContext.Translations.Where(t => keys.Contains(t.Key)).ToList(); var unknownTranslations = language.Descriptions.Where(d => !existingTranslations.Any(t => t.Key == d.Key && t.Language == d.Language)); dbContext.Translations.AddRange(unknownTranslations); - foreach(var existingTranslation in existingTranslations) + foreach (var existingTranslation in existingTranslations) { var tr = language.Descriptions.SingleOrDefault(d => d.Key == existingTranslation.Key && d.Language == existingTranslation.Language); if (tr == null) continue; @@ -521,5 +513,134 @@ void AddMissingAuthenticationSchemeProviders(StoreDbContext dbContext) } } } + + List MigrateScopes(StoreDbContext dbContext, Realm masterRealm) + { + var allScopeNames = dbContext.Scopes.Select(s => s.Name); + var unsupportedScopes = SimpleIdServer.IdServer.Startup.IdServerConfiguration.Scopes.Where(s => !allScopeNames.Contains(s.Name)); + foreach (var scope in unsupportedScopes) + scope.Realms = new List + { + masterRealm + }; + dbContext.Scopes.AddRange(unsupportedScopes); + return unsupportedScopes.ToList(); + } + + void MigrateClients(StoreDbContext dbContext, List unsupportedScopes) + { + var confClientIds = SimpleIdServer.IdServer.Startup.IdServerConfiguration.Clients.Select(c => c.ClientId); + var allClientIds = dbContext.Clients.Select(s => s.ClientId); + var unknownClients = SimpleIdServer.IdServer.Startup.IdServerConfiguration.Clients.Where(c => !allClientIds.Contains(c.ClientId)); + var knownClients = dbContext.Clients + .Include(c => c.Scopes) + .Where(c => confClientIds.Contains(c.ClientId)); + foreach (var unknownClient in unknownClients) + dbContext.Clients.Add(unknownClient); + foreach (var knownClient in knownClients) + { + var cl = SimpleIdServer.IdServer.Startup.IdServerConfiguration.Clients.Single(c => c.ClientId == knownClient.ClientId); + foreach (var scope in cl.Scopes) + { + if(!knownClient.Scopes.Any(s => s.Name == scope.Name)) + { + var existingScope = dbContext.Scopes.SingleOrDefault(s => s.Name == scope.Name) ?? unsupportedScopes.Single(s => s.Name == scope.Name); + knownClient.Scopes.Add(existingScope); + } + } + } + } + + (Group adminGroup, Group adminRoGroup) MigrateGroups(StoreDbContext dbContext, Realm masterRealm) + { + var admGroup = dbContext.Groups.Include(g => g.Realms) + .Include(g => g.Roles) + .FirstOrDefault(g => g.Name == SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorGroup.Name); + var admRoGroup = dbContext.Groups.Include(g => g.Realms) + .Include(g => g.Roles) + .FirstOrDefault(g => g.Name == SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorReadonlyGroup.Name); + if (admGroup == null) + { + admGroup = SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorGroup; + admGroup.Realms = new List(); + masterRealm.Groups.Add(new GroupRealm + { + Group = admGroup + }); + } + + if (admRoGroup == null) + { + admRoGroup = SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorReadonlyGroup; + admRoGroup.Realms = new List(); + masterRealm.Groups.Add(new GroupRealm + { + Group = admRoGroup + }); + } + + var scopes = RealmRoleBuilder.BuildAdministrativeRole(masterRealm); + var allScopeNames = dbContext.Scopes.Select(s => s.Name); + var unknownScopes = scopes.Where(s => !allScopeNames.Contains(s.Name)); + dbContext.Scopes.AddRange(unknownScopes); + foreach (var scope in unknownScopes) + { + if (!admGroup.Roles.Any(r => r.Name == scope.Name)) + admGroup.Roles.Add(scope); + } + + foreach(var scope in unknownScopes.Where(s => s.Action == ComponentActions.View)) + { + if (!admRoGroup.Roles.Any(r => r.Name == scope.Name)) + admRoGroup.Roles.Add(scope); + } + + var existingAdministratorRole = dbContext.Scopes.FirstOrDefault(s => s.Name == SimpleIdServer.IdServer.Constants.StandardScopes.WebsiteAdministratorRole.Name); + if (existingAdministratorRole == null) + { + existingAdministratorRole = SimpleIdServer.IdServer.Constants.StandardScopes.WebsiteAdministratorRole; + existingAdministratorRole.Realms.Clear(); + existingAdministratorRole.Realms.Add(masterRealm); + dbContext.Scopes.Add(existingAdministratorRole); + } + + if (!admGroup.Roles.Any(r => r.Name == SimpleIdServer.IdServer.Constants.StandardScopes.WebsiteAdministratorRole.Name)) + admGroup.Roles.Add(existingAdministratorRole); + + return (admGroup, admRoGroup); + } + + void MigrateUsers(StoreDbContext dbContext, Group adminGroup, Group adminRoGroup) + { + var isUserExists = dbContext.Users + .Any(c => c.Name == "user"); + var existingAdministratorUser = dbContext.Users + .Include(u => u.Groups).ThenInclude(u => u.Group) + .FirstOrDefault(u => u.Name == SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorUser.Name); + var existingAdministratorRoUser = dbContext.Users + .Include(u => u.Groups).ThenInclude(u => u.Group) + .FirstOrDefault(u => u.Name == SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorReadonlyUser.Name); + if(!isUserExists) + dbContext.Users.Add(UserBuilder.Create("user", "password", "User").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").Build()); + if (existingAdministratorRoUser == null) + dbContext.Users.Add(SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorReadonlyUser); + else if(!existingAdministratorRoUser.Groups.Any(g => g.Group.Name == SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorReadonlyGroup.Name)) + { + existingAdministratorRoUser.Groups.Add(new GroupUser + { + Group = adminRoGroup + }); + } + + if (existingAdministratorUser == null) + dbContext.Users.Add(SimpleIdServer.IdServer.Constants.StandardUsers.AdministratorUser); + else if(!existingAdministratorUser.Groups.Any(g => g.Group.Name == SimpleIdServer.IdServer.Constants.StandardGroups.AdministratorGroup.Name)) + { + existingAdministratorUser.Groups.Add(new GroupUser + { + Group = adminGroup + }); + } + } } } \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.Designer.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.Designer.cs index 85cf58286..1bdb2de9f 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.Designer.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.Designer.cs @@ -167,5 +167,14 @@ public static string title { return ResourceManager.GetString("title", resourceCulture); } } + + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } } } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.resx b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.resx index 7684eb17f..0ac144aeb 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.resx +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateConsoleResource.resx @@ -153,4 +153,7 @@ Authenticate + + User account is blocked + \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.Designer.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.Designer.cs index c3793e47f..581c26ee5 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.Designer.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.Designer.cs @@ -240,6 +240,15 @@ public static string unknown_user { } } + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à User with the same name already exists. /// diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.resx b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.resx index a397ad6ec..a249989a6 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.resx +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateEmailResource.resx @@ -177,6 +177,9 @@ The given email does not correspond to any user + + User account is blocked + User with the same name already exists diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.Designer.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.Designer.cs index 66aec3028..4d7c66b7b 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.Designer.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.Designer.cs @@ -239,5 +239,14 @@ public static string user_already_exists { return ResourceManager.GetString("user_already_exists", resourceCulture); } } + + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } } } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.resx b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.resx index a484a120c..f2554b10d 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.resx +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateMobileResource.resx @@ -177,4 +177,7 @@ User with same login already exists + + User account is blocked + \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.Designer.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.Designer.cs index f7042cd03..a9ca775af 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.Designer.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.Designer.cs @@ -221,5 +221,14 @@ public static string unknown_user { return ResourceManager.GetString("unknown_user", resourceCulture); } } + + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } } } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.resx b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.resx index 61889b61e..21044ba94 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.resx +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateOtpResource.resx @@ -171,4 +171,7 @@ The given login does not correspond to any user + + User account is blocked + \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.Designer.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.Designer.cs index 2366cf167..0b91936e3 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.Designer.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.Designer.cs @@ -203,5 +203,14 @@ public static string unknown_user { return ResourceManager.GetString("unknown_user", resourceCulture); } } + + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } } } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.resx b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.resx index 4b6c78595..2e1d091e2 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.resx +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticatePasswordResource.resx @@ -165,4 +165,7 @@ The user doesn't exist + + User account is blocked + \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.Designer.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.Designer.cs index c4b6ec5b5..b8b81d8b7 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.Designer.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.Designer.cs @@ -204,6 +204,15 @@ public static string unknown_user { } } + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à User with the same name already exists. /// diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.resx b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.resx index 99abff959..4f5d82432 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.resx +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateSmsResource.resx @@ -165,6 +165,9 @@ The given phone number does not correspond to any user + + User account is blocked + User with the same name already exists diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.Designer.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.Designer.cs index 46e95e8df..670b844c4 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.Designer.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.Designer.cs @@ -221,5 +221,14 @@ public static string user_already_exists { return ResourceManager.GetString("user_already_exists", resourceCulture); } } + + /// + /// Recherche une chaîne localisée semblable à User account is blocked. + /// + public static string user_blocked { + get { + return ResourceManager.GetString("user_blocked", resourceCulture); + } + } } } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.resx b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.resx index 2eeb5bbf7..d7bff20c8 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.resx +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/AuthenticateWebauthnResource.resx @@ -171,4 +171,7 @@ User with same login already exists + + User account is blocked + \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/ConsentsResource.Designer.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/ConsentsResource.Designer.cs index 2e29c577a..c7c8569bd 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/ConsentsResource.Designer.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/ConsentsResource.Designer.cs @@ -87,6 +87,15 @@ public static string consent_client_access { } } + /// + /// Recherche une chaîne localisée semblable à Incoming request is invalid. + /// + public static string invalid_request { + get { + return ResourceManager.GetString("invalid_request", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à Manage consents. /// diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/ConsentsResource.resx b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/ConsentsResource.resx index ef3d1db5e..f0cb593b8 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/ConsentsResource.resx +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/ConsentsResource.resx @@ -126,6 +126,9 @@ The client '{0}' is requesting access to your account + + Incoming request is invalid + Manage consents diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/LayoutResource.Designer.cs b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/LayoutResource.Designer.cs index f389ba86c..4eb306389 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/LayoutResource.Designer.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/LayoutResource.Designer.cs @@ -123,6 +123,15 @@ public static string disconnect { } } + /// + /// Recherche une chaîne localisée semblable à Disconnected. + /// + public static string Disconnected { + get { + return ResourceManager.GetString("Disconnected", resourceCulture); + } + } + /// /// Recherche une chaîne localisée semblable à English. /// @@ -185,5 +194,14 @@ public static string user_is_created { return ResourceManager.GetString("user_is_created", resourceCulture); } } + + /// + /// Recherche une chaîne localisée semblable à You are disconnected. + /// + public static string YouAreDisconnected { + get { + return ResourceManager.GetString("YouAreDisconnected", resourceCulture); + } + } } } diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/LayoutResource.resx b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/LayoutResource.resx index 60388c673..779cb485e 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/LayoutResource.resx +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Resources/LayoutResource.resx @@ -138,6 +138,9 @@ Disconnect + + Disconnected + English @@ -159,4 +162,7 @@ User is created + + You are disconnected + \ No newline at end of file diff --git a/tests/SimpleIdServer.IdServer.Tests/JsonSeeding/Seed.json b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Seed.json similarity index 100% rename from tests/SimpleIdServer.IdServer.Tests/JsonSeeding/Seed.json rename to src/Templates/templates/SimpleIdServer.IdServer.Startup/Seed.json diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/SimpleIdServer.IdServer.Startup.csproj b/src/Templates/templates/SimpleIdServer.IdServer.Startup/SimpleIdServer.IdServer.Startup.csproj index ea2ef0dcc..0f6211a66 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/SimpleIdServer.IdServer.Startup.csproj +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/SimpleIdServer.IdServer.Startup.csproj @@ -1,44 +1,47 @@  - net7.0 + net8.0 Exe - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - + + + + - - - + + + all runtime; build; native; contentfiles; analyzers diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Views/CheckSession/EndSession.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Views/CheckSession/EndSession.cshtml index 24c5bbbb6..40a1e9a18 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Views/CheckSession/EndSession.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Views/CheckSession/EndSession.cshtml @@ -9,9 +9,9 @@ Layout = "~/Views/Shared/_Layout.cshtml"; } -@if (!string.IsNullOrWhiteSpace(Model.FrontChannelLogout)) +@foreach (var frontChannelLogout in Model.FrontChannelLogouts) { - + } @if(Model.RedirectToRevokeSessionUI) diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Views/Consents/Index.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Views/Consents/Index.cshtml index 3a74eb88a..6b18fcae6 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Views/Consents/Index.cshtml +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Views/Consents/Index.cshtml @@ -40,8 +40,8 @@ } } - +
@string.Format(ConsentsResource.consent_client_access, Model.ClientName)
    @if(Model.ScopeNames != null && Model.ScopeNames.Any()) diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/Views/Home/Disconnect.cshtml b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Views/Home/Disconnect.cshtml new file mode 100644 index 000000000..1c412abf9 --- /dev/null +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/Views/Home/Disconnect.cshtml @@ -0,0 +1,17 @@ +@using Microsoft.AspNetCore.Mvc.ApiExplorer; +@using SimpleIdServer.IdServer.Startup.Resources +@model SimpleIdServer.IdServer.UI.ViewModels.DisconnectViewModel + +@{ + ViewBag.Title = LayoutResource.Disconnected; + Layout = "~/Views/Shared/_Layout.cshtml"; +} + +
    @LayoutResource.YouAreDisconnected
    + +@foreach (var frontChannelLogout in Model.FrontChannelLogoutUrls) +{ + +} + +@LayoutResource.back \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Startup/appsettings.Docker.json b/src/Templates/templates/SimpleIdServer.IdServer.Startup/appsettings.Docker.json index 78eff2c49..6dcdd9e24 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Startup/appsettings.Docker.json +++ b/src/Templates/templates/SimpleIdServer.IdServer.Startup/appsettings.Docker.json @@ -73,10 +73,13 @@ "ResetPasswordLinkExpirationInSeconds": "30", "CanResetPassword": "true" }, - "FidoOptions": { + "MobileOptions": { "U2FExpirationTimeInSeconds": "300", "IsDeveloperModeEnabled": false }, + "WebauthnOptions": { + "U2FExpirationTimeInSeconds": "300" + }, "IdServerConsoleOptions": { "Message": "The confirmation code is {0}", "OTPType": "TOTP", @@ -93,5 +96,9 @@ }, "IdServerVpOptions": { + }, + "UserLockingOptions": { + "LockTimeInSeconds": "300", + "MaxLoginAttempts": "5" } } \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Website.Startup/Program.cs b/src/Templates/templates/SimpleIdServer.IdServer.Website.Startup/Program.cs index 985a1c8fb..495a662e4 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Website.Startup/Program.cs +++ b/src/Templates/templates/SimpleIdServer.IdServer.Website.Startup/Program.cs @@ -6,18 +6,19 @@ .AddEnvironmentVariables(); builder.Services.AddRazorPages(); builder.Services.AddServerSideBlazor(); +var isRealmEnabled = bool.Parse(builder.Configuration["IsRealmEnabled"]); builder.Services.AddSIDWebsite(o => { o.IdServerBaseUrl = builder.Configuration["IdServerBaseUrl"]; o.SCIMUrl = builder.Configuration["ScimBaseUrl"]; - o.IsReamEnabled = bool.Parse(builder.Configuration["IsRealmEnabled"]); + o.IsReamEnabled = isRealmEnabled; }); bool forceHttps = false; var forceHttpsStr = builder.Configuration["forceHttps"]; if (!string.IsNullOrWhiteSpace(forceHttpsStr) && bool.TryParse(forceHttpsStr, out bool r)) forceHttps = r; -builder.Services.AddDefaultSecurity(builder.Configuration); +builder.Services.AddDefaultSecurity(builder.Configuration, isRealmEnabled); builder.Services.AddLocalization(); var app = builder.Build(); @@ -31,6 +32,7 @@ app.UseExceptionHandler("/Error"); } +app.Services.AddSIDWebsite(); app.UseStaticFiles(); app.UseRequestLocalization(e => { @@ -38,6 +40,7 @@ e.AddSupportedCultures("en"); e.AddSupportedUICultures("en"); }); +app.UseSidWebsite(); app.UseRouting(); app.UseCookiePolicy(); app.UseAuthentication(); diff --git a/src/Templates/templates/SimpleIdServer.IdServer.Website.Startup/SimpleIdServer.IdServer.Website.Startup.csproj b/src/Templates/templates/SimpleIdServer.IdServer.Website.Startup/SimpleIdServer.IdServer.Website.Startup.csproj index a767e4952..f8382b8e6 100644 --- a/src/Templates/templates/SimpleIdServer.IdServer.Website.Startup/SimpleIdServer.IdServer.Website.Startup.csproj +++ b/src/Templates/templates/SimpleIdServer.IdServer.Website.Startup/SimpleIdServer.IdServer.Website.Startup.csproj @@ -1,13 +1,13 @@ - net7.0 + net8.0 enable enable - - + + \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.Scim.Startup/Consumers/IntegrationEventConsumer.cs b/src/Templates/templates/SimpleIdServer.Scim.Startup/Consumers/IntegrationEventConsumer.cs index f322f6e3f..aedb41f0d 100644 --- a/src/Templates/templates/SimpleIdServer.Scim.Startup/Consumers/IntegrationEventConsumer.cs +++ b/src/Templates/templates/SimpleIdServer.Scim.Startup/Consumers/IntegrationEventConsumer.cs @@ -10,7 +10,8 @@ public class IntegrationEventConsumer : IConsumer, IConsumer, IConsumer, IConsumer, - IConsumer + IConsumer, + IConsumer { public Task Consume(ConsumeContext context) { @@ -42,5 +43,11 @@ public Task Consume(ConsumeContext context) Debug.WriteLine(context.Message.Id); return Task.CompletedTask; } + + public Task Consume(ConsumeContext context) + { + Debug.WriteLine(context.Message.Id); + return Task.CompletedTask; + } } } diff --git a/src/Templates/templates/SimpleIdServer.Scim.Startup/DbContextFactory.cs b/src/Templates/templates/SimpleIdServer.Scim.Startup/DbContextFactory.cs new file mode 100644 index 000000000..d35b21f87 --- /dev/null +++ b/src/Templates/templates/SimpleIdServer.Scim.Startup/DbContextFactory.cs @@ -0,0 +1,24 @@ +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.Design; +using Microsoft.Extensions.Options; +using SimpleIdServer.Scim.Persistence.EF; + +namespace SimpleIdServer.IdServer.PostgreMigrations; + +/* +public class DbContextFactory : IDesignTimeDbContextFactory +{ + public SCIMDbContext CreateDbContext(string[] args) + { + var optionsBuilder = new DbContextOptionsBuilder(); + var efOptions = Options.Create(new SCIMEFOptions()); + var connectionString = "server=localhost;port=3306;database=idserver;user=root;password=password"; + optionsBuilder.UseMySql(connectionString, ServerVersion.AutoDetect(connectionString), o => + { + o.MigrationsAssembly("SimpleIdServer.Scim.MySQLMigrations"); + o.UseQuerySplittingBehavior(QuerySplittingBehavior.SplitQuery); + }); + return new SCIMDbContext(optionsBuilder.Options, efOptions); + } +} +*/ \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.Scim.Startup/Program.cs b/src/Templates/templates/SimpleIdServer.Scim.Startup/Program.cs index 3e843dbf4..10dcc7bc1 100644 --- a/src/Templates/templates/SimpleIdServer.Scim.Startup/Program.cs +++ b/src/Templates/templates/SimpleIdServer.Scim.Startup/Program.cs @@ -1,21 +1,403 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using Microsoft.AspNetCore.Hosting; -using Microsoft.Extensions.Hosting; +using AspNetCore.Authentication.ApiKey; +using MassTransit; +using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Routing; +using Microsoft.EntityFrameworkCore; +using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Logging; +using Microsoft.Extensions.Options; +using MongoDB.Driver; +using SimpleIdServer.Scim.Domains; +using SimpleIdServer.Scim.Infrastructure; +using SimpleIdServer.Scim.Persistence.MongoDB.Extensions; +using SimpleIdServer.Scim.Persistence.MongoDB.Infrastructures; +using SimpleIdServer.Scim.Persistence.MongoDB.Models; +using SimpleIdServer.Scim.Startup.Configurations; +using SimpleIdServer.Scim.Startup.Consumers; +using SimpleIdServer.Scim.Startup.Services; +using SimpleIdServer.Scim.SwashbuckleV6; +using System; +using System.Collections.Generic; +using System.IO; +using System.Linq; +using System.Reflection; -namespace SimpleIdServer.Scim.Startup +namespace SimpleIdServer.Scim.Startup; + +public class Program { - public class Program + private const bool usePrefix = true; + + public static void Main(string[] args) + { + var builder = WebApplication.CreateBuilder(args); + builder.Configuration + .AddJsonFile("appsettings.json") + .AddJsonFile($"appsettings.{builder.Environment.EnvironmentName}.json", optional: true) + .AddEnvironmentVariables(); + ConfigureServices(builder); + var app = builder.Build(); + ConfigureApp(builder, app); + app.Run(); + } + + private static void ConfigureServices(WebApplicationBuilder builder) + { + builder.Services.AddMvc(o => + { + o.EnableEndpointRouting = false; + o.AddSCIMValueProviders(); + }).AddNewtonsoftJson(); + builder.Services.AddLogging(o => + { + o.AddFilter("Microsoft.EntityFrameworkCore.Database.Command", LogLevel.Warning); + }); + ConfigureAuthorization(builder); + ConfigureSwagger(builder); + ConfigureScim(builder); + builder.Services.Configure(opt => + { + opt.ConstraintMap.Add("realmPrefix", typeof(RealmRoutePrefixConstraint)); + }); + } + + #region Dependency injection + + private static void ConfigureAuthorization(WebApplicationBuilder builder) + { + var apiKeys = builder.Configuration.GetSection(nameof(ApiKeysConfiguration)).Get(); + builder.Services.AddSingleton(apiKeys); + builder.Services.AddAuthentication(ApiKeyDefaults.AuthenticationScheme) + .AddApiKeyInHeaderOrQueryParams(options => + { + options.Realm = "Sample Web API"; + options.KeyName = "Authorization"; + }); + builder.Services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy()); + /* + builder.Services.AddAuthorization(opts => + { + opts.AddPolicy("QueryScimResource", p => p.RequireAssertion(_ => true)); + opts.AddPolicy("AddScimResource", p => p.RequireAssertion(_ => true)); + opts.AddPolicy("DeleteScimResource", p => p.RequireAssertion(_ => true)); + opts.AddPolicy("UpdateScimResource", p => p.RequireAssertion(_ => true)); + opts.AddPolicy("BulkScimResource", p => p.RequireAssertion(_ => true)); + }); + */ + } + + private static void ConfigureSwagger(WebApplicationBuilder builder) + { + builder.Services.AddSwaggerGen(c => + { + c.SchemaFilter(); + var currentAssembly = Assembly.GetExecutingAssembly(); + var xmlDocs = currentAssembly.GetReferencedAssemblies() + .Union(new AssemblyName[] { currentAssembly.GetName() }) + .Select(a => Path.Combine(Path.GetDirectoryName(currentAssembly.Location), $"{a.Name}.xml")) + .Where(f => File.Exists(f)).ToArray(); + Array.ForEach(xmlDocs, (d) => + { + c.IncludeXmlComments(d); + }); + }); + builder.Services.AddSCIMSwagger(); + } + + private static void ConfigureScim(WebApplicationBuilder builder) + { + builder.Services.AddSIDScim(_ => + { + _.IgnoreUnsupportedCanonicalValues = false; + _.EnableRealm = bool.Parse(builder.Configuration["IsRealmEnabled"]); + }, massTransitOptions: _ => + { + _.AddConsumer(); + _.UsingInMemory((context, cfg) => + { + cfg.ConfigureEndpoints(context); + }); + }); + + var section = builder.Configuration.GetSection(nameof(StorageConfiguration)); + var conf = section.Get(); + if (conf.Type == StorageTypes.MONGODB) ConfigureMongoDbStorage(conf); + else ConfigureEFStorage(conf); + + void ConfigureEFStorage(StorageConfiguration conf) + { + builder.Services.AddScimStoreEF(options => + { + switch (conf.Type) + { + case StorageTypes.SQLSERVER: + options.UseSqlServer(conf.ConnectionString, o => + { + o.MigrationsAssembly("SimpleIdServer.Scim.SqlServerMigrations"); + o.UseQuerySplittingBehavior(QuerySplittingBehavior.SplitQuery); + }); + break; + case StorageTypes.POSTGRE: + options.UseNpgsql(conf.ConnectionString, o => + { + o.MigrationsAssembly("SimpleIdServer.Scim.PostgreMigrations"); + o.UseQuerySplittingBehavior(QuerySplittingBehavior.SplitQuery); + }); + break; + case StorageTypes.MYSQL: + options.UseMySql(conf.ConnectionString, ServerVersion.AutoDetect(conf.ConnectionString), o => + { + o.MigrationsAssembly("SimpleIdServer.Scim.MySQLMigrations"); + o.UseQuerySplittingBehavior(QuerySplittingBehavior.SplitQuery); + o.SchemaBehavior(Pomelo.EntityFrameworkCore.MySql.Infrastructure.MySqlSchemaBehavior.Ignore); + }); + break; + } + }, options => + { + options.DefaultSchema = "scim"; + }); + } + + void ConfigureMongoDbStorage(StorageConfiguration conf) + { + var basePath = Path.Combine(builder.Environment.ContentRootPath, "Schemas"); + var userSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true); + var eidUserSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EIDUserSchema.json"), SCIMResourceTypes.User); + var groupSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true); + var entrepriseUser = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EnterpriseUser.json"), SCIMResourceTypes.User); + userSchema.SchemaExtensions.Add(new SCIMSchemaExtension + { + Id = Guid.NewGuid().ToString(), + Schema = "urn:ietf:params:scim:schemas:extension:eid:2.0:User" + }); + userSchema.SchemaExtensions.Add(new SCIMSchemaExtension + { + Id = Guid.NewGuid().ToString(), + Schema = "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" + }); + var schemas = new List + { + userSchema, + groupSchema, + eidUserSchema, + entrepriseUser + }; + builder.Services.AddScimStoreMongoDB(opt => + { + opt.ConnectionString = conf.ConnectionString; + opt.Database = "scim"; + opt.CollectionMappings = "mappings"; + opt.CollectionRepresentations = "representations"; + opt.CollectionSchemas = "schemas"; + opt.SupportTransaction = false; + }, schemas, + new List + { + new SCIMAttributeMapping + { + Id = Guid.NewGuid().ToString(), + SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, + SourceResourceType = StandardSchemas.UserSchema.ResourceType, + SourceAttributeSelector = "groups", + TargetResourceType = StandardSchemas.GroupSchema.ResourceType, + TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id + }, + new SCIMAttributeMapping + { + Id = Guid.NewGuid().ToString(), + SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id, + SourceResourceType = StandardSchemas.GroupSchema.ResourceType, + SourceAttributeSelector = "members", + TargetResourceType = StandardSchemas.UserSchema.ResourceType, + TargetAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, + Mode = Mode.PROPAGATE_INHERITANCE + }, + new SCIMAttributeMapping + { + Id = Guid.NewGuid().ToString(), + SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id, + SourceResourceType = StandardSchemas.GroupSchema.ResourceType, + SourceAttributeSelector = "members", + TargetResourceType = StandardSchemas.GroupSchema.ResourceType + } + }, useVersion403: false); + } + } + + #endregion + + private static void ConfigureApp(WebApplicationBuilder builder, WebApplication app) + { + var opts = app.Services.GetRequiredService>().Value; + app.UseSwagger(); + app.UseSwaggerUI(c => + { + c.SwaggerEndpoint("/swagger/v1/swagger.json", "SCIM API V1"); + }); + InitializeDatabase(builder, app); + app.UseAuthentication(); + app.UseMvc(o => + { + o.UseScim(opts.EnableRealm); + }); + } + + #region Database migration + + private static void InitializeDatabase(WebApplicationBuilder builder, IApplicationBuilder app) + { + var section = builder.Configuration.GetSection(nameof(StorageConfiguration)); + var conf = section.Get(); + if (conf.Type == StorageTypes.MONGODB) + { + // MigrateFrom403To404MongoDB(app); + return; + } + + using (var scope = app.ApplicationServices.GetRequiredService().CreateScope()) + { + using (var context = scope.ServiceProvider.GetService()) + { + context.Database.Migrate(); + var basePath = Path.Combine(builder.Environment.ContentRootPath, "Schemas"); + var userSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true); + var eidUserSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EIDUserSchema.json"), SCIMResourceTypes.User); + var groupSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true); + var entrepriseUser = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EnterpriseUser.json"), SCIMResourceTypes.User); + userSchema.SchemaExtensions.Add(new SCIMSchemaExtension + { + Id = Guid.NewGuid().ToString(), + Schema = "urn:ietf:params:scim:schemas:extension:eid:2.0:User" + }); + userSchema.SchemaExtensions.Add(new SCIMSchemaExtension + { + Id = Guid.NewGuid().ToString(), + Schema = "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" + }); + if (!context.SCIMSchemaLst.Any()) + { + context.SCIMSchemaLst.Add(userSchema); + context.SCIMSchemaLst.Add(groupSchema); + context.SCIMSchemaLst.Add(eidUserSchema); + context.SCIMSchemaLst.Add(entrepriseUser); + } + + if (!context.SCIMAttributeMappingLst.Any()) + { + var firstAttributeMapping = new SCIMAttributeMapping + { + Id = Guid.NewGuid().ToString(), + SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, + SourceResourceType = StandardSchemas.UserSchema.ResourceType, + SourceAttributeSelector = "groups", + TargetResourceType = StandardSchemas.GroupSchema.ResourceType, + TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id + }; + var secondAttributeMapping = new SCIMAttributeMapping + { + Id = Guid.NewGuid().ToString(), + SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id, + SourceResourceType = StandardSchemas.GroupSchema.ResourceType, + SourceAttributeSelector = "members", + TargetResourceType = StandardSchemas.UserSchema.ResourceType, + TargetAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, + Mode = Mode.PROPAGATE_INHERITANCE + }; + var thirdAttributeMapping = new SCIMAttributeMapping + { + Id = Guid.NewGuid().ToString(), + SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id, + SourceResourceType = StandardSchemas.GroupSchema.ResourceType, + SourceAttributeSelector = "members", + TargetResourceType = StandardSchemas.GroupSchema.ResourceType + }; + + context.SCIMAttributeMappingLst.Add(firstAttributeMapping); + context.SCIMAttributeMappingLst.Add(secondAttributeMapping); + context.SCIMAttributeMappingLst.Add(thirdAttributeMapping); + } + + if (!context.Realms.Any()) + context.Realms.AddRange(SimpleIdServer.Scim.SCIMConstants.StandardRealms); + + context.SaveChanges(); + } + } + + // MigrateFrom403To404EF(app); + } + + private static void MigrateFrom403To404EF(IApplicationBuilder app) + { + using (var scope = app.ApplicationServices.GetRequiredService().CreateScope()) + { + using (var context = scope.ServiceProvider.GetService()) + { + // Update IsComputedField + var targetAttributeIds = context.SCIMAttributeMappingLst.Where(a => a.TargetAttributeId != null).Select(a => a.TargetAttributeId); + var allIds = context.SCIMSchemaAttribute.Where(a => targetAttributeIds.Contains(a.ParentId) && (a.FullPath.EndsWith("display") || a.FullPath.EndsWith("type"))).Select(a => a.Id).ToList(); + var filteredAttributes = context.SCIMRepresentationAttributeLst.Where(a => allIds.Contains(a.SchemaAttributeId)); + foreach (var filteredAttribute in filteredAttributes) + filteredAttribute.IsComputed = true; + context.SaveChanges(); + + // Update ComputedIndex + var groupedAttributes = context.SCIMRepresentationAttributeLst.Include(a => a.SchemaAttribute).GroupBy(a => a.RepresentationId); + foreach (var grp in groupedAttributes) + { + SCIMRepresentation.BuildHierarchicalAttributes(grp).SelectMany(a => a.ToFlat()); + } + + context.SaveChanges(); + } + } + } + + private static void MigrateFrom403To404MongoDB(IApplicationBuilder app) { - public static void Main(string[] args) + using (var scope = app.ApplicationServices.GetRequiredService().CreateScope()) { - var host = Host.CreateDefaultBuilder(args) - .ConfigureWebHostDefaults((cfg) => + using (var context = scope.ServiceProvider.GetService()) + { + // Update IsComputedField + var targetAttributeIds = context.SCIMAttributeMappingLst.AsQueryable().Where(a => a.TargetAttributeId != null).Select(a => a.TargetAttributeId).ToMongoListAsync().Result; + var schemas = context.SCIMSchemaLst.AsQueryable().ToMongoListAsync().Result; + var allIds = schemas.SelectMany(s => s.Attributes).Where(a => targetAttributeIds.Contains(a.ParentId) && (a.FullPath.EndsWith("display") || a.FullPath.EndsWith("type"))).Select(a => a.Id); + var filteredAttributes = context.SCIMRepresentationAttributeLst.AsQueryable().Where(a => allIds.Contains(a.SchemaAttributeId)).ToMongoListAsync().Result; + foreach (var filteredAttribute in filteredAttributes) + filteredAttribute.IsComputed = true; + foreach (var attr in filteredAttributes) + context.SCIMRepresentationAttributeLst.ReplaceOneAsync(s => s.Id == attr.Id, attr, new ReplaceOptions { IsUpsert = true }).Wait(); + + // Update ComputedIndex + var groupedAttributes = context.SCIMRepresentationAttributeLst.AsQueryable().GroupBy(b => b.RepresentationId); + foreach (var grp in groupedAttributes) + { + var attrs = SCIMRepresentation.BuildHierarchicalAttributes(grp).SelectMany(a => a.ToFlat()); + foreach (var attr in attrs) + context.SCIMRepresentationAttributeLst.ReplaceOneAsync(s => s.Id == attr.Id, attr, new ReplaceOptions { IsUpsert = true }).Wait(); + } + + // Update all the representations + var representations = context.SCIMRepresentationLst.AsQueryable().ToMongoListAsync().Result; + foreach (var representation in representations) { - cfg.UseStartup(); - }) - .Build(); - host.Run(); + var filter = Builders.Filter.Eq("_id", representation.Id); + var updateDefinitionBuilder = Builders.Update; + var updateDefinition = updateDefinitionBuilder.Unset("FlatAttributes"); + representation.AttributeRefs = representation.FlatAttributes.Select(a => new CustomMongoDBRef("representationAttributes", a.Id)).ToList(); + representation.FlatAttributes = null; + context.SCIMRepresentationLst.ReplaceOneAsync(s => s.Id == representation.Id, representation, new ReplaceOptions { IsUpsert = true }).Wait(); + context.SCIMRepresentationLst.UpdateOneAsync(filter, updateDefinition).Wait(); + } + } } } + + #endregion } \ No newline at end of file diff --git a/src/Templates/templates/SimpleIdServer.Scim.Startup/SimpleIdServer.Scim.Startup.csproj b/src/Templates/templates/SimpleIdServer.Scim.Startup/SimpleIdServer.Scim.Startup.csproj index f01c272c9..464d00095 100644 --- a/src/Templates/templates/SimpleIdServer.Scim.Startup/SimpleIdServer.Scim.Startup.csproj +++ b/src/Templates/templates/SimpleIdServer.Scim.Startup/SimpleIdServer.Scim.Startup.csproj @@ -1,23 +1,23 @@  - net7.0 + net8.0 Exe - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + diff --git a/src/Templates/templates/SimpleIdServer.Scim.Startup/Startup.cs b/src/Templates/templates/SimpleIdServer.Scim.Startup/Startup.cs deleted file mode 100644 index aa9824628..000000000 --- a/src/Templates/templates/SimpleIdServer.Scim.Startup/Startup.cs +++ /dev/null @@ -1,355 +0,0 @@ -// Copyright (c) SimpleIdServer. All rights reserved. -// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using AspNetCore.Authentication.ApiKey; -using MassTransit; -using Microsoft.AspNetCore.Builder; -using Microsoft.AspNetCore.Hosting; -using Microsoft.AspNetCore.Mvc; -using Microsoft.EntityFrameworkCore; -using Microsoft.Extensions.Configuration; -using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Logging; -using MongoDB.Driver; -using SimpleIdServer.Scim.Domains; -using SimpleIdServer.Scim.Persistence.MongoDB.Extensions; -using SimpleIdServer.Scim.Persistence.MongoDB.Infrastructures; -using SimpleIdServer.Scim.Persistence.MongoDB.Models; -using SimpleIdServer.Scim.Startup.Configurations; -using SimpleIdServer.Scim.Startup.Consumers; -using SimpleIdServer.Scim.Startup.Services; -using SimpleIdServer.Scim.SwashbuckleV6; -using System; -using System.Collections.Generic; -using System.IO; -using System.Linq; -using System.Reflection; - -namespace SimpleIdServer.Scim.Startup -{ - public class Startup - { - public Startup(IWebHostEnvironment env, IConfiguration configuration) - { - Env = env; - Configuration = configuration; - } - - public IWebHostEnvironment Env { get; private set; } - public IConfiguration Configuration { get; private set; } - - public void ConfigureServices(IServiceCollection services) - { - var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; - var apiKeys = Configuration.GetSection(nameof(ApiKeysConfiguration)).Get(); - services.AddMvc(o => - { - o.EnableEndpointRouting = false; - o.AddSCIMValueProviders(); - }).AddNewtonsoftJson(o => { }); - services.AddSingleton(apiKeys); - services.AddLogging(o => - { - o.AddFilter("Microsoft.EntityFrameworkCore.Database.Command", LogLevel.Warning); - }); - services.AddAuthentication(ApiKeyDefaults.AuthenticationScheme) - .AddApiKeyInHeaderOrQueryParams(options => - { - options.Realm = "Sample Web API"; - options.KeyName = "Authorization"; - }); - services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy()); - services.AddSwaggerGen(c => - { - c.SchemaFilter(); - var currentAssembly = Assembly.GetExecutingAssembly(); - var xmlDocs = currentAssembly.GetReferencedAssemblies() - .Union(new AssemblyName[] { currentAssembly.GetName() }) - .Select(a => Path.Combine(Path.GetDirectoryName(currentAssembly.Location), $"{a.Name}.xml")) - .Where(f => File.Exists(f)).ToArray(); - Array.ForEach(xmlDocs, (d) => - { - c.IncludeXmlComments(d); - }); - }); - services.AddSCIMSwagger(); - services.AddSIDScim(_ => - { - _.IgnoreUnsupportedCanonicalValues = false; - }, massTransitOptions: _ => - { - _.AddConsumer(); - _.UsingInMemory((context, cfg) => - { - cfg.ConfigureEndpoints(context); - }); - }); - ConfigureStorage(services); - } - - public void Configure(IApplicationBuilder app) - { - app.UseSwagger(); - app.UseSwaggerUI(c => - { - c.SwaggerEndpoint("/swagger/v1/swagger.json", "SCIM API V1"); - }); - InitializeDatabase(app); - app.UseAuthentication(); - app.UseMvc(); - } - - private void InitializeDatabase(IApplicationBuilder app) - { - var section = Configuration.GetSection(nameof(StorageConfiguration)); - var conf = section.Get(); - if (conf.Type == StorageTypes.MONGODB) - { - // MigrateFrom403To404MongoDB(app); - return; - } - - using (var scope = app.ApplicationServices.GetRequiredService().CreateScope()) - { - using (var context = scope.ServiceProvider.GetService()) - { - context.Database.Migrate(); - var basePath = Path.Combine(Env.ContentRootPath, "Schemas"); - var userSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true); - var eidUserSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EIDUserSchema.json"), SCIMResourceTypes.User); - var groupSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true); - var entrepriseUser = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EnterpriseUser.json"), SCIMResourceTypes.User); - userSchema.SchemaExtensions.Add(new SCIMSchemaExtension - { - Id = Guid.NewGuid().ToString(), - Schema = "urn:ietf:params:scim:schemas:extension:eid:2.0:User" - }); - userSchema.SchemaExtensions.Add(new SCIMSchemaExtension - { - Id = Guid.NewGuid().ToString(), - Schema = "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" - }); - if (!context.SCIMSchemaLst.Any()) - { - context.SCIMSchemaLst.Add(userSchema); - context.SCIMSchemaLst.Add(groupSchema); - context.SCIMSchemaLst.Add(eidUserSchema); - context.SCIMSchemaLst.Add(entrepriseUser); - } - - if (!context.SCIMAttributeMappingLst.Any()) - { - var firstAttributeMapping = new SCIMAttributeMapping - { - Id = Guid.NewGuid().ToString(), - SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, - SourceResourceType = StandardSchemas.UserSchema.ResourceType, - SourceAttributeSelector = "groups", - TargetResourceType = StandardSchemas.GroupSchema.ResourceType, - TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id - }; - var secondAttributeMapping = new SCIMAttributeMapping - { - Id = Guid.NewGuid().ToString(), - SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id, - SourceResourceType = StandardSchemas.GroupSchema.ResourceType, - SourceAttributeSelector = "members", - TargetResourceType = StandardSchemas.UserSchema.ResourceType, - TargetAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, - Mode = Mode.PROPAGATE_INHERITANCE - }; - var thirdAttributeMapping = new SCIMAttributeMapping - { - Id = Guid.NewGuid().ToString(), - SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id, - SourceResourceType = StandardSchemas.GroupSchema.ResourceType, - SourceAttributeSelector = "members", - TargetResourceType = StandardSchemas.GroupSchema.ResourceType - }; - - context.SCIMAttributeMappingLst.Add(firstAttributeMapping); - context.SCIMAttributeMappingLst.Add(secondAttributeMapping); - context.SCIMAttributeMappingLst.Add(thirdAttributeMapping); - } - - context.SaveChanges(); - } - } - - // MigrateFrom403To404EF(app); - } - - private static void MigrateFrom403To404EF(IApplicationBuilder app) - { - using (var scope = app.ApplicationServices.GetRequiredService().CreateScope()) - { - using (var context = scope.ServiceProvider.GetService()) - { - // Update IsComputedField - var targetAttributeIds = context.SCIMAttributeMappingLst.Where(a => a.TargetAttributeId != null).Select(a => a.TargetAttributeId); - var allIds = context.SCIMSchemaAttribute.Where(a => targetAttributeIds.Contains(a.ParentId) && (a.FullPath.EndsWith("display") || a.FullPath.EndsWith("type"))).Select(a => a.Id).ToList(); - var filteredAttributes = context.SCIMRepresentationAttributeLst.Where(a => allIds.Contains(a.SchemaAttributeId)); - foreach (var filteredAttribute in filteredAttributes) - filteredAttribute.IsComputed = true; - context.SaveChanges(); - - // Update ComputedIndex - var groupedAttributes = context.SCIMRepresentationAttributeLst.Include(a => a.SchemaAttribute).GroupBy(a => a.RepresentationId); - foreach(var grp in groupedAttributes) - { - SCIMRepresentation.BuildHierarchicalAttributes(grp).SelectMany(a => a.ToFlat()); - } - - context.SaveChanges(); - } - } - } - - private static async void MigrateFrom403To404MongoDB(IApplicationBuilder app) - { - using (var scope = app.ApplicationServices.GetRequiredService().CreateScope()) - { - using (var context = scope.ServiceProvider.GetService()) - { - // Update IsComputedField - var targetAttributeIds = await context.SCIMAttributeMappingLst.AsQueryable().Where(a => a.TargetAttributeId != null).Select(a => a.TargetAttributeId).ToMongoListAsync(); - var schemas = await context.SCIMSchemaLst.AsQueryable().ToMongoListAsync(); - var allIds = schemas.SelectMany(s => s.Attributes).Where(a => targetAttributeIds.Contains(a.ParentId) && (a.FullPath.EndsWith("display") || a.FullPath.EndsWith("type"))).Select(a => a.Id); - var filteredAttributes = await context.SCIMRepresentationAttributeLst.AsQueryable().Where(a => allIds.Contains(a.SchemaAttributeId)).ToMongoListAsync(); - foreach (var filteredAttribute in filteredAttributes) - filteredAttribute.IsComputed = true; - foreach (var attr in filteredAttributes) - await context.SCIMRepresentationAttributeLst.ReplaceOneAsync(s => s.Id == attr.Id, attr, new ReplaceOptions { IsUpsert = true }); - - // Update ComputedIndex - var groupedAttributes = context.SCIMRepresentationAttributeLst.AsQueryable().GroupBy(b => b.RepresentationId); - foreach (var grp in groupedAttributes) - { - var attrs = SCIMRepresentation.BuildHierarchicalAttributes(grp).SelectMany(a => a.ToFlat()); - foreach (var attr in attrs) - await context.SCIMRepresentationAttributeLst.ReplaceOneAsync(s => s.Id == attr.Id, attr, new ReplaceOptions { IsUpsert = true }); - } - - // Update all the representations - var representations = await context.SCIMRepresentationLst.AsQueryable().ToMongoListAsync(); - foreach(var representation in representations) - { - var filter = Builders.Filter.Eq("_id", representation.Id); - var updateDefinitionBuilder = Builders.Update; - var updateDefinition = updateDefinitionBuilder.Unset("FlatAttributes"); - representation.AttributeRefs = representation.FlatAttributes.Select(a => new CustomMongoDBRef("representationAttributes", a.Id)).ToList(); - representation.FlatAttributes = null; - await context.SCIMRepresentationLst.ReplaceOneAsync(s => s.Id == representation.Id, representation, new ReplaceOptions { IsUpsert = true }); - await context.SCIMRepresentationLst.UpdateOneAsync(filter, updateDefinition); } - } - } - } - - private void ConfigureStorage(IServiceCollection services) - { - var section = Configuration.GetSection(nameof(StorageConfiguration)); - var conf = section.Get(); - if (conf.Type == StorageTypes.MONGODB) ConfigureMongoDbStorage(services, conf); - else ConfigureEFStorage(services, conf); - } - - private void ConfigureMongoDbStorage(IServiceCollection services, StorageConfiguration conf) - { - var basePath = Path.Combine(Env.ContentRootPath, "Schemas"); - var userSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true); - var eidUserSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EIDUserSchema.json"), SCIMResourceTypes.User); - var groupSchema = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true); - var entrepriseUser = SimpleIdServer.Scim.SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EnterpriseUser.json"), SCIMResourceTypes.User); - userSchema.SchemaExtensions.Add(new SCIMSchemaExtension - { - Id = Guid.NewGuid().ToString(), - Schema = "urn:ietf:params:scim:schemas:extension:eid:2.0:User" - }); - userSchema.SchemaExtensions.Add(new SCIMSchemaExtension - { - Id = Guid.NewGuid().ToString(), - Schema = "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" - }); - var schemas = new List - { - userSchema, - groupSchema, - eidUserSchema, - entrepriseUser - }; - services.AddScimStoreMongoDB(opt => - { - opt.ConnectionString = conf.ConnectionString; - opt.Database = "scim"; - opt.CollectionMappings = "mappings"; - opt.CollectionRepresentations = "representations"; - opt.CollectionSchemas = "schemas"; - opt.SupportTransaction = false; - }, schemas, - new List - { - new SCIMAttributeMapping - { - Id = Guid.NewGuid().ToString(), - SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, - SourceResourceType = StandardSchemas.UserSchema.ResourceType, - SourceAttributeSelector = "groups", - TargetResourceType = StandardSchemas.GroupSchema.ResourceType, - TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id - }, - new SCIMAttributeMapping - { - Id = Guid.NewGuid().ToString(), - SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id, - SourceResourceType = StandardSchemas.GroupSchema.ResourceType, - SourceAttributeSelector = "members", - TargetResourceType = StandardSchemas.UserSchema.ResourceType, - TargetAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, - Mode = Mode.PROPAGATE_INHERITANCE - }, - new SCIMAttributeMapping - { - Id = Guid.NewGuid().ToString(), - SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id, - SourceResourceType = StandardSchemas.GroupSchema.ResourceType, - SourceAttributeSelector = "members", - TargetResourceType = StandardSchemas.GroupSchema.ResourceType - } - }, useVersion403: false); - } - - private void ConfigureEFStorage(IServiceCollection services, StorageConfiguration conf) - { - services.AddScimStoreEF(options => - { - switch (conf.Type) - { - case StorageTypes.SQLSERVER: - options.UseSqlServer(conf.ConnectionString, o => - { - o.MigrationsAssembly("SimpleIdServer.Scim.SqlServerMigrations"); - o.UseQuerySplittingBehavior(QuerySplittingBehavior.SplitQuery); - }); - break; - case StorageTypes.POSTGRE: - options.UseNpgsql(conf.ConnectionString, o => - { - o.MigrationsAssembly("SimpleIdServer.Scim.PostgreMigrations"); - o.UseQuerySplittingBehavior(QuerySplittingBehavior.SplitQuery); - }); - break; - case StorageTypes.MYSQL: - options.UseMySql(conf.ConnectionString, ServerVersion.AutoDetect(conf.ConnectionString), o => - { - o.MigrationsAssembly("SimpleIdServer.Scim.MySQLMigrations"); - o.UseQuerySplittingBehavior(QuerySplittingBehavior.SplitQuery); - o.SchemaBehavior(Pomelo.EntityFrameworkCore.MySql.Infrastructure.MySqlSchemaBehavior.Ignore); - }); - break; - } - }, options => - { - options.DefaultSchema = "scim"; - }); - } - } -} diff --git a/src/Templates/templates/SimpleIdServer.Scim.Startup/appsettings.Docker.json b/src/Templates/templates/SimpleIdServer.Scim.Startup/appsettings.Docker.json index b819f6d4d..04bf71c12 100644 --- a/src/Templates/templates/SimpleIdServer.Scim.Startup/appsettings.Docker.json +++ b/src/Templates/templates/SimpleIdServer.Scim.Startup/appsettings.Docker.json @@ -24,5 +24,6 @@ "StorageConfiguration": { "ConnectionString": "Data Source=localhost;Initial Catalog=Scim;TrustServerCertificate=True;User Id=sa;Password=a7Nyz2WWcmhqs4nq9a7Z;", "Type": "SQLSERVER" - } + }, + "IsRealmEnabled": false } diff --git a/src/Templates/templates/SimpleIdServer.Scim.Startup/appsettings.json b/src/Templates/templates/SimpleIdServer.Scim.Startup/appsettings.json index 4189c4a29..d102dfe6b 100644 --- a/src/Templates/templates/SimpleIdServer.Scim.Startup/appsettings.json +++ b/src/Templates/templates/SimpleIdServer.Scim.Startup/appsettings.json @@ -24,5 +24,6 @@ "StorageConfiguration": { "ConnectionString": "Data Source=.;Initial Catalog=SCIM;Integrated Security=True;TrustServerCertificate=True", "Type": "SQLSERVER" - } + }, + "IsRealmEnabled": false } diff --git a/src/Templates/templates/SimpleIdServer.Scim.Startup/json.json b/src/Templates/templates/SimpleIdServer.Scim.Startup/json.json deleted file mode 100644 index dda9640c8..000000000 --- a/src/Templates/templates/SimpleIdServer.Scim.Startup/json.json +++ /dev/null @@ -1,47 +0,0 @@ -[ - { - "$match": { - "$or": [ - { "Namespace": { "$in": [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:eid:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ] } }, - { "ResourceType": "User" } - ] - } - }, - { - "$project": { - "_outer": "$$ROOT", - "_id": 0 - } - }, - { - "$lookup": { - "from": "representationAttributes", - "localField": "_outer.ParentAttributeId", - "foreignField": "_id", - "as": "_inner" - } - }, - { - "$project": { - "Attribute": "$_outer", - "Parent": { "$arrayElemAt": [ "$_inner", 0 ] }, - "Children": [], - "_id": 0 - } - }, - { - "$match": { - "$and": [ - { "Attribute.SchemaAttributeId": "ef2a5a92-d2e4-41e5-8faa-51e4299e8715" }, - { - "$expr": { - "$eq": [ - { "$toLower": { "$ifNull": [ "$Attribute.ValueString", "" ] } }, - "5d17ad32-0d1c-4d20-b3e3-51493ba6e7a0" - ] - } - } - ] - } - } -] \ No newline at end of file diff --git a/tests/SimpleIdServer.Configuration.Tests/UserOptions.cs b/tests/SimpleIdServer.Configuration.Tests/UserOptions.cs index b3e383482..30114873c 100644 --- a/tests/SimpleIdServer.Configuration.Tests/UserOptions.cs +++ b/tests/SimpleIdServer.Configuration.Tests/UserOptions.cs @@ -1,5 +1,7 @@ // Copyright (c) SimpleIdServer. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using SimpleIdServer.IdServer; + namespace SimpleIdServer.Configuration.Tests; public class UserOptions diff --git a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/CredentialIssuerConfiguration.cs b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/CredentialIssuerConfiguration.cs index 92db9cce5..2e78e4470 100644 --- a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/CredentialIssuerConfiguration.cs +++ b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/CredentialIssuerConfiguration.cs @@ -61,4 +61,9 @@ public class CredentialIssuerConfiguration { CredentialBuilder.New("MasterComputerScience", FirstCredentialConfiguration.Id, "user", DateTime.UtcNow).Build() }; + + public static List DeferredCredentials = new List + { + new DeferredCredential { TransactionId = "pendingTransaction", Status = DeferredCredentialStatus.PENDING } + }; } diff --git a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/Credential.feature b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/Credential.feature index 2843845a8..0c77bdd96 100644 --- a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/Credential.feature +++ b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/Credential.feature @@ -40,8 +40,8 @@ Scenario: use the ldp_vc format and type parameters to get a credential And JSON '$.credential.@context[1]'='https://www.w3.org/2018/credentials/examples/v1' And JSON exists '$.credential.credentialSubject.id' And JSON exists '$.credential.proof.verificationMethod' - And JSON exists '$.credential.proof.proofValue' - And JSON '$.credential.proof.type'='Ed25519Signature2020' + And JSON exists '$.credential.proof.jws' + And JSON '$.credential.proof.type'='JsonWebSignature2020' And JSON '$.credential.proof.proofPurpose'='assertionMethod' Scenario: use the credential_identifier to get a credential diff --git a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/Credential.feature.cs b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/Credential.feature.cs index c098dc80e..eb119b28e 100644 --- a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/Credential.feature.cs +++ b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/Credential.feature.cs @@ -212,10 +212,10 @@ public void UseTheLdp_VcFormatAndTypeParametersToGetACredential() testRunner.And("JSON exists \'$.credential.proof.verificationMethod\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 43 - testRunner.And("JSON exists \'$.credential.proof.proofValue\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); + testRunner.And("JSON exists \'$.credential.proof.jws\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 44 - testRunner.And("JSON \'$.credential.proof.type\'=\'Ed25519Signature2020\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); + testRunner.And("JSON \'$.credential.proof.type\'=\'JsonWebSignature2020\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 45 testRunner.And("JSON \'$.credential.proof.proofPurpose\'=\'assertionMethod\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/CredentialIssuer.feature b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/CredentialIssuer.feature index 3fcd6551f..618f7074b 100644 --- a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/CredentialIssuer.feature +++ b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/CredentialIssuer.feature @@ -9,10 +9,10 @@ Scenario: Configuration is returned And HTTP header has 'Content-Type'='application/json' And JSON 'credential_issuer'='http://localhost' And JSON 'credential_endpoint'='http://localhost/credential' - And JSON '$.credentials_supported.UniversityDegree_ldp_vc.@context[0]'='https://www.w3.org/2018/credentials/v1' - And JSON '$.credentials_supported.UniversityDegree_ldp_vc.@context[1]'='https://www.w3.org/2018/credentials/examples/v1' - And JSON '$.credentials_supported.UniversityDegree_ldp_vc.type[0]'='VerifiableCredential' - And JSON '$.credentials_supported.UniversityDegree_ldp_vc.type[1]'='UniversityDegree' - And JSON '$.credentials_supported.UniversityDegree_ldp_vc.format'='ldp_vc' - And JSON '$.credentials_supported.UniversityDegree_ldp_vc.credentialSubject.given_name.display[0].name'='Given Name' - And JSON '$.credentials_supported.UniversityDegree_ldp_vc.credentialSubject.given_name.display[0].locale'='en-US' \ No newline at end of file + And JSON '$.credential_configurations_supported.UniversityDegree_ldp_vc.@context[0]'='https://www.w3.org/2018/credentials/v1' + And JSON '$.credential_configurations_supported.UniversityDegree_ldp_vc.@context[1]'='https://www.w3.org/2018/credentials/examples/v1' + And JSON '$.credential_configurations_supported.UniversityDegree_ldp_vc.types[0]'='VerifiableCredential' + And JSON '$.credential_configurations_supported.UniversityDegree_ldp_vc.types[1]'='UniversityDegree' + And JSON '$.credential_configurations_supported.UniversityDegree_ldp_vc.format'='ldp_vc' + And JSON '$.credential_configurations_supported.UniversityDegree_ldp_vc.credentialSubject.given_name.display[0].name'='Given Name' + And JSON '$.credential_configurations_supported.UniversityDegree_ldp_vc.credentialSubject.given_name.display[0].locale'='en-US' \ No newline at end of file diff --git a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/CredentialIssuer.feature.cs b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/CredentialIssuer.feature.cs index b4ed00719..640a27eed 100644 --- a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/CredentialIssuer.feature.cs +++ b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/CredentialIssuer.feature.cs @@ -117,31 +117,32 @@ public void ConfigurationIsReturned() testRunner.And("JSON \'credential_endpoint\'=\'http://localhost/credential\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 12 - testRunner.And("JSON \'$.credentials_supported.UniversityDegree_ldp_vc.@context[0]\'=\'https://www.w" + - "3.org/2018/credentials/v1\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); + testRunner.And("JSON \'$.credential_configurations_supported.UniversityDegree_ldp_vc.@context[0]\'=" + + "\'https://www.w3.org/2018/credentials/v1\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 13 - testRunner.And("JSON \'$.credentials_supported.UniversityDegree_ldp_vc.@context[1]\'=\'https://www.w" + - "3.org/2018/credentials/examples/v1\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); + testRunner.And("JSON \'$.credential_configurations_supported.UniversityDegree_ldp_vc.@context[1]\'=" + + "\'https://www.w3.org/2018/credentials/examples/v1\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 14 - testRunner.And("JSON \'$.credentials_supported.UniversityDegree_ldp_vc.type[0]\'=\'VerifiableCredent" + - "ial\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); + testRunner.And("JSON \'$.credential_configurations_supported.UniversityDegree_ldp_vc.types[0]\'=\'Ve" + + "rifiableCredential\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 15 - testRunner.And("JSON \'$.credentials_supported.UniversityDegree_ldp_vc.type[1]\'=\'UniversityDegree\'" + - "", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); + testRunner.And("JSON \'$.credential_configurations_supported.UniversityDegree_ldp_vc.types[1]\'=\'Un" + + "iversityDegree\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 16 - testRunner.And("JSON \'$.credentials_supported.UniversityDegree_ldp_vc.format\'=\'ldp_vc\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); + testRunner.And("JSON \'$.credential_configurations_supported.UniversityDegree_ldp_vc.format\'=\'ldp_" + + "vc\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 17 - testRunner.And("JSON \'$.credentials_supported.UniversityDegree_ldp_vc.credentialSubject.given_nam" + - "e.display[0].name\'=\'Given Name\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); + testRunner.And("JSON \'$.credential_configurations_supported.UniversityDegree_ldp_vc.credentialSub" + + "ject.given_name.display[0].name\'=\'Given Name\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 18 - testRunner.And("JSON \'$.credentials_supported.UniversityDegree_ldp_vc.credentialSubject.given_nam" + - "e.display[0].locale\'=\'en-US\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); + testRunner.And("JSON \'$.credential_configurations_supported.UniversityDegree_ldp_vc.credentialSub" + + "ject.given_name.display[0].locale\'=\'en-US\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } this.ScenarioCleanup(); diff --git a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/DeferredCredentialErrors.feature b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/DeferredCredentialErrors.feature new file mode 100644 index 000000000..5611f48b0 --- /dev/null +++ b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/DeferredCredentialErrors.feature @@ -0,0 +1,34 @@ +Feature: DeferredCredentialErrors + Check the errors returned by the deferred_credential endpoint + +Scenario: the parameter transaction_id is required + When execute HTTP POST JSON request 'http://localhost/deferred_credential' + | Key | Value | + + And extract JSON from body + + Then HTTP status code equals to '400' + And JSON 'error'='invalid_request' + And JSON 'error_description'='the parameter transaction_id is missing' + +Scenario: the transaction must exists + When execute HTTP POST JSON request 'http://localhost/deferred_credential' + | Key | Value | + | transaction_id | invalid | + + And extract JSON from body + + Then HTTP status code equals to '400' + And JSON 'error'='invalid_transaction_id' + And JSON 'error_description'='The Deferred Credential Request contains an invalid transaction_id' + +Scenario: the status of the transaction cannot be PENDING + When execute HTTP POST JSON request 'http://localhost/deferred_credential' + | Key | Value | + | transaction_id | pendingTransaction | + + And extract JSON from body + + Then HTTP status code equals to '400' + And JSON 'error'='issuance_pending' + And JSON 'error_description'='The Credential issuance is still pending' \ No newline at end of file diff --git a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/DeferredCredentialErrors.feature.cs b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/DeferredCredentialErrors.feature.cs new file mode 100644 index 000000000..c73f514f1 --- /dev/null +++ b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Features/DeferredCredentialErrors.feature.cs @@ -0,0 +1,228 @@ +// ------------------------------------------------------------------------------ +// +// This code was generated by SpecFlow (https://www.specflow.org/). +// SpecFlow Version:3.9.0.0 +// SpecFlow Generator Version:3.9.0.0 +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// +// ------------------------------------------------------------------------------ +#region Designer generated code +#pragma warning disable +namespace SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests.Features +{ + using TechTalk.SpecFlow; + using System; + using System.Linq; + + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public partial class DeferredCredentialErrorsFeature : object, Xunit.IClassFixture, System.IDisposable + { + + private static TechTalk.SpecFlow.ITestRunner testRunner; + + private static string[] featureTags = ((string[])(null)); + + private Xunit.Abstractions.ITestOutputHelper _testOutputHelper; + +#line 1 "DeferredCredentialErrors.feature" +#line hidden + + public DeferredCredentialErrorsFeature(DeferredCredentialErrorsFeature.FixtureData fixtureData, SimpleIdServer_CredentialIssuer_Host_Acceptance_Tests_XUnitAssemblyFixture assemblyFixture, Xunit.Abstractions.ITestOutputHelper testOutputHelper) + { + this._testOutputHelper = testOutputHelper; + this.TestInitialize(); + } + + public static void FeatureSetup() + { + testRunner = TechTalk.SpecFlow.TestRunnerManager.GetTestRunner(); + TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Features", "DeferredCredentialErrors", "\tCheck the errors returned by the deferred_credential endpoint", ProgrammingLanguage.CSharp, featureTags); + testRunner.OnFeatureStart(featureInfo); + } + + public static void FeatureTearDown() + { + testRunner.OnFeatureEnd(); + testRunner = null; + } + + public void TestInitialize() + { + } + + public void TestTearDown() + { + testRunner.OnScenarioEnd(); + } + + public void ScenarioInitialize(TechTalk.SpecFlow.ScenarioInfo scenarioInfo) + { + testRunner.OnScenarioInitialize(scenarioInfo); + testRunner.ScenarioContext.ScenarioContainer.RegisterInstanceAs(_testOutputHelper); + } + + public void ScenarioStart() + { + testRunner.OnScenarioStart(); + } + + public void ScenarioCleanup() + { + testRunner.CollectScenarioErrors(); + } + + void System.IDisposable.Dispose() + { + this.TestTearDown(); + } + + [Xunit.SkippableFactAttribute(DisplayName="the parameter transaction_id is required")] + [Xunit.TraitAttribute("FeatureTitle", "DeferredCredentialErrors")] + [Xunit.TraitAttribute("Description", "the parameter transaction_id is required")] + public void TheParameterTransaction_IdIsRequired() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("the parameter transaction_id is required", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 4 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table41 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); +#line 5 + testRunner.When("execute HTTP POST JSON request \'http://localhost/deferred_credential\'", ((string)(null)), table41, "When "); +#line hidden +#line 8 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 10 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 11 + testRunner.And("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 12 + testRunner.And("JSON \'error_description\'=\'the parameter transaction_id is missing\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="the transaction must exists")] + [Xunit.TraitAttribute("FeatureTitle", "DeferredCredentialErrors")] + [Xunit.TraitAttribute("Description", "the transaction must exists")] + public void TheTransactionMustExists() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("the transaction must exists", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 14 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table42 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table42.AddRow(new string[] { + "transaction_id", + "invalid"}); +#line 15 + testRunner.When("execute HTTP POST JSON request \'http://localhost/deferred_credential\'", ((string)(null)), table42, "When "); +#line hidden +#line 19 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 21 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 22 + testRunner.And("JSON \'error\'=\'invalid_transaction_id\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 23 + testRunner.And("JSON \'error_description\'=\'The Deferred Credential Request contains an invalid tra" + + "nsaction_id\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="the status of the transaction cannot be PENDING")] + [Xunit.TraitAttribute("FeatureTitle", "DeferredCredentialErrors")] + [Xunit.TraitAttribute("Description", "the status of the transaction cannot be PENDING")] + public void TheStatusOfTheTransactionCannotBePENDING() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("the status of the transaction cannot be PENDING", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 25 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table43 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table43.AddRow(new string[] { + "transaction_id", + "pendingTransaction"}); +#line 26 + testRunner.When("execute HTTP POST JSON request \'http://localhost/deferred_credential\'", ((string)(null)), table43, "When "); +#line hidden +#line 30 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 32 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 33 + testRunner.And("JSON \'error\'=\'issuance_pending\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 34 + testRunner.And("JSON \'error_description\'=\'The Credential issuance is still pending\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + } + this.ScenarioCleanup(); + } + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public class FixtureData : System.IDisposable + { + + public FixtureData() + { + DeferredCredentialErrorsFeature.FeatureSetup(); + } + + void System.IDisposable.Dispose() + { + DeferredCredentialErrorsFeature.FeatureTearDown(); + } + } + } +} +#pragma warning restore +#endregion diff --git a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Program.cs b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Program.cs index 9223b71c0..21a7d011b 100644 --- a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Program.cs +++ b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Program.cs @@ -20,11 +20,15 @@ b.AddPolicy("credconfs", p => p.RequireAssertion(_ => true)); b.AddPolicy("credinstances", p => p.RequireAssertion(_ => true)); }); -builder.Services.AddCredentialIssuer() +builder.Services.AddCredentialIssuer(o => +{ + o.GenerateRandomDidKey(); +}) .UseInMemoryStore(o => { o.AddCredentialConfigurations(CredentialIssuerConfiguration.CredentialConfigurations); o.AddCredentials(CredentialIssuerConfiguration.Credentials); + o.AddDeferredCredentials(CredentialIssuerConfiguration.DeferredCredentials); }); builder.Services.AddDidKey(); builder.Services.RemoveAll(); diff --git a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests.csproj b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests.csproj index ae8b4af2c..e6bbedff9 100644 --- a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests.csproj +++ b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests.csproj @@ -40,6 +40,10 @@ $(UsingMicrosoftNETSdk) %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + + $(UsingMicrosoftNETSdk) + %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + $(UsingMicrosoftNETSdk) %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) diff --git a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Steps/DataPreparationSteps.cs b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Steps/DataPreparationSteps.cs index a5d1aad91..93d6a377a 100644 --- a/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Steps/DataPreparationSteps.cs +++ b/tests/SimpleIdServer.CredentialIssuer.Host.Acceptance.Tests/Steps/DataPreparationSteps.cs @@ -5,7 +5,6 @@ using SimpleIdServer.Did.Key; using System.Collections.Generic; using System.Linq; -using System.Threading; using System.Threading.Tasks; using TechTalk.SpecFlow; @@ -28,10 +27,9 @@ public async Task GivenBuildJwtProof(Table table) var generator = DidKeyGenerator.New(); var resolver = DidKeyResolver.New(); var securedVc = DidJsonWebTokenHandler.New(); - var did = generator.Generate(ed25519); - var didDocument = await resolver.Resolve(did, CancellationToken.None); + var exportResult = generator.SetSignatureKey(ed25519).Export(false, false); var claims = new Dictionary(); - string tokenType = null, kid = didDocument.VerificationMethod.First().Id; + string tokenType = null, kid = exportResult.Document.VerificationMethod.First().Id; foreach(var row in table.Rows) { var key = row["Key"]; diff --git a/tests/SimpleIdServer.DID.Tests/SimpleIdServer.DID.Tests.csproj b/tests/SimpleIdServer.DID.Tests/SimpleIdServer.DID.Tests.csproj index d209af09d..00d13589d 100644 --- a/tests/SimpleIdServer.DID.Tests/SimpleIdServer.DID.Tests.csproj +++ b/tests/SimpleIdServer.DID.Tests/SimpleIdServer.DID.Tests.csproj @@ -20,6 +20,7 @@ + diff --git a/tests/SimpleIdServer.Did.Ethr.Tests/DidEthrResolverFixture.cs b/tests/SimpleIdServer.Did.Ethr.Tests/DidEthrResolverFixture.cs index 62aff7fba..4bc15e2d6 100644 --- a/tests/SimpleIdServer.Did.Ethr.Tests/DidEthrResolverFixture.cs +++ b/tests/SimpleIdServer.Did.Ethr.Tests/DidEthrResolverFixture.cs @@ -26,7 +26,7 @@ public class DidEthrResolverFixture var s = ($"0x" + new string(chars)).ToUpper(); */ - [Test] + // [Test] public async Task When_Resolve_EthereumAddress_DID_With_No_Transactions_Then_DID_Document_Is_Resolved() { // ARRANGE @@ -59,7 +59,7 @@ public async Task When_Resolve_EthereumAddress_DID_With_No_Transactions_Then_DID Assert.That(didDocument.AssertionMethod.Count(), Is.EqualTo(1)); } - [Test] + // [Test] public async Task When_Resolve_PublicKey_DID_With_No_Transactions_Then_DID_Document_Is_Resolved() { // ARRANGE @@ -97,7 +97,7 @@ public async Task When_Resolve_PublicKey_DID_With_No_Transactions_Then_DID_Docum Assert.That(didDocument.AssertionMethod.Count(), Is.EqualTo(2)); } - [Test] + // [Test] public async Task When_Resolve_DID_With_Two_Services_Then_DID_Document_Is_Resolved() { var store = new NetworkConfigurationStore(); @@ -126,7 +126,7 @@ public async Task When_Resolve_DID_With_Two_Services_Then_DID_Document_Is_Resolv Assert.That(travemEmail.ServiceEndpoint, Is.EqualTo("mailto:did:ethr:0x6918893854B2Eb01B194c46c4Efe2ea1ef36B7BC@tr-email.notabene.dev")); } - [Test] + // [Test] public async Task When_Resolve_DID_With_Two_VerificationMethod_Then_DID_Document_Is_Resolved() { var store = new NetworkConfigurationStore(); diff --git a/tests/SimpleIdServer.Did.Key.Tests/DidJsonWebTokenHandlerFixture.cs b/tests/SimpleIdServer.Did.Key.Tests/DidJsonWebTokenHandlerFixture.cs new file mode 100644 index 000000000..9d01ac091 --- /dev/null +++ b/tests/SimpleIdServer.Did.Key.Tests/DidJsonWebTokenHandlerFixture.cs @@ -0,0 +1,27 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using NUnit.Framework; +using SimpleIdServer.Did.Jwt; + +namespace SimpleIdServer.Did.Key.Tests; + +public class DidJsonWebTokenHandlerFixture +{ + [Test] + public async Task When_Check_ESBI_Token_Then_Signature_Is_Correct() + { + // ARRANGE + const string did = "did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsEYvdrjxMjQ4tpnje9BDBTzuNDP3knn6qLZErzd4bJ5go2CChoPjd5GAH3zpFJP5fuwSk66U5Pq6EhF4nKnHzDnznEP8fX99nZGgwbAh1o7Gj1X52Tdhf7U4KTk66xsA5r#z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsEYvdrjxMjQ4tpnje9BDBTzuNDP3knn6qLZErzd4bJ5go2CChoPjd5GAH3zpFJP5fuwSk66U5Pq6EhF4nKnHzDnznEP8fX99nZGgwbAh1o7Gj1X52Tdhf7U4KTk66xsA5r"; + // const string did = "did:key:zBMKwGTaNkKdykiviugjbL54PiJbmdw6fwcrzSxbonKH2QsXL79EFtX3zosQWwME8UCGYsmy5eQFKCEdYY4KgHcooXZNxqL8fU7Q4x6EQPj8uPMHPp7D2om1P1FP3WZQKQzRGFt2MUxKEP6yEr9tRf46TJRhAaqA26rChMSDWwE7mATdWYbHfT3eMXVyv2Wh9xPpjzuZvdaRPS5hBfWs8tCPZo2in16Bzpru2D7d8DDMfv4"; + const string idToken = "eyJ0eXAiOiJvcGVuaWQ0dmNpLXByb29mK2p3dCIsImFsZyI6IkVTMjU2Iiwia2lkIjoiZGlkOmtleTp6MmRtekQ4MWNnUHg4VmtpN0pidXVNbUZZcldQZ1lveXR5a1VaM2V5cWh0MWo5S2JzRVl2ZHJqeE1qUTR0cG5qZTlCREJUenVORFAza25uNnFMWkVyemQ0Yko1Z28yQ0Nob1BqZDVHQUgzenBGSlA1ZnV3U2s2NlU1UHE2RWhGNG5Lbkh6RG56bkVQOGZYOTluWkdnd2JBaDFvN0dqMVg1MlRkaGY3VTRLVGs2NnhzQTVyI3oyZG16RDgxY2dQeDhWa2k3SmJ1dU1tRllyV1BnWW95dHlrVVozZXlxaHQxajlLYnNFWXZkcmp4TWpRNHRwbmplOUJEQlR6dU5EUDNrbm42cUxaRXJ6ZDRiSjVnbzJDQ2hvUGpkNUdBSDN6cEZKUDVmdXdTazY2VTVQcTZFaEY0bktuSHpEbnpuRVA4Zlg5OW5aR2d3YkFoMW83R2oxWDUyVGRoZjdVNEtUazY2eHNBNXIifQ.eyJpc3MiOiJkaWQ6a2V5OnoyZG16RDgxY2dQeDhWa2k3SmJ1dU1tRllyV1BnWW95dHlrVVozZXlxaHQxajlLYnNFWXZkcmp4TWpRNHRwbmplOUJEQlR6dU5EUDNrbm42cUxaRXJ6ZDRiSjVnbzJDQ2hvUGpkNUdBSDN6cEZKUDVmdXdTazY2VTVQcTZFaEY0bktuSHpEbnpuRVA4Zlg5OW5aR2d3YkFoMW83R2oxWDUyVGRoZjdVNEtUazY2eHNBNXIiLCJhdWQiOiJodHRwczovL215LWlzc3Vlci5yb2Nrcy9hdXRoIiwiaWF0IjoxNTg5Njk5NTYyLCJleHAiOjE1ODk2OTk5NjIsIm5vbmNlIjoiUEFQUGYzaDlsZXhUdjNXWUhaeDhhalRlIn0.Oa2Mk135r_bxTrJWFOVRwOXiQrE2Vm3bVilmBCLnQhIdAFJ30qFb4d31yCC9ZNCmgzhYGzp39wqJBt5z3jMJ0Q"; + var resolver = DidKeyResolver.New(); + var didDocument = await resolver.Resolve(did, CancellationToken.None); + + // ACT + var result = DidJsonWebTokenHandler.New().CheckJwt(idToken, didDocument, did); + + // ASSERT + Assert.True(result); + } +} diff --git a/tests/SimpleIdServer.Did.Key.Tests/DidKeyGeneratorFixture.cs b/tests/SimpleIdServer.Did.Key.Tests/DidKeyGeneratorFixture.cs index 91209e341..745019f14 100644 --- a/tests/SimpleIdServer.Did.Key.Tests/DidKeyGeneratorFixture.cs +++ b/tests/SimpleIdServer.Did.Key.Tests/DidKeyGeneratorFixture.cs @@ -15,8 +15,23 @@ public async Task When_Generate_DidKey_Then_DidDocument_Is_Correct() var resolver = DidKeyResolver.New(); // ACT - var did = generator.GenerateRandom(); - var resolved = await resolver.Resolve(did, CancellationToken.None); + var did = generator.GenerateRandomES256KKey().Export(false, false); + var resolved = await resolver.Resolve(did.Did, CancellationToken.None); + + // ASSERT + Assert.IsNotNull(resolved); + } + + [Test] + public async Task When_Generate_DidKey_Jwk_Then_DidDocument_Is_Correct() + { + // ARRANGE + var generator = DidKeyGenerator.New(); + var resolver = DidKeyResolver.New(); + + // ACT + var did = generator.GenerateRandomES256KKey().Export(false, true); + var resolved = await resolver.Resolve(did.Did, CancellationToken.None); // ASSERT Assert.IsNotNull(resolved); diff --git a/tests/SimpleIdServer.Did.Key.Tests/DidKeyResolverFixture.cs b/tests/SimpleIdServer.Did.Key.Tests/DidKeyResolverFixture.cs index c8849e2d9..68833da18 100644 --- a/tests/SimpleIdServer.Did.Key.Tests/DidKeyResolverFixture.cs +++ b/tests/SimpleIdServer.Did.Key.Tests/DidKeyResolverFixture.cs @@ -13,7 +13,10 @@ public async Task When_Resolve_DidDocument_With_DefaultOptions_Then_Verification { // ARRANGE var key = "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"; - var resolver = DidKeyResolver.New(); + var resolver = DidKeyResolver.New(new DidKeyOptions + { + PublicKeyFormat = Ed25519VerificationKey2020Standard.TYPE + }); // ACT var didDocument = await resolver.Resolve(key, CancellationToken.None); @@ -36,7 +39,10 @@ public async Task When_Resolve_DidDocument_With_JsonWebKey2020Formatter_Then_Ver { // ARRANGE var key = "did:key:z6MkiTBz1ymuepAQ4HEHYSF1H8quG5GLVVQR3djdX3mDooWp"; - var resolver = DidKeyResolver.New(new DidKeyOptions { PublicKeyFormat = JsonWebKey2020Standard.TYPE }); + var resolver = DidKeyResolver.New(new DidKeyOptions + { + PublicKeyFormat = JsonWebKey2020Standard.TYPE + }); // ACT var didDocument = await resolver.Resolve(key, CancellationToken.None); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/CustomWebApplicationFactory.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/CustomWebApplicationFactory.cs index ae044262e..351afd74e 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/CustomWebApplicationFactory.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/CustomWebApplicationFactory.cs @@ -6,16 +6,28 @@ using Microsoft.AspNetCore.TestHost; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection.Extensions; +using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Tokens; using Moq; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.IdServer.Helpers; using SimpleIdServer.IdServer.Host.Acceptance.Tests.Middlewares; +using SimpleIdServer.OpenidFederation; +using SimpleIdServer.OpenidFederation.Apis.OpenidFederation; +using SimpleIdServer.OpenidFederation.Builders; +using SimpleIdServer.OpenidFederation.Domains; +using SimpleIdServer.OpenidFederation.Stores; using System; using System.Collections.Generic; using System.IO; using System.Net; using System.Net.Http; +using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.Text; using System.Text.Json; +using System.Text.Json.Nodes; using System.Threading; using System.Threading.Tasks; using TechTalk.SpecFlow; @@ -41,8 +53,8 @@ protected override void ConfigureWebHost(IWebHostBuilder builder) options.ScenarioContext = _scenarioContext; }); s.AddSingleton(new CertificateStartupFilter(_scenarioContext)); - s.RemoveAll(); - var mo = new Mock(); + s.RemoveAll(); + var mo = new Mock(); mo.Setup(m => m.GetHttpClient()) .Returns(() => { @@ -55,7 +67,7 @@ protected override void ConfigureWebHost(IWebHostBuilder builder) var fakeHttpMessageHandler = new FakeHttpMessageHandler(_scenarioContext); return new HttpClient(fakeHttpMessageHandler); }); - s.AddSingleton(mo.Object); + s.AddSingleton(mo.Object); }); } } @@ -89,11 +101,73 @@ public Action Configure(Action next) public class FakeHttpMessageHandler : DelegatingHandler { + private RpFederationEntityBuilder _rpFederationEntityBuilder; + private AuthorityFederationEntityBuilder _authorityFederationEntityBuilder; + private RpFederationOptions _rpOpts; + private RpFederationOptions _taOpts; private readonly ScenarioContext _scenarioContext; - public FakeHttpMessageHandler(ScenarioContext scenarioContext) + public FakeHttpMessageHandler( + ScenarioContext scenarioContext) { + var firstJsonWebKey = OAuth.Host.Acceptance.Tests.IdServerConfiguration.RpSigningCredential.SerializePublicJWK(); + firstJsonWebKey.Alg = SecurityAlgorithms.RsaSha256; + firstJsonWebKey.Use = "sig"; + var secondJsonWebKey = OAuth.Host.Acceptance.Tests.IdServerConfiguration.RpJwtSigningCredential.SerializePublicJWK(); + secondJsonWebKey.Alg = SecurityAlgorithms.RsaSha256; + secondJsonWebKey.Use = "sig"; + var client = new Domains.Client + { + ClientId = "http://rp.com", + ClientRegistrationTypesSupported = new List + { + ClientRegistrationMethods.Automatic + }, + ApplicationType = "web", + RedirectionUrls = new List + { + "https://openid.sunet.se/rp/callback" + }, + RequestObjectSigningAlg = SecurityAlgorithms.RsaSha256, + Scopes = new List + { + new Scope + { + Name = "openid" + }, + new Scope + { + Name = "profile" + } + }, + ResponseTypes = new List + { + "code" + }, + GrantTypes = new List + { + "authorization_code" + }, + IsConsentDisabled = true, + TokenEndPointAuthMethod = "private_key_jwt" + }; + client.Add(OAuth.Host.Acceptance.Tests.IdServerConfiguration.RpSigningCredential.Kid, firstJsonWebKey, "sig", SecurityKeyTypes.RSA); + client.Add(OAuth.Host.Acceptance.Tests.IdServerConfiguration.RpJwtSigningCredential.Kid, secondJsonWebKey, "sig", SecurityKeyTypes.RSA); _scenarioContext = scenarioContext; + _rpOpts = new RpFederationOptions + { + Client = client, + IsFederationEnabled = false, + OrganizationName = null, + SigningCredentials = OAuth.Host.Acceptance.Tests.IdServerConfiguration.RpSigningCredential + }; + _taOpts = new RpFederationOptions + { + OrganizationName = "ta", + SigningCredentials = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "taKeyId" }, SecurityAlgorithms.RsaSha256) + }; + _rpFederationEntityBuilder = new RpFederationEntityBuilder(Microsoft.Extensions.Options.Options.Create(_rpOpts), new FakeRPFederationEntityStore()); + _authorityFederationEntityBuilder = new AuthorityFederationEntityBuilder(Microsoft.Extensions.Options.Options.Create(_taOpts), new FakeTAFederationEntityStore()); } protected override async Task SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) @@ -110,6 +184,21 @@ protected override async Task SendAsync(HttpRequestMessage }; } + if(uri == "http://rp.com/.well-known/openid-federation") + { + return await GetRPOpenidFederation(); + } + + if(uri == "http://ta.com/.well-known/openid-federation") + { + return await GetTAOpenidFederation(); + } + + if(uri == "http://ta.com/federation_fetch?iss=http://ta.com&sub=http://rp.com") + { + return await FetchRPFromTA(); + } + var redirectUrls = new List { "http://a.domain.com", @@ -122,5 +211,232 @@ protected override async Task SendAsync(HttpRequestMessage Content = new StringContent(json, Encoding.UTF8, "application/json") }; } + + private async Task GetRPOpenidFederation() + { + var result = await _rpFederationEntityBuilder.BuildSelfIssued(new OpenidFederation.Builders.BuildFederationEntityRequest + { + Credential = _rpOpts.SigningCredentials, + Issuer = "http://rp.com", + Realm = null + }, CancellationToken.None); + var handler = new JsonWebTokenHandler(); + var jws = handler.CreateToken(JsonSerializer.Serialize(result), new SigningCredentials(_rpOpts.SigningCredentials.Key, _rpOpts.SigningCredentials.Algorithm)); + return new HttpResponseMessage + { + StatusCode = HttpStatusCode.OK, + Content = new StringContent(jws, System.Text.Encoding.UTF8, OpenidFederationConstants.EntityStatementContentType) + }; + } + + private async Task GetTAOpenidFederation() + { + var result = await _authorityFederationEntityBuilder.BuildSelfIssued(new OpenidFederation.Builders.BuildFederationEntityRequest + { + Credential = _taOpts.SigningCredentials, + Issuer = "http://ta.com", + Realm = null + }, CancellationToken.None); + var handler = new JsonWebTokenHandler(); + var jws = handler.CreateToken(JsonSerializer.Serialize(result), new SigningCredentials(_taOpts.SigningCredentials.Key, _taOpts.SigningCredentials.Algorithm)); + return new HttpResponseMessage + { + StatusCode = HttpStatusCode.OK, + Content = new StringContent(jws, System.Text.Encoding.UTF8, OpenidFederationConstants.EntityStatementContentType) + }; + } + + private async Task FetchRPFromTA() + { + var result = await _rpFederationEntityBuilder.BuildSelfIssued(new OpenidFederation.Builders.BuildFederationEntityRequest + { + Credential = _rpOpts.SigningCredentials, + Issuer = "http://rp.com", + Realm = null + }, CancellationToken.None); + var openidFederation = new OpenidFederationResult + { + Iat = result.Iat, + Exp = result.Exp, + Iss = "http://ta.com", + Sub = result.Sub, + Jwks = result.Jwks + }; + var handler = new JsonWebTokenHandler(); + var jws = handler.CreateToken(JsonSerializer.Serialize(openidFederation), new SigningCredentials(_taOpts.SigningCredentials.Key, _taOpts.SigningCredentials.Algorithm)); + return new HttpResponseMessage + { + StatusCode = HttpStatusCode.OK, + Content = new StringContent(jws, System.Text.Encoding.UTF8, OpenidFederationConstants.EntityStatementContentType) + }; + } + } + + public class RpFederationOptions + { + /// + /// Enable or disable federation. + /// + public bool IsFederationEnabled { get; set; } + /// + /// Organization name. + /// + public string OrganizationName { get; set; } + /// + /// Key used to sign the response. + /// + public SigningCredentials SigningCredentials { get; set; } + /// + /// OPENID client of the relying party. + /// + public Client Client { get; set; } + } + + public class RpFederationEntityBuilder : BaseFederationEntityBuilder + { + private readonly RpFederationOptions _options; + + public RpFederationEntityBuilder(IOptions options, IFederationEntityStore federationEntityStore) : base(federationEntityStore) + { + _options = options.Value; + } + + protected override bool IsFederationEnabled => _options.IsFederationEnabled; + + protected override string OrganizationName => _options.OrganizationName; + + protected override Task EnrichSelfIssued(OpenidFederationResult federationEntity, BuildFederationEntityRequest request, CancellationToken cancellationToken) + { + if (federationEntity.Metadata.OtherParameters == null) + federationEntity.Metadata.OtherParameters = new Dictionary(); + var client = JsonObject.Parse(JsonSerializer.Serialize(_options.Client)).AsObject(); + federationEntity.Metadata.OtherParameters.Add("openid_relying_party", client); + return Task.CompletedTask; + } + } + + public class AuthorityFederationEntityBuilder : BaseFederationEntityBuilder + { + private readonly RpFederationOptions _options; + + public AuthorityFederationEntityBuilder( + IOptions options, + IFederationEntityStore federationEntityStore) : base(federationEntityStore) + { + _options = options.Value; + } + + protected override bool IsFederationEnabled => true; + + protected override string OrganizationName => _options.OrganizationName; + + protected override Task EnrichSelfIssued(OpenidFederationResult federationEntity, BuildFederationEntityRequest request, CancellationToken cancellationToken) + { + return Task.CompletedTask; + } + } + + public class FakeRPFederationEntityStore : IFederationEntityStore + { + public void Add(FederationEntity federationEntity) + { + throw new NotImplementedException(); + } + + public Task GetByUrl(string realm, string url, CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + + public Task> GetAllAuthorities(string realm, CancellationToken cancellationToken) + { + return Task.FromResult(new List + { + new FederationEntity + { + Sub = "http://ta.com", + IsSubordinate = false + } + }); + } + + public Task> GetAllSubordinates(string realm, CancellationToken cancellationToken) + { + return Task.FromResult(new List + { + }); + } + + public Task GetSubordinate(string sub, string realm, CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + + public Task> Search(string realm, SearchRequest request, CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + + public Task Get(string id, CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + + public void Remove(FederationEntity federationEntity) + { + throw new NotImplementedException(); + } + } + + public class FakeTAFederationEntityStore : IFederationEntityStore + { + public void Add(FederationEntity federationEntity) + { + throw new NotImplementedException(); + } + + public Task GetByUrl(string realm, string url, CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + + public Task> GetAllAuthorities(string realm, CancellationToken cancellationToken) + { + return Task.FromResult(new List + { + }); + } + + public Task> GetAllSubordinates(string realm, CancellationToken cancellationToken) + { + return Task.FromResult(new List + { + new FederationEntity + { + Sub = "http://rp.com", + IsSubordinate = true + } + }); + } + + public Task GetSubordinate(string sub, string realm, CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + + public Task> Search(string realm, SearchRequest request, CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + + public Task Get(string id, CancellationToken cancellationToken) + { + throw new NotImplementedException(); + } + + public void Remove(FederationEntity federationEntity) + { + throw new NotImplementedException(); + } } } diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/AutomaticRegistration.feature b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/AutomaticRegistration.feature new file mode 100644 index 000000000..0972a9a53 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/AutomaticRegistration.feature @@ -0,0 +1,88 @@ +Feature: AutomaticRegistration + Check automatic registration + +Scenario: Check access token can be returned when using automatic client registration (authorization request) + Given authenticate a user + + And build JWS request object for Relying Party + | Key | Value | + | redirect_uri | https://openid.sunet.se/rp/callback | + | response_type | code | + | scope | openid profile | + | client_id | http://rp.com | + | state | state | + + And build client assertion for Relying Party + | Key | Value | + | iss | http://rp.com | + | sub | http://rp.com | + | aud | https://localhost:8080/token | + + When execute HTTP GET request 'https://localhost:8080/authorization' + | Key | Value | + | client_id | http://rp.com | + | request | $request$ | + + And extract parameter 'code' from redirect url + And extract parameter 'state' from redirect url + + And execute HTTP POST request 'https://localhost:8080/token' + | Key | Value | + | client_id | http://rp.com | + | grant_type | authorization_code | + | code | $code$ | + | redirect_uri | https://openid.sunet.se/rp/callback | + | client_assertion_type | urn:ietf:params:oauth:client-assertion-type:jwt-bearer | + | client_assertion | $clientAssertion$ | + + And extract JSON from body + + Then HTTP status code equals to '200' + And JSON '$.token_type'='Bearer' + +Scenario: Check access token can be returned when using automatic client registration (pushed authorization request) + Given authenticate a user + + And build JWS request object for Relying Party + | Key | Value | + | redirect_uri | https://openid.sunet.se/rp/callback | + | response_type | code | + | scope | openid profile | + | client_id | http://rp.com | + | state | state | + + And build client assertion for Relying Party + | Key | Value | + | iss | http://rp.com | + | sub | http://rp.com | + | aud | https://localhost:8080/token | + + When execute HTTP POST request 'https://localhost:8080/par' + | Key | Value | + | client_id | http://rp.com | + | request | $request$ | + + And extract JSON from body + And extract parameter 'request_uri' from JSON body + + And execute HTTP GET request 'https://localhost:8080/authorization' + | Key | Value | + | client_id | http://rp.com | + | request_uri | $request_uri$ | + + And extract parameter 'code' from redirect url + And extract parameter 'state' from redirect url + + And execute HTTP POST request 'https://localhost:8080/token' + | Key | Value | + | client_id | http://rp.com | + | grant_type | authorization_code | + | code | $code$ | + | redirect_uri | https://openid.sunet.se/rp/callback | + | client_assertion_type | urn:ietf:params:oauth:client-assertion-type:jwt-bearer | + | client_assertion | $clientAssertion$ | + + And extract JSON from body + + Then HTTP status code equals to '200' + And JSON '$.token_type'='Bearer' \ No newline at end of file diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/AutomaticRegistration.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/AutomaticRegistration.feature.cs new file mode 100644 index 000000000..00a4d1525 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/AutomaticRegistration.feature.cs @@ -0,0 +1,349 @@ +// ------------------------------------------------------------------------------ +// +// This code was generated by SpecFlow (https://www.specflow.org/). +// SpecFlow Version:3.9.0.0 +// SpecFlow Generator Version:3.9.0.0 +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// +// ------------------------------------------------------------------------------ +#region Designer generated code +#pragma warning disable +namespace SimpleIdServer.IdServer.Host.Acceptance.Tests.Features.Federations +{ + using TechTalk.SpecFlow; + using System; + using System.Linq; + + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public partial class AutomaticRegistrationFeature : object, Xunit.IClassFixture, System.IDisposable + { + + private static TechTalk.SpecFlow.ITestRunner testRunner; + + private static string[] featureTags = ((string[])(null)); + + private Xunit.Abstractions.ITestOutputHelper _testOutputHelper; + +#line 1 "AutomaticRegistration.feature" +#line hidden + + public AutomaticRegistrationFeature(AutomaticRegistrationFeature.FixtureData fixtureData, SimpleIdServer_IdServer_Host_Acceptance_Tests_XUnitAssemblyFixture assemblyFixture, Xunit.Abstractions.ITestOutputHelper testOutputHelper) + { + this._testOutputHelper = testOutputHelper; + this.TestInitialize(); + } + + public static void FeatureSetup() + { + testRunner = TechTalk.SpecFlow.TestRunnerManager.GetTestRunner(); + TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Features/Federations", "AutomaticRegistration", "\tCheck automatic registration", ProgrammingLanguage.CSharp, featureTags); + testRunner.OnFeatureStart(featureInfo); + } + + public static void FeatureTearDown() + { + testRunner.OnFeatureEnd(); + testRunner = null; + } + + public void TestInitialize() + { + } + + public void TestTearDown() + { + testRunner.OnScenarioEnd(); + } + + public void ScenarioInitialize(TechTalk.SpecFlow.ScenarioInfo scenarioInfo) + { + testRunner.OnScenarioInitialize(scenarioInfo); + testRunner.ScenarioContext.ScenarioContainer.RegisterInstanceAs(_testOutputHelper); + } + + public void ScenarioStart() + { + testRunner.OnScenarioStart(); + } + + public void ScenarioCleanup() + { + testRunner.CollectScenarioErrors(); + } + + void System.IDisposable.Dispose() + { + this.TestTearDown(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Check access token can be returned when using automatic client registration (auth" + + "orization request)")] + [Xunit.TraitAttribute("FeatureTitle", "AutomaticRegistration")] + [Xunit.TraitAttribute("Description", "Check access token can be returned when using automatic client registration (auth" + + "orization request)")] + public void CheckAccessTokenCanBeReturnedWhenUsingAutomaticClientRegistrationAuthorizationRequest() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Check access token can be returned when using automatic client registration (auth" + + "orization request)", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 4 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); +#line 5 + testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); +#line hidden + TechTalk.SpecFlow.Table table153 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table153.AddRow(new string[] { + "redirect_uri", + "https://openid.sunet.se/rp/callback"}); + table153.AddRow(new string[] { + "response_type", + "code"}); + table153.AddRow(new string[] { + "scope", + "openid profile"}); + table153.AddRow(new string[] { + "client_id", + "http://rp.com"}); + table153.AddRow(new string[] { + "state", + "state"}); +#line 7 + testRunner.And("build JWS request object for Relying Party", ((string)(null)), table153, "And "); +#line hidden + TechTalk.SpecFlow.Table table154 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table154.AddRow(new string[] { + "iss", + "http://rp.com"}); + table154.AddRow(new string[] { + "sub", + "http://rp.com"}); + table154.AddRow(new string[] { + "aud", + "https://localhost:8080/token"}); +#line 15 + testRunner.And("build client assertion for Relying Party", ((string)(null)), table154, "And "); +#line hidden + TechTalk.SpecFlow.Table table155 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table155.AddRow(new string[] { + "client_id", + "http://rp.com"}); + table155.AddRow(new string[] { + "request", + "$request$"}); +#line 21 + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table155, "When "); +#line hidden +#line 26 + testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 27 + testRunner.And("extract parameter \'state\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + TechTalk.SpecFlow.Table table156 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table156.AddRow(new string[] { + "client_id", + "http://rp.com"}); + table156.AddRow(new string[] { + "grant_type", + "authorization_code"}); + table156.AddRow(new string[] { + "code", + "$code$"}); + table156.AddRow(new string[] { + "redirect_uri", + "https://openid.sunet.se/rp/callback"}); + table156.AddRow(new string[] { + "client_assertion_type", + "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"}); + table156.AddRow(new string[] { + "client_assertion", + "$clientAssertion$"}); +#line 29 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table156, "And "); +#line hidden +#line 38 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 40 + testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 41 + testRunner.And("JSON \'$.token_type\'=\'Bearer\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Check access token can be returned when using automatic client registration (push" + + "ed authorization request)")] + [Xunit.TraitAttribute("FeatureTitle", "AutomaticRegistration")] + [Xunit.TraitAttribute("Description", "Check access token can be returned when using automatic client registration (push" + + "ed authorization request)")] + public void CheckAccessTokenCanBeReturnedWhenUsingAutomaticClientRegistrationPushedAuthorizationRequest() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Check access token can be returned when using automatic client registration (push" + + "ed authorization request)", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 43 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); +#line 44 + testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); +#line hidden + TechTalk.SpecFlow.Table table157 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table157.AddRow(new string[] { + "redirect_uri", + "https://openid.sunet.se/rp/callback"}); + table157.AddRow(new string[] { + "response_type", + "code"}); + table157.AddRow(new string[] { + "scope", + "openid profile"}); + table157.AddRow(new string[] { + "client_id", + "http://rp.com"}); + table157.AddRow(new string[] { + "state", + "state"}); +#line 46 + testRunner.And("build JWS request object for Relying Party", ((string)(null)), table157, "And "); +#line hidden + TechTalk.SpecFlow.Table table158 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table158.AddRow(new string[] { + "iss", + "http://rp.com"}); + table158.AddRow(new string[] { + "sub", + "http://rp.com"}); + table158.AddRow(new string[] { + "aud", + "https://localhost:8080/token"}); +#line 54 + testRunner.And("build client assertion for Relying Party", ((string)(null)), table158, "And "); +#line hidden + TechTalk.SpecFlow.Table table159 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table159.AddRow(new string[] { + "client_id", + "http://rp.com"}); + table159.AddRow(new string[] { + "request", + "$request$"}); +#line 60 + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table159, "When "); +#line hidden +#line 65 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 66 + testRunner.And("extract parameter \'request_uri\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + TechTalk.SpecFlow.Table table160 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table160.AddRow(new string[] { + "client_id", + "http://rp.com"}); + table160.AddRow(new string[] { + "request_uri", + "$request_uri$"}); +#line 68 + testRunner.And("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table160, "And "); +#line hidden +#line 73 + testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 74 + testRunner.And("extract parameter \'state\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + TechTalk.SpecFlow.Table table161 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table161.AddRow(new string[] { + "client_id", + "http://rp.com"}); + table161.AddRow(new string[] { + "grant_type", + "authorization_code"}); + table161.AddRow(new string[] { + "code", + "$code$"}); + table161.AddRow(new string[] { + "redirect_uri", + "https://openid.sunet.se/rp/callback"}); + table161.AddRow(new string[] { + "client_assertion_type", + "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"}); + table161.AddRow(new string[] { + "client_assertion", + "$clientAssertion$"}); +#line 76 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table161, "And "); +#line hidden +#line 85 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 87 + testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 88 + testRunner.And("JSON \'$.token_type\'=\'Bearer\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + } + this.ScenarioCleanup(); + } + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public class FixtureData : System.IDisposable + { + + public FixtureData() + { + AutomaticRegistrationFeature.FeatureSetup(); + } + + void System.IDisposable.Dispose() + { + AutomaticRegistrationFeature.FeatureTearDown(); + } + } + } +} +#pragma warning restore +#endregion diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistration.feature b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistration.feature new file mode 100644 index 000000000..21fe05955 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistration.feature @@ -0,0 +1,15 @@ +Feature: ExplicitRegistration + Check explicit registration + +Scenario: Check access token can be returned when using explicit client registration + Given build entity statement for RP + + When execute HTTP POST request 'https://localhost:8080/federation_registration', content-type 'application/entity-statement+jwt', content '$entityStatement$' + + And extract payload from HTTP body + + Then HTTP header has 'Content-Type'='application/entity-statement+jwt' + And HTTP status code equals to '200' + And JWT has 'iss'='https://localhost:8080' + And JWT has 'sub'='http://rp.com' + And JWT has 'trust_anchor_id'='http://ta.com' \ No newline at end of file diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistration.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistration.feature.cs new file mode 100644 index 000000000..7a096d89b --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistration.feature.cs @@ -0,0 +1,148 @@ +// ------------------------------------------------------------------------------ +// +// This code was generated by SpecFlow (https://www.specflow.org/). +// SpecFlow Version:3.9.0.0 +// SpecFlow Generator Version:3.9.0.0 +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// +// ------------------------------------------------------------------------------ +#region Designer generated code +#pragma warning disable +namespace SimpleIdServer.IdServer.Host.Acceptance.Tests.Features.Federations +{ + using TechTalk.SpecFlow; + using System; + using System.Linq; + + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public partial class ExplicitRegistrationFeature : object, Xunit.IClassFixture, System.IDisposable + { + + private static TechTalk.SpecFlow.ITestRunner testRunner; + + private static string[] featureTags = ((string[])(null)); + + private Xunit.Abstractions.ITestOutputHelper _testOutputHelper; + +#line 1 "ExplicitRegistration.feature" +#line hidden + + public ExplicitRegistrationFeature(ExplicitRegistrationFeature.FixtureData fixtureData, SimpleIdServer_IdServer_Host_Acceptance_Tests_XUnitAssemblyFixture assemblyFixture, Xunit.Abstractions.ITestOutputHelper testOutputHelper) + { + this._testOutputHelper = testOutputHelper; + this.TestInitialize(); + } + + public static void FeatureSetup() + { + testRunner = TechTalk.SpecFlow.TestRunnerManager.GetTestRunner(); + TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Features/Federations", "ExplicitRegistration", "\tCheck explicit registration", ProgrammingLanguage.CSharp, featureTags); + testRunner.OnFeatureStart(featureInfo); + } + + public static void FeatureTearDown() + { + testRunner.OnFeatureEnd(); + testRunner = null; + } + + public void TestInitialize() + { + } + + public void TestTearDown() + { + testRunner.OnScenarioEnd(); + } + + public void ScenarioInitialize(TechTalk.SpecFlow.ScenarioInfo scenarioInfo) + { + testRunner.OnScenarioInitialize(scenarioInfo); + testRunner.ScenarioContext.ScenarioContainer.RegisterInstanceAs(_testOutputHelper); + } + + public void ScenarioStart() + { + testRunner.OnScenarioStart(); + } + + public void ScenarioCleanup() + { + testRunner.CollectScenarioErrors(); + } + + void System.IDisposable.Dispose() + { + this.TestTearDown(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Check access token can be returned when using explicit client registration")] + [Xunit.TraitAttribute("FeatureTitle", "ExplicitRegistration")] + [Xunit.TraitAttribute("Description", "Check access token can be returned when using explicit client registration")] + public void CheckAccessTokenCanBeReturnedWhenUsingExplicitClientRegistration() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Check access token can be returned when using explicit client registration", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 4 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); +#line 5 + testRunner.Given("build entity statement for RP", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); +#line hidden +#line 7 + testRunner.When("execute HTTP POST request \'https://localhost:8080/federation_registration\', conte" + + "nt-type \'application/entity-statement+jwt\', content \'$entityStatement$\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "When "); +#line hidden +#line 9 + testRunner.And("extract payload from HTTP body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 11 + testRunner.Then("HTTP header has \'Content-Type\'=\'application/entity-statement+jwt\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 12 + testRunner.And("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 13 + testRunner.And("JWT has \'iss\'=\'https://localhost:8080\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 14 + testRunner.And("JWT has \'sub\'=\'http://rp.com\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 15 + testRunner.And("JWT has \'trust_anchor_id\'=\'http://ta.com\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + } + this.ScenarioCleanup(); + } + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public class FixtureData : System.IDisposable + { + + public FixtureData() + { + ExplicitRegistrationFeature.FeatureSetup(); + } + + void System.IDisposable.Dispose() + { + ExplicitRegistrationFeature.FeatureTearDown(); + } + } + } +} +#pragma warning restore +#endregion diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistrationErrors.feature b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistrationErrors.feature new file mode 100644 index 000000000..97c7a5266 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistrationErrors.feature @@ -0,0 +1,71 @@ +Feature: ExplicitRegistrationErrors + Check the errors returned during explicit registration + +Scenario: Error is returned when wrong content-type is passed + When execute HTTP POST request 'https://localhost:8080/federation_registration', content-type 'application/json', content '{}' + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='only entity statement is supported' + +Scenario: Error is returned when invalid entity-statement is passed + When execute HTTP POST request 'https://localhost:8080/federation_registration', content-type 'application/entity-statement+jwt', content 'hello' + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='the entity statement is not correctly formatted' + +Scenario: Error is returned when there is no subject in the entity statement + Given build random entity statement + | Key | Value | + | state | state | + + When execute HTTP POST request 'https://localhost:8080/federation_registration', content-type 'application/entity-statement+jwt', content '$entityStatement$' + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='subject is required in the entity statement' + +Scenario: Error is returned when there is no trusted anchor + Given build random entity statement + | Key | Value | + | sub | sub | + + When execute HTTP POST request 'https://localhost:8080/federation_registration', content-type 'application/entity-statement+jwt', content '$entityStatement$' + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='missing_trust_anchor' + Then JSON 'error_description'='no trust anchor can be resolved' + +Scenario: Error is returned when a random entity statement is generated with a trusted anchor + Given build random entity statement + | Key | Value | + | sub | sub | + | authority_hints | ["http://ta.com"] | + + When execute HTTP POST request 'https://localhost:8080/federation_registration', content-type 'application/entity-statement+jwt', content '$entityStatement$' + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='impossible to resolve the trust chain' + +Scenario: Error is returned when the client registration type is not equal to explicit + Given build entity statement for RP with automatic registration + + When execute HTTP POST request 'https://localhost:8080/federation_registration', content-type 'application/entity-statement+jwt', content '$entityStatement$' + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='the client registration type explicit is not supported by the RP' \ No newline at end of file diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistrationErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistrationErrors.feature.cs new file mode 100644 index 000000000..559a60392 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistrationErrors.feature.cs @@ -0,0 +1,366 @@ +// ------------------------------------------------------------------------------ +// +// This code was generated by SpecFlow (https://www.specflow.org/). +// SpecFlow Version:3.9.0.0 +// SpecFlow Generator Version:3.9.0.0 +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// +// ------------------------------------------------------------------------------ +#region Designer generated code +#pragma warning disable +namespace SimpleIdServer.IdServer.Host.Acceptance.Tests.Features.Federations +{ + using TechTalk.SpecFlow; + using System; + using System.Linq; + + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public partial class ExplicitRegistrationErrorsFeature : object, Xunit.IClassFixture, System.IDisposable + { + + private static TechTalk.SpecFlow.ITestRunner testRunner; + + private static string[] featureTags = ((string[])(null)); + + private Xunit.Abstractions.ITestOutputHelper _testOutputHelper; + +#line 1 "ExplicitRegistrationErrors.feature" +#line hidden + + public ExplicitRegistrationErrorsFeature(ExplicitRegistrationErrorsFeature.FixtureData fixtureData, SimpleIdServer_IdServer_Host_Acceptance_Tests_XUnitAssemblyFixture assemblyFixture, Xunit.Abstractions.ITestOutputHelper testOutputHelper) + { + this._testOutputHelper = testOutputHelper; + this.TestInitialize(); + } + + public static void FeatureSetup() + { + testRunner = TechTalk.SpecFlow.TestRunnerManager.GetTestRunner(); + TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Features/Federations", "ExplicitRegistrationErrors", "\tCheck the errors returned during explicit registration", ProgrammingLanguage.CSharp, featureTags); + testRunner.OnFeatureStart(featureInfo); + } + + public static void FeatureTearDown() + { + testRunner.OnFeatureEnd(); + testRunner = null; + } + + public void TestInitialize() + { + } + + public void TestTearDown() + { + testRunner.OnScenarioEnd(); + } + + public void ScenarioInitialize(TechTalk.SpecFlow.ScenarioInfo scenarioInfo) + { + testRunner.OnScenarioInitialize(scenarioInfo); + testRunner.ScenarioContext.ScenarioContainer.RegisterInstanceAs(_testOutputHelper); + } + + public void ScenarioStart() + { + testRunner.OnScenarioStart(); + } + + public void ScenarioCleanup() + { + testRunner.CollectScenarioErrors(); + } + + void System.IDisposable.Dispose() + { + this.TestTearDown(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Error is returned when wrong content-type is passed")] + [Xunit.TraitAttribute("FeatureTitle", "ExplicitRegistrationErrors")] + [Xunit.TraitAttribute("Description", "Error is returned when wrong content-type is passed")] + public void ErrorIsReturnedWhenWrongContent_TypeIsPassed() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Error is returned when wrong content-type is passed", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 4 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); +#line 5 + testRunner.When("execute HTTP POST request \'https://localhost:8080/federation_registration\', conte" + + "nt-type \'application/json\', content \'{}\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "When "); +#line hidden +#line 7 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 9 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 10 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 11 + testRunner.Then("JSON \'error_description\'=\'only entity statement is supported\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Error is returned when invalid entity-statement is passed")] + [Xunit.TraitAttribute("FeatureTitle", "ExplicitRegistrationErrors")] + [Xunit.TraitAttribute("Description", "Error is returned when invalid entity-statement is passed")] + public void ErrorIsReturnedWhenInvalidEntity_StatementIsPassed() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Error is returned when invalid entity-statement is passed", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 13 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); +#line 14 + testRunner.When("execute HTTP POST request \'https://localhost:8080/federation_registration\', conte" + + "nt-type \'application/entity-statement+jwt\', content \'hello\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "When "); +#line hidden +#line 16 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 18 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 19 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 20 + testRunner.Then("JSON \'error_description\'=\'the entity statement is not correctly formatted\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Error is returned when there is no subject in the entity statement")] + [Xunit.TraitAttribute("FeatureTitle", "ExplicitRegistrationErrors")] + [Xunit.TraitAttribute("Description", "Error is returned when there is no subject in the entity statement")] + public void ErrorIsReturnedWhenThereIsNoSubjectInTheEntityStatement() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Error is returned when there is no subject in the entity statement", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 22 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table162 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table162.AddRow(new string[] { + "state", + "state"}); +#line 23 + testRunner.Given("build random entity statement", ((string)(null)), table162, "Given "); +#line hidden +#line 27 + testRunner.When("execute HTTP POST request \'https://localhost:8080/federation_registration\', conte" + + "nt-type \'application/entity-statement+jwt\', content \'$entityStatement$\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "When "); +#line hidden +#line 29 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 31 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 32 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 33 + testRunner.Then("JSON \'error_description\'=\'subject is required in the entity statement\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Error is returned when there is no trusted anchor")] + [Xunit.TraitAttribute("FeatureTitle", "ExplicitRegistrationErrors")] + [Xunit.TraitAttribute("Description", "Error is returned when there is no trusted anchor")] + public void ErrorIsReturnedWhenThereIsNoTrustedAnchor() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Error is returned when there is no trusted anchor", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 35 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table163 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table163.AddRow(new string[] { + "sub", + "sub"}); +#line 36 + testRunner.Given("build random entity statement", ((string)(null)), table163, "Given "); +#line hidden +#line 40 + testRunner.When("execute HTTP POST request \'https://localhost:8080/federation_registration\', conte" + + "nt-type \'application/entity-statement+jwt\', content \'$entityStatement$\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "When "); +#line hidden +#line 42 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 44 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 45 + testRunner.Then("JSON \'error\'=\'missing_trust_anchor\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 46 + testRunner.Then("JSON \'error_description\'=\'no trust anchor can be resolved\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Error is returned when a random entity statement is generated with a trusted anch" + + "or")] + [Xunit.TraitAttribute("FeatureTitle", "ExplicitRegistrationErrors")] + [Xunit.TraitAttribute("Description", "Error is returned when a random entity statement is generated with a trusted anch" + + "or")] + public void ErrorIsReturnedWhenARandomEntityStatementIsGeneratedWithATrustedAnchor() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Error is returned when a random entity statement is generated with a trusted anch" + + "or", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 48 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table164 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table164.AddRow(new string[] { + "sub", + "sub"}); + table164.AddRow(new string[] { + "authority_hints", + "[\"http://ta.com\"]"}); +#line 49 + testRunner.Given("build random entity statement", ((string)(null)), table164, "Given "); +#line hidden +#line 54 + testRunner.When("execute HTTP POST request \'https://localhost:8080/federation_registration\', conte" + + "nt-type \'application/entity-statement+jwt\', content \'$entityStatement$\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "When "); +#line hidden +#line 56 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 58 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 59 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 60 + testRunner.Then("JSON \'error_description\'=\'impossible to resolve the trust chain\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Error is returned when the client registration type is not equal to explicit")] + [Xunit.TraitAttribute("FeatureTitle", "ExplicitRegistrationErrors")] + [Xunit.TraitAttribute("Description", "Error is returned when the client registration type is not equal to explicit")] + public void ErrorIsReturnedWhenTheClientRegistrationTypeIsNotEqualToExplicit() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Error is returned when the client registration type is not equal to explicit", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 62 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); +#line 63 + testRunner.Given("build entity statement for RP with automatic registration", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); +#line hidden +#line 65 + testRunner.When("execute HTTP POST request \'https://localhost:8080/federation_registration\', conte" + + "nt-type \'application/entity-statement+jwt\', content \'$entityStatement$\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "When "); +#line hidden +#line 67 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 69 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 70 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 71 + testRunner.Then("JSON \'error_description\'=\'the client registration type explicit is not supported " + + "by the RP\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public class FixtureData : System.IDisposable + { + + public FixtureData() + { + ExplicitRegistrationErrorsFeature.FeatureSetup(); + } + + void System.IDisposable.Dispose() + { + ExplicitRegistrationErrorsFeature.FeatureTearDown(); + } + } + } +} +#pragma warning restore +#endregion diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetch.feature b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetch.feature new file mode 100644 index 000000000..b5edc6413 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetch.feature @@ -0,0 +1,11 @@ +Feature: FederationFetch + Check result returned by the federation_fetch endpoint + +Scenario: Get a self-signed entity statement + When execute HTTP GET request 'https://localhost:8080/federation_fetch?iss=https://localhost:8080' + | Key | Value | + + And extract payload from HTTP body + + Then JWT has 'iss'='https://localhost:8080' + And JWT has 'sub'='https://localhost:8080' \ No newline at end of file diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetch.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetch.feature.cs new file mode 100644 index 000000000..61ebfd2f5 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetch.feature.cs @@ -0,0 +1,139 @@ +// ------------------------------------------------------------------------------ +// +// This code was generated by SpecFlow (https://www.specflow.org/). +// SpecFlow Version:3.9.0.0 +// SpecFlow Generator Version:3.9.0.0 +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// +// ------------------------------------------------------------------------------ +#region Designer generated code +#pragma warning disable +namespace SimpleIdServer.IdServer.Host.Acceptance.Tests.Features.Federations +{ + using TechTalk.SpecFlow; + using System; + using System.Linq; + + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public partial class FederationFetchFeature : object, Xunit.IClassFixture, System.IDisposable + { + + private static TechTalk.SpecFlow.ITestRunner testRunner; + + private static string[] featureTags = ((string[])(null)); + + private Xunit.Abstractions.ITestOutputHelper _testOutputHelper; + +#line 1 "FederationFetch.feature" +#line hidden + + public FederationFetchFeature(FederationFetchFeature.FixtureData fixtureData, SimpleIdServer_IdServer_Host_Acceptance_Tests_XUnitAssemblyFixture assemblyFixture, Xunit.Abstractions.ITestOutputHelper testOutputHelper) + { + this._testOutputHelper = testOutputHelper; + this.TestInitialize(); + } + + public static void FeatureSetup() + { + testRunner = TechTalk.SpecFlow.TestRunnerManager.GetTestRunner(); + TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Features/Federations", "FederationFetch", "\tCheck result returned by the federation_fetch endpoint", ProgrammingLanguage.CSharp, featureTags); + testRunner.OnFeatureStart(featureInfo); + } + + public static void FeatureTearDown() + { + testRunner.OnFeatureEnd(); + testRunner = null; + } + + public void TestInitialize() + { + } + + public void TestTearDown() + { + testRunner.OnScenarioEnd(); + } + + public void ScenarioInitialize(TechTalk.SpecFlow.ScenarioInfo scenarioInfo) + { + testRunner.OnScenarioInitialize(scenarioInfo); + testRunner.ScenarioContext.ScenarioContainer.RegisterInstanceAs(_testOutputHelper); + } + + public void ScenarioStart() + { + testRunner.OnScenarioStart(); + } + + public void ScenarioCleanup() + { + testRunner.CollectScenarioErrors(); + } + + void System.IDisposable.Dispose() + { + this.TestTearDown(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Get a self-signed entity statement")] + [Xunit.TraitAttribute("FeatureTitle", "FederationFetch")] + [Xunit.TraitAttribute("Description", "Get a self-signed entity statement")] + public void GetASelf_SignedEntityStatement() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Get a self-signed entity statement", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 4 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table165 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); +#line 5 + testRunner.When("execute HTTP GET request \'https://localhost:8080/federation_fetch?iss=https://loc" + + "alhost:8080\'", ((string)(null)), table165, "When "); +#line hidden +#line 8 + testRunner.And("extract payload from HTTP body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 10 + testRunner.Then("JWT has \'iss\'=\'https://localhost:8080\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 11 + testRunner.And("JWT has \'sub\'=\'https://localhost:8080\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + } + this.ScenarioCleanup(); + } + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public class FixtureData : System.IDisposable + { + + public FixtureData() + { + FederationFetchFeature.FeatureSetup(); + } + + void System.IDisposable.Dispose() + { + FederationFetchFeature.FeatureTearDown(); + } + } + } +} +#pragma warning restore +#endregion diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetchErrors.feature b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetchErrors.feature new file mode 100644 index 000000000..59d3757f1 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetchErrors.feature @@ -0,0 +1,35 @@ +Feature: FederationFetchErrors + Check errors returned by the federation_fetch endpoint + +Scenario: Parameter iss is required + When execute HTTP GET request 'https://localhost:8080/federation_fetch' + | Key | Value | + + And extract JSON from body + + Then HTTP status code equals to '400' + + And JSON '$.error'='invalid_request' + And JSON '$.error_description'='the parameter iss is missing' + +Scenario: Parameter iss must be valid + When execute HTTP GET request 'https://localhost:8080/federation_fetch?iss=invalid' + | Key | Value | + + And extract JSON from body + + Then HTTP status code equals to '400' + + And JSON '$.error'='invalid_issuer' + And JSON '$.error_description'='the issuer is invalid' + +Scenario: The entity statement must exists + When execute HTTP GET request 'https://localhost:8080/federation_fetch?iss=https://localhost:8080&sub=unknown' + | Key | Value | + + And extract JSON from body + + Then HTTP status code equals to '400' + + And JSON '$.error'='not_found' + And JSON '$.error_description'='the entity statement unknown doesn't exist' \ No newline at end of file diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetchErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetchErrors.feature.cs new file mode 100644 index 000000000..0fbf7311c --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationFetchErrors.feature.cs @@ -0,0 +1,222 @@ +// ------------------------------------------------------------------------------ +// +// This code was generated by SpecFlow (https://www.specflow.org/). +// SpecFlow Version:3.9.0.0 +// SpecFlow Generator Version:3.9.0.0 +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// +// ------------------------------------------------------------------------------ +#region Designer generated code +#pragma warning disable +namespace SimpleIdServer.IdServer.Host.Acceptance.Tests.Features.Federations +{ + using TechTalk.SpecFlow; + using System; + using System.Linq; + + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public partial class FederationFetchErrorsFeature : object, Xunit.IClassFixture, System.IDisposable + { + + private static TechTalk.SpecFlow.ITestRunner testRunner; + + private static string[] featureTags = ((string[])(null)); + + private Xunit.Abstractions.ITestOutputHelper _testOutputHelper; + +#line 1 "FederationFetchErrors.feature" +#line hidden + + public FederationFetchErrorsFeature(FederationFetchErrorsFeature.FixtureData fixtureData, SimpleIdServer_IdServer_Host_Acceptance_Tests_XUnitAssemblyFixture assemblyFixture, Xunit.Abstractions.ITestOutputHelper testOutputHelper) + { + this._testOutputHelper = testOutputHelper; + this.TestInitialize(); + } + + public static void FeatureSetup() + { + testRunner = TechTalk.SpecFlow.TestRunnerManager.GetTestRunner(); + TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Features/Federations", "FederationFetchErrors", "\tCheck errors returned by the federation_fetch endpoint", ProgrammingLanguage.CSharp, featureTags); + testRunner.OnFeatureStart(featureInfo); + } + + public static void FeatureTearDown() + { + testRunner.OnFeatureEnd(); + testRunner = null; + } + + public void TestInitialize() + { + } + + public void TestTearDown() + { + testRunner.OnScenarioEnd(); + } + + public void ScenarioInitialize(TechTalk.SpecFlow.ScenarioInfo scenarioInfo) + { + testRunner.OnScenarioInitialize(scenarioInfo); + testRunner.ScenarioContext.ScenarioContainer.RegisterInstanceAs(_testOutputHelper); + } + + public void ScenarioStart() + { + testRunner.OnScenarioStart(); + } + + public void ScenarioCleanup() + { + testRunner.CollectScenarioErrors(); + } + + void System.IDisposable.Dispose() + { + this.TestTearDown(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Parameter iss is required")] + [Xunit.TraitAttribute("FeatureTitle", "FederationFetchErrors")] + [Xunit.TraitAttribute("Description", "Parameter iss is required")] + public void ParameterIssIsRequired() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Parameter iss is required", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 4 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table166 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); +#line 5 + testRunner.When("execute HTTP GET request \'https://localhost:8080/federation_fetch\'", ((string)(null)), table166, "When "); +#line hidden +#line 8 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 10 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 12 + testRunner.And("JSON \'$.error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 13 + testRunner.And("JSON \'$.error_description\'=\'the parameter iss is missing\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Parameter iss must be valid")] + [Xunit.TraitAttribute("FeatureTitle", "FederationFetchErrors")] + [Xunit.TraitAttribute("Description", "Parameter iss must be valid")] + public void ParameterIssMustBeValid() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Parameter iss must be valid", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 15 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table167 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); +#line 16 + testRunner.When("execute HTTP GET request \'https://localhost:8080/federation_fetch?iss=invalid\'", ((string)(null)), table167, "When "); +#line hidden +#line 19 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 21 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 23 + testRunner.And("JSON \'$.error\'=\'invalid_issuer\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 24 + testRunner.And("JSON \'$.error_description\'=\'the issuer is invalid\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="The entity statement must exists")] + [Xunit.TraitAttribute("FeatureTitle", "FederationFetchErrors")] + [Xunit.TraitAttribute("Description", "The entity statement must exists")] + public void TheEntityStatementMustExists() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("The entity statement must exists", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 26 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table168 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); +#line 27 + testRunner.When("execute HTTP GET request \'https://localhost:8080/federation_fetch?iss=https://loc" + + "alhost:8080&sub=unknown\'", ((string)(null)), table168, "When "); +#line hidden +#line 30 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 32 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 34 + testRunner.And("JSON \'$.error\'=\'not_found\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 35 + testRunner.And("JSON \'$.error_description\'=\'the entity statement unknown doesn\'t exist\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + } + this.ScenarioCleanup(); + } + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public class FixtureData : System.IDisposable + { + + public FixtureData() + { + FederationFetchErrorsFeature.FeatureSetup(); + } + + void System.IDisposable.Dispose() + { + FederationFetchErrorsFeature.FeatureTearDown(); + } + } + } +} +#pragma warning restore +#endregion diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationList.feature b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationList.feature new file mode 100644 index 000000000..0d961a729 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationList.feature @@ -0,0 +1,10 @@ +Feature: FederationList + Check result returned by the federation_list endpoint + +Scenario: Get the list of federation + When execute HTTP GET request 'https://localhost:8080/federation_list' + | Key | Value | + + And extract JSON from body + + Then HTTP status code equals to '200' \ No newline at end of file diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationList.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationList.feature.cs new file mode 100644 index 000000000..aa5ae1500 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/FederationList.feature.cs @@ -0,0 +1,135 @@ +// ------------------------------------------------------------------------------ +// +// This code was generated by SpecFlow (https://www.specflow.org/). +// SpecFlow Version:3.9.0.0 +// SpecFlow Generator Version:3.9.0.0 +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// +// ------------------------------------------------------------------------------ +#region Designer generated code +#pragma warning disable +namespace SimpleIdServer.IdServer.Host.Acceptance.Tests.Features.Federations +{ + using TechTalk.SpecFlow; + using System; + using System.Linq; + + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public partial class FederationListFeature : object, Xunit.IClassFixture, System.IDisposable + { + + private static TechTalk.SpecFlow.ITestRunner testRunner; + + private static string[] featureTags = ((string[])(null)); + + private Xunit.Abstractions.ITestOutputHelper _testOutputHelper; + +#line 1 "FederationList.feature" +#line hidden + + public FederationListFeature(FederationListFeature.FixtureData fixtureData, SimpleIdServer_IdServer_Host_Acceptance_Tests_XUnitAssemblyFixture assemblyFixture, Xunit.Abstractions.ITestOutputHelper testOutputHelper) + { + this._testOutputHelper = testOutputHelper; + this.TestInitialize(); + } + + public static void FeatureSetup() + { + testRunner = TechTalk.SpecFlow.TestRunnerManager.GetTestRunner(); + TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Features/Federations", "FederationList", "\tCheck result returned by the federation_list endpoint", ProgrammingLanguage.CSharp, featureTags); + testRunner.OnFeatureStart(featureInfo); + } + + public static void FeatureTearDown() + { + testRunner.OnFeatureEnd(); + testRunner = null; + } + + public void TestInitialize() + { + } + + public void TestTearDown() + { + testRunner.OnScenarioEnd(); + } + + public void ScenarioInitialize(TechTalk.SpecFlow.ScenarioInfo scenarioInfo) + { + testRunner.OnScenarioInitialize(scenarioInfo); + testRunner.ScenarioContext.ScenarioContainer.RegisterInstanceAs(_testOutputHelper); + } + + public void ScenarioStart() + { + testRunner.OnScenarioStart(); + } + + public void ScenarioCleanup() + { + testRunner.CollectScenarioErrors(); + } + + void System.IDisposable.Dispose() + { + this.TestTearDown(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Get the list of federation")] + [Xunit.TraitAttribute("FeatureTitle", "FederationList")] + [Xunit.TraitAttribute("Description", "Get the list of federation")] + public void GetTheListOfFederation() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Get the list of federation", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 4 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table169 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); +#line 5 + testRunner.When("execute HTTP GET request \'https://localhost:8080/federation_list\'", ((string)(null)), table169, "When "); +#line hidden +#line 8 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 10 + testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public class FixtureData : System.IDisposable + { + + public FixtureData() + { + FederationListFeature.FeatureSetup(); + } + + void System.IDisposable.Dispose() + { + FederationListFeature.FeatureTearDown(); + } + } + } +} +#pragma warning restore +#endregion diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/OpenidFederation.feature b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/OpenidFederation.feature new file mode 100644 index 000000000..27d3278a0 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/OpenidFederation.feature @@ -0,0 +1,13 @@ +Feature: OpenidFederation + Check result returned by the .well-known/openid-federation endpoint + +Scenario: Get the openid-federation + When execute HTTP GET request 'https://localhost:8080/.well-known/openid-federation' + | Key | Value | + + And extract payload from HTTP body + + Then HTTP header has 'Content-Type'='application/entity-statement+jwt' + + Then JWT has 'iss'='https://localhost:8080' + And JWT has 'sub'='https://localhost:8080' \ No newline at end of file diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/OpenidFederation.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/OpenidFederation.feature.cs new file mode 100644 index 000000000..95269e988 --- /dev/null +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/OpenidFederation.feature.cs @@ -0,0 +1,141 @@ +// ------------------------------------------------------------------------------ +// +// This code was generated by SpecFlow (https://www.specflow.org/). +// SpecFlow Version:3.9.0.0 +// SpecFlow Generator Version:3.9.0.0 +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// +// ------------------------------------------------------------------------------ +#region Designer generated code +#pragma warning disable +namespace SimpleIdServer.IdServer.Host.Acceptance.Tests.Features.Federations +{ + using TechTalk.SpecFlow; + using System; + using System.Linq; + + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public partial class OpenidFederationFeature : object, Xunit.IClassFixture, System.IDisposable + { + + private static TechTalk.SpecFlow.ITestRunner testRunner; + + private static string[] featureTags = ((string[])(null)); + + private Xunit.Abstractions.ITestOutputHelper _testOutputHelper; + +#line 1 "OpenidFederation.feature" +#line hidden + + public OpenidFederationFeature(OpenidFederationFeature.FixtureData fixtureData, SimpleIdServer_IdServer_Host_Acceptance_Tests_XUnitAssemblyFixture assemblyFixture, Xunit.Abstractions.ITestOutputHelper testOutputHelper) + { + this._testOutputHelper = testOutputHelper; + this.TestInitialize(); + } + + public static void FeatureSetup() + { + testRunner = TechTalk.SpecFlow.TestRunnerManager.GetTestRunner(); + TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Features/Federations", "OpenidFederation", "\tCheck result returned by the .well-known/openid-federation endpoint", ProgrammingLanguage.CSharp, featureTags); + testRunner.OnFeatureStart(featureInfo); + } + + public static void FeatureTearDown() + { + testRunner.OnFeatureEnd(); + testRunner = null; + } + + public void TestInitialize() + { + } + + public void TestTearDown() + { + testRunner.OnScenarioEnd(); + } + + public void ScenarioInitialize(TechTalk.SpecFlow.ScenarioInfo scenarioInfo) + { + testRunner.OnScenarioInitialize(scenarioInfo); + testRunner.ScenarioContext.ScenarioContainer.RegisterInstanceAs(_testOutputHelper); + } + + public void ScenarioStart() + { + testRunner.OnScenarioStart(); + } + + public void ScenarioCleanup() + { + testRunner.CollectScenarioErrors(); + } + + void System.IDisposable.Dispose() + { + this.TestTearDown(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Get the openid-federation")] + [Xunit.TraitAttribute("FeatureTitle", "OpenidFederation")] + [Xunit.TraitAttribute("Description", "Get the openid-federation")] + public void GetTheOpenid_Federation() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Get the openid-federation", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 4 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table170 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); +#line 5 + testRunner.When("execute HTTP GET request \'https://localhost:8080/.well-known/openid-federation\'", ((string)(null)), table170, "When "); +#line hidden +#line 8 + testRunner.And("extract payload from HTTP body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 10 + testRunner.Then("HTTP header has \'Content-Type\'=\'application/entity-statement+jwt\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 12 + testRunner.Then("JWT has \'iss\'=\'https://localhost:8080\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 13 + testRunner.And("JWT has \'sub\'=\'https://localhost:8080\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + } + this.ScenarioCleanup(); + } + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public class FixtureData : System.IDisposable + { + + public FixtureData() + { + OpenidFederationFeature.FeatureSetup(); + } + + void System.IDisposable.Dispose() + { + OpenidFederationFeature.FeatureTearDown(); + } + } + } +} +#pragma warning restore +#endregion diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantErrors.feature.cs index 4d405905c..e384b656a 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantErrors.feature.cs @@ -98,11 +98,11 @@ public void AccessTokenIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table153 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table171 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 5 - testRunner.When("execute HTTP GET request \'http://localhost/grants/id\'", ((string)(null)), table153, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/grants/id\'", ((string)(null)), table171, "When "); #line hidden #line 8 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -135,14 +135,14 @@ public void GrantMustExists() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table154 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table172 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table154.AddRow(new string[] { + table172.AddRow(new string[] { "Authorization", "Bearer AT"}); #line 14 - testRunner.When("execute HTTP GET request \'http://localhost/grants/id\'", ((string)(null)), table154, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/grants/id\'", ((string)(null)), table172, "When "); #line hidden #line 18 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -181,14 +181,14 @@ public void AccessTokenMustBeValid() #line 25 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table155 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table173 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table155.AddRow(new string[] { + table173.AddRow(new string[] { "Authorization", "Bearer INVALID"}); #line 27 - testRunner.When("execute HTTP GET request \'http://localhost/grants/consentId\'", ((string)(null)), table155, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/grants/consentId\'", ((string)(null)), table173, "When "); #line hidden #line 31 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -228,63 +228,63 @@ public void OnlyTheSameClientCanQueryTheGrant() #line 38 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table156 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table174 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table156.AddRow(new string[] { + table174.AddRow(new string[] { "response_type", "code"}); - table156.AddRow(new string[] { + table174.AddRow(new string[] { "client_id", "fortyEightClient"}); - table156.AddRow(new string[] { + table174.AddRow(new string[] { "state", "state"}); - table156.AddRow(new string[] { + table174.AddRow(new string[] { "response_mode", "query"}); - table156.AddRow(new string[] { + table174.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table156.AddRow(new string[] { + table174.AddRow(new string[] { "nonce", "nonce"}); - table156.AddRow(new string[] { + table174.AddRow(new string[] { "claims", "{ \"id_token\": { \"acr\": { \"essential\" : true, \"value\": \"urn:openbanking:psd2:ca\" }" + " } }"}); - table156.AddRow(new string[] { + table174.AddRow(new string[] { "resource", "https://cal.example.com"}); - table156.AddRow(new string[] { + table174.AddRow(new string[] { "scope", "grant_management_query"}); #line 40 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table156, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table174, "When "); #line hidden #line 52 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table157 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table175 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table157.AddRow(new string[] { + table175.AddRow(new string[] { "client_id", "fortyEightClient"}); - table157.AddRow(new string[] { + table175.AddRow(new string[] { "client_secret", "password"}); - table157.AddRow(new string[] { + table175.AddRow(new string[] { "grant_type", "authorization_code"}); - table157.AddRow(new string[] { + table175.AddRow(new string[] { "code", "$code$"}); - table157.AddRow(new string[] { + table175.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 54 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table157, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table175, "And "); #line hidden #line 62 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -292,14 +292,14 @@ public void OnlyTheSameClientCanQueryTheGrant() #line 63 testRunner.And("extract parameter \'$.access_token\' from JSON body into \'accessToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table158 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table176 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table158.AddRow(new string[] { + table176.AddRow(new string[] { "Authorization", "Bearer $accessToken$"}); #line 65 - testRunner.And("execute HTTP GET request \'http://localhost/grants/consentId\'", ((string)(null)), table158, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/grants/consentId\'", ((string)(null)), table176, "And "); #line hidden #line 69 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AlternativeScenarios.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AlternativeScenarios.feature.cs index ac322b791..70b18d0fa 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AlternativeScenarios.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AlternativeScenarios.feature.cs @@ -104,35 +104,35 @@ public void User_AgentIsRedirectedToTheLoginPageWhenElapsedTimeAuthenticationTim #line 5 testRunner.Given("authenticate a user and add \'-10\' seconds to the authentication time", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table185 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table203 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table185.AddRow(new string[] { + table203.AddRow(new string[] { "response_type", "id_token"}); - table185.AddRow(new string[] { + table203.AddRow(new string[] { "client_id", "thirtyFourClient"}); - table185.AddRow(new string[] { + table203.AddRow(new string[] { "state", "state"}); - table185.AddRow(new string[] { + table203.AddRow(new string[] { "response_mode", "query"}); - table185.AddRow(new string[] { + table203.AddRow(new string[] { "scope", "openid email role"}); - table185.AddRow(new string[] { + table203.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table185.AddRow(new string[] { + table203.AddRow(new string[] { "nonce", "nonce"}); - table185.AddRow(new string[] { + table203.AddRow(new string[] { "display", "popup"}); #line 6 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table185, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table203, "When "); #line hidden #line 17 testRunner.Then("redirection url contains \'http://localhost/pwd/Authenticate\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); @@ -165,38 +165,38 @@ public void User_AgentIsRedirectedToTheLoginPageWhenElapsedTimeAuthenticationTim #line 20 testRunner.Given("authenticate a user and add \'-10\' seconds to the authentication time", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table186 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table204 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table186.AddRow(new string[] { + table204.AddRow(new string[] { "response_type", "id_token"}); - table186.AddRow(new string[] { + table204.AddRow(new string[] { "client_id", "thirtyFiveClient"}); - table186.AddRow(new string[] { + table204.AddRow(new string[] { "state", "state"}); - table186.AddRow(new string[] { + table204.AddRow(new string[] { "response_mode", "query"}); - table186.AddRow(new string[] { + table204.AddRow(new string[] { "scope", "openid email role"}); - table186.AddRow(new string[] { + table204.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table186.AddRow(new string[] { + table204.AddRow(new string[] { "nonce", "nonce"}); - table186.AddRow(new string[] { + table204.AddRow(new string[] { "display", "popup"}); - table186.AddRow(new string[] { + table204.AddRow(new string[] { "max_age", "2"}); #line 21 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table186, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table204, "When "); #line hidden #line 33 testRunner.Then("redirection url contains \'http://localhost/pwd/Authenticate\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); @@ -229,38 +229,38 @@ public void Auth_TimeClaimIsReturnedInTheIdentityTokenWhenItIsMarkedAsEssentialC #line 36 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table187 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table205 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table187.AddRow(new string[] { + table205.AddRow(new string[] { "response_type", "id_token"}); - table187.AddRow(new string[] { + table205.AddRow(new string[] { "client_id", "thirtyFiveClient"}); - table187.AddRow(new string[] { + table205.AddRow(new string[] { "state", "state"}); - table187.AddRow(new string[] { + table205.AddRow(new string[] { "response_mode", "query"}); - table187.AddRow(new string[] { + table205.AddRow(new string[] { "scope", "openid email role"}); - table187.AddRow(new string[] { + table205.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table187.AddRow(new string[] { + table205.AddRow(new string[] { "nonce", "nonce"}); - table187.AddRow(new string[] { + table205.AddRow(new string[] { "display", "popup"}); - table187.AddRow(new string[] { + table205.AddRow(new string[] { "claims", "{ \"id_token\": { \"auth_time\": { \"essential\" : true } } }"}); #line 37 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table187, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table205, "When "); #line hidden #line 49 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -296,38 +296,38 @@ public void AmrAndAcrAreReturnedInTheIdentityTokenWhenAcr_ValuesIsPassed() #line 55 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table188 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table206 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table188.AddRow(new string[] { + table206.AddRow(new string[] { "response_type", "id_token"}); - table188.AddRow(new string[] { + table206.AddRow(new string[] { "client_id", "thirtyFiveClient"}); - table188.AddRow(new string[] { + table206.AddRow(new string[] { "state", "state"}); - table188.AddRow(new string[] { + table206.AddRow(new string[] { "response_mode", "query"}); - table188.AddRow(new string[] { + table206.AddRow(new string[] { "scope", "openid email role"}); - table188.AddRow(new string[] { + table206.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table188.AddRow(new string[] { + table206.AddRow(new string[] { "nonce", "nonce"}); - table188.AddRow(new string[] { + table206.AddRow(new string[] { "display", "popup"}); - table188.AddRow(new string[] { + table206.AddRow(new string[] { "acr_values", "sid-load-01"}); #line 56 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table188, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table206, "When "); #line hidden #line 68 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -375,59 +375,59 @@ public void WhenUsingOffline_ScopeTheClientCanAccessToTheUserinfoEvenIfTheEnd_Us #line 77 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table189 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table207 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table189.AddRow(new string[] { + table207.AddRow(new string[] { "response_type", "code"}); - table189.AddRow(new string[] { + table207.AddRow(new string[] { "client_id", "thirtySixClient"}); - table189.AddRow(new string[] { + table207.AddRow(new string[] { "state", "state"}); - table189.AddRow(new string[] { + table207.AddRow(new string[] { "response_mode", "query"}); - table189.AddRow(new string[] { + table207.AddRow(new string[] { "scope", "openid email role offline_access"}); - table189.AddRow(new string[] { + table207.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table189.AddRow(new string[] { + table207.AddRow(new string[] { "nonce", "nonce"}); - table189.AddRow(new string[] { + table207.AddRow(new string[] { "display", "popup"}); #line 78 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table189, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table207, "When "); #line hidden #line 88 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table190 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table208 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table190.AddRow(new string[] { + table208.AddRow(new string[] { "grant_type", "authorization_code"}); - table190.AddRow(new string[] { + table208.AddRow(new string[] { "code", "$code$"}); - table190.AddRow(new string[] { + table208.AddRow(new string[] { "client_id", "thirtySixClient"}); - table190.AddRow(new string[] { + table208.AddRow(new string[] { "client_secret", "password"}); - table190.AddRow(new string[] { + table208.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 90 - testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table190, "And "); + testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table208, "And "); #line hidden #line 98 testRunner.And("disconnect the user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -441,14 +441,14 @@ public void WhenUsingOffline_ScopeTheClientCanAccessToTheUserinfoEvenIfTheEnd_Us #line 101 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table191 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table209 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table191.AddRow(new string[] { + table209.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 103 - testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table191, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table209, "And "); #line hidden #line 107 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantType.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantType.feature.cs index 6ac3cf3ce..c45b32ce6 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantType.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantType.feature.cs @@ -101,62 +101,62 @@ public void ResourceParameterCanBeOverriddenAndScopesAdminCalendarAreReturned() #line 5 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table192 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table210 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table192.AddRow(new string[] { + table210.AddRow(new string[] { "response_type", "code"}); - table192.AddRow(new string[] { + table210.AddRow(new string[] { "client_id", "fortySixClient"}); - table192.AddRow(new string[] { + table210.AddRow(new string[] { "state", "state"}); - table192.AddRow(new string[] { + table210.AddRow(new string[] { "response_mode", "query"}); - table192.AddRow(new string[] { + table210.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table192.AddRow(new string[] { + table210.AddRow(new string[] { "nonce", "nonce"}); - table192.AddRow(new string[] { + table210.AddRow(new string[] { "resource", "https://cal.example.com"}); #line 6 - testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table192, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table210, "When "); #line hidden #line 16 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table193 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table211 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table193.AddRow(new string[] { + table211.AddRow(new string[] { "client_id", "fortySixClient"}); - table193.AddRow(new string[] { + table211.AddRow(new string[] { "client_secret", "password"}); - table193.AddRow(new string[] { + table211.AddRow(new string[] { "grant_type", "authorization_code"}); - table193.AddRow(new string[] { + table211.AddRow(new string[] { "code", "$code$"}); - table193.AddRow(new string[] { + table211.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table193.AddRow(new string[] { + table211.AddRow(new string[] { "resource", "https://cal.example.com"}); - table193.AddRow(new string[] { + table211.AddRow(new string[] { "resource", "https://contacts.example.com"}); #line 18 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table193, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table211, "And "); #line hidden #line 28 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -204,65 +204,65 @@ public void ScopeOfAResourceCanBeFiltered() #line 39 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table194 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table212 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table194.AddRow(new string[] { + table212.AddRow(new string[] { "response_type", "code"}); - table194.AddRow(new string[] { + table212.AddRow(new string[] { "client_id", "fortySixClient"}); - table194.AddRow(new string[] { + table212.AddRow(new string[] { "state", "state"}); - table194.AddRow(new string[] { + table212.AddRow(new string[] { "response_mode", "query"}); - table194.AddRow(new string[] { + table212.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table194.AddRow(new string[] { + table212.AddRow(new string[] { "nonce", "nonce"}); - table194.AddRow(new string[] { + table212.AddRow(new string[] { "resource", "https://cal.example.com"}); #line 40 - testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table194, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table212, "When "); #line hidden #line 50 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table195 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table213 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table195.AddRow(new string[] { + table213.AddRow(new string[] { "client_id", "fortySixClient"}); - table195.AddRow(new string[] { + table213.AddRow(new string[] { "client_secret", "password"}); - table195.AddRow(new string[] { + table213.AddRow(new string[] { "grant_type", "authorization_code"}); - table195.AddRow(new string[] { + table213.AddRow(new string[] { "code", "$code$"}); - table195.AddRow(new string[] { + table213.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table195.AddRow(new string[] { + table213.AddRow(new string[] { "resource", "https://cal.example.com"}); - table195.AddRow(new string[] { + table213.AddRow(new string[] { "resource", "https://contacts.example.com"}); - table195.AddRow(new string[] { + table213.AddRow(new string[] { "scope", "admin"}); #line 52 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table195, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table213, "And "); #line hidden #line 63 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -307,56 +307,56 @@ public void ScopesAdminCalendarAreReturnedThanksToTheOriginalRequest() #line 72 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table196 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table214 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table196.AddRow(new string[] { + table214.AddRow(new string[] { "response_type", "code"}); - table196.AddRow(new string[] { + table214.AddRow(new string[] { "client_id", "fortySixClient"}); - table196.AddRow(new string[] { + table214.AddRow(new string[] { "state", "state"}); - table196.AddRow(new string[] { + table214.AddRow(new string[] { "response_mode", "query"}); - table196.AddRow(new string[] { + table214.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table196.AddRow(new string[] { + table214.AddRow(new string[] { "nonce", "nonce"}); - table196.AddRow(new string[] { + table214.AddRow(new string[] { "resource", "https://cal.example.com"}); #line 73 - testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table196, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table214, "When "); #line hidden #line 83 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table197 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table215 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table197.AddRow(new string[] { + table215.AddRow(new string[] { "client_id", "fortySixClient"}); - table197.AddRow(new string[] { + table215.AddRow(new string[] { "client_secret", "password"}); - table197.AddRow(new string[] { + table215.AddRow(new string[] { "grant_type", "authorization_code"}); - table197.AddRow(new string[] { + table215.AddRow(new string[] { "code", "$code$"}); - table197.AddRow(new string[] { + table215.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 85 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table197, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table215, "And "); #line hidden #line 93 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -398,56 +398,56 @@ public void Authorization_DetailsAreReturned() #line 101 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table198 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table216 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table198.AddRow(new string[] { + table216.AddRow(new string[] { "response_type", "code token"}); - table198.AddRow(new string[] { + table216.AddRow(new string[] { "client_id", "fiftyFiveClient"}); - table198.AddRow(new string[] { + table216.AddRow(new string[] { "state", "state"}); - table198.AddRow(new string[] { + table216.AddRow(new string[] { "response_mode", "query"}); - table198.AddRow(new string[] { + table216.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table198.AddRow(new string[] { + table216.AddRow(new string[] { "nonce", "nonce"}); - table198.AddRow(new string[] { + table216.AddRow(new string[] { "authorization_details", "{ \"type\" : \"firstDetails\", \"actions\": [ \"read\" ] }"}); #line 103 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table198, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table216, "When "); #line hidden #line 113 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table199 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table217 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table199.AddRow(new string[] { + table217.AddRow(new string[] { "client_id", "fiftyFiveClient"}); - table199.AddRow(new string[] { + table217.AddRow(new string[] { "client_secret", "password"}); - table199.AddRow(new string[] { + table217.AddRow(new string[] { "grant_type", "authorization_code"}); - table199.AddRow(new string[] { + table217.AddRow(new string[] { "code", "$code$"}); - table199.AddRow(new string[] { + table217.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 115 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table199, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table217, "And "); #line hidden #line 123 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -492,60 +492,60 @@ public void OnlyOneAuthorization_DetailsIsReturnedBecauseThereIsOneResourceParam #line 131 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table200 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table218 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table200.AddRow(new string[] { + table218.AddRow(new string[] { "response_type", "code token"}); - table200.AddRow(new string[] { + table218.AddRow(new string[] { "client_id", "fiftyFiveClient"}); - table200.AddRow(new string[] { + table218.AddRow(new string[] { "state", "state"}); - table200.AddRow(new string[] { + table218.AddRow(new string[] { "response_mode", "query"}); - table200.AddRow(new string[] { + table218.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table200.AddRow(new string[] { + table218.AddRow(new string[] { "nonce", "nonce"}); - table200.AddRow(new string[] { + table218.AddRow(new string[] { "authorization_details", "{ \"type\" : \"secondDetails\", \"locations\": [ \"https://cal.example.com\" ], \"actions\"" + ": [ \"read\" ] }"}); #line 133 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table200, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table218, "When "); #line hidden #line 143 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table201 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table219 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table201.AddRow(new string[] { + table219.AddRow(new string[] { "client_id", "fiftyFiveClient"}); - table201.AddRow(new string[] { + table219.AddRow(new string[] { "client_secret", "password"}); - table201.AddRow(new string[] { + table219.AddRow(new string[] { "grant_type", "authorization_code"}); - table201.AddRow(new string[] { + table219.AddRow(new string[] { "code", "$code$"}); - table201.AddRow(new string[] { + table219.AddRow(new string[] { "resource", "https://cal.example.com"}); - table201.AddRow(new string[] { + table219.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 145 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table201, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table219, "And "); #line hidden #line 154 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -587,57 +587,57 @@ public void AccessTokenContainsAuthorization_DetailsWithOpenid_Credential() #line 162 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table202 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table220 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table202.AddRow(new string[] { + table220.AddRow(new string[] { "response_type", "code token"}); - table202.AddRow(new string[] { + table220.AddRow(new string[] { "client_id", "fiftyEightClient"}); - table202.AddRow(new string[] { + table220.AddRow(new string[] { "state", "state"}); - table202.AddRow(new string[] { + table220.AddRow(new string[] { "response_mode", "query"}); - table202.AddRow(new string[] { + table220.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table202.AddRow(new string[] { + table220.AddRow(new string[] { "nonce", "nonce"}); - table202.AddRow(new string[] { + table220.AddRow(new string[] { "authorization_details", "{ \"type\" : \"openid_credential\", \"credential_configuration_id\": \"UniversityDegreeC" + "redential\" }"}); #line 164 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table202, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table220, "When "); #line hidden #line 174 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table203 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table221 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table203.AddRow(new string[] { + table221.AddRow(new string[] { "client_id", "fiftyEightClient"}); - table203.AddRow(new string[] { + table221.AddRow(new string[] { "client_secret", "password"}); - table203.AddRow(new string[] { + table221.AddRow(new string[] { "grant_type", "authorization_code"}); - table203.AddRow(new string[] { + table221.AddRow(new string[] { "code", "$code$"}); - table203.AddRow(new string[] { + table221.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 176 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table203, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table221, "And "); #line hidden #line 184 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -676,29 +676,29 @@ public void AccessTokenContainsTheRole() #line 191 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table204 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table222 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table204.AddRow(new string[] { + table222.AddRow(new string[] { "response_type", "code"}); - table204.AddRow(new string[] { + table222.AddRow(new string[] { "client_id", "sixtyNineClient"}); - table204.AddRow(new string[] { + table222.AddRow(new string[] { "state", "state"}); - table204.AddRow(new string[] { + table222.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table204.AddRow(new string[] { + table222.AddRow(new string[] { "response_mode", "query"}); - table204.AddRow(new string[] { + table222.AddRow(new string[] { "scope", "role"}); #line 192 - testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table204, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table222, "When "); #line hidden #line 201 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -706,26 +706,26 @@ public void AccessTokenContainsTheRole() #line 202 testRunner.And("extract parameter \'state\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table205 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table223 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table205.AddRow(new string[] { + table223.AddRow(new string[] { "client_id", "sixtyNineClient"}); - table205.AddRow(new string[] { + table223.AddRow(new string[] { "client_secret", "password"}); - table205.AddRow(new string[] { + table223.AddRow(new string[] { "grant_type", "authorization_code"}); - table205.AddRow(new string[] { + table223.AddRow(new string[] { "code", "$code$"}); - table205.AddRow(new string[] { + table223.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 204 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table205, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table223, "And "); #line hidden #line 212 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantTypeErrors.feature b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantTypeErrors.feature index 0a8311942..480d24055 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantTypeErrors.feature +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantTypeErrors.feature @@ -12,10 +12,24 @@ Scenario: Send 'grant_type=authorization_code' with no code parameter And JSON '$.error_description'='missing parameter code' Scenario: Send 'grant_type=authorization_code,code=code' with no redirect_uri + Given authenticate a user + When execute HTTP GET request 'https://localhost:8080/authorization' + | Key | Value | + | response_type | code | + | client_id | thirdClient | + | state | state | + | redirect_uri | http://localhost:8080 | + | response_mode | query | + | scope | secondScope | + + And extract parameter 'code' from redirect url + When execute HTTP POST request 'https://localhost:8080/token' - | Key | Value | - | grant_type | authorization_code | - | code | code | + | Key | Value | + | client_id | thirdClient | + | client_secret | password | + | grant_type | authorization_code | + | code | $code$ | And extract JSON from body Then HTTP status code equals to '400' @@ -23,10 +37,22 @@ Scenario: Send 'grant_type=authorization_code,code=code' with no redirect_uri And JSON '$.error_description'='missing parameter redirect_uri' Scenario: Send 'grant_type=authorization_code,code=code,redirect_uri=http://localhost,client_id=firstClient,client_secret=password' with unauthorized grant_type - When execute HTTP POST request 'https://localhost:8080/token' + Given authenticate a user + When execute HTTP GET request 'https://localhost:8080/authorization' + | Key | Value | + | response_type | code | + | client_id | thirdClient | + | state | state | + | redirect_uri | http://localhost:8080 | + | response_mode | query | + | scope | secondScope | + + And extract parameter 'code' from redirect url + + And execute HTTP POST request 'https://localhost:8080/token' | Key | Value | | grant_type | authorization_code | - | code | code | + | code | $code$ | | redirect_uri | http://localhost | | client_id | firstClient | | client_secret | password | diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantTypeErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantTypeErrors.feature.cs index 9159e9c69..3f625c84f 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantTypeErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/AuthorizationCodeGrantTypeErrors.feature.cs @@ -98,14 +98,14 @@ public void SendGrant_TypeAuthorization_CodeWithNoCodeParameter() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table206 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table224 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table206.AddRow(new string[] { + table224.AddRow(new string[] { "grant_type", "authorization_code"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table206, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table224, "When "); #line hidden #line 9 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -141,28 +141,64 @@ public void SendGrant_TypeAuthorization_CodeCodeCodeWithNoRedirect_Uri() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table207 = new TechTalk.SpecFlow.Table(new string[] { +#line 15 + testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); +#line hidden + TechTalk.SpecFlow.Table table225 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table207.AddRow(new string[] { + table225.AddRow(new string[] { + "response_type", + "code"}); + table225.AddRow(new string[] { + "client_id", + "thirdClient"}); + table225.AddRow(new string[] { + "state", + "state"}); + table225.AddRow(new string[] { + "redirect_uri", + "http://localhost:8080"}); + table225.AddRow(new string[] { + "response_mode", + "query"}); + table225.AddRow(new string[] { + "scope", + "secondScope"}); +#line 16 + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table225, "When "); +#line hidden +#line 25 + testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + TechTalk.SpecFlow.Table table226 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table226.AddRow(new string[] { + "client_id", + "thirdClient"}); + table226.AddRow(new string[] { + "client_secret", + "password"}); + table226.AddRow(new string[] { "grant_type", "authorization_code"}); - table207.AddRow(new string[] { + table226.AddRow(new string[] { "code", - "code"}); -#line 15 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table207, "When "); + "$code$"}); +#line 27 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table226, "When "); #line hidden -#line 20 +#line 34 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 21 +#line 35 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 22 +#line 36 testRunner.And("JSON \'$.error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 23 +#line 37 testRunner.And("JSON \'$.error_description\'=\'missing parameter redirect_uri\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -180,7 +216,7 @@ public void SendGrant_TypeAuthorization_CodeCodeCodeRedirect_UriHttpLocalhostCli System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Send \'grant_type=authorization_code,code=code,redirect_uri=http://localhost,clien" + "t_id=firstClient,client_secret=password\' with unauthorized grant_type", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 25 +#line 39 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -190,37 +226,67 @@ public void SendGrant_TypeAuthorization_CodeCodeCodeRedirect_UriHttpLocalhostCli else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table208 = new TechTalk.SpecFlow.Table(new string[] { +#line 40 + testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); +#line hidden + TechTalk.SpecFlow.Table table227 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table227.AddRow(new string[] { + "response_type", + "code"}); + table227.AddRow(new string[] { + "client_id", + "thirdClient"}); + table227.AddRow(new string[] { + "state", + "state"}); + table227.AddRow(new string[] { + "redirect_uri", + "http://localhost:8080"}); + table227.AddRow(new string[] { + "response_mode", + "query"}); + table227.AddRow(new string[] { + "scope", + "secondScope"}); +#line 41 + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table227, "When "); +#line hidden +#line 50 + testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden + TechTalk.SpecFlow.Table table228 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table208.AddRow(new string[] { + table228.AddRow(new string[] { "grant_type", "authorization_code"}); - table208.AddRow(new string[] { + table228.AddRow(new string[] { "code", - "code"}); - table208.AddRow(new string[] { + "$code$"}); + table228.AddRow(new string[] { "redirect_uri", "http://localhost"}); - table208.AddRow(new string[] { + table228.AddRow(new string[] { "client_id", "firstClient"}); - table208.AddRow(new string[] { + table228.AddRow(new string[] { "client_secret", "password"}); -#line 26 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table208, "When "); +#line 52 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table228, "And "); #line hidden -#line 34 +#line 60 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 35 +#line 61 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 36 +#line 62 testRunner.And("JSON \'$.error\'=\'invalid_client\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 37 +#line 63 testRunner.And("JSON \'$.error_description\'=\'grant type authorization_code is not supported by the" + " client\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden @@ -239,7 +305,7 @@ public void SendGrant_TypeAuthorization_CodeCodeCodeRedirect_UriHttpLocalhost808 System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Send \'grant_type=authorization_code,code=code,redirect_uri=http://localhost:8080," + "client_id=thirdClient,client_secret=password\' with previous issued token", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 39 +#line 65 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -249,88 +315,88 @@ public void SendGrant_TypeAuthorization_CodeCodeCodeRedirect_UriHttpLocalhost808 else { this.ScenarioStart(); -#line 40 +#line 66 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table209 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table229 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table209.AddRow(new string[] { + table229.AddRow(new string[] { "response_type", "code"}); - table209.AddRow(new string[] { + table229.AddRow(new string[] { "client_id", "thirdClient"}); - table209.AddRow(new string[] { + table229.AddRow(new string[] { "state", "state"}); - table209.AddRow(new string[] { + table229.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table209.AddRow(new string[] { + table229.AddRow(new string[] { "response_mode", "query"}); - table209.AddRow(new string[] { + table229.AddRow(new string[] { "scope", "secondScope"}); -#line 41 - testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table209, "When "); +#line 67 + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table229, "When "); #line hidden -#line 50 +#line 76 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table210 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table230 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table210.AddRow(new string[] { + table230.AddRow(new string[] { "client_id", "thirdClient"}); - table210.AddRow(new string[] { + table230.AddRow(new string[] { "client_secret", "password"}); - table210.AddRow(new string[] { + table230.AddRow(new string[] { "grant_type", "authorization_code"}); - table210.AddRow(new string[] { + table230.AddRow(new string[] { "code", "$code$"}); - table210.AddRow(new string[] { + table230.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); -#line 52 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table210, "And "); +#line 78 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table230, "And "); #line hidden - TechTalk.SpecFlow.Table table211 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table231 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table211.AddRow(new string[] { + table231.AddRow(new string[] { "client_id", "thirdClient"}); - table211.AddRow(new string[] { + table231.AddRow(new string[] { "client_secret", "password"}); - table211.AddRow(new string[] { + table231.AddRow(new string[] { "grant_type", "authorization_code"}); - table211.AddRow(new string[] { + table231.AddRow(new string[] { "code", "$code$"}); - table211.AddRow(new string[] { + table231.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); -#line 60 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table211, "And "); +#line 86 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table231, "And "); #line hidden -#line 68 +#line 94 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 69 +#line 95 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 70 +#line 96 testRunner.And("JSON \'$.error\'=\'invalid_grant\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 71 +#line 97 testRunner.And("JSON \'$.error_description\'=\'authorization code has already been used, all tokens " + "previously issued have been revoked\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden @@ -349,7 +415,7 @@ public void SendGrant_TypeAuthorization_CodeCodeCodeRedirect_UriHttpLocalhost808 System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Send \'grant_type=authorization_code,code=code,redirect_uri=http://localhost:8080," + "client_id=thirdClient,client_secret=password\' with bad code", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 73 +#line 99 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -359,37 +425,37 @@ public void SendGrant_TypeAuthorization_CodeCodeCodeRedirect_UriHttpLocalhost808 else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table212 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table232 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table212.AddRow(new string[] { + table232.AddRow(new string[] { "client_id", "thirdClient"}); - table212.AddRow(new string[] { + table232.AddRow(new string[] { "client_secret", "password"}); - table212.AddRow(new string[] { + table232.AddRow(new string[] { "grant_type", "authorization_code"}); - table212.AddRow(new string[] { + table232.AddRow(new string[] { "code", "invalidCode"}); - table212.AddRow(new string[] { + table232.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); -#line 74 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table212, "When "); +#line 100 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table232, "When "); #line hidden -#line 82 +#line 108 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 83 +#line 109 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 84 +#line 110 testRunner.And("JSON \'$.error\'=\'invalid_grant\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 85 +#line 111 testRunner.And("JSON \'$.error_description\'=\'bad authorization code\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -410,7 +476,7 @@ public void SendGrant_TypeAuthorization_CodeCodeCodeRedirect_UriHttpLocalhost808 TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Send \'grant_type=authorization_code,code=code,redirect_uri=http://localhost:8080," + "client_id=thirdClient,client_secret=password\' with code not issued by the client" + "", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 87 +#line 113 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -420,67 +486,67 @@ public void SendGrant_TypeAuthorization_CodeCodeCodeRedirect_UriHttpLocalhost808 else { this.ScenarioStart(); -#line 88 +#line 114 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table213 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table233 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table213.AddRow(new string[] { + table233.AddRow(new string[] { "response_type", "code"}); - table213.AddRow(new string[] { + table233.AddRow(new string[] { "client_id", "thirdClient"}); - table213.AddRow(new string[] { + table233.AddRow(new string[] { "state", "state"}); - table213.AddRow(new string[] { + table233.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table213.AddRow(new string[] { + table233.AddRow(new string[] { "response_mode", "query"}); - table213.AddRow(new string[] { + table233.AddRow(new string[] { "scope", "secondScope"}); -#line 89 - testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table213, "When "); +#line 115 + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table233, "When "); #line hidden -#line 98 +#line 124 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table214 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table234 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table214.AddRow(new string[] { + table234.AddRow(new string[] { "client_id", "thirdClient"}); - table214.AddRow(new string[] { + table234.AddRow(new string[] { "client_secret", "password"}); - table214.AddRow(new string[] { + table234.AddRow(new string[] { "grant_type", "authorization_code"}); - table214.AddRow(new string[] { + table234.AddRow(new string[] { "code", "$code$"}); - table214.AddRow(new string[] { + table234.AddRow(new string[] { "redirect_uri", "http://localhost:9080"}); -#line 100 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table214, "And "); +#line 126 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table234, "And "); #line hidden -#line 108 +#line 134 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 109 +#line 135 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 110 +#line 136 testRunner.And("JSON \'$.error\'=\'invalid_grant\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 111 +#line 137 testRunner.And("JSON \'$.error_description\'=\'not the same redirect_uri\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -495,7 +561,7 @@ public void AuthorizationCodeCannotBeUsedTwice() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("authorization code cannot be used twice", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 113 +#line 139 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -505,88 +571,88 @@ public void AuthorizationCodeCannotBeUsedTwice() else { this.ScenarioStart(); -#line 114 +#line 140 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table215 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table235 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table215.AddRow(new string[] { + table235.AddRow(new string[] { "response_type", "code"}); - table215.AddRow(new string[] { + table235.AddRow(new string[] { "client_id", "thirdClient"}); - table215.AddRow(new string[] { + table235.AddRow(new string[] { "state", "state"}); - table215.AddRow(new string[] { + table235.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table215.AddRow(new string[] { + table235.AddRow(new string[] { "response_mode", "query"}); - table215.AddRow(new string[] { + table235.AddRow(new string[] { "scope", "secondScope"}); -#line 115 - testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table215, "When "); +#line 141 + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table235, "When "); #line hidden -#line 124 +#line 150 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table216 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table236 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table216.AddRow(new string[] { + table236.AddRow(new string[] { "client_id", "thirdClient"}); - table216.AddRow(new string[] { + table236.AddRow(new string[] { "client_secret", "password"}); - table216.AddRow(new string[] { + table236.AddRow(new string[] { "grant_type", "authorization_code"}); - table216.AddRow(new string[] { + table236.AddRow(new string[] { "code", "$code$"}); - table216.AddRow(new string[] { + table236.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); -#line 126 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table216, "And "); +#line 152 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table236, "And "); #line hidden - TechTalk.SpecFlow.Table table217 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table237 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table217.AddRow(new string[] { + table237.AddRow(new string[] { "client_id", "thirdClient"}); - table217.AddRow(new string[] { + table237.AddRow(new string[] { "client_secret", "password"}); - table217.AddRow(new string[] { + table237.AddRow(new string[] { "grant_type", "authorization_code"}); - table217.AddRow(new string[] { + table237.AddRow(new string[] { "code", "$code$"}); - table217.AddRow(new string[] { + table237.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); -#line 134 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table217, "And "); +#line 160 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table237, "And "); #line hidden -#line 142 +#line 168 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 143 +#line 169 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 144 +#line 170 testRunner.Then("JSON \'error\'=\'invalid_grant\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 145 +#line 171 testRunner.Then("JSON \'error_description\'=\'authorization code has already been used, all tokens pr" + "eviously issued have been revoked\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden @@ -602,7 +668,7 @@ public void CannotHaveAMismatchBetweenDpop_JktAndTheDPoPProof() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("cannot have a mismatch between dpop_jkt and the DPoP proof", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 147 +#line 173 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -612,127 +678,127 @@ public void CannotHaveAMismatchBetweenDpop_JktAndTheDPoPProof() else { this.ScenarioStart(); -#line 148 +#line 174 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table218 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table238 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table218.AddRow(new string[] { + table238.AddRow(new string[] { "htm", "POST"}); - table218.AddRow(new string[] { + table238.AddRow(new string[] { "htu", "https://localhost:8080/token"}); -#line 150 - testRunner.When("build DPoP proof", ((string)(null)), table218, "When "); +#line 176 + testRunner.When("build DPoP proof", ((string)(null)), table238, "When "); #line hidden - TechTalk.SpecFlow.Table table219 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table239 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table219.AddRow(new string[] { + table239.AddRow(new string[] { "response_type", "code"}); - table219.AddRow(new string[] { + table239.AddRow(new string[] { "client_id", "sixtyFiveClient"}); - table219.AddRow(new string[] { + table239.AddRow(new string[] { "state", "state"}); - table219.AddRow(new string[] { + table239.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table219.AddRow(new string[] { + table239.AddRow(new string[] { "response_mode", "query"}); - table219.AddRow(new string[] { + table239.AddRow(new string[] { "scope", "secondScope"}); - table219.AddRow(new string[] { + table239.AddRow(new string[] { "dpop_jkt", "invalid"}); -#line 155 - testRunner.And("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table219, "And "); +#line 181 + testRunner.And("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table239, "And "); #line hidden -#line 165 +#line 191 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table220 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table240 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table220.AddRow(new string[] { + table240.AddRow(new string[] { "client_id", "sixtyFiveClient"}); - table220.AddRow(new string[] { + table240.AddRow(new string[] { "client_secret", "password"}); - table220.AddRow(new string[] { + table240.AddRow(new string[] { "grant_type", "authorization_code"}); - table220.AddRow(new string[] { + table240.AddRow(new string[] { "code", "$code$"}); - table220.AddRow(new string[] { + table240.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table220.AddRow(new string[] { + table240.AddRow(new string[] { "DPoP", "$DPOP$"}); -#line 167 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table220, "And "); +#line 193 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table240, "And "); #line hidden -#line 176 +#line 202 testRunner.And("extract header \'DPoP-Nonce\' to \'nonce\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table221 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table241 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table221.AddRow(new string[] { + table241.AddRow(new string[] { "htm", "POST"}); - table221.AddRow(new string[] { + table241.AddRow(new string[] { "htu", "https://localhost:8080/token"}); - table221.AddRow(new string[] { + table241.AddRow(new string[] { "nonce", "$nonce$"}); -#line 178 - testRunner.And("build DPoP proof", ((string)(null)), table221, "And "); +#line 204 + testRunner.And("build DPoP proof", ((string)(null)), table241, "And "); #line hidden - TechTalk.SpecFlow.Table table222 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table242 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table222.AddRow(new string[] { + table242.AddRow(new string[] { "client_id", "sixtyFiveClient"}); - table222.AddRow(new string[] { + table242.AddRow(new string[] { "client_secret", "password"}); - table222.AddRow(new string[] { + table242.AddRow(new string[] { "grant_type", "authorization_code"}); - table222.AddRow(new string[] { + table242.AddRow(new string[] { "code", "$code$"}); - table222.AddRow(new string[] { + table242.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table222.AddRow(new string[] { + table242.AddRow(new string[] { "DPoP", "$DPOP$"}); -#line 184 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table222, "And "); +#line 210 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table242, "And "); #line hidden -#line 193 +#line 219 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 195 +#line 221 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 196 +#line 222 testRunner.Then("JSON \'error\'=\'invalid_dpop_proof\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 197 +#line 223 testRunner.Then("JSON \'error_description\'=\'there is a mismatch between the dpop_jkt and the DPoP p" + "roof\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/CIBAGrantTypeErrors.feature b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/CIBAGrantTypeErrors.feature index 19664087d..8ef0240f6 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/CIBAGrantTypeErrors.feature +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/CIBAGrantTypeErrors.feature @@ -30,7 +30,7 @@ Scenario: authorization request must exists | Key | Value | | grant_type | urn:openid:params:grant-type:ciba | | client_id | fortyTwoClient | - | X-Testing-ClientCert | sidClient.crt | + | X-Testing-ClientCert | sidClient.crt | | auth_req_id | id | And extract JSON from body diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/CIBAGrantTypeErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/CIBAGrantTypeErrors.feature.cs index 9c97f78ab..c71aa7d87 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/CIBAGrantTypeErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/CIBAGrantTypeErrors.feature.cs @@ -98,20 +98,20 @@ public void OnlyPINGOrPOLLModesAreSupportedToGetAToken() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table223 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table243 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table223.AddRow(new string[] { + table243.AddRow(new string[] { "grant_type", "urn:openid:params:grant-type:ciba"}); - table223.AddRow(new string[] { + table243.AddRow(new string[] { "client_id", "fortyThreeClient"}); - table223.AddRow(new string[] { + table243.AddRow(new string[] { "X-Testing-ClientCert", "sidClient.crt"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/mtls/token\'", ((string)(null)), table223, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/mtls/token\'", ((string)(null)), table243, "When "); #line hidden #line 11 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -147,20 +147,20 @@ public void ParameterAuth_Req_IdIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table224 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table244 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table224.AddRow(new string[] { + table244.AddRow(new string[] { "grant_type", "urn:openid:params:grant-type:ciba"}); - table224.AddRow(new string[] { + table244.AddRow(new string[] { "client_id", "fortyTwoClient"}); - table224.AddRow(new string[] { + table244.AddRow(new string[] { "X-Testing-ClientCert", "sidClient.crt"}); #line 17 - testRunner.When("execute HTTP POST request \'https://localhost:8080/mtls/token\'", ((string)(null)), table224, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/mtls/token\'", ((string)(null)), table244, "When "); #line hidden #line 23 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -196,23 +196,23 @@ public void AuthorizationRequestMustExists() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table225 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table245 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table225.AddRow(new string[] { + table245.AddRow(new string[] { "grant_type", "urn:openid:params:grant-type:ciba"}); - table225.AddRow(new string[] { + table245.AddRow(new string[] { "client_id", "fortyTwoClient"}); - table225.AddRow(new string[] { + table245.AddRow(new string[] { "X-Testing-ClientCert", "sidClient.crt"}); - table225.AddRow(new string[] { + table245.AddRow(new string[] { "auth_req_id", "id"}); #line 29 - testRunner.When("execute HTTP POST request \'https://localhost:8080/mtls/token\'", ((string)(null)), table225, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/mtls/token\'", ((string)(null)), table245, "When "); #line hidden #line 36 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -251,26 +251,26 @@ public void ClientMustBeTheSame() #line 42 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table226 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table246 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table226.AddRow(new string[] { + table246.AddRow(new string[] { "client_id", "fortyNineClient"}); - table226.AddRow(new string[] { + table246.AddRow(new string[] { "client_secret", "password"}); - table226.AddRow(new string[] { + table246.AddRow(new string[] { "scope", "admin calendar"}); - table226.AddRow(new string[] { + table246.AddRow(new string[] { "login_hint", "user"}); - table226.AddRow(new string[] { + table246.AddRow(new string[] { "user_code", "password"}); #line 44 - testRunner.When("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table226, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table246, "When "); #line hidden #line 52 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -278,32 +278,32 @@ public void ClientMustBeTheSame() #line 53 testRunner.And("extract parameter \'auth_req_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table227 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table247 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table227.AddRow(new string[] { + table247.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); #line 55 - testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table227, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table247, "And "); #line hidden - TechTalk.SpecFlow.Table table228 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table248 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table228.AddRow(new string[] { + table248.AddRow(new string[] { "grant_type", "urn:openid:params:grant-type:ciba"}); - table228.AddRow(new string[] { + table248.AddRow(new string[] { "client_id", "fiftyClient"}); - table228.AddRow(new string[] { + table248.AddRow(new string[] { "client_secret", "password"}); - table228.AddRow(new string[] { + table248.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); #line 59 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table228, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table248, "And "); #line hidden #line 66 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -339,56 +339,56 @@ public void AuthorizationRequestMustBeConfirmed() #line 72 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table229 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table249 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table229.AddRow(new string[] { + table249.AddRow(new string[] { "response_type", "id_token"}); - table229.AddRow(new string[] { + table249.AddRow(new string[] { "client_id", "fourteenClient"}); - table229.AddRow(new string[] { + table249.AddRow(new string[] { "state", "state"}); - table229.AddRow(new string[] { + table249.AddRow(new string[] { "response_mode", "query"}); - table229.AddRow(new string[] { + table249.AddRow(new string[] { "scope", "openid email role"}); - table229.AddRow(new string[] { + table249.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table229.AddRow(new string[] { + table249.AddRow(new string[] { "nonce", "nonce"}); #line 74 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table229, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table249, "When "); #line hidden #line 84 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table230 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table250 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table230.AddRow(new string[] { + table250.AddRow(new string[] { "client_id", "fortyNineClient"}); - table230.AddRow(new string[] { + table250.AddRow(new string[] { "client_secret", "password"}); - table230.AddRow(new string[] { + table250.AddRow(new string[] { "scope", "admin calendar"}); - table230.AddRow(new string[] { + table250.AddRow(new string[] { "login_hint", "user"}); - table230.AddRow(new string[] { + table250.AddRow(new string[] { "user_code", "password"}); #line 86 - testRunner.And("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table230, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table250, "And "); #line hidden #line 94 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -396,23 +396,23 @@ public void AuthorizationRequestMustBeConfirmed() #line 95 testRunner.And("extract parameter \'auth_req_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table231 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table251 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table231.AddRow(new string[] { + table251.AddRow(new string[] { "grant_type", "urn:openid:params:grant-type:ciba"}); - table231.AddRow(new string[] { + table251.AddRow(new string[] { "client_id", "fortyNineClient"}); - table231.AddRow(new string[] { + table251.AddRow(new string[] { "client_secret", "password"}); - table231.AddRow(new string[] { + table251.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); #line 97 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table231, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table251, "And "); #line hidden #line 104 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -448,35 +448,35 @@ public void AuthorizationRequestCannotBeRejected() #line 110 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table232 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table252 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table232.AddRow(new string[] { + table252.AddRow(new string[] { "sub", "user"}); #line 111 - testRunner.And("build access_token and sign with the key \'keyid\'", ((string)(null)), table232, "And "); + testRunner.And("build access_token and sign with the key \'keyid\'", ((string)(null)), table252, "And "); #line hidden - TechTalk.SpecFlow.Table table233 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table253 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table233.AddRow(new string[] { + table253.AddRow(new string[] { "client_id", "fortyNineClient"}); - table233.AddRow(new string[] { + table253.AddRow(new string[] { "client_secret", "password"}); - table233.AddRow(new string[] { + table253.AddRow(new string[] { "scope", "admin calendar"}); - table233.AddRow(new string[] { + table253.AddRow(new string[] { "login_hint", "user"}); - table233.AddRow(new string[] { + table253.AddRow(new string[] { "user_code", "password"}); #line 115 - testRunner.When("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table233, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table253, "When "); #line hidden #line 123 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -484,38 +484,38 @@ public void AuthorizationRequestCannotBeRejected() #line 124 testRunner.And("extract parameter \'auth_req_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table234 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table254 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table234.AddRow(new string[] { + table254.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); - table234.AddRow(new string[] { + table254.AddRow(new string[] { "action", "1"}); - table234.AddRow(new string[] { + table254.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 126 - testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table234, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table254, "And "); #line hidden - TechTalk.SpecFlow.Table table235 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table255 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table235.AddRow(new string[] { + table255.AddRow(new string[] { "grant_type", "urn:openid:params:grant-type:ciba"}); - table235.AddRow(new string[] { + table255.AddRow(new string[] { "client_id", "fortyNineClient"}); - table235.AddRow(new string[] { + table255.AddRow(new string[] { "client_secret", "password"}); - table235.AddRow(new string[] { + table255.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); #line 132 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table235, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table255, "And "); #line hidden #line 139 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/ClientCredentialsGrantTypeErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/ClientCredentialsGrantTypeErrors.feature.cs index c7ff61b3b..048180d92 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/ClientCredentialsGrantTypeErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/ClientCredentialsGrantTypeErrors.feature.cs @@ -98,14 +98,14 @@ public void SendGrant_TypeClient_CredentialsWithNoScopeParameter() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table236 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table256 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table236.AddRow(new string[] { + table256.AddRow(new string[] { "grant_type", "client_credentials"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table236, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table256, "When "); #line hidden #line 9 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -144,23 +144,23 @@ public void SendGrant_TypeClient_CredentialsScopeScopeClient_IdSecondClientClien else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table237 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table257 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table237.AddRow(new string[] { + table257.AddRow(new string[] { "grant_type", "client_credentials"}); - table237.AddRow(new string[] { + table257.AddRow(new string[] { "scope", "scope"}); - table237.AddRow(new string[] { + table257.AddRow(new string[] { "client_id", "secondClient"}); - table237.AddRow(new string[] { + table257.AddRow(new string[] { "client_secret", "password"}); #line 15 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table237, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table257, "When "); #line hidden #line 22 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/DeviceAuthorizationGrantTypeErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/DeviceAuthorizationGrantTypeErrors.feature.cs index 59f5188eb..f5f8e3ca2 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/DeviceAuthorizationGrantTypeErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/DeviceAuthorizationGrantTypeErrors.feature.cs @@ -98,14 +98,14 @@ public void Client_IdIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table238 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table258 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table238.AddRow(new string[] { + table258.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:device_code"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table238, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table258, "When "); #line hidden #line 9 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -141,20 +141,20 @@ public void Device_CodeIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table239 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table259 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table239.AddRow(new string[] { + table259.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:device_code"}); - table239.AddRow(new string[] { + table259.AddRow(new string[] { "client_id", "sixtyOneClient"}); - table239.AddRow(new string[] { + table259.AddRow(new string[] { "client_secret", "password"}); #line 16 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table239, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table259, "When "); #line hidden #line 22 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -190,23 +190,23 @@ public void Device_CodeMustExists() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table240 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table260 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table240.AddRow(new string[] { + table260.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:device_code"}); - table240.AddRow(new string[] { + table260.AddRow(new string[] { "client_id", "sixtyOneClient"}); - table240.AddRow(new string[] { + table260.AddRow(new string[] { "client_secret", "password"}); - table240.AddRow(new string[] { + table260.AddRow(new string[] { "device_code", "unknown"}); #line 29 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table240, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table260, "When "); #line hidden #line 36 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -242,23 +242,23 @@ public void Device_CodeMustNotBeIssued() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table241 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table261 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table241.AddRow(new string[] { + table261.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:device_code"}); - table241.AddRow(new string[] { + table261.AddRow(new string[] { "client_id", "sixtyOneClient"}); - table241.AddRow(new string[] { + table261.AddRow(new string[] { "client_secret", "password"}); - table241.AddRow(new string[] { + table261.AddRow(new string[] { "device_code", "issuedDeviceCode"}); #line 43 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table241, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table261, "When "); #line hidden #line 50 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -295,23 +295,23 @@ public void Device_CodeMustNotBeExpired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table242 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table262 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table242.AddRow(new string[] { + table262.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:device_code"}); - table242.AddRow(new string[] { + table262.AddRow(new string[] { "client_id", "sixtyOneClient"}); - table242.AddRow(new string[] { + table262.AddRow(new string[] { "client_secret", "password"}); - table242.AddRow(new string[] { + table262.AddRow(new string[] { "device_code", "expiredDeviceCode"}); #line 57 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table242, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table262, "When "); #line hidden #line 64 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -347,23 +347,23 @@ public void CannotGetTheDevice_CodeTooManyTimes() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table243 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table263 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table243.AddRow(new string[] { + table263.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:device_code"}); - table243.AddRow(new string[] { + table263.AddRow(new string[] { "client_id", "sixtyOneClient"}); - table243.AddRow(new string[] { + table263.AddRow(new string[] { "client_secret", "password"}); - table243.AddRow(new string[] { + table263.AddRow(new string[] { "device_code", "tooManyDeviceCode"}); #line 71 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table243, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table263, "When "); #line hidden #line 78 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -399,23 +399,23 @@ public void CannotGetAnAccessTokenIfTheAuthorizationDeviceCodeHasAPENDINGState() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table244 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table264 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table244.AddRow(new string[] { + table264.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:device_code"}); - table244.AddRow(new string[] { + table264.AddRow(new string[] { "client_id", "sixtyOneClient"}); - table244.AddRow(new string[] { + table264.AddRow(new string[] { "client_secret", "password"}); - table244.AddRow(new string[] { + table264.AddRow(new string[] { "device_code", "pendingDeviceCode"}); #line 85 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table244, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table264, "When "); #line hidden #line 92 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/HappyFlows.feature b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/HappyFlows.feature index f2481b8d2..a2aaa2c5c 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/HappyFlows.feature +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/HappyFlows.feature @@ -18,6 +18,7 @@ Scenario: Use 'client_credentials' grant type to get an access token And access_token audience contains 'firstClient' And access_token audience contains 'secondClient' And access_token scope contains 'firstScope' + And access_token scope contains 'firstScope' And access_token alg equals to 'RS256' And access_token kid equals to 'keyid' diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/HappyFlows.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/HappyFlows.feature.cs index 5d84ee517..4f54ae7bd 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/HappyFlows.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/HappyFlows.feature.cs @@ -98,23 +98,23 @@ public void UseClient_CredentialsGrantTypeToGetAnAccessToken() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table245 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table265 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table245.AddRow(new string[] { + table265.AddRow(new string[] { "client_id", "firstClient"}); - table245.AddRow(new string[] { + table265.AddRow(new string[] { "client_secret", "password"}); - table245.AddRow(new string[] { + table265.AddRow(new string[] { "scope", "firstScope"}); - table245.AddRow(new string[] { + table265.AddRow(new string[] { "grant_type", "client_credentials"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table245, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table265, "When "); #line hidden #line 12 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -141,9 +141,12 @@ public void UseClient_CredentialsGrantTypeToGetAnAccessToken() testRunner.And("access_token scope contains \'firstScope\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 21 - testRunner.And("access_token alg equals to \'RS256\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); + testRunner.And("access_token scope contains \'firstScope\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden #line 22 + testRunner.And("access_token alg equals to \'RS256\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 23 testRunner.And("access_token kid equals to \'keyid\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -158,7 +161,7 @@ public void UsePasswordGrantTypeToGetAnAccessToken() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'password\' grant type to get an access token", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 24 +#line 25 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -168,58 +171,58 @@ public void UsePasswordGrantTypeToGetAnAccessToken() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table246 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table266 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table246.AddRow(new string[] { + table266.AddRow(new string[] { "client_id", "secondClient"}); - table246.AddRow(new string[] { + table266.AddRow(new string[] { "client_secret", "password"}); - table246.AddRow(new string[] { + table266.AddRow(new string[] { "scope", "firstScope"}); - table246.AddRow(new string[] { + table266.AddRow(new string[] { "grant_type", "password"}); - table246.AddRow(new string[] { + table266.AddRow(new string[] { "username", "user"}); - table246.AddRow(new string[] { + table266.AddRow(new string[] { "password", "password"}); -#line 25 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table246, "When "); +#line 26 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table266, "When "); #line hidden -#line 34 +#line 35 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 36 +#line 37 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 37 +#line 38 testRunner.And("JSON \'$.scope\'=\'firstScope\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 38 +#line 39 testRunner.And("JSON \'$.token_type\'=\'Bearer\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 39 +#line 40 testRunner.And("JSON \'$.expires_in\'=\'1800\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 40 +#line 41 testRunner.And("access_token audience contains \'firstClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 41 +#line 42 testRunner.And("access_token audience contains \'secondClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 42 +#line 43 testRunner.And("access_token scope contains \'firstScope\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 43 +#line 44 testRunner.And("access_token alg equals to \'RS256\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 44 +#line 45 testRunner.And("access_token kid equals to \'keyid\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -234,7 +237,7 @@ public void UseAuthorization_CodeGrantTypeToGetAnAccessToken() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'authorization_code\' grant type to get an access token", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 46 +#line 47 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -244,79 +247,79 @@ public void UseAuthorization_CodeGrantTypeToGetAnAccessToken() else { this.ScenarioStart(); -#line 47 +#line 48 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table247 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table267 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table247.AddRow(new string[] { + table267.AddRow(new string[] { "response_type", "code"}); - table247.AddRow(new string[] { + table267.AddRow(new string[] { "client_id", "thirdClient"}); - table247.AddRow(new string[] { + table267.AddRow(new string[] { "state", "state"}); - table247.AddRow(new string[] { + table267.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table247.AddRow(new string[] { + table267.AddRow(new string[] { "response_mode", "query"}); - table247.AddRow(new string[] { + table267.AddRow(new string[] { "scope", "secondScope"}); -#line 48 - testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table247, "When "); +#line 49 + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table267, "When "); #line hidden -#line 57 +#line 58 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 58 +#line 59 testRunner.And("extract parameter \'state\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table248 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table268 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table248.AddRow(new string[] { + table268.AddRow(new string[] { "client_id", "thirdClient"}); - table248.AddRow(new string[] { + table268.AddRow(new string[] { "client_secret", "password"}); - table248.AddRow(new string[] { + table268.AddRow(new string[] { "grant_type", "authorization_code"}); - table248.AddRow(new string[] { + table268.AddRow(new string[] { "code", "$code$"}); - table248.AddRow(new string[] { + table268.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); -#line 60 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table248, "And "); +#line 61 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table268, "And "); #line hidden -#line 68 +#line 69 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 70 +#line 71 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 71 +#line 72 testRunner.And("JSON \'$.scope\'=\'secondScope\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 72 +#line 73 testRunner.And("JSON \'$.token_type\'=\'Bearer\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 73 +#line 74 testRunner.And("JSON \'$.expires_in\'=\'1800\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 74 +#line 75 testRunner.And("parameter \'state\'=\'state\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 75 +#line 76 testRunner.And("access_token audience contains \'thirdClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -331,7 +334,7 @@ public void UseAuthorization_CodeGrantTypeToGetAnAccessTokenAndUsePAR() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'authorization_code\' grant type to get an access token and use PAR", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 77 +#line 78 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -341,97 +344,97 @@ public void UseAuthorization_CodeGrantTypeToGetAnAccessTokenAndUsePAR() else { this.ScenarioStart(); -#line 78 +#line 79 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table249 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table269 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table249.AddRow(new string[] { + table269.AddRow(new string[] { "response_type", "code"}); - table249.AddRow(new string[] { + table269.AddRow(new string[] { "client_id", "thirdClient"}); - table249.AddRow(new string[] { + table269.AddRow(new string[] { "state", "state"}); - table249.AddRow(new string[] { + table269.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table249.AddRow(new string[] { + table269.AddRow(new string[] { "response_mode", "query"}); - table249.AddRow(new string[] { + table269.AddRow(new string[] { "scope", "secondScope"}); -#line 79 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table249, "When "); +#line 80 + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table269, "When "); #line hidden -#line 88 +#line 89 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 89 +#line 90 testRunner.And("extract parameter \'request_uri\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table250 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table270 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table250.AddRow(new string[] { + table270.AddRow(new string[] { "client_id", "thirdClient"}); - table250.AddRow(new string[] { + table270.AddRow(new string[] { "request_uri", "$request_uri$"}); -#line 91 - testRunner.And("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table250, "And "); +#line 92 + testRunner.And("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table270, "And "); #line hidden -#line 96 +#line 97 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 97 +#line 98 testRunner.And("extract parameter \'state\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table251 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table271 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table251.AddRow(new string[] { + table271.AddRow(new string[] { "client_id", "thirdClient"}); - table251.AddRow(new string[] { + table271.AddRow(new string[] { "client_secret", "password"}); - table251.AddRow(new string[] { + table271.AddRow(new string[] { "grant_type", "authorization_code"}); - table251.AddRow(new string[] { + table271.AddRow(new string[] { "code", "$code$"}); - table251.AddRow(new string[] { + table271.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); -#line 99 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table251, "And "); +#line 100 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table271, "And "); #line hidden -#line 107 +#line 108 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 109 +#line 110 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 110 +#line 111 testRunner.And("JSON \'$.scope\'=\'secondScope\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 111 +#line 112 testRunner.And("JSON \'$.token_type\'=\'Bearer\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 112 +#line 113 testRunner.And("JSON \'$.expires_in\'=\'1800\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 113 +#line 114 testRunner.And("parameter \'state\'=\'state\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 114 +#line 115 testRunner.And("access_token audience contains \'thirdClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -446,7 +449,7 @@ public void UseAuthorization_CodeGrantTypeToGetAnAccessTokenAndUsePARAndRAR() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'authorization_code\' grant type to get an access token and use PAR and RAR", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 116 +#line 117 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -456,98 +459,98 @@ public void UseAuthorization_CodeGrantTypeToGetAnAccessTokenAndUsePARAndRAR() else { this.ScenarioStart(); -#line 117 +#line 118 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table252 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table272 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table252.AddRow(new string[] { + table272.AddRow(new string[] { "response_type", "code token"}); - table252.AddRow(new string[] { + table272.AddRow(new string[] { "client_id", "fiftyFiveClient"}); - table252.AddRow(new string[] { + table272.AddRow(new string[] { "state", "state"}); - table252.AddRow(new string[] { + table272.AddRow(new string[] { "response_mode", "query"}); - table252.AddRow(new string[] { + table272.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table252.AddRow(new string[] { + table272.AddRow(new string[] { "nonce", "nonce"}); - table252.AddRow(new string[] { + table272.AddRow(new string[] { "authorization_details", "{ \"type\" : \"secondDetails\", \"locations\": [ \"https://cal.example.com\" ], \"actions\"" + ": [ \"read\" ] }"}); -#line 118 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table252, "When "); +#line 119 + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table272, "When "); #line hidden -#line 128 +#line 129 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 129 +#line 130 testRunner.And("extract parameter \'request_uri\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table253 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table273 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table253.AddRow(new string[] { + table273.AddRow(new string[] { "client_id", "fiftyFiveClient"}); - table253.AddRow(new string[] { + table273.AddRow(new string[] { "request_uri", "$request_uri$"}); -#line 131 - testRunner.And("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table253, "And "); +#line 132 + testRunner.And("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table273, "And "); #line hidden -#line 136 +#line 137 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 137 +#line 138 testRunner.And("extract parameter \'state\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table254 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table274 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table254.AddRow(new string[] { + table274.AddRow(new string[] { "client_id", "fiftyFiveClient"}); - table254.AddRow(new string[] { + table274.AddRow(new string[] { "client_secret", "password"}); - table254.AddRow(new string[] { + table274.AddRow(new string[] { "grant_type", "authorization_code"}); - table254.AddRow(new string[] { + table274.AddRow(new string[] { "code", "$code$"}); - table254.AddRow(new string[] { + table274.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); -#line 139 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table254, "And "); +#line 140 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table274, "And "); #line hidden -#line 147 +#line 148 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 148 +#line 149 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 149 +#line 150 testRunner.And("extract payload from JWT \'$access_token$\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 151 +#line 152 testRunner.Then("JWT has authorization_details type \'secondDetails\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 152 +#line 153 testRunner.And("JWT has authorization_details action \'read\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 153 +#line 154 testRunner.And("access_token audience contains \'fiftyFiveClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -562,7 +565,7 @@ public void UseRefresh_TokenGrantTypeToGetAnAccessToken() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'refresh_token\' grant type to get an access token", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 155 +#line 156 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -572,64 +575,64 @@ public void UseRefresh_TokenGrantTypeToGetAnAccessToken() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table255 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table275 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table255.AddRow(new string[] { + table275.AddRow(new string[] { "grant_type", "client_credentials"}); - table255.AddRow(new string[] { + table275.AddRow(new string[] { "scope", "secondScope"}); - table255.AddRow(new string[] { + table275.AddRow(new string[] { "client_id", "sixClient"}); - table255.AddRow(new string[] { + table275.AddRow(new string[] { "client_secret", "password"}); -#line 156 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table255, "When "); +#line 157 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table275, "When "); #line hidden -#line 163 +#line 164 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 164 +#line 165 testRunner.And("extract parameter \'$.refresh_token\' from JSON body into \'refreshToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table256 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table276 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table256.AddRow(new string[] { + table276.AddRow(new string[] { "grant_type", "refresh_token"}); - table256.AddRow(new string[] { + table276.AddRow(new string[] { "refresh_token", "$refreshToken$"}); - table256.AddRow(new string[] { + table276.AddRow(new string[] { "client_id", "sixClient"}); - table256.AddRow(new string[] { + table276.AddRow(new string[] { "client_secret", "password"}); -#line 166 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table256, "And "); +#line 167 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table276, "And "); #line hidden -#line 173 +#line 174 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 174 +#line 175 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 175 +#line 176 testRunner.And("JSON \'$.scope\'=\'secondScope\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 176 +#line 177 testRunner.And("JSON \'$.token_type\'=\'Bearer\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 177 +#line 178 testRunner.And("JSON \'$.expires_in\'=\'1800\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 178 +#line 179 testRunner.And("access_token audience contains \'sixClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -647,7 +650,7 @@ public void UseUrnOpenidParamsGrant_TypeCibaGrantTypeToGetAnIdentityTokenPOLLMod System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'urn:openid:params:grant-type:ciba\' grant type to get an identity token (POLL" + " mode)", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 180 +#line 181 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -657,88 +660,88 @@ public void UseUrnOpenidParamsGrant_TypeCibaGrantTypeToGetAnIdentityTokenPOLLMod else { this.ScenarioStart(); -#line 181 +#line 182 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table257 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table277 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table257.AddRow(new string[] { + table277.AddRow(new string[] { "sub", "user"}); -#line 182 - testRunner.And("build access_token and sign with the key \'keyid\'", ((string)(null)), table257, "And "); +#line 183 + testRunner.And("build access_token and sign with the key \'keyid\'", ((string)(null)), table277, "And "); #line hidden - TechTalk.SpecFlow.Table table258 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table278 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table258.AddRow(new string[] { + table278.AddRow(new string[] { "client_id", "fortyNineClient"}); - table258.AddRow(new string[] { + table278.AddRow(new string[] { "client_secret", "password"}); - table258.AddRow(new string[] { + table278.AddRow(new string[] { "scope", "admin calendar"}); - table258.AddRow(new string[] { + table278.AddRow(new string[] { "login_hint", "user"}); - table258.AddRow(new string[] { + table278.AddRow(new string[] { "user_code", "password"}); -#line 186 - testRunner.When("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table258, "When "); +#line 187 + testRunner.When("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table278, "When "); #line hidden -#line 194 +#line 195 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 195 +#line 196 testRunner.And("extract parameter \'auth_req_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table259 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table279 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table259.AddRow(new string[] { + table279.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table259.AddRow(new string[] { + table279.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); - table259.AddRow(new string[] { + table279.AddRow(new string[] { "action", "0"}); -#line 197 - testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table259, "And "); +#line 198 + testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table279, "And "); #line hidden - TechTalk.SpecFlow.Table table260 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table280 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table260.AddRow(new string[] { + table280.AddRow(new string[] { "grant_type", "urn:openid:params:grant-type:ciba"}); - table260.AddRow(new string[] { + table280.AddRow(new string[] { "client_id", "fortyNineClient"}); - table260.AddRow(new string[] { + table280.AddRow(new string[] { "client_secret", "password"}); - table260.AddRow(new string[] { + table280.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); -#line 203 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table260, "And "); +#line 204 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table280, "And "); #line hidden -#line 210 +#line 211 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 211 +#line 212 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 212 +#line 213 testRunner.And("JSON exists \'access_token\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 213 +#line 214 testRunner.And("access_token audience contains \'fortyNineClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -756,7 +759,7 @@ public void UseUrnOpenidParamsGrant_TypeCibaGrantTypeToGetAnIdentityTokenPUSHMod System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'urn:openid:params:grant-type:ciba\' grant type to get an identity token (PUSH" + " mode)", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 215 +#line 216 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -766,70 +769,70 @@ public void UseUrnOpenidParamsGrant_TypeCibaGrantTypeToGetAnIdentityTokenPUSHMod else { this.ScenarioStart(); -#line 216 +#line 217 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table261 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table281 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table261.AddRow(new string[] { + table281.AddRow(new string[] { "sub", "user"}); -#line 218 - testRunner.And("build access_token and sign with the key \'keyid\'", ((string)(null)), table261, "And "); +#line 219 + testRunner.And("build access_token and sign with the key \'keyid\'", ((string)(null)), table281, "And "); #line hidden - TechTalk.SpecFlow.Table table262 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table282 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table262.AddRow(new string[] { + table282.AddRow(new string[] { "client_id", "fiftyOneClient"}); - table262.AddRow(new string[] { + table282.AddRow(new string[] { "client_secret", "password"}); - table262.AddRow(new string[] { + table282.AddRow(new string[] { "scope", "admin calendar"}); - table262.AddRow(new string[] { + table282.AddRow(new string[] { "login_hint", "user"}); - table262.AddRow(new string[] { + table282.AddRow(new string[] { "user_code", "password"}); - table262.AddRow(new string[] { + table282.AddRow(new string[] { "client_notification_token", "04bcf708-dfba-4719-a3d3-b213322e2c38"}); -#line 222 - testRunner.When("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table262, "When "); +#line 223 + testRunner.When("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table282, "When "); #line hidden -#line 231 +#line 232 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 232 +#line 233 testRunner.And("extract parameter \'auth_req_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table263 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table283 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table263.AddRow(new string[] { + table283.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table263.AddRow(new string[] { + table283.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); - table263.AddRow(new string[] { + table283.AddRow(new string[] { "action", "0"}); -#line 234 - testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table263, "And "); +#line 235 + testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table283, "And "); #line hidden -#line 240 +#line 241 testRunner.And("polls until notification is received", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 242 +#line 243 testRunner.Then("JSON exists \'access_token\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 243 +#line 244 testRunner.And("access_token audience contains \'fiftyOneClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -847,7 +850,7 @@ public void UseUrnOpenidParamsGrant_TypeCibaGrantTypeToGetAnIdentityTokenPINGMod System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'urn:openid:params:grant-type:ciba\' grant type to get an identity token (PING" + " mode)", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 245 +#line 246 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -857,115 +860,115 @@ public void UseUrnOpenidParamsGrant_TypeCibaGrantTypeToGetAnIdentityTokenPINGMod else { this.ScenarioStart(); -#line 246 +#line 247 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table264 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table284 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table264.AddRow(new string[] { + table284.AddRow(new string[] { "response_type", "id_token token"}); - table264.AddRow(new string[] { + table284.AddRow(new string[] { "client_id", "fourteenClient"}); - table264.AddRow(new string[] { + table284.AddRow(new string[] { "state", "state"}); - table264.AddRow(new string[] { + table284.AddRow(new string[] { "response_mode", "query"}); - table264.AddRow(new string[] { + table284.AddRow(new string[] { "scope", "openid email role"}); - table264.AddRow(new string[] { + table284.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table264.AddRow(new string[] { + table284.AddRow(new string[] { "nonce", "nonce"}); -#line 248 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table264, "When "); +#line 249 + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table284, "When "); #line hidden -#line 258 +#line 259 testRunner.And("extract parameter \'access_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table265 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table285 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table265.AddRow(new string[] { + table285.AddRow(new string[] { "client_id", "fiftyTwoClient"}); - table265.AddRow(new string[] { + table285.AddRow(new string[] { "client_secret", "password"}); - table265.AddRow(new string[] { + table285.AddRow(new string[] { "scope", "admin calendar"}); - table265.AddRow(new string[] { + table285.AddRow(new string[] { "login_hint", "user"}); - table265.AddRow(new string[] { + table285.AddRow(new string[] { "user_code", "password"}); - table265.AddRow(new string[] { + table285.AddRow(new string[] { "client_notification_token", "04bcf708-dfba-4719-a3d3-b213322e2c38"}); -#line 260 - testRunner.And("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table265, "And "); +#line 261 + testRunner.And("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table285, "And "); #line hidden -#line 269 +#line 270 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 270 +#line 271 testRunner.And("extract parameter \'auth_req_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table266 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table286 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table266.AddRow(new string[] { + table286.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table266.AddRow(new string[] { + table286.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); - table266.AddRow(new string[] { + table286.AddRow(new string[] { "action", "0"}); -#line 272 - testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table266, "And "); +#line 273 + testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table286, "And "); #line hidden -#line 278 +#line 279 testRunner.And("polls until notification is received", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 279 +#line 280 testRunner.And("extract parameter \'auth_req_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table267 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table287 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table267.AddRow(new string[] { + table287.AddRow(new string[] { "grant_type", "urn:openid:params:grant-type:ciba"}); - table267.AddRow(new string[] { + table287.AddRow(new string[] { "client_id", "fiftyTwoClient"}); - table267.AddRow(new string[] { + table287.AddRow(new string[] { "client_secret", "password"}); - table267.AddRow(new string[] { + table287.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); -#line 281 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table267, "And "); +#line 282 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table287, "And "); #line hidden -#line 288 +#line 289 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 289 +#line 290 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 290 +#line 291 testRunner.And("JSON exists \'access_token\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -983,7 +986,7 @@ public void UseUrnIetfParamsOauthGrant_TypeUma_TicketGrantTypeToGetAnAccessToken System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'urn:ietf:params:oauth:grant-type:uma-ticket\' grant type to get an access tok" + "en", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 292 +#line 293 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -993,164 +996,164 @@ public void UseUrnIetfParamsOauthGrant_TypeUma_TicketGrantTypeToGetAnAccessToken else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table268 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table288 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table268.AddRow(new string[] { + table288.AddRow(new string[] { "sub", "user"}); - table268.AddRow(new string[] { + table288.AddRow(new string[] { "email", "user@hotmail.fr"}); -#line 293 - testRunner.Given("build JWS id_token_hint and sign with the key \'keyid\'", ((string)(null)), table268, "Given "); +#line 294 + testRunner.Given("build JWS id_token_hint and sign with the key \'keyid\'", ((string)(null)), table288, "Given "); #line hidden - TechTalk.SpecFlow.Table table269 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table289 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table269.AddRow(new string[] { + table289.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table269.AddRow(new string[] { + table289.AddRow(new string[] { "client_secret", "password"}); - table269.AddRow(new string[] { + table289.AddRow(new string[] { "scope", "uma_protection"}); - table269.AddRow(new string[] { + table289.AddRow(new string[] { "grant_type", "client_credentials"}); -#line 298 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table269, "When "); +#line 299 + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table289, "When "); #line hidden -#line 305 +#line 306 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 306 +#line 307 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table270 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table290 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table270.AddRow(new string[] { + table290.AddRow(new string[] { "resource_scopes", "[\"scope1\",\"scope2\"]"}); - table270.AddRow(new string[] { + table290.AddRow(new string[] { "subject", "user1"}); - table270.AddRow(new string[] { + table290.AddRow(new string[] { "icon_uri", "icon"}); - table270.AddRow(new string[] { + table290.AddRow(new string[] { "name#fr", "nom"}); - table270.AddRow(new string[] { + table290.AddRow(new string[] { "name#en", "name"}); - table270.AddRow(new string[] { + table290.AddRow(new string[] { "description#fr", "descriptionFR"}); - table270.AddRow(new string[] { + table290.AddRow(new string[] { "description#en", "descriptionEN"}); - table270.AddRow(new string[] { + table290.AddRow(new string[] { "type", "type"}); - table270.AddRow(new string[] { + table290.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); -#line 308 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table270, "And "); +#line 309 + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table290, "And "); #line hidden -#line 320 +#line 321 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 321 +#line 322 testRunner.And("extract parameter \'_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table271 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table291 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table271.AddRow(new string[] { + table291.AddRow(new string[] { "permissions", "[ { \"claims\": [ { \"name\": \"sub\", \"value\": \"user\" }, { \"name\": \"email\", \"value\": \"" + "user@hotmail.com\" } ], \"scopes\": [ \"scope1\", \"scope2\" ] } ]"}); - table271.AddRow(new string[] { + table291.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); -#line 323 - testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/$_id$/permissions\'", ((string)(null)), table271, "And "); +#line 324 + testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/$_id$/permissions\'", ((string)(null)), table291, "And "); #line hidden - TechTalk.SpecFlow.Table table272 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table292 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table272.AddRow(new string[] { + table292.AddRow(new string[] { "resource_id", "$_id$"}); - table272.AddRow(new string[] { + table292.AddRow(new string[] { "resource_scopes", "[\"scope1\",\"scope2\"]"}); - table272.AddRow(new string[] { + table292.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); -#line 328 - testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table272, "And "); +#line 329 + testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table292, "And "); #line hidden -#line 334 +#line 335 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 335 +#line 336 testRunner.And("extract parameter \'ticket\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table273 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table293 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table273.AddRow(new string[] { + table293.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table273.AddRow(new string[] { + table293.AddRow(new string[] { "client_secret", "password"}); - table273.AddRow(new string[] { + table293.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:uma-ticket"}); - table273.AddRow(new string[] { + table293.AddRow(new string[] { "ticket", "$ticket$"}); - table273.AddRow(new string[] { + table293.AddRow(new string[] { "claim_token", "$id_token_hint$"}); - table273.AddRow(new string[] { + table293.AddRow(new string[] { "claim_token_format", "http://openid.net/specs/openid-connect-core-1_0.html#IDToken"}); - table273.AddRow(new string[] { + table293.AddRow(new string[] { "scope", "scope1 scope2"}); -#line 337 - testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table273, "And "); +#line 338 + testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table293, "And "); #line hidden -#line 347 +#line 348 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 348 +#line 349 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 350 +#line 351 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 351 +#line 352 testRunner.And("JSON exists \'access_token\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 352 +#line 353 testRunner.And("JSON exists \'refresh_token\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 353 +#line 354 testRunner.And("access_token has permission to access to the resource id \'$_id$\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 354 +#line 355 testRunner.And("access_token has permission to access to the scope \'scope1\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 355 +#line 356 testRunner.And("access_token has permission to access to the scope \'scope2\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -1168,7 +1171,7 @@ public void UseUrnOpenidParamsGrant_TypeCibaGrantTypeToGetAnIdentityTokenPOLLMod System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'urn:openid:params:grant-type:ciba\' grant type to get an identity token (POLL" + " mode) with authorization_details", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 357 +#line 358 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -1178,116 +1181,116 @@ public void UseUrnOpenidParamsGrant_TypeCibaGrantTypeToGetAnIdentityTokenPOLLMod else { this.ScenarioStart(); -#line 358 +#line 359 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table274 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table294 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table274.AddRow(new string[] { + table294.AddRow(new string[] { "response_type", "id_token token"}); - table274.AddRow(new string[] { + table294.AddRow(new string[] { "client_id", "fourteenClient"}); - table274.AddRow(new string[] { + table294.AddRow(new string[] { "state", "state"}); - table274.AddRow(new string[] { + table294.AddRow(new string[] { "response_mode", "query"}); - table274.AddRow(new string[] { + table294.AddRow(new string[] { "scope", "openid email role"}); - table274.AddRow(new string[] { + table294.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table274.AddRow(new string[] { + table294.AddRow(new string[] { "nonce", "nonce"}); -#line 360 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table274, "When "); +#line 361 + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table294, "When "); #line hidden -#line 370 +#line 371 testRunner.And("extract parameter \'access_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table275 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table295 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table275.AddRow(new string[] { + table295.AddRow(new string[] { "client_id", "fortyNineClient"}); - table275.AddRow(new string[] { + table295.AddRow(new string[] { "client_secret", "password"}); - table275.AddRow(new string[] { + table295.AddRow(new string[] { "login_hint", "user"}); - table275.AddRow(new string[] { + table295.AddRow(new string[] { "user_code", "password"}); - table275.AddRow(new string[] { + table295.AddRow(new string[] { "authorization_details", "{ \"type\" : \"secondDetails\", \"locations\": [ \"https://cal.example.com\" ], \"actions\"" + ": [ \"read\" ] }"}); -#line 372 - testRunner.And("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table275, "And "); +#line 373 + testRunner.And("execute HTTP POST request \'https://localhost:8080/bc-authorize\'", ((string)(null)), table295, "And "); #line hidden -#line 380 +#line 381 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 381 +#line 382 testRunner.And("extract parameter \'auth_req_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table276 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table296 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table276.AddRow(new string[] { + table296.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table276.AddRow(new string[] { + table296.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); - table276.AddRow(new string[] { + table296.AddRow(new string[] { "action", "0"}); -#line 383 - testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table276, "And "); +#line 384 + testRunner.And("execute HTTP POST JSON request \'http://localhost/bc-callback\'", ((string)(null)), table296, "And "); #line hidden - TechTalk.SpecFlow.Table table277 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table297 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table277.AddRow(new string[] { + table297.AddRow(new string[] { "grant_type", "urn:openid:params:grant-type:ciba"}); - table277.AddRow(new string[] { + table297.AddRow(new string[] { "client_id", "fortyNineClient"}); - table277.AddRow(new string[] { + table297.AddRow(new string[] { "client_secret", "password"}); - table277.AddRow(new string[] { + table297.AddRow(new string[] { "auth_req_id", "$auth_req_id$"}); -#line 389 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table277, "And "); +#line 390 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table297, "And "); #line hidden -#line 396 +#line 397 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 397 +#line 398 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 398 +#line 399 testRunner.And("extract payload from JWT \'$access_token$\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 400 +#line 401 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 401 +#line 402 testRunner.And("JWT has authorization_details type \'secondDetails\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 402 +#line 403 testRunner.And("JWT has authorization_details action \'read\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -1305,7 +1308,7 @@ public void UseUrnIetfParamsOauthGrant_TypePre_Authorized_CodeGrantTypeToGetAnAc System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'urn:ietf:params:oauth:grant-type:pre-authorized_code\' grant type to get an a" + "ccess token with authorization details", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 404 +#line 405 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -1315,74 +1318,74 @@ public void UseUrnIetfParamsOauthGrant_TypePre_Authorized_CodeGrantTypeToGetAnAc else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table278 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table298 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table278.AddRow(new string[] { + table298.AddRow(new string[] { "sub", "otpUser"}); -#line 405 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table278, "Given "); +#line 406 + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table298, "Given "); #line hidden - TechTalk.SpecFlow.Table table279 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table299 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table279.AddRow(new string[] { + table299.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); - table279.AddRow(new string[] { + table299.AddRow(new string[] { "client_id", "seventyTwoClient"}); - table279.AddRow(new string[] { + table299.AddRow(new string[] { "client_secret", "password"}); - table279.AddRow(new string[] { + table299.AddRow(new string[] { "subject_token", "$access_token$"}); - table279.AddRow(new string[] { + table299.AddRow(new string[] { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token"}); - table279.AddRow(new string[] { + table299.AddRow(new string[] { "scope", "UniversityCredential"}); -#line 409 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table279, "When "); +#line 410 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table299, "When "); #line hidden -#line 418 +#line 419 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 419 +#line 420 testRunner.And("extract parameter \'$.pre-authorized_code\' from JSON body into \'preAuthorizedCode\'" + "", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table280 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table300 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table280.AddRow(new string[] { + table300.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:pre-authorized_code"}); - table280.AddRow(new string[] { + table300.AddRow(new string[] { "client_id", "seventyThreeClient"}); - table280.AddRow(new string[] { + table300.AddRow(new string[] { "client_secret", "password"}); - table280.AddRow(new string[] { + table300.AddRow(new string[] { "pre-authorized_code", "$preAuthorizedCode$"}); -#line 421 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table280, "And "); +#line 422 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table300, "And "); #line hidden -#line 428 +#line 429 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 429 +#line 430 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 430 +#line 431 testRunner.And("extract payload from JWT \'$access_token$\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 432 +#line 433 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden } @@ -1400,7 +1403,7 @@ public void UseUrnIetfParamsOauthGrant_TypeDevice_CodeGrantTypeToGetAnAccessToke System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'urn:ietf:params:oauth:grant-type:device_code\' grant type to get an access to" + "ken", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 434 +#line 435 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -1410,61 +1413,61 @@ public void UseUrnIetfParamsOauthGrant_TypeDevice_CodeGrantTypeToGetAnAccessToke else { this.ScenarioStart(); -#line 435 +#line 436 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table281 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table301 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table281.AddRow(new string[] { + table301.AddRow(new string[] { "client_id", "sixtyOneClient"}); - table281.AddRow(new string[] { + table301.AddRow(new string[] { "scope", "admin"}); -#line 437 - testRunner.When("execute HTTP POST request \'https://localhost:8080/device_authorization\'", ((string)(null)), table281, "When "); +#line 438 + testRunner.When("execute HTTP POST request \'https://localhost:8080/device_authorization\'", ((string)(null)), table301, "When "); #line hidden -#line 442 +#line 443 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 443 +#line 444 testRunner.And("extract parameter \'device_code\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 444 +#line 445 testRunner.And("extract parameter \'user_code\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table282 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table302 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table282.AddRow(new string[] { + table302.AddRow(new string[] { "UserCode", "$user_code$"}); -#line 446 - testRunner.And("execute HTTP POST request \'https://localhost:8080/Device\'", ((string)(null)), table282, "And "); +#line 447 + testRunner.And("execute HTTP POST request \'https://localhost:8080/Device\'", ((string)(null)), table302, "And "); #line hidden - TechTalk.SpecFlow.Table table283 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table303 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table283.AddRow(new string[] { + table303.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:device_code"}); - table283.AddRow(new string[] { + table303.AddRow(new string[] { "client_id", "sixtyOneClient"}); - table283.AddRow(new string[] { + table303.AddRow(new string[] { "client_secret", "password"}); - table283.AddRow(new string[] { + table303.AddRow(new string[] { "device_code", "$device_code$"}); -#line 450 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table283, "When "); +#line 451 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table303, "When "); #line hidden -#line 457 +#line 458 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 459 +#line 460 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden } @@ -1479,7 +1482,7 @@ public void UseClient_CredentialsGrantTypeAndDPoPToGetAnAccessToken() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'client_credentials\' grant type and DPoP to get an access token", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 461 +#line 462 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -1489,55 +1492,55 @@ public void UseClient_CredentialsGrantTypeAndDPoPToGetAnAccessToken() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table284 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table304 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table284.AddRow(new string[] { + table304.AddRow(new string[] { "htm", "POST"}); - table284.AddRow(new string[] { + table304.AddRow(new string[] { "htu", "https://localhost:8080/token"}); -#line 462 - testRunner.When("build DPoP proof", ((string)(null)), table284, "When "); +#line 463 + testRunner.When("build DPoP proof", ((string)(null)), table304, "When "); #line hidden - TechTalk.SpecFlow.Table table285 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table305 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table285.AddRow(new string[] { + table305.AddRow(new string[] { "client_id", "sixtyThreeClient"}); - table285.AddRow(new string[] { + table305.AddRow(new string[] { "client_secret", "password"}); - table285.AddRow(new string[] { + table305.AddRow(new string[] { "scope", "firstScope"}); - table285.AddRow(new string[] { + table305.AddRow(new string[] { "grant_type", "client_credentials"}); - table285.AddRow(new string[] { + table305.AddRow(new string[] { "DPoP", "$DPOP$"}); -#line 467 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table285, "And "); +#line 468 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table305, "And "); #line hidden -#line 475 +#line 476 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 477 +#line 478 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 478 +#line 479 testRunner.And("JSON \'$.scope\'=\'firstScope\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 479 +#line 480 testRunner.And("JSON \'$.token_type\'=\'DPoP\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 480 +#line 481 testRunner.And("JSON \'$.expires_in\'=\'1800\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 481 +#line 482 testRunner.And("access_token contains jkt", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -1552,7 +1555,7 @@ public void UseRefresh_TokenGrantTypeAndDPoPToGetAnAccessToken() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'refresh_token\' grant type and DPoP to get an access token", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 483 +#line 484 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -1562,82 +1565,82 @@ public void UseRefresh_TokenGrantTypeAndDPoPToGetAnAccessToken() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table286 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table306 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table286.AddRow(new string[] { + table306.AddRow(new string[] { "htm", "POST"}); - table286.AddRow(new string[] { + table306.AddRow(new string[] { "htu", "https://localhost:8080/token"}); -#line 484 - testRunner.When("build DPoP proof", ((string)(null)), table286, "When "); +#line 485 + testRunner.When("build DPoP proof", ((string)(null)), table306, "When "); #line hidden - TechTalk.SpecFlow.Table table287 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table307 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table287.AddRow(new string[] { + table307.AddRow(new string[] { "grant_type", "client_credentials"}); - table287.AddRow(new string[] { + table307.AddRow(new string[] { "scope", "firstScope"}); - table287.AddRow(new string[] { + table307.AddRow(new string[] { "client_id", "sixtyThreeClient"}); - table287.AddRow(new string[] { + table307.AddRow(new string[] { "client_secret", "password"}); - table287.AddRow(new string[] { + table307.AddRow(new string[] { "DPoP", "$DPOP$"}); -#line 489 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table287, "And "); +#line 490 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table307, "And "); #line hidden -#line 497 +#line 498 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 498 +#line 499 testRunner.And("extract parameter \'$.refresh_token\' from JSON body into \'refreshToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table288 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table308 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table288.AddRow(new string[] { + table308.AddRow(new string[] { "grant_type", "refresh_token"}); - table288.AddRow(new string[] { + table308.AddRow(new string[] { "refresh_token", "$refreshToken$"}); - table288.AddRow(new string[] { + table308.AddRow(new string[] { "client_id", "sixtyThreeClient"}); - table288.AddRow(new string[] { + table308.AddRow(new string[] { "client_secret", "password"}); - table288.AddRow(new string[] { + table308.AddRow(new string[] { "DPoP", "$DPOP$"}); -#line 500 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table288, "And "); +#line 501 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table308, "And "); #line hidden -#line 508 +#line 509 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 510 +#line 511 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 511 +#line 512 testRunner.And("JSON \'$.scope\'=\'firstScope\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 512 +#line 513 testRunner.And("JSON \'$.token_type\'=\'DPoP\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 513 +#line 514 testRunner.And("JSON \'$.expires_in\'=\'1800\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 514 +#line 515 testRunner.And("access_token contains jkt", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -1652,7 +1655,7 @@ public void UseAuthorization_CodeGrantTypeToGetAnAccessTokenAndUsePARAndDPoP() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'authorization_code\' grant type to get an access token and use PAR and DPoP", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 516 +#line 517 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -1662,157 +1665,157 @@ public void UseAuthorization_CodeGrantTypeToGetAnAccessTokenAndUsePARAndDPoP() else { this.ScenarioStart(); -#line 517 +#line 518 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden -#line 519 +#line 520 testRunner.When("build security key", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "When "); #line hidden - TechTalk.SpecFlow.Table table289 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table309 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table289.AddRow(new string[] { + table309.AddRow(new string[] { "response_type", "code"}); - table289.AddRow(new string[] { + table309.AddRow(new string[] { "client_id", "sixtyFiveClient"}); - table289.AddRow(new string[] { + table309.AddRow(new string[] { "state", "state"}); - table289.AddRow(new string[] { + table309.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table289.AddRow(new string[] { + table309.AddRow(new string[] { "response_mode", "query"}); - table289.AddRow(new string[] { + table309.AddRow(new string[] { "scope", "secondScope"}); - table289.AddRow(new string[] { + table309.AddRow(new string[] { "dpop_jkt", "$jkt$"}); -#line 521 - testRunner.And("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table289, "And "); +#line 522 + testRunner.And("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table309, "And "); #line hidden -#line 531 +#line 532 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 532 +#line 533 testRunner.And("extract parameter \'request_uri\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table290 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table310 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table290.AddRow(new string[] { + table310.AddRow(new string[] { "client_id", "sixtyFiveClient"}); - table290.AddRow(new string[] { + table310.AddRow(new string[] { "request_uri", "$request_uri$"}); -#line 534 - testRunner.And("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table290, "And "); +#line 535 + testRunner.And("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table310, "And "); #line hidden -#line 539 +#line 540 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 540 +#line 541 testRunner.And("extract parameter \'state\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table291 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table311 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table291.AddRow(new string[] { + table311.AddRow(new string[] { "htm", "POST"}); - table291.AddRow(new string[] { + table311.AddRow(new string[] { "htu", "https://localhost:8080/token"}); -#line 542 - testRunner.And("build DPoP proof", ((string)(null)), table291, "And "); +#line 543 + testRunner.And("build DPoP proof", ((string)(null)), table311, "And "); #line hidden - TechTalk.SpecFlow.Table table292 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table312 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table292.AddRow(new string[] { + table312.AddRow(new string[] { "client_id", "sixtyFiveClient"}); - table292.AddRow(new string[] { + table312.AddRow(new string[] { "client_secret", "password"}); - table292.AddRow(new string[] { + table312.AddRow(new string[] { "grant_type", "authorization_code"}); - table292.AddRow(new string[] { + table312.AddRow(new string[] { "code", "$code$"}); - table292.AddRow(new string[] { + table312.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table292.AddRow(new string[] { + table312.AddRow(new string[] { "DPoP", "$DPOP$"}); -#line 547 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table292, "And "); +#line 548 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table312, "And "); #line hidden -#line 556 +#line 557 testRunner.And("extract header \'DPoP-Nonce\' to \'nonce\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table293 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table313 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table293.AddRow(new string[] { + table313.AddRow(new string[] { "htm", "POST"}); - table293.AddRow(new string[] { + table313.AddRow(new string[] { "htu", "https://localhost:8080/token"}); - table293.AddRow(new string[] { + table313.AddRow(new string[] { "nonce", "$nonce$"}); -#line 558 - testRunner.And("build DPoP proof", ((string)(null)), table293, "And "); +#line 559 + testRunner.And("build DPoP proof", ((string)(null)), table313, "And "); #line hidden - TechTalk.SpecFlow.Table table294 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table314 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table294.AddRow(new string[] { + table314.AddRow(new string[] { "client_id", "sixtyFiveClient"}); - table294.AddRow(new string[] { + table314.AddRow(new string[] { "client_secret", "password"}); - table294.AddRow(new string[] { + table314.AddRow(new string[] { "grant_type", "authorization_code"}); - table294.AddRow(new string[] { + table314.AddRow(new string[] { "code", "$code$"}); - table294.AddRow(new string[] { + table314.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table294.AddRow(new string[] { + table314.AddRow(new string[] { "DPoP", "$DPOP$"}); -#line 564 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table294, "And "); +#line 565 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table314, "And "); #line hidden -#line 573 +#line 574 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 575 +#line 576 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 576 +#line 577 testRunner.And("JSON \'$.scope\'=\'secondScope\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 577 +#line 578 testRunner.And("JSON \'$.token_type\'=\'DPoP\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 578 +#line 579 testRunner.And("JSON \'$.expires_in\'=\'1800\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 579 +#line 580 testRunner.And("access_token contains jkt", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -1830,7 +1833,7 @@ public void UseUrnIetfParamsOauthGrant_TypeToken_ExchangeGrant_TypeAndImpersonat System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'urn:ietf:params:oauth:grant-type:token-exchange\' grant_type and impersonatio" + "n to get an access token", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 581 +#line 582 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -1840,49 +1843,49 @@ public void UseUrnIetfParamsOauthGrant_TypeToken_ExchangeGrant_TypeAndImpersonat else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table295 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table315 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table295.AddRow(new string[] { + table315.AddRow(new string[] { "client_id", "fortyFourClient"}); -#line 582 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table295, "Given "); +#line 583 + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table315, "Given "); #line hidden - TechTalk.SpecFlow.Table table296 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table316 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table296.AddRow(new string[] { + table316.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"}); - table296.AddRow(new string[] { + table316.AddRow(new string[] { "client_id", "sixtySixClient"}); - table296.AddRow(new string[] { + table316.AddRow(new string[] { "client_secret", "password"}); - table296.AddRow(new string[] { + table316.AddRow(new string[] { "subject_token", "$access_token$"}); - table296.AddRow(new string[] { + table316.AddRow(new string[] { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token"}); -#line 586 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table296, "When "); +#line 587 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table316, "When "); #line hidden -#line 593 +#line 594 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 595 +#line 596 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 596 +#line 597 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 597 +#line 598 testRunner.And("JSON \'$.issued_token_type\'=\'urn:ietf:params:oauth:token-type:access_token\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 598 +#line 599 testRunner.And("access_token contains the claim \'client_id\'=\'fortyFourClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -1900,7 +1903,7 @@ public void UseUrnIetfParamsOauthGrant_TypeToken_ExchangeGrant_TypeAndDelegation System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'urn:ietf:params:oauth:grant-type:token-exchange\' grant_type and delegation t" + "o get an access token", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 600 +#line 601 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -1910,52 +1913,52 @@ public void UseUrnIetfParamsOauthGrant_TypeToken_ExchangeGrant_TypeAndDelegation else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table297 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table317 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table297.AddRow(new string[] { + table317.AddRow(new string[] { "client_id", "fortyFourClient"}); -#line 601 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table297, "Given "); +#line 602 + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table317, "Given "); #line hidden - TechTalk.SpecFlow.Table table298 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table318 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table298.AddRow(new string[] { + table318.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"}); - table298.AddRow(new string[] { + table318.AddRow(new string[] { "client_id", "sixtySevenClient"}); - table298.AddRow(new string[] { + table318.AddRow(new string[] { "client_secret", "password"}); - table298.AddRow(new string[] { + table318.AddRow(new string[] { "subject_token", "$access_token$"}); - table298.AddRow(new string[] { + table318.AddRow(new string[] { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token"}); -#line 605 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table298, "When "); +#line 606 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table318, "When "); #line hidden -#line 612 +#line 613 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 614 +#line 615 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 615 +#line 616 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 616 +#line 617 testRunner.And("JSON \'$.issued_token_type\'=\'urn:ietf:params:oauth:token-type:access_token\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 617 +#line 618 testRunner.And("access_token contains the claim \'client_id\'=\'fortyFourClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 618 +#line 619 testRunner.And("access_token contains act \'sixtySevenClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -1973,7 +1976,7 @@ public void UseUrnIetfParamsOauthGrant_TypeToken_ExchangeGrant_TypeAndDelegation System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'urn:ietf:params:oauth:grant-type:token-exchange\' grant_type and delegation t" + "o get an access token with sub act", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 620 +#line 621 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -1983,79 +1986,79 @@ public void UseUrnIetfParamsOauthGrant_TypeToken_ExchangeGrant_TypeAndDelegation else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table299 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table319 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table299.AddRow(new string[] { + table319.AddRow(new string[] { "client_id", "fortyFourClient"}); -#line 621 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table299, "Given "); +#line 622 + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table319, "Given "); #line hidden - TechTalk.SpecFlow.Table table300 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table320 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table300.AddRow(new string[] { + table320.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"}); - table300.AddRow(new string[] { + table320.AddRow(new string[] { "client_id", "sixtySevenClient"}); - table300.AddRow(new string[] { + table320.AddRow(new string[] { "client_secret", "password"}); - table300.AddRow(new string[] { + table320.AddRow(new string[] { "subject_token", "$access_token$"}); - table300.AddRow(new string[] { + table320.AddRow(new string[] { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token"}); -#line 625 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table300, "When "); +#line 626 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table320, "When "); #line hidden -#line 633 +#line 634 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 634 +#line 635 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table301 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table321 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table301.AddRow(new string[] { + table321.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"}); - table301.AddRow(new string[] { + table321.AddRow(new string[] { "client_id", "sixtySevenClient"}); - table301.AddRow(new string[] { + table321.AddRow(new string[] { "client_secret", "password"}); - table301.AddRow(new string[] { + table321.AddRow(new string[] { "subject_token", "$access_token$"}); - table301.AddRow(new string[] { + table321.AddRow(new string[] { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token"}); -#line 636 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table301, "And "); +#line 637 + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table321, "And "); #line hidden -#line 644 +#line 645 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 645 +#line 646 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 646 +#line 647 testRunner.And("JSON \'$.issued_token_type\'=\'urn:ietf:params:oauth:token-type:access_token\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 647 +#line 648 testRunner.And("access_token contains the claim \'client_id\'=\'fortyFourClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 648 +#line 649 testRunner.And("access_token contains act \'sixtySevenClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 649 +#line 650 testRunner.And("access_token contains sub act \'sixtySevenClient\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -2073,7 +2076,7 @@ public void UseUrnIetfParamsOauthGrant_TypeExchange_Pre_Authorized_CodeGrant_Typ System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Use \'urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code\' grant-type to" + " get the pre-authorized code", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 651 +#line 652 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -2083,46 +2086,46 @@ public void UseUrnIetfParamsOauthGrant_TypeExchange_Pre_Authorized_CodeGrant_Typ else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table302 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table322 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table302.AddRow(new string[] { + table322.AddRow(new string[] { "sub", "otpUser"}); -#line 652 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table302, "Given "); +#line 653 + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table322, "Given "); #line hidden - TechTalk.SpecFlow.Table table303 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table323 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table303.AddRow(new string[] { + table323.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); - table303.AddRow(new string[] { + table323.AddRow(new string[] { "client_id", "seventyTwoClient"}); - table303.AddRow(new string[] { + table323.AddRow(new string[] { "client_secret", "password"}); - table303.AddRow(new string[] { + table323.AddRow(new string[] { "subject_token", "$access_token$"}); - table303.AddRow(new string[] { + table323.AddRow(new string[] { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token"}); - table303.AddRow(new string[] { + table323.AddRow(new string[] { "scope", "UniversityCredential"}); -#line 656 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table303, "When "); +#line 657 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table323, "When "); #line hidden -#line 665 +#line 666 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 666 +#line 667 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 667 +#line 668 testRunner.And("JSON exists \'$.pre-authorized_code\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/ImplicitGrantType.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/ImplicitGrantType.feature.cs index f0ad54f09..deebdf5ec 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/ImplicitGrantType.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/ImplicitGrantType.feature.cs @@ -102,32 +102,32 @@ public void NoAccessTokenIsIssuedThenResultingClaimsAreReturnedInTheIDToken() #line 5 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table304 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table324 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table304.AddRow(new string[] { + table324.AddRow(new string[] { "response_type", "id_token"}); - table304.AddRow(new string[] { + table324.AddRow(new string[] { "client_id", "fourteenClient"}); - table304.AddRow(new string[] { + table324.AddRow(new string[] { "state", "state"}); - table304.AddRow(new string[] { + table324.AddRow(new string[] { "response_mode", "query"}); - table304.AddRow(new string[] { + table324.AddRow(new string[] { "scope", "openid email role address"}); - table304.AddRow(new string[] { + table324.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table304.AddRow(new string[] { + table324.AddRow(new string[] { "nonce", "nonce"}); #line 6 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table304, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table324, "When "); #line hidden #line 16 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -211,35 +211,35 @@ public void DisplayParameterIsPassedInTheRedirectionUrl() #line 38 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table305 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table325 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table305.AddRow(new string[] { + table325.AddRow(new string[] { "response_type", "id_token"}); - table305.AddRow(new string[] { + table325.AddRow(new string[] { "client_id", "fourteenClient"}); - table305.AddRow(new string[] { + table325.AddRow(new string[] { "state", "state"}); - table305.AddRow(new string[] { + table325.AddRow(new string[] { "response_mode", "query"}); - table305.AddRow(new string[] { + table325.AddRow(new string[] { "scope", "openid email role"}); - table305.AddRow(new string[] { + table325.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table305.AddRow(new string[] { + table325.AddRow(new string[] { "nonce", "nonce"}); - table305.AddRow(new string[] { + table325.AddRow(new string[] { "display", "popup"}); #line 39 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table305, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table325, "When "); #line hidden #line 50 testRunner.Then("redirection url contains the parameter value \'display\'=\'popup\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); @@ -272,39 +272,39 @@ public void ScopesAdminAndCalendarAndValidAudiencesAreReturnedInTheAccessTokenWh #line 53 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table306 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table326 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table306.AddRow(new string[] { + table326.AddRow(new string[] { "response_type", "code token"}); - table306.AddRow(new string[] { + table326.AddRow(new string[] { "client_id", "fortySixClient"}); - table306.AddRow(new string[] { + table326.AddRow(new string[] { "state", "state"}); - table306.AddRow(new string[] { + table326.AddRow(new string[] { "response_mode", "query"}); - table306.AddRow(new string[] { + table326.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table306.AddRow(new string[] { + table326.AddRow(new string[] { "nonce", "nonce"}); - table306.AddRow(new string[] { + table326.AddRow(new string[] { "claims", "{ \"id_token\": { \"acr\": { \"essential\" : true, \"value\": \"urn:openbanking:psd2:ca\" }" + " } }"}); - table306.AddRow(new string[] { + table326.AddRow(new string[] { "resource", "https://cal.example.com"}); - table306.AddRow(new string[] { + table326.AddRow(new string[] { "resource", "https://contacts.example.com"}); #line 55 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table306, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table326, "When "); #line hidden #line 67 testRunner.And("extract parameter \'access_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -349,32 +349,32 @@ public void AuthorizationDetailsAreReturnedInTheAccessToken() #line 76 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table307 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table327 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table307.AddRow(new string[] { + table327.AddRow(new string[] { "response_type", "code token"}); - table307.AddRow(new string[] { + table327.AddRow(new string[] { "client_id", "fiftyFiveClient"}); - table307.AddRow(new string[] { + table327.AddRow(new string[] { "state", "state"}); - table307.AddRow(new string[] { + table327.AddRow(new string[] { "response_mode", "query"}); - table307.AddRow(new string[] { + table327.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table307.AddRow(new string[] { + table327.AddRow(new string[] { "nonce", "nonce"}); - table307.AddRow(new string[] { + table327.AddRow(new string[] { "authorization_details", "{ \"type\" : \"firstDetails\", \"actions\": [ \"read\" ] }"}); #line 78 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table307, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table327, "When "); #line hidden #line 88 testRunner.And("extract parameter \'access_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -413,32 +413,32 @@ public void RolesComingFromGroupAreReturned() #line 95 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table308 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table328 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table308.AddRow(new string[] { + table328.AddRow(new string[] { "response_type", "id_token"}); - table308.AddRow(new string[] { + table328.AddRow(new string[] { "client_id", "fiftySixClient"}); - table308.AddRow(new string[] { + table328.AddRow(new string[] { "state", "state"}); - table308.AddRow(new string[] { + table328.AddRow(new string[] { "response_mode", "query"}); - table308.AddRow(new string[] { + table328.AddRow(new string[] { "scope", "openid role"}); - table308.AddRow(new string[] { + table328.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table308.AddRow(new string[] { + table328.AddRow(new string[] { "nonce", "nonce"}); #line 96 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table308, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table328, "When "); #line hidden #line 106 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PasswordGrantTypeErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PasswordGrantTypeErrors.feature.cs index c74da1f41..64824e33e 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PasswordGrantTypeErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PasswordGrantTypeErrors.feature.cs @@ -98,14 +98,14 @@ public void SendGrant_TypePasswordWithNoUsernameParameter() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table309 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table329 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table309.AddRow(new string[] { + table329.AddRow(new string[] { "grant_type", "password"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table309, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table329, "When "); #line hidden #line 9 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -141,17 +141,17 @@ public void SendGrant_TypePasswordUsernameUserWithNoPasswordParameter() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table310 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table330 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table310.AddRow(new string[] { + table330.AddRow(new string[] { "grant_type", "password"}); - table310.AddRow(new string[] { + table330.AddRow(new string[] { "username", "user"}); #line 15 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table310, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table330, "When "); #line hidden #line 20 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -190,26 +190,26 @@ public void SendGrant_TypePasswordUsernameUserPasswordPwdClient_IdFirstClientCli else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table311 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table331 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table311.AddRow(new string[] { + table331.AddRow(new string[] { "grant_type", "password"}); - table311.AddRow(new string[] { + table331.AddRow(new string[] { "username", "user"}); - table311.AddRow(new string[] { + table331.AddRow(new string[] { "password", "pwd"}); - table311.AddRow(new string[] { + table331.AddRow(new string[] { "client_id", "firstClient"}); - table311.AddRow(new string[] { + table331.AddRow(new string[] { "client_secret", "password"}); #line 26 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table311, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table331, "When "); #line hidden #line 34 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -248,29 +248,29 @@ public void SendGrant_TypePasswordUsernameUserPasswordPwdClient_IdSecondClientCl else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table312 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table332 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table312.AddRow(new string[] { + table332.AddRow(new string[] { "grant_type", "password"}); - table312.AddRow(new string[] { + table332.AddRow(new string[] { "username", "user"}); - table312.AddRow(new string[] { + table332.AddRow(new string[] { "password", "pwd"}); - table312.AddRow(new string[] { + table332.AddRow(new string[] { "client_id", "secondClient"}); - table312.AddRow(new string[] { + table332.AddRow(new string[] { "client_secret", "password"}); - table312.AddRow(new string[] { + table332.AddRow(new string[] { "scope", "scope scope"}); #line 40 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table312, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table332, "When "); #line hidden #line 49 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -309,29 +309,29 @@ public void SendGrant_TypePasswordUsernameUserPasswordPwdClient_IdSecondClientCl else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table313 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table333 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table313.AddRow(new string[] { + table333.AddRow(new string[] { "grant_type", "password"}); - table313.AddRow(new string[] { + table333.AddRow(new string[] { "username", "user"}); - table313.AddRow(new string[] { + table333.AddRow(new string[] { "password", "pwd"}); - table313.AddRow(new string[] { + table333.AddRow(new string[] { "client_id", "secondClient"}); - table313.AddRow(new string[] { + table333.AddRow(new string[] { "client_secret", "password"}); - table313.AddRow(new string[] { + table333.AddRow(new string[] { "scope", "scope"}); #line 55 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table313, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table333, "When "); #line hidden #line 64 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -370,29 +370,29 @@ public void SendGrant_TypePasswordUsernameUserPasswordPwdClient_IdSecondClientCl else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table314 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table334 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table314.AddRow(new string[] { + table334.AddRow(new string[] { "grant_type", "password"}); - table314.AddRow(new string[] { + table334.AddRow(new string[] { "username", "badUser"}); - table314.AddRow(new string[] { + table334.AddRow(new string[] { "password", "badPwd"}); - table314.AddRow(new string[] { + table334.AddRow(new string[] { "client_id", "secondClient"}); - table314.AddRow(new string[] { + table334.AddRow(new string[] { "client_secret", "password"}); - table314.AddRow(new string[] { + table334.AddRow(new string[] { "scope", "firstScope"}); #line 70 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table314, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table334, "When "); #line hidden #line 79 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -431,29 +431,29 @@ public void SendGrant_TypePasswordUsernameUserPasswordPwdClient_IdSecondClientCl else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table315 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table335 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table315.AddRow(new string[] { + table335.AddRow(new string[] { "grant_type", "password"}); - table315.AddRow(new string[] { + table335.AddRow(new string[] { "username", "user"}); - table315.AddRow(new string[] { + table335.AddRow(new string[] { "password", "badPwd"}); - table315.AddRow(new string[] { + table335.AddRow(new string[] { "client_id", "secondClient"}); - table315.AddRow(new string[] { + table335.AddRow(new string[] { "client_secret", "password"}); - table315.AddRow(new string[] { + table335.AddRow(new string[] { "scope", "firstScope"}); #line 85 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table315, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table335, "When "); #line hidden #line 94 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PreAuthorizedCodeErrors.feature b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PreAuthorizedCodeErrors.feature index a1e22a4be..df86714b9 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PreAuthorizedCodeErrors.feature +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PreAuthorizedCodeErrors.feature @@ -1,16 +1,6 @@ Feature: PreAuthorizedCodeErrors Check errors returned when using 'urn:ietf:params:oauth:grant-type:pre-authorized_code' grant-type -Scenario: client_id is required - When execute HTTP POST request 'https://localhost:8080/token' - | Key | Value | - | grant_type | urn:ietf:params:oauth:grant-type:pre-authorized_code | - - And extract JSON from body - Then HTTP status code equals to '400' - And JSON '$.error'='invalid_client' - And JSON '$.error_description'='missing client_id' - Scenario: client must exists When execute HTTP POST request 'https://localhost:8080/token' | Key | Value | diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PreAuthorizedCodeErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PreAuthorizedCodeErrors.feature.cs index 6784c7307..c440a06e1 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PreAuthorizedCodeErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/PreAuthorizedCodeErrors.feature.cs @@ -81,49 +81,6 @@ void System.IDisposable.Dispose() this.TestTearDown(); } - [Xunit.SkippableFactAttribute(DisplayName="client_id is required")] - [Xunit.TraitAttribute("FeatureTitle", "PreAuthorizedCodeErrors")] - [Xunit.TraitAttribute("Description", "client_id is required")] - public void Client_IdIsRequired() - { - string[] tagsOfScenario = ((string[])(null)); - System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); - TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("client_id is required", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 4 -this.ScenarioInitialize(scenarioInfo); -#line hidden - if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) - { - testRunner.SkipScenario(); - } - else - { - this.ScenarioStart(); - TechTalk.SpecFlow.Table table316 = new TechTalk.SpecFlow.Table(new string[] { - "Key", - "Value"}); - table316.AddRow(new string[] { - "grant_type", - "urn:ietf:params:oauth:grant-type:pre-authorized_code"}); -#line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table316, "When "); -#line hidden -#line 9 - testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); -#line hidden -#line 10 - testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); -#line hidden -#line 11 - testRunner.And("JSON \'$.error\'=\'invalid_client\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); -#line hidden -#line 12 - testRunner.And("JSON \'$.error_description\'=\'missing client_id\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); -#line hidden - } - this.ScenarioCleanup(); - } - [Xunit.SkippableFactAttribute(DisplayName="client must exists")] [Xunit.TraitAttribute("FeatureTitle", "PreAuthorizedCodeErrors")] [Xunit.TraitAttribute("Description", "client must exists")] @@ -132,7 +89,7 @@ public void ClientMustExists() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("client must exists", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 14 +#line 4 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -142,28 +99,28 @@ public void ClientMustExists() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table317 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table336 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table317.AddRow(new string[] { + table336.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:pre-authorized_code"}); - table317.AddRow(new string[] { + table336.AddRow(new string[] { "client_id", "invalid"}); -#line 15 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table317, "When "); +#line 5 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table336, "When "); #line hidden -#line 20 +#line 10 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 21 +#line 11 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 22 +#line 12 testRunner.And("JSON \'$.error\'=\'invalid_client\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 23 +#line 13 testRunner.And("JSON \'$.error_description\'=\'unknown client invalid\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -178,7 +135,7 @@ public void ClientMustSupportsTheGrant_Type() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("client must supports the grant-type", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 25 +#line 15 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -188,31 +145,31 @@ public void ClientMustSupportsTheGrant_Type() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table318 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table337 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table318.AddRow(new string[] { + table337.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:pre-authorized_code"}); - table318.AddRow(new string[] { + table337.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table318.AddRow(new string[] { + table337.AddRow(new string[] { "client_secret", "password"}); -#line 26 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table318, "When "); +#line 16 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table337, "When "); #line hidden -#line 32 +#line 22 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 33 +#line 23 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 34 +#line 24 testRunner.And("JSON \'$.error\'=\'invalid_client\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 35 +#line 25 testRunner.And("JSON \'$.error_description\'=\'grant type urn:ietf:params:oauth:grant-type:pre-autho" + "rized_code is not supported by the client\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden @@ -228,7 +185,7 @@ public void Pre_AuthorizedCodeIsRequired() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("pre-authorized code is required", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 37 +#line 27 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -238,31 +195,31 @@ public void Pre_AuthorizedCodeIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table319 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table338 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table319.AddRow(new string[] { + table338.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:pre-authorized_code"}); - table319.AddRow(new string[] { + table338.AddRow(new string[] { "client_id", "fiftyNineClient"}); - table319.AddRow(new string[] { + table338.AddRow(new string[] { "client_secret", "password"}); -#line 38 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table319, "When "); +#line 28 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table338, "When "); #line hidden -#line 44 +#line 34 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 45 +#line 35 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 46 +#line 36 testRunner.And("JSON \'$.error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 47 +#line 37 testRunner.And("JSON \'$.error_description\'=\'missing parameter pre-authorized_code\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -277,7 +234,7 @@ public void TransactionCodeIsRequired() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("transaction code is required", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 49 +#line 39 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -287,34 +244,34 @@ public void TransactionCodeIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table320 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table339 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table320.AddRow(new string[] { + table339.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:pre-authorized_code"}); - table320.AddRow(new string[] { + table339.AddRow(new string[] { "client_id", "sixtyClient"}); - table320.AddRow(new string[] { + table339.AddRow(new string[] { "client_secret", "password"}); - table320.AddRow(new string[] { + table339.AddRow(new string[] { "pre-authorized_code", "code"}); -#line 50 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table320, "When "); +#line 40 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table339, "When "); #line hidden -#line 57 +#line 47 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 58 +#line 48 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 59 +#line 49 testRunner.And("JSON \'$.error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 60 +#line 50 testRunner.And("JSON \'$.error_description\'=\'missing parameter tx_code\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden } @@ -329,7 +286,7 @@ public void Pre_AuthorizedMustExists() string[] tagsOfScenario = ((string[])(null)); System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("pre-authorized must exists", null, tagsOfScenario, argumentsOfScenario, featureTags); -#line 62 +#line 52 this.ScenarioInitialize(scenarioInfo); #line hidden if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) @@ -339,34 +296,34 @@ public void Pre_AuthorizedMustExists() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table321 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table340 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table321.AddRow(new string[] { + table340.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:pre-authorized_code"}); - table321.AddRow(new string[] { + table340.AddRow(new string[] { "client_id", "fiftyNineClient"}); - table321.AddRow(new string[] { + table340.AddRow(new string[] { "client_secret", "password"}); - table321.AddRow(new string[] { + table340.AddRow(new string[] { "pre-authorized_code", "code"}); -#line 63 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table321, "When "); +#line 53 + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table340, "When "); #line hidden -#line 70 +#line 60 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 71 +#line 61 testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); #line hidden -#line 72 +#line 62 testRunner.And("JSON \'$.error\'=\'invalid_grant\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden -#line 73 +#line 63 testRunner.And("JSON \'$.error_description\'=\'either the pre-authorized code has expired or is inva" + "lid\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/RefreshTokenGrantType.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/RefreshTokenGrantType.feature.cs index e54cf2184..615a51ae2 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/RefreshTokenGrantType.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/RefreshTokenGrantType.feature.cs @@ -101,59 +101,59 @@ public void ParameterResourceAndScopeAreAlwaysComingFromTheOriginalRequest() #line 5 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table322 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table341 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table322.AddRow(new string[] { + table341.AddRow(new string[] { "response_type", "code"}); - table322.AddRow(new string[] { + table341.AddRow(new string[] { "client_id", "fortySixClient"}); - table322.AddRow(new string[] { + table341.AddRow(new string[] { "state", "state"}); - table322.AddRow(new string[] { + table341.AddRow(new string[] { "response_mode", "query"}); - table322.AddRow(new string[] { + table341.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table322.AddRow(new string[] { + table341.AddRow(new string[] { "nonce", "nonce"}); - table322.AddRow(new string[] { + table341.AddRow(new string[] { "resource", "https://cal.example.com"}); - table322.AddRow(new string[] { + table341.AddRow(new string[] { "scope", "offline_access"}); #line 6 - testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table322, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table341, "When "); #line hidden #line 17 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table323 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table342 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table323.AddRow(new string[] { + table342.AddRow(new string[] { "client_id", "fortySixClient"}); - table323.AddRow(new string[] { + table342.AddRow(new string[] { "client_secret", "password"}); - table323.AddRow(new string[] { + table342.AddRow(new string[] { "grant_type", "authorization_code"}); - table323.AddRow(new string[] { + table342.AddRow(new string[] { "code", "$code$"}); - table323.AddRow(new string[] { + table342.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 19 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table323, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table342, "And "); #line hidden #line 27 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -161,23 +161,23 @@ public void ParameterResourceAndScopeAreAlwaysComingFromTheOriginalRequest() #line 28 testRunner.And("extract parameter \'$.refresh_token\' from JSON body into \'refreshToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table324 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table343 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table324.AddRow(new string[] { + table343.AddRow(new string[] { "client_id", "fortySixClient"}); - table324.AddRow(new string[] { + table343.AddRow(new string[] { "client_secret", "password"}); - table324.AddRow(new string[] { + table343.AddRow(new string[] { "grant_type", "refresh_token"}); - table324.AddRow(new string[] { + table343.AddRow(new string[] { "refresh_token", "$refreshToken$"}); #line 30 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table324, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table343, "And "); #line hidden #line 37 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/RefreshTokenGrantTypeErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/RefreshTokenGrantTypeErrors.feature.cs index b731e128e..36e04fbfe 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/RefreshTokenGrantTypeErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/RefreshTokenGrantTypeErrors.feature.cs @@ -98,14 +98,14 @@ public void SendGrant_TypeRefresh_TokenWithNoRefresh_TokenParameter() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table325 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table344 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table325.AddRow(new string[] { + table344.AddRow(new string[] { "grant_type", "refresh_token"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table325, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table344, "When "); #line hidden #line 9 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -141,17 +141,17 @@ public void SendGrant_TypeRefresh_TokenRefresh_TokenRtWithNoClient_Id() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table326 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table345 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table326.AddRow(new string[] { + table345.AddRow(new string[] { "grant_type", "refresh_token"}); - table326.AddRow(new string[] { + table345.AddRow(new string[] { "refresh_token", "rt"}); #line 15 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table326, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table345, "When "); #line hidden #line 20 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -187,20 +187,20 @@ public void SendGrant_TypeRefresh_TokenRefresh_TokenRtWithInvalidClient_Id() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table327 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table346 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table327.AddRow(new string[] { + table346.AddRow(new string[] { "grant_type", "refresh_token"}); - table327.AddRow(new string[] { + table346.AddRow(new string[] { "refresh_token", "rt"}); - table327.AddRow(new string[] { + table346.AddRow(new string[] { "client_id", "c"}); #line 26 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table327, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table346, "When "); #line hidden #line 32 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -239,20 +239,20 @@ public void SendGrant_TypeRefresh_TokenRefresh_TokenRtClient_IdFirstClientWithNo else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table328 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table347 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table328.AddRow(new string[] { + table347.AddRow(new string[] { "grant_type", "refresh_token"}); - table328.AddRow(new string[] { + table347.AddRow(new string[] { "refresh_token", "rt"}); - table328.AddRow(new string[] { + table347.AddRow(new string[] { "client_id", "firstClient"}); #line 38 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table328, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table347, "When "); #line hidden #line 44 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -291,23 +291,23 @@ public void SendGrant_TypeRefresh_TokenRefresh_TokenRtClient_IdFirstClientClient else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table329 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table348 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table329.AddRow(new string[] { + table348.AddRow(new string[] { "grant_type", "refresh_token"}); - table329.AddRow(new string[] { + table348.AddRow(new string[] { "refresh_token", "rt"}); - table329.AddRow(new string[] { + table348.AddRow(new string[] { "client_id", "firstClient"}); - table329.AddRow(new string[] { + table348.AddRow(new string[] { "client_secret", "bad"}); #line 50 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table329, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table348, "When "); #line hidden #line 57 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -346,23 +346,23 @@ public void SendGrant_TypeRefresh_TokenRefresh_TokenRtClient_IdFirstClientClient else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table330 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table349 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table330.AddRow(new string[] { + table349.AddRow(new string[] { "grant_type", "refresh_token"}); - table330.AddRow(new string[] { + table349.AddRow(new string[] { "refresh_token", "rt"}); - table330.AddRow(new string[] { + table349.AddRow(new string[] { "client_id", "firstClient"}); - table330.AddRow(new string[] { + table349.AddRow(new string[] { "client_secret", "password"}); #line 63 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table330, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table349, "When "); #line hidden #line 70 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -402,23 +402,23 @@ public void SendGrant_TypeRefresh_TokenRefresh_TokenRtClient_IdFifthClientClient else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table331 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table350 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table331.AddRow(new string[] { + table350.AddRow(new string[] { "grant_type", "refresh_token"}); - table331.AddRow(new string[] { + table350.AddRow(new string[] { "refresh_token", "rt"}); - table331.AddRow(new string[] { + table350.AddRow(new string[] { "client_id", "fifthClient"}); - table331.AddRow(new string[] { + table350.AddRow(new string[] { "client_secret", "password"}); #line 76 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table331, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table350, "When "); #line hidden #line 83 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -457,23 +457,23 @@ public void SendGrant_TypeRefresh_TokenRefresh_TokenRefreshtokenClient_IdFifthCl else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table332 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table351 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table332.AddRow(new string[] { + table351.AddRow(new string[] { "grant_type", "client_credentials"}); - table332.AddRow(new string[] { + table351.AddRow(new string[] { "scope", "secondScope"}); - table332.AddRow(new string[] { + table351.AddRow(new string[] { "client_id", "fifthClient"}); - table332.AddRow(new string[] { + table351.AddRow(new string[] { "client_secret", "password"}); #line 89 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table332, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table351, "When "); #line hidden #line 96 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -481,23 +481,23 @@ public void SendGrant_TypeRefresh_TokenRefresh_TokenRefreshtokenClient_IdFifthCl #line 97 testRunner.And("extract parameter \'$.refresh_token\' from JSON body into \'refreshToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table333 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table352 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table333.AddRow(new string[] { + table352.AddRow(new string[] { "grant_type", "refresh_token"}); - table333.AddRow(new string[] { + table352.AddRow(new string[] { "refresh_token", "$refreshToken$"}); - table333.AddRow(new string[] { + table352.AddRow(new string[] { "client_id", "fifthClient"}); - table333.AddRow(new string[] { + table352.AddRow(new string[] { "client_secret", "password"}); #line 99 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table333, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table352, "And "); #line hidden #line 106 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -533,50 +533,50 @@ public void DPoPMustBeBoundToTheAccessToken() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table334 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table353 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table334.AddRow(new string[] { + table353.AddRow(new string[] { "htm", "POST"}); - table334.AddRow(new string[] { + table353.AddRow(new string[] { "htu", "https://localhost:8080/token"}); #line 112 - testRunner.When("build DPoP proof", ((string)(null)), table334, "When "); + testRunner.When("build DPoP proof", ((string)(null)), table353, "When "); #line hidden - TechTalk.SpecFlow.Table table335 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table354 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table335.AddRow(new string[] { + table354.AddRow(new string[] { "htm", "POST"}); - table335.AddRow(new string[] { + table354.AddRow(new string[] { "htu", "https://localhost:8080/token"}); #line 117 - testRunner.And("build DPoP proof and store into \'DPOP2\'", ((string)(null)), table335, "And "); + testRunner.And("build DPoP proof and store into \'DPOP2\'", ((string)(null)), table354, "And "); #line hidden - TechTalk.SpecFlow.Table table336 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table355 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table336.AddRow(new string[] { + table355.AddRow(new string[] { "grant_type", "client_credentials"}); - table336.AddRow(new string[] { + table355.AddRow(new string[] { "scope", "firstScope"}); - table336.AddRow(new string[] { + table355.AddRow(new string[] { "client_id", "sixtyThreeClient"}); - table336.AddRow(new string[] { + table355.AddRow(new string[] { "client_secret", "password"}); - table336.AddRow(new string[] { + table355.AddRow(new string[] { "DPoP", "$DPOP$"}); #line 122 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table336, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table355, "And "); #line hidden #line 130 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -584,26 +584,26 @@ public void DPoPMustBeBoundToTheAccessToken() #line 131 testRunner.And("extract parameter \'$.refresh_token\' from JSON body into \'refreshToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table337 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table356 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table337.AddRow(new string[] { + table356.AddRow(new string[] { "grant_type", "refresh_token"}); - table337.AddRow(new string[] { + table356.AddRow(new string[] { "refresh_token", "$refreshToken$"}); - table337.AddRow(new string[] { + table356.AddRow(new string[] { "client_id", "sixtyThreeClient"}); - table337.AddRow(new string[] { + table356.AddRow(new string[] { "client_secret", "password"}); - table337.AddRow(new string[] { + table356.AddRow(new string[] { "DPoP", "$DPOP2$"}); #line 133 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table337, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table356, "And "); #line hidden #line 141 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/TokenExchangeGrantTypeErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/TokenExchangeGrantTypeErrors.feature.cs index ba3bebc6d..f9e089520 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/TokenExchangeGrantTypeErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/TokenExchangeGrantTypeErrors.feature.cs @@ -99,20 +99,20 @@ public void ParameterSubject_TokenIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table338 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table357 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table338.AddRow(new string[] { + table357.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"}); - table338.AddRow(new string[] { + table357.AddRow(new string[] { "client_id", "sixtySixClient"}); - table338.AddRow(new string[] { + table357.AddRow(new string[] { "client_secret", "password"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table338, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table357, "When "); #line hidden #line 11 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -148,23 +148,23 @@ public void ParameterSubject_Token_TypeIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table339 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table358 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table339.AddRow(new string[] { + table358.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"}); - table339.AddRow(new string[] { + table358.AddRow(new string[] { "client_id", "sixtySixClient"}); - table339.AddRow(new string[] { + table358.AddRow(new string[] { "client_secret", "password"}); - table339.AddRow(new string[] { + table358.AddRow(new string[] { "subject_token", "subject"}); #line 17 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table339, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table358, "When "); #line hidden #line 24 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -200,26 +200,26 @@ public void ParameterSubject_Token_TypeIsNotRecognized() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table340 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table359 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table340.AddRow(new string[] { + table359.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"}); - table340.AddRow(new string[] { + table359.AddRow(new string[] { "client_id", "sixtySixClient"}); - table340.AddRow(new string[] { + table359.AddRow(new string[] { "client_secret", "password"}); - table340.AddRow(new string[] { + table359.AddRow(new string[] { "subject_token", "subject"}); - table340.AddRow(new string[] { + table359.AddRow(new string[] { "subject_token_type", "tokentype"}); #line 30 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table340, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table359, "When "); #line hidden #line 38 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -255,29 +255,29 @@ public void ParameterRequested_Token_TypeIsNotRecognized() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table341 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table360 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table341.AddRow(new string[] { + table360.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"}); - table341.AddRow(new string[] { + table360.AddRow(new string[] { "client_id", "sixtySixClient"}); - table341.AddRow(new string[] { + table360.AddRow(new string[] { "client_secret", "password"}); - table341.AddRow(new string[] { + table360.AddRow(new string[] { "subject_token", "subject"}); - table341.AddRow(new string[] { + table360.AddRow(new string[] { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token"}); - table341.AddRow(new string[] { + table360.AddRow(new string[] { "requested_token_type", "invalid"}); #line 44 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table341, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table360, "When "); #line hidden #line 53 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -313,35 +313,35 @@ public void SubjectCannotBeExtractedFromTheSubject_Token() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table342 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table361 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table342.AddRow(new string[] { + table361.AddRow(new string[] { "key", "value"}); #line 59 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table342, "Given "); + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table361, "Given "); #line hidden - TechTalk.SpecFlow.Table table343 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table362 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table343.AddRow(new string[] { + table362.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"}); - table343.AddRow(new string[] { + table362.AddRow(new string[] { "client_id", "sixtySixClient"}); - table343.AddRow(new string[] { + table362.AddRow(new string[] { "client_secret", "password"}); - table343.AddRow(new string[] { + table362.AddRow(new string[] { "subject_token", "$access_token$"}); - table343.AddRow(new string[] { + table362.AddRow(new string[] { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token"}); #line 63 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table343, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table362, "When "); #line hidden #line 71 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -378,38 +378,38 @@ public void TheParameterActor_Subject_TypeIsNotRecognized() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table344 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table363 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table344.AddRow(new string[] { + table363.AddRow(new string[] { "client_id", "clientId"}); #line 77 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table344, "Given "); + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table363, "Given "); #line hidden - TechTalk.SpecFlow.Table table345 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table364 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table345.AddRow(new string[] { + table364.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"}); - table345.AddRow(new string[] { + table364.AddRow(new string[] { "client_id", "sixtySixClient"}); - table345.AddRow(new string[] { + table364.AddRow(new string[] { "client_secret", "password"}); - table345.AddRow(new string[] { + table364.AddRow(new string[] { "subject_token", "$access_token$"}); - table345.AddRow(new string[] { + table364.AddRow(new string[] { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token"}); - table345.AddRow(new string[] { + table364.AddRow(new string[] { "actor_token_type", "invalid"}); #line 81 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table345, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table364, "When "); #line hidden #line 90 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/TokenExchangePreAuthorizedCodeErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/TokenExchangePreAuthorizedCodeErrors.feature.cs index 1cdc73253..660dd9d68 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/TokenExchangePreAuthorizedCodeErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/TokenExchangePreAuthorizedCodeErrors.feature.cs @@ -99,14 +99,14 @@ public void Client_IdIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table346 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table365 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table346.AddRow(new string[] { + table365.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table346, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table365, "When "); #line hidden #line 9 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -142,17 +142,17 @@ public void ClientMustExists() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table347 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table366 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table347.AddRow(new string[] { + table366.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); - table347.AddRow(new string[] { + table366.AddRow(new string[] { "client_id", "invalid"}); #line 15 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table347, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table366, "When "); #line hidden #line 20 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -188,20 +188,20 @@ public void ClientMustSupportsTheGrant_Type() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table348 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table367 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table348.AddRow(new string[] { + table367.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); - table348.AddRow(new string[] { + table367.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table348.AddRow(new string[] { + table367.AddRow(new string[] { "client_secret", "password"}); #line 26 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table348, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table367, "When "); #line hidden #line 32 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -238,20 +238,20 @@ public void Subject_TokenIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table349 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table368 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table349.AddRow(new string[] { + table368.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); - table349.AddRow(new string[] { + table368.AddRow(new string[] { "client_id", "seventyTwoClient"}); - table349.AddRow(new string[] { + table368.AddRow(new string[] { "client_secret", "password"}); #line 38 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table349, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table368, "When "); #line hidden #line 44 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -287,23 +287,23 @@ public void Subject_Token_TypeIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table350 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table369 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table350.AddRow(new string[] { + table369.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); - table350.AddRow(new string[] { + table369.AddRow(new string[] { "client_id", "seventyTwoClient"}); - table350.AddRow(new string[] { + table369.AddRow(new string[] { "client_secret", "password"}); - table350.AddRow(new string[] { + table369.AddRow(new string[] { "subject_token", "sub"}); #line 50 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table350, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table369, "When "); #line hidden #line 57 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -339,26 +339,26 @@ public void ScopeIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table351 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table370 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table351.AddRow(new string[] { + table370.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); - table351.AddRow(new string[] { + table370.AddRow(new string[] { "client_id", "seventyTwoClient"}); - table351.AddRow(new string[] { + table370.AddRow(new string[] { "client_secret", "password"}); - table351.AddRow(new string[] { + table370.AddRow(new string[] { "subject_token", "sub"}); - table351.AddRow(new string[] { + table370.AddRow(new string[] { "subject_token_type", "type"}); #line 63 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table351, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table370, "When "); #line hidden #line 71 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -394,29 +394,29 @@ public void Subject_Token_TypeMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table352 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table371 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table352.AddRow(new string[] { + table371.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); - table352.AddRow(new string[] { + table371.AddRow(new string[] { "client_id", "seventyTwoClient"}); - table352.AddRow(new string[] { + table371.AddRow(new string[] { "client_secret", "password"}); - table352.AddRow(new string[] { + table371.AddRow(new string[] { "subject_token", "sub"}); - table352.AddRow(new string[] { + table371.AddRow(new string[] { "subject_token_type", "type"}); - table352.AddRow(new string[] { + table371.AddRow(new string[] { "scope", "Credential"}); #line 77 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table352, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table371, "When "); #line hidden #line 86 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -452,38 +452,38 @@ public void SubjectCannotBeExtractedFromTheSubject_Token() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table353 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table372 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table353.AddRow(new string[] { + table372.AddRow(new string[] { "key", "value"}); #line 92 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table353, "Given "); + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table372, "Given "); #line hidden - TechTalk.SpecFlow.Table table354 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table373 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table354.AddRow(new string[] { + table373.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); - table354.AddRow(new string[] { + table373.AddRow(new string[] { "client_id", "seventyTwoClient"}); - table354.AddRow(new string[] { + table373.AddRow(new string[] { "client_secret", "password"}); - table354.AddRow(new string[] { + table373.AddRow(new string[] { "subject_token", "$access_token$"}); - table354.AddRow(new string[] { + table373.AddRow(new string[] { "subject_token_type", "type"}); - table354.AddRow(new string[] { + table373.AddRow(new string[] { "scope", "Credential"}); #line 96 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table354, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table373, "When "); #line hidden #line 105 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -519,41 +519,41 @@ public void ScopesMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table355 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table374 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table355.AddRow(new string[] { + table374.AddRow(new string[] { "sub", "user"}); - table355.AddRow(new string[] { + table374.AddRow(new string[] { "client_id", "client"}); #line 111 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table355, "Given "); + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table374, "Given "); #line hidden - TechTalk.SpecFlow.Table table356 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table375 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table356.AddRow(new string[] { + table375.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); - table356.AddRow(new string[] { + table375.AddRow(new string[] { "client_id", "seventyTwoClient"}); - table356.AddRow(new string[] { + table375.AddRow(new string[] { "client_secret", "password"}); - table356.AddRow(new string[] { + table375.AddRow(new string[] { "subject_token", "$access_token$"}); - table356.AddRow(new string[] { + table375.AddRow(new string[] { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token"}); - table356.AddRow(new string[] { + table375.AddRow(new string[] { "scope", "Credential"}); #line 116 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table356, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table375, "When "); #line hidden #line 125 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -589,38 +589,38 @@ public void UserMustHaveAnActiveOTP() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table357 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table376 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table357.AddRow(new string[] { + table376.AddRow(new string[] { "sub", "user"}); #line 131 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table357, "Given "); + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table376, "Given "); #line hidden - TechTalk.SpecFlow.Table table358 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table377 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table358.AddRow(new string[] { + table377.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:exchange-pre-authorized_code"}); - table358.AddRow(new string[] { + table377.AddRow(new string[] { "client_id", "seventyTwoClient"}); - table358.AddRow(new string[] { + table377.AddRow(new string[] { "client_secret", "password"}); - table358.AddRow(new string[] { + table377.AddRow(new string[] { "subject_token", "$access_token$"}); - table358.AddRow(new string[] { + table377.AddRow(new string[] { "subject_token_type", "urn:ietf:params:oauth:token-type:access_token"}); - table358.AddRow(new string[] { + table377.AddRow(new string[] { "scope", "UniversityCredential"}); #line 135 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table358, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table377, "When "); #line hidden #line 144 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/UMAGrantTypeErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/UMAGrantTypeErrors.feature.cs index 1cbdf1894..b6f3beeba 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/UMAGrantTypeErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/GrantTypes/UMAGrantTypeErrors.feature.cs @@ -99,14 +99,14 @@ public void TicketParameterIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table359 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table378 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table359.AddRow(new string[] { + table378.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:uma-ticket"}); #line 5 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table359, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table378, "When "); #line hidden #line 9 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -142,20 +142,20 @@ public void Claim_Token_FormatParameterIsRequiredWhenClaim_TokenIsPassed() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table360 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table379 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table360.AddRow(new string[] { + table379.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:uma-ticket"}); - table360.AddRow(new string[] { + table379.AddRow(new string[] { "ticket", "ticket"}); - table360.AddRow(new string[] { + table379.AddRow(new string[] { "claim_token", "token"}); #line 16 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table360, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table379, "When "); #line hidden #line 22 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -191,20 +191,20 @@ public void Claim_TokenParameterIsRequiredWhenClaim_Token_FormatIsPassed() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table361 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table380 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table361.AddRow(new string[] { + table380.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:uma-ticket"}); - table361.AddRow(new string[] { + table380.AddRow(new string[] { "ticket", "ticket"}); - table361.AddRow(new string[] { + table380.AddRow(new string[] { "claim_token_format", "format"}); #line 29 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table361, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table380, "When "); #line hidden #line 35 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -240,29 +240,29 @@ public void TicketMustBeValid() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table362 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table381 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table362.AddRow(new string[] { + table381.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table362.AddRow(new string[] { + table381.AddRow(new string[] { "client_secret", "password"}); - table362.AddRow(new string[] { + table381.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:uma-ticket"}); - table362.AddRow(new string[] { + table381.AddRow(new string[] { "ticket", "ticket"}); - table362.AddRow(new string[] { + table381.AddRow(new string[] { "claim_token", "token"}); - table362.AddRow(new string[] { + table381.AddRow(new string[] { "claim_token_format", "format"}); #line 42 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table362, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table381, "When "); #line hidden #line 51 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -298,23 +298,23 @@ public void Client_Token_FormatMustBeValid() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table363 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table382 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table363.AddRow(new string[] { + table382.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table363.AddRow(new string[] { + table382.AddRow(new string[] { "client_secret", "password"}); - table363.AddRow(new string[] { + table382.AddRow(new string[] { "scope", "uma_protection"}); - table363.AddRow(new string[] { + table382.AddRow(new string[] { "grant_type", "client_credentials"}); #line 58 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table363, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table382, "When "); #line hidden #line 65 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -322,38 +322,38 @@ public void Client_Token_FormatMustBeValid() #line 66 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table364 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table383 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table364.AddRow(new string[] { + table383.AddRow(new string[] { "resource_scopes", "[\"scope1\"]"}); - table364.AddRow(new string[] { + table383.AddRow(new string[] { "subject", "user1"}); - table364.AddRow(new string[] { + table383.AddRow(new string[] { "icon_uri", "icon"}); - table364.AddRow(new string[] { + table383.AddRow(new string[] { "name#fr", "nom"}); - table364.AddRow(new string[] { + table383.AddRow(new string[] { "name#en", "name"}); - table364.AddRow(new string[] { + table383.AddRow(new string[] { "description#fr", "descriptionFR"}); - table364.AddRow(new string[] { + table383.AddRow(new string[] { "description#en", "descriptionEN"}); - table364.AddRow(new string[] { + table383.AddRow(new string[] { "type", "type"}); - table364.AddRow(new string[] { + table383.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 68 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table364, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table383, "And "); #line hidden #line 80 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -361,20 +361,20 @@ public void Client_Token_FormatMustBeValid() #line 81 testRunner.And("extract parameter \'_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table365 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table384 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table365.AddRow(new string[] { + table384.AddRow(new string[] { "resource_id", "$_id$"}); - table365.AddRow(new string[] { + table384.AddRow(new string[] { "resource_scopes", "[\"scope1\"]"}); - table365.AddRow(new string[] { + table384.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 83 - testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table365, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table384, "And "); #line hidden #line 89 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -382,29 +382,29 @@ public void Client_Token_FormatMustBeValid() #line 90 testRunner.And("extract parameter \'ticket\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table366 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table385 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table366.AddRow(new string[] { + table385.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table366.AddRow(new string[] { + table385.AddRow(new string[] { "client_secret", "password"}); - table366.AddRow(new string[] { + table385.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:uma-ticket"}); - table366.AddRow(new string[] { + table385.AddRow(new string[] { "ticket", "$ticket$"}); - table366.AddRow(new string[] { + table385.AddRow(new string[] { "claim_token", "token"}); - table366.AddRow(new string[] { + table385.AddRow(new string[] { "claim_token_format", "format"}); #line 92 - testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table366, "And "); + testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table385, "And "); #line hidden #line 101 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -440,23 +440,23 @@ public void Claim_TokenMustBeAValidJWT() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table367 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table386 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table367.AddRow(new string[] { + table386.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table367.AddRow(new string[] { + table386.AddRow(new string[] { "client_secret", "password"}); - table367.AddRow(new string[] { + table386.AddRow(new string[] { "scope", "uma_protection"}); - table367.AddRow(new string[] { + table386.AddRow(new string[] { "grant_type", "client_credentials"}); #line 108 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table367, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table386, "When "); #line hidden #line 115 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -464,38 +464,38 @@ public void Claim_TokenMustBeAValidJWT() #line 116 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table368 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table387 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table368.AddRow(new string[] { + table387.AddRow(new string[] { "resource_scopes", "[\"scope1\"]"}); - table368.AddRow(new string[] { + table387.AddRow(new string[] { "subject", "user1"}); - table368.AddRow(new string[] { + table387.AddRow(new string[] { "icon_uri", "icon"}); - table368.AddRow(new string[] { + table387.AddRow(new string[] { "name#fr", "nom"}); - table368.AddRow(new string[] { + table387.AddRow(new string[] { "name#en", "name"}); - table368.AddRow(new string[] { + table387.AddRow(new string[] { "description#fr", "descriptionFR"}); - table368.AddRow(new string[] { + table387.AddRow(new string[] { "description#en", "descriptionEN"}); - table368.AddRow(new string[] { + table387.AddRow(new string[] { "type", "type"}); - table368.AddRow(new string[] { + table387.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 118 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table368, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table387, "And "); #line hidden #line 130 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -503,20 +503,20 @@ public void Claim_TokenMustBeAValidJWT() #line 131 testRunner.And("extract parameter \'_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table369 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table388 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table369.AddRow(new string[] { + table388.AddRow(new string[] { "resource_id", "$_id$"}); - table369.AddRow(new string[] { + table388.AddRow(new string[] { "resource_scopes", "[\"scope1\"]"}); - table369.AddRow(new string[] { + table388.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 133 - testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table369, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table388, "And "); #line hidden #line 139 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -524,29 +524,29 @@ public void Claim_TokenMustBeAValidJWT() #line 140 testRunner.And("extract parameter \'ticket\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table370 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table389 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table370.AddRow(new string[] { + table389.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table370.AddRow(new string[] { + table389.AddRow(new string[] { "client_secret", "password"}); - table370.AddRow(new string[] { + table389.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:uma-ticket"}); - table370.AddRow(new string[] { + table389.AddRow(new string[] { "ticket", "$ticket$"}); - table370.AddRow(new string[] { + table389.AddRow(new string[] { "claim_token", "token"}); - table370.AddRow(new string[] { + table389.AddRow(new string[] { "claim_token_format", "http://openid.net/specs/openid-connect-core-1_0.html#IDToken"}); #line 142 - testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table370, "And "); + testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table389, "And "); #line hidden #line 151 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -582,32 +582,32 @@ public void ScopeMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table371 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table390 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table371.AddRow(new string[] { + table390.AddRow(new string[] { "sub", "random"}); #line 158 - testRunner.Given("build JWS id_token_hint and sign with the key \'keyid\'", ((string)(null)), table371, "Given "); + testRunner.Given("build JWS id_token_hint and sign with the key \'keyid\'", ((string)(null)), table390, "Given "); #line hidden - TechTalk.SpecFlow.Table table372 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table391 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table372.AddRow(new string[] { + table391.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table372.AddRow(new string[] { + table391.AddRow(new string[] { "client_secret", "password"}); - table372.AddRow(new string[] { + table391.AddRow(new string[] { "scope", "uma_protection"}); - table372.AddRow(new string[] { + table391.AddRow(new string[] { "grant_type", "client_credentials"}); #line 162 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table372, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table391, "When "); #line hidden #line 169 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -615,38 +615,38 @@ public void ScopeMustBeSupported() #line 170 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table373 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table392 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table373.AddRow(new string[] { + table392.AddRow(new string[] { "resource_scopes", "[\"scope1\"]"}); - table373.AddRow(new string[] { + table392.AddRow(new string[] { "subject", "user1"}); - table373.AddRow(new string[] { + table392.AddRow(new string[] { "icon_uri", "icon"}); - table373.AddRow(new string[] { + table392.AddRow(new string[] { "name#fr", "nom"}); - table373.AddRow(new string[] { + table392.AddRow(new string[] { "name#en", "name"}); - table373.AddRow(new string[] { + table392.AddRow(new string[] { "description#fr", "descriptionFR"}); - table373.AddRow(new string[] { + table392.AddRow(new string[] { "description#en", "descriptionEN"}); - table373.AddRow(new string[] { + table392.AddRow(new string[] { "type", "type"}); - table373.AddRow(new string[] { + table392.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 172 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table373, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table392, "And "); #line hidden #line 184 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -654,20 +654,20 @@ public void ScopeMustBeSupported() #line 185 testRunner.And("extract parameter \'_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table374 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table393 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table374.AddRow(new string[] { + table393.AddRow(new string[] { "resource_id", "$_id$"}); - table374.AddRow(new string[] { + table393.AddRow(new string[] { "resource_scopes", "[\"scope1\"]"}); - table374.AddRow(new string[] { + table393.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 187 - testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table374, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table393, "And "); #line hidden #line 193 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -675,32 +675,32 @@ public void ScopeMustBeSupported() #line 194 testRunner.And("extract parameter \'ticket\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table375 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table394 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table375.AddRow(new string[] { + table394.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table375.AddRow(new string[] { + table394.AddRow(new string[] { "client_secret", "password"}); - table375.AddRow(new string[] { + table394.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:uma-ticket"}); - table375.AddRow(new string[] { + table394.AddRow(new string[] { "ticket", "$ticket$"}); - table375.AddRow(new string[] { + table394.AddRow(new string[] { "claim_token", "$id_token_hint$"}); - table375.AddRow(new string[] { + table394.AddRow(new string[] { "claim_token_format", "http://openid.net/specs/openid-connect-core-1_0.html#IDToken"}); - table375.AddRow(new string[] { + table394.AddRow(new string[] { "scope", "invalid"}); #line 196 - testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table375, "And "); + testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table394, "And "); #line hidden #line 206 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -738,32 +738,32 @@ public void Claim_TokenMustContainsTheClaims() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table376 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table395 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table376.AddRow(new string[] { + table395.AddRow(new string[] { "sub", "user"}); #line 213 - testRunner.Given("build JWS id_token_hint and sign with the key \'keyid\'", ((string)(null)), table376, "Given "); + testRunner.Given("build JWS id_token_hint and sign with the key \'keyid\'", ((string)(null)), table395, "Given "); #line hidden - TechTalk.SpecFlow.Table table377 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table396 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table377.AddRow(new string[] { + table396.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table377.AddRow(new string[] { + table396.AddRow(new string[] { "client_secret", "password"}); - table377.AddRow(new string[] { + table396.AddRow(new string[] { "scope", "uma_protection"}); - table377.AddRow(new string[] { + table396.AddRow(new string[] { "grant_type", "client_credentials"}); #line 217 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table377, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table396, "When "); #line hidden #line 224 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -771,38 +771,38 @@ public void Claim_TokenMustContainsTheClaims() #line 225 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table378 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table397 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table378.AddRow(new string[] { + table397.AddRow(new string[] { "resource_scopes", "[\"scope1\"]"}); - table378.AddRow(new string[] { + table397.AddRow(new string[] { "subject", "user1"}); - table378.AddRow(new string[] { + table397.AddRow(new string[] { "icon_uri", "icon"}); - table378.AddRow(new string[] { + table397.AddRow(new string[] { "name#fr", "nom"}); - table378.AddRow(new string[] { + table397.AddRow(new string[] { "name#en", "name"}); - table378.AddRow(new string[] { + table397.AddRow(new string[] { "description#fr", "descriptionFR"}); - table378.AddRow(new string[] { + table397.AddRow(new string[] { "description#en", "descriptionEN"}); - table378.AddRow(new string[] { + table397.AddRow(new string[] { "type", "type"}); - table378.AddRow(new string[] { + table397.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 227 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table378, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table397, "And "); #line hidden #line 239 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -810,33 +810,33 @@ public void Claim_TokenMustContainsTheClaims() #line 240 testRunner.And("extract parameter \'_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table379 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table398 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table379.AddRow(new string[] { + table398.AddRow(new string[] { "permissions", "[ { \"claims\": [ { \"name\": \"sub\", \"value\": \"user\" }, { \"name\": \"email\", \"value\": \"" + "user@hotmail.com\" } ], \"scopes\": [ \"scope1\" ] } ]"}); - table379.AddRow(new string[] { + table398.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 242 - testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/$_id$/permissions\'", ((string)(null)), table379, "And "); + testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/$_id$/permissions\'", ((string)(null)), table398, "And "); #line hidden - TechTalk.SpecFlow.Table table380 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table399 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table380.AddRow(new string[] { + table399.AddRow(new string[] { "resource_id", "$_id$"}); - table380.AddRow(new string[] { + table399.AddRow(new string[] { "resource_scopes", "[\"scope1\"]"}); - table380.AddRow(new string[] { + table399.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 247 - testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table380, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table399, "And "); #line hidden #line 253 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -844,32 +844,32 @@ public void Claim_TokenMustContainsTheClaims() #line 254 testRunner.And("extract parameter \'ticket\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table381 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table400 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table381.AddRow(new string[] { + table400.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table381.AddRow(new string[] { + table400.AddRow(new string[] { "client_secret", "password"}); - table381.AddRow(new string[] { + table400.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:uma-ticket"}); - table381.AddRow(new string[] { + table400.AddRow(new string[] { "ticket", "$ticket$"}); - table381.AddRow(new string[] { + table400.AddRow(new string[] { "claim_token", "$id_token_hint$"}); - table381.AddRow(new string[] { + table400.AddRow(new string[] { "claim_token_format", "http://openid.net/specs/openid-connect-core-1_0.html#IDToken"}); - table381.AddRow(new string[] { + table400.AddRow(new string[] { "scope", "scope1"}); #line 256 - testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table381, "And "); + testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table400, "And "); #line hidden #line 266 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -906,35 +906,35 @@ public void UserMustBeAuthorized() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table382 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table401 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table382.AddRow(new string[] { + table401.AddRow(new string[] { "sub", "user1"}); - table382.AddRow(new string[] { + table401.AddRow(new string[] { "email", "user@hotmail.fr"}); #line 273 - testRunner.Given("build JWS id_token_hint and sign with the key \'keyid\'", ((string)(null)), table382, "Given "); + testRunner.Given("build JWS id_token_hint and sign with the key \'keyid\'", ((string)(null)), table401, "Given "); #line hidden - TechTalk.SpecFlow.Table table383 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table402 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table383.AddRow(new string[] { + table402.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table383.AddRow(new string[] { + table402.AddRow(new string[] { "client_secret", "password"}); - table383.AddRow(new string[] { + table402.AddRow(new string[] { "scope", "uma_protection"}); - table383.AddRow(new string[] { + table402.AddRow(new string[] { "grant_type", "client_credentials"}); #line 278 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table383, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table402, "When "); #line hidden #line 285 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -942,38 +942,38 @@ public void UserMustBeAuthorized() #line 286 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table384 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table403 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table384.AddRow(new string[] { + table403.AddRow(new string[] { "resource_scopes", "[\"scope1\"]"}); - table384.AddRow(new string[] { + table403.AddRow(new string[] { "subject", "user1"}); - table384.AddRow(new string[] { + table403.AddRow(new string[] { "icon_uri", "icon"}); - table384.AddRow(new string[] { + table403.AddRow(new string[] { "name#fr", "nom"}); - table384.AddRow(new string[] { + table403.AddRow(new string[] { "name#en", "name"}); - table384.AddRow(new string[] { + table403.AddRow(new string[] { "description#fr", "descriptionFR"}); - table384.AddRow(new string[] { + table403.AddRow(new string[] { "description#en", "descriptionEN"}); - table384.AddRow(new string[] { + table403.AddRow(new string[] { "type", "type"}); - table384.AddRow(new string[] { + table403.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 288 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table384, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table403, "And "); #line hidden #line 300 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -981,33 +981,33 @@ public void UserMustBeAuthorized() #line 301 testRunner.And("extract parameter \'_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table385 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table404 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table385.AddRow(new string[] { + table404.AddRow(new string[] { "permissions", "[ { \"claims\": [ { \"name\": \"sub\", \"value\": \"user\" }, { \"name\": \"email\", \"value\": \"" + "user@hotmail.com\" } ], \"scopes\": [ \"scope1\" ] } ]"}); - table385.AddRow(new string[] { + table404.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 303 - testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/$_id$/permissions\'", ((string)(null)), table385, "And "); + testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/$_id$/permissions\'", ((string)(null)), table404, "And "); #line hidden - TechTalk.SpecFlow.Table table386 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table405 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table386.AddRow(new string[] { + table405.AddRow(new string[] { "resource_id", "$_id$"}); - table386.AddRow(new string[] { + table405.AddRow(new string[] { "resource_scopes", "[\"scope1\"]"}); - table386.AddRow(new string[] { + table405.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 308 - testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table386, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table405, "And "); #line hidden #line 314 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1015,32 +1015,32 @@ public void UserMustBeAuthorized() #line 315 testRunner.And("extract parameter \'ticket\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table387 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table406 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table387.AddRow(new string[] { + table406.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table387.AddRow(new string[] { + table406.AddRow(new string[] { "client_secret", "password"}); - table387.AddRow(new string[] { + table406.AddRow(new string[] { "grant_type", "urn:ietf:params:oauth:grant-type:uma-ticket"}); - table387.AddRow(new string[] { + table406.AddRow(new string[] { "ticket", "$ticket$"}); - table387.AddRow(new string[] { + table406.AddRow(new string[] { "claim_token", "$id_token_hint$"}); - table387.AddRow(new string[] { + table406.AddRow(new string[] { "claim_token_format", "http://openid.net/specs/openid-connect-core-1_0.html#IDToken"}); - table387.AddRow(new string[] { + table406.AddRow(new string[] { "scope", "scope1"}); #line 317 - testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table387, "And "); + testRunner.And("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table406, "And "); #line hidden #line 327 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Grants.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Grants.feature.cs index 98b74f878..496dea81f 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Grants.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Grants.feature.cs @@ -102,70 +102,70 @@ public void GrantIsReturnedWhenValidAccessTokenIsPassed() #line 5 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table159 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table177 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table159.AddRow(new string[] { + table177.AddRow(new string[] { "response_type", "code"}); - table159.AddRow(new string[] { + table177.AddRow(new string[] { "client_id", "fortySevenClient"}); - table159.AddRow(new string[] { + table177.AddRow(new string[] { "state", "state"}); - table159.AddRow(new string[] { + table177.AddRow(new string[] { "response_mode", "query"}); - table159.AddRow(new string[] { + table177.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table159.AddRow(new string[] { + table177.AddRow(new string[] { "nonce", "nonce"}); - table159.AddRow(new string[] { + table177.AddRow(new string[] { "claims", "{ \"id_token\": { \"acr\": { \"essential\" : true, \"value\": \"urn:openbanking:psd2:ca\" }" + " } }"}); - table159.AddRow(new string[] { + table177.AddRow(new string[] { "resource", "https://cal.example.com"}); - table159.AddRow(new string[] { + table177.AddRow(new string[] { "grant_management_action", "create"}); - table159.AddRow(new string[] { + table177.AddRow(new string[] { "scope", "grant_management_query"}); - table159.AddRow(new string[] { + table177.AddRow(new string[] { "authorization_details", "{ \"type\" : \"secondDetails\", \"locations\": [ \"https://cal.example.com\" ], \"actions\"" + ": [ \"read\" ] }"}); #line 7 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table159, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table177, "When "); #line hidden #line 21 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table160 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table178 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table160.AddRow(new string[] { + table178.AddRow(new string[] { "client_id", "fortySevenClient"}); - table160.AddRow(new string[] { + table178.AddRow(new string[] { "client_secret", "password"}); - table160.AddRow(new string[] { + table178.AddRow(new string[] { "grant_type", "authorization_code"}); - table160.AddRow(new string[] { + table178.AddRow(new string[] { "code", "$code$"}); - table160.AddRow(new string[] { + table178.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 23 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table160, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table178, "And "); #line hidden #line 31 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -176,14 +176,14 @@ public void GrantIsReturnedWhenValidAccessTokenIsPassed() #line 33 testRunner.And("extract parameter \'$.grant_id\' from JSON body into \'grantId\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table161 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table179 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table161.AddRow(new string[] { + table179.AddRow(new string[] { "Authorization", "Bearer $accessToken$"}); #line 35 - testRunner.And("execute HTTP GET request \'http://localhost/grants/$grantId$\'", ((string)(null)), table161, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/grants/$grantId$\'", ((string)(null)), table179, "And "); #line hidden #line 39 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -234,66 +234,66 @@ public void GrantIsReturnedWhenAValidRefreshedAccessTokenIsPassed() #line 50 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table162 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table180 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table162.AddRow(new string[] { + table180.AddRow(new string[] { "response_type", "code"}); - table162.AddRow(new string[] { + table180.AddRow(new string[] { "client_id", "fortySevenClient"}); - table162.AddRow(new string[] { + table180.AddRow(new string[] { "state", "state"}); - table162.AddRow(new string[] { + table180.AddRow(new string[] { "response_mode", "query"}); - table162.AddRow(new string[] { + table180.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table162.AddRow(new string[] { + table180.AddRow(new string[] { "nonce", "nonce"}); - table162.AddRow(new string[] { + table180.AddRow(new string[] { "claims", "{ \"id_token\": { \"acr\": { \"essential\" : true, \"value\": \"urn:openbanking:psd2:ca\" }" + " } }"}); - table162.AddRow(new string[] { + table180.AddRow(new string[] { "resource", "https://cal.example.com"}); - table162.AddRow(new string[] { + table180.AddRow(new string[] { "grant_management_action", "create"}); - table162.AddRow(new string[] { + table180.AddRow(new string[] { "scope", "grant_management_query offline_access"}); #line 52 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table162, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table180, "When "); #line hidden #line 65 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table163 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table181 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table163.AddRow(new string[] { + table181.AddRow(new string[] { "client_id", "fortySevenClient"}); - table163.AddRow(new string[] { + table181.AddRow(new string[] { "client_secret", "password"}); - table163.AddRow(new string[] { + table181.AddRow(new string[] { "grant_type", "authorization_code"}); - table163.AddRow(new string[] { + table181.AddRow(new string[] { "code", "$code$"}); - table163.AddRow(new string[] { + table181.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 67 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table163, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table181, "And "); #line hidden #line 75 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -301,23 +301,23 @@ public void GrantIsReturnedWhenAValidRefreshedAccessTokenIsPassed() #line 76 testRunner.And("extract parameter \'$.refresh_token\' from JSON body into \'refreshToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table164 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table182 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table164.AddRow(new string[] { + table182.AddRow(new string[] { "grant_type", "refresh_token"}); - table164.AddRow(new string[] { + table182.AddRow(new string[] { "refresh_token", "$refreshToken$"}); - table164.AddRow(new string[] { + table182.AddRow(new string[] { "client_id", "fortySevenClient"}); - table164.AddRow(new string[] { + table182.AddRow(new string[] { "client_secret", "password"}); #line 78 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table164, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table182, "And "); #line hidden #line 85 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -328,14 +328,14 @@ public void GrantIsReturnedWhenAValidRefreshedAccessTokenIsPassed() #line 87 testRunner.And("extract parameter \'$.grant_id\' from JSON body into \'grantId\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table165 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table183 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table165.AddRow(new string[] { + table183.AddRow(new string[] { "Authorization", "Bearer $accessToken$"}); #line 89 - testRunner.And("execute HTTP GET request \'http://localhost/grants/$grantId$\'", ((string)(null)), table165, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/grants/$grantId$\'", ((string)(null)), table183, "And "); #line hidden #line 93 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -374,66 +374,66 @@ public void RevokeAGrantAndCheckAccessTokenIsRevoked() #line 100 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table166 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table184 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table166.AddRow(new string[] { + table184.AddRow(new string[] { "response_type", "code"}); - table166.AddRow(new string[] { + table184.AddRow(new string[] { "client_id", "fortySevenClient"}); - table166.AddRow(new string[] { + table184.AddRow(new string[] { "state", "state"}); - table166.AddRow(new string[] { + table184.AddRow(new string[] { "response_mode", "query"}); - table166.AddRow(new string[] { + table184.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table166.AddRow(new string[] { + table184.AddRow(new string[] { "nonce", "nonce"}); - table166.AddRow(new string[] { + table184.AddRow(new string[] { "claims", "{ \"id_token\": { \"acr\": { \"essential\" : true, \"value\": \"urn:openbanking:psd2:ca\" }" + " } }"}); - table166.AddRow(new string[] { + table184.AddRow(new string[] { "resource", "https://cal.example.com"}); - table166.AddRow(new string[] { + table184.AddRow(new string[] { "grant_management_action", "create"}); - table166.AddRow(new string[] { + table184.AddRow(new string[] { "scope", "grant_management_query grant_management_revoke"}); #line 102 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table166, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table184, "When "); #line hidden #line 115 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table167 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table185 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table167.AddRow(new string[] { + table185.AddRow(new string[] { "client_id", "fortySevenClient"}); - table167.AddRow(new string[] { + table185.AddRow(new string[] { "client_secret", "password"}); - table167.AddRow(new string[] { + table185.AddRow(new string[] { "grant_type", "authorization_code"}); - table167.AddRow(new string[] { + table185.AddRow(new string[] { "code", "$code$"}); - table167.AddRow(new string[] { + table185.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 117 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table167, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table185, "And "); #line hidden #line 125 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -444,29 +444,29 @@ public void RevokeAGrantAndCheckAccessTokenIsRevoked() #line 127 testRunner.And("extract parameter \'$.grant_id\' from JSON body into \'grantId\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table168 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table186 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table168.AddRow(new string[] { + table186.AddRow(new string[] { "Authorization", "Bearer $accessToken$"}); #line 129 - testRunner.And("execute HTTP DELETE request \'http://localhost/grants/$grantId$\'", ((string)(null)), table168, "And "); + testRunner.And("execute HTTP DELETE request \'http://localhost/grants/$grantId$\'", ((string)(null)), table186, "And "); #line hidden - TechTalk.SpecFlow.Table table169 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table187 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table169.AddRow(new string[] { + table187.AddRow(new string[] { "client_id", "fortySevenClient"}); - table169.AddRow(new string[] { + table187.AddRow(new string[] { "client_secret", "password"}); - table169.AddRow(new string[] { + table187.AddRow(new string[] { "token", "$accessToken$"}); #line 133 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table169, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table187, "And "); #line hidden #line 139 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -502,63 +502,63 @@ public void MergeTheAuthorization_DetailsTypesAndCheckTheGrantIsUpdated() #line 145 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table170 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table188 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table170.AddRow(new string[] { + table188.AddRow(new string[] { "response_type", "code"}); - table170.AddRow(new string[] { + table188.AddRow(new string[] { "client_id", "fiftyEightClient"}); - table170.AddRow(new string[] { + table188.AddRow(new string[] { "state", "state"}); - table170.AddRow(new string[] { + table188.AddRow(new string[] { "response_mode", "query"}); - table170.AddRow(new string[] { + table188.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table170.AddRow(new string[] { + table188.AddRow(new string[] { "nonce", "nonce"}); - table170.AddRow(new string[] { + table188.AddRow(new string[] { "authorization_details", "{ \"type\" : \"openid_credential\", \"credential_configuration_id\" : \"VerifiableCreden" + "tial\" }"}); - table170.AddRow(new string[] { + table188.AddRow(new string[] { "grant_management_action", "create"}); - table170.AddRow(new string[] { + table188.AddRow(new string[] { "scope", "grant_management_query"}); #line 147 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table170, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table188, "When "); #line hidden #line 159 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table171 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table189 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table171.AddRow(new string[] { + table189.AddRow(new string[] { "client_id", "fiftyEightClient"}); - table171.AddRow(new string[] { + table189.AddRow(new string[] { "client_secret", "password"}); - table171.AddRow(new string[] { + table189.AddRow(new string[] { "grant_type", "authorization_code"}); - table171.AddRow(new string[] { + table189.AddRow(new string[] { "code", "$code$"}); - table171.AddRow(new string[] { + table189.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 161 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table171, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table189, "And "); #line hidden #line 169 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -566,66 +566,66 @@ public void MergeTheAuthorization_DetailsTypesAndCheckTheGrantIsUpdated() #line 170 testRunner.And("extract parameter \'$.grant_id\' from JSON body into \'grantId\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table172 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table190 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table172.AddRow(new string[] { + table190.AddRow(new string[] { "response_type", "code"}); - table172.AddRow(new string[] { + table190.AddRow(new string[] { "client_id", "fiftyEightClient"}); - table172.AddRow(new string[] { + table190.AddRow(new string[] { "state", "state"}); - table172.AddRow(new string[] { + table190.AddRow(new string[] { "response_mode", "query"}); - table172.AddRow(new string[] { + table190.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table172.AddRow(new string[] { + table190.AddRow(new string[] { "nonce", "nonce"}); - table172.AddRow(new string[] { + table190.AddRow(new string[] { "grant_management_action", "merge"}); - table172.AddRow(new string[] { + table190.AddRow(new string[] { "scope", "grant_management_revoke grant_management_query"}); - table172.AddRow(new string[] { + table190.AddRow(new string[] { "grant_id", "$grantId$"}); - table172.AddRow(new string[] { + table190.AddRow(new string[] { "authorization_details", "{ \"type\" : \"openid_credential\", \"credential_configuration_id\" : \"UniversityDegree" + "Credential\" }"}); #line 172 - testRunner.And("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table172, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table190, "And "); #line hidden #line 185 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table173 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table191 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table173.AddRow(new string[] { + table191.AddRow(new string[] { "client_id", "fiftyEightClient"}); - table173.AddRow(new string[] { + table191.AddRow(new string[] { "client_secret", "password"}); - table173.AddRow(new string[] { + table191.AddRow(new string[] { "grant_type", "authorization_code"}); - table173.AddRow(new string[] { + table191.AddRow(new string[] { "code", "$code$"}); - table173.AddRow(new string[] { + table191.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 187 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table173, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table191, "And "); #line hidden #line 195 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -633,14 +633,14 @@ public void MergeTheAuthorization_DetailsTypesAndCheckTheGrantIsUpdated() #line 196 testRunner.And("extract parameter \'$.access_token\' from JSON body into \'accessToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table174 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table192 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table174.AddRow(new string[] { + table192.AddRow(new string[] { "Authorization", "Bearer $accessToken$"}); #line 198 - testRunner.And("execute HTTP GET request \'http://localhost/grants/$grantId$\'", ((string)(null)), table174, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/grants/$grantId$\'", ((string)(null)), table192, "And "); #line hidden #line 202 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -680,66 +680,66 @@ public void MergeThePermissionsConsentedByTheUserInTheActualRequestWithThoseAlre #line 208 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table175 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table193 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table175.AddRow(new string[] { + table193.AddRow(new string[] { "response_type", "code"}); - table175.AddRow(new string[] { + table193.AddRow(new string[] { "client_id", "fortySevenClient"}); - table175.AddRow(new string[] { + table193.AddRow(new string[] { "state", "state"}); - table175.AddRow(new string[] { + table193.AddRow(new string[] { "response_mode", "query"}); - table175.AddRow(new string[] { + table193.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table175.AddRow(new string[] { + table193.AddRow(new string[] { "nonce", "nonce"}); - table175.AddRow(new string[] { + table193.AddRow(new string[] { "claims", "{ \"id_token\": { \"acr\": { \"essential\" : true, \"value\": \"urn:openbanking:psd2:ca\" }" + " } }"}); - table175.AddRow(new string[] { + table193.AddRow(new string[] { "resource", "https://cal.example.com"}); - table175.AddRow(new string[] { + table193.AddRow(new string[] { "grant_management_action", "create"}); - table175.AddRow(new string[] { + table193.AddRow(new string[] { "scope", "grant_management_query"}); #line 210 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table175, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table193, "When "); #line hidden #line 223 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table176 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table194 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table176.AddRow(new string[] { + table194.AddRow(new string[] { "client_id", "fortySevenClient"}); - table176.AddRow(new string[] { + table194.AddRow(new string[] { "client_secret", "password"}); - table176.AddRow(new string[] { + table194.AddRow(new string[] { "grant_type", "authorization_code"}); - table176.AddRow(new string[] { + table194.AddRow(new string[] { "code", "$code$"}); - table176.AddRow(new string[] { + table194.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 225 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table176, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table194, "And "); #line hidden #line 233 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -747,68 +747,68 @@ public void MergeThePermissionsConsentedByTheUserInTheActualRequestWithThoseAlre #line 234 testRunner.And("extract parameter \'$.grant_id\' from JSON body into \'grantId\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table177 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table195 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table177.AddRow(new string[] { + table195.AddRow(new string[] { "response_type", "code"}); - table177.AddRow(new string[] { + table195.AddRow(new string[] { "client_id", "fortySevenClient"}); - table177.AddRow(new string[] { + table195.AddRow(new string[] { "state", "state"}); - table177.AddRow(new string[] { + table195.AddRow(new string[] { "response_mode", "query"}); - table177.AddRow(new string[] { + table195.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table177.AddRow(new string[] { + table195.AddRow(new string[] { "nonce", "nonce"}); - table177.AddRow(new string[] { + table195.AddRow(new string[] { "claims", "{ \"id_token\": { \"iss\": { \"essential\" : false } } }"}); - table177.AddRow(new string[] { + table195.AddRow(new string[] { "resource", "https://contacts.example.com"}); - table177.AddRow(new string[] { + table195.AddRow(new string[] { "grant_management_action", "merge"}); - table177.AddRow(new string[] { + table195.AddRow(new string[] { "scope", "grant_management_revoke grant_management_query"}); - table177.AddRow(new string[] { + table195.AddRow(new string[] { "grant_id", "$grantId$"}); #line 236 - testRunner.And("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table177, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table195, "And "); #line hidden #line 250 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table178 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table196 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table178.AddRow(new string[] { + table196.AddRow(new string[] { "client_id", "fortySevenClient"}); - table178.AddRow(new string[] { + table196.AddRow(new string[] { "client_secret", "password"}); - table178.AddRow(new string[] { + table196.AddRow(new string[] { "grant_type", "authorization_code"}); - table178.AddRow(new string[] { + table196.AddRow(new string[] { "code", "$code$"}); - table178.AddRow(new string[] { + table196.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 252 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table178, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table196, "And "); #line hidden #line 260 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -816,14 +816,14 @@ public void MergeThePermissionsConsentedByTheUserInTheActualRequestWithThoseAlre #line 261 testRunner.And("extract parameter \'$.access_token\' from JSON body into \'accessToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table179 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table197 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table179.AddRow(new string[] { + table197.AddRow(new string[] { "Authorization", "Bearer $accessToken$"}); #line 263 - testRunner.And("execute HTTP GET request \'http://localhost/grants/$grantId$\'", ((string)(null)), table179, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/grants/$grantId$\'", ((string)(null)), table197, "And "); #line hidden #line 267 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -886,66 +886,66 @@ public void ChangeTheGrantToBeONLYThePermissionsRequestedByTheClientAndConsented #line 281 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table180 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table198 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table180.AddRow(new string[] { + table198.AddRow(new string[] { "response_type", "code"}); - table180.AddRow(new string[] { + table198.AddRow(new string[] { "client_id", "fortySevenClient"}); - table180.AddRow(new string[] { + table198.AddRow(new string[] { "state", "state"}); - table180.AddRow(new string[] { + table198.AddRow(new string[] { "response_mode", "query"}); - table180.AddRow(new string[] { + table198.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table180.AddRow(new string[] { + table198.AddRow(new string[] { "nonce", "nonce"}); - table180.AddRow(new string[] { + table198.AddRow(new string[] { "claims", "{ \"id_token\": { \"acr\": { \"essential\" : true, \"value\": \"urn:openbanking:psd2:ca\" }" + " } }"}); - table180.AddRow(new string[] { + table198.AddRow(new string[] { "resource", "https://cal.example.com"}); - table180.AddRow(new string[] { + table198.AddRow(new string[] { "grant_management_action", "create"}); - table180.AddRow(new string[] { + table198.AddRow(new string[] { "scope", "grant_management_revoke"}); #line 283 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table180, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table198, "When "); #line hidden #line 296 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table181 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table199 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table181.AddRow(new string[] { + table199.AddRow(new string[] { "client_id", "fortySevenClient"}); - table181.AddRow(new string[] { + table199.AddRow(new string[] { "client_secret", "password"}); - table181.AddRow(new string[] { + table199.AddRow(new string[] { "grant_type", "authorization_code"}); - table181.AddRow(new string[] { + table199.AddRow(new string[] { "code", "$code$"}); - table181.AddRow(new string[] { + table199.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 298 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table181, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table199, "And "); #line hidden #line 306 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -953,65 +953,65 @@ public void ChangeTheGrantToBeONLYThePermissionsRequestedByTheClientAndConsented #line 307 testRunner.And("extract parameter \'$.grant_id\' from JSON body into \'grantId\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table182 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table200 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table182.AddRow(new string[] { + table200.AddRow(new string[] { "response_type", "code"}); - table182.AddRow(new string[] { + table200.AddRow(new string[] { "client_id", "fortySevenClient"}); - table182.AddRow(new string[] { + table200.AddRow(new string[] { "state", "state"}); - table182.AddRow(new string[] { + table200.AddRow(new string[] { "response_mode", "query"}); - table182.AddRow(new string[] { + table200.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table182.AddRow(new string[] { + table200.AddRow(new string[] { "nonce", "nonce"}); - table182.AddRow(new string[] { + table200.AddRow(new string[] { "claims", "{ \"id_token\": { \"iss\": { \"essential\" : false } } }"}); - table182.AddRow(new string[] { + table200.AddRow(new string[] { "grant_management_action", "replace"}); - table182.AddRow(new string[] { + table200.AddRow(new string[] { "scope", "grant_management_query"}); - table182.AddRow(new string[] { + table200.AddRow(new string[] { "grant_id", "$grantId$"}); #line 309 - testRunner.And("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table182, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table200, "And "); #line hidden #line 322 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table183 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table201 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table183.AddRow(new string[] { + table201.AddRow(new string[] { "client_id", "fortySevenClient"}); - table183.AddRow(new string[] { + table201.AddRow(new string[] { "client_secret", "password"}); - table183.AddRow(new string[] { + table201.AddRow(new string[] { "grant_type", "authorization_code"}); - table183.AddRow(new string[] { + table201.AddRow(new string[] { "code", "$code$"}); - table183.AddRow(new string[] { + table201.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 324 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table183, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table201, "And "); #line hidden #line 332 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1019,14 +1019,14 @@ public void ChangeTheGrantToBeONLYThePermissionsRequestedByTheClientAndConsented #line 333 testRunner.And("extract parameter \'$.access_token\' from JSON body into \'accessToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table184 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table202 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table184.AddRow(new string[] { + table202.AddRow(new string[] { "Authorization", "Bearer $accessToken$"}); #line 335 - testRunner.And("execute HTTP GET request \'http://localhost/grants/$grantId$\'", ((string)(null)), table184, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/grants/$grantId$\'", ((string)(null)), table202, "And "); #line hidden #line 339 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IdServerConfiguration.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IdServerConfiguration.feature.cs index 94745da92..7145842b2 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IdServerConfiguration.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IdServerConfiguration.feature.cs @@ -98,12 +98,12 @@ public void GetTheConfiguration() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table388 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table407 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 5 testRunner.When("execute HTTP GET request \'https://localhost:8080/.well-known/idserver-configurati" + - "on\'", ((string)(null)), table388, "When "); + "on\'", ((string)(null)), table407, "When "); #line hidden #line 7 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IdTokenSignatureAndOrEncryption.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IdTokenSignatureAndOrEncryption.feature.cs index df36c2db0..e724f3fb0 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IdTokenSignatureAndOrEncryption.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IdTokenSignatureAndOrEncryption.feature.cs @@ -101,35 +101,35 @@ public void IdentityTokenMustBeReturnedInJWSFormatWithAlgSetToNone() #line 5 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table389 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table408 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table389.AddRow(new string[] { + table408.AddRow(new string[] { "response_type", "id_token"}); - table389.AddRow(new string[] { + table408.AddRow(new string[] { "client_id", "fifteenClient"}); - table389.AddRow(new string[] { + table408.AddRow(new string[] { "state", "state"}); - table389.AddRow(new string[] { + table408.AddRow(new string[] { "response_mode", "query"}); - table389.AddRow(new string[] { + table408.AddRow(new string[] { "scope", "openid email role"}); - table389.AddRow(new string[] { + table408.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table389.AddRow(new string[] { + table408.AddRow(new string[] { "nonce", "nonce"}); - table389.AddRow(new string[] { + table408.AddRow(new string[] { "display", "popup"}); #line 6 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table389, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table408, "When "); #line hidden #line 17 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -192,35 +192,35 @@ public void IdentityTokenMustBeReturnedInJWSFormatWithAlgSetToES256() #line 32 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table390 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table409 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table390.AddRow(new string[] { + table409.AddRow(new string[] { "response_type", "id_token"}); - table390.AddRow(new string[] { + table409.AddRow(new string[] { "client_id", "sixteenClient"}); - table390.AddRow(new string[] { + table409.AddRow(new string[] { "state", "state"}); - table390.AddRow(new string[] { + table409.AddRow(new string[] { "response_mode", "query"}); - table390.AddRow(new string[] { + table409.AddRow(new string[] { "scope", "openid email role"}); - table390.AddRow(new string[] { + table409.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table390.AddRow(new string[] { + table409.AddRow(new string[] { "nonce", "nonce"}); - table390.AddRow(new string[] { + table409.AddRow(new string[] { "display", "popup"}); #line 33 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table390, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table409, "When "); #line hidden #line 44 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -283,35 +283,35 @@ public void IdentityTokenMustBeReturnedInJWSFormatWithAlgSetToES384() #line 59 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table391 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table410 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table391.AddRow(new string[] { + table410.AddRow(new string[] { "response_type", "id_token"}); - table391.AddRow(new string[] { + table410.AddRow(new string[] { "client_id", "seventeenClient"}); - table391.AddRow(new string[] { + table410.AddRow(new string[] { "state", "state"}); - table391.AddRow(new string[] { + table410.AddRow(new string[] { "response_mode", "query"}); - table391.AddRow(new string[] { + table410.AddRow(new string[] { "scope", "openid email role"}); - table391.AddRow(new string[] { + table410.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table391.AddRow(new string[] { + table410.AddRow(new string[] { "nonce", "nonce"}); - table391.AddRow(new string[] { + table410.AddRow(new string[] { "display", "popup"}); #line 60 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table391, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table410, "When "); #line hidden #line 71 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -374,35 +374,35 @@ public void IdentityTokenMustBeReturnedInJWSFormatWithAlgSetToES512() #line 86 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table392 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table411 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table392.AddRow(new string[] { + table411.AddRow(new string[] { "response_type", "id_token"}); - table392.AddRow(new string[] { + table411.AddRow(new string[] { "client_id", "eighteenClient"}); - table392.AddRow(new string[] { + table411.AddRow(new string[] { "state", "state"}); - table392.AddRow(new string[] { + table411.AddRow(new string[] { "response_mode", "query"}); - table392.AddRow(new string[] { + table411.AddRow(new string[] { "scope", "openid email role"}); - table392.AddRow(new string[] { + table411.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table392.AddRow(new string[] { + table411.AddRow(new string[] { "nonce", "nonce"}); - table392.AddRow(new string[] { + table411.AddRow(new string[] { "display", "popup"}); #line 87 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table392, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table411, "When "); #line hidden #line 98 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -465,35 +465,35 @@ public void IdentityTokenMustBeReturnedInJWSFormatWithAlgSetToHS256() #line 113 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table393 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table412 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table393.AddRow(new string[] { + table412.AddRow(new string[] { "response_type", "id_token"}); - table393.AddRow(new string[] { + table412.AddRow(new string[] { "client_id", "nineteenClient"}); - table393.AddRow(new string[] { + table412.AddRow(new string[] { "state", "state"}); - table393.AddRow(new string[] { + table412.AddRow(new string[] { "response_mode", "query"}); - table393.AddRow(new string[] { + table412.AddRow(new string[] { "scope", "openid email role"}); - table393.AddRow(new string[] { + table412.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table393.AddRow(new string[] { + table412.AddRow(new string[] { "nonce", "nonce"}); - table393.AddRow(new string[] { + table412.AddRow(new string[] { "display", "popup"}); #line 114 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table393, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table412, "When "); #line hidden #line 125 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -556,35 +556,35 @@ public void IdentityTokenMustBeReturnedInJWSFormatWithAlgSetToHS384() #line 140 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table394 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table413 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table394.AddRow(new string[] { + table413.AddRow(new string[] { "response_type", "id_token"}); - table394.AddRow(new string[] { + table413.AddRow(new string[] { "client_id", "twentyClient"}); - table394.AddRow(new string[] { + table413.AddRow(new string[] { "state", "state"}); - table394.AddRow(new string[] { + table413.AddRow(new string[] { "response_mode", "query"}); - table394.AddRow(new string[] { + table413.AddRow(new string[] { "scope", "openid email role"}); - table394.AddRow(new string[] { + table413.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table394.AddRow(new string[] { + table413.AddRow(new string[] { "nonce", "nonce"}); - table394.AddRow(new string[] { + table413.AddRow(new string[] { "display", "popup"}); #line 141 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table394, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table413, "When "); #line hidden #line 152 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -647,35 +647,35 @@ public void IdentityTokenMustBeReturnedInJWSFormatWithAlgSetToHS512() #line 167 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table395 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table414 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table395.AddRow(new string[] { + table414.AddRow(new string[] { "response_type", "id_token"}); - table395.AddRow(new string[] { + table414.AddRow(new string[] { "client_id", "twentyOneClient"}); - table395.AddRow(new string[] { + table414.AddRow(new string[] { "state", "state"}); - table395.AddRow(new string[] { + table414.AddRow(new string[] { "response_mode", "query"}); - table395.AddRow(new string[] { + table414.AddRow(new string[] { "scope", "openid email role"}); - table395.AddRow(new string[] { + table414.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table395.AddRow(new string[] { + table414.AddRow(new string[] { "nonce", "nonce"}); - table395.AddRow(new string[] { + table414.AddRow(new string[] { "display", "popup"}); #line 168 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table395, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table414, "When "); #line hidden #line 179 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -738,35 +738,35 @@ public void IdentityTokenMustBeReturnedInJWSFormatWithAlgSetToRS256() #line 194 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table396 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table415 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table396.AddRow(new string[] { + table415.AddRow(new string[] { "response_type", "id_token"}); - table396.AddRow(new string[] { + table415.AddRow(new string[] { "client_id", "twentyTwoClient"}); - table396.AddRow(new string[] { + table415.AddRow(new string[] { "state", "state"}); - table396.AddRow(new string[] { + table415.AddRow(new string[] { "response_mode", "query"}); - table396.AddRow(new string[] { + table415.AddRow(new string[] { "scope", "openid email role"}); - table396.AddRow(new string[] { + table415.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table396.AddRow(new string[] { + table415.AddRow(new string[] { "nonce", "nonce"}); - table396.AddRow(new string[] { + table415.AddRow(new string[] { "display", "popup"}); #line 195 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table396, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table415, "When "); #line hidden #line 206 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -829,35 +829,35 @@ public void IdentityTokenMustBeReturnedInJWSFormatWithAlgSetToRS384() #line 221 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table397 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table416 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table397.AddRow(new string[] { + table416.AddRow(new string[] { "response_type", "id_token"}); - table397.AddRow(new string[] { + table416.AddRow(new string[] { "client_id", "twentyThreeClient"}); - table397.AddRow(new string[] { + table416.AddRow(new string[] { "state", "state"}); - table397.AddRow(new string[] { + table416.AddRow(new string[] { "response_mode", "query"}); - table397.AddRow(new string[] { + table416.AddRow(new string[] { "scope", "openid email role"}); - table397.AddRow(new string[] { + table416.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table397.AddRow(new string[] { + table416.AddRow(new string[] { "nonce", "nonce"}); - table397.AddRow(new string[] { + table416.AddRow(new string[] { "display", "popup"}); #line 222 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table397, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table416, "When "); #line hidden #line 233 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -920,35 +920,35 @@ public void IdentityTokenMustBeReturnedInJWSFormatWithAlgSetToRS512() #line 248 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table398 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table417 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table398.AddRow(new string[] { + table417.AddRow(new string[] { "response_type", "id_token"}); - table398.AddRow(new string[] { + table417.AddRow(new string[] { "client_id", "twentyFourClient"}); - table398.AddRow(new string[] { + table417.AddRow(new string[] { "state", "state"}); - table398.AddRow(new string[] { + table417.AddRow(new string[] { "response_mode", "query"}); - table398.AddRow(new string[] { + table417.AddRow(new string[] { "scope", "openid email role"}); - table398.AddRow(new string[] { + table417.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table398.AddRow(new string[] { + table417.AddRow(new string[] { "nonce", "nonce"}); - table398.AddRow(new string[] { + table417.AddRow(new string[] { "display", "popup"}); #line 249 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table398, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table417, "When "); #line hidden #line 260 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1014,35 +1014,35 @@ public void IdentityTokenMustBeReturnedInJWEFormatWithAlgSetToRSA1_5AndEncSetToA #line 275 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table399 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table418 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table399.AddRow(new string[] { + table418.AddRow(new string[] { "response_type", "id_token"}); - table399.AddRow(new string[] { + table418.AddRow(new string[] { "client_id", "twentyFiveClient"}); - table399.AddRow(new string[] { + table418.AddRow(new string[] { "state", "state"}); - table399.AddRow(new string[] { + table418.AddRow(new string[] { "response_mode", "query"}); - table399.AddRow(new string[] { + table418.AddRow(new string[] { "scope", "openid email role"}); - table399.AddRow(new string[] { + table418.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table399.AddRow(new string[] { + table418.AddRow(new string[] { "nonce", "nonce"}); - table399.AddRow(new string[] { + table418.AddRow(new string[] { "display", "popup"}); #line 276 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table399, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table418, "When "); #line hidden #line 287 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1087,35 +1087,35 @@ public void IdentityTokenMustBeReturnedInJWEFormatWithAlgSetToRSA1_5AndEncSetToA #line 295 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table400 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table419 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table400.AddRow(new string[] { + table419.AddRow(new string[] { "response_type", "id_token"}); - table400.AddRow(new string[] { + table419.AddRow(new string[] { "client_id", "twentySixClient"}); - table400.AddRow(new string[] { + table419.AddRow(new string[] { "state", "state"}); - table400.AddRow(new string[] { + table419.AddRow(new string[] { "response_mode", "query"}); - table400.AddRow(new string[] { + table419.AddRow(new string[] { "scope", "openid email role"}); - table400.AddRow(new string[] { + table419.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table400.AddRow(new string[] { + table419.AddRow(new string[] { "nonce", "nonce"}); - table400.AddRow(new string[] { + table419.AddRow(new string[] { "display", "popup"}); #line 296 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table400, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table419, "When "); #line hidden #line 307 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1160,35 +1160,35 @@ public void IdentityTokenMustBeReturnedInJWEFormatWithAlgSetToRSA1_5AndEncSetToA #line 315 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table401 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table420 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table401.AddRow(new string[] { + table420.AddRow(new string[] { "response_type", "id_token"}); - table401.AddRow(new string[] { + table420.AddRow(new string[] { "client_id", "twentySevenClient"}); - table401.AddRow(new string[] { + table420.AddRow(new string[] { "state", "state"}); - table401.AddRow(new string[] { + table420.AddRow(new string[] { "response_mode", "query"}); - table401.AddRow(new string[] { + table420.AddRow(new string[] { "scope", "openid email role"}); - table401.AddRow(new string[] { + table420.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table401.AddRow(new string[] { + table420.AddRow(new string[] { "nonce", "nonce"}); - table401.AddRow(new string[] { + table420.AddRow(new string[] { "display", "popup"}); #line 316 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table401, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table420, "When "); #line hidden #line 327 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1233,35 +1233,35 @@ public void IdentityTokenMustBeReturnedInJWEFormatWithAlgSetToRSA_OAEPAndEncSetT #line 335 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table402 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table421 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table402.AddRow(new string[] { + table421.AddRow(new string[] { "response_type", "id_token"}); - table402.AddRow(new string[] { + table421.AddRow(new string[] { "client_id", "twentyEightClient"}); - table402.AddRow(new string[] { + table421.AddRow(new string[] { "state", "state"}); - table402.AddRow(new string[] { + table421.AddRow(new string[] { "response_mode", "query"}); - table402.AddRow(new string[] { + table421.AddRow(new string[] { "scope", "openid email role"}); - table402.AddRow(new string[] { + table421.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table402.AddRow(new string[] { + table421.AddRow(new string[] { "nonce", "nonce"}); - table402.AddRow(new string[] { + table421.AddRow(new string[] { "display", "popup"}); #line 336 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table402, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table421, "When "); #line hidden #line 347 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1306,35 +1306,35 @@ public void IdentityTokenMustBeReturnedInJWEFormatWithAlgSetToRSA_OAEPAndEncSetT #line 355 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table403 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table422 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table403.AddRow(new string[] { + table422.AddRow(new string[] { "response_type", "id_token"}); - table403.AddRow(new string[] { + table422.AddRow(new string[] { "client_id", "twentyNineClient"}); - table403.AddRow(new string[] { + table422.AddRow(new string[] { "state", "state"}); - table403.AddRow(new string[] { + table422.AddRow(new string[] { "response_mode", "query"}); - table403.AddRow(new string[] { + table422.AddRow(new string[] { "scope", "openid email role"}); - table403.AddRow(new string[] { + table422.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table403.AddRow(new string[] { + table422.AddRow(new string[] { "nonce", "nonce"}); - table403.AddRow(new string[] { + table422.AddRow(new string[] { "display", "popup"}); #line 356 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table403, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table422, "When "); #line hidden #line 367 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1379,35 +1379,35 @@ public void IdentityTokenMustBeReturnedInJWEFormatWithAlgSetToRSA_OAEPAndEncSetT #line 375 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table404 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table423 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table404.AddRow(new string[] { + table423.AddRow(new string[] { "response_type", "id_token"}); - table404.AddRow(new string[] { + table423.AddRow(new string[] { "client_id", "thirtyClient"}); - table404.AddRow(new string[] { + table423.AddRow(new string[] { "state", "state"}); - table404.AddRow(new string[] { + table423.AddRow(new string[] { "response_mode", "query"}); - table404.AddRow(new string[] { + table423.AddRow(new string[] { "scope", "openid email role"}); - table404.AddRow(new string[] { + table423.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table404.AddRow(new string[] { + table423.AddRow(new string[] { "nonce", "nonce"}); - table404.AddRow(new string[] { + table423.AddRow(new string[] { "display", "popup"}); #line 376 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table404, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table423, "When "); #line hidden #line 387 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Introspect.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Introspect.feature.cs index f82d14637..408c6eb5e 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Introspect.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Introspect.feature.cs @@ -98,20 +98,20 @@ public void IsActiveIsFalseWhenTheTokenDoesntExist() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table405 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table424 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table405.AddRow(new string[] { + table424.AddRow(new string[] { "client_id", "firstClient"}); - table405.AddRow(new string[] { + table424.AddRow(new string[] { "client_secret", "password"}); - table405.AddRow(new string[] { + table424.AddRow(new string[] { "token", "token"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table405, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table424, "When "); #line hidden #line 11 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -144,23 +144,23 @@ public void IsActiveIsFalseWhenTheTokenIsExpired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table406 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table425 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table406.AddRow(new string[] { + table425.AddRow(new string[] { "client_id", "thirteenClient"}); - table406.AddRow(new string[] { + table425.AddRow(new string[] { "client_secret", "password"}); - table406.AddRow(new string[] { + table425.AddRow(new string[] { "scope", "secondScope"}); - table406.AddRow(new string[] { + table425.AddRow(new string[] { "grant_type", "client_credentials"}); #line 17 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table406, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table425, "When "); #line hidden #line 24 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -168,20 +168,20 @@ public void IsActiveIsFalseWhenTheTokenIsExpired() #line 25 testRunner.And("extract parameter \'$.access_token\' from JSON body into \'accessToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table407 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table426 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table407.AddRow(new string[] { + table426.AddRow(new string[] { "client_id", "thirteenClient"}); - table407.AddRow(new string[] { + table426.AddRow(new string[] { "client_secret", "password"}); - table407.AddRow(new string[] { + table426.AddRow(new string[] { "token", "$accessToken$"}); #line 27 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table407, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table426, "And "); #line hidden #line 33 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -214,23 +214,23 @@ public void IsActiveIsTrueWhenTheTokenIsIntrospected() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table408 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table427 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table408.AddRow(new string[] { + table427.AddRow(new string[] { "client_id", "firstClient"}); - table408.AddRow(new string[] { + table427.AddRow(new string[] { "client_secret", "password"}); - table408.AddRow(new string[] { + table427.AddRow(new string[] { "scope", "firstScope"}); - table408.AddRow(new string[] { + table427.AddRow(new string[] { "grant_type", "client_credentials"}); #line 39 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table408, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table427, "When "); #line hidden #line 46 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -238,20 +238,20 @@ public void IsActiveIsTrueWhenTheTokenIsIntrospected() #line 47 testRunner.And("extract parameter \'$.access_token\' from JSON body into \'accessToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table409 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table428 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table409.AddRow(new string[] { + table428.AddRow(new string[] { "client_id", "firstClient"}); - table409.AddRow(new string[] { + table428.AddRow(new string[] { "client_secret", "password"}); - table409.AddRow(new string[] { + table428.AddRow(new string[] { "token", "$accessToken$"}); #line 49 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table409, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table428, "And "); #line hidden #line 55 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -293,38 +293,38 @@ public void JKTIsReturned() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table410 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table429 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table410.AddRow(new string[] { + table429.AddRow(new string[] { "htm", "POST"}); - table410.AddRow(new string[] { + table429.AddRow(new string[] { "htu", "https://localhost:8080/token"}); #line 64 - testRunner.When("build DPoP proof", ((string)(null)), table410, "When "); + testRunner.When("build DPoP proof", ((string)(null)), table429, "When "); #line hidden - TechTalk.SpecFlow.Table table411 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table430 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table411.AddRow(new string[] { + table430.AddRow(new string[] { "client_id", "sixtyThreeClient"}); - table411.AddRow(new string[] { + table430.AddRow(new string[] { "client_secret", "password"}); - table411.AddRow(new string[] { + table430.AddRow(new string[] { "scope", "firstScope"}); - table411.AddRow(new string[] { + table430.AddRow(new string[] { "grant_type", "client_credentials"}); - table411.AddRow(new string[] { + table430.AddRow(new string[] { "DPoP", "$DPOP$"}); #line 69 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table411, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table430, "And "); #line hidden #line 77 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -332,20 +332,20 @@ public void JKTIsReturned() #line 78 testRunner.And("extract parameter \'$.access_token\' from JSON body into \'accessToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table412 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table431 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table412.AddRow(new string[] { + table431.AddRow(new string[] { "client_id", "sixtyThreeClient"}); - table412.AddRow(new string[] { + table431.AddRow(new string[] { "client_secret", "password"}); - table412.AddRow(new string[] { + table431.AddRow(new string[] { "token", "$accessToken$"}); #line 80 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table412, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table431, "And "); #line hidden #line 86 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -390,23 +390,23 @@ public void IntrospectAReferenceAccessToken() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table413 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table432 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table413.AddRow(new string[] { + table432.AddRow(new string[] { "client_id", "sixtyEightClient"}); - table413.AddRow(new string[] { + table432.AddRow(new string[] { "client_secret", "password"}); - table413.AddRow(new string[] { + table432.AddRow(new string[] { "scope", "firstScope"}); - table413.AddRow(new string[] { + table432.AddRow(new string[] { "grant_type", "client_credentials"}); #line 96 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table413, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table432, "When "); #line hidden #line 103 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -414,20 +414,20 @@ public void IntrospectAReferenceAccessToken() #line 104 testRunner.And("extract parameter \'$.access_token\' from JSON body into \'accessToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table414 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table433 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table414.AddRow(new string[] { + table433.AddRow(new string[] { "client_id", "sixtyEightClient"}); - table414.AddRow(new string[] { + table433.AddRow(new string[] { "client_secret", "password"}); - table414.AddRow(new string[] { + table433.AddRow(new string[] { "token", "$accessToken$"}); #line 106 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table414, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table433, "And "); #line hidden #line 112 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IntrospectErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IntrospectErrors.feature.cs index e2288b2be..35e5672eb 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IntrospectErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/IntrospectErrors.feature.cs @@ -98,11 +98,11 @@ public void ErrorIsReturnedWhenTokenIsMissing() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table415 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table434 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table415, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token_info\'", ((string)(null)), table434, "When "); #line hidden #line 8 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Jwks.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Jwks.feature.cs index 123d74816..8ca4fe7c9 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Jwks.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Jwks.feature.cs @@ -98,11 +98,11 @@ public void GetJsonWebKeysJWKS() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table416 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table435 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 5 - testRunner.When("execute HTTP GET request \'https://localhost:8080/jwks\'", ((string)(null)), table416, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/jwks\'", ((string)(null)), table435, "When "); #line hidden #line 8 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/OAUTHConfiguration.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/OAUTHConfiguration.feature.cs index 119fb5ea2..36df43935 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/OAUTHConfiguration.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/OAUTHConfiguration.feature.cs @@ -98,12 +98,12 @@ public void GetTheConfiguration() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table417 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table436 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 5 testRunner.When("execute HTTP GET request \'https://localhost:8080/.well-known/oauth-authorization-" + - "server\'", ((string)(null)), table417, "When "); + "server\'", ((string)(null)), table436, "When "); #line hidden #line 7 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/OpenIdConfiguration.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/OpenIdConfiguration.feature.cs index 0ce166af0..4a628dac6 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/OpenIdConfiguration.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/OpenIdConfiguration.feature.cs @@ -98,12 +98,12 @@ public void GetTheConfiguration() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table418 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table437 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 5 testRunner.When("execute HTTP GET request \'https://localhost:8080/.well-known/openid-configuration" + - "\'", ((string)(null)), table418, "When "); + "\'", ((string)(null)), table437, "When "); #line hidden #line 7 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/PushedAuthorizationRequestErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/PushedAuthorizationRequestErrors.feature.cs index 6cd612102..d8f038988 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/PushedAuthorizationRequestErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/PushedAuthorizationRequestErrors.feature.cs @@ -98,14 +98,14 @@ public void RejectRequestWithRequest_UriParameter() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table419 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table438 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table419.AddRow(new string[] { + table438.AddRow(new string[] { "request_uri", "request"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table419, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table438, "When "); #line hidden #line 9 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -141,14 +141,14 @@ public void ResponseTypeIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table420 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table439 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table420.AddRow(new string[] { + table439.AddRow(new string[] { "client_id", "fortyClient"}); #line 16 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table420, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table439, "When "); #line hidden #line 20 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -184,17 +184,17 @@ public void ResponseTypeMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table421 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table440 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table421.AddRow(new string[] { + table440.AddRow(new string[] { "client_id", "fortyClient"}); - table421.AddRow(new string[] { + table440.AddRow(new string[] { "response_type", "invalid"}); #line 27 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table421, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table440, "When "); #line hidden #line 32 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -230,32 +230,32 @@ public void ScopeResourceOrAuthorization_DetailsParameterAreRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table422 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table441 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table422.AddRow(new string[] { + table441.AddRow(new string[] { "response_type", "code"}); - table422.AddRow(new string[] { + table441.AddRow(new string[] { "client_id", "fortyClient"}); - table422.AddRow(new string[] { + table441.AddRow(new string[] { "state", "state"}); - table422.AddRow(new string[] { + table441.AddRow(new string[] { "response_mode", "query"}); - table422.AddRow(new string[] { + table441.AddRow(new string[] { "redirect_uri", "http://localhost:8081"}); - table422.AddRow(new string[] { + table441.AddRow(new string[] { "nonce", "nonce"}); - table422.AddRow(new string[] { + table441.AddRow(new string[] { "display", "popup"}); #line 39 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table422, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table441, "When "); #line hidden #line 49 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -292,35 +292,35 @@ public void ScopeMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table423 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table442 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table423.AddRow(new string[] { + table442.AddRow(new string[] { "response_type", "code"}); - table423.AddRow(new string[] { + table442.AddRow(new string[] { "client_id", "fortyClient"}); - table423.AddRow(new string[] { + table442.AddRow(new string[] { "state", "state"}); - table423.AddRow(new string[] { + table442.AddRow(new string[] { "response_mode", "query"}); - table423.AddRow(new string[] { + table442.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table423.AddRow(new string[] { + table442.AddRow(new string[] { "scope", "scope1"}); - table423.AddRow(new string[] { + table442.AddRow(new string[] { "nonce", "nonce"}); - table423.AddRow(new string[] { + table442.AddRow(new string[] { "display", "popup"}); #line 56 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table423, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table442, "When "); #line hidden #line 66 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -356,35 +356,35 @@ public void RedirectUriMustBeValid() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table424 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table443 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table424.AddRow(new string[] { + table443.AddRow(new string[] { "response_type", "code"}); - table424.AddRow(new string[] { + table443.AddRow(new string[] { "client_id", "fortyClient"}); - table424.AddRow(new string[] { + table443.AddRow(new string[] { "state", "state"}); - table424.AddRow(new string[] { + table443.AddRow(new string[] { "response_mode", "query"}); - table424.AddRow(new string[] { + table443.AddRow(new string[] { "scope", "openid email role"}); - table424.AddRow(new string[] { + table443.AddRow(new string[] { "redirect_uri", "http://localhost:8081"}); - table424.AddRow(new string[] { + table443.AddRow(new string[] { "nonce", "nonce"}); - table424.AddRow(new string[] { + table443.AddRow(new string[] { "display", "popup"}); #line 74 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table424, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table443, "When "); #line hidden #line 85 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -420,35 +420,35 @@ public void ResponseModeMustBeValid() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table425 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table444 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table425.AddRow(new string[] { + table444.AddRow(new string[] { "response_type", "code"}); - table425.AddRow(new string[] { + table444.AddRow(new string[] { "client_id", "fortyClient"}); - table425.AddRow(new string[] { + table444.AddRow(new string[] { "state", "state"}); - table425.AddRow(new string[] { + table444.AddRow(new string[] { "response_mode", "invalid"}); - table425.AddRow(new string[] { + table444.AddRow(new string[] { "scope", "openid email role"}); - table425.AddRow(new string[] { + table444.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table425.AddRow(new string[] { + table444.AddRow(new string[] { "nonce", "nonce"}); - table425.AddRow(new string[] { + table444.AddRow(new string[] { "display", "popup"}); #line 92 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table425, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table444, "When "); #line hidden #line 103 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -484,35 +484,35 @@ public void ResponseTypeMustBeSupportedByTheClient() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table426 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table445 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table426.AddRow(new string[] { + table445.AddRow(new string[] { "response_type", "id_token"}); - table426.AddRow(new string[] { + table445.AddRow(new string[] { "client_id", "fortyClient"}); - table426.AddRow(new string[] { + table445.AddRow(new string[] { "state", "state"}); - table426.AddRow(new string[] { + table445.AddRow(new string[] { "response_mode", "query"}); - table426.AddRow(new string[] { + table445.AddRow(new string[] { "scope", "openid email role"}); - table426.AddRow(new string[] { + table445.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table426.AddRow(new string[] { + table445.AddRow(new string[] { "nonce", "nonce"}); - table426.AddRow(new string[] { + table445.AddRow(new string[] { "display", "popup"}); #line 110 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table426, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table445, "When "); #line hidden #line 121 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -549,32 +549,32 @@ public void NonceIsRequiredWhenId_TokenIsPresentInTheResponse_Type() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table427 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table446 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table427.AddRow(new string[] { + table446.AddRow(new string[] { "response_type", "code id_token"}); - table427.AddRow(new string[] { + table446.AddRow(new string[] { "client_id", "thirtyOneClient"}); - table427.AddRow(new string[] { + table446.AddRow(new string[] { "state", "state"}); - table427.AddRow(new string[] { + table446.AddRow(new string[] { "response_mode", "query"}); - table427.AddRow(new string[] { + table446.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table427.AddRow(new string[] { + table446.AddRow(new string[] { "scope", "openid email"}); - table427.AddRow(new string[] { + table446.AddRow(new string[] { "display", "popup"}); #line 128 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table427, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table446, "When "); #line hidden #line 138 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -610,39 +610,39 @@ public void Grant_Management_ActionParameterMustBeValid() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table428 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table447 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table428.AddRow(new string[] { + table447.AddRow(new string[] { "response_type", "code token"}); - table428.AddRow(new string[] { + table447.AddRow(new string[] { "client_id", "fortySixClient"}); - table428.AddRow(new string[] { + table447.AddRow(new string[] { "state", "state"}); - table428.AddRow(new string[] { + table447.AddRow(new string[] { "response_mode", "query"}); - table428.AddRow(new string[] { + table447.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table428.AddRow(new string[] { + table447.AddRow(new string[] { "nonce", "nonce"}); - table428.AddRow(new string[] { + table447.AddRow(new string[] { "claims", "{ \"id_token\": { \"acr\": { \"essential\" : true, \"value\": \"urn:openbanking:psd2:ca\" }" + " } }"}); - table428.AddRow(new string[] { + table447.AddRow(new string[] { "resource", "https://cal.example.com"}); - table428.AddRow(new string[] { + table447.AddRow(new string[] { "grant_management_action", "invalid"}); #line 145 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table428, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table447, "When "); #line hidden #line 156 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -678,42 +678,42 @@ public void Grant_IdCannotBeSpecifiedWhenGrant_Management_ActionIsEqualsToCreate else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table429 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table448 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table429.AddRow(new string[] { + table448.AddRow(new string[] { "response_type", "code token"}); - table429.AddRow(new string[] { + table448.AddRow(new string[] { "client_id", "fortySixClient"}); - table429.AddRow(new string[] { + table448.AddRow(new string[] { "state", "state"}); - table429.AddRow(new string[] { + table448.AddRow(new string[] { "response_mode", "query"}); - table429.AddRow(new string[] { + table448.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table429.AddRow(new string[] { + table448.AddRow(new string[] { "nonce", "nonce"}); - table429.AddRow(new string[] { + table448.AddRow(new string[] { "claims", "{ \"id_token\": { \"acr\": { \"essential\" : true, \"value\": \"urn:openbanking:psd2:ca\" }" + " } }"}); - table429.AddRow(new string[] { + table448.AddRow(new string[] { "resource", "https://cal.example.com"}); - table429.AddRow(new string[] { + table448.AddRow(new string[] { "grant_management_action", "create"}); - table429.AddRow(new string[] { + table448.AddRow(new string[] { "grant_id", "id"}); #line 164 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table429, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table448, "When "); #line hidden #line 176 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -750,39 +750,39 @@ public void Grant_Management_ActionMustBeSpecifiedWhenGrant_IdIsPresent() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table430 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table449 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table430.AddRow(new string[] { + table449.AddRow(new string[] { "response_type", "code token"}); - table430.AddRow(new string[] { + table449.AddRow(new string[] { "client_id", "fortySixClient"}); - table430.AddRow(new string[] { + table449.AddRow(new string[] { "state", "state"}); - table430.AddRow(new string[] { + table449.AddRow(new string[] { "response_mode", "query"}); - table430.AddRow(new string[] { + table449.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table430.AddRow(new string[] { + table449.AddRow(new string[] { "nonce", "nonce"}); - table430.AddRow(new string[] { + table449.AddRow(new string[] { "claims", "{ \"id_token\": { \"acr\": { \"essential\" : true, \"value\": \"urn:openbanking:psd2:ca\" }" + " } }"}); - table430.AddRow(new string[] { + table449.AddRow(new string[] { "resource", "https://cal.example.com"}); - table430.AddRow(new string[] { + table449.AddRow(new string[] { "grant_id", "id"}); #line 183 - testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table430, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/par\'", ((string)(null)), table449, "When "); #line hidden #line 194 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Register.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Register.feature.cs index 34ad18fdb..e537d4c3b 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Register.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Register.feature.cs @@ -98,23 +98,23 @@ public void RegisterACompleteClient() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table431 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table450 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table431.AddRow(new string[] { + table450.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table431.AddRow(new string[] { + table450.AddRow(new string[] { "client_secret", "password"}); - table431.AddRow(new string[] { + table450.AddRow(new string[] { "scope", "register"}); - table431.AddRow(new string[] { + table450.AddRow(new string[] { "grant_type", "client_credentials"}); #line 5 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table431, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table450, "When "); #line hidden #line 12 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -122,89 +122,89 @@ public void RegisterACompleteClient() #line 13 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table432 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table451 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "redirect_uris", "[\"https://web.com\"]"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "response_types", "[\"token\"]"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "grant_types", "[\"implicit\"]"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "client_name", "name"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "client_name#fr", "nom"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "client_name#en", "name"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "application_type", "web"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "token_endpoint_auth_method", "client_secret_jwt"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "sector_identifier_uri", "https://localhost/sector"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "subject_type", "public"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "id_token_signed_response_alg", "RS256"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "id_token_encrypted_response_alg", "RSA-OAEP"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "id_token_encrypted_response_enc", "A256CBC-HS512"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "userinfo_signed_response_alg", "RS256"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "userinfo_encrypted_response_alg", "RSA-OAEP"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "userinfo_encrypted_response_enc", "A256CBC-HS512"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "request_object_signing_alg", "RS256"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "request_object_encryption_alg", "RSA-OAEP"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "request_object_encryption_enc", "A256CBC-HS512"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "default_max_age", "2"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "require_auth_time", "true"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "default_acr_values", "[\"a\",\"b\"]"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "post_logout_redirect_uris", "[\"http://localhost/logout\"]"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "initiate_login_uri", "https://localhost/loginuri"}); - table432.AddRow(new string[] { + table451.AddRow(new string[] { "dpop_bound_access_tokens", "true"}); #line 15 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table432, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table451, "And "); #line hidden #line 44 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -315,23 +315,23 @@ public void GetAClient() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table433 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table452 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table433.AddRow(new string[] { + table452.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table433.AddRow(new string[] { + table452.AddRow(new string[] { "client_secret", "password"}); - table433.AddRow(new string[] { + table452.AddRow(new string[] { "scope", "register"}); - table433.AddRow(new string[] { + table452.AddRow(new string[] { "grant_type", "client_credentials"}); #line 76 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table433, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table452, "When "); #line hidden #line 83 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -339,86 +339,86 @@ public void GetAClient() #line 84 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table434 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table453 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "redirect_uris", "[\"https://web.com\"]"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "response_types", "[\"token\"]"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "grant_types", "[\"implicit\"]"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "client_name", "name"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "client_name#fr", "nom"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "client_name#en", "name"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "application_type", "web"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "token_endpoint_auth_method", "client_secret_jwt"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "sector_identifier_uri", "https://localhost/sector"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "subject_type", "public"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "id_token_signed_response_alg", "RS256"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "id_token_encrypted_response_alg", "RSA-OAEP"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "id_token_encrypted_response_enc", "A256CBC-HS512"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "userinfo_signed_response_alg", "RS256"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "userinfo_encrypted_response_alg", "RSA-OAEP"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "userinfo_encrypted_response_enc", "A256CBC-HS512"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "request_object_signing_alg", "RS256"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "request_object_encryption_alg", "RSA-OAEP"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "request_object_encryption_enc", "A256CBC-HS512"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "default_max_age", "2"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "require_auth_time", "true"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "default_acr_values", "[\"a\",\"b\"]"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "post_logout_redirect_uris", "[\"http://localhost/logout\"]"}); - table434.AddRow(new string[] { + table453.AddRow(new string[] { "initiate_login_uri", "https://localhost/loginuri"}); #line 86 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table434, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table453, "And "); #line hidden #line 114 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -429,14 +429,14 @@ public void GetAClient() #line 116 testRunner.And("extract parameter \'registration_access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table435 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table454 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table435.AddRow(new string[] { + table454.AddRow(new string[] { "Authorization", "Bearer $registration_access_token$"}); #line 117 - testRunner.And("execute HTTP GET request \'http://localhost/register/$client_id$\'", ((string)(null)), table435, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/register/$client_id$\'", ((string)(null)), table454, "And "); #line hidden #line 121 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RegisterErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RegisterErrors.feature.cs index b86d7e537..a70381956 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RegisterErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RegisterErrors.feature.cs @@ -101,11 +101,11 @@ public void ErrorIsReturnedWhenTryingToGetAClientAndAuthorizationHeaderIsMissing else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table436 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table455 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 5 - testRunner.When("execute HTTP GET request \'https://localhost:8080/register/clientid\'", ((string)(null)), table436, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/register/clientid\'", ((string)(null)), table455, "When "); #line hidden #line 8 testRunner.Then("HTTP status code equals to \'401\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); @@ -132,11 +132,11 @@ public void ErrorIsReturnedWhenAuthorizationHeaderIsMissing() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table437 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table456 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 11 - testRunner.When("execute HTTP GET request \'https://localhost:8080/register/clientid\'", ((string)(null)), table437, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/register/clientid\'", ((string)(null)), table456, "When "); #line hidden #line 14 testRunner.Then("HTTP status code equals to \'401\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); @@ -163,14 +163,14 @@ public void ErrorIsReturnedWhenAccessTokenIsInvalid() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table438 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table457 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table438.AddRow(new string[] { + table457.AddRow(new string[] { "Authorization", "accesstoken"}); #line 17 - testRunner.When("execute HTTP GET request \'https://localhost:8080/register/clientid\'", ((string)(null)), table438, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/register/clientid\'", ((string)(null)), table457, "When "); #line hidden #line 21 testRunner.Then("HTTP status code equals to \'401\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); @@ -197,23 +197,23 @@ public void Application_TypeMustBeCorrect() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table439 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table458 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table439.AddRow(new string[] { + table458.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table439.AddRow(new string[] { + table458.AddRow(new string[] { "client_secret", "password"}); - table439.AddRow(new string[] { + table458.AddRow(new string[] { "scope", "register"}); - table439.AddRow(new string[] { + table458.AddRow(new string[] { "grant_type", "client_credentials"}); #line 24 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table439, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table458, "When "); #line hidden #line 31 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -221,17 +221,17 @@ public void Application_TypeMustBeCorrect() #line 32 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table440 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table459 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table440.AddRow(new string[] { + table459.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table440.AddRow(new string[] { + table459.AddRow(new string[] { "application_type", "unknown"}); #line 34 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table440, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table459, "And "); #line hidden #line 39 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -264,23 +264,23 @@ public void Sectore_Identifier_UriMustBeCorrect() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table441 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table460 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table441.AddRow(new string[] { + table460.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table441.AddRow(new string[] { + table460.AddRow(new string[] { "client_secret", "password"}); - table441.AddRow(new string[] { + table460.AddRow(new string[] { "scope", "register"}); - table441.AddRow(new string[] { + table460.AddRow(new string[] { "grant_type", "client_credentials"}); #line 45 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table441, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table460, "When "); #line hidden #line 52 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -288,17 +288,17 @@ public void Sectore_Identifier_UriMustBeCorrect() #line 53 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table442 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table461 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table442.AddRow(new string[] { + table461.AddRow(new string[] { "sector_identifier_uri", "unknown"}); - table442.AddRow(new string[] { + table461.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 55 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table442, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table461, "And "); #line hidden #line 60 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -331,23 +331,23 @@ public void Sectore_Identifier_UriMustContainHTTPSScheme() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table443 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table462 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table443.AddRow(new string[] { + table462.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table443.AddRow(new string[] { + table462.AddRow(new string[] { "client_secret", "password"}); - table443.AddRow(new string[] { + table462.AddRow(new string[] { "scope", "register"}); - table443.AddRow(new string[] { + table462.AddRow(new string[] { "grant_type", "client_credentials"}); #line 66 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table443, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table462, "When "); #line hidden #line 73 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -355,17 +355,17 @@ public void Sectore_Identifier_UriMustContainHTTPSScheme() #line 74 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table444 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table463 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table444.AddRow(new string[] { + table463.AddRow(new string[] { "sector_identifier_uri", "http://localhost"}); - table444.AddRow(new string[] { + table463.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 76 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table444, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table463, "And "); #line hidden #line 81 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -398,23 +398,23 @@ public void Initiate_Login_UriMustBeCorrect() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table445 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table464 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table445.AddRow(new string[] { + table464.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table445.AddRow(new string[] { + table464.AddRow(new string[] { "client_secret", "password"}); - table445.AddRow(new string[] { + table464.AddRow(new string[] { "scope", "register"}); - table445.AddRow(new string[] { + table464.AddRow(new string[] { "grant_type", "client_credentials"}); #line 87 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table445, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table464, "When "); #line hidden #line 94 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -422,17 +422,17 @@ public void Initiate_Login_UriMustBeCorrect() #line 95 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table446 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table465 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table446.AddRow(new string[] { + table465.AddRow(new string[] { "initiate_login_uri", "unknown"}); - table446.AddRow(new string[] { + table465.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 97 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table446, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table465, "And "); #line hidden #line 102 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -465,23 +465,23 @@ public void Initiate_Login_UriMustContainsHTTPSScheme() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table447 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table466 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table447.AddRow(new string[] { + table466.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table447.AddRow(new string[] { + table466.AddRow(new string[] { "client_secret", "password"}); - table447.AddRow(new string[] { + table466.AddRow(new string[] { "scope", "register"}); - table447.AddRow(new string[] { + table466.AddRow(new string[] { "grant_type", "client_credentials"}); #line 108 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table447, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table466, "When "); #line hidden #line 115 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -489,17 +489,17 @@ public void Initiate_Login_UriMustContainsHTTPSScheme() #line 116 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table448 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table467 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table448.AddRow(new string[] { + table467.AddRow(new string[] { "initiate_login_uri", "http://localhost"}); - table448.AddRow(new string[] { + table467.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 118 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table448, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table467, "And "); #line hidden #line 123 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -532,23 +532,23 @@ public void Subject_TypeMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table449 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table468 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table449.AddRow(new string[] { + table468.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table449.AddRow(new string[] { + table468.AddRow(new string[] { "client_secret", "password"}); - table449.AddRow(new string[] { + table468.AddRow(new string[] { "scope", "register"}); - table449.AddRow(new string[] { + table468.AddRow(new string[] { "grant_type", "client_credentials"}); #line 129 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table449, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table468, "When "); #line hidden #line 136 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -556,17 +556,17 @@ public void Subject_TypeMustBeSupported() #line 137 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table450 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table469 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table450.AddRow(new string[] { + table469.AddRow(new string[] { "subject_type", "unknow"}); - table450.AddRow(new string[] { + table469.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 139 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table450, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table469, "And "); #line hidden #line 144 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -599,23 +599,23 @@ public void Id_Token_Signed_Response_AlgMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table451 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table470 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table451.AddRow(new string[] { + table470.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table451.AddRow(new string[] { + table470.AddRow(new string[] { "client_secret", "password"}); - table451.AddRow(new string[] { + table470.AddRow(new string[] { "scope", "register"}); - table451.AddRow(new string[] { + table470.AddRow(new string[] { "grant_type", "client_credentials"}); #line 150 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table451, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table470, "When "); #line hidden #line 157 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -623,17 +623,17 @@ public void Id_Token_Signed_Response_AlgMustBeSupported() #line 158 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table452 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table471 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table452.AddRow(new string[] { + table471.AddRow(new string[] { "id_token_signed_response_alg", "unknow"}); - table452.AddRow(new string[] { + table471.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 160 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table452, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table471, "And "); #line hidden #line 165 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -666,23 +666,23 @@ public void Id_Token_Encrypted_Response_AlgMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table453 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table472 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table453.AddRow(new string[] { + table472.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table453.AddRow(new string[] { + table472.AddRow(new string[] { "client_secret", "password"}); - table453.AddRow(new string[] { + table472.AddRow(new string[] { "scope", "register"}); - table453.AddRow(new string[] { + table472.AddRow(new string[] { "grant_type", "client_credentials"}); #line 171 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table453, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table472, "When "); #line hidden #line 178 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -690,17 +690,17 @@ public void Id_Token_Encrypted_Response_AlgMustBeSupported() #line 179 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table454 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table473 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table454.AddRow(new string[] { + table473.AddRow(new string[] { "id_token_encrypted_response_alg", "unknown"}); - table454.AddRow(new string[] { + table473.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 181 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table454, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table473, "And "); #line hidden #line 186 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -733,23 +733,23 @@ public void Id_Token_Encrypted_Response_EncMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table455 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table474 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table455.AddRow(new string[] { + table474.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table455.AddRow(new string[] { + table474.AddRow(new string[] { "client_secret", "password"}); - table455.AddRow(new string[] { + table474.AddRow(new string[] { "scope", "register"}); - table455.AddRow(new string[] { + table474.AddRow(new string[] { "grant_type", "client_credentials"}); #line 192 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table455, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table474, "When "); #line hidden #line 199 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -757,17 +757,17 @@ public void Id_Token_Encrypted_Response_EncMustBeSupported() #line 200 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table456 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table475 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table456.AddRow(new string[] { + table475.AddRow(new string[] { "id_token_encrypted_response_enc", "unknown"}); - table456.AddRow(new string[] { + table475.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 202 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table456, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table475, "And "); #line hidden #line 207 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -803,23 +803,23 @@ public void Id_Token_Encrypted_Response_AlgIsRequiredWhenId_Token_Encrypted_Resp else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table457 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table476 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table457.AddRow(new string[] { + table476.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table457.AddRow(new string[] { + table476.AddRow(new string[] { "client_secret", "password"}); - table457.AddRow(new string[] { + table476.AddRow(new string[] { "scope", "register"}); - table457.AddRow(new string[] { + table476.AddRow(new string[] { "grant_type", "client_credentials"}); #line 213 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table457, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table476, "When "); #line hidden #line 220 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -827,17 +827,17 @@ public void Id_Token_Encrypted_Response_AlgIsRequiredWhenId_Token_Encrypted_Resp #line 221 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table458 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table477 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table458.AddRow(new string[] { + table477.AddRow(new string[] { "id_token_encrypted_response_enc", "A128CBC-HS256"}); - table458.AddRow(new string[] { + table477.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 223 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table458, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table477, "And "); #line hidden #line 228 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -870,23 +870,23 @@ public void Userinfo_Signed_Response_AlgMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table459 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table478 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table459.AddRow(new string[] { + table478.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table459.AddRow(new string[] { + table478.AddRow(new string[] { "client_secret", "password"}); - table459.AddRow(new string[] { + table478.AddRow(new string[] { "scope", "register"}); - table459.AddRow(new string[] { + table478.AddRow(new string[] { "grant_type", "client_credentials"}); #line 234 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table459, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table478, "When "); #line hidden #line 241 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -894,17 +894,17 @@ public void Userinfo_Signed_Response_AlgMustBeSupported() #line 242 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table460 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table479 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table460.AddRow(new string[] { + table479.AddRow(new string[] { "userinfo_signed_response_alg", "unknown"}); - table460.AddRow(new string[] { + table479.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 244 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table460, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table479, "And "); #line hidden #line 249 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -937,23 +937,23 @@ public void Userinfo_Encrypted_Response_AlgMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table461 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table480 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table461.AddRow(new string[] { + table480.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table461.AddRow(new string[] { + table480.AddRow(new string[] { "client_secret", "password"}); - table461.AddRow(new string[] { + table480.AddRow(new string[] { "scope", "register"}); - table461.AddRow(new string[] { + table480.AddRow(new string[] { "grant_type", "client_credentials"}); #line 255 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table461, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table480, "When "); #line hidden #line 262 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -961,17 +961,17 @@ public void Userinfo_Encrypted_Response_AlgMustBeSupported() #line 263 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table462 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table481 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table462.AddRow(new string[] { + table481.AddRow(new string[] { "userinfo_encrypted_response_alg", "unknown"}); - table462.AddRow(new string[] { + table481.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 265 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table462, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table481, "And "); #line hidden #line 270 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1004,23 +1004,23 @@ public void Userinfo_Encrypted_Response_EncMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table463 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table482 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table463.AddRow(new string[] { + table482.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table463.AddRow(new string[] { + table482.AddRow(new string[] { "client_secret", "password"}); - table463.AddRow(new string[] { + table482.AddRow(new string[] { "scope", "register"}); - table463.AddRow(new string[] { + table482.AddRow(new string[] { "grant_type", "client_credentials"}); #line 276 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table463, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table482, "When "); #line hidden #line 283 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1028,17 +1028,17 @@ public void Userinfo_Encrypted_Response_EncMustBeSupported() #line 284 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table464 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table483 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table464.AddRow(new string[] { + table483.AddRow(new string[] { "userinfo_encrypted_response_enc", "unknown"}); - table464.AddRow(new string[] { + table483.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 286 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table464, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table483, "And "); #line hidden #line 291 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1074,23 +1074,23 @@ public void Userinfo_Encrypted_Response_AlgIsRequiredWhenUserinfo_Encrypted_Resp else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table465 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table484 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table465.AddRow(new string[] { + table484.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table465.AddRow(new string[] { + table484.AddRow(new string[] { "client_secret", "password"}); - table465.AddRow(new string[] { + table484.AddRow(new string[] { "scope", "register"}); - table465.AddRow(new string[] { + table484.AddRow(new string[] { "grant_type", "client_credentials"}); #line 297 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table465, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table484, "When "); #line hidden #line 304 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1098,17 +1098,17 @@ public void Userinfo_Encrypted_Response_AlgIsRequiredWhenUserinfo_Encrypted_Resp #line 305 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table466 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table485 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table466.AddRow(new string[] { + table485.AddRow(new string[] { "userinfo_encrypted_response_enc", "A128CBC-HS256"}); - table466.AddRow(new string[] { + table485.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 307 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table466, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table485, "And "); #line hidden #line 312 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1141,23 +1141,23 @@ public void Request_Object_Signing_AlgMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table467 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table486 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table467.AddRow(new string[] { + table486.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table467.AddRow(new string[] { + table486.AddRow(new string[] { "client_secret", "password"}); - table467.AddRow(new string[] { + table486.AddRow(new string[] { "scope", "register"}); - table467.AddRow(new string[] { + table486.AddRow(new string[] { "grant_type", "client_credentials"}); #line 319 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table467, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table486, "When "); #line hidden #line 326 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1165,17 +1165,17 @@ public void Request_Object_Signing_AlgMustBeSupported() #line 327 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table468 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table487 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table468.AddRow(new string[] { + table487.AddRow(new string[] { "request_object_signing_alg", "unknown"}); - table468.AddRow(new string[] { + table487.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 329 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table468, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table487, "And "); #line hidden #line 334 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1208,23 +1208,23 @@ public void Request_Object_Encryption_AlgMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table469 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table488 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table469.AddRow(new string[] { + table488.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table469.AddRow(new string[] { + table488.AddRow(new string[] { "client_secret", "password"}); - table469.AddRow(new string[] { + table488.AddRow(new string[] { "scope", "register"}); - table469.AddRow(new string[] { + table488.AddRow(new string[] { "grant_type", "client_credentials"}); #line 340 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table469, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table488, "When "); #line hidden #line 347 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1232,17 +1232,17 @@ public void Request_Object_Encryption_AlgMustBeSupported() #line 348 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table470 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table489 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table470.AddRow(new string[] { + table489.AddRow(new string[] { "request_object_encryption_alg", "unknown"}); - table470.AddRow(new string[] { + table489.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 350 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table470, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table489, "And "); #line hidden #line 355 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1275,23 +1275,23 @@ public void Request_Object_Encryption_EncMustBeSupported() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table471 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table490 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table471.AddRow(new string[] { + table490.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table471.AddRow(new string[] { + table490.AddRow(new string[] { "client_secret", "password"}); - table471.AddRow(new string[] { + table490.AddRow(new string[] { "scope", "register"}); - table471.AddRow(new string[] { + table490.AddRow(new string[] { "grant_type", "client_credentials"}); #line 362 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table471, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table490, "When "); #line hidden #line 369 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1299,17 +1299,17 @@ public void Request_Object_Encryption_EncMustBeSupported() #line 370 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table472 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table491 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table472.AddRow(new string[] { + table491.AddRow(new string[] { "request_object_encryption_enc", "unknown"}); - table472.AddRow(new string[] { + table491.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 372 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table472, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table491, "And "); #line hidden #line 377 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1345,23 +1345,23 @@ public void Request_Object_Encryption_AlgIsRequiredWhenRequest_Object_Encryption else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table473 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table492 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table473.AddRow(new string[] { + table492.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table473.AddRow(new string[] { + table492.AddRow(new string[] { "client_secret", "password"}); - table473.AddRow(new string[] { + table492.AddRow(new string[] { "scope", "register"}); - table473.AddRow(new string[] { + table492.AddRow(new string[] { "grant_type", "client_credentials"}); #line 384 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table473, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table492, "When "); #line hidden #line 391 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1369,17 +1369,17 @@ public void Request_Object_Encryption_AlgIsRequiredWhenRequest_Object_Encryption #line 392 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table474 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table493 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table474.AddRow(new string[] { + table493.AddRow(new string[] { "request_object_encryption_enc", "A128CBC-HS256"}); - table474.AddRow(new string[] { + table493.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 394 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table474, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table493, "And "); #line hidden #line 399 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1412,23 +1412,23 @@ public void WebClientMustHaveAValidRedirect_Uri() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table475 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table494 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table475.AddRow(new string[] { + table494.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table475.AddRow(new string[] { + table494.AddRow(new string[] { "client_secret", "password"}); - table475.AddRow(new string[] { + table494.AddRow(new string[] { "scope", "register"}); - table475.AddRow(new string[] { + table494.AddRow(new string[] { "grant_type", "client_credentials"}); #line 405 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table475, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table494, "When "); #line hidden #line 412 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1436,20 +1436,20 @@ public void WebClientMustHaveAValidRedirect_Uri() #line 413 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table476 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table495 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table476.AddRow(new string[] { + table495.AddRow(new string[] { "redirect_uris", "[\"invalid\"]"}); - table476.AddRow(new string[] { + table495.AddRow(new string[] { "application_type", "web"}); - table476.AddRow(new string[] { + table495.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 415 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table476, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table495, "And "); #line hidden #line 421 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1482,23 +1482,23 @@ public void Redirect_UriCannotContainsFragment() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table477 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table496 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table477.AddRow(new string[] { + table496.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table477.AddRow(new string[] { + table496.AddRow(new string[] { "client_secret", "password"}); - table477.AddRow(new string[] { + table496.AddRow(new string[] { "scope", "register"}); - table477.AddRow(new string[] { + table496.AddRow(new string[] { "grant_type", "client_credentials"}); #line 427 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table477, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table496, "When "); #line hidden #line 434 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1506,20 +1506,20 @@ public void Redirect_UriCannotContainsFragment() #line 435 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table478 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table497 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table478.AddRow(new string[] { + table497.AddRow(new string[] { "redirect_uris", "[\"http://localhost#foobar\"]"}); - table478.AddRow(new string[] { + table497.AddRow(new string[] { "application_type", "web"}); - table478.AddRow(new string[] { + table497.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 437 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table478, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table497, "And "); #line hidden #line 443 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1552,23 +1552,23 @@ public void NativeClientMustHaveAValidRedirect_Uri() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table479 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table498 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table479.AddRow(new string[] { + table498.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table479.AddRow(new string[] { + table498.AddRow(new string[] { "client_secret", "password"}); - table479.AddRow(new string[] { + table498.AddRow(new string[] { "scope", "register"}); - table479.AddRow(new string[] { + table498.AddRow(new string[] { "grant_type", "client_credentials"}); #line 449 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table479, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table498, "When "); #line hidden #line 456 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1576,20 +1576,20 @@ public void NativeClientMustHaveAValidRedirect_Uri() #line 457 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table480 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table499 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table480.AddRow(new string[] { + table499.AddRow(new string[] { "redirect_uris", "[\"invalid\"]"}); - table480.AddRow(new string[] { + table499.AddRow(new string[] { "application_type", "native"}); - table480.AddRow(new string[] { + table499.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 459 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table480, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table499, "And "); #line hidden #line 465 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1622,23 +1622,23 @@ public void Redirect_UriMustHaveHttpsScheme() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table481 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table500 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table481.AddRow(new string[] { + table500.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table481.AddRow(new string[] { + table500.AddRow(new string[] { "client_secret", "password"}); - table481.AddRow(new string[] { + table500.AddRow(new string[] { "scope", "register"}); - table481.AddRow(new string[] { + table500.AddRow(new string[] { "grant_type", "client_credentials"}); #line 471 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table481, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table500, "When "); #line hidden #line 478 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1646,17 +1646,17 @@ public void Redirect_UriMustHaveHttpsScheme() #line 479 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table482 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table501 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table482.AddRow(new string[] { + table501.AddRow(new string[] { "redirect_uris", "[\"http://localhost\"]"}); - table482.AddRow(new string[] { + table501.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 481 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table482, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table501, "And "); #line hidden #line 486 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1689,23 +1689,23 @@ public void WebClientCannotHaveRedirect_UriPointingToLocalhost() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table483 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table502 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table483.AddRow(new string[] { + table502.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table483.AddRow(new string[] { + table502.AddRow(new string[] { "client_secret", "password"}); - table483.AddRow(new string[] { + table502.AddRow(new string[] { "scope", "register"}); - table483.AddRow(new string[] { + table502.AddRow(new string[] { "grant_type", "client_credentials"}); #line 492 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table483, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table502, "When "); #line hidden #line 499 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -1713,17 +1713,17 @@ public void WebClientCannotHaveRedirect_UriPointingToLocalhost() #line 500 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table484 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table503 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table484.AddRow(new string[] { + table503.AddRow(new string[] { "redirect_uris", "[\"https://localhost\"]"}); - table484.AddRow(new string[] { + table503.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 502 - testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table484, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/register\'", ((string)(null)), table503, "And "); #line hidden #line 507 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RequestObject.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RequestObject.feature.cs index 378813e86..764140556 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RequestObject.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RequestObject.feature.cs @@ -104,57 +104,57 @@ public void IdentityTokenAndAuthorizationCodeAreReturnedWhenPassingJWSRequestPar #line 5 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table485 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table504 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table485.AddRow(new string[] { + table504.AddRow(new string[] { "iss", "thirtyOneClient"}); - table485.AddRow(new string[] { + table504.AddRow(new string[] { "aud", "aud"}); - table485.AddRow(new string[] { + table504.AddRow(new string[] { "response_type", "code id_token"}); - table485.AddRow(new string[] { + table504.AddRow(new string[] { "client_id", "thirtyOneClient"}); - table485.AddRow(new string[] { + table504.AddRow(new string[] { "response_mode", "query"}); - table485.AddRow(new string[] { + table504.AddRow(new string[] { "scope", "openid email"}); - table485.AddRow(new string[] { + table504.AddRow(new string[] { "nonce", "nonce"}); - table485.AddRow(new string[] { + table504.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 6 testRunner.And("build JWS request object for client \'thirtyOneClient\' and sign with the key \'keyI" + - "d\'", ((string)(null)), table485, "And "); + "d\'", ((string)(null)), table504, "And "); #line hidden - TechTalk.SpecFlow.Table table486 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table505 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table486.AddRow(new string[] { + table505.AddRow(new string[] { "request", "$request$"}); - table486.AddRow(new string[] { + table505.AddRow(new string[] { "response_type", "code id_token"}); - table486.AddRow(new string[] { + table505.AddRow(new string[] { "client_id", "thirtyOneClient"}); - table486.AddRow(new string[] { + table505.AddRow(new string[] { "state", "state"}); - table486.AddRow(new string[] { + table505.AddRow(new string[] { "scope", "openid email"}); #line 17 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table486, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table505, "When "); #line hidden #line 25 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -220,57 +220,57 @@ public void IdentityTokenAndAuthorizationCodeAreReturnedWhenPassingJWERequestPar #line 40 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table487 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table506 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table487.AddRow(new string[] { + table506.AddRow(new string[] { "iss", "thirtyTwoClient"}); - table487.AddRow(new string[] { + table506.AddRow(new string[] { "aud", "aud"}); - table487.AddRow(new string[] { + table506.AddRow(new string[] { "response_type", "code id_token"}); - table487.AddRow(new string[] { + table506.AddRow(new string[] { "client_id", "thirtyTwoClient"}); - table487.AddRow(new string[] { + table506.AddRow(new string[] { "response_mode", "query"}); - table487.AddRow(new string[] { + table506.AddRow(new string[] { "scope", "openid email"}); - table487.AddRow(new string[] { + table506.AddRow(new string[] { "nonce", "nonce"}); - table487.AddRow(new string[] { + table506.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 41 testRunner.And("build JWE request object for client \'thirtyTwoClient\' and sign with the key \'keyI" + - "d\' and encrypt with the key \'keyid4\'", ((string)(null)), table487, "And "); + "d\' and encrypt with the key \'keyid4\'", ((string)(null)), table506, "And "); #line hidden - TechTalk.SpecFlow.Table table488 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table507 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table488.AddRow(new string[] { + table507.AddRow(new string[] { "request", "$request$"}); - table488.AddRow(new string[] { + table507.AddRow(new string[] { "response_type", "code id_token"}); - table488.AddRow(new string[] { + table507.AddRow(new string[] { "client_id", "thirtyTwoClient"}); - table488.AddRow(new string[] { + table507.AddRow(new string[] { "state", "state"}); - table488.AddRow(new string[] { + table507.AddRow(new string[] { "scope", "openid email"}); #line 52 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table488, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table507, "When "); #line hidden #line 60 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/ResponseModes.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/ResponseModes.feature.cs index e5c0dab3a..24bb35ace 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/ResponseModes.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/ResponseModes.feature.cs @@ -101,32 +101,32 @@ public void JWTResponseIsReturnedAsAFragmentParameter() #line 5 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table489 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table508 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table489.AddRow(new string[] { + table508.AddRow(new string[] { "response_type", "token"}); - table489.AddRow(new string[] { + table508.AddRow(new string[] { "client_id", "fiftyFourClient"}); - table489.AddRow(new string[] { + table508.AddRow(new string[] { "state", "state"}); - table489.AddRow(new string[] { + table508.AddRow(new string[] { "response_mode", "fragment.jwt"}); - table489.AddRow(new string[] { + table508.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table489.AddRow(new string[] { + table508.AddRow(new string[] { "nonce", "nonce"}); - table489.AddRow(new string[] { + table508.AddRow(new string[] { "scope", "openid profile"}); #line 7 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table489, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table508, "When "); #line hidden #line 17 testRunner.And("extract parameter \'response\' from redirect url fragment", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RevokeToken.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RevokeToken.feature.cs index ebd7f815e..2d1124733 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RevokeToken.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RevokeToken.feature.cs @@ -98,23 +98,23 @@ public void RevokeAccess_Token() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table490 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table509 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table490.AddRow(new string[] { + table509.AddRow(new string[] { "client_id", "firstClient"}); - table490.AddRow(new string[] { + table509.AddRow(new string[] { "client_secret", "password"}); - table490.AddRow(new string[] { + table509.AddRow(new string[] { "scope", "firstScope"}); - table490.AddRow(new string[] { + table509.AddRow(new string[] { "grant_type", "client_credentials"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table490, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table509, "When "); #line hidden #line 12 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -122,23 +122,23 @@ public void RevokeAccess_Token() #line 13 testRunner.And("extract parameter \'$.access_token\' from JSON body into \'accessToken\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table491 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table510 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table491.AddRow(new string[] { + table510.AddRow(new string[] { "client_id", "firstClient"}); - table491.AddRow(new string[] { + table510.AddRow(new string[] { "client_secret", "password"}); - table491.AddRow(new string[] { + table510.AddRow(new string[] { "token", "$accessToken$"}); - table491.AddRow(new string[] { + table510.AddRow(new string[] { "token_type_hint", "access_token"}); #line 15 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token/revoke\'", ((string)(null)), table491, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token/revoke\'", ((string)(null)), table510, "When "); #line hidden #line 22 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RevokeTokenErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RevokeTokenErrors.feature.cs index 86898d415..7dbe3edf3 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RevokeTokenErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/RevokeTokenErrors.feature.cs @@ -98,11 +98,11 @@ public void ErrorIsReturnedWhenTokenIsMissing() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table492 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table511 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token/revoke\'", ((string)(null)), table492, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token/revoke\'", ((string)(null)), table511, "When "); #line hidden #line 8 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -138,17 +138,17 @@ public void ErrorIsReturnedWhenToken_Type_HintIsInvalid() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table493 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table512 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table493.AddRow(new string[] { + table512.AddRow(new string[] { "token", "token"}); - table493.AddRow(new string[] { + table512.AddRow(new string[] { "token_type_hint", "bad"}); #line 15 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token/revoke\'", ((string)(null)), table493, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token/revoke\'", ((string)(null)), table512, "When "); #line hidden #line 20 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/SubjectType.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/SubjectType.feature.cs index fde2592d7..951670a6d 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/SubjectType.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/SubjectType.feature.cs @@ -101,35 +101,35 @@ public void GetPairwiseSubject() #line 5 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table494 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table513 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table494.AddRow(new string[] { + table513.AddRow(new string[] { "response_type", "id_token"}); - table494.AddRow(new string[] { + table513.AddRow(new string[] { "client_id", "thirtyThreeClient"}); - table494.AddRow(new string[] { + table513.AddRow(new string[] { "state", "state"}); - table494.AddRow(new string[] { + table513.AddRow(new string[] { "response_mode", "query"}); - table494.AddRow(new string[] { + table513.AddRow(new string[] { "scope", "openid email role"}); - table494.AddRow(new string[] { + table513.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table494.AddRow(new string[] { + table513.AddRow(new string[] { "nonce", "nonce"}); - table494.AddRow(new string[] { + table513.AddRow(new string[] { "display", "popup"}); #line 6 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table494, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table513, "When "); #line hidden #line 17 testRunner.And("extract parameter \'id_token\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/TokenErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/TokenErrors.feature.cs index 59b09948c..34debe159 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/TokenErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/TokenErrors.feature.cs @@ -98,11 +98,11 @@ public void SendAnEmptyRequest() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table495 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table514 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 5 - testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table495, "When "); + testRunner.When("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table514, "When "); #line hidden #line 8 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -141,29 +141,29 @@ public void AuthorizationCannotUsedTwice() #line 15 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table496 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table515 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table496.AddRow(new string[] { + table515.AddRow(new string[] { "response_type", "code"}); - table496.AddRow(new string[] { + table515.AddRow(new string[] { "client_id", "thirdClient"}); - table496.AddRow(new string[] { + table515.AddRow(new string[] { "state", "state"}); - table496.AddRow(new string[] { + table515.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table496.AddRow(new string[] { + table515.AddRow(new string[] { "response_mode", "query"}); - table496.AddRow(new string[] { + table515.AddRow(new string[] { "scope", "secondScope"}); #line 16 - testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table496, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/authorization\'", ((string)(null)), table515, "When "); #line hidden #line 25 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -171,47 +171,47 @@ public void AuthorizationCannotUsedTwice() #line 26 testRunner.And("extract parameter \'state\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table497 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table516 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table497.AddRow(new string[] { + table516.AddRow(new string[] { "client_id", "thirdClient"}); - table497.AddRow(new string[] { + table516.AddRow(new string[] { "client_secret", "password"}); - table497.AddRow(new string[] { + table516.AddRow(new string[] { "grant_type", "authorization_code"}); - table497.AddRow(new string[] { + table516.AddRow(new string[] { "code", "$code$"}); - table497.AddRow(new string[] { + table516.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 28 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table497, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table516, "And "); #line hidden - TechTalk.SpecFlow.Table table498 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table517 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table498.AddRow(new string[] { + table517.AddRow(new string[] { "client_id", "thirdClient"}); - table498.AddRow(new string[] { + table517.AddRow(new string[] { "client_secret", "password"}); - table498.AddRow(new string[] { + table517.AddRow(new string[] { "grant_type", "authorization_code"}); - table498.AddRow(new string[] { + table517.AddRow(new string[] { "code", "$code$"}); - table498.AddRow(new string[] { + table517.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 36 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table498, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table517, "And "); #line hidden #line 44 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAPermissions.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAPermissions.feature.cs index 6fa1096ef..e5886085a 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAPermissions.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAPermissions.feature.cs @@ -98,23 +98,23 @@ public void GetAPermissonTicket() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table499 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table518 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table499.AddRow(new string[] { + table518.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table499.AddRow(new string[] { + table518.AddRow(new string[] { "client_secret", "password"}); - table499.AddRow(new string[] { + table518.AddRow(new string[] { "scope", "uma_protection"}); - table499.AddRow(new string[] { + table518.AddRow(new string[] { "grant_type", "client_credentials"}); #line 5 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table499, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table518, "When "); #line hidden #line 12 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -122,38 +122,38 @@ public void GetAPermissonTicket() #line 13 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table500 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table519 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table500.AddRow(new string[] { + table519.AddRow(new string[] { "resource_scopes", "[\"scope1\",\"scope2\"]"}); - table500.AddRow(new string[] { + table519.AddRow(new string[] { "subject", "user1"}); - table500.AddRow(new string[] { + table519.AddRow(new string[] { "icon_uri", "icon"}); - table500.AddRow(new string[] { + table519.AddRow(new string[] { "name#fr", "nom"}); - table500.AddRow(new string[] { + table519.AddRow(new string[] { "name#en", "name"}); - table500.AddRow(new string[] { + table519.AddRow(new string[] { "description#fr", "descriptionFR"}); - table500.AddRow(new string[] { + table519.AddRow(new string[] { "description#en", "descriptionEN"}); - table500.AddRow(new string[] { + table519.AddRow(new string[] { "type", "type"}); - table500.AddRow(new string[] { + table519.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 15 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table500, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table519, "And "); #line hidden #line 27 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -161,20 +161,20 @@ public void GetAPermissonTicket() #line 28 testRunner.And("extract parameter \'_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table501 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table520 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table501.AddRow(new string[] { + table520.AddRow(new string[] { "resource_id", "$_id$"}); - table501.AddRow(new string[] { + table520.AddRow(new string[] { "resource_scopes", "[\"scope1\",\"scope2\"]"}); - table501.AddRow(new string[] { + table520.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 30 - testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table501, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table520, "And "); #line hidden #line 36 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAPermissionsErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAPermissionsErrors.feature.cs index 3f56e38c6..18c6f73b6 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAPermissionsErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAPermissionsErrors.feature.cs @@ -98,23 +98,23 @@ public void Resource_IdParameterIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table502 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table521 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table502.AddRow(new string[] { + table521.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table502.AddRow(new string[] { + table521.AddRow(new string[] { "client_secret", "password"}); - table502.AddRow(new string[] { + table521.AddRow(new string[] { "scope", "uma_protection"}); - table502.AddRow(new string[] { + table521.AddRow(new string[] { "grant_type", "client_credentials"}); #line 5 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table502, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table521, "When "); #line hidden #line 12 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -122,14 +122,14 @@ public void Resource_IdParameterIsRequired() #line 13 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table503 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table522 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table503.AddRow(new string[] { + table522.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 15 - testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table503, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table522, "And "); #line hidden #line 19 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -165,23 +165,23 @@ public void Resource_ScopesParameterIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table504 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table523 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table504.AddRow(new string[] { + table523.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table504.AddRow(new string[] { + table523.AddRow(new string[] { "client_secret", "password"}); - table504.AddRow(new string[] { + table523.AddRow(new string[] { "scope", "uma_protection"}); - table504.AddRow(new string[] { + table523.AddRow(new string[] { "grant_type", "client_credentials"}); #line 26 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table504, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table523, "When "); #line hidden #line 33 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -189,17 +189,17 @@ public void Resource_ScopesParameterIsRequired() #line 34 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table505 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table524 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table505.AddRow(new string[] { + table524.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table505.AddRow(new string[] { + table524.AddRow(new string[] { "resource_id", "id"}); #line 36 - testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table505, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table524, "And "); #line hidden #line 41 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -235,23 +235,23 @@ public void Resource_IdMustExists() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table506 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table525 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table506.AddRow(new string[] { + table525.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table506.AddRow(new string[] { + table525.AddRow(new string[] { "client_secret", "password"}); - table506.AddRow(new string[] { + table525.AddRow(new string[] { "scope", "uma_protection"}); - table506.AddRow(new string[] { + table525.AddRow(new string[] { "grant_type", "client_credentials"}); #line 48 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table506, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table525, "When "); #line hidden #line 55 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -259,20 +259,20 @@ public void Resource_IdMustExists() #line 56 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table507 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table526 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table507.AddRow(new string[] { + table526.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table507.AddRow(new string[] { + table526.AddRow(new string[] { "resource_id", "invalid"}); - table507.AddRow(new string[] { + table526.AddRow(new string[] { "resource_scopes", "[ \"scope\" ]"}); #line 58 - testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table507, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table526, "And "); #line hidden #line 64 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -309,23 +309,23 @@ public void ScopeMustBeValid() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table508 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table527 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table508.AddRow(new string[] { + table527.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table508.AddRow(new string[] { + table527.AddRow(new string[] { "client_secret", "password"}); - table508.AddRow(new string[] { + table527.AddRow(new string[] { "scope", "uma_protection"}); - table508.AddRow(new string[] { + table527.AddRow(new string[] { "grant_type", "client_credentials"}); #line 71 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table508, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table527, "When "); #line hidden #line 78 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -333,20 +333,20 @@ public void ScopeMustBeValid() #line 79 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table509 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table528 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table509.AddRow(new string[] { + table528.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table509.AddRow(new string[] { + table528.AddRow(new string[] { "resource_id", "id"}); - table509.AddRow(new string[] { + table528.AddRow(new string[] { "resource_scopes", "[ \"invalid\" ]"}); #line 81 - testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table509, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/perm\'", ((string)(null)), table528, "And "); #line hidden #line 87 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAResource.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAResource.feature.cs index f86da7a94..804da4a29 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAResource.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAResource.feature.cs @@ -98,23 +98,23 @@ public void AddUMAResource() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table510 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table529 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table510.AddRow(new string[] { + table529.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table510.AddRow(new string[] { + table529.AddRow(new string[] { "client_secret", "password"}); - table510.AddRow(new string[] { + table529.AddRow(new string[] { "scope", "uma_protection"}); - table510.AddRow(new string[] { + table529.AddRow(new string[] { "grant_type", "client_credentials"}); #line 5 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table510, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table529, "When "); #line hidden #line 12 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -122,38 +122,38 @@ public void AddUMAResource() #line 13 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table511 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table530 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table511.AddRow(new string[] { + table530.AddRow(new string[] { "resource_scopes", "[\"scope1\",\"scope2\"]"}); - table511.AddRow(new string[] { + table530.AddRow(new string[] { "subject", "user1"}); - table511.AddRow(new string[] { + table530.AddRow(new string[] { "icon_uri", "icon"}); - table511.AddRow(new string[] { + table530.AddRow(new string[] { "name#fr", "nom"}); - table511.AddRow(new string[] { + table530.AddRow(new string[] { "name#en", "name"}); - table511.AddRow(new string[] { + table530.AddRow(new string[] { "description#fr", "descriptionFR"}); - table511.AddRow(new string[] { + table530.AddRow(new string[] { "description#en", "descriptionEN"}); - table511.AddRow(new string[] { + table530.AddRow(new string[] { "type", "type"}); - table511.AddRow(new string[] { + table530.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 15 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table511, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table530, "And "); #line hidden #line 27 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -189,23 +189,23 @@ public void GetUMAResource() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table512 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table531 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table512.AddRow(new string[] { + table531.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table512.AddRow(new string[] { + table531.AddRow(new string[] { "client_secret", "password"}); - table512.AddRow(new string[] { + table531.AddRow(new string[] { "scope", "uma_protection"}); - table512.AddRow(new string[] { + table531.AddRow(new string[] { "grant_type", "client_credentials"}); #line 34 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table512, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table531, "When "); #line hidden #line 41 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -213,38 +213,38 @@ public void GetUMAResource() #line 42 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table513 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table532 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table513.AddRow(new string[] { + table532.AddRow(new string[] { "resource_scopes", "[\"scope1\",\"scope2\"]"}); - table513.AddRow(new string[] { + table532.AddRow(new string[] { "subject", "user1"}); - table513.AddRow(new string[] { + table532.AddRow(new string[] { "icon_uri", "icon"}); - table513.AddRow(new string[] { + table532.AddRow(new string[] { "name#fr", "nom"}); - table513.AddRow(new string[] { + table532.AddRow(new string[] { "name#en", "name"}); - table513.AddRow(new string[] { + table532.AddRow(new string[] { "description#fr", "descriptionFR"}); - table513.AddRow(new string[] { + table532.AddRow(new string[] { "description#en", "descriptionEN"}); - table513.AddRow(new string[] { + table532.AddRow(new string[] { "type", "type"}); - table513.AddRow(new string[] { + table532.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 44 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table513, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table532, "And "); #line hidden #line 56 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -252,14 +252,14 @@ public void GetUMAResource() #line 57 testRunner.And("extract parameter \'_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table514 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table533 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table514.AddRow(new string[] { + table533.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 59 - testRunner.And("execute HTTP GET request \'http://localhost/rreguri/$_id$\'", ((string)(null)), table514, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/rreguri/$_id$\'", ((string)(null)), table533, "And "); #line hidden #line 63 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -310,23 +310,23 @@ public void DeleteUMAResource() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table515 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table534 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table515.AddRow(new string[] { + table534.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table515.AddRow(new string[] { + table534.AddRow(new string[] { "client_secret", "password"}); - table515.AddRow(new string[] { + table534.AddRow(new string[] { "scope", "uma_protection"}); - table515.AddRow(new string[] { + table534.AddRow(new string[] { "grant_type", "client_credentials"}); #line 75 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table515, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table534, "When "); #line hidden #line 82 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -334,38 +334,38 @@ public void DeleteUMAResource() #line 83 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table516 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table535 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table516.AddRow(new string[] { + table535.AddRow(new string[] { "resource_scopes", "[\"scope1\",\"scope2\"]"}); - table516.AddRow(new string[] { + table535.AddRow(new string[] { "subject", "user1"}); - table516.AddRow(new string[] { + table535.AddRow(new string[] { "icon_uri", "icon"}); - table516.AddRow(new string[] { + table535.AddRow(new string[] { "name#fr", "nom"}); - table516.AddRow(new string[] { + table535.AddRow(new string[] { "name#en", "name"}); - table516.AddRow(new string[] { + table535.AddRow(new string[] { "description#fr", "descriptionFR"}); - table516.AddRow(new string[] { + table535.AddRow(new string[] { "description#en", "descriptionEN"}); - table516.AddRow(new string[] { + table535.AddRow(new string[] { "type", "type"}); - table516.AddRow(new string[] { + table535.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 85 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table516, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table535, "And "); #line hidden #line 97 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -373,14 +373,14 @@ public void DeleteUMAResource() #line 98 testRunner.And("extract parameter \'_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table517 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table536 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table517.AddRow(new string[] { + table536.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 100 - testRunner.And("execute HTTP DELETE request \'http://localhost/rreguri/$_id$\'", ((string)(null)), table517, "And "); + testRunner.And("execute HTTP DELETE request \'http://localhost/rreguri/$_id$\'", ((string)(null)), table536, "And "); #line hidden #line 104 testRunner.Then("HTTP status code equals to \'204\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); @@ -407,23 +407,23 @@ public void AddUMAPermissions() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table518 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table537 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table518.AddRow(new string[] { + table537.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table518.AddRow(new string[] { + table537.AddRow(new string[] { "client_secret", "password"}); - table518.AddRow(new string[] { + table537.AddRow(new string[] { "scope", "uma_protection"}); - table518.AddRow(new string[] { + table537.AddRow(new string[] { "grant_type", "client_credentials"}); #line 107 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table518, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table537, "When "); #line hidden #line 114 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -431,38 +431,38 @@ public void AddUMAPermissions() #line 115 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table519 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table538 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table519.AddRow(new string[] { + table538.AddRow(new string[] { "resource_scopes", "[\"scope1\",\"scope2\"]"}); - table519.AddRow(new string[] { + table538.AddRow(new string[] { "subject", "user1"}); - table519.AddRow(new string[] { + table538.AddRow(new string[] { "icon_uri", "icon"}); - table519.AddRow(new string[] { + table538.AddRow(new string[] { "name#fr", "nom"}); - table519.AddRow(new string[] { + table538.AddRow(new string[] { "name#en", "name"}); - table519.AddRow(new string[] { + table538.AddRow(new string[] { "description#fr", "descriptionFR"}); - table519.AddRow(new string[] { + table538.AddRow(new string[] { "description#en", "descriptionEN"}); - table519.AddRow(new string[] { + table538.AddRow(new string[] { "type", "type"}); - table519.AddRow(new string[] { + table538.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 117 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table519, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table538, "And "); #line hidden #line 129 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -470,17 +470,17 @@ public void AddUMAPermissions() #line 130 testRunner.And("extract parameter \'_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table520 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table539 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table520.AddRow(new string[] { + table539.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table520.AddRow(new string[] { + table539.AddRow(new string[] { "permissions", "[ { \"claims\": [ { \"name\": \"sub\", \"value\": \"user\" } ], \"scopes\": [ \"scope\" ] } ]"}); #line 132 - testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/$_id$/permissions\'", ((string)(null)), table520, "And "); + testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/$_id$/permissions\'", ((string)(null)), table539, "And "); #line hidden #line 137 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -513,23 +513,23 @@ public void DeleteUMAPermissions() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table521 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table540 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table521.AddRow(new string[] { + table540.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table521.AddRow(new string[] { + table540.AddRow(new string[] { "client_secret", "password"}); - table521.AddRow(new string[] { + table540.AddRow(new string[] { "scope", "uma_protection"}); - table521.AddRow(new string[] { + table540.AddRow(new string[] { "grant_type", "client_credentials"}); #line 143 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table521, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table540, "When "); #line hidden #line 150 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -537,38 +537,38 @@ public void DeleteUMAPermissions() #line 151 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table522 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table541 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table522.AddRow(new string[] { + table541.AddRow(new string[] { "resource_scopes", "[\"scope1\",\"scope2\"]"}); - table522.AddRow(new string[] { + table541.AddRow(new string[] { "subject", "user1"}); - table522.AddRow(new string[] { + table541.AddRow(new string[] { "icon_uri", "icon"}); - table522.AddRow(new string[] { + table541.AddRow(new string[] { "name#fr", "nom"}); - table522.AddRow(new string[] { + table541.AddRow(new string[] { "name#en", "name"}); - table522.AddRow(new string[] { + table541.AddRow(new string[] { "description#fr", "descriptionFR"}); - table522.AddRow(new string[] { + table541.AddRow(new string[] { "description#en", "descriptionEN"}); - table522.AddRow(new string[] { + table541.AddRow(new string[] { "type", "type"}); - table522.AddRow(new string[] { + table541.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 153 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table522, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table541, "And "); #line hidden #line 165 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -576,26 +576,26 @@ public void DeleteUMAPermissions() #line 166 testRunner.And("extract parameter \'_id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table523 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table542 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table523.AddRow(new string[] { + table542.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table523.AddRow(new string[] { + table542.AddRow(new string[] { "permissions", "[ { \"claims\": [ { \"name\": \"sub\", \"value\": \"user\" } ], \"scopes\": [ \"scope\" ] } ]"}); #line 168 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri/$_id$/permissions\'", ((string)(null)), table523, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri/$_id$/permissions\'", ((string)(null)), table542, "And "); #line hidden - TechTalk.SpecFlow.Table table524 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table543 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table524.AddRow(new string[] { + table543.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 173 - testRunner.And("execute HTTP DELETE request \'http://localhost/rreguri/$_id$\'", ((string)(null)), table524, "And "); + testRunner.And("execute HTTP DELETE request \'http://localhost/rreguri/$_id$\'", ((string)(null)), table543, "And "); #line hidden #line 177 testRunner.Then("HTTP status code equals to \'204\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAResourceErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAResourceErrors.feature.cs index a0d284d51..4b9706ab8 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAResourceErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UMAResourceErrors.feature.cs @@ -98,23 +98,23 @@ public void CannotRetrieveUnknownUMAResource() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table525 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table544 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table525.AddRow(new string[] { + table544.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table525.AddRow(new string[] { + table544.AddRow(new string[] { "client_secret", "password"}); - table525.AddRow(new string[] { + table544.AddRow(new string[] { "scope", "uma_protection"}); - table525.AddRow(new string[] { + table544.AddRow(new string[] { "grant_type", "client_credentials"}); #line 5 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table525, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table544, "When "); #line hidden #line 12 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -122,14 +122,14 @@ public void CannotRetrieveUnknownUMAResource() #line 13 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table526 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table545 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table526.AddRow(new string[] { + table545.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 15 - testRunner.And("execute HTTP GET request \'http://localhost/rreguri/1\'", ((string)(null)), table526, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/rreguri/1\'", ((string)(null)), table545, "And "); #line hidden #line 19 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -165,23 +165,23 @@ public void ImpossibleToAddUMAResourceWhenResource_ScopesParameterIsMissing() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table527 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table546 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table527.AddRow(new string[] { + table546.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table527.AddRow(new string[] { + table546.AddRow(new string[] { "client_secret", "password"}); - table527.AddRow(new string[] { + table546.AddRow(new string[] { "scope", "uma_protection"}); - table527.AddRow(new string[] { + table546.AddRow(new string[] { "grant_type", "client_credentials"}); #line 26 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table527, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table546, "When "); #line hidden #line 33 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -189,14 +189,14 @@ public void ImpossibleToAddUMAResourceWhenResource_ScopesParameterIsMissing() #line 34 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table528 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table547 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table528.AddRow(new string[] { + table547.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 36 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table528, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table547, "And "); #line hidden #line 40 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -232,23 +232,23 @@ public void ImpossibleToAddUMAResourceWhenSubjectParameterIsMissing() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table529 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table548 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table529.AddRow(new string[] { + table548.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table529.AddRow(new string[] { + table548.AddRow(new string[] { "client_secret", "password"}); - table529.AddRow(new string[] { + table548.AddRow(new string[] { "scope", "uma_protection"}); - table529.AddRow(new string[] { + table548.AddRow(new string[] { "grant_type", "client_credentials"}); #line 47 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table529, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table548, "When "); #line hidden #line 54 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -256,17 +256,17 @@ public void ImpossibleToAddUMAResourceWhenSubjectParameterIsMissing() #line 55 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table530 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table549 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table530.AddRow(new string[] { + table549.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table530.AddRow(new string[] { + table549.AddRow(new string[] { "resource_scopes", "[ \"scope\" ]"}); #line 57 - testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table530, "And "); + testRunner.And("execute HTTP POST JSON request \'http://localhost/rreguri\'", ((string)(null)), table549, "And "); #line hidden #line 62 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -302,23 +302,23 @@ public void ImpossibleToUpdateUMAResourceWhenResource_ScopesIsMissing() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table531 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table550 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table531.AddRow(new string[] { + table550.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table531.AddRow(new string[] { + table550.AddRow(new string[] { "client_secret", "password"}); - table531.AddRow(new string[] { + table550.AddRow(new string[] { "scope", "uma_protection"}); - table531.AddRow(new string[] { + table550.AddRow(new string[] { "grant_type", "client_credentials"}); #line 69 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table531, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table550, "When "); #line hidden #line 76 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -326,14 +326,14 @@ public void ImpossibleToUpdateUMAResourceWhenResource_ScopesIsMissing() #line 77 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table532 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table551 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table532.AddRow(new string[] { + table551.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 79 - testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/id\'", ((string)(null)), table532, "And "); + testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/id\'", ((string)(null)), table551, "And "); #line hidden #line 83 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -369,23 +369,23 @@ public void ImpossibleToUpdateAnUnknownUMAResource() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table533 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table552 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table533.AddRow(new string[] { + table552.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table533.AddRow(new string[] { + table552.AddRow(new string[] { "client_secret", "password"}); - table533.AddRow(new string[] { + table552.AddRow(new string[] { "scope", "uma_protection"}); - table533.AddRow(new string[] { + table552.AddRow(new string[] { "grant_type", "client_credentials"}); #line 90 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table533, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table552, "When "); #line hidden #line 97 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -393,17 +393,17 @@ public void ImpossibleToUpdateAnUnknownUMAResource() #line 98 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table534 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table553 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table534.AddRow(new string[] { + table553.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table534.AddRow(new string[] { + table553.AddRow(new string[] { "resource_scopes", "[ \"scope\" ]"}); #line 100 - testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/unknown\'", ((string)(null)), table534, "And "); + testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/unknown\'", ((string)(null)), table553, "And "); #line hidden #line 105 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -439,23 +439,23 @@ public void ImpossibleToRemoveAnUnknownUMAResource() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table535 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table554 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table535.AddRow(new string[] { + table554.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table535.AddRow(new string[] { + table554.AddRow(new string[] { "client_secret", "password"}); - table535.AddRow(new string[] { + table554.AddRow(new string[] { "scope", "uma_protection"}); - table535.AddRow(new string[] { + table554.AddRow(new string[] { "grant_type", "client_credentials"}); #line 112 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table535, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table554, "When "); #line hidden #line 119 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -463,14 +463,14 @@ public void ImpossibleToRemoveAnUnknownUMAResource() #line 120 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table536 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table555 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table536.AddRow(new string[] { + table555.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 122 - testRunner.And("execute HTTP DELETE request \'http://localhost/rreguri/unknown\'", ((string)(null)), table536, "And "); + testRunner.And("execute HTTP DELETE request \'http://localhost/rreguri/unknown\'", ((string)(null)), table555, "And "); #line hidden #line 126 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -506,23 +506,23 @@ public void ImpossibleToUpdateThePermissionsWhenThePermissionsParameterIsMissing else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table537 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table556 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table537.AddRow(new string[] { + table556.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table537.AddRow(new string[] { + table556.AddRow(new string[] { "client_secret", "password"}); - table537.AddRow(new string[] { + table556.AddRow(new string[] { "scope", "uma_protection"}); - table537.AddRow(new string[] { + table556.AddRow(new string[] { "grant_type", "client_credentials"}); #line 133 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table537, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table556, "When "); #line hidden #line 140 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -530,14 +530,14 @@ public void ImpossibleToUpdateThePermissionsWhenThePermissionsParameterIsMissing #line 141 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table538 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table557 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table538.AddRow(new string[] { + table557.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 143 - testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/id/permissions\'", ((string)(null)), table538, "And "); + testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/id/permissions\'", ((string)(null)), table557, "And "); #line hidden #line 147 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -573,23 +573,23 @@ public void ImpossibleToUpdateThePermissionsWhenTheUMAResourceDoesntExist() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table539 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table558 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table539.AddRow(new string[] { + table558.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table539.AddRow(new string[] { + table558.AddRow(new string[] { "client_secret", "password"}); - table539.AddRow(new string[] { + table558.AddRow(new string[] { "scope", "uma_protection"}); - table539.AddRow(new string[] { + table558.AddRow(new string[] { "grant_type", "client_credentials"}); #line 154 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table539, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table558, "When "); #line hidden #line 161 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -597,17 +597,17 @@ public void ImpossibleToUpdateThePermissionsWhenTheUMAResourceDoesntExist() #line 162 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table540 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table559 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table540.AddRow(new string[] { + table559.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table540.AddRow(new string[] { + table559.AddRow(new string[] { "permissions", "[ { claims: [ { name: \"sub\", value: \"user\" } ], scopes: [ \"scope\" ] } ]"}); #line 164 - testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/unknown/permissions\'", ((string)(null)), table540, "And "); + testRunner.And("execute HTTP PUT JSON request \'http://localhost/rreguri/unknown/permissions\'", ((string)(null)), table559, "And "); #line hidden #line 169 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -643,23 +643,23 @@ public void ImpossibleToRemovePermissionsWhenTheUMAResourceDoesntExist() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table541 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table560 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table541.AddRow(new string[] { + table560.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table541.AddRow(new string[] { + table560.AddRow(new string[] { "client_secret", "password"}); - table541.AddRow(new string[] { + table560.AddRow(new string[] { "scope", "uma_protection"}); - table541.AddRow(new string[] { + table560.AddRow(new string[] { "grant_type", "client_credentials"}); #line 176 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table541, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table560, "When "); #line hidden #line 183 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -667,14 +667,14 @@ public void ImpossibleToRemovePermissionsWhenTheUMAResourceDoesntExist() #line 184 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table542 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table561 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table542.AddRow(new string[] { + table561.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 186 - testRunner.And("execute HTTP DELETE request \'http://localhost/rreguri/unknown/permissions\'", ((string)(null)), table542, "And "); + testRunner.And("execute HTTP DELETE request \'http://localhost/rreguri/unknown/permissions\'", ((string)(null)), table561, "And "); #line hidden #line 190 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -710,23 +710,23 @@ public void ImpossibleToGetPermissionsWhenTheUMAResourceDoesntExist() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table543 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table562 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table543.AddRow(new string[] { + table562.AddRow(new string[] { "client_id", "fiftyThreeClient"}); - table543.AddRow(new string[] { + table562.AddRow(new string[] { "client_secret", "password"}); - table543.AddRow(new string[] { + table562.AddRow(new string[] { "scope", "uma_protection"}); - table543.AddRow(new string[] { + table562.AddRow(new string[] { "grant_type", "client_credentials"}); #line 197 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table543, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table562, "When "); #line hidden #line 204 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -734,14 +734,14 @@ public void ImpossibleToGetPermissionsWhenTheUMAResourceDoesntExist() #line 205 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table544 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table563 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table544.AddRow(new string[] { + table563.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 207 - testRunner.And("execute HTTP GET request \'http://localhost/rreguri/unknown/permissions\'", ((string)(null)), table544, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/rreguri/unknown/permissions\'", ((string)(null)), table563, "And "); #line hidden #line 211 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UserInfo.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UserInfo.feature.cs index 2fb2af531..ecb6174c1 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UserInfo.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UserInfo.feature.cs @@ -101,59 +101,59 @@ public void ClaimsAreReturnedInJSONFormatHTTPGET() #line 5 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table545 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table564 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table545.AddRow(new string[] { + table564.AddRow(new string[] { "response_type", "code"}); - table545.AddRow(new string[] { + table564.AddRow(new string[] { "client_id", "thirtySevenClient"}); - table545.AddRow(new string[] { + table564.AddRow(new string[] { "state", "state"}); - table545.AddRow(new string[] { + table564.AddRow(new string[] { "response_mode", "query"}); - table545.AddRow(new string[] { + table564.AddRow(new string[] { "scope", "openid email role"}); - table545.AddRow(new string[] { + table564.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table545.AddRow(new string[] { + table564.AddRow(new string[] { "nonce", "nonce"}); - table545.AddRow(new string[] { + table564.AddRow(new string[] { "display", "popup"}); #line 6 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table545, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table564, "When "); #line hidden #line 17 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table546 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table565 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table546.AddRow(new string[] { + table565.AddRow(new string[] { "client_id", "thirtySevenClient"}); - table546.AddRow(new string[] { + table565.AddRow(new string[] { "client_secret", "password"}); - table546.AddRow(new string[] { + table565.AddRow(new string[] { "grant_type", "authorization_code"}); - table546.AddRow(new string[] { + table565.AddRow(new string[] { "code", "$code$"}); - table546.AddRow(new string[] { + table565.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 19 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table546, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table565, "And "); #line hidden #line 27 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -161,14 +161,14 @@ public void ClaimsAreReturnedInJSONFormatHTTPGET() #line 28 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table547 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table566 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table547.AddRow(new string[] { + table566.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 30 - testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table547, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table566, "And "); #line hidden #line 34 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -216,59 +216,59 @@ public void ClaimsAreReturnedInJSONFormatHTTPPOST() #line 44 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table548 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table567 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table548.AddRow(new string[] { + table567.AddRow(new string[] { "response_type", "code"}); - table548.AddRow(new string[] { + table567.AddRow(new string[] { "client_id", "thirtySevenClient"}); - table548.AddRow(new string[] { + table567.AddRow(new string[] { "state", "state"}); - table548.AddRow(new string[] { + table567.AddRow(new string[] { "response_mode", "query"}); - table548.AddRow(new string[] { + table567.AddRow(new string[] { "scope", "openid email role"}); - table548.AddRow(new string[] { + table567.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table548.AddRow(new string[] { + table567.AddRow(new string[] { "nonce", "nonce"}); - table548.AddRow(new string[] { + table567.AddRow(new string[] { "display", "popup"}); #line 45 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table548, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table567, "When "); #line hidden #line 56 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table549 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table568 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table549.AddRow(new string[] { + table568.AddRow(new string[] { "client_id", "thirtySevenClient"}); - table549.AddRow(new string[] { + table568.AddRow(new string[] { "client_secret", "password"}); - table549.AddRow(new string[] { + table568.AddRow(new string[] { "grant_type", "authorization_code"}); - table549.AddRow(new string[] { + table568.AddRow(new string[] { "code", "$code$"}); - table549.AddRow(new string[] { + table568.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 58 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table549, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table568, "And "); #line hidden #line 66 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -276,14 +276,14 @@ public void ClaimsAreReturnedInJSONFormatHTTPPOST() #line 67 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table550 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table569 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table550.AddRow(new string[] { + table569.AddRow(new string[] { "access_token", "$access_token$"}); #line 69 - testRunner.And("execute HTTP POST request \'http://localhost/userinfo\'", ((string)(null)), table550, "And "); + testRunner.And("execute HTTP POST request \'http://localhost/userinfo\'", ((string)(null)), table569, "And "); #line hidden #line 73 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -331,59 +331,59 @@ public void ClaimsAreReturnedInJWSToken() #line 83 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table551 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table570 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table551.AddRow(new string[] { + table570.AddRow(new string[] { "response_type", "code"}); - table551.AddRow(new string[] { + table570.AddRow(new string[] { "client_id", "thirtyEightClient"}); - table551.AddRow(new string[] { + table570.AddRow(new string[] { "state", "state"}); - table551.AddRow(new string[] { + table570.AddRow(new string[] { "response_mode", "query"}); - table551.AddRow(new string[] { + table570.AddRow(new string[] { "scope", "openid email role"}); - table551.AddRow(new string[] { + table570.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table551.AddRow(new string[] { + table570.AddRow(new string[] { "nonce", "nonce"}); - table551.AddRow(new string[] { + table570.AddRow(new string[] { "display", "popup"}); #line 84 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table551, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table570, "When "); #line hidden #line 95 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table552 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table571 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table552.AddRow(new string[] { + table571.AddRow(new string[] { "client_id", "thirtyEightClient"}); - table552.AddRow(new string[] { + table571.AddRow(new string[] { "client_secret", "password"}); - table552.AddRow(new string[] { + table571.AddRow(new string[] { "grant_type", "authorization_code"}); - table552.AddRow(new string[] { + table571.AddRow(new string[] { "code", "$code$"}); - table552.AddRow(new string[] { + table571.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 97 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table552, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table571, "And "); #line hidden #line 105 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -391,14 +391,14 @@ public void ClaimsAreReturnedInJWSToken() #line 106 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table553 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table572 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table553.AddRow(new string[] { + table572.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 108 - testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table553, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table572, "And "); #line hidden #line 112 testRunner.And("extract payload from HTTP body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -449,59 +449,59 @@ public void ClaimsAreReturnedInJWEToken() #line 123 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table554 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table573 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table554.AddRow(new string[] { + table573.AddRow(new string[] { "response_type", "code"}); - table554.AddRow(new string[] { + table573.AddRow(new string[] { "client_id", "thirtyNineClient"}); - table554.AddRow(new string[] { + table573.AddRow(new string[] { "state", "state"}); - table554.AddRow(new string[] { + table573.AddRow(new string[] { "response_mode", "query"}); - table554.AddRow(new string[] { + table573.AddRow(new string[] { "scope", "openid email role"}); - table554.AddRow(new string[] { + table573.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table554.AddRow(new string[] { + table573.AddRow(new string[] { "nonce", "nonce"}); - table554.AddRow(new string[] { + table573.AddRow(new string[] { "display", "popup"}); #line 124 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table554, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table573, "When "); #line hidden #line 135 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table555 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table574 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table555.AddRow(new string[] { + table574.AddRow(new string[] { "client_id", "thirtyNineClient"}); - table555.AddRow(new string[] { + table574.AddRow(new string[] { "client_secret", "password"}); - table555.AddRow(new string[] { + table574.AddRow(new string[] { "grant_type", "authorization_code"}); - table555.AddRow(new string[] { + table574.AddRow(new string[] { "code", "$code$"}); - table555.AddRow(new string[] { + table574.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 137 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table555, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table574, "And "); #line hidden #line 145 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -509,14 +509,14 @@ public void ClaimsAreReturnedInJWEToken() #line 146 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table556 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table575 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table556.AddRow(new string[] { + table575.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 148 - testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table556, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table575, "And "); #line hidden #line 152 testRunner.And("extract payload from HTTP body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -561,63 +561,63 @@ public void EssentialClaimsNameAndEmailAreReturnedByTheUserinfoEndpoint() #line 161 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table557 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table576 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table557.AddRow(new string[] { + table576.AddRow(new string[] { "response_type", "code"}); - table557.AddRow(new string[] { + table576.AddRow(new string[] { "client_id", "fortyClient"}); - table557.AddRow(new string[] { + table576.AddRow(new string[] { "state", "state"}); - table557.AddRow(new string[] { + table576.AddRow(new string[] { "response_mode", "query"}); - table557.AddRow(new string[] { + table576.AddRow(new string[] { "scope", "openid"}); - table557.AddRow(new string[] { + table576.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table557.AddRow(new string[] { + table576.AddRow(new string[] { "nonce", "nonce"}); - table557.AddRow(new string[] { + table576.AddRow(new string[] { "display", "popup"}); - table557.AddRow(new string[] { + table576.AddRow(new string[] { "claims", "{ \"userinfo\" : { \"name\": { \"essential\": true } , \"email\" : { \"essential\" : true " + "} } }"}); #line 162 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table557, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table576, "When "); #line hidden #line 174 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table558 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table577 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table558.AddRow(new string[] { + table577.AddRow(new string[] { "client_id", "fortyClient"}); - table558.AddRow(new string[] { + table577.AddRow(new string[] { "client_secret", "password"}); - table558.AddRow(new string[] { + table577.AddRow(new string[] { "grant_type", "authorization_code"}); - table558.AddRow(new string[] { + table577.AddRow(new string[] { "code", "$code$"}); - table558.AddRow(new string[] { + table577.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 176 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table558, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table577, "And "); #line hidden #line 184 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -625,14 +625,14 @@ public void EssentialClaimsNameAndEmailAreReturnedByTheUserinfoEndpoint() #line 185 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table559 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table578 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table559.AddRow(new string[] { + table578.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 187 - testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table559, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table578, "And "); #line hidden #line 191 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -674,59 +674,59 @@ public void ClaimsAreReturnedInJSONFormatHTTPGETReferenceAccessToken() #line 200 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table560 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table579 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table560.AddRow(new string[] { + table579.AddRow(new string[] { "response_type", "code"}); - table560.AddRow(new string[] { + table579.AddRow(new string[] { "client_id", "seventyClient"}); - table560.AddRow(new string[] { + table579.AddRow(new string[] { "state", "state"}); - table560.AddRow(new string[] { + table579.AddRow(new string[] { "response_mode", "query"}); - table560.AddRow(new string[] { + table579.AddRow(new string[] { "scope", "openid email role"}); - table560.AddRow(new string[] { + table579.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table560.AddRow(new string[] { + table579.AddRow(new string[] { "nonce", "nonce"}); - table560.AddRow(new string[] { + table579.AddRow(new string[] { "display", "popup"}); #line 201 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table560, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table579, "When "); #line hidden #line 212 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table561 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table580 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table561.AddRow(new string[] { + table580.AddRow(new string[] { "client_id", "seventyClient"}); - table561.AddRow(new string[] { + table580.AddRow(new string[] { "client_secret", "password"}); - table561.AddRow(new string[] { + table580.AddRow(new string[] { "grant_type", "authorization_code"}); - table561.AddRow(new string[] { + table580.AddRow(new string[] { "code", "$code$"}); - table561.AddRow(new string[] { + table580.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 214 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table561, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table580, "And "); #line hidden #line 222 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -734,14 +734,14 @@ public void ClaimsAreReturnedInJSONFormatHTTPGETReferenceAccessToken() #line 223 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table562 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table581 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table562.AddRow(new string[] { + table581.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 225 - testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table562, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table581, "And "); #line hidden #line 229 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UserInfoErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UserInfoErrors.feature.cs index 2424f3cac..770ab0535 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UserInfoErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UserInfoErrors.feature.cs @@ -98,11 +98,11 @@ public void AccessTokenIsRequiredHTTPGET() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table563 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table582 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 5 - testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table563, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table582, "When "); #line hidden #line 8 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -135,11 +135,11 @@ public void AccessTokenIsRequiredHTTPPOST() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table564 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table583 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 14 - testRunner.When("execute HTTP POST request \'http://localhost/userinfo\'", ((string)(null)), table564, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/userinfo\'", ((string)(null)), table583, "When "); #line hidden #line 17 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -172,11 +172,11 @@ public void Content_TypeCannotBeEqualsToApplicationJson() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table565 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table584 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 23 - testRunner.When("execute HTTP POST JSON request \'http://localhost/userinfo\'", ((string)(null)), table565, "When "); + testRunner.When("execute HTTP POST JSON request \'http://localhost/userinfo\'", ((string)(null)), table584, "When "); #line hidden #line 26 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -209,14 +209,14 @@ public void AccessTokenMustBeValid() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table566 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table585 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table566.AddRow(new string[] { + table585.AddRow(new string[] { "Authorization", "Bearer rnd rnd"}); #line 32 - testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table566, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table585, "When "); #line hidden #line 36 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -249,14 +249,14 @@ public void AccessTokenMustBeAJWT() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table567 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table586 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table567.AddRow(new string[] { + table586.AddRow(new string[] { "Authorization", "Bearer rnd"}); #line 42 - testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table567, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table586, "When "); #line hidden #line 46 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -290,23 +290,23 @@ public void UserMustExists() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table568 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table587 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table568.AddRow(new string[] { + table587.AddRow(new string[] { "sub", "unknown"}); #line 52 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table568, "Given "); + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table587, "Given "); #line hidden - TechTalk.SpecFlow.Table table569 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table588 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table569.AddRow(new string[] { + table588.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 56 - testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table569, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table588, "When "); #line hidden #line 60 testRunner.Then("HTTP status code equals to \'401\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); @@ -333,26 +333,26 @@ public void ClientIdentifierPresentsInTheAccessTokenMustBeValid() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table570 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table589 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table570.AddRow(new string[] { + table589.AddRow(new string[] { "sub", "user"}); - table570.AddRow(new string[] { + table589.AddRow(new string[] { "client_id", "invalid"}); #line 63 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table570, "Given "); + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table589, "Given "); #line hidden - TechTalk.SpecFlow.Table table571 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table590 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table571.AddRow(new string[] { + table590.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 68 - testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table571, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table590, "When "); #line hidden #line 72 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -385,29 +385,29 @@ public void ConsentMustBeConfirmedByTheEnd_User() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table572 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table591 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table572.AddRow(new string[] { + table591.AddRow(new string[] { "sub", "user"}); - table572.AddRow(new string[] { + table591.AddRow(new string[] { "client_id", "thirdClient"}); - table572.AddRow(new string[] { + table591.AddRow(new string[] { "scope", "profile"}); #line 78 - testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table572, "Given "); + testRunner.Given("build access_token and sign with the key \'keyid\'", ((string)(null)), table591, "Given "); #line hidden - TechTalk.SpecFlow.Table table573 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table592 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table573.AddRow(new string[] { + table592.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 84 - testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table573, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table592, "When "); #line hidden #line 88 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -443,59 +443,59 @@ public void RejectedAccessTokenCannotBeUsed() #line 94 testRunner.Given("authenticate a user", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); #line hidden - TechTalk.SpecFlow.Table table574 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table593 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table574.AddRow(new string[] { + table593.AddRow(new string[] { "response_type", "code"}); - table574.AddRow(new string[] { + table593.AddRow(new string[] { "client_id", "thirtySevenClient"}); - table574.AddRow(new string[] { + table593.AddRow(new string[] { "state", "state"}); - table574.AddRow(new string[] { + table593.AddRow(new string[] { "response_mode", "query"}); - table574.AddRow(new string[] { + table593.AddRow(new string[] { "scope", "openid email role"}); - table574.AddRow(new string[] { + table593.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); - table574.AddRow(new string[] { + table593.AddRow(new string[] { "nonce", "nonce"}); - table574.AddRow(new string[] { + table593.AddRow(new string[] { "display", "popup"}); #line 95 - testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table574, "When "); + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table593, "When "); #line hidden #line 106 testRunner.And("extract parameter \'code\' from redirect url", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table575 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table594 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table575.AddRow(new string[] { + table594.AddRow(new string[] { "client_id", "thirtySevenClient"}); - table575.AddRow(new string[] { + table594.AddRow(new string[] { "client_secret", "password"}); - table575.AddRow(new string[] { + table594.AddRow(new string[] { "grant_type", "authorization_code"}); - table575.AddRow(new string[] { + table594.AddRow(new string[] { "code", "$code$"}); - table575.AddRow(new string[] { + table594.AddRow(new string[] { "redirect_uri", "http://localhost:8080"}); #line 108 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table575, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token\'", ((string)(null)), table594, "And "); #line hidden #line 116 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -503,29 +503,29 @@ public void RejectedAccessTokenCannotBeUsed() #line 117 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table576 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table595 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table576.AddRow(new string[] { + table595.AddRow(new string[] { "token", "$access_token$"}); - table576.AddRow(new string[] { + table595.AddRow(new string[] { "client_id", "thirtySevenClient"}); - table576.AddRow(new string[] { + table595.AddRow(new string[] { "client_secret", "password"}); #line 119 - testRunner.And("execute HTTP POST request \'https://localhost:8080/token/revoke\'", ((string)(null)), table576, "And "); + testRunner.And("execute HTTP POST request \'https://localhost:8080/token/revoke\'", ((string)(null)), table595, "And "); #line hidden - TechTalk.SpecFlow.Table table577 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table596 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table577.AddRow(new string[] { + table596.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 125 - testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table577, "And "); + testRunner.And("execute HTTP GET request \'http://localhost/userinfo\'", ((string)(null)), table596, "And "); #line hidden #line 129 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Users.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Users.feature.cs index facfb0da6..a422a7f09 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Users.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Users.feature.cs @@ -98,23 +98,23 @@ public void CreateAUser() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table578 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table597 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table578.AddRow(new string[] { + table597.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table578.AddRow(new string[] { + table597.AddRow(new string[] { "client_secret", "password"}); - table578.AddRow(new string[] { + table597.AddRow(new string[] { "scope", "users"}); - table578.AddRow(new string[] { + table597.AddRow(new string[] { "grant_type", "client_credentials"}); #line 5 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table578, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table597, "When "); #line hidden #line 12 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -122,17 +122,17 @@ public void CreateAUser() #line 13 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table579 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table598 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table579.AddRow(new string[] { + table598.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table579.AddRow(new string[] { + table598.AddRow(new string[] { "name", "newUser"}); #line 15 - testRunner.And("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table579, "And "); + testRunner.And("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table598, "And "); #line hidden #line 20 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -165,23 +165,23 @@ public void GetAUser() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table580 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table599 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table580.AddRow(new string[] { + table599.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table580.AddRow(new string[] { + table599.AddRow(new string[] { "client_secret", "password"}); - table580.AddRow(new string[] { + table599.AddRow(new string[] { "scope", "users"}); - table580.AddRow(new string[] { + table599.AddRow(new string[] { "grant_type", "client_credentials"}); #line 26 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table580, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table599, "When "); #line hidden #line 33 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -189,17 +189,17 @@ public void GetAUser() #line 34 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table581 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table600 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table581.AddRow(new string[] { + table600.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table581.AddRow(new string[] { + table600.AddRow(new string[] { "name", "newuser2"}); #line 36 - testRunner.When("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table581, "When "); + testRunner.When("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table600, "When "); #line hidden #line 41 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -207,14 +207,14 @@ public void GetAUser() #line 42 testRunner.And("extract parameter \'id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table582 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table601 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table582.AddRow(new string[] { + table601.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 44 - testRunner.When("execute HTTP GET request \'https://localhost:8080/users/$id$\'", ((string)(null)), table582, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/users/$id$\'", ((string)(null)), table601, "When "); #line hidden #line 48 testRunner.Then("HTTP status code equals to \'200\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); @@ -244,23 +244,23 @@ public void RemoveAUser() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table583 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table602 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table583.AddRow(new string[] { + table602.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table583.AddRow(new string[] { + table602.AddRow(new string[] { "client_secret", "password"}); - table583.AddRow(new string[] { + table602.AddRow(new string[] { "scope", "users"}); - table583.AddRow(new string[] { + table602.AddRow(new string[] { "grant_type", "client_credentials"}); #line 52 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table583, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table602, "When "); #line hidden #line 59 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -268,17 +268,17 @@ public void RemoveAUser() #line 60 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table584 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table603 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table584.AddRow(new string[] { + table603.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table584.AddRow(new string[] { + table603.AddRow(new string[] { "name", "newuser3"}); #line 62 - testRunner.When("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table584, "When "); + testRunner.When("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table603, "When "); #line hidden #line 67 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -286,14 +286,14 @@ public void RemoveAUser() #line 68 testRunner.And("extract parameter \'id\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table585 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table604 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table585.AddRow(new string[] { + table604.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 70 - testRunner.When("execute HTTP DELETE request \'https://localhost:8080/users/$id$\'", ((string)(null)), table585, "When "); + testRunner.When("execute HTTP DELETE request \'https://localhost:8080/users/$id$\'", ((string)(null)), table604, "When "); #line hidden #line 74 testRunner.Then("HTTP status code equals to \'204\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UsersErrors.feature.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UsersErrors.feature.cs index 7b1c5481e..5d001dc06 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UsersErrors.feature.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/UsersErrors.feature.cs @@ -98,11 +98,11 @@ public void AccessTokenMustBePassedHTTPPOST() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table586 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table605 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 5 - testRunner.When("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table586, "When "); + testRunner.When("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table605, "When "); #line hidden #line 8 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -135,11 +135,11 @@ public void AccessTokenMustBePassedHTTPGET() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table587 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table606 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 14 - testRunner.When("execute HTTP GET request \'https://localhost:8080/users/id\'", ((string)(null)), table587, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/users/id\'", ((string)(null)), table606, "When "); #line hidden #line 17 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -172,11 +172,11 @@ public void AccessTokenMustBePassedHTTPDELETE() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table588 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table607 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 23 - testRunner.When("execute HTTP DELETE request \'https://localhost:8080/users/id\'", ((string)(null)), table588, "When "); + testRunner.When("execute HTTP DELETE request \'https://localhost:8080/users/id\'", ((string)(null)), table607, "When "); #line hidden #line 26 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -209,11 +209,11 @@ public void AccessTokenMustBePassedHTTPPUTCredentials() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table589 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table608 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); #line 32 - testRunner.When("execute HTTP PUT JSON request \'https://localhost:8080/users/id/credentials/cred\'", ((string)(null)), table589, "When "); + testRunner.When("execute HTTP PUT JSON request \'https://localhost:8080/users/id/credentials/cred\'", ((string)(null)), table608, "When "); #line hidden #line 35 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -246,23 +246,23 @@ public void NameIsRequired() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table590 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table609 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table590.AddRow(new string[] { + table609.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table590.AddRow(new string[] { + table609.AddRow(new string[] { "client_secret", "password"}); - table590.AddRow(new string[] { + table609.AddRow(new string[] { "scope", "users"}); - table590.AddRow(new string[] { + table609.AddRow(new string[] { "grant_type", "client_credentials"}); #line 41 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table590, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table609, "When "); #line hidden #line 48 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -270,14 +270,14 @@ public void NameIsRequired() #line 49 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table591 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table610 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table591.AddRow(new string[] { + table610.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 51 - testRunner.When("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table591, "When "); + testRunner.When("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table610, "When "); #line hidden #line 55 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -310,23 +310,23 @@ public void NameMustBeUnique() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table592 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table611 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table592.AddRow(new string[] { + table611.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table592.AddRow(new string[] { + table611.AddRow(new string[] { "client_secret", "password"}); - table592.AddRow(new string[] { + table611.AddRow(new string[] { "scope", "users"}); - table592.AddRow(new string[] { + table611.AddRow(new string[] { "grant_type", "client_credentials"}); #line 61 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table592, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table611, "When "); #line hidden #line 68 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -334,17 +334,17 @@ public void NameMustBeUnique() #line 69 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table593 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table612 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table593.AddRow(new string[] { + table612.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table593.AddRow(new string[] { + table612.AddRow(new string[] { "name", "user"}); #line 71 - testRunner.When("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table593, "When "); + testRunner.When("execute HTTP POST JSON request \'https://localhost:8080/users\'", ((string)(null)), table612, "When "); #line hidden #line 76 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -377,23 +377,23 @@ public void GetAnUnknownUser() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table594 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table613 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table594.AddRow(new string[] { + table613.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table594.AddRow(new string[] { + table613.AddRow(new string[] { "client_secret", "password"}); - table594.AddRow(new string[] { + table613.AddRow(new string[] { "scope", "users"}); - table594.AddRow(new string[] { + table613.AddRow(new string[] { "grant_type", "client_credentials"}); #line 82 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table594, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table613, "When "); #line hidden #line 89 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -401,14 +401,14 @@ public void GetAnUnknownUser() #line 90 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table595 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table614 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table595.AddRow(new string[] { + table614.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 92 - testRunner.When("execute HTTP GET request \'https://localhost:8080/users/id\'", ((string)(null)), table595, "When "); + testRunner.When("execute HTTP GET request \'https://localhost:8080/users/id\'", ((string)(null)), table614, "When "); #line hidden #line 96 testRunner.Then("HTTP status code equals to \'404\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); @@ -435,23 +435,23 @@ public void RemoveAnUnknownUser() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table596 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table615 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table596.AddRow(new string[] { + table615.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table596.AddRow(new string[] { + table615.AddRow(new string[] { "client_secret", "password"}); - table596.AddRow(new string[] { + table615.AddRow(new string[] { "scope", "users"}); - table596.AddRow(new string[] { + table615.AddRow(new string[] { "grant_type", "client_credentials"}); #line 99 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table596, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table615, "When "); #line hidden #line 106 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -459,14 +459,14 @@ public void RemoveAnUnknownUser() #line 107 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table597 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table616 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table597.AddRow(new string[] { + table616.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); #line 109 - testRunner.When("execute HTTP DELETE request \'https://localhost:8080/users/id\'", ((string)(null)), table597, "When "); + testRunner.When("execute HTTP DELETE request \'https://localhost:8080/users/id\'", ((string)(null)), table616, "When "); #line hidden #line 113 testRunner.Then("HTTP status code equals to \'404\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); @@ -493,23 +493,23 @@ public void CannotUpdateCredentialWhenUserDoesntExist() else { this.ScenarioStart(); - TechTalk.SpecFlow.Table table598 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table617 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table598.AddRow(new string[] { + table617.AddRow(new string[] { "client_id", "fiftySevenClient"}); - table598.AddRow(new string[] { + table617.AddRow(new string[] { "client_secret", "password"}); - table598.AddRow(new string[] { + table617.AddRow(new string[] { "scope", "users"}); - table598.AddRow(new string[] { + table617.AddRow(new string[] { "grant_type", "client_credentials"}); #line 116 - testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table598, "When "); + testRunner.When("execute HTTP POST request \'http://localhost/token\'", ((string)(null)), table617, "When "); #line hidden #line 123 testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); @@ -517,20 +517,20 @@ public void CannotUpdateCredentialWhenUserDoesntExist() #line 124 testRunner.And("extract parameter \'access_token\' from JSON body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); #line hidden - TechTalk.SpecFlow.Table table599 = new TechTalk.SpecFlow.Table(new string[] { + TechTalk.SpecFlow.Table table618 = new TechTalk.SpecFlow.Table(new string[] { "Key", "Value"}); - table599.AddRow(new string[] { + table618.AddRow(new string[] { "Authorization", "Bearer $access_token$"}); - table599.AddRow(new string[] { + table618.AddRow(new string[] { "type", "pwd"}); - table599.AddRow(new string[] { + table618.AddRow(new string[] { "value", "value"}); #line 126 - testRunner.When("execute HTTP PUT JSON request \'https://localhost:8080/users/id/credentials/cred\'", ((string)(null)), table599, "When "); + testRunner.When("execute HTTP PUT JSON request \'https://localhost:8080/users/id/credentials/cred\'", ((string)(null)), table618, "When "); #line hidden #line 132 testRunner.Then("HTTP status code equals to \'404\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/IdServerConfiguration.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/IdServerConfiguration.cs index 9e6dadefe..d67625516 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/IdServerConfiguration.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/IdServerConfiguration.cs @@ -4,10 +4,12 @@ using SimpleIdServer.IdServer; using SimpleIdServer.IdServer.Builders; using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.OpenidFederation.Domains; using System; using System.Collections.Generic; using System.Linq; using System.Security.Cryptography; +using System.Security.Cryptography.X509Certificates; using System.Text.Json; using static SimpleIdServer.IdServer.Constants; @@ -35,6 +37,11 @@ public static Scope GetRoleScope() { "fortyFourClient", new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "keyId" }, SecurityAlgorithms.RsaSha256) }, { "sixtySixClient", new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "keyId" }, SecurityAlgorithms.RsaSha256) } }; + + public static SigningCredentials RpSigningCredential = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "rpKeyId" }, SecurityAlgorithms.RsaSha256); + + public static SigningCredentials RpJwtSigningCredential = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "rpJwtKeyId" }, SecurityAlgorithms.RsaSha256); + public static Dictionary ClientEncryptingCredentials = new Dictionary { { "twentyFiveClient", new EncryptingCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "keyId" }, SecurityAlgorithms.RsaPKCS1, SecurityAlgorithms.Aes128CbcHmacSha256) }, @@ -113,6 +120,7 @@ public static Scope GetRoleScope() }) .AddConsent(SimpleIdServer.IdServer.Constants.DefaultRealm, "sixtyFiveClient", "secondScope") .AddConsent(SimpleIdServer.IdServer.Constants.DefaultRealm, "seventyClient", "openid", "profile", "role", "email") + .AddConsent(SimpleIdServer.IdServer.Constants.DefaultRealm, "seventyFourClient", "openid", "profile") .AddClaim("degreeType", "BachelorDegree") .AddClaim("degreeName", "Bachelor of Science and Arts") .Build(); @@ -228,7 +236,8 @@ public static Scope GetRoleScope() ClientBuilder.BuildTraditionalWebsiteClient("seventyClient", "password", null, "http://localhost:8080").SetAccessTokenType(AccessTokenTypes.Reference).UseClientSecretPostAuthentication().AddScope(StandardScopes.OpenIdScope, StandardScopes.Role, StandardScopes.Profile, StandardScopes.Email).Build(), ClientBuilder.BuildApiClient("seventyOneClient", "password").AddScope(FirstScope).UseClientSecretBasicAuthentication().Build(), ClientBuilder.BuildCredentialIssuer("seventyTwoClient", "password").IsTransactionCodeRequired().AddScope(UniversityCredential).Build(), - ClientBuilder.BuildWalletClient("seventyThreeClient", "password").Build() + ClientBuilder.BuildWalletClient("seventyThreeClient", "password").Build(), + ClientBuilder.BuildTraditionalWebsiteClient("seventyFourClient", "password", null, "http://localhost:8080").DisableConsent().AddScope(StandardScopes.OpenIdScope, StandardScopes.Profile).Build(), }; public static List DeviceAuthCodes = new List @@ -275,6 +284,17 @@ public static Scope GetRoleScope() } }; + public static List FederationEntities = new List + { + new FederationEntity + { + Id = Guid.NewGuid().ToString(), + Realm = IdServer.Constants.DefaultRealm, + Sub = "http://ta.com", + IsSubordinate = false + } + }; + public static List Users = new List { User, @@ -299,4 +319,16 @@ public static Scope GetRoleScope() { SimpleIdServer.IdServer.Constants.StandardRealms.Master }; + + private static X509SecurityKey GenerateRandomSelfSignedCertificate() + { + var ecdsa = ECDsa.Create(); + var req = new CertificateRequest("cn=selfSigned", ecdsa, HashAlgorithmName.SHA256); + var cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(2)); + var key = new X509SecurityKey(cert) + { + KeyId = "selfSignedId" + }; + return key; + } } \ No newline at end of file diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Program.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Program.cs index af747772d..6de30e618 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Program.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Program.cs @@ -11,6 +11,7 @@ using System.Collections.Generic; using System.Linq; using System.Security.Cryptography; +using SimpleIdServer.Did.Key; var builder = WebApplication.CreateBuilder(args); var p = GetKey(512); @@ -35,6 +36,7 @@ o.AddInMemoryGroups(IdServerConfiguration.Groups); o.AddInMemoryUserSessions(IdServerConfiguration.Sessions); o.AddInMemoryDeviceCodes(IdServerConfiguration.DeviceAuthCodes); + o.AddInMemoryFederatonEntities(IdServerConfiguration.FederationEntities); o.AddInMemoryKeys(SimpleIdServer.IdServer.Constants.StandardRealms.Master, new List { new SigningCredentials(BuildRsaSecurityKey("keyid"), SecurityAlgorithms.RsaSha256), @@ -55,6 +57,11 @@ .AddConsoleNotification() .AddPwdAuthentication() .AddBackChannelAuthentication() + .AddOpenidFederation(o => + { + o.IsFederationEnabled = true; + o.TokenSignedKid = "keyid"; + }) .AddAuthentication(o => { o.AddMutualAuthentication(m => @@ -69,7 +76,9 @@ builder.Services.Remove(memoryDistribution); builder.Services.AddTransient(); builder.Services.AddSingleton(SingletonDistributedCache.Instance().Get()); +builder.Services.AddDidKey(); var app = builder.Build() + .UseOpenidFederation() .UseSID(); app.Run(); diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/SimpleIdServer.IdServer.Host.Acceptance.Tests.csproj b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/SimpleIdServer.IdServer.Host.Acceptance.Tests.csproj index 51f078ce8..933a8c987 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/SimpleIdServer.IdServer.Host.Acceptance.Tests.csproj +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/SimpleIdServer.IdServer.Host.Acceptance.Tests.csproj @@ -18,6 +18,11 @@ + + + + + @@ -67,7 +72,9 @@ + + @@ -83,6 +90,30 @@ DeviceAuthorizationErrors.feature + + ExplicitRegistration.feature + + + ExplicitRegistrationErrors.feature + + + true + FederationFetchErrors.feature + true + true + + + FederationFetch.feature + + + FederationList.feature + + + AutomaticRegistration.feature + + + OpenidFederation.feature + TokenExchangePreAuthorizedCodeErrors.feature @@ -256,6 +287,34 @@ $(UsingMicrosoftNETSdk) %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + + $(UsingMicrosoftNETSdk) + %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + + + $(UsingMicrosoftNETSdk) + %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + + + $(UsingMicrosoftNETSdk) + %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + + + $(UsingMicrosoftNETSdk) + %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + + + $(UsingMicrosoftNETSdk) + %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + + + $(UsingMicrosoftNETSdk) + %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + + + $(UsingMicrosoftNETSdk) + %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + $(UsingMicrosoftNETSdk) %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) diff --git a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Steps/WebApiSteps.cs b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Steps/WebApiSteps.cs index 0bcdee9da..653ebaf21 100644 --- a/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Steps/WebApiSteps.cs +++ b/tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Steps/WebApiSteps.cs @@ -10,6 +10,7 @@ using SimpleIdServer.DPoP; using SimpleIdServer.IdServer.Stores; using SimpleIdServer.OAuth.Host.Acceptance.Tests; +using SimpleIdServer.OpenidFederation; using System; using System.Collections.Generic; using System.IO; @@ -47,7 +48,7 @@ public WebApiSteps(ScenarioContext scenarioContext) AllowAutoRedirect = false }); _scenarioContext.Set(_factory, "Factory"); - var mock = new Mock(); + var mock = new Mock(); mock.Setup(m => m.GetHttpClient()).Returns(client); _scenarioContext.Set(new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "sidClient.crt")), "sidClient.crt"); } @@ -75,6 +76,193 @@ public void GivenBuildJWSRequestObject(string clientId, string keyId, Table tabl } } + [Given("build JWS request object for Relying Party")] + public void GivenBuildJWSRequestObjectForRp(Table table) + { + using (var scope = _factory.Services.CreateScope()) + { + var handler = new JsonWebTokenHandler(); + var signingCredentials = IdServerConfiguration.RpSigningCredential; + var claims = new Dictionary(); + foreach (var row in table.Rows) + claims.Add(row["Key"].ToString(), ParseValue(_scenarioContext, row["Value"].ToString())); + + var descritor = new SecurityTokenDescriptor + { + Claims = claims, + SigningCredentials = signingCredentials + }; + var request = handler.CreateToken(descritor); + _scenarioContext.Set(request, "request"); + } + } + + [Given("build random entity statement")] + public void GivenBuildRandomEntityStatement(Table table) + { + using (var scope = _factory.Services.CreateScope()) + { + var signingCredentials = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = Guid.NewGuid().ToString() }, SecurityAlgorithms.RsaSha256); + var claims = new JsonObject(); + foreach (var row in table.Rows) + { + var key = row["Key"].ToString(); + JsonNode value = row["Value"].ToString(); + try + { + value = JsonNode.Parse(value.ToString()); + } + catch { } + claims.Add(key, value); + } + + var handler = new JsonWebTokenHandler(); + var request = handler.CreateToken(claims.ToJsonString(), signingCredentials); + _scenarioContext.Set(request, "entityStatement"); + } + } + + [Given("build entity statement for RP")] + public void GivenBuildEntityStatementForRp() + { + using (var scope = _factory.Services.CreateScope()) + { + var client = new Domains.Client + { + ClientId = "http://rp.com", + ClientRegistrationTypesSupported = new List + { + ClientRegistrationMethods.Explicit + }, + ApplicationType = "web", + RedirectionUrls = new List + { + "https://openid.sunet.se/rp/callback" + }, + RequestObjectSigningAlg = SecurityAlgorithms.RsaSha256, + Scopes = new List + { + new Domains.Scope + { + Name = "openid" + }, + new Domains.Scope + { + Name = "profile" + } + }, + ResponseTypes = new List + { + "code" + }, + GrantTypes = new List + { + "authorization_code" + }, + IsConsentDisabled = true, + TokenEndPointAuthMethod = "private_key_jwt" + }; + var rpOpts = new RpFederationOptions + { + Client = client, + IsFederationEnabled = false, + OrganizationName = null, + SigningCredentials = OAuth.Host.Acceptance.Tests.IdServerConfiguration.RpSigningCredential + }; + var rpFederationEntityBuilder = new RpFederationEntityBuilder(Microsoft.Extensions.Options.Options.Create(rpOpts), new FakeRPFederationEntityStore()); + var result = rpFederationEntityBuilder.BuildSelfIssued(new OpenidFederation.Builders.BuildFederationEntityRequest + { + Credential = rpOpts.SigningCredentials, + Issuer = "http://rp.com", + Realm = null + }, CancellationToken.None).Result; + var handler = new JsonWebTokenHandler(); + var jws = handler.CreateToken(JsonSerializer.Serialize(result), new SigningCredentials(rpOpts.SigningCredentials.Key, rpOpts.SigningCredentials.Algorithm)); + _scenarioContext.Set(jws, "entityStatement"); + } + } + + [Given("build entity statement for RP with automatic registration")] + public void GivenBuildEntityStatementForRpWithAutomaticRegistration() + { + using (var scope = _factory.Services.CreateScope()) + { + var client = new Domains.Client + { + ClientId = "http://rp.com", + ClientRegistrationTypesSupported = new List + { + ClientRegistrationMethods.Automatic + }, + ApplicationType = "web", + RedirectionUrls = new List + { + "https://openid.sunet.se/rp/callback" + }, + RequestObjectSigningAlg = SecurityAlgorithms.RsaSha256, + Scopes = new List + { + new Domains.Scope + { + Name = "openid" + }, + new Domains.Scope + { + Name = "profile" + } + }, + ResponseTypes = new List + { + "code" + }, + GrantTypes = new List + { + "authorization_code" + }, + IsConsentDisabled = true, + TokenEndPointAuthMethod = "private_key_jwt" + }; + var rpOpts = new RpFederationOptions + { + Client = client, + IsFederationEnabled = false, + OrganizationName = null, + SigningCredentials = OAuth.Host.Acceptance.Tests.IdServerConfiguration.RpSigningCredential + }; + var rpFederationEntityBuilder = new RpFederationEntityBuilder(Microsoft.Extensions.Options.Options.Create(rpOpts), new FakeRPFederationEntityStore()); + var result = rpFederationEntityBuilder.BuildSelfIssued(new OpenidFederation.Builders.BuildFederationEntityRequest + { + Credential = rpOpts.SigningCredentials, + Issuer = "http://rp.com", + Realm = null + }, CancellationToken.None).Result; + var handler = new JsonWebTokenHandler(); + var jws = handler.CreateToken(JsonSerializer.Serialize(result), new SigningCredentials(rpOpts.SigningCredentials.Key, rpOpts.SigningCredentials.Algorithm)); + _scenarioContext.Set(jws, "entityStatement"); + } + } + + [Given("build client assertion for Relying Party")] + public void GivenClientAssertionForRp(Table table) + { + using (var scope = _factory.Services.CreateScope()) + { + var handler = new JsonWebTokenHandler(); + var signingCredentials = IdServerConfiguration.RpJwtSigningCredential; + var claims = new Dictionary(); + foreach (var row in table.Rows) + claims.Add(row["Key"].ToString(), ParseValue(_scenarioContext, row["Value"].ToString())); + + var descritor = new SecurityTokenDescriptor + { + Claims = claims, + SigningCredentials = signingCredentials + }; + var request = handler.CreateToken(descritor); + _scenarioContext.Set(request, "clientAssertion"); + } + } + [Given("build JWE request object for client '(.*)' and sign with the key '(.*)' and encrypt with the key '(.*)'")] public void GivenBuildJWERequestObject(string clientId, string sigKeyId, string encKeyId, Table table) { @@ -278,6 +466,21 @@ public async Task WhenExecuteHTTPPutJSONRequest(string url, Table table) _scenarioContext.Set(httpResponseMessage, "httpResponseMessage"); } + [When("execute HTTP POST request '(.*)', content-type '(.*)', content '(.*)'")] + public async Task WhenExecuteHttpPostWithContentType(string url, string contentType, string content) + { + content = ParseValue(_scenarioContext, content).ToString(); ; + var httpRequestMessage = new HttpRequestMessage + { + Method = HttpMethod.Post, + RequestUri = new Uri(url), + Content = new StringContent(content, Encoding.UTF8, contentType) + }; + + var httpResponseMessage = await _factory.CreateClient().SendAsync(httpRequestMessage).ConfigureAwait(false); + _scenarioContext.Set(httpResponseMessage, "httpResponseMessage"); + } + [When("execute HTTP POST JSON request '(.*)'")] public async Task WhenExecuteHTTPPostJSONRequest(string url, Table table) { diff --git a/tests/SimpleIdServer.IdServer.Tests/JsonSeeding/JsonSeeding.cs b/tests/SimpleIdServer.IdServer.Tests/JsonSeeding/JsonSeeding.cs deleted file mode 100644 index b5083e98f..000000000 --- a/tests/SimpleIdServer.IdServer.Tests/JsonSeeding/JsonSeeding.cs +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright (c) SimpleIdServer. All rights reserved. -// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using Microsoft.Extensions.Logging; -using mOptions = Microsoft.Extensions.Options; -using Moq; -using NUnit.Framework; -using SimpleIdServer.IdServer.DTOs.Seeds; -using SimpleIdServer.IdServer.Options; -using SimpleIdServer.IdServer.Services.Seeding; -using SimpleIdServer.IdServer.Services.Seeding.Interfaces; - -namespace SimpleIdServer.IdServer.Tests; - -[TestFixture] -public class JsonSeeding -{ - private Mock> moqLogger = new(); - private Mock> moqUserSeederService = new(); - - [Test] - public void Can_read_users_from_json_file() - { - mOptions.IOptions options = mOptions.Options.Create(new JsonSeedingOptions() - { - JsonFilePath = "./JsonSeeding/Seed.json", - SeedFromJson = true - }); - - ISeedingService seedingService = new JsonSeedingService(options, moqLogger.Object, moqUserSeederService.Object); - - SeedsDto? seedsDto = seedingService.GetDataFromResourceAsync().Result; - - Assert.NotZero(seedsDto!.Users.Count); - Assert.AreEqual(seedsDto!.Users.ElementAt(1).Login, "user3"); - } -} \ No newline at end of file diff --git a/tests/SimpleIdServer.OpenidFederation.Tests/Clients/TrustChainResolverFixture.cs b/tests/SimpleIdServer.OpenidFederation.Tests/Clients/TrustChainResolverFixture.cs new file mode 100644 index 000000000..cb3154369 --- /dev/null +++ b/tests/SimpleIdServer.OpenidFederation.Tests/Clients/TrustChainResolverFixture.cs @@ -0,0 +1,52 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + +using NUnit.Framework; +using SimpleIdServer.OpenidFederation.Clients; +using System.Collections.Concurrent; + +namespace SimpleIdServer.OpenidFederation.Tests.Clients; + +public class TrustChainResolverFixture +{ + [Test] + public async Task When_Resolve_TrustChain_Then_NoExceptionIsThrown() + { + // ARRANGE + const string entityId = "https://relying-party.authlete.net/6298746299842758"; + var resolver = TrustChainResolver.New(); + + // ACT + var trustChain = await resolver.ResolveTrustChainsFromClientId(entityId, CancellationToken.None); + var validationResult = trustChain.Select(v => v.Validate()); + + // ACT + Assert.IsNotNull(trustChain); + Assert.IsNotNull(validationResult); + Assert.IsFalse(validationResult.SelectMany(v => v.ErrorMessages).Any()); + } + + [Test] + public void When_Transform_Dic_To_TrustChains_Then_ListIsCorrect() + { + // ARRANGE + var dic = new ConcurrentDictionary(); + dic.TryAdd("key1", new EntityStatement(null, null)); + dic.TryAdd("key1;key2", new EntityStatement(null, null)); + dic.TryAdd("key1;key3", new EntityStatement(null, null)); + dic.TryAdd("key1;key2;key4", new EntityStatement(null, null)); + dic.TryAdd("key1;key3;key5", new EntityStatement(null, null)); + dic.TryAdd("key1;key3;key6", new EntityStatement(null, null)); + + // ACT + var trustChains = TrustChainResolver.Transform(dic); + + // ASSERT + Assert.IsNotNull(trustChains); + Assert.IsTrue(trustChains.Any(c => c.Path == "key1;key2;key4")); + Assert.IsTrue(trustChains.Any(c => c.Path == "key1;key3;key5")); + Assert.IsTrue(trustChains.Any(c => c.Path == "key1;key3;key6")); + Assert.AreEqual(3, trustChains.Count()); + Assert.IsTrue(trustChains.All(c => c.EntityStatements.Count() == 3)); + } +} \ No newline at end of file diff --git a/tests/SimpleIdServer.OpenidFederation.Tests/SimpleIdServer.OpenidFederation.Tests.csproj b/tests/SimpleIdServer.OpenidFederation.Tests/SimpleIdServer.OpenidFederation.Tests.csproj new file mode 100644 index 000000000..a326228d6 --- /dev/null +++ b/tests/SimpleIdServer.OpenidFederation.Tests/SimpleIdServer.OpenidFederation.Tests.csproj @@ -0,0 +1,21 @@ + + + + net8.0 + enable + enable + false + + + + + + + + + + + + + + diff --git a/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/CustomWebApplicationFactory.cs b/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/CustomWebApplicationFactory.cs index 8a1e99872..1038787c9 100644 --- a/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/CustomWebApplicationFactory.cs +++ b/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/CustomWebApplicationFactory.cs @@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Mvc.Testing; using Microsoft.Extensions.DependencyInjection; using System; +using System.IO; namespace SimpleIdServer.Scim.Host.Acceptance.Tests { @@ -17,16 +18,9 @@ public CustomWebApplicationFactory(Action configureTestServi _configureTestServices = configureTestServices; } - protected override IWebHostBuilder CreateWebHostBuilder() - { - return WebHost.CreateDefaultBuilder() - .UseStartup(typeof(T)); - } - protected override void ConfigureWebHost(IWebHostBuilder builder) { - base.ConfigureWebHost(builder); - builder.UseContentRoot("."); + builder.UseContentRoot(Directory.GetCurrentDirectory()); builder.ConfigureServices(collection => { _configureTestServices?.Invoke(collection); diff --git a/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/FakeStartup.cs b/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/FakeStartup.cs deleted file mode 100644 index e2e9454d7..000000000 --- a/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/FakeStartup.cs +++ /dev/null @@ -1,217 +0,0 @@ -// Copyright (c) SimpleIdServer. All rights reserved. -// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using Microsoft.AspNetCore.Authentication; -using Microsoft.AspNetCore.Builder; -using Microsoft.Extensions.DependencyInjection; -using SimpleIdServer.Scim.Domains; -using SimpleIdServer.Scim.Domains.Builders; -using SimpleIdServer.Scim.Infrastructure.ValueProviders; -using System; -using System.Collections.Generic; -using System.Linq; - -namespace SimpleIdServer.Scim.Host.Acceptance.Tests -{ - public class FakeStartup - { - public void ConfigureServices(IServiceCollection services) - { - var userSchema = SCIMSchemaBuilder.Create("urn:ietf:params:scim:schemas:core:2.0:User", "User", SCIMResourceTypes.User, "User Account", true) - .AddStringAttribute("userName", required: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE, caseExact: true, uniqueness: SCIMSchemaAttributeUniqueness.SERVER) - .AddComplexAttribute("name", c => - { - c.AddStringAttribute("formatted", description: "The full name"); - c.AddStringAttribute("familyName", description: "The family name"); - c.AddStringAttribute("givenName", description: "The given name"); - }, description: "The components of the user's real name.") - .AddStringAttribute("roles", multiValued: true) - .AddDecimalAttribute("age") - .AddDateTimeAttribute("birthDate") - .AddBooleanAttribute("active") - .AddStringAttribute("duplicateAttr") - .AddIntAttribute("nbPoints") - .AddStringAttribute("organizationId") - .AddBinaryAttribute("eidCertificate") - .AddComplexAttribute("subImmutableComplex", opt => - { - opt.AddStringAttribute("value", mutability: SCIMSchemaAttributeMutabilities.IMMUTABLE); - opt.AddStringAttribute("type", mutability: SCIMSchemaAttributeMutabilities.IMMUTABLE); - }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE) - .AddComplexAttribute("complexImmutable", opt => - { - opt.AddStringAttribute("value"); - opt.AddStringAttribute("type"); - }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.IMMUTABLE) - .AddComplexAttribute("emails", opt => - { - opt.AddStringAttribute("value"); - opt.AddStringAttribute("display"); - opt.AddBooleanAttribute("primary"); - opt.AddStringAttribute("type"); - }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE) - .AddStringAttribute("immutable", mutability: SCIMSchemaAttributeMutabilities.IMMUTABLE) - .AddComplexAttribute("groups", opt => - { - opt.AddStringAttribute("value", mutability: SCIMSchemaAttributeMutabilities.READONLY); - opt.AddStringAttribute("display", mutability: SCIMSchemaAttributeMutabilities.READONLY); - opt.AddStringAttribute("type", new List { "direct", "indirect" }, mutability: SCIMSchemaAttributeMutabilities.READONLY); - }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READONLY) - .AddComplexAttribute("phones", opt => - { - opt.AddStringAttribute("phoneNumber", description: "Phone number"); - opt.AddStringAttribute("type", description: "Type"); - }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE) - .AddComplexAttribute("adRoles", opt => - { - opt.AddStringAttribute("value", description: "Value"); - opt.AddStringAttribute("display", description: "Display"); - }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE) - .AddComplexAttribute("scores", opt => - { - opt.AddComplexAttribute("math", sopt => - { - sopt.AddIntAttribute("score"); - }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE); - }, mutability: SCIMSchemaAttributeMutabilities.READWRITE) - .AddStringAttribute("type", canonicalValues: new List - { - "manager", - "employee" - }) - .AddStringAttribute("org", defaultValue: new List { "ENTREPRISE" }, mutability: SCIMSchemaAttributeMutabilities.READWRITE) - .AddSCIMSchemaExtension("urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", true) - .Build(); - var enterpriseUser = SCIMSchemaBuilder.Create("urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "EnterpriseUser", "EnterpriseUser", string.Empty, false) - .AddStringAttribute("employeeNumber", required: true) - .AddStringAttribute("duplicateAttr") - .Build(); - var entitlementSchema = SCIMSchemaBuilder.Create("urn:entitlement", "Entitlement", "Entitlement", string.Empty, true) - .AddStringAttribute("displayName") - .AddComplexAttribute("members", opt => - { - opt.AddStringAttribute("value"); - opt.AddReferenceAttribute("$ref"); - opt.AddStringAttribute("type"); - opt.AddStringAttribute("display"); - }, multiValued: true) - .Build(); - var customUserSchema = SCIMSchemaBuilder.Create("urn:customuser", "CustomUser", "CustomUser", string.Empty, true) - .AddStringAttribute("userName", required: true) - .AddComplexAttribute("emails", o => - { - o.AddStringAttribute("value", required: true); - }, multiValued: true) - .AddComplexAttribute("entitlements", opt => - { - opt.AddStringAttribute("value"); - opt.AddReferenceAttribute("$ref"); - opt.AddStringAttribute("type"); - opt.AddStringAttribute("display"); - }, multiValued: true) - .Build(); - var schemas = new List - { - userSchema, - enterpriseUser, - StandardSchemas.GroupSchema, - entitlementSchema, - customUserSchema - }; - var attributesMapping = new List - { - new SCIMAttributeMapping - { - Id = Guid.NewGuid().ToString(), - SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, - SourceResourceType = userSchema.ResourceType, - SourceAttributeSelector = "groups", - TargetResourceType = StandardSchemas.GroupSchema.ResourceType, - TargetAttributeId = StandardSchemas.GroupSchema.Attributes.First(a => a.Name == "members").Id - }, - new SCIMAttributeMapping - { - Id = Guid.NewGuid().ToString(), - SourceAttributeId = StandardSchemas.GroupSchema.Attributes.First(a => a.Name == "members").Id, - SourceResourceType = StandardSchemas.GroupSchema.ResourceType, - SourceAttributeSelector = "members", - TargetResourceType = userSchema.ResourceType, - TargetAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, - Mode = Mode.PROPAGATE_INHERITANCE - }, - new SCIMAttributeMapping - { - Id = Guid.NewGuid().ToString(), - SourceAttributeId = StandardSchemas.GroupSchema.Attributes.First(a => a.Name == "members").Id, - SourceResourceType = StandardSchemas.GroupSchema.ResourceType, - SourceAttributeSelector = "members", - TargetResourceType = StandardSchemas.GroupSchema.ResourceType - }, - new SCIMAttributeMapping - { - Id = Guid.NewGuid().ToString(), - SourceAttributeId = customUserSchema.Attributes.First(a => a.Name == "entitlements").Id, - SourceResourceType = "CustomUser", - SourceAttributeSelector = "entitlements", - TargetResourceType = "Entitlement", - TargetAttributeId = entitlementSchema.Attributes.First(a => a.Name == "members").Id - }, - new SCIMAttributeMapping - { - Id = Guid.NewGuid().ToString(), - SourceAttributeId = entitlementSchema.Attributes.First(a => a.Name == "members").Id, - SourceResourceType = "Entitlement", - SourceAttributeSelector = "members", - TargetResourceType = "CustomUser", - TargetAttributeId = customUserSchema.Attributes.First(a => a.Name == "entitlements").Id - } - }; - - services.AddMvc(o => - { - o.EnableEndpointRouting = false; - o.ValueProviderFactories.Insert(0, new SeparatedQueryStringValueProviderFactory(",")); - }).AddNewtonsoftJson(o => { }); - services.AddAuthorization(opts => - { - opts.AddPolicy("QueryScimResource", p => p.RequireAssertion(_ => true)); - opts.AddPolicy("AddScimResource", p => p.RequireAssertion(_ => true)); - opts.AddPolicy("DeleteScimResource", p => p.RequireAssertion(_ => true)); - opts.AddPolicy("UpdateScimResource", p => p.RequireAssertion(_ => true)); - opts.AddPolicy("BulkScimResource", p => p.RequireAssertion(_ => true)); - opts.AddPolicy("UserAuthenticated", p => p.RequireAssertion(_ => true)); - opts.AddPolicy("Provison", p => p.RequireAssertion(_ => true)); - }); - // services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy()); - services.AddAuthentication(SCIMConstants.AuthenticationScheme).AddCustomAuthentication(c => { }); - services.AddSIDScim(o => - { - o.MaxOperations = 3; - o.IgnoreUnsupportedCanonicalValues = false; - o.MergeExtensionAttributes = true; - }) - .AddSchemas(schemas) - .AddAttributeMapping(attributesMapping); - } - - public void Configure(IApplicationBuilder app) - { - app.UseAuthentication(); - app.UseAuthorization(); - app.UseMvc(r => - { - r.UseStandardScimEdp("CustomUsers", false); - r.UseStandardScimEdp("Entitlements", false); - r.UseScim(); - }); - } - } - - public static class ServiceCollectionExtensions - { - public static AuthenticationBuilder AddCustomAuthentication(this AuthenticationBuilder authBuilder, Action callback) - { - authBuilder.AddScheme(SCIMConstants.AuthenticationScheme, SCIMConstants.AuthenticationScheme, callback); - return authBuilder; - } - } -} diff --git a/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/Program.cs b/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/Program.cs new file mode 100644 index 000000000..99453b786 --- /dev/null +++ b/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/Program.cs @@ -0,0 +1,219 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Builder; +using Microsoft.Extensions.DependencyInjection; +using SimpleIdServer.Scim; +using SimpleIdServer.Scim.Domains; +using SimpleIdServer.Scim.Domains.Builders; +using SimpleIdServer.Scim.Host.Acceptance.Tests; +using SimpleIdServer.Scim.Infrastructure.ValueProviders; +using System; +using System.Collections.Generic; +using System.Linq; + +void ConfigureServices(IServiceCollection services) +{ + var userSchema = SCIMSchemaBuilder.Create("urn:ietf:params:scim:schemas:core:2.0:User", "User", SCIMResourceTypes.User, "User Account", true) + .AddStringAttribute("userName", required: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE, caseExact: true, uniqueness: SCIMSchemaAttributeUniqueness.SERVER) + .AddComplexAttribute("name", c => + { + c.AddStringAttribute("formatted", description: "The full name"); + c.AddStringAttribute("familyName", description: "The family name"); + c.AddStringAttribute("givenName", description: "The given name"); + }, description: "The components of the user's real name.") + .AddStringAttribute("roles", multiValued: true) + .AddDecimalAttribute("age") + .AddDateTimeAttribute("birthDate") + .AddBooleanAttribute("active") + .AddStringAttribute("duplicateAttr") + .AddIntAttribute("nbPoints") + .AddStringAttribute("organizationId") + .AddBinaryAttribute("eidCertificate") + .AddComplexAttribute("subImmutableComplex", opt => + { + opt.AddStringAttribute("value", mutability: SCIMSchemaAttributeMutabilities.IMMUTABLE); + opt.AddStringAttribute("type", mutability: SCIMSchemaAttributeMutabilities.IMMUTABLE); + }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE) + .AddComplexAttribute("complexImmutable", opt => + { + opt.AddStringAttribute("value"); + opt.AddStringAttribute("type"); + }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.IMMUTABLE) + .AddComplexAttribute("emails", opt => + { + opt.AddStringAttribute("value"); + opt.AddStringAttribute("display"); + opt.AddBooleanAttribute("primary"); + opt.AddStringAttribute("type"); + }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE) + .AddStringAttribute("immutable", mutability: SCIMSchemaAttributeMutabilities.IMMUTABLE) + .AddComplexAttribute("groups", opt => + { + opt.AddStringAttribute("value", mutability: SCIMSchemaAttributeMutabilities.READONLY); + opt.AddStringAttribute("display", mutability: SCIMSchemaAttributeMutabilities.READONLY); + opt.AddStringAttribute("type", new List { "direct", "indirect" }, mutability: SCIMSchemaAttributeMutabilities.READONLY); + }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READONLY) + .AddComplexAttribute("phones", opt => + { + opt.AddStringAttribute("phoneNumber", description: "Phone number"); + opt.AddStringAttribute("type", description: "Type"); + }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE) + .AddComplexAttribute("adRoles", opt => + { + opt.AddStringAttribute("value", description: "Value"); + opt.AddStringAttribute("display", description: "Display"); + }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE) + .AddComplexAttribute("scores", opt => + { + opt.AddComplexAttribute("math", sopt => + { + sopt.AddIntAttribute("score"); + }, multiValued: true, mutability: SCIMSchemaAttributeMutabilities.READWRITE); + }, mutability: SCIMSchemaAttributeMutabilities.READWRITE) + .AddStringAttribute("type", canonicalValues: new List + { + "manager", + "employee" + }) + .AddStringAttribute("org", defaultValue: new List { "ENTREPRISE" }, mutability: SCIMSchemaAttributeMutabilities.READWRITE) + .AddSCIMSchemaExtension("urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", true) + .Build(); + var enterpriseUser = SCIMSchemaBuilder.Create("urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "EnterpriseUser", "EnterpriseUser", string.Empty, false) + .AddStringAttribute("employeeNumber", required: true) + .AddStringAttribute("duplicateAttr") + .Build(); + var entitlementSchema = SCIMSchemaBuilder.Create("urn:entitlement", "Entitlement", "Entitlement", string.Empty, true) + .AddStringAttribute("displayName") + .AddComplexAttribute("members", opt => + { + opt.AddStringAttribute("value"); + opt.AddReferenceAttribute("$ref"); + opt.AddStringAttribute("type"); + opt.AddStringAttribute("display"); + }, multiValued: true) + .Build(); + var customUserSchema = SCIMSchemaBuilder.Create("urn:customuser", "CustomUser", "CustomUser", string.Empty, true) + .AddStringAttribute("userName", required: true) + .AddComplexAttribute("emails", o => + { + o.AddStringAttribute("value", required: true); + }, multiValued: true) + .AddComplexAttribute("entitlements", opt => + { + opt.AddStringAttribute("value"); + opt.AddReferenceAttribute("$ref"); + opt.AddStringAttribute("type"); + opt.AddStringAttribute("display"); + }, multiValued: true) + .Build(); + var schemas = new List + { + userSchema, + enterpriseUser, + StandardSchemas.GroupSchema, + entitlementSchema, + customUserSchema + }; + var attributesMapping = new List + { + new SCIMAttributeMapping + { + Id = Guid.NewGuid().ToString(), + SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, + SourceResourceType = userSchema.ResourceType, + SourceAttributeSelector = "groups", + TargetResourceType = StandardSchemas.GroupSchema.ResourceType, + TargetAttributeId = StandardSchemas.GroupSchema.Attributes.First(a => a.Name == "members").Id + }, + new SCIMAttributeMapping + { + Id = Guid.NewGuid().ToString(), + SourceAttributeId = StandardSchemas.GroupSchema.Attributes.First(a => a.Name == "members").Id, + SourceResourceType = StandardSchemas.GroupSchema.ResourceType, + SourceAttributeSelector = "members", + TargetResourceType = userSchema.ResourceType, + TargetAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, + Mode = Mode.PROPAGATE_INHERITANCE + }, + new SCIMAttributeMapping + { + Id = Guid.NewGuid().ToString(), + SourceAttributeId = StandardSchemas.GroupSchema.Attributes.First(a => a.Name == "members").Id, + SourceResourceType = StandardSchemas.GroupSchema.ResourceType, + SourceAttributeSelector = "members", + TargetResourceType = StandardSchemas.GroupSchema.ResourceType + }, + new SCIMAttributeMapping + { + Id = Guid.NewGuid().ToString(), + SourceAttributeId = customUserSchema.Attributes.First(a => a.Name == "entitlements").Id, + SourceResourceType = "CustomUser", + SourceAttributeSelector = "entitlements", + TargetResourceType = "Entitlement", + TargetAttributeId = entitlementSchema.Attributes.First(a => a.Name == "members").Id + }, + new SCIMAttributeMapping + { + Id = Guid.NewGuid().ToString(), + SourceAttributeId = entitlementSchema.Attributes.First(a => a.Name == "members").Id, + SourceResourceType = "Entitlement", + SourceAttributeSelector = "members", + TargetResourceType = "CustomUser", + TargetAttributeId = customUserSchema.Attributes.First(a => a.Name == "entitlements").Id + } + }; + + services.AddMvc(o => + { + o.EnableEndpointRouting = false; + o.ValueProviderFactories.Insert(0, new SeparatedQueryStringValueProviderFactory(",")); + }).AddNewtonsoftJson(o => { }); + services.AddAuthorization(opts => + { + opts.AddPolicy("QueryScimResource", p => p.RequireAssertion(_ => true)); + opts.AddPolicy("AddScimResource", p => p.RequireAssertion(_ => true)); + opts.AddPolicy("DeleteScimResource", p => p.RequireAssertion(_ => true)); + opts.AddPolicy("UpdateScimResource", p => p.RequireAssertion(_ => true)); + opts.AddPolicy("BulkScimResource", p => p.RequireAssertion(_ => true)); + opts.AddPolicy("UserAuthenticated", p => p.RequireAssertion(_ => true)); + opts.AddPolicy("Provison", p => p.RequireAssertion(_ => true)); + }); + // services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy()); + services.AddAuthentication(SCIMConstants.AuthenticationScheme).AddCustomAuthentication(c => { }); + services.AddSIDScim(o => + { + o.MaxOperations = 3; + o.IgnoreUnsupportedCanonicalValues = false; + o.MergeExtensionAttributes = true; + }) + .AddSchemas(schemas) + .AddAttributeMapping(attributesMapping); +} + +void Configure(WebApplication app) +{ + app.UseAuthentication(); + app.UseAuthorization(); + app.UseMvc(o => + { + o.UseStandardScimEdp("CustomUsers", false); + o.UseStandardScimEdp("Entitlements", false); + o.UseScim(); + }); +} + +var builder = WebApplication.CreateBuilder(args); +ConfigureServices(builder.Services); +var app = builder.Build(); +Configure(app); +app.Run(); + +public static class ServiceCollectionExtensions +{ + public static AuthenticationBuilder AddCustomAuthentication(this AuthenticationBuilder authBuilder, Action callback) + { + authBuilder.AddScheme(SCIMConstants.AuthenticationScheme, SCIMConstants.AuthenticationScheme, callback); + return authBuilder; + } +} diff --git a/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/SimpleIdServer.Scim.Host.Acceptance.Tests.csproj b/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/SimpleIdServer.Scim.Host.Acceptance.Tests.csproj index 2290fbca4..d5a1e5c3e 100644 --- a/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/SimpleIdServer.Scim.Host.Acceptance.Tests.csproj +++ b/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/SimpleIdServer.Scim.Host.Acceptance.Tests.csproj @@ -2,6 +2,8 @@ net8.0 false + true + false diff --git a/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/Steps/SharedSteps.cs b/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/Steps/SharedSteps.cs index 3fee4348c..a31527236 100644 --- a/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/Steps/SharedSteps.cs +++ b/tests/SimpleIdServer.Scim.Host.Acceptance.Tests/Steps/SharedSteps.cs @@ -18,12 +18,12 @@ namespace SimpleIdServer.Scim.Host.Acceptance.Tests.Steps public class SharedSteps { private readonly ScenarioContext _scenarioContext; - private CustomWebApplicationFactory _factory; + private CustomWebApplicationFactory _factory; public SharedSteps(ScenarioContext scenarioContext) { _scenarioContext = scenarioContext; - _factory = new CustomWebApplicationFactory((o) => + _factory = new CustomWebApplicationFactory((o) => { o.AddSingleton(scenarioContext); }); diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/CustomWebApplicationFactory.cs b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/CustomWebApplicationFactory.cs new file mode 100644 index 000000000..fee31adfe --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/CustomWebApplicationFactory.cs @@ -0,0 +1,97 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Hosting; +using Microsoft.AspNetCore.Mvc.Testing; +using Microsoft.AspNetCore.TestHost; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.DependencyInjection.Extensions; +using Moq; +using SimpleIdServer.Did.Crypto; +using System.Collections.Generic; +using System.IO; +using System.Net; +using System.Net.Http; +using System.Text; +using System.Text.Json; +using System.Threading; +using System.Threading.Tasks; +using TechTalk.SpecFlow; + +namespace SimpleIdServer.SelfIdServer.Host.Acceptance.Tests; + +public class CustomWebApplicationFactory : WebApplicationFactory where TProgram : class +{ + private readonly ScenarioContext _scenarioContext; + + public CustomWebApplicationFactory(ScenarioContext scenarioContext) + { + _scenarioContext = scenarioContext; + } + + protected override void ConfigureWebHost(IWebHostBuilder builder) + { + builder.UseContentRoot(Directory.GetCurrentDirectory()); + builder.ConfigureTestServices(s => + { + s.RemoveAll(); + var mo = new Mock(); + mo.Setup(m => m.GetHttpClient()) + .Returns(() => + { + var fakeHttpMessageHandler = new FakeHttpMessageHandler(_scenarioContext); + return new HttpClient(fakeHttpMessageHandler); + }); + mo.Setup(m => m.GetHttpClient(It.IsAny())) + .Returns(() => + { + var fakeHttpMessageHandler = new FakeHttpMessageHandler(_scenarioContext); + return new HttpClient(fakeHttpMessageHandler); + }); + s.AddSingleton(mo.Object); + }); + } +} + +public class FakeHttpMessageHandler : DelegatingHandler +{ + private readonly ScenarioContext _scenarioContext; + + public FakeHttpMessageHandler(ScenarioContext scenarioContext) + { + _scenarioContext = scenarioContext; + } + + protected override async Task SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) + { + var uri = request.RequestUri.AbsoluteUri; + if (uri == "http://localhost/notificationedp") + { + var j = await request.Content.ReadAsStringAsync(); + _scenarioContext.Set(j, "notificationResponse"); + return new HttpResponseMessage + { + StatusCode = HttpStatusCode.OK, + Content = new StringContent("{}", Encoding.UTF8, "application/json") + }; + } + if(uri == "http://clientmetadata.com/") + { + return new HttpResponseMessage + { + StatusCode = HttpStatusCode.BadRequest + }; + } + + var redirectUrls = new List + { + "http://a.domain.com", + "http://b.domain.com" + }; + var json = JsonSerializer.Serialize(redirectUrls); + return new HttpResponseMessage + { + StatusCode = HttpStatusCode.OK, + Content = new StringContent(json, Encoding.UTF8, "application/json") + }; + } +} diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/FakeAntiforgery.cs b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/FakeAntiforgery.cs new file mode 100644 index 000000000..2b4fd4906 --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/FakeAntiforgery.cs @@ -0,0 +1,34 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Antiforgery; +using Microsoft.AspNetCore.Http; +using System.Threading.Tasks; + +namespace SimpleIdServer.SelfIdServer.Host.Acceptance.Tests; + +public class FakeAntiforgery : IAntiforgery +{ + public AntiforgeryTokenSet GetAndStoreTokens(HttpContext httpContext) + { + return new AntiforgeryTokenSet(null, null, null, null); + } + + public AntiforgeryTokenSet GetTokens(HttpContext httpContext) + { + return new AntiforgeryTokenSet(null, null, null, null); + } + + public Task IsRequestValidAsync(HttpContext httpContext) + { + return Task.FromResult(true); + } + + public void SetCookieTokenAndHeader(HttpContext httpContext) + { + } + + public Task ValidateRequestAsync(HttpContext httpContext) + { + return Task.CompletedTask; + } +} diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationCallbackErrors.feature b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationCallbackErrors.feature new file mode 100644 index 000000000..d31dbfd73 --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationCallbackErrors.feature @@ -0,0 +1,72 @@ +Feature: AuthorizationCallbackErrors + Check errors returned by the callback operation of the authorization api + +Scenario: IdToken parameter is required + When execute HTTP POST request 'https://localhost:8080/authorization/callback' + | Key | Value | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='missing parameter id_token' + +Scenario: IdToken parameter must be a valid JSON Web Token + When execute HTTP POST request 'https://localhost:8080/authorization/callback' + | Key | Value | + | id_token | bad | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='JSON Web Token cannot be read' + +Scenario: Nonce claim must be present in the JSON Web Token + Given build JWS id_token_hint and sign with the key 'keyid' + | Key | Value | + | sub | otheruser | + + When execute HTTP POST request 'https://localhost:8080/authorization/callback' + | Key | Value | + | id_token | $id_token_hint$ | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='the nonce claim is missing in the id_token' + +Scenario: Nonce must be valid + Given build JWS id_token_hint and sign with the key 'keyid' + | Key | Value | + | sub | otheruser | + | nonce | invalidnonce | + + When execute HTTP POST request 'https://localhost:8080/authorization/callback' + | Key | Value | + | id_token | $id_token_hint$ | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='the nonce is invalid and doesn't match the nonce present in the authorization request' + +Scenario: Identity token must be signed by the Distributed Identity Document + Given build authorization request callback 'nonce' + + And build JWS id_token_hint and sign with the key 'keyid' + | Key | Value | + | sub | otheruser | + | nonce | nonce | + + When execute HTTP POST request 'https://localhost:8080/authorization/callback' + | Key | Value | + | id_token | $id_token_hint$ | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='did doesn't have the correct format' \ No newline at end of file diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationCallbackErrors.feature.cs b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationCallbackErrors.feature.cs new file mode 100644 index 000000000..37fd3239c --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationCallbackErrors.feature.cs @@ -0,0 +1,350 @@ +// ------------------------------------------------------------------------------ +// +// This code was generated by SpecFlow (https://www.specflow.org/). +// SpecFlow Version:3.9.0.0 +// SpecFlow Generator Version:3.9.0.0 +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// +// ------------------------------------------------------------------------------ +#region Designer generated code +#pragma warning disable +namespace SimpleIdServer.SelfIdServer.Host.Acceptance.Tests.Features +{ + using TechTalk.SpecFlow; + using System; + using System.Linq; + + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public partial class AuthorizationCallbackErrorsFeature : object, Xunit.IClassFixture, System.IDisposable + { + + private static TechTalk.SpecFlow.ITestRunner testRunner; + + private static string[] featureTags = ((string[])(null)); + + private Xunit.Abstractions.ITestOutputHelper _testOutputHelper; + +#line 1 "AuthorizationCallbackErrors.feature" +#line hidden + + public AuthorizationCallbackErrorsFeature(AuthorizationCallbackErrorsFeature.FixtureData fixtureData, SimpleIdServer_SelfIdServer_Host_Acceptance_Tests_XUnitAssemblyFixture assemblyFixture, Xunit.Abstractions.ITestOutputHelper testOutputHelper) + { + this._testOutputHelper = testOutputHelper; + this.TestInitialize(); + } + + public static void FeatureSetup() + { + testRunner = TechTalk.SpecFlow.TestRunnerManager.GetTestRunner(); + TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Features", "AuthorizationCallbackErrors", "\tCheck errors returned by the callback operation of the authorization api", ProgrammingLanguage.CSharp, featureTags); + testRunner.OnFeatureStart(featureInfo); + } + + public static void FeatureTearDown() + { + testRunner.OnFeatureEnd(); + testRunner = null; + } + + public void TestInitialize() + { + } + + public void TestTearDown() + { + testRunner.OnScenarioEnd(); + } + + public void ScenarioInitialize(TechTalk.SpecFlow.ScenarioInfo scenarioInfo) + { + testRunner.OnScenarioInitialize(scenarioInfo); + testRunner.ScenarioContext.ScenarioContainer.RegisterInstanceAs(_testOutputHelper); + } + + public void ScenarioStart() + { + testRunner.OnScenarioStart(); + } + + public void ScenarioCleanup() + { + testRunner.CollectScenarioErrors(); + } + + void System.IDisposable.Dispose() + { + this.TestTearDown(); + } + + [Xunit.SkippableFactAttribute(DisplayName="IdToken parameter is required")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationCallbackErrors")] + [Xunit.TraitAttribute("Description", "IdToken parameter is required")] + public void IdTokenParameterIsRequired() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("IdToken parameter is required", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 4 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table1 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); +#line 5 + testRunner.When("execute HTTP POST request \'https://localhost:8080/authorization/callback\'", ((string)(null)), table1, "When "); +#line hidden +#line 8 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 10 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 11 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 12 + testRunner.Then("JSON \'error_description\'=\'missing parameter id_token\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="IdToken parameter must be a valid JSON Web Token")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationCallbackErrors")] + [Xunit.TraitAttribute("Description", "IdToken parameter must be a valid JSON Web Token")] + public void IdTokenParameterMustBeAValidJSONWebToken() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("IdToken parameter must be a valid JSON Web Token", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 14 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table2 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table2.AddRow(new string[] { + "id_token", + "bad"}); +#line 15 + testRunner.When("execute HTTP POST request \'https://localhost:8080/authorization/callback\'", ((string)(null)), table2, "When "); +#line hidden +#line 19 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 21 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 22 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 23 + testRunner.Then("JSON \'error_description\'=\'JSON Web Token cannot be read\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Nonce claim must be present in the JSON Web Token")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationCallbackErrors")] + [Xunit.TraitAttribute("Description", "Nonce claim must be present in the JSON Web Token")] + public void NonceClaimMustBePresentInTheJSONWebToken() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Nonce claim must be present in the JSON Web Token", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 25 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table3 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table3.AddRow(new string[] { + "sub", + "otheruser"}); +#line 26 + testRunner.Given("build JWS id_token_hint and sign with the key \'keyid\'", ((string)(null)), table3, "Given "); +#line hidden + TechTalk.SpecFlow.Table table4 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table4.AddRow(new string[] { + "id_token", + "$id_token_hint$"}); +#line 30 + testRunner.When("execute HTTP POST request \'https://localhost:8080/authorization/callback\'", ((string)(null)), table4, "When "); +#line hidden +#line 34 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 36 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 37 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 38 + testRunner.Then("JSON \'error_description\'=\'the nonce claim is missing in the id_token\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Nonce must be valid")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationCallbackErrors")] + [Xunit.TraitAttribute("Description", "Nonce must be valid")] + public void NonceMustBeValid() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Nonce must be valid", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 40 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table5 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table5.AddRow(new string[] { + "sub", + "otheruser"}); + table5.AddRow(new string[] { + "nonce", + "invalidnonce"}); +#line 41 + testRunner.Given("build JWS id_token_hint and sign with the key \'keyid\'", ((string)(null)), table5, "Given "); +#line hidden + TechTalk.SpecFlow.Table table6 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table6.AddRow(new string[] { + "id_token", + "$id_token_hint$"}); +#line 46 + testRunner.When("execute HTTP POST request \'https://localhost:8080/authorization/callback\'", ((string)(null)), table6, "When "); +#line hidden +#line 50 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 52 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 53 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 54 + testRunner.Then("JSON \'error_description\'=\'the nonce is invalid and doesn\'t match the nonce presen" + + "t in the authorization request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Identity token must be signed by the Distributed Identity Document")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationCallbackErrors")] + [Xunit.TraitAttribute("Description", "Identity token must be signed by the Distributed Identity Document")] + public void IdentityTokenMustBeSignedByTheDistributedIdentityDocument() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Identity token must be signed by the Distributed Identity Document", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 56 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); +#line 57 + testRunner.Given("build authorization request callback \'nonce\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Given "); +#line hidden + TechTalk.SpecFlow.Table table7 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table7.AddRow(new string[] { + "sub", + "otheruser"}); + table7.AddRow(new string[] { + "nonce", + "nonce"}); +#line 59 + testRunner.And("build JWS id_token_hint and sign with the key \'keyid\'", ((string)(null)), table7, "And "); +#line hidden + TechTalk.SpecFlow.Table table8 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table8.AddRow(new string[] { + "id_token", + "$id_token_hint$"}); +#line 64 + testRunner.When("execute HTTP POST request \'https://localhost:8080/authorization/callback\'", ((string)(null)), table8, "When "); +#line hidden +#line 68 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 70 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 71 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 72 + testRunner.Then("JSON \'error_description\'=\'did doesn\'t have the correct format\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public class FixtureData : System.IDisposable + { + + public FixtureData() + { + AuthorizationCallbackErrorsFeature.FeatureSetup(); + } + + void System.IDisposable.Dispose() + { + AuthorizationCallbackErrorsFeature.FeatureTearDown(); + } + } + } +} +#pragma warning restore +#endregion diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationErrors.feature b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationErrors.feature new file mode 100644 index 000000000..e44c8a9b6 --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationErrors.feature @@ -0,0 +1,100 @@ +Feature: AuthorizationErrors + Check errors returned by the authorization endpoint + +Scenario: ClientId is required + When execute HTTP GET request 'http://localhost/authorization' + | Key | Value | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='missing parameter client_id' + +Scenario: When the client is not registered then only one parameter (client_metadata or client_metadata_uri) can be used + When execute HTTP GET request 'http://localhost/authorization' + | Key | Value | + | client_id | did:client | + | client_metadata_uri | http://localhost | + | client_metadata | { } | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='the parameters client_metadata and client_metadata_uri cannot be used the same time' + +Scenario: When the client is not registered then the parameter client_metadata or client_metadata_uri is required + When execute HTTP GET request 'http://localhost/authorization' + | Key | Value | + | client_id | did:client | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='the parameter client_metadata or client_metadata_uri is required' + +Scenario: The client_metadata_uri must be valid + When execute HTTP GET request 'http://localhost/authorization' + | Key | Value | + | client_id | did:client | + | client_metadata_uri | http://clientmetadata.com | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_client_metadata_uri' + Then JSON 'error_description'='the client_metadata_uri in the Authorization Request returns an error or contains invalid data' + +Scenario: Response type is required + When execute HTTP GET request 'http://localhost/authorization' + | Key | Value | + | client_id | did:client | + | client_metadata | { } | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='missing parameter response_type' + +Scenario: Response type must be supported + When execute HTTP GET request 'http://localhost/authorization' + | Key | Value | + | response_type | invalid | + | client_id | did:client | + | client_metadata | { } | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='unsupported_response_type' + Then JSON 'error_description'='missing response types invalid' + +Scenario: Scope is required + When execute HTTP GET request 'http://localhost/authorization' + | Key | Value | + | response_type | code | + | client_id | did:client | + | client_metadata | { } | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='missing parameters scope,resource,authorization_details' + +Scenario: Redirect_uri is required + When execute HTTP GET request 'http://localhost/authorization' + | Key | Value | + | response_type | code | + | client_id | did:client | + | client_metadata | { } | + | scope | openid | + + And extract JSON from body + + Then HTTP status code equals to '400' + Then JSON 'error'='invalid_request' + Then JSON 'error_description'='missing parameter redirect_uri' \ No newline at end of file diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationErrors.feature.cs b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationErrors.feature.cs new file mode 100644 index 000000000..2c279f124 --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Features/AuthorizationErrors.feature.cs @@ -0,0 +1,485 @@ +// ------------------------------------------------------------------------------ +// +// This code was generated by SpecFlow (https://www.specflow.org/). +// SpecFlow Version:3.9.0.0 +// SpecFlow Generator Version:3.9.0.0 +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// +// ------------------------------------------------------------------------------ +#region Designer generated code +#pragma warning disable +namespace SimpleIdServer.SelfIdServer.Host.Acceptance.Tests.Features +{ + using TechTalk.SpecFlow; + using System; + using System.Linq; + + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public partial class AuthorizationErrorsFeature : object, Xunit.IClassFixture, System.IDisposable + { + + private static TechTalk.SpecFlow.ITestRunner testRunner; + + private static string[] featureTags = ((string[])(null)); + + private Xunit.Abstractions.ITestOutputHelper _testOutputHelper; + +#line 1 "AuthorizationErrors.feature" +#line hidden + + public AuthorizationErrorsFeature(AuthorizationErrorsFeature.FixtureData fixtureData, SimpleIdServer_SelfIdServer_Host_Acceptance_Tests_XUnitAssemblyFixture assemblyFixture, Xunit.Abstractions.ITestOutputHelper testOutputHelper) + { + this._testOutputHelper = testOutputHelper; + this.TestInitialize(); + } + + public static void FeatureSetup() + { + testRunner = TechTalk.SpecFlow.TestRunnerManager.GetTestRunner(); + TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Features", "AuthorizationErrors", "\tCheck errors returned by the authorization endpoint\t", ProgrammingLanguage.CSharp, featureTags); + testRunner.OnFeatureStart(featureInfo); + } + + public static void FeatureTearDown() + { + testRunner.OnFeatureEnd(); + testRunner = null; + } + + public void TestInitialize() + { + } + + public void TestTearDown() + { + testRunner.OnScenarioEnd(); + } + + public void ScenarioInitialize(TechTalk.SpecFlow.ScenarioInfo scenarioInfo) + { + testRunner.OnScenarioInitialize(scenarioInfo); + testRunner.ScenarioContext.ScenarioContainer.RegisterInstanceAs(_testOutputHelper); + } + + public void ScenarioStart() + { + testRunner.OnScenarioStart(); + } + + public void ScenarioCleanup() + { + testRunner.CollectScenarioErrors(); + } + + void System.IDisposable.Dispose() + { + this.TestTearDown(); + } + + [Xunit.SkippableFactAttribute(DisplayName="ClientId is required")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationErrors")] + [Xunit.TraitAttribute("Description", "ClientId is required")] + public void ClientIdIsRequired() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("ClientId is required", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 4 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table9 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); +#line 5 + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table9, "When "); +#line hidden +#line 8 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 10 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 11 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 12 + testRunner.Then("JSON \'error_description\'=\'missing parameter client_id\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="When the client is not registered then only one parameter (client_metadata or cli" + + "ent_metadata_uri) can be used")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationErrors")] + [Xunit.TraitAttribute("Description", "When the client is not registered then only one parameter (client_metadata or cli" + + "ent_metadata_uri) can be used")] + public void WhenTheClientIsNotRegisteredThenOnlyOneParameterClient_MetadataOrClient_Metadata_UriCanBeUsed() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("When the client is not registered then only one parameter (client_metadata or cli" + + "ent_metadata_uri) can be used", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 14 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table10 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table10.AddRow(new string[] { + "client_id", + "did:client"}); + table10.AddRow(new string[] { + "client_metadata_uri", + "http://localhost"}); + table10.AddRow(new string[] { + "client_metadata", + "{ }"}); +#line 15 + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table10, "When "); +#line hidden +#line 21 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 23 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 24 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 25 + testRunner.Then("JSON \'error_description\'=\'the parameters client_metadata and client_metadata_uri " + + "cannot be used the same time\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="When the client is not registered then the parameter client_metadata or client_me" + + "tadata_uri is required")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationErrors")] + [Xunit.TraitAttribute("Description", "When the client is not registered then the parameter client_metadata or client_me" + + "tadata_uri is required")] + public void WhenTheClientIsNotRegisteredThenTheParameterClient_MetadataOrClient_Metadata_UriIsRequired() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("When the client is not registered then the parameter client_metadata or client_me" + + "tadata_uri is required", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 27 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table11 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table11.AddRow(new string[] { + "client_id", + "did:client"}); +#line 28 + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table11, "When "); +#line hidden +#line 32 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 34 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 35 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 36 + testRunner.Then("JSON \'error_description\'=\'the parameter client_metadata or client_metadata_uri is" + + " required\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="The client_metadata_uri must be valid")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationErrors")] + [Xunit.TraitAttribute("Description", "The client_metadata_uri must be valid")] + public void TheClient_Metadata_UriMustBeValid() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("The client_metadata_uri must be valid", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 38 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table12 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table12.AddRow(new string[] { + "client_id", + "did:client"}); + table12.AddRow(new string[] { + "client_metadata_uri", + "http://clientmetadata.com"}); +#line 39 + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table12, "When "); +#line hidden +#line 44 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 46 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 47 + testRunner.Then("JSON \'error\'=\'invalid_client_metadata_uri\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 48 + testRunner.Then("JSON \'error_description\'=\'the client_metadata_uri in the Authorization Request re" + + "turns an error or contains invalid data\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Response type is required")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationErrors")] + [Xunit.TraitAttribute("Description", "Response type is required")] + public void ResponseTypeIsRequired() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Response type is required", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 50 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table13 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table13.AddRow(new string[] { + "client_id", + "did:client"}); + table13.AddRow(new string[] { + "client_metadata", + "{ }"}); +#line 51 + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table13, "When "); +#line hidden +#line 56 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 58 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 59 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 60 + testRunner.Then("JSON \'error_description\'=\'missing parameter response_type\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Response type must be supported")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationErrors")] + [Xunit.TraitAttribute("Description", "Response type must be supported")] + public void ResponseTypeMustBeSupported() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Response type must be supported", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 62 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table14 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table14.AddRow(new string[] { + "response_type", + "invalid"}); + table14.AddRow(new string[] { + "client_id", + "did:client"}); + table14.AddRow(new string[] { + "client_metadata", + "{ }"}); +#line 63 + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table14, "When "); +#line hidden +#line 69 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 71 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 72 + testRunner.Then("JSON \'error\'=\'unsupported_response_type\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 73 + testRunner.Then("JSON \'error_description\'=\'missing response types invalid\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Scope is required")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationErrors")] + [Xunit.TraitAttribute("Description", "Scope is required")] + public void ScopeIsRequired() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Scope is required", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 75 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table15 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table15.AddRow(new string[] { + "response_type", + "code"}); + table15.AddRow(new string[] { + "client_id", + "did:client"}); + table15.AddRow(new string[] { + "client_metadata", + "{ }"}); +#line 76 + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table15, "When "); +#line hidden +#line 82 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 84 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 85 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 86 + testRunner.Then("JSON \'error_description\'=\'missing parameters scope,resource,authorization_details" + + "\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [Xunit.SkippableFactAttribute(DisplayName="Redirect_uri is required")] + [Xunit.TraitAttribute("FeatureTitle", "AuthorizationErrors")] + [Xunit.TraitAttribute("Description", "Redirect_uri is required")] + public void Redirect_UriIsRequired() + { + string[] tagsOfScenario = ((string[])(null)); + System.Collections.Specialized.OrderedDictionary argumentsOfScenario = new System.Collections.Specialized.OrderedDictionary(); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Redirect_uri is required", null, tagsOfScenario, argumentsOfScenario, featureTags); +#line 88 +this.ScenarioInitialize(scenarioInfo); +#line hidden + if ((TagHelper.ContainsIgnoreTag(tagsOfScenario) || TagHelper.ContainsIgnoreTag(featureTags))) + { + testRunner.SkipScenario(); + } + else + { + this.ScenarioStart(); + TechTalk.SpecFlow.Table table16 = new TechTalk.SpecFlow.Table(new string[] { + "Key", + "Value"}); + table16.AddRow(new string[] { + "response_type", + "code"}); + table16.AddRow(new string[] { + "client_id", + "did:client"}); + table16.AddRow(new string[] { + "client_metadata", + "{ }"}); + table16.AddRow(new string[] { + "scope", + "openid"}); +#line 89 + testRunner.When("execute HTTP GET request \'http://localhost/authorization\'", ((string)(null)), table16, "When "); +#line hidden +#line 96 + testRunner.And("extract JSON from body", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "And "); +#line hidden +#line 98 + testRunner.Then("HTTP status code equals to \'400\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 99 + testRunner.Then("JSON \'error\'=\'invalid_request\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden +#line 100 + testRunner.Then("JSON \'error_description\'=\'missing parameter redirect_uri\'", ((string)(null)), ((TechTalk.SpecFlow.Table)(null)), "Then "); +#line hidden + } + this.ScenarioCleanup(); + } + + [System.CodeDom.Compiler.GeneratedCodeAttribute("TechTalk.SpecFlow", "3.9.0.0")] + [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + public class FixtureData : System.IDisposable + { + + public FixtureData() + { + AuthorizationErrorsFeature.FeatureSetup(); + } + + void System.IDisposable.Dispose() + { + AuthorizationErrorsFeature.FeatureTearDown(); + } + } + } +} +#pragma warning restore +#endregion diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/IdServerConfiguration.cs b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/IdServerConfiguration.cs new file mode 100644 index 000000000..ab3bcf34d --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/IdServerConfiguration.cs @@ -0,0 +1,13 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using System.Collections.Generic; + +namespace SimpleIdServer.SelfIdServer.Host.Acceptance.Tests; + +public class IdServerConfiguration +{ + public static List Realms = new List + { + SimpleIdServer.IdServer.Constants.StandardRealms.Master + }; +} \ No newline at end of file diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Program.cs b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Program.cs new file mode 100644 index 000000000..869a0550b --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Program.cs @@ -0,0 +1,77 @@ +using Microsoft.AspNetCore.Antiforgery; +using Microsoft.AspNetCore.Builder; +using Microsoft.Extensions.Caching.Distributed; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.Did.Key; +using SimpleIdServer.IdServer; +using SimpleIdServer.SelfIdServer.Host.Acceptance.Tests; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Security.Cryptography; + +var builder = WebApplication.CreateBuilder(args); +var p = GetKey(512); +var s = new SymmetricSecurityKey(p) +{ + KeyId = Guid.NewGuid().ToString() +}; + +builder.Services.AddSIDIdentityServer() + .UseInMemoryEFStore(o => + { + o.AddInMemoryRealms(IdServerConfiguration.Realms); + o.AddInMemoryKeys(SimpleIdServer.IdServer.Constants.StandardRealms.Master, new List + { + new SigningCredentials(BuildRsaSecurityKey("keyid"), SecurityAlgorithms.RsaSha256), + new SigningCredentials(BuildRsaSecurityKey("keyid2"), SecurityAlgorithms.RsaSha384), + new SigningCredentials(BuildRsaSecurityKey("keyid3"), SecurityAlgorithms.RsaSha512), + new SigningCredentials(BuildECDSaSecurityKey(ECCurve.NamedCurves.nistP256), SecurityAlgorithms.EcdsaSha256), + new SigningCredentials(BuildECDSaSecurityKey(ECCurve.NamedCurves.nistP384), SecurityAlgorithms.EcdsaSha384), + new SigningCredentials(BuildECDSaSecurityKey(ECCurve.NamedCurves.nistP521), SecurityAlgorithms.EcdsaSha512), + new SigningCredentials(BuildSymmetricSecurityKey(256), SecurityAlgorithms.HmacSha256), + new SigningCredentials(BuildSymmetricSecurityKey(384), SecurityAlgorithms.HmacSha384), + new SigningCredentials(BuildSymmetricSecurityKey(512), SecurityAlgorithms.HmacSha512) + }, new List + { + new EncryptingCredentials(BuildRsaSecurityKey("keyid4"), SecurityAlgorithms.RsaPKCS1, SecurityAlgorithms.Aes128CbcHmacSha256) + }); + }) + .AddBackChannelAuthentication() + .UseInMemoryMassTransit(); +var antiforgeryService = builder.Services.First(s => s.ServiceType == typeof(IAntiforgery)); +var memoryDistribution = builder.Services.First(s => s.ServiceType == typeof(IDistributedCache)); +builder.Services.AddDidKey(); +builder.Services.Remove(antiforgeryService); +builder.Services.Remove(memoryDistribution); +builder.Services.AddTransient(); +builder.Services.AddSingleton(SingletonDistributedCache.Instance().Get()); +var app = builder.Build() + .UseSID(); +app.Run(); + +static RsaSecurityKey BuildRsaSecurityKey(string keyid) => new RsaSecurityKey(RSA.Create()) +{ + KeyId = keyid +}; + +static ECDsaSecurityKey BuildECDSaSecurityKey(ECCurve curve) => new ECDsaSecurityKey(ECDsa.Create(curve)) +{ + KeyId = Guid.NewGuid().ToString() +}; + +static SecurityKey BuildSymmetricSecurityKey(int keySize) => new SymmetricSecurityKey(GetKey(keySize)) +{ + KeyId = Guid.NewGuid().ToString() +}; + +static byte[] GetKey(int keySize) +{ + var length = keySize / 8; + var str = "abcdefghijklmnopqrstuvwxyz"; + var rnd = new Random(); + return Enumerable.Repeat(0, length).Select(_ => rnd.Next(0, str.Length)).Select(_ => Convert.ToByte(str[_])).ToArray(); +} + +public partial class Program { } \ No newline at end of file diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Properties/launchSettings.json b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Properties/launchSettings.json new file mode 100644 index 000000000..e9f2bf8b3 --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Properties/launchSettings.json @@ -0,0 +1,12 @@ +{ + "profiles": { + "SimpleIdServer.SelfIdServer.Host.Acceptance.Tests": { + "commandName": "Project", + "launchBrowser": true, + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + }, + "applicationUrl": "https://localhost:53836;http://localhost:53837" + } + } +} \ No newline at end of file diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/SimpleIdServer.SelfIdServer.Host.Acceptance.Tests.csproj b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/SimpleIdServer.SelfIdServer.Host.Acceptance.Tests.csproj new file mode 100644 index 000000000..f7e00a631 --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/SimpleIdServer.SelfIdServer.Host.Acceptance.Tests.csproj @@ -0,0 +1,54 @@ + + + net8.0 + false + true + false + + + + + + + + + + + + + + + all + runtime; build; native; contentfiles; analyzers + + + + + + Always + + + + + + + + + + AuthorizationCallbackErrors.feature + + + %(Filename) + + + + + $(UsingMicrosoftNETSdk) + %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + + + $(UsingMicrosoftNETSdk) + %(RelativeDir)%(Filename).feature$(DefaultLanguageSourceExtension) + + + diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/SingletonDistributedCache.cs b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/SingletonDistributedCache.cs new file mode 100644 index 000000000..0477dbb46 --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/SingletonDistributedCache.cs @@ -0,0 +1,29 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.Extensions.Caching.Distributed; +using Microsoft.Extensions.Caching.Memory; + +namespace SimpleIdServer.SelfIdServer.Host.Acceptance.Tests; + +public class SingletonDistributedCache +{ + private static SingletonDistributedCache _instance; + private IDistributedCache _cache; + + private SingletonDistributedCache() + { + _cache = new MemoryDistributedCache(Microsoft.Extensions.Options.Options.Create(new MemoryDistributedCacheOptions())); + } + + public static SingletonDistributedCache Instance() + { + if (_instance == null) + { + _instance = new SingletonDistributedCache(); + } + + return _instance; + } + + public IDistributedCache Get() => _cache; +} diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/DataExtractSteps.cs b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/DataExtractSteps.cs new file mode 100644 index 000000000..a08379a46 --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/DataExtractSteps.cs @@ -0,0 +1,107 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using BlushingPenguin.JsonPath; +using Microsoft.AspNetCore.WebUtilities; +using Microsoft.IdentityModel.JsonWebTokens; +using System.Net.Http; +using System.Text.Json; +using System.Text.Json.Nodes; +using System.Threading.Tasks; +using System.Web; +using TechTalk.SpecFlow; + +namespace SimpleIdServer.SelfIdServer.Host.Acceptance.Tests.Steps; + +[Binding] +public class DataExtractSteps +{ + private readonly ScenarioContext _scenarioContext; + + public DataExtractSteps(ScenarioContext scenarioContext) + { + _scenarioContext = scenarioContext; + } + + [When("extract JSON from body")] + public async Task WhenExtractFromBody() + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + var json = await httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false); + _scenarioContext.Set(JsonDocument.Parse(json), "jsonHttpBody"); + } + + [When("extract query parameters into JSON")] + public void WhenExtractQueryParametersIntoJSON() + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + var queryValues = QueryHelpers.ParseQuery(httpResponseMessage.RequestMessage.RequestUri.Query); + var jObj = new JsonObject(); + foreach (var kvp in queryValues) + { + jObj.Add(kvp.Key, queryValues[kvp.Key][0]); + } + + _scenarioContext.Set(jObj, "jsonHttpBody"); + } + + [When("extract query parameter '(.*)' into JSON")] + public void WhenExtractQueryParameterIntoJSON(string name) + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + var queryValues = QueryHelpers.ParseQuery(httpResponseMessage.RequestMessage.RequestUri.Query); + var value = queryValues[name][0].ToString(); + value = HttpUtility.UrlDecode(value); + var jObj = JsonDocument.Parse(value); + _scenarioContext.Set(jObj, "jsonHttpBody"); + } + + [When("extract parameter '(.*)' from redirect url")] + public void WhenExtractRedirectUrlParameter(string parameter) + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + var queries = QueryHelpers.ParseQuery(httpResponseMessage.RequestMessage.RequestUri.Query); + var queryValue = queries[parameter][0]; + _scenarioContext.Set(queryValue, parameter); + } + + [When("extract parameter '(.*)' from redirect url fragment")] + public void WhenExtractRedirectUrlFragmentParameter(string parameter) + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + var queries = QueryHelpers.ParseQuery(httpResponseMessage.RequestMessage.RequestUri.Fragment.TrimStart('#')); + var queryValue = queries[parameter][0]; + _scenarioContext.Set(queryValue, parameter); + } + + [When("extract parameter '(.*)' from JSON body")] + public void WhenExtractParameterFromBody(string parameter) + { + var jObj = _scenarioContext.Get("jsonHttpBody"); + var token = jObj.SelectToken(parameter); + _scenarioContext.Set(token.Value.GetString(), parameter); + } + + [When("extract parameter '(.*)' from JSON body into '(.*)'")] + public void WhenExtractParameterFromBody(string parameter, string key) + { + var jObj = _scenarioContext.Get("jsonHttpBody"); + _scenarioContext.Set(jObj.SelectToken(parameter).Value.GetString(), key); + } + + [When("extract payload from JWT '(.*)'")] + public void WhenExtractPayloadFromJWT(string key) + { + var str = WebApiSteps.ParseValue(_scenarioContext, key); + var jwt = new JsonWebTokenHandler().ReadJsonWebToken(str.ToString()); + _scenarioContext.Set(jwt, "jwt"); + } + + [When("extract payload from HTTP body")] + public async Task WhenExtractPayloadFromHTTPBody() + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + var json = await httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false); + var jwt = new JsonWebTokenHandler().ReadJsonWebToken(json); + _scenarioContext.Set(jwt, "jwt"); + } +} diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/DataPreparationSteps.cs b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/DataPreparationSteps.cs new file mode 100644 index 000000000..bc7cd621d --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/DataPreparationSteps.cs @@ -0,0 +1,56 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.Extensions.DependencyInjection; +using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.IdServer.Helpers; +using System; +using System.Collections.Generic; +using System.Security.Cryptography; +using System.Security.Cryptography.X509Certificates; +using System.Threading; +using System.Threading.Tasks; +using TechTalk.SpecFlow; + +namespace SimpleIdServer.SelfIdServer.Host.Acceptance.Tests.Steps; + +[Binding] +public class DataPreparationSteps +{ + private readonly ScenarioContext _scenarioContext; + + public DataPreparationSteps(ScenarioContext scenarioContext) + { + _scenarioContext = scenarioContext; + } + + [Given("build JWS by signing with a random RS256 algorithm and store the result into '(.*)'")] + public void GivenBuildJwsByUsingRandomRS256SignatureKey(string key, Table table) + { + var tokenDescriptor = new SecurityTokenDescriptor + { + Claims = new Dictionary(), + SigningCredentials = new SigningCredentials(new RsaSecurityKey(RSA.Create()) + { + KeyId = Guid.NewGuid().ToString() + }, SecurityAlgorithms.RsaSha256) + }; + foreach (var row in table.Rows) + tokenDescriptor.Claims.Add(row["Key"].ToString(), row["Value"].ToString()); + var handler = new JsonWebTokenHandler(); + var jws = handler.CreateToken(tokenDescriptor); + _scenarioContext.Set(jws, key); + } + + [Given("build expiration time and add '(.*)' seconds")] + public void GivenBuildExpirationTime(int seconds) => _scenarioContext.Set(DateTime.UtcNow.AddSeconds(seconds).ConvertToUnixTimestamp(), "exp"); + + [Given("build random X509Certificate2 and store into '(.*)'")] + public void GivenBuildRandomCertificate(string key) + { + var ecdsa = ECDsa.Create(); + var req = new CertificateRequest($"cn={Guid.NewGuid()}", ecdsa, HashAlgorithmName.SHA256); + var cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(2)); + _scenarioContext.Set(cert, key); + } +} \ No newline at end of file diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/ValidationSteps.cs b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/ValidationSteps.cs new file mode 100644 index 000000000..7fa9e7760 --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/ValidationSteps.cs @@ -0,0 +1,274 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using BlushingPenguin.JsonPath; +using Microsoft.AspNetCore.WebUtilities; +using Microsoft.IdentityModel.JsonWebTokens; +using System.Linq; +using System.Net.Http; +using System.Text.Json; +using System.Text.Json.Nodes; +using TechTalk.SpecFlow; +using Xunit; + +namespace SimpleIdServer.SelfIdServer.Host.Acceptance.Tests.Steps; + +[Binding] +public class ValidationSteps +{ + private readonly ScenarioContext _scenarioContext; + + public ValidationSteps(ScenarioContext scenarioContext) + { + _scenarioContext = scenarioContext; + } + + [Then("parameter '(.*)'='(.*)'")] + public void ThenParametersEqualsTo(string parameter, string value) + { + var val = _scenarioContext.Get(parameter); + Assert.Equal(value, val); + } + + + [Then("JSON exists '(.*)'")] + public void ThenExists(string key) + { + var jsonHttpBody = _scenarioContext["jsonHttpBody"] as JsonDocument; + if(jsonHttpBody == null) + { + var jsonObj = _scenarioContext["jsonHttpBody"] as JsonObject; + if (jsonObj != null) jsonHttpBody = JsonDocument.Parse(jsonObj.ToJsonString()); + } + + Assert.True(jsonHttpBody.SelectToken(key) != null); + } + + + [Then("JSON doesn't exist '(.*)'")] + public void ThenDoesntExist(string key) + { + var jsonHttpBody = _scenarioContext["jsonHttpBody"] as JsonDocument; + Assert.True(jsonHttpBody.SelectToken(key) == null); + } + + [Then("JSON '(.*)'='(.*)'")] + public void ThenEqualsTo(string key, string expectedValue) + { + var jsonHttpBody = _scenarioContext["jsonHttpBody"] as JsonDocument; + var value = GetValue(jsonHttpBody); + expectedValue = WebApiSteps.ParseValue(_scenarioContext, expectedValue).ToString(); + Assert.Equal(expectedValue, value); + + string GetValue(JsonDocument elt) + { + var selectedToken = elt.SelectToken(key); + switch (selectedToken.Value.ValueKind) + { + case JsonValueKind.True: + return "true"; + case JsonValueKind.False: + return "false"; + case JsonValueKind.Number: + return selectedToken?.GetInt32().ToString(); + default: + return selectedToken?.GetString(); + } + + } + } + + [Then("access_token audience contains '(.*)'")] + public void ThenAccessTokenAudienceContains(string value) + { + var jwt = GetAccessToken(); + Assert.Contains(value, jwt.Audiences); + } + + [Then("access_token contains '(.*)'")] + public void ThenAccessTokenContainsClaim(string value) + { + var jwt = GetAccessToken(); + Assert.True(jwt.Claims.Any(c => c.Type == value)); + } + + [Then("access_token scope contains '(.*)'")] + public void ThenAccessTokenScopeContains(string value) + { + var jwt = GetAccessToken(); + var scopes = jwt.Claims.Where(c => c.Type == "scope").Select(s => s.Value); + Assert.Contains(value, scopes); + } + + [Then("access_token alg equals to '(.*)'")] + public void ThenAccessTokenAlgEqualsTo(string alg) + { + var jwt = GetAccessToken(); + Assert.Equal(alg, jwt.Alg); + } + + [Then("access_token kid equals to '(.*)'")] + public void ThenAccessTokenKidEqualsTo(string kid) + { + var jwt = GetAccessToken(); + Assert.Equal(kid, jwt.Kid); + } + + [Then("access_token contains the claim '(.*)'='(.*)'")] + public void ThenAccessTokenContainsTheClaim(string key, string value) + { + var jwt = GetAccessToken(); + Assert.True(jwt.Claims.Any(c => c.Type == key && c.Value == value) == true); + } + + [Then("access_token contains act '(.*)'")] + public void ThenAccessTokenContainsAct(string actSub) + { + var jwt = GetAccessToken(); + var json = jwt.GetClaimJson(); + var subject = json["act"]["sub"]; + Assert.Equal(actSub, subject.ToString()); + } + + [Then("access_token contains sub act '(.*)'")] + public void ThenAccessTokenContainsSubAct(string actSub) + { + var jwt = GetAccessToken(); + var json = jwt.GetClaimJson(); + var subAct = json["act"]["act"]["sub"]; + Assert.Equal(actSub, subAct.ToString()); + } + + [Then("access_token has permission to access to the resource id '(.*)'")] + public void ThenAccessTokenHasPermissionToAccessToResourceId(string value) + { + value = WebApiSteps.ParseValue(_scenarioContext, value).ToString(); + var jwt = GetAccessToken(); + var str = JsonObject.Parse(jwt.GetClaim("permissions").Value); + Assert.Equal(value, str["resource_id"].GetValue()); + } + + [Then("access_token has permission to access to the scope '(.*)'")] + public void ThenAccessTokenHasPermissionToAccessToScope(string value) + { + value = WebApiSteps.ParseValue(_scenarioContext, value).ToString(); + var jwt = GetAccessToken(); + var str = JsonObject.Parse(jwt.GetClaim("permissions").Value); + var scopes = (str["resource_scopes"] as JsonArray).Select(s => s.GetValue()); + Assert.True(scopes.Contains(value) == true); + } + + [Then("access_token doesn't contain the claim '(.*)'='(.*)'")] + public void ThenAccessTokenDoesntContainTheClaim(string key, string value) + { + var jwt = GetAccessToken(); + Assert.True(jwt.Claims.Any(c => c.Type == key && c.Value == value) == false); + } + + [Then("access_token contains jkt")] + public void ThenAccessTokenContainsJkt() + { + var cnf = JsonObject.Parse(GetAccessToken().Claims.First(c => c.Type == "cnf").Value).AsObject(); + Assert.True(cnf.ContainsKey("jkt")); + } + + [Then("JWT contains '(.*)'")] + public void ThenJWTContainsClaim(string key) => Assert.True(GetJWT().Claims.Any(c => c.Type == key) == true); + + [Then("JWT has '(.*)'='(.*)'")] + public void ThenJWTHas(string key, string value) => Assert.True(GetJWT().Claims.Any(c => c.Type == key && c.Value == value) == true); + + [Then("JWT has address street '(.*)'")] + public void ThenJWTHasAddressStreet(string value) => Assert.True(GetJWT().Claims.Any(c => c.Type == "address" && JsonObject.Parse(c.Value)["street"].GetValue() == value) == true); + + [Then("JWT has address locality '(.*)'")] + public void ThenJWTHasAddressLocality(string value) => Assert.True(GetJWT().Claims.Any(c => c.Type == "address" && JsonObject.Parse(c.Value)["locality"].GetValue() == value) == true); + + [Then("JWT has address region '(.*)'")] + public void ThenJWTHasAddressRegion(string value) => Assert.True(GetJWT().Claims.Any(c => c.Type == "address" && JsonObject.Parse(c.Value)["region"].GetValue() == value) == true); + + [Then("JWT has address postal code '(.*)'")] + public void ThenJWTHasAddressPostalCode(string value) => Assert.True(GetJWT().Claims.Any(c => c.Type == "address" && JsonObject.Parse(c.Value)["postal_code"].GetValue() == value) == true); + + [Then("JWT has address country '(.*)'")] + public void ThenJWTHasAddressCountry(string value) => Assert.True(GetJWT().Claims.Any(c => c.Type == "address" && JsonObject.Parse(c.Value)["country"].GetValue() == value) == true); + + [Then("JWT has formatted address '(.*)'")] + public void ThenJWTHasFormattedAddress(string value) => Assert.True(GetJWT().Claims.Any(c => c.Type == "address" && JsonObject.Parse(c.Value)["formatted"].GetValue() == value) == true); + + [Then("JWT has authorization_details type '(.*)'")] + public void ThenJWTHasAuthorizationDetailsType(string value) => Assert.True(GetJWT().Claims.Any(c => c.Type == "authorization_details" && JsonObject.Parse(c.Value)["type"].GetValue() == value) == true); + + [Then("JWT has authorization_details action '(.*)'")] + public void ThenAccessTokenHasAuthorizationDetailsHasAction(string value) => Assert.True(GetJWT().Claims.Any(c => c.Type == "authorization_details" && JsonObject.Parse(c.Value)["actions"].AsArray().Select(a => a.GetValue()).Contains(value))); + + [Then("JWT is encrypted")] + public void ThenJWTIsEncrypted() => Assert.True(GetJWT().IsEncrypted); + + [Then("JWT alg = '(.*)'")] + public void ThenJWTAlgEqualsTo(string alg) => Assert.True(GetJWT().Alg == alg); + + [Then("JWT enc = '(.*)'")] + public void ThenJWTEncEqualsTo(string enc) => Assert.True(GetJWT().Enc == enc); + + [Then("HTTP status code equals to '(.*)'")] + public void ThenCheckHttpStatusCode(int code) + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + Assert.Equal(code, (int)httpResponseMessage.StatusCode); + } + + [Then("redirection url doesn't contain the parameter '(.*)'")] + public void ThenRedirectionUrlDoesntContain(string parameter) + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + var queries = QueryHelpers.ParseQuery(httpResponseMessage.RequestMessage.RequestUri.Query); + Assert.True(queries.ContainsKey(parameter) == false); + } + + [Then("redirection url contains the parameter '(.*)'")] + public void ThenRedirectionUrlContainsQuery(string parameter) + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + var queries = QueryHelpers.ParseQuery(httpResponseMessage.RequestMessage.RequestUri.Query); + Assert.True(queries.ContainsKey(parameter) == true); + } + + [Then("redirection url contains the parameter value '(.*)'='(.*)'")] + public void ThenRedirectionUrlContainsQuery(string key, string value) + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + var queries = QueryHelpers.ParseQuery(httpResponseMessage.RequestMessage.RequestUri.Query); + Assert.True(queries.Any(q => q.Key == key && q.Value == value) == true); + } + + [Then("redirection url contains '(.*)'")] + public void ThenRedirectionUrlContains(string baseUrl) + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + Assert.True(httpResponseMessage.RequestMessage.RequestUri.AbsoluteUri.Contains(baseUrl) == true); + } + + [Then("HTTP header '(.*)' exists")] + public void ThenHttpHeaderExists(string key) + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + Assert.True(httpResponseMessage.Headers.Contains(key)); + } + + [Then("HTTP header has '(.*)'='(.*)'")] + public void ThenHttpHeaderContains(string key, string value) + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + Assert.True(httpResponseMessage.Content.Headers.Contains(key)); + Assert.True(httpResponseMessage.Content.Headers.GetValues(key).Contains(value) == true); + } + + private JsonWebToken GetAccessToken() + { + var jsonHttpBody = _scenarioContext["jsonHttpBody"] as JsonDocument; + var handler = new JsonWebTokenHandler(); + return handler.ReadJsonWebToken(jsonHttpBody.SelectToken("$.access_token").Value.GetString()); + } + + private JsonWebToken GetJWT() => _scenarioContext["jwt"] as JsonWebToken; +} diff --git a/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/WebApiSteps.cs b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/WebApiSteps.cs new file mode 100644 index 000000000..7b103b46b --- /dev/null +++ b/tests/SimpleIdServer.SelfIssuedIdServer.Host.Acceptance.Tests/Steps/WebApiSteps.cs @@ -0,0 +1,434 @@ +// Copyright (c) SimpleIdServer. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using Microsoft.AspNetCore.Authentication.Cookies; +using Microsoft.AspNetCore.Mvc.Testing; +using Microsoft.AspNetCore.WebUtilities; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.IdentityModel.JsonWebTokens; +using Microsoft.IdentityModel.Tokens; +using Moq; +using SimpleIdServer.DPoP; +using SimpleIdServer.IdServer.DTOs; +using SimpleIdServer.IdServer.Helpers; +using SimpleIdServer.IdServer.Stores; +using System; +using System.Collections.Generic; +using System.IO; +using System.Linq; +using System.Net.Http; +using System.Security.Claims; +using System.Security.Cryptography; +using System.Security.Cryptography.X509Certificates; +using System.Text; +using System.Text.Json; +using System.Text.Json.Nodes; +using System.Text.RegularExpressions; +using System.Threading; +using System.Threading.Tasks; +using TechTalk.SpecFlow; + +namespace SimpleIdServer.SelfIdServer.Host.Acceptance.Tests.Steps; + +[Binding] +public class WebApiSteps +{ + private static object _lck = new object(); + private static IEnumerable PARAMETERS_IN_HEADER = new[] { "Authorization", "X-Testing-ClientCert", "DPoP" }; + private ScenarioContext _scenarioContext; + private CustomWebApplicationFactory _factory; + + public WebApiSteps(ScenarioContext scenarioContext) + { + _scenarioContext = scenarioContext; + lock(_lck) + { + _factory = new CustomWebApplicationFactory(scenarioContext); + var client = _factory.CreateClient(new WebApplicationFactoryClientOptions + { + AllowAutoRedirect = false + }); + _scenarioContext.Set(_factory, "Factory"); + var mock = new Mock(); + mock.Setup(m => m.GetHttpClient()).Returns(client); + _scenarioContext.Set(new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "sidClient.crt")), "sidClient.crt"); + } + } + + [Given("build authorization request callback '(.*)'")] + public async Task GivenCreateAuthorizationRequestCallback(string nonce) + { + using (var scope = _factory.Services.CreateScope()) + { + var grantedTokenHelper = scope.ServiceProvider.GetRequiredService(); + await grantedTokenHelper.AddAuthorizationRequestCallback(nonce, new System.Text.Json.Nodes.JsonObject + { + { AuthorizationRequestParameters.RedirectUri, "http://localhost" } + }, 200, CancellationToken.None); + } + } + + [Given("build JWE by encrypting the '(.*)' JWS with the client secret '(.*)' and store the result into '(.*)'")] + public void GivenBuildJweUsingClientJws(string jwsKey, string clientSecret, string key) + { + var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(clientSecret)); + var handler = new JsonWebTokenHandler(); + var jwe = handler.EncryptToken(ParseValue(_scenarioContext, jwsKey).ToString(), new EncryptingCredentials(securityKey, SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256)); + _scenarioContext.Set(jwe, key); + } + + [Given("build JWS id_token_hint and sign with the key '(.*)'")] + public void GivenBuildJWSIdTokenHint(string keyId, Table table) + { + using (var scope = _factory.Services.CreateScope()) + { + var keyStore = scope.ServiceProvider.GetRequiredService(); + var signKey = keyStore.GetAllSigningKeys("master").First(k => k.Key.KeyId == keyId); + var handler = new JsonWebTokenHandler(); + var claims = new Dictionary(); + foreach (var row in table.Rows) + claims.Add(row["Key"].ToString(), row["Value"].ToString()); + + var descritor = new SecurityTokenDescriptor + { + Claims = claims, + SigningCredentials = signKey + }; + var request = handler.CreateToken(descritor); + _scenarioContext.Set(request, "id_token_hint"); + } + } + + [Given("build access_token and sign with the key '(.*)'")] + public async Task GivenBuildAccessToken(string keyId, Table table) + { + using (var scope = _factory.Services.CreateScope()) + { + var keyStore = scope.ServiceProvider.GetRequiredService(); + var tokenRepository = scope.ServiceProvider.GetRequiredService(); + var transactionBuilder = scope.ServiceProvider.GetRequiredService(); + using (var transaction = transactionBuilder.Build()) + { + var signKey = keyStore.GetAllSigningKeys("master").First(k => k.Key.KeyId == keyId); + var handler = new JsonWebTokenHandler(); + var claims = new Dictionary(); + foreach (var row in table.Rows) + claims.Add(row["Key"].ToString(), row["Value"].ToString()); + var descritor = new SecurityTokenDescriptor + { + Claims = claims, + SigningCredentials = signKey + }; + var request = handler.CreateToken(descritor); + var record = new IdServer.Domains.Token + { + Id = request, + ClientId = "clientId", + TokenType = IdServer.DTOs.TokenResponseParameters.AccessToken, + ExpirationTime = DateTime.UtcNow.AddDays(2) + }; + tokenRepository.Add(record); + await transaction.Commit(CancellationToken.None); + _scenarioContext.Set(request, "access_token"); + } + } + } + + [When("execute HTTP GET request '(.*)'")] + public async Task WhenExecuteHTTPGetRequest(string url, Table table) + { + url = ExtractUrl(url, table); + var headers = ExtractHeaders(table); + var httpRequestMessage = new HttpRequestMessage + { + Method = HttpMethod.Get, + RequestUri = new Uri(url) + }; + foreach(var kvp in headers) + httpRequestMessage.Headers.Add(kvp.Key, kvp.Value); + httpRequestMessage.Headers.Add("Cookie", $"{CookieAuthenticationDefaults.CookiePrefix}Session=sessionId"); + var httpResponseMessage = await _factory.CreateClient().SendAsync(httpRequestMessage).ConfigureAwait(false); + _scenarioContext.Set(httpResponseMessage, "httpResponseMessage"); + } + + [When("execute HTTP PUT request '(.*)'")] + public async Task WhenExecuteHTTPPutRequest(string url, Table table) + { + url = ExtractUrl(url, table); + var headers = ExtractHeaders(table); + var httpRequestMessage = new HttpRequestMessage + { + Method = HttpMethod.Put, + RequestUri = new Uri(url) + }; + foreach (var kvp in headers) + { + httpRequestMessage.Headers.Add(kvp.Key, kvp.Value); + } + + var httpResponseMessage = await _factory.CreateClient().SendAsync(httpRequestMessage).ConfigureAwait(false); + _scenarioContext.Set(httpResponseMessage, "httpResponseMessage"); + } + + [When("execute HTTP DELETE request '(.*)'")] + public async Task WhenExecuteHTTPDeleteRequest(string url, Table table) + { + url = ExtractUrl(url, table); + var headers = ExtractHeaders(table); + var httpRequestMessage = new HttpRequestMessage + { + Method = HttpMethod.Delete, + RequestUri = new Uri(url) + }; + foreach(var kvp in headers) + { + httpRequestMessage.Headers.Add(kvp.Key, kvp.Value); + } + + var httpResponseMessage = await _factory.CreateClient().SendAsync(httpRequestMessage).ConfigureAwait(false); + _scenarioContext.Set(httpResponseMessage, "httpResponseMessage"); + } + + [When("execute HTTP PUT JSON request '(.*)'")] + public async Task WhenExecuteHTTPPutJSONRequest(string url, Table table) + { + url = ParseValue(_scenarioContext, url).ToString(); + var headers = ExtractHeaders(table); + var jObj = ExtractBody(table); + var httpRequestMessage = new HttpRequestMessage + { + Method = HttpMethod.Put, + RequestUri = new Uri(url), + Content = new StringContent(jObj.ToString(), Encoding.UTF8, "application/json") + }; + foreach(var kvp in headers) + { + httpRequestMessage.Headers.Add(kvp.Key, kvp.Value); + } + + var httpResponseMessage = await _factory.CreateClient().SendAsync(httpRequestMessage).ConfigureAwait(false); + _scenarioContext.Set(httpResponseMessage, "httpResponseMessage"); + } + + [When("execute HTTP POST JSON request '(.*)'")] + public async Task WhenExecuteHTTPPostJSONRequest(string url, Table table) + { + url = ParseValue(_scenarioContext, url).ToString(); + var headers = ExtractHeaders(table); + var jObj = ExtractBody(table); + var httpRequestMessage = new HttpRequestMessage + { + Method = HttpMethod.Post, + RequestUri = new Uri(url), + Content = new StringContent(jObj.ToString(), Encoding.UTF8, "application/json") + }; + + foreach(var kvp in headers) + { + httpRequestMessage.Headers.Add(kvp.Key, kvp.Value); + } + + var httpResponseMessage = await _factory.CreateClient().SendAsync(httpRequestMessage).ConfigureAwait(false); + _scenarioContext.Set(httpResponseMessage, "httpResponseMessage"); + } + + [When("execute HTTP POST request '(.*)'")] + public async Task WhenExecuteHTTPPostRequest(string url, Table table) + { + var jObj = new List>(); + var headers = ExtractHeaders(table); + foreach (var record in table.Rows) + { + var key = record["Key"]; + var value = ParseValue(_scenarioContext, record["Value"]).ToString(); + if (PARAMETERS_IN_HEADER.Contains(key)) + { + continue; + } + + jObj.Add(new KeyValuePair(record["Key"], value)); + } + + var httpRequestMessage = new HttpRequestMessage + { + Method = HttpMethod.Post, + RequestUri = new Uri(url), + Content = new FormUrlEncodedContent(jObj) + }; + + foreach(var kvp in headers) + { + httpRequestMessage.Headers.Add(kvp.Key, kvp.Value); + } + + var httpClient = _factory.CreateClient(); + var httpResponseMessage = await httpClient.SendAsync(httpRequestMessage); + _scenarioContext.Set(httpResponseMessage, "httpResponseMessage"); + } + + [When("polls until notification is received")] + public void WhenPollsUntilNotificationIsReceived() + { + if(!_scenarioContext.ContainsKey("notificationResponse")) + { + Thread.Sleep(200); + WhenPollsUntilNotificationIsReceived(); + } + else + { + _scenarioContext.Set(JsonDocument.Parse(_scenarioContext.Get("notificationResponse")), "jsonHttpBody"); + } + } + + [When("extract header '(.*)' to '(.*)'")] + public void WhenExtractHTTPHeader(string parameter, string name) + { + var httpResponseMessage = _scenarioContext["httpResponseMessage"] as HttpResponseMessage; + var value = httpResponseMessage.Headers.First(c => c.Key == parameter).Value.First(); + _scenarioContext.Set(value, name); + } + + [When("build DPoP proof")] + public void WhenBuildDPoPProof(Table table) + { + var dpopHandler = new DPoPHandler(); + var claims = new List(); + foreach (var row in table.Rows) + { + var value = WebApiSteps.ParseValue(_scenarioContext, row["Value"].ToString()); + claims.Add(new Claim(row["Key"], value.ToString())); + } + + if(!_scenarioContext.ContainsKey("securityKey")) + { + var dpopProof = dpopHandler.CreateES(claims); + _scenarioContext.Set(dpopProof.Token, "DPOP"); + return; + } + + var securityKey = _scenarioContext.Get("securityKey"); + _scenarioContext.Set(dpopHandler.Create(claims, securityKey, SecurityAlgorithms.EcdsaSha256).Token, "DPOP"); + } + + [When("build DPoP proof and store into '(.*)'")] + public void WhenBuildDPoPProofAndStore(string key, Table table) + { + var dpopHandler = new DPoPHandler(); + var claims = new List(); + foreach (var row in table.Rows) claims.Add(new Claim(row["Key"], row["Value"])); + var dpopProof = dpopHandler.CreateES(claims); + _scenarioContext.Set(dpopProof.Token, key); + } + + [When("build DPoP proof with big lifetime")] + public void WhenBuildDPoPProofWithBigLifetime(Table table) + { + var dpopHandler = new DPoPHandler(); + var claims = new List(); + foreach (var row in table.Rows) claims.Add(new Claim(row["Key"], row["Value"])); + var dpopProof = dpopHandler.CreateRSA(claims, expiresInSeconds: 500); + _scenarioContext.Set(dpopProof.Token, "DPOP"); + } + + [When("build security key")] + public void WhenBuildSecurityKeyAndStore() + { + var curve = ECCurve.NamedCurves.nistP256; + var securityKey = new ECDsaSecurityKey(ECDsa.Create(curve)); + var jkt = Base64UrlEncoder.Encode(securityKey.ComputeJwkThumbprint()); + _scenarioContext.Set(securityKey, "securityKey"); + _scenarioContext.Set(jkt, "jkt"); + } + + private string ExtractUrl(string url, Table table) + { + url = ParseValue(_scenarioContext, url).ToString(); + foreach (var record in table.Rows) + { + var key = record["Key"]; + var value = ParseValue(_scenarioContext, record["Value"]).ToString(); + if (PARAMETERS_IN_HEADER.Contains(key)) + { + continue; + } + + url = QueryHelpers.AddQueryString(url, record["Key"], value); + } + + return url; + } + + private JsonObject ExtractBody(Table table) + { + var result = new JsonObject(); + foreach(var record in table.Rows) + { + var key = record["Key"]; + object value = ParseValue(_scenarioContext, record["Value"], true); + try + { + value = JsonNode.Parse(value.ToString()); + } + catch { } + + if (PARAMETERS_IN_HEADER.Contains(key)) + { + continue; + } + + if (value is JsonNode) + { + result.Add(key, value as JsonNode); + } + else + { + result.Add(key, value.ToString()); + } + } + + return result; + } + + private List> ExtractHeaders(Table table) + { + var result = new List>(); + foreach(var record in table.Rows) + { + var key = record["Key"]; + var value = ParseValue(_scenarioContext, record["Value"]).ToString(); + if (!PARAMETERS_IN_HEADER.Contains(key)) continue; + result.Add(new KeyValuePair(key, value.ToString())); + } + + return result; + } + + public static object ParseValue(ScenarioContext scenarioContext, string val, bool ignoreArray = false) + { + if (val.StartsWith('$') && val.EndsWith('$')) + { + val = val.TrimStart('$').TrimEnd('$'); + return scenarioContext.Get(val); + } + + if (!ignoreArray && val.StartsWith('[') && val.EndsWith(']')) + { + val = val.TrimStart('[').TrimEnd(']'); + var res = new JsonArray(); + foreach (var item in val.Split(',')) res.Add(item.Trim(' ').Trim('"')); + return res; + } + + var regularExpression = new Regex(@"\$([a-zA-Z]|_)*\$"); + var result = regularExpression.Replace(val, (m) => + { + if (string.IsNullOrWhiteSpace(m.Value)) + { + return string.Empty; + } + + return scenarioContext.Get(m.Value.TrimStart('$').TrimEnd('$')); + }); + + return result; + } +} \ No newline at end of file diff --git a/tests/SimpleIdServer.Vc.Tests/SecuredVerifiableCredentialFixture.cs b/tests/SimpleIdServer.Vc.Tests/SecuredVerifiableCredentialFixture.cs index 51ecc007b..2bb3191ce 100644 --- a/tests/SimpleIdServer.Vc.Tests/SecuredVerifiableCredentialFixture.cs +++ b/tests/SimpleIdServer.Vc.Tests/SecuredVerifiableCredentialFixture.cs @@ -71,7 +71,7 @@ public void When_Secure_VerifiableCredentials_With_Static_Ed25519VerificationKey Assert.IsTrue(isSignatureValid); Assert.True(credential.Proof != null); var proofValue = credential.Proof["proofValue"].ToString(); - Assert.AreEqual("z2PC6JBDG1otY3PfnxGnvHCuh8tEqPPNpDggvsnzjr2yKxszQg5bJXsQhV1ZUTG6KBNGdvWVzVqFxtLagbdoRUjf6", proofValue); + Assert.AreEqual("zW3gwNq5uhWFj9UvZpLW57FqniTW21oKQ1JavgTtmarkPFekN4zEH3PzGBoCCG6CiLm9LzZiSWTKjPQyhFV44hD9", proofValue); } #endregion diff --git a/tests/SimpleIdServer.Vp.Tests/SecuredVerifiablePresentationFixture.cs b/tests/SimpleIdServer.Vp.Tests/SecuredVerifiablePresentationFixture.cs index 529d76137..c0d01dfa3 100644 --- a/tests/SimpleIdServer.Vp.Tests/SecuredVerifiablePresentationFixture.cs +++ b/tests/SimpleIdServer.Vp.Tests/SecuredVerifiablePresentationFixture.cs @@ -3,12 +3,11 @@ using NUnit.Framework; using SimpleIdServer.Did; using SimpleIdServer.Did.Crypto; +using SimpleIdServer.Did.Encoders; using SimpleIdServer.Did.Key; using SimpleIdServer.Vc; using SimpleIdServer.Vc.Models; using SimpleIdServer.Vp.Models; -using System.Text.Json; -using System.Text.Json.Nodes; namespace SimpleIdServer.Vp.Tests; @@ -26,7 +25,10 @@ public async Task When_Secure_VerifiablePresentation_With_Random_Ed25519Verifica // ACT var resolver = new DidFactoryResolver(new List { - DidKeyResolver.New() + DidKeyResolver.New(new DidKeyOptions + { + PublicKeyFormat = Ed25519VerificationKey2020Standard.TYPE + }) }); var vpVerifier = new VpVerifier(resolver); await vpVerifier.Verify(verifiablePresentation, CancellationToken.None); @@ -40,9 +42,8 @@ public async Task When_Secure_VerifiablePresentation_With_Random_Ed25519Verifica private W3CVerifiableCredential BuildVerifiableCredential() { var ed25119Sig = Ed25519SignatureKey.Generate(); - var did = DidKeyGenerator.New().Generate(ed25119Sig); - var didDocument = DidKeyResolver.New().Resolve(did, CancellationToken.None).Result; - var credential = VcBuilder.New("https://example.com/credentials/1872", null, did, "IDCardCredential") + var exportResult = DidKeyGenerator.New(Ed25519VerificationKey2020Standard.TYPE).SetSignatureKey(ed25119Sig).Export(false, false); + var credential = VcBuilder.New("https://example.com/credentials/1872", null, exportResult.Did, "IDCardCredential", new List()) .AddCredentialSubject((act) => { act.AddClaim("given_name", "Fredrik"); @@ -52,9 +53,9 @@ private W3CVerifiableCredential BuildVerifiableCredential() .Build(); var vc = SecuredDocument.New(); vc.Secure( - credential, - didDocument, - didDocument.VerificationMethod.First().Id, + credential, + exportResult.Document, + exportResult.Document.VerificationMethod.First().Id, asymKey: ed25119Sig); return credential; } @@ -62,9 +63,9 @@ private W3CVerifiableCredential BuildVerifiableCredential() private VerifiablePresentation BuildVerifiablePresentation(W3CVerifiableCredential credential) { var ed25119Sig = Ed25519SignatureKey.Generate(); - var did = DidKeyGenerator.New().Generate(ed25119Sig); - var didDocument = DidKeyResolver.New().Resolve(did, CancellationToken.None).Result; - var presentation = VpBuilder.New("ebc6f1c2", did) + var exportResult = DidKeyGenerator.New(Ed25519VerificationKey2020Standard.TYPE).SetSignatureKey(ed25119Sig).Export(false, false); + var didDocument = exportResult.Document; + var presentation = VpBuilder.New("ebc6f1c2", didDocument.Id) .AddVerifiableCredential(credential) .Build(); var vc = SecuredDocument.New(); diff --git a/website/docs/advancedsettings/realm.md b/website/docs/advancedsettings/realm.md index b434fcfd6..634fc4e88 100644 --- a/website/docs/advancedsettings/realm.md +++ b/website/docs/advancedsettings/realm.md @@ -11,9 +11,28 @@ To add a realm, follow these steps : 1. Click `Active realm: master`. 2. Click `Add realm`. 3. Enter the details for the new Realm. -4. Click `Save`. After saving the details, the user-agent will be redirected to the new realm. +4. Click `Save`. +5. Click `Choose realm`, select the new realm, and click the `Select` button. +6. You'll be redirected to the authentication page. Submit the `administrator` credentials to access the realm. -You can switch the active realm by clicking on `Active realm: active realm`. +By default, the `administrator` user has access to all the `realm`. + +## Permissions + +It is possible to assign user permissions to a realm and to limit access accordingly. +For each component present in the UI, there are two scopes defined for the `manage` and `view` permissions. +For example, for the `Clients` component, the master realm defines two scopes: `master/clients/view` and `master/clients/manage`. +These scopes can be assigned to one or more groups, and the groups can be assigned to one or more users. + +For example, to grant `manage` access to the `Clients` component of the `master` realm, execute the following steps: + +1. Create a new group named `ClientMaster`. +2. Navigate to the new group and select the `Role` tab. +3. Select the `/clients/manage` scope and click on the `Save` button. +4. Navigate to a user and select the `Groups` tab. +5. Select the `ClientMaster` group and click on the `Save` button. + +The user is now configured to manage the `clients` present in the realm. ## Disable Realm @@ -21,6 +40,6 @@ By default, SimpleIdServer is configured to use the Realm. If you do not want to To disable the Realm, follow these steps: -1. Open the [IdentityServer](../installation#create-identityserver-project) project and edit the `appsettings.json` file. +1. Open the [IdentityServer](../installation/dotnettemplate#create-identityserver-project) project and edit the `appsettings.json` file. 2. Set the `IsRealmEnabled` property to `false` and save the file. -3. Open the [IdentityServer website](../installation#create-identityserver-website-project) and edit the `appsettings.json` file. \ No newline at end of file +3. Open the [IdentityServer website](../installation/dotnettemplate#create-identityserver-website-project) and edit the `appsettings.json` file. \ No newline at end of file diff --git a/website/docs/developer/adminwebsite.md b/website/docs/developer/adminwebsite.md index 3ce468baa..f73562927 100644 --- a/website/docs/developer/adminwebsite.md +++ b/website/docs/developer/adminwebsite.md @@ -127,7 +127,7 @@ Edit the `Pages/_Host.cshtml` and relace the content with the following code. ``` -Run the application, and navigate to the [administration website](https://localhost:5002). +Run the application, and navigate to the [administration website](https://localhost:5002/master/clients). ``` dotnet run --urls https://*:5002 diff --git a/website/docs/download.md b/website/docs/download.md index 138f37946..0363ba882 100644 --- a/website/docs/download.md +++ b/website/docs/download.md @@ -10,7 +10,7 @@ import Installer from '@site/src/components/global/Installer'; -

    LATEST STABLE 4.0.7

    +

    LATEST STABLE 5.0.1

    PLATFORM

    diff --git a/website/docs/installation/dotnettemplate.md b/website/docs/installation/dotnettemplate.md index a0b9be12f..bdc575a8d 100644 --- a/website/docs/installation/dotnettemplate.md +++ b/website/docs/installation/dotnettemplate.md @@ -79,7 +79,7 @@ cd src dotnet new idserverwebsite -n IdServerWebsite ``` -Run the `IdServerWebsite` project, it must listens on the url `https://localhost:5002`. +Run the `IdServerWebsite` project, it must listens on the url `https://localhost:5002/master/clients`. ``` cd src/IdServerWebsite @@ -165,6 +165,12 @@ cd src dotnet new credissuer -n CredentialIssuer ``` +:::danger + +If you are using version 5.0.0, you must install the NuGet package `Microsoft.IdentityModel.Protocols.OpenIdConnect` version `7.5.1`. Otherwise, the OpenIdConnect library will not be able to read the OpenID configuration from the well-known endpoint. + +::: + The following files will be created within a new `src/CredentialIssuer` directory : * `CredentialIssuer.csproj` : Project file with the `SimpleIdServer.CredentialIssuer` NuGet package added. @@ -196,6 +202,12 @@ cd src dotnet new credissueradminui -n CredentialIssuerAdminui ``` +:::danger + +If you are using version 5.0.0, you must install the NuGet package `Microsoft.IdentityModel.Protocols.OpenIdConnect` version `7.5.1`. Otherwise, the OpenIdConnect library will not be able to read the OpenID configuration from the well-known endpoint. + +::: + Run the `CredentialIssuerAdminui` project, it must listens on the url `https://localhost:5006`. ``` diff --git a/website/docs/installation/quickstart.md b/website/docs/installation/quickstart.md index 7bed206d8..e610399a0 100644 --- a/website/docs/installation/quickstart.md +++ b/website/docs/installation/quickstart.md @@ -86,7 +86,7 @@ Now, SimpleIdServer is ready to be used, and the services can be accessed throug | Service | Url | | --------------------------- | ------------------------------------------------- | | IdServer | https://idserver.localhost.com/master | -| IdServerWebsite | https://website.localhost.com | +| IdServerWebsite | https://website.localhost.com/master/clients | | Scim | https://scim.localhost.com | | CredentialIssuer | https://credentialissuer.localhost.com | | CredentialIssuerWebsite | https://credentialissuerwebsite.localhost.com | @@ -121,7 +121,7 @@ Now, SimpleIdServer is ready to be used, and the services can be accessed throug | Service | Url | | --------------------------- | --------------------------------------------------------- | | IdServer | https://idserver.sid.svc.cluster.local/master | -| IdServerWebsite | https://website.sid.svc.cluster.local | +| IdServerWebsite | https://website.sid.svc.cluster.local/master/clients | | Scim | https://scim.sid.svc.cluster.local | | CredentialIssuer | https://credentialissuer.sid.svc.cluster.local | | CredentialIssuerWebsite | https://credentialissuerwebsite.sid.svc.cluster.local | \ No newline at end of file diff --git a/website/docs/migrations/500to501.md b/website/docs/migrations/500to501.md new file mode 100644 index 000000000..c8f459b19 --- /dev/null +++ b/website/docs/migrations/500to501.md @@ -0,0 +1,14 @@ +# Migrate from version 5.0.0 to 5.0.1 + +In version 5.0.1, some changes have been made to the database. +The `SeedData` function in the `Program.cs` file has been adapted to migrate the database from version 5.0.0 to version 5.0.1. +Before migrating to the latest version, you must ensure that the `Program.cs` file has been properly updated link. + +The following modifications have been made to the database: + +* Added the `federation_entities` scope and assigned this scope to the `SIDS-Manager` client. +* Added the `SIDS-manager/administrator` scope and assigned it to the `administrator` group. +* Created the scopes for the `administrator` group. +* Added a new group `administrator` and assigned it to the Administrator user. +* Added a new group `administrator-ro` and assigned it to the new administrator-ro user. +* Added the columns `Action` and `Component` to the Scope table. \ No newline at end of file diff --git a/website/docs/tutorial/ciba.md b/website/docs/tutorial/ciba.md index c125254ee..ff93c0046 100644 --- a/website/docs/tutorial/ciba.md +++ b/website/docs/tutorial/ciba.md @@ -32,7 +32,7 @@ To implement the CIBA in a console application, you'll need to follow the follow Utilize the administration UI to create a client certificate. -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. In the Certificate Authorities screen, choose a Certificate Authority from the available options. Remember that the selected Certificate Authority should be trusted by your machine. You can download the certificate and import it into the appropriate Certificate Store. 3. Click on the `Client Certificates` tab and then proceed to click on the `Add Client Certificate` button. 4. Set the value of the Subject Name to `CN=client` and click on the `Add` button. @@ -42,7 +42,7 @@ Utilize the administration UI to create a client certificate. Utilize the administration UI to configure a new OpenID client : -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. In the Clients screen, click on `Add client` button. 3. Choose `FAPI2.0`. 4. Select `Device` and click on next. diff --git a/website/docs/tutorial/credentialissuer.md b/website/docs/tutorial/credentialissuer.md index b64520a4d..2f9bfee38 100644 --- a/website/docs/tutorial/credentialissuer.md +++ b/website/docs/tutorial/credentialissuer.md @@ -18,7 +18,7 @@ If a `university_degree` scope is configured, then skip this step. Utilize the administration UI to configure a new scope : -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Scopes screen, click on the `Add scope` button. 3. Select API value and click on next. 4. Fill-in the form like this and click on the Save button to confirm the creation. @@ -32,7 +32,7 @@ Utilize the administration UI to configure a new scope : Utilize the administration UI to configure a new OpenID client : -1. Open the IdentityServer website at https://localhost:5002. +1. Open the IdentityServer website at https://localhost:5002/master/clients. 2. In the Clients screen, click on `Add client` button. 3. Select `Credential Issuer`. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. diff --git a/website/docs/tutorial/delegation.md b/website/docs/tutorial/delegation.md index d5fd05277..8d842e77a 100644 --- a/website/docs/tutorial/delegation.md +++ b/website/docs/tutorial/delegation.md @@ -21,7 +21,7 @@ graph LR; ## 1. Define the first permission -1. Open the Identity Server website at [https://localhost:5002](https://localhost:5002). +1. Open the Identity Server website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. Open the Scopes screen and click on the `Add scope` button. 3. Select `API value` and click on next. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. @@ -42,7 +42,7 @@ graph LR; ## 2. Define the second permission -1. Open the Identity Server website at [https://localhost:5002](https://localhost:5002). +1. Open the Identity Server website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. Open the Scopes screen, click on the `Add scope` button. 3. Select `API value` and click on next. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. @@ -63,7 +63,7 @@ graph LR; ## 3. Configure the website -1. Open the Identity Server website at [https://localhost:5002](https://localhost:5002). +1. Open the Identity Server website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Client screen, click on the `Add client button`. 3. Select `web application` and click on next. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. @@ -79,7 +79,7 @@ graph LR; ## 4. Configure the API -1. Open the Identity Server website at [https://localhost:5002](https://localhost:5002). +1. Open the Identity Server website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Client screen, click on the `Add client button`. 3. Select `machine` and click on next. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. diff --git a/website/docs/tutorial/grantmgt.md b/website/docs/tutorial/grantmgt.md index a5a929133..c91315f46 100644 --- a/website/docs/tutorial/grantmgt.md +++ b/website/docs/tutorial/grantmgt.md @@ -63,7 +63,7 @@ The source code of this project can be found [here](https://github.com/simpleids Utilize the administration UI to create a client certificate. -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. In the Certificate Authorities screen, choose a Certificate Authority from the available options. Remember that the selected Certificate Authority should be trusted by your machine. You can download the certificate and import it into the appropriate Certificate Store. 3. Click on the `Client Certificates` tab and then proceed to click on the `Add Client Certificate` button. 4. Set the value of the Subject Name to `CN=fapiGrant` and click on the `Add` button. @@ -73,7 +73,7 @@ Utilize the administration UI to create a client certificate. Utilize the administration UI to configure a new OpenID client : -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. In the Clients screen, click on `Add client` button. 3. Select `FAPI2.0`. 4. Select `Grant Management` and click on next. diff --git a/website/docs/tutorial/highlysecuredregularweb.md b/website/docs/tutorial/highlysecuredregularweb.md index 9b805d081..a4c95be1d 100644 --- a/website/docs/tutorial/highlysecuredregularweb.md +++ b/website/docs/tutorial/highlysecuredregularweb.md @@ -33,7 +33,7 @@ To incorporate all the FAPI recommendations into your regular web application, i Utilize the administration UI to create a client certificate. -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. In the Certificate Authorities screen, choose a Certificate Authority from the available options. Remember that the selected Certificate Authority should be trusted by your machine. You can download the certificate and import it into the appropriate Certificate Store. 3. Click on the `Client Certificates` tab and then proceed to click on the `Add Client Certificate` button. 4. Set the value of the Subject Name to `CN=websiteFAPI` and click on the `Add` button. @@ -41,7 +41,7 @@ Utilize the administration UI to create a client certificate. ### 2. Configure an application -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Clients screen, click on the `Add client` button. 3. Choose `FAPI2.0` template. 4. Select `Highly secure Web Application` and click on next. @@ -182,7 +182,7 @@ To incorporate all the FAPI recommendations into your regular web application, i ### 1. Configure an application -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Clients screen, click on the `Add client` button. 3. Choose `FAPI2.0` template. 4. Select `Highly secure Web Application` and click on next. diff --git a/website/docs/tutorial/images/openidfederation.png b/website/docs/tutorial/images/openidfederation.png new file mode 100644 index 000000000..3bb93bd2a Binary files /dev/null and b/website/docs/tutorial/images/openidfederation.png differ diff --git a/website/docs/tutorial/images/pki.png b/website/docs/tutorial/images/pki.png new file mode 100644 index 000000000..e78f11a67 Binary files /dev/null and b/website/docs/tutorial/images/pki.png differ diff --git a/website/docs/tutorial/m2m.md b/website/docs/tutorial/m2m.md index 924af4e86..2e19e37e8 100644 --- a/website/docs/tutorial/m2m.md +++ b/website/docs/tutorial/m2m.md @@ -17,7 +17,7 @@ If a `read` scope is configured, then skip this step. Utilize the administration UI to configure a new scope : -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Scopes screen, click on the `Add scope` button. 3. Select `API value` and click on next. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. @@ -39,7 +39,7 @@ Utilize the administration UI to configure a new scope : Utilize the administration UI to configure a new OpenID client : -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Clients screen, click on the `Add client` button. 3. Select `Machine` and click on next. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. diff --git a/website/docs/tutorial/openidfederation.md b/website/docs/tutorial/openidfederation.md new file mode 100644 index 000000000..f05106c19 --- /dev/null +++ b/website/docs/tutorial/openidfederation.md @@ -0,0 +1,415 @@ +# Openid Federation + +The OpenID Federation specification was officially published by the OpenID Connect Working Group on May 31, 2024. + +The objective of this new specification is to establish a trust relationship between the OpenID server and the relying parties. +Therefore, the manual provisioning of the relying parties via a web portal or a dedicated REST API will no longer be needed. + +There are several advantages to using OpenID Federation: + +* Less human administration. +* Relying parties can manage their properties, such as the redirect_uri. +* Easily establish a trust relationship between the OpenID server and the relying party. + +The OpenID Federation is already required by other technologies, such as the issuance of [Verifiable Credentials](https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#section-11.2). +In this context, the OpenID Federation is used to establish a trust relationship between an electronic wallet/verifier and a credential issuer. +Suppose both applications adhere to a known trust scheme, for example, `BSc chemistry degree`. +In that case, the electronic wallet will be able to call its federation API to determine if the credential issuer is indeed a member of the federation/trust scheme that it claims to be. + +For more information about the interactions between the electronic wallet and the credential issuer, you can refer to the [official documentation](https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html). + +This specification takes all its concepts from the Public Key Infrastructure (PKI), but there are some differences between the two: + +* The Public Key Infrastructure uses certificates, and the Certificate Authority is installed in the Trusted Root Certificate Authorities certificate store. It contains the root certificates of all CAs that Windows trusts. + +* The OpenID Federation uses Entity Statements. Each entity involved in the trust chain has a REST API that exposes some operations described in the [specification](https://openid.net/specs/openid-federation-1_0.html). + +Before proceeding further, we will explain the Public Key Infrastructure. + +## Chain of trust in Public Key Infrastructure (PKI) + +The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking, and confidential email. + +PKI uses cryptographic public keys that are connected to a digital certificate, which authenticates the device or user sending the digital communication. Digital certificates are issued by a trusted source, a certificate authority (CA), and act as a type of digital passport to ensure that the sender is who they say they are. + +The client who receives a digital certificate, for example, a browser visiting a secure website, validates if the issuer of this certificate exists in its list of trusted root certificates. If there is no match, the client tries to resolve the chain of trust by finding the trusted root certificate authority that has signed the issuing CA certificate. + +The chain of trust is an important concept because it proves that the certificate comes from a trusted source. The usage of a certificate store is sufficient to resolve a chain of trust. + +There are three basic types of entities that comprise a valid chain of trust: + +* **Root CA certificate** : The Root CA certificate is a self-signed X.509 certificate. This certificate acts as a trust anchor, used by all the relying parties as the starting point for path validation. The Root CA private key is used to sign the Intermediate CA certificates. + +* **Intermediate CA certificate** : The Intermediate CA certificate sits between the Root CA certificate and the end entity certificate. The Intermediate CA certificate signs the end entity certificates. + +* **End-Entity certificate** : The End-Entity certificate is the server certificate that is issued to the website domain. + +![Public Key Infrastructure](./images/pki.png) + +This chain of trust is also present in the OpenID Federation specification. + +## Chain of trust in OPENID federation + +The chain of trust in the OpenID Federation is made up of more than two Entity Statements. + +An Entity Statement is a signed JSON Web Token (JWT). The subject of the JWT is the entity itself. The issuer of the JWT is the party that issued the Entity Statement. All entities in a federation publish an Entity Statement about themselves called an Entity Configuration. + +Entities whose statements build a trust chain are categorized as: + +* **Trust anchor** : An entity that represents a trusted third party. + +* **Leaf** : In an OpenID Connect identity federation, a relying party or a protected resource. + +* **Intermediate** : Neither a leaf entity nor a trust anchor. + +![Openid federation trust chain](./images/openidfederation.png) + +The resolution of the trust chain is more complex than that present in the Public Key Infrastructure. + +Consider the following entities: + +* **Relying party** : http://localhost:7001 + +* **Trust anchor** : http://localhost:7000 + +The algorithm used to fetch the trust chain consists of the following actions: + +1. Retrieve the entity configuration from the endpoint `http://localhost:7001/.well-known/openid-federation`. + +2. Store the JSON Web Token into the trust chain. + +3. Parse the JSON Web Token and retrieve the list of `authority_hints` from the payload. + +4. For each record in the `authority_hints`, execute the following actions : + + 4.1. Retrieve the entity configuration from the `authority_hint` (`/.well-known/openid-federation`). + + 4.2. Parse the JSON Web Token and extract the `federation_fetch_endpoint`. + + 4.3. Fetch the entity configuration of the relying party `http://localhost:7001` (`/?sub=http://localhost:7000`) and store the result into the trust chain. + +5. The last entity configuration coming from the `/.well-known/openid-federation` is the trust anchor and must be stored into the trust chain. + +In the end, the trust chain must contain three records. + +## Difference between PKI and OPENID federation + +The structure of the trust chain between both technologies is similar and consists of the same components. +The difference lies in the terminology of the entities used and their nature. +In PKI, an entity is a certificate; however, in OpenID Federation, an entity is represented as an Entity Statement. + +| PKI | Openid federation | +| --------------------------- | ----------------- | +| Root CA certificate | Trust anchor | +| Intermediate CA certificate | Intermediate | +| End-entity certificate | Leaf | + +The trust chain algorithm proposed by OpenID Federation is more complex than the one used by PKI. +In OpenID Federation, a set of HTTP requests is executed to retrieve a list of Entity Statements, whereas in PKI, only the certificate store is used. + +Now that you understand the differences between PKI and OpenID Federation, we will explain how a relying party can register itself against an OpenID Identity Server. + +## Client registration + +There are two approaches to establish trust between a relying party and an identity provider: automatic registration and explicit registration. + +### Automatic registration + +Automatic registration enables a relying party to make authentication requests without a prior registration step with the identity provider. Once the authorization request is received by the identity provider, it will use the client identifier to resolve the chain of trust and check its validity. For more information about this type of registration, refer to the [documentation](https://openid.net/specs/openid-federation-1_0.html#section-12.1). +If the chain of trust is valid, then the client will be registered. + +### Explicit registration + +The relying party establishes its client registration with the identity provider by means of a dedicated registration request, similar to the [Openid Registration](https://openid.net/specs/openid-connect-registration-1_0.html). However, instead of its metadata, the relying party submits its Entity Configuration or an entire trust chain. When the explicit registration is completed, the relying party can proceed to make regular OpenID authentication requests to the identity provider. + +The expiration time of the client corresponds to the minimum of the expiration time of the trust chain. +When the client expires, the identity provider tries to refresh the trust chain and update the metadata of the client accordingly. + +In the next chapter, we will describe how to implement the OpenID Federation with .NET Core. + +## Demo + +In this demo, we will create a solution with three projects. + +| Project | Url | +| ----------------- | ---------------------- | +| Relying Party | http://localhost:7001 | +| Trust anchor | http://localhost:7000 | +| Identity Provider | https://localhost:5001 | + +### 1. Create the trust anchor project + +Create and configure the trust anchor project. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir OpenidFederation +cd OpenidFederation +mkdir src +dotnet new sln -n OpenidFederation +``` + +2. Create a REST.API project named `TaApi` and install the Nuget packages `SimpleIdServer.Authority.Federation` and `SimpleIdServer.OpenidFederation.Store.EF`. + +``` +cd src +dotnet new webapi -n TaApi +cd TaApi +dotnet add package SimpleIdServer.Authority.Federation +dotnet add package SimpleIdServer.OpenidFederation.Store.EF +``` + +3. Add the `TaApi` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/TaApi/TaApi.csproj +``` + +4. Edit the file `TaApi\Program.cs` and configure the Openid federation. + +``` +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.OpenidFederation.Domains; +using SimpleIdServer.OpenidFederation.Store.EF; +using System.Security.Cryptography; + +var builder = WebApplication.CreateBuilder(args); +builder.Services.AddControllers(); +builder.Services.AddDistributedMemoryCache(); +builder.Services.AddAuthorityFederation(o => +{ + o.OrganizationName = "Trust anchor"; + o.SigningCredentials = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "taId" }, SecurityAlgorithms.RsaSha256); +}); +builder.Services.AddOpenidFederationStore(); + +var app = builder.Build(); +AddTrustedEntities(app.Services); +app.MapControllers(); +app.Run(); + +static void AddTrustedEntities(IServiceProvider services) +{ + using (var scope = services.CreateScope()) + { + var dbContext = scope.ServiceProvider.GetRequiredService(); + dbContext.FederationEntities.AddRange(new List + { + new FederationEntity + { + Id = Guid.NewGuid().ToString(), + Sub = "http://localhost:7001", + Realm = string.Empty, + IsSubordinate = true + } + }); + dbContext.SaveChanges(); + } +} +``` + +5. Run the application on the url `http://localhost:7000`. + +``` +dotnet run --urls=http://localhost:7000 +``` + +### 2. Configure the trust anchor + +Utilize the administration UI to add a trust anchor : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). + +2. On the Trust anchors screen, click on the `Add federation entity` button. + +3. Select `Trust anchor` and click on next. + +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| --------- | --------------------- | +| Url | http://localhost:7000 | + +### 3. Create the relying party project + +Create and configure the relying party project. + +1. Create a REST.API project named `RpApi` and install the Nuget packages `SimpleIdServer.OpenIdConnect`, `SimpleIdServer.OpenidFederation.Store.EF` and `SimpleIdServer.Rp.Federation`. + +``` +cd src +dotnet new mvc -n RpApi +cd RpApi +dotnet add package SimpleIdServer.OpenIdConnect +dotnet add package SimpleIdServer.OpenidFederation.Store.EF +dotnet add package SimpleIdServer.Rp.Federation +``` + +2. Add the `RpApi` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/RpApi/RpApi.csproj +``` + +3. Edit the file `RpApi\Program.cs` and configure the Openid federation. + +``` +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.OpenidFederation.Domains; +using SimpleIdServer.OpenidFederation.Store.EF; +using System.Security.Cryptography; + +var builder = WebApplication.CreateBuilder(args); +var signatureCredentials = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "raId" }, SecurityAlgorithms.RsaSha256); + +var jsonWebKey = signatureCredentials.SerializePublicJWK(); +jsonWebKey.Alg = SecurityAlgorithms.RsaSha256; +jsonWebKey.Use = "sig"; + +builder.Services.AddDistributedMemoryCache(); +builder.Services.AddRpFederation(r => +{ + r.Client = new SimpleIdServer.IdServer.Domains.Client + { + ClientId = "http://localhost:7001", + RedirectionUrls = new List + { + "http://localhost:7001/signin-oidc" + }, + ClientRegistrationTypesSupported = new List + { + "automatic" + }, + RequestObjectSigningAlg = SecurityAlgorithms.RsaSha256, + Scopes = new List + { + new Scope + { + Name = "openid" + }, + new Scope + { + Name = "profile" + } + }, + ResponseTypes = new List + { + "code" + }, + GrantTypes = new List + { + "authorization_code" + }, + TokenEndPointAuthMethod = "private_key_jwt" + }; + r.Client.Add(jsonWebKey.Kid, jsonWebKey, "sig", SecurityKeyTypes.RSA); + r.SigningCredentials = signatureCredentials; +}); +builder.Services.AddOpenidFederationStore(); +builder.Services.AddControllersWithViews(); +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; +}) + .AddCookie("Cookies") + .AddCustomOpenIdConnect("sid", options => + { + + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "http://localhost:7001"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + options.UseFederationAutomaticRegistration(signatureCredentials); + }); + +var app = builder.Build(); +AddTrustedEntities(app.Services); +app.UseHttpsRedirection(); +app.UseStaticFiles(); +app.UseRouting(); +app.UseAuthorization(); +app.MapControllerRoute( + name: "default", + pattern: "{controller=Home}/{action=Index}/{id?}"); + +app.Run(); +static void AddTrustedEntities(IServiceProvider services) +{ + using (var scope = services.CreateScope()) + { + var dbContext = scope.ServiceProvider.GetRequiredService(); + dbContext.FederationEntities.AddRange(new List + { + new FederationEntity + { + Id = Guid.NewGuid().ToString(), + Sub = "http://localhost:7000", + Realm = string.Empty, + IsSubordinate = false + } + }); + dbContext.SaveChanges(); + } +} +``` + +4. Add the `ClaimsController`. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public async Task Index() + { + var accessToken = await HttpContext.GetTokenAsync("access_token"); + return View(new ClaimsViewModel + { + AccessToken = accessToken + }); + } +} +``` + +5. Add the `ClaimsViewModel`. + +``` +public class ClaimsViewModel +{ + public string AccessToken { get; set; } +} +``` + +6. Add the `Claims` view. + +``` +@model RpApi.ViewModels.ClaimsViewModel + +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    + +
    +

    Access token

    +

    @Model.AccessToken

    +
    +``` + +7. Run the application on the URL `http://localhost:7001`. + +``` +dotnet run --urls=http://localhost:7001 +``` + +Browse the URL [http://localhost:7001/claims](http://localhost:7001/claims). +Even if the relying party is not known by the identity provider, you’ll be redirected to the authorization endpoint, and you’ll follow a normal OpenID workflow. The client will automatically be registered with the identity provider. \ No newline at end of file diff --git a/website/docs/tutorial/overview.md b/website/docs/tutorial/overview.md index 92ff990ff..59a36b226 100644 --- a/website/docs/tutorial/overview.md +++ b/website/docs/tutorial/overview.md @@ -57,6 +57,9 @@ According to the [specification](https://openid.bitbucket.io/fapi/fapi-2_0-secur

    A Service Provider (SP) is the entity providing the service, typically in the form of an application

     + +

    A server-side application running on your infrastructure that utilizes OPENID federation.

    +     ## Identity provisioning diff --git a/website/docs/tutorial/protectapi.md b/website/docs/tutorial/protectapi.md index a632bb77f..70c8f2bc7 100644 --- a/website/docs/tutorial/protectapi.md +++ b/website/docs/tutorial/protectapi.md @@ -23,7 +23,7 @@ In this tutorial, we will configure a `read` permission for the `shopApi`. Utilize the administration UI to configure a new permission : -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Scopes screen, click on the `Add scope` button. 3. Select `API value` and click on next. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. diff --git a/website/docs/tutorial/regularweb.md b/website/docs/tutorial/regularweb.md index 84d0cc528..60e1a6a57 100644 --- a/website/docs/tutorial/regularweb.md +++ b/website/docs/tutorial/regularweb.md @@ -19,7 +19,7 @@ To implement the Authorization Code Flow in a regular web application, you'll ne Utilize the administration UI to configure a new OpenID client : -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Clients screen, click on the `Add client` button. 3. Select `web application` and click on next. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. diff --git a/website/docs/tutorial/saml.md b/website/docs/tutorial/saml.md index edb6ab2d8..e8ac8d256 100644 --- a/website/docs/tutorial/saml.md +++ b/website/docs/tutorial/saml.md @@ -10,7 +10,7 @@ To implement SAML2.0 in a regular web application, you'll need to follow the fol Utilize the administration UI to configure a new SAML2.0 SP (Service Provider) client : -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Clients screen, click on the `Add client` button. 3. Select `SAML SP` and click on next. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. diff --git a/website/docs/tutorial/spa.md b/website/docs/tutorial/spa.md index 603092548..c8d812d16 100644 --- a/website/docs/tutorial/spa.md +++ b/website/docs/tutorial/spa.md @@ -18,7 +18,7 @@ To implement the Authorization Code Flow with PKCE in your SPA, you'll need to f Utilize the administration UI to configure a new OpenID client : -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Clients screen, click on the `Add client` button. 3. Select `User Agent Base application` and click on next. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. diff --git a/website/docs/tutorial/wsfederation.md b/website/docs/tutorial/wsfederation.md index b053b7440..78b842bda 100644 --- a/website/docs/tutorial/wsfederation.md +++ b/website/docs/tutorial/wsfederation.md @@ -10,7 +10,7 @@ To implement WS-Federation in a regular web application, you'll need to follow t Utilize the administration UI to configure a new WS-Federation client : -1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). 2. On the Clients screen, click on the `Add client` button. 3. Select `WS-Fed Relying Party` and click on next. 4. Fill-in the form like this and click on the `Save` button to confirm the creation. diff --git a/website/sidebars.js b/website/sidebars.js index 34ca20f6f..02c8ccbd5 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -69,7 +69,8 @@ const sidebars = { type: 'category', label: 'Migrations', items: [ - 'migrations/403to404' + 'migrations/403to404', + 'migrations/500to501' ] }, { diff --git a/website/src/components/HomepagePhilosophy/index.js b/website/src/components/HomepagePhilosophy/index.js index 13d345197..5f0410d59 100644 --- a/website/src/components/HomepagePhilosophy/index.js +++ b/website/src/components/HomepagePhilosophy/index.js @@ -9,6 +9,8 @@ export default function HomepagePhilosophy() {

    Why SimpleIdServer

    SimpleIdServer is the first Free Open Source Identity Management solution using .NET. +
    + The comparison table was written on July 24, 2024.
    @@ -79,6 +81,12 @@ export default function HomepagePhilosophy() {
    +
    +
    Openid federation
    +
    +
    +
    +
    Identity Provisioning
    diff --git a/website/src/pages/index.js b/website/src/pages/index.js index ceb0a4f36..0b68f01ad 100644 --- a/website/src/pages/index.js +++ b/website/src/pages/index.js @@ -19,7 +19,7 @@ function HomepageHeader() {
    + to="https://website.simpleidserver.com/master/clients"> Identity server + + + Property + Description + Values + + + + + AuthCookieNamePrefix + Name of the authentication cookie + + + + SessionCookieNamePrefix + Name of the session cookie + + + + ForceHttps + Force to use HTTPS + True + + + False + + + IsForwardedEnabled + Enable or disable the forwarded headers + true + + + false + + + ClientCertificateMode + + Specifies the client certificate requirements for an HTTPS connection.
    + This parameter is required when you are using the tls_client_auth or self_signed_tls_client_auth client authentication method.
    + By default, the value is NoCertificate. + + NoCertificate + + + AllowCertificate + + + RequireCertificate + + + DelayCertificate + + + IsRealmEnabled + Enable or disable the Realm. By default, the value is true + true + + + false + + + SCIMBaseUrl + + Base URL of the SCIM Server. This value is used during the launch time of IdentityServer to configure Automatic Identity Provisioning with the SCIM Server..
    + By default, the value is https://localhost:5003. + + Base URL of the SCIM Server + + + Authority + + Base URL of the current IdentityServer. This value is used to configure OPENID authentication with the IdentityServer.
    + By default, the value is https://localhost:5001. + + Base URL of the current IdentityServer. + + + DistributedConfiguration + + Distributed configuration helps various modules within SimpleIdServer to store their settings.
    + This property is used to configure the configuration storage, for example, Redis or SQL Server. + + For more information, please refer to this chapter + + + StorageConfiguration + This property is used to configure the data storage used by IdentityServer to store its various entities, such as Clients or Users. + For more information, please refer to this chapter + + + Other + The other properties are used to configure the modules used by IdentityServer, such as Automatic Identity Provisioning with SCIM or an external Identity Provider like Facebook + Facebook + + + SCIM + + + LDAP + + + IdServerEmailOptions + + + IdServerSmsOptions + + + FidoOptions + + + \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/advancedsettings/images/monitoring-1.png b/website/versioned_docs/version-5.0.0/advancedsettings/images/monitoring-1.png new file mode 100644 index 000000000..62f73cf07 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/advancedsettings/images/monitoring-1.png differ diff --git a/website/versioned_docs/version-5.0.0/advancedsettings/pki.md b/website/versioned_docs/version-5.0.0/advancedsettings/pki.md new file mode 100644 index 000000000..a7e8dea67 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/advancedsettings/pki.md @@ -0,0 +1,11 @@ +# Public Key Infrastructure (PKI) + +Here are the key components of SimpleIdServer's PKI. : + +1. **Certificate Authority (CA)** : The Certificate Authority is a trusted entity responsible for issuing and managing client certificates. +2. **Client Certificates** : Client certificates are used by OAuth 2.0 clients, for example during the "tls_client_auth" authentication. + +In the Administration UI, you can manage the Certificate Authorities (CAs). They can be generated and stored in the database or imported from the Certificate Store. +You can download one of them and install it into the appropriate certificate store. + +A Certificate Authority can be used to generate one or more client certificates. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/advancedsettings/realm.md b/website/versioned_docs/version-5.0.0/advancedsettings/realm.md new file mode 100644 index 000000000..b434fcfd6 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/advancedsettings/realm.md @@ -0,0 +1,26 @@ +# Realm + +A [Realm](../glossary) is a space where you can manage Clients, Scopes, Users, External Identity Providers, and Certificate Authorities. Realms are isolated from one another, but the same resource can be located in one or more Realms. + +By default, there is one configured `master` realm. It must not be removed, as doing so would render the SimpleIdServer product inoperable. + +You can use the Realm to separate different environments, such as having one for the `test` environment and another for the `prd` environment. + +To add a realm, follow these steps : + +1. Click `Active realm: master`. +2. Click `Add realm`. +3. Enter the details for the new Realm. +4. Click `Save`. After saving the details, the user-agent will be redirected to the new realm. + +You can switch the active realm by clicking on `Active realm: active realm`. + +## Disable Realm + +By default, SimpleIdServer is configured to use the Realm. If you do not want to use it, you can disable it by updating the `appsettings.json` configuration files. + +To disable the Realm, follow these steps: + +1. Open the [IdentityServer](../installation#create-identityserver-project) project and edit the `appsettings.json` file. +2. Set the `IsRealmEnabled` property to `false` and save the file. +3. Open the [IdentityServer website](../installation#create-identityserver-website-project) and edit the `appsettings.json` file. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/consultancy.md b/website/versioned_docs/version-5.0.0/consultancy.md new file mode 100644 index 000000000..1b9a2771f --- /dev/null +++ b/website/versioned_docs/version-5.0.0/consultancy.md @@ -0,0 +1,23 @@ +--- +title: Consultancy +hide_table_of_contents: true +--- + +# Consultancy + +If you are seeking consultancy regarding any aspect of the Identity Access Management field, please feel free to contact us via email at agentsimpleidserver@gmail.com. + +We provide expertise in the following areas: + +* We offer expertise in reviewing and enhancing authentication and authorization strategies. +* We provide advice and guidelines on architectural considerations, such as implementing identity provisioning and more. +* We assist financial enterprises in achieving compliance with both FAPI 1.0 and FAPI 2.0 standards. +* We provide assistance to public sectors, including government and hospitals, in developing trusted APIs that enable the issuance of valid credentials such as Covid Certificates, Driving Licenses, University Degrees, and more. + +# Open source and free of charge + +The support provided by SimpleIdServer is free of charge, and the source code is open source, licensed under the Apache-2 license. + +When it comes to GIT, we kindly request that you take a moment to read the [code of conduct](https://github.com/simpleidserver/SimpleIdServer/blob/master/CONTRIBUTING.md) before initiating an issue. + +[If you appreciate our project and wish to extend your support, you have the opportunity to sponsor it or make a donation.](https://github.com/sponsors/simpleidserver?o=esb) \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/contactus.md b/website/versioned_docs/version-5.0.0/contactus.md new file mode 100644 index 000000000..6649ad4ec --- /dev/null +++ b/website/versioned_docs/version-5.0.0/contactus.md @@ -0,0 +1,16 @@ +--- +title: Contact us +hide_table_of_contents: true +--- + +# Who are we + +Belgian Company Specialized in the development of Identity and Access Management Solutions. + +# Contact us + +There are multiple communication methods available to contact our technical team: + +* Email : agentsimpleidserver@gmail.com +* Gitter : https://app.gitter.im/#/room/#simpleidserver:gitter.im +* Git : https://github.com/simpleidserver \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/developer/addlanguage.md b/website/versioned_docs/version-5.0.0/developer/addlanguage.md new file mode 100644 index 000000000..22d538b2b --- /dev/null +++ b/website/versioned_docs/version-5.0.0/developer/addlanguage.md @@ -0,0 +1,34 @@ +# Add language + +## Add a New Language to the Identity Server Website + +By default, the Identity Server website supports only the `English` language. + +However, it is still possible to incorporate support for a new language by making modifications in the codebase of the project. + +In the remainder of this article, we will explain the manual steps to enable support for a new language. + +1. **Register the language in the Identity Server** : Open the Identity Server solution and edit the `IdServerConfiguration.cs` file. Add a new language to the `Languages` property and specify its English translation. For example, to support the `French` language, you can have the following configuration : + +``` +public static ICollection Languages => new List +{ + LanguageBuilder.Build(Language.Default).AddDescription("English", "en").AddDescription("Anglais", "fr").Build(), + LanguageBuilder.Build("fr").AddDescription("Français", "fr").AddDescription("French", "en").Build() +}; +``` + +2. **Register the Language in the Identity Server website** : Open the Identity Server website solution and edit the `Program.cs` file. Modify the callback function of the `UseRequestLocalization` method and add the language code. For instance, to support the `French` language, use the following configuration: + +``` +app.UseRequestLocalization(e => +{ + e.SetDefaultCulture("en"); + e.AddSupportedCultures("en", "fr"); + e.AddSupportedUICultures("en", "fr"); +}); +``` + +3. **Resource file** : Each SimpleIdServer project contain a `Global.resx` file with all the `English` translations. To update the translation of the Identity Server website, create a `Global..resx` file in the `SimpleIdServer.IdServer.Website\Resources` folder. + +If you feel comfortable, you can easily contribute to the project by adding a new language :) \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/developer/adminwebsite.md b/website/versioned_docs/version-5.0.0/developer/adminwebsite.md new file mode 100644 index 000000000..3ce468baa --- /dev/null +++ b/website/versioned_docs/version-5.0.0/developer/adminwebsite.md @@ -0,0 +1,134 @@ +# Administration website + +## Nuget Packages + +| Name | Description | +| ------------------------------------ | ------------------------------------ | +| SimpleIdServer.IdServer.Website | Administration website | + +## Quick Start + +Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir AdminWebsite +cd AdminWebsite +mkdir src +dotnet new sln -n AdminWebsite +``` + +Create a web project named AdminWebsite and install the `SimpleIdServer.IdServer.Website` Nuget Package. + +``` +cd src +dotnet new blazorserver -n AdminWebsite +cd AdminWebsite +dotnet add package SimpleIdServer.IdServer.Website +``` + +Add the `AdminWebsite` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/AdminWebsite/AdminWebsite.csproj +``` + +Open the Visual Studio Solution and edit the `Program.cs` file. +Register the dependencies and configure the URL of the Identity Server. + +``` +builder.Services.AddSIDWebsite(o => +{ + o.IdServerBaseUrl = "https://localhost:5001"; + o.IsReamEnabled = false; +}); +``` + +Register the OPENID authentication handler. + +``` +builder.Services.AddDefaultSecurity(builder.Configuration); +``` + +Edit the AppBuilder to enable the `Authentication` and `Authorization`. + +``` +app.UseStaticFiles(); +app.UseRouting(); +app.UseCookiePolicy(); +app.UseAuthentication(); +app.UseAuthorization(); +app.UseEndpoints(edps => +{ + edps.MapBlazorHub(); + edps.MapFallbackToPage("/_Host"); + edps.MapControllers(); +}); +app.Run(); +``` + +Edit the `appsettings.json` file, and add the OPENID security. + +``` + "IdServerBaseUrl": "https://localhost:5001", + "DefaultSecurityOptions": { + "Issuer": "https://localhost:5001", + "ClientId": "SIDS-manager", + "ClientSecret": "password", + "Scope": "openid profile", + "IgnoreCertificateError": false + } +``` + +Edit the `App.razor` page and replace the content with the following code. + +``` +@using SimpleIdServer.IdServer.Website + +``` + +Edit the `Pages/_Host.cshtml` and relace the content with the following code. + +``` +@page "/" +@using Microsoft.AspNetCore.Components.Web +@namespace AdminWebsite.Pages +@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers + + + + + + + + + + + + + + + + + +
    + + An error has occurred. This application may no longer respond until reloaded. + + + An unhandled exception has occurred. See browser dev tools for details. + + Reload + 🗙 +
    + + + + +``` + +Run the application, and navigate to the [administration website](https://localhost:5002). + +``` +dotnet run --urls https://*:5002 +``` \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/developer/idserver.md b/website/versioned_docs/version-5.0.0/developer/idserver.md new file mode 100644 index 000000000..fe666b573 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/developer/idserver.md @@ -0,0 +1,243 @@ +# Identity Server + +## Nuget Packages + +| Name | Description | +| ---------------------------- | -------------------------------------- | +| SimpleIdServer.IdServer | Identity Server (OPENID) | +| SimpleIdServer.IdServer.Pwd | Login / Password authentication module | +| SimpleIdServer.Configuration | Manage the configuration | + +## Quick Start + +Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir IdentityService +cd IdentityService +mkdir src +dotnet new sln -n IdentityService +``` + +Create a web project named IdentityService and install the `SimpleIdServer.IdServer`, `SimpleIdServer.IdServer.Pwd`, `SimpleIdServer.Configuration` Nuget packages. + +``` +cd src +dotnet new web -n IdentityService +cd IdentityService +dotnet add package SimpleIdServer.IdServer +dotnet add package SimpleIdServer.IdServer.Pwd +dotnet add package SimpleIdServer.Configuration +``` + +Add the `IdentityService` project to your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/IdentityService/IdentityService.csproj +``` + +Open the Visual Studio Solution, add a `DefaultConfiguration.cs` file, and copy the following content. +This class contains the default Scopes, Clients, Users, and Realms. + +``` +public class DefaultConfiguration +{ + public static Scope CredentialTemplates = new Scope + { + Id = Guid.NewGuid().ToString(), + Type = ScopeTypes.APIRESOURCE, + Name = "credential_templates", + Realms = new List + { + SimpleIdServer.IdServer.Constants.StandardRealms.Master + }, + Protocol = ScopeProtocols.OAUTH, + IsExposedInConfigurationEdp = true, + CreateDateTime = DateTime.UtcNow, + UpdateDateTime = DateTime.UtcNow + }; + + public static ICollection Scopes => new List + { + SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, + SimpleIdServer.IdServer.Constants.StandardScopes.Profile, + SimpleIdServer.IdServer.Constants.StandardScopes.SAMLProfile, + SimpleIdServer.IdServer.Constants.StandardScopes.GrantManagementQuery, + SimpleIdServer.IdServer.Constants.StandardScopes.GrantManagementRevoke, + SimpleIdServer.IdServer.Constants.StandardScopes.Users, + SimpleIdServer.IdServer.Constants.StandardScopes.Register, + SimpleIdServer.IdServer.Constants.StandardScopes.Provisioning, + SimpleIdServer.IdServer.Constants.StandardScopes.Address, + SimpleIdServer.IdServer.Constants.StandardScopes.Networks, + SimpleIdServer.IdServer.Constants.StandardScopes.Role, + SimpleIdServer.IdServer.Constants.StandardScopes.CredentialOffer, + SimpleIdServer.IdServer.Constants.StandardScopes.AuthenticationSchemeProviders, + SimpleIdServer.IdServer.Constants.StandardScopes.RegistrationWorkflows, + SimpleIdServer.IdServer.Constants.StandardScopes.AuthenticationMethods, + SimpleIdServer.Configuration.Constants.ConfigurationsScope, + SimpleIdServer.IdServer.Constants.StandardScopes.ApiResources, + SimpleIdServer.IdServer.Constants.StandardScopes.Auditing, + SimpleIdServer.IdServer.Constants.StandardScopes.Scopes, + SimpleIdServer.IdServer.Constants.StandardScopes.CertificateAuthorities, + CredentialTemplates, + SimpleIdServer.IdServer.Constants.StandardScopes.Clients, + SimpleIdServer.IdServer.Constants.StandardScopes.Realms, + SimpleIdServer.IdServer.Constants.StandardScopes.Groups, + }; + + public static ICollection Users => new List + { + UserBuilder.Create("administrator", "password", "Administrator").SetFirstname("Administrator").SetEmail("adm@email.com").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").GenerateRandomTOTPKey().Build() + }; + + public static ICollection Realms = new List + { + SimpleIdServer.IdServer.Constants.StandardRealms.Master + }; + + public static ICollection Clients => new List + { + ClientBuilder.BuildTraditionalWebsiteClient("SIDS-manager", "password", null, "https://localhost:5002/*", "https://website.simpleidserver.com/*", "https://website.localhost.com/*", "http://website.localhost.com/*", "https://website.sid.svc.cluster.local/*").EnableClientGrantType().SetRequestObjectEncryption().AddPostLogoutUri("https://localhost:5002/signout-callback-oidc").AddPostLogoutUri("https://website.sid.svc.cluster.local/signout-callback-oidc") + .AddPostLogoutUri("https://website.simpleidserver.com/signout-callback-oidc") + .AddAuthDataTypes("photo") + .SetClientName("SimpleIdServer manager") + .SetBackChannelLogoutUrl("https://localhost:5002/bc-logout") + .SetClientLogoUri("https://cdn.logo.com/hotlink-ok/logo-social.png") + .AddScope( + SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, + SimpleIdServer.IdServer.Constants.StandardScopes.Profile, + SimpleIdServer.IdServer.Constants.StandardScopes.Provisioning, + SimpleIdServer.IdServer.Constants.StandardScopes.Users, + SimpleIdServer.IdServer.Constants.StandardScopes.Networks, + SimpleIdServer.IdServer.Constants.StandardScopes.CredentialOffer, + SimpleIdServer.IdServer.Constants.StandardScopes.Acrs, + SimpleIdServer.Configuration.Constants.ConfigurationsScope, + SimpleIdServer.IdServer.Constants.StandardScopes.AuthenticationSchemeProviders, + SimpleIdServer.IdServer.Constants.StandardScopes.AuthenticationMethods, + SimpleIdServer.IdServer.Constants.StandardScopes.RegistrationWorkflows, + SimpleIdServer.IdServer.Constants.StandardScopes.ApiResources, + SimpleIdServer.IdServer.Constants.StandardScopes.Auditing, + SimpleIdServer.IdServer.Constants.StandardScopes.Scopes, + SimpleIdServer.IdServer.Constants.StandardScopes.CertificateAuthorities, + SimpleIdServer.IdServer.Constants.StandardScopes.Clients, + SimpleIdServer.IdServer.Constants.StandardScopes.Realms, + CredentialTemplates, + SimpleIdServer.IdServer.Constants.StandardScopes.Groups).Build() + }; +} +``` + +Edit the `Program.cs` file, register the dependencies, add the Scopes, Clients, Users, and Realms into the in-memory database, and enable the Login/Password authentication. + +The `Masstransit` and `Hangfire` dependencies must be registered. MassTransit is used to raise Integration Events, such as `UserLoginSuccessEvent`. Hangfire is used to schedule jobs, for example, notifying the clients when a user's session has expired. + +``` +builder.Services.AddHangfire((o) => +{ + o.UseIgnoredAssemblyVersionTypeResolver(); + o.UseInMemoryStorage(); +}); +builder.Services.AddHangfireServer(); +builder.Services.AddMassTransit(o => +{ + o.UsingInMemory(); +}); +builder.AddAutomaticConfiguration(o => +{ + +}); +builder.Services.AddSIDIdentityServer() + .UseInMemoryStore(c => + { + c.AddInMemoryClients(DefaultConfiguration.Clients); + c.AddInMemoryScopes(DefaultConfiguration.Scopes); + c.AddInMemoryRealms(DefaultConfiguration.Realms); + c.AddInMemoryUsers(DefaultConfiguration.Users); + c.AddInMemorySerializedFileKeys(new List { KeyGenerator.GenerateRSASigningCredentials(SimpleIdServer.IdServer.Constants.StandardRealms.Master, "rsa-1") }); + }) + .AddPwdAuthentication(); +``` + +Register the Routes. + +``` +app.UseSID(); +``` + +Run the server and check if you can get the [Well-Known configuration](https://localhost:5001/.well-known/openid-configuration). + +``` +dotnet run --urls https://*:5001 +``` + +Views are not included in the Nuget packages; you must download them and copy them into your solution: + +* [wwwroot](https://github.com/simpleidserver/SimpleIdServer/tree/master/src/IdServer/SimpleIdServer.IdServer.Startup/wwwroot) : Javascript and CSS Files. +* [Views](https://github.com/simpleidserver/SimpleIdServer/tree/master/src/IdServer/SimpleIdServer.IdServer.Startup/Views) : CSHTML files. +* [Areas/Pwd](https://github.com/simpleidserver/SimpleIdServer/tree/master/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/pwd) : CSHTML files of the Login/Password authentication module. +* [Resources](https://github.com/simpleidserver/SimpleIdServer/tree/master/src/IdServer/SimpleIdServer.IdServer.Startup/Resources) : Translations. +* [Helpers](https://github.com/simpleidserver/SimpleIdServer/tree/master/src/IdServer/SimpleIdServer.IdServer.Startup/Helpers) : CSHTML Helpers. + +Edit the `appsettings.json` file and add the following section. Each authentication module has its own configuration; its values must ALWAYS be present in the appsettings.json file: + +``` +"IdServerPasswordOptions": { + "NotificationMode": "email", + "ResetPasswordTitle": "Reset your password", + "ResetPasswordBody": "Link to reset your password {0}", + "ResetPasswordLinkExpirationInSeconds": "30", + "CanResetPassword": "true" +} +``` + +Fix all the build issues and launch the project. Navigate to the [Home page](https://localhost:5001/Home/Profile) page and check if the authentication is working: + +``` +dotnet run --urls https://*:5001 +``` + +## Custom EF Storage + +The DOTNET TEMPLATE supports the following storage options: +* POSTGRESQL +* SQLSERVER +* MYSQL + +Other databases can be supported; the requirement is to check if Entity Framework supports the database. +You can find the list of supported databases https://learn.microsoft.com/en-us/ef/ + +If you want to support SQLITE, execute the steps below: + +1. Open a command prompt, navigate to the `Identity Server` project, install `Microsoft.EntityFrameworkCore.Sqlite` and `Microsoft.EntityFrameworkCore.Design` Nuget packages. + +``` +dotnet add package Microsoft.EntityFrameworkCore.Sqlite +dotnet add package Microsoft.EntityFrameworkCore.Design +``` + +2. Edit the `Program.cs` file and configure the SQLITE storage. + +``` +.UseEFStore(c => +{ + c.UseSqlite("sid.db", o => + { + o.MigrationsAssembly("IdentityService"); + }); +}) +``` + +3. Create the migration script + +``` +dotnet ef migrations add InitialCreate +``` + +4. Apply the migration script + +``` +dotnet ef database update +``` + +The IdentityServer solution is now configured to use the SQLITE database. diff --git a/website/versioned_docs/version-5.0.0/download.md b/website/versioned_docs/version-5.0.0/download.md new file mode 100644 index 000000000..f4c8ee77d --- /dev/null +++ b/website/versioned_docs/version-5.0.0/download.md @@ -0,0 +1,23 @@ +--- +title: Download +hide_table_of_contents: true +--- + +import DocsCards from '@site/src/components/global/DocsCards'; +import DocsCard from '@site/src/components/global/DocsCard'; +import Installers from '@site/src/components/global/Installers'; +import Installer from '@site/src/components/global/Installer'; + + + +

    LATEST STABLE 5.0.0

    +

    PLATFORM

    + + + + + + + +     +     \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/glossary.md b/website/versioned_docs/version-5.0.0/glossary.md new file mode 100644 index 000000000..aaa777cbe --- /dev/null +++ b/website/versioned_docs/version-5.0.0/glossary.md @@ -0,0 +1,22 @@ +# Glossary + +| Word | Definition | +| ------------------------------ | ---------------------------------------------------------------------------------------------- | +| **API Scope** | Restrict access to the REST API/resources. | +| **Automatic Identity Provisioning Workflow** | Retrieve users from one storage and create their accounts in the local Identity Provider. | +| **Authentication Method** | A process through which the Identity Management System verifies who the user or application is. | +| **Category** | A category describes the type of client, for example, Single Page Application (SPA) | +| **Client** | The client is the application that is attempting to act on behalf of the user or access the user's resources. | +| **Enrollment Process** | Register the mobile application in the Identity Server is necessary if you wish to receive PUSH notifications. | +| **Identity And Access Management (IAM)** | Identity and Access Management (IAM) is an approach that manages and organizes all of your user identities into one system with a consistent set or rules and policies. | +| **Identity Provider (IDP)** | An Identity Provider (IDP) is a system that creates, maintains, and manages a user's digital identity. | +| **Identity Scope** | OPENID/Identity scopes are used by a client during authentication to authorize access to a user's details, like name and picture. | +| **Just In Time Provisioning (JIT)** | Used to create users the first time they log in to an application via an external Identity Provider | +| **Manual Identity Provisioning Workflow** | Enables visitors to your web application to create a local account with the Identity Provider. | +| **Mapping Rule** | A set of rules used to transform input data into output claims. | +| **User Attribute** | A user account can contain one or more attributes or claims. Unlike the User Property, this list is not static. | +| **User property** | A user account contains one or more static claims. This list is fixed and defined by SimpleIdServer. | +| **Realm** | A Realm is a space where you can manage Clients, Scopes, Users, External Identity Providers, and Certificate Authorities. Realms are isolated from one another, but the same resource can be located in one or more Realms. | +| **Scope** | OAUTH2.0 scope provide a way to limit the amount of access that is granted to an access token. | +| **Template** | A template contains multiple categories. | +| **Visitor** | An anonymous user with no account registered in the Identity Provider. | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/iam/authmethods.md b/website/versioned_docs/version-5.0.0/iam/authmethods.md new file mode 100644 index 000000000..d024c2c62 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/iam/authmethods.md @@ -0,0 +1,43 @@ +# Authentication methods + +An [Authentication Method](../glossary) is of utmost importance as it ensures that the incoming user is indeed the person they claim to be + +During the authentication process, the end-user presents their credentials to the [Identity Provider](../glossary). These credentials must be sufficiently complex and unique to the end-user, as any compromise could enable malicious use, allowing unauthorized access to another user's account. + +Credentials can take various forms: +* A message signed by a cryptographic key owned by the end-user. +* A password. +* An OTP code generated by a mobile device. +* An OTP code sent by the Identity Server via email or SMS. + +Each type of credential carries different security risks. For instance, using a password is riskier than using a cryptographic key. When configuring the manual identity provisioning workflow, it is essential to consider these security risks. + +SimpleIdServer supports multiple authentication mechanisms. + +| Code | Name | Description | +| ------------ | ------------------ | ----------------------------------------------------- | +| **pwd** | Password | Login & Password | +| **sms** | SMS | Send an OTP code via SMS | +| **email** | Email | Send an OTP code via email | +| **webauthn** | WebAuthn | Utilize a FIDO-compliant device from your web browser | +| **mobile** | Mobile application | Scan the QR code with the mobile application | + +## SMS + +The SMS authentication module utilizes the [Twilio API](https://pages.twilio.com/) to send SMS messages to mobile devices. + +Before you can use this module, you need to update its configuration. + +To obtain the `Account SID`, `Auth Token`, and `Phone number of the sender` please refer to the [official documentation](https://www.twilio.com/docs/messaging/quickstart/csharp-dotnet-framework). + +By default, the TOTP algorithm is used to generate OTP codes. TThe content of the SMS consists of a concatenation between the message content and the OTP code. + +![SMS Authentication](./images/sms.png) + +## Email + +The Email authentication module uses an SMTP server to send emails. + +The properties `Smtp Port`, `Smtp Host`, `Email`, `Password` and `Email of the sender` must be updated with the appropriate values. + +![Email Authentication](./images/email.png) \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/iam/automaticidentityprovisioning.md b/website/versioned_docs/version-5.0.0/iam/automaticidentityprovisioning.md new file mode 100644 index 000000000..4156619c9 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/iam/automaticidentityprovisioning.md @@ -0,0 +1,78 @@ +# Automatic + +import DocsCards from '@site/src/components/global/DocsCards'; +import DocsCard from '@site/src/components/global/DocsCard'; + +The [Automatic Identity Provisioning](../glossary) workflow in SimpleIdServer can be configured to extract users from various types of storage and create their accounts in the local [Identity Provider](../glossary). + +The workflow consists of two steps: + +1. **Extract** : Retrieve users from the storage and store the results in CSV files. Only new or modified users are extracted. +2. **Import** : Read CSV files and create or update the local accounts. + +There are two supported types of storage. + + + + + + + + +## LDAP + +To configure automatic identity provisioning with LDAP, follow these steps : + +1. Navigate to the `Identity Provisioning` menu and click on the `Automatic Identity Provisioning` button. +2. Select `LDAP`. +3. Navigate to the `Properties` tab. +4. Update the properties with the appropriate values + +| Key | Description | Default value | +| ---------------------------- | -------------------------------------------------------------------------------------------------- | --------------------------- | +| Server | DNS of your server | localhost | +| Port | LDAP Port | 389 | +| Bind DN | DN of the LDAP Admin | cn=admin,dc=xl,dc=com | +| Bind Credentials | Password of the LDAP Admin | password | +| Users DN | Full DN of LDAP tree where you users are | ou=people,dc=xl,dc=com | +| User object class | All values of LDAP objectClass attribute for users in LDAP, divided by commas | organizationalPerson,person | +| entryUUID | Name of the LDAP Attribute, which is used as a unique object identifier (UUID) for objects in LDAP | entryUUID | +| Modification Date Attribute | Name of the LDAP Attribute, which is used as the modification date for objects in LDAP | modificationDate | +| Batch size | Number of records stored in each CSV file | 1 | + +5. Click on the `Update` button. +6. Click on the `Try to extract the users` button to check your settings. + +Once everything is configured, you can edit the Mapping rules, which are used during extraction to transform LDAP Attributes into [User Attribute](../glossary) or [User Property](../glossary). + +The `Add mapping rule` popup displays all the attributes coming from LDAP to facilitate the editing of the mapping rules. + +## SCIM + +To configure identity provisioning with SCIM, follow these steps: + +1. Navigate to the `Identity Provisioning` menu and click on the `Automatic Identity Provisioning` button. +2. Select `SCIM`. +3. Navigate to the `Properties` tab. +4. Update the properties with the appropriate values. + +| Key | Description | Default value | +| -------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------ | +| SCIM Endpoint | Base URL of the SCIM endpoint. | https://localhost:5003 | +| Authentication Types | Authentication type used to access the SCIM API. | API Key | +| API Key | Required when the authentication type is equal to **API Key**. This value is passed to the SCIM API. | ba521b3b-02f7-4a37-b03c-58f713bf88e7 | +| Client Id | Required when the authentication type is equals to ¨**Client Secret Post**. | | +| Client Secret | Required when the authentication type is equals to **Client Secret Post**. | | +| Count | Number of records stored in each CSV file. | 1 | + +There are two authentication types, depending on the security of your SCIM API, you must choose the correct one: + +* **API Key** : By default, our [SCIM API is protected by an API Key](../scim2), and the workflow uses the API Key to access the SCIM API. +* **Client secret post** : The workflow uses the Client Credentials grant to obtain an access token and uses it to access the SCIM API. + +5. Click on the `Update` button. +6. Click on the `Try to extract the users` button to check your settings. + +Once everything is configured, you can edit the Mapping rules, which are used during extraction to transform LDAP Attributes into [User Attribute](../glossary) or [User Property](../glossary). + +The `Add mapping rule` popup displays all the attributes coming from SCIM to facilitate the editing of the mapping rules. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/iam/caching.md b/website/versioned_docs/version-5.0.0/iam/caching.md new file mode 100644 index 000000000..ab4faec55 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/iam/caching.md @@ -0,0 +1,41 @@ +# Distributed caching + +All elements with a temporary lifetime, such as access, refresh, identity tokens, or temporary codes, are stored in a Distributed Cache. When they expire, they are removed from the Data Store. + +By default, the distributed caching is configured to use an SQL Server database. However, it is also possible to use the NoSQL Key-Value Pair [REDIS](https://redis.io/). + +## SQL Server + +To use SQL Server as a distributed caching, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | --------- | +| $.DistributedCacheConfiguration.ConnectionString | | +| $.DistributedCacheConfiguration.Type | SQLSERVER | + +## Redis + +To use SQL Server as a distributed caching, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | --------- | +| $.DistributedCacheConfiguration.ConnectionString | | +| $.DistributedCacheConfiguration.Type | REDIS | + +## Postgre + +To use Postgresql as a distributed caching, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | --------- | +| $.DistributedCacheConfiguration.ConnectionString | | +| $.DistributedCacheConfiguration.Type | POSTGRE | + +## Mysql + +To use Mysql as a distributed caching, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | --------- | +| $.DistributedCacheConfiguration.ConnectionString | | +| $.DistributedCacheConfiguration.Type | MYSQL | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/iam/configuration.md b/website/versioned_docs/version-5.0.0/iam/configuration.md new file mode 100644 index 000000000..c8de86530 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/iam/configuration.md @@ -0,0 +1,41 @@ +# Distributed configuration + +Different modules within SimpleIdServer utilize a distributed configuration storage to store their settings, including the Authentication and Provisioning modules. + +By default, SQL Server is used to store the configuration, but you also have the option to use the NoSQL Key-Value data store [Redis](https://redis.io/). + +## Redis + +To use Redis as a distributed configuration storage, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | ------------- | +| $.DistributedCacheConfiguration.Type | REDIS | +| $.DistributedCacheConfiguration.ConnectionString | | + +## SQLServer + +To use SQLServer as a distributed configuration storage, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | ------------- | +| $.DistributedCacheConfiguration.Type | SQLSERVER | +| $.DistributedCacheConfiguration.ConnectionString | | + +## Postgre + +To use Postgresql as a distributed configuration storage, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | ------------- | +| $.DistributedCacheConfiguration.Type | POSTGRE | +| $.DistributedCacheConfiguration.ConnectionString | | + +## Mysql + +To use Mysql as a distributed configuration storage, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | ------------- | +| $.DistributedCacheConfiguration.Type | MYSQL | +| $.DistributedCacheConfiguration.ConnectionString | | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/iam/externalidproviders.md b/website/versioned_docs/version-5.0.0/iam/externalidproviders.md new file mode 100644 index 000000000..f554e286e --- /dev/null +++ b/website/versioned_docs/version-5.0.0/iam/externalidproviders.md @@ -0,0 +1,66 @@ +# External identity providers + +SimpleIdServer can utilize external [Identity Providers](../glossary) to authenticate the end-user. + +When the end-user authenticates for the first time with their external account, a local account will be automatically created in your [Identity Provider](../glossary). + +This process is also known as the [Just-In-Time Provisioning](../glossary) workflow. + +Currently, SimpleIdServer only supports [Facebook](#facebook) authentication. + +## Facebook + +To use Facebook as an external Identity Provider, follow these steps : + +1. Navigate to the `Authentication` menu and click on the `Authentication` link. +2. Select the `External identity providers` tab and click on the button `Add Identity Provider` button. +3. Under `Identity Provider Type`, choose `Facebook` and click on the `Next` button. +4. Fill-in the form like this and click on the `Next` button. + +| Key | Value | +| ------------ | ------------- | +| Name | OtherFacebook | +| Display Name | New facebook | +| Description | Facebook | + +5. Follow this [tutorial](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/facebook-logins?view=aspnetcore-7.0) to obtain the `AppId` and `AppSecret`. Then, complete the form accordingly and click `Add`. + +## Negotiate + +To enable Windows Authentication (also known as Negotiate, Kerberos, or NTLM authentication), follow these steps: + +1. Navigate o the `Authentication` menu and click on the `Authentication` link. +2. Select the `External identity providers` tab and click on the button `Add Identity Provider` button. +3. Under `Identity Provider Type`, choose `Facebook` and click on the `Next` button. +4. Fill-in the form like this and click on the `Next` button. + +| Key | Value | +| ------------ | ------------- | +| Name | Windows | +| Display Name | Windows | +| Description | Windows | + +5. Click on the `Add` button to confirm the creation and navigate to the new mapping rule. +6. Click on the `Mappers` tab, select and remove all the rows. +7. Click on the `Add mapper` button and add two rules with the following content: + +| Key | Value | +| ----------------- | ---------------------------------------------------------- | +| Mapper Type | Subject | +| Name | Subject | +| Source Claim Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | + +| Key | Value | +| ----------------- | ------------------------------------------------------------------ | +| Mapper Type | Identifier | +| Name | Identifier | +| Source Claim Name | http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid | + +## Mapping + +The [Just-In-Time Provisioning](../glossary) workflow utilizes a list of mapping rules to transform incoming Claims into a local account. + +There are two types of Mapping Rules: + +* [User attribute](../glossary) : It is a dynamic user claim, for example, DateOfBirth. +* [User property](../glossary) : It is a static user claim, for example, FirstName or Email. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/iam/images/clients.png b/website/versioned_docs/version-5.0.0/iam/images/clients.png new file mode 100644 index 000000000..54dcebc36 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/iam/images/clients.png differ diff --git a/website/versioned_docs/version-5.0.0/iam/images/clientview.png b/website/versioned_docs/version-5.0.0/iam/images/clientview.png new file mode 100644 index 000000000..f78f11260 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/iam/images/clientview.png differ diff --git a/website/versioned_docs/version-5.0.0/iam/images/email.png b/website/versioned_docs/version-5.0.0/iam/images/email.png new file mode 100644 index 000000000..82af857f0 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/iam/images/email.png differ diff --git a/website/versioned_docs/version-5.0.0/iam/images/register-pwd-email.png b/website/versioned_docs/version-5.0.0/iam/images/register-pwd-email.png new file mode 100644 index 000000000..94d829af7 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/iam/images/register-pwd-email.png differ diff --git a/website/versioned_docs/version-5.0.0/iam/images/sms.png b/website/versioned_docs/version-5.0.0/iam/images/sms.png new file mode 100644 index 000000000..7d7095525 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/iam/images/sms.png differ diff --git a/website/versioned_docs/version-5.0.0/iam/manualidentityprovisioning.md b/website/versioned_docs/version-5.0.0/iam/manualidentityprovisioning.md new file mode 100644 index 000000000..a6d7909e6 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/iam/manualidentityprovisioning.md @@ -0,0 +1,21 @@ +# Manual + +The [Manual Identity Provisioning](../glossary) workflow in SimpleIdServer enables [Visitors](../glossary) to your web application to create a local account with the Identity Provider. + +The workflow consists of one or more steps, with each step representing a different [Authentication Method](../glossary). +For each of these methods, the visitor will enroll their credentials. + +To create a Manual Identity Provisioning workflow, follow these steps : + +1. Navigate to the `Identity Provisioning` menu and click on the `Manual Identity Provisioning` button. +2. Click on the `Add registration workflow` button. +3. Fill in the name; it must be unique. +4. Select one or more registration methods. The order is important as it determines the sequence of actions for registring the [Visitor](../glossary). +5. If you want this new registration workflow to be the default one when a visitor navigates to the registration page, then check the `Is Default` checkbox. +6. Click on the `Add` button to register the workflow. + +You can view the registration workflow by clicking on the link displayed in the first column of the table. + +The screenshot below shows a registration workflow with two steps `pwd` and `email`. + +![Registration workflow](./images/register-pwd-email.png) \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/iam/openid.md b/website/versioned_docs/version-5.0.0/iam/openid.md new file mode 100644 index 000000000..03c6b13c1 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/iam/openid.md @@ -0,0 +1,114 @@ +# OPENID + +The SimpleIdServer's [Identity Provider](../glossary) can act as an OPENID server. + +## Supported Grant Types + +The following Grant Types are supported + +| Name | RFC | +| ---------------------------------------------------- | ---- | +| authorization_code | [https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.1](https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.1) | +| client_credentials | [https://datatracker.ietf.org/doc/html/rfc6749#section-4.4](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4) | +| password | [https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.3](https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.3) | +| refresh_token | [https://datatracker.ietf.org/doc/html/rfc6749#section-1.5](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5) | +| urn:openid:params:grant-type:ciba | [https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html) | +| urn:ietf:params:oauth:grant-type:device_code | [https://www.ietf.org/rfc/rfc8628.html#section-3.4](https://www.ietf.org/rfc/rfc8628.html#section-3.4) | +| urn:ietf:params:oauth:grant-type:pre-authorized_code | [https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-10.html](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-10.html) | +| urn:ietf:params:oauth:grant-type:uma-ticket | [https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html](https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html) | +| urn:ietf:params:oauth:grant-type:token-exchange | [https://datatracker.ietf.org/doc/html/rfc8693](https://datatracker.ietf.org/doc/html/rfc8693) | + +## Supported authentication methods + +The following client authentication methods are supported. + +| Name | RFC | +| --------------------------- | --- | +| client_secret_basic | [https://www.rfc-editor.org/rfc/rfc7591.html#section-2.3.1](https://www.rfc-editor.org/rfc/rfc7591.html#section-2.3.1) | +| client_secret_jwt | [https://www.rfc-editor.org/rfc/rfc7523](https://www.rfc-editor.org/rfc/rfc7523) +| client_secret_post | [https://www.rfc-editor.org/rfc/rfc7591.html#section-2.3.1](https://www.rfc-editor.org/rfc/rfc7591.html#section-2.3.1) | +| private_key_jwt | [https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication) | +| self_signed_tls_client_auth | [https://www.rfc-editor.org/rfc/rfc8705.html](https://www.rfc-editor.org/rfc/rfc8705.html) | +| tls_client_auth | [https://www.rfc-editor.org/rfc/rfc8705.html](https://www.rfc-editor.org/rfc/rfc8705.html) | +| pkce | [https://datatracker.ietf.org/doc/html/rfc7636](https://datatracker.ietf.org/doc/html/rfc7636) | + +## Clients + +The [Client](../glossary) is the application that is attempting to act on behalf of the user or access the user's resources. + +In SimpleIdServer, clients are categorized into [Categories](../glossary), and each category belongs to a [Template](../glossary). + +There are three templates + + + + + + + + + + + + + + + + + + + + +
    TemplateDescriptionCategories
    StandardThis template assists in creating an application that adheres to the standard security protocols, such as Ws-Federation, OPENID or SAML2User Agent Based application (SPA)
    Machine-to-Machine(M2M) applications
    Web application executed on server
    Desktop or mobile application
    A WS-Federation relying party
    A Service Provider (SP)
    Device - An IoT application
    FAPI2.0This template assists in creating an application used in the Financial Domain. This application must be highly secure and must adhere to a set of security practices.Highly secure Web Application
    Grant Management
    External Device Authentication
    Credentials issuer
    + +To manage the clients, navigate to the `Clients` menu. + +![Clients](./images/clients.png) + +You can view the configuration of the client by clicking on its identifier displayed in the first column of the table. + +The client view displays six tab elements: + +* **Details** : Display the details of the client; depending on the nature of the client (machine or website), the displayed parameters vary. For instance, if the client is a Single Page Application, the Redirect URLs are displayed; otherwise, if the client is a Console Application/Machine, the Redirect URLs are not displayed. + +* **Client Scopes** Display the list of [Scopes](../glossary) to which the client has access. There are two types of scopes : [Identity Scope](../glossary) and [Api Scope](../glossary).Identity Scopes grant the client access to specific claims of the authenticated user, such as Email. API Scopes grant the client access to certain [Api Resources](../glossary), for example, the Read action on the Clients REST API. + +* **Keys** : Some client authentication methods require a client secret signed by a key, such as private_key_jwt. The Identity Provider stores the public keys or uses the Json Web Key URL exposed by the client to verify the signature of the client secret. + +* **Credentials**: Select the authentication method. + +* **Roles** : One or more user roles can be assigned to a client, for example, 'administrator.' The role can also be assigned to a group, and that group can, in turn, be assigned to one or more users. The client's role will be included in the `role` claims of the authenticated user. When the client receives the token, it can check the permissions. + +* **Advanced**: Display all the available parameters of a client. + +![Client view](./images/clientview.png) + +## Scopes + +The [Scope](../glossary) provides a means to restrict the level of access granted to an access token. + +There are two types of scopes: + +| Name | Description | +| ----------------------- | ----------- | +| OpenId / Identity Scope | OPENID/Identity scopes are used by a client during authentication to authorize access to a user's details, such as name and picture. | +| API Scope | Restrict access to REST API/resources. | + +To manage the scopes, navigate to the `Scopes` menu. + +### Identity Scope + +An [Identity Scope](../glossary) contains one or more [Mapping Rules](../glossary). These rules are used to retrieve user information and convert it into a list of claims that will be included in the Identity Token. + +There are two types of mapping rules: + +| Name | Description | +| -------------- | -------------------------------------------------------------------------------------------------------- | +| User Attribute | Transform a user's claim into an output claim; claims are not static and can take any form | +| User Property | Transform a user's property into an output claim; properties are static and defined by SimpleIdServer | + +### API Scope + +An [API scope](../glossary) represents a permission for one or more API resources, such as `read` for the client named `ClientsApi`. + +The `aud` claim is populated with the relevant API resources. This claim is used by the API during the authorization process. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/iam/saml2.md b/website/versioned_docs/version-5.0.0/iam/saml2.md new file mode 100644 index 000000000..fc1cd4325 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/iam/saml2.md @@ -0,0 +1,12 @@ + # SAML2.0 + + The SimpleIdServer's [Identity Provider](../glossary) can act as a SAML Identity Provider thanks to the [IdentitySaml2](https://www.itfoxtec.com/IdentitySaml2) library. + +To create a website with SAML support, follow these steps: + +1. Navigate the client `Clients` page. +2. Click on the `Add client` button. +3. Select the `Standard` template and select and click on the `Next` button. +4. Fill in the form with the appropriate values and click on the `Save` button to confirm the creation. + +You can follow these [Tutorial](../tutorial/saml) to configure the SAML Authentication. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/iam/storage.md b/website/versioned_docs/version-5.0.0/iam/storage.md new file mode 100644 index 000000000..f253ca1e6 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/iam/storage.md @@ -0,0 +1,42 @@ +# Storage + +The [Identity Provider](../glossary) can utilize one of the following storage options. + +For each type of storage, there is a corresponding NuGet package containing all the migration scripts. These scripts encompass the logic necessary for creating the data structure, such as tables or schemas. Migration scripts will be applied during the startup of the [Identity Provider](../glossary). + +| Storage | Nuget package | +| --------- | -------------------------------------------------------------------------------------------------------------------------- | +| SQL Server | [SimpleIdServer.IdServer.SqlServerMigrations](https://www.nuget.org/packages/SimpleIdServer.IdServer.SqlServerMigrations) | +| PostGreSQL | [SimpleIdServer.IdServer.PostgreMigrations](https://www.nuget.org/packages/SimpleIdServer.IdServer.PostgreMigrations) | +| MySQL | [SimpleIdServer.IdServer.PostgreMigrations](https://www.nuget.org/packages/SimpleIdServer.IdServer.MySQLMigrations) | + +If your preferred storage option is not listed, please [contact-us](../contactus). We will make every effort to accommodate your requirements. + +Alternatively, if you are comfortable with our solution, you can make modifications in the `Program.cs` file of the [Identity Provider](../glossary) solution. + +## SQL Server + +To utilize SQL Server, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| --------------------------------------- | ------------- | +| $.StorageConfiguration.ConnectionString | | +| $.StorageConfiguration.Type | SQLSERVER | + +## POSTGRESQL + +To utilize Postgresql, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| --------------------------------------- | ------------- | +| $.StorageConfiguration.ConnectionString | | +| $.StorageConfiguration.Type | POSTGRE | + +## MYSQL + +To utilize Mysql, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| --------------------------------------- | ------------- | +| $.StorageConfiguration.ConnectionString | | +| $.StorageConfiguration.Type | MYSQL | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/iam/wsfederation.md b/website/versioned_docs/version-5.0.0/iam/wsfederation.md new file mode 100644 index 000000000..98fbed1e0 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/iam/wsfederation.md @@ -0,0 +1,12 @@ +# WS-Federation + +The SimpleIdServer's [Identity Provider](../glossary) can act as a WS-Federation server. + +The [WS-Federation Language](http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html) version 1.2 is supported. + +To create a website with WS-Federation support, follow these steps: + +1. Navigate to the `Clients` page. +2. Click on the `Add client` button. +3. Select the `Standard` template and select the `WS-Federation Relyng party`, then click on the `Next` button. +4. Fill in the form with the appropriate values and click on the `Save` button to confirm the creation. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/images/CredentialIssuer-1.png b/website/versioned_docs/version-5.0.0/images/CredentialIssuer-1.png new file mode 100644 index 000000000..3a402b142 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/images/CredentialIssuer-1.png differ diff --git a/website/versioned_docs/version-5.0.0/images/CredentialIssuer-2.png b/website/versioned_docs/version-5.0.0/images/CredentialIssuer-2.png new file mode 100644 index 000000000..33280e56a Binary files /dev/null and b/website/versioned_docs/version-5.0.0/images/CredentialIssuer-2.png differ diff --git a/website/versioned_docs/version-5.0.0/images/IdentityServer-1.png b/website/versioned_docs/version-5.0.0/images/IdentityServer-1.png new file mode 100644 index 000000000..61976afe5 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/images/IdentityServer-1.png differ diff --git a/website/versioned_docs/version-5.0.0/images/IdentityServerWebsite-2.png b/website/versioned_docs/version-5.0.0/images/IdentityServerWebsite-2.png new file mode 100644 index 000000000..7d872b167 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/images/IdentityServerWebsite-2.png differ diff --git a/website/versioned_docs/version-5.0.0/images/azuread-1.png b/website/versioned_docs/version-5.0.0/images/azuread-1.png new file mode 100644 index 000000000..3494101e2 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/images/azuread-1.png differ diff --git a/website/versioned_docs/version-5.0.0/images/clientcertificate.png b/website/versioned_docs/version-5.0.0/images/clientcertificate.png new file mode 100644 index 000000000..fbf4b19f4 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/images/clientcertificate.png differ diff --git a/website/versioned_docs/version-5.0.0/images/mobile-settings.png b/website/versioned_docs/version-5.0.0/images/mobile-settings.png new file mode 100644 index 000000000..0ebcef65e Binary files /dev/null and b/website/versioned_docs/version-5.0.0/images/mobile-settings.png differ diff --git a/website/versioned_docs/version-5.0.0/installation/dotnettemplate.md b/website/versioned_docs/version-5.0.0/installation/dotnettemplate.md new file mode 100644 index 000000000..99c0c4dc2 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/installation/dotnettemplate.md @@ -0,0 +1,226 @@ +# DOTNET Template + +Install SimpleIdServer templates. + +``` +dotnet new --install SimpleIdServer.Templates +``` + +This will add the following templates + +| Command line | Description | +| ---------------------------- | ------------------------------------------------------------------------------------------------ | +| dotnet new idserver | Create Identity Server. By default, Entity Framework is configured to use SQLServer | +| dotnet new idserverwebsite | Create Identity Server website. By default, Entity Framework is configured to use SQLServer | +| dotnet new scim | Create SCIM Server. | +| dotnet new credissuer | Create credential issuer API. | +| dotnet new credissueradminui | Create credential issuer administration UI. | + +## Create Visual Studio Solution + +Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir Quickstart +cd Quickstart +mkdir src +dotnet new sln -n Quickstart +``` + +## Create IdentityServer project + +To create a web project named `IdServer` with the `SimpleIdServer.IdServer` package installed, execute the command line : + +``` +cd src +dotnet new idserver -n IdServer +``` + +The following files will be created within a new `src/IdServer` directory : + +* `IdServer.csproj` : Project file with the `SimpleIdServer.IdServer` NuGet package added. +* `appsettings.json` : Contains the ConnectionString. +* `Program.cs` : Main application entry point. +* `IdServerConfiguration.cs` : Contains the `Clients`, `Resources`. + +Next, add the `IdServer` project into the Visual Studio Solution + +``` +cd .. +dotnet sln add ./src/IdServer/IdServer.csproj +``` + +Run the IdServer project, ensuring that it listens on the URL `https://localhost:5001`. + +``` +cd src/IdServer +dotnet run --urls=https://localhost:5001 +``` + +The IdentityServer is now ready to be used. + +By default, there is one administrator account configured. You can access their profile by navigating to the URL `https://localhost:5001/master` and authenticate using the following credentials : + +* Login : administrator +* Password : password + +## IdentityServer UI preview + +The IdentityServer UI uses Bootstrap 5. + +![IdentityServer](../images/IdentityServer-1.png) + +## Create IdentityServer website project + +create a web project named `IdServerWebsite` with the `SimpleIdServer.IdServer.Website` package installed, execute the command line : + +``` +cd src +dotnet new idserverwebsite -n IdServerWebsite +``` + +Run the `IdServerWebsite` project, it must listens on the url `https://localhost:5002`. + +``` +cd src/IdServerWebsite +dotnet run --urls=https://localhost:5002 +``` + +The IdentityServer website is now ready to be used. + +The website can be used to manage all aspects of an Identity Server solution, such as managing clients, users, and scopes. + +## Identity Server website UI preview + +The IdentityServer website UI uses Radzen. + +![IdentityServerWebsite](../images/IdentityServerWebsite-2.png) + +## SCIM Security + +By default SCIM is configured to use API KEY authentication. +For clients to perform any operation, they must include one of those keys in the `HTTP HEADER Authorization Bearer` field. + +| Owner | Value | +| -------- | ------------------------------------ | +| IdServer | ba521b3b-02f7-4a37-b03c-58f713bf88e7 | +| AzureAd | 1595a72a-2804-495d-8a8a-2c861e7a736a | + +## Create SCIM project with EF support + +Create a web project named `ScimEF` with the `SimpleIdServer.Scim.Persistence.EF` package installed and Entity Framework (EF) configured to use SQLServer, execute the command line : + +``` +cd src +dotnet new scim -n ScimEF --connectionString "Data Source=.;Initial Catalog=SCIM;Integrated Security=True;TrustServerCertificate=True" -t "SQLSERVER" +``` + +Next, add the `ScimEF` project into the Visual Studio Solution + +``` +cd .. +dotnet sln add ./src/ScimEF/ScimEF.csproj +``` + +Run the ScimEF project, ensuring that it listens on the URL `https://localhost:5003`. + +``` +cd src/SCIMEF +dotnet run --urls=https://localhost:5003 +``` + +Now that the SCIM server is running, you can check its Schemas endpoint by accessing [https://localhost:5003/Schemas](https://localhost:5003/Schemas). + +## Create SCIM project with MongoDB support + +To create a web project named ScimMongoDB with the SimpleIdServer.Scim.Persistence.MongoDB package installed and MongoDB support, execute the command line : + +``` +cd src +dotnet new scim -n ScimMongoDB --connectionString "mongodb://localhost:27017" -t "MONGODB" +``` + +Next, add the `ScimMongoDB` project into the Visual Studio Solution + +``` +cd .. +dotnet sln add ./src/ScimMongoDB/ScimMongoDB.csproj +``` + +Run the ScimMongoDB project, ensuring that it listens on the URL `https://localhost:5003`. + +``` +cd src/ScimMongoDB +dotnet run --urls=https://localhost:5003 +``` + +Now that the SCIM server is running, you can check its Schemas endpoint by accessing [https://localhost:5003/Schemas](https://localhost:5003/Schemas). + +## Create credential issuer project + +To create a web project named `CredentialIssuer` with the `SimpleIdServer.CredentialIssuer` package installed, execute the command line : + +``` +cd src +dotnet new credissuer -n CredentialIssuer +``` + +:::danger + +If you are using version 5.0.0, you must install the NuGet package `Microsoft.IdentityModel.Protocols.OpenIdConnect` version `7.5.1`. Otherwise, the OpenIdConnect library will not be able to read the OpenID configuration from the well-known endpoint. + +::: + +The following files will be created within a new `src/CredentialIssuer` directory : + +* `CredentialIssuer.csproj` : Project file with the `SimpleIdServer.CredentialIssuer` NuGet package added. +* `appsettings.json` : Contains the properties to configure the Openid authentication, such as the ClientId, ClientSecret and Issuer. +* `Program.cs` : Main application entry point. +* `CredentialIssuerConfiguration.cs` : Contains the `CredentialConfigurations`. + +Run the CredentialIssuer project, ensuring that it listens on the URL `https://localhost:5005`. + +``` +cd src/IdServer +dotnet run --urls=https://localhost:5005 +``` + +The CredentialIssuer is now ready to be used. + +## Credential issuer UI preview + +The CredentialIssuer UI uses Bootstrap 5. + +![CredentialIssuer](../images/CredentialIssuer-1.png) + +## Create credential issuer website project + +To create a web project named `CredentialIssuerAdminui` with the `SimpleIdServer.CredentialIssuer.Website` package installed, execute the command line : + +``` +cd src +dotnet new credissueradminui -n CredentialIssuerAdminui +``` + +:::danger + +If you are using version 5.0.0, you must install the NuGet package `Microsoft.IdentityModel.Protocols.OpenIdConnect` version `7.5.1`. Otherwise, the OpenIdConnect library will not be able to read the OpenID configuration from the well-known endpoint. + +::: + +Run the `CredentialIssuerAdminui` project, it must listens on the url `https://localhost:5006`. + +``` +cd src/IdServerWebsite +dotnet run --urls=https://localhost:5006 +``` + +The credential issuer administration ui is now ready to be used. + +The website can be used to manage the credential configurations. + +## Credential issuer website UI preview + +The CredentialIssuer website UI uses Radzen. + +![CredentialIssuerAdminUi](../images/CredentialIssuer-2.png) \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/installation/hosting.md b/website/versioned_docs/version-5.0.0/installation/hosting.md new file mode 100644 index 000000000..2dab15c6c --- /dev/null +++ b/website/versioned_docs/version-5.0.0/installation/hosting.md @@ -0,0 +1,206 @@ +# Hosting + +import DocsCards from '@site/src/components/global/DocsCards'; +import DocsCard from '@site/src/components/global/DocsCard'; + +## NGINX + +Once the solution is installed via [Copy and paste](./quickstart.md#copy-and-paste) on your server, you can configure a reverse proxy, such as NGINX, to redirect incoming HTTP traffic to the SimpleIdServer solution. + +In a Linux environment, three systemd daemons will be installed, each running a different part of the SimpleIdServer solution. + +There are three services hosted on different ports : + +| Service | Port | +| ----------------------- | ---- | +| IdServer | 5001 | +| Website | 5002 | +| Scim | 5003 | +| CredentialIssuer | 5005 | +| CredentialIssuerWebsite | 5006 | + +They share the same characteristics: +* Hosted under HTTPS. +* They use Forwarded Headers; these HTTP headers are employed to modify the Redirection URL returned by the Discovery endpoint. For example, when the parameter `X-Forwarded-Proto` equals http, the OPENID Well-Known configuration endpoint will return a redirection URL with an http scheme. + +You can choose one of the following options to host the solution. + + + +

    Each service is hosted on a subdomain.

    +     + +

    Each service is hosted on a subpath.

    +     +     + +### Subdomain hosting + +In the NGINX configuration, for each service, replicate the `server` block with the following content. + +Each block corresponds to a subdomain and handles one service. + +Replace the `` variable with the URL of your service, and the `` variable with the name of your service. + +For example, for the IdServer service, replace the variables as follows: + +| Parameter | Value | +| ------------ | ---------------------- | +| SERVICE_NAME | openid | +| SERVICE_URL | https://localhost:5001 | +| DOMAIN | simpleidserver.com | + +``` +server { + listen 443 ssl; + listen [::]:443 ssl; + + gzip on; + gzip_types text/plain text/css application/xml application/json application/javascript; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + large_client_header_buffers 4 32k; + + server_name .; + ssl_verify_client optional_no_ca; + + location / { + proxy_pass ; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection keep-alive; + proxy_set_header Host $host; + proxy_pass_header Set-Cookie; + proxy_pass_request_headers on; + proxy_cache_bypass $http_upgrade; + proxy_cookie_domain localhost $host; + proxy_set_header X-Scheme https; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-URL-SCHEME https; + client_max_body_size 1M; + client_body_buffer_size 4096k; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffer_size 128k; + proxy_buffers 32 256k; + } +} +``` + +### Subpath hosting + +In the NGINX configuration, add one `server` block for each service and replicate the `location` block with the following content. + +For example, for the IdServer service, replace the variables as follows: + +| Parameter | Value | +| ------------ | ---------------------- | +| PATH | openid | +| SERVICE_URL | https://localhost:5001 | +| DOMAIN | simpleidserver.com | + +``` +server { + listen 443 ssl; + listen [::]:443 ssl; + + gzip on; + gzip_types text/plain text/css application/xml application/json application/javascript; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + large_client_header_buffers 4 32k; + + server_name ; + ssl_verify_client optional_no_ca; + + location / { + proxy_pass ; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection keep-alive; + proxy_set_header Host $host; + proxy_pass_header Set-Cookie; + proxy_pass_request_headers on; + proxy_cache_bypass $http_upgrade; + proxy_cookie_domain localhost $host; + proxy_set_header X-Scheme https; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-URL-SCHEME https; + client_max_body_size 1M; + client_body_buffer_size 4096k; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffer_size 128k; + proxy_buffers 32 256k; + } +} +``` + +### SSL Certificate + +An SSL Certificate must be installed on your NGINX Server. + +You can use [Let's Encrypt](https://letsencrypt.org/) to generate SSL Certificates valid for all your domains and/or subdomains. + +For example, the following command line generates a certificate valid for three domains: + +``` +sudo certbot certonly -d openid.simpleidserver.com -d scim.simpleidserver.com -d website.simpleidserver.com credentialissuer.simpleidserver.com credentialissuerwebsite.simpleidserver.com +``` + +Once the certificate is generated, you must update the `server` blocks add the `ssl_certificate` and `ssl_certificate_key` directives. + +``` +ssl_certificate /etc/letsencrypt/live//fullchain.pem; +ssl_certificate_key /etc/letsencrypt/live//privkey.pem; +``` + +Additionally, add a new server block to redirect all HTTP traffic to HTTPS: + +``` +server { + listen 80; + server_name ; + return 301 https://$host$request_uri; +} +``` + +For more information about NGINX, you can refer to the official website: https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/ + +## IIS + +The zip file downloaded from [here](./quickstart.md#copy-and-paste), contains all of SimpleIdServer's services. + +They are ready to be run on IIS, and each of them has a `web.config` filer with a reference to the executable service to run. + +To deploy the application under IIS, follow these steps: +1. Add a new application pool named `SimpleIdServer`. +2. Enable the`Load User Profile` and check if the identity specified for the application pool is a member of the `Cryptographic perators` groups. his setting is required; otherwise, you'll encounter cryptographic exceptions such as: + +``` +Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer[2] +Connection ID "17942340921349636565", Request ID "800001d7-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application. +System.Security.Cryptography.CryptographicException: The system cannot find the file specified. +at System.Security.Cryptography.CngKey.Import(ReadOnlySpan1 keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider) at System.Security.Cryptography.CngPkcs8.ImportPkcs8(ReadOnlySpan1 keyBlob) +``` + +3. Add a new `SimpleIdServer` site, select your application pool, and specify the directory of your service. + + +:::info + +If the application is deployed on Azure, add the application setting `WEBSITE_LOAD_PROFILE` and set its value to `1`. + +::: \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/installation/quickstart.md b/website/versioned_docs/version-5.0.0/installation/quickstart.md new file mode 100644 index 000000000..7bed206d8 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/installation/quickstart.md @@ -0,0 +1,127 @@ +# Quick Start + +import DocsCards from '@site/src/components/global/DocsCards'; +import DocsCard from '@site/src/components/global/DocsCard'; + +The entire SimpleIdServer solution can be easily installed and deployed through various methods: [Copy and Paste](#copy-and-paste), [Docker](#docker) or [Kubernetes](#kubernetes). + +If you want to install only certain parts of the solution or customize specific features like the UI, you can use our [DOTNET Template](#dotnet-template) project. + + + + +

    Install the entire solution with a single command..

    +     + +

    Utilize our DOTNET Template to install specific parts of the solution.

    +     +     + +## Copy and paste + +Installing SimpleIdServer is as simple as downloading it, unzipping it, and updating the connection string. +By default, the project is configured to use the SQLServer database. Other databases are supported. For more information, refer to the [configuration](configuration) section. + +The archive folder contains three projects: + +| Name | Port | Description | +| ----------------------- | --------------- | ------------------------- | +| IdServer | https://*:5001 | Identity server | +| IdServerWebsite | https://*:5002 | Administration website | +| Scim | https://*:5003 | SCIM server | +| CredentialIssuer | https://*:5005 | Credential issuer | +| CredentialIssuerWebsite | https://*:5006 | Credential issuer website | + +The technical account used to run the `IdServer` and `Scim` servers must have the privilege to create tables and databases. Otherwise, the application cannot deploy the database. +By default, the development certificate is utilized to host the applications under HTTPS. To install it on your local machine, execute the command line `dotnet dev-certs https`. +For more information, refer to the [documentation](https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-dev-certs). + +### Windows + +Procedure : + +1. Download the [zip file](https://github.com/simpleidserver/SimpleIdServer/releases/latest/download/SimpleIdServer-Windows-x64.zip). +2. Extract the contents into a directory. +3. In each subfolder, locate the `appsettings.json` file. Open your preferred text editor and update the Connection String. +4. Open three PowerShell prompts and navigate to the subdirectories: `IdServer`, `Scim`, `IdServerWebsite`, `CredentialIssuer` and `CredentialIssuerWebsite`. +5. Execute the command `run.ps1`. + +### Linux + +Procedure : + +1. Download the [zip file](https://github.com/simpleidserver/SimpleIdServer/releases/latest/download/SimpleIdServer-Linux-x64.zip) using the following command: + +`wget https://github.com/simpleidserver/SimpleIdServer/releases/latest/download/SimpleIdServer-Linux-x64.zip` + +2. Extract the contents into a directory using the following command: + +`unzip SimpleIdServer-Linux-x64.zip -d SimpleIdServer-Linux-x64` + +3. In the subdirectories, you will find two scripts. Use `run.sh` to launch the service and `install-daemon.sh` to install the server as a daemon service. + +## Docker + +It is possible to run the SimpleIdServer solution through Docker. + +In this setup, the domain `localhost.com` is used to represent the domain on which the solution is hosted. Therefore, the first step is to ensure that the domain `localhost.com` resolves to the Docker host machine. + +To achieve this, edit your hosts file and add the following entry: + +``` +127.0.0.1 localhost.com scim.localhost.com idserver.localhost.com website.localhost.com credentialissuer.localhost.com credentialissuerwebsite.localhost.com +``` + +The location of the hosts file varies based on the operating system: + +| Operating System | Path | +| ---------------- | ------------------------------------- | +| Linux | \etc\hosts | +| Windows | C:\Windows\system32\drivers\etc\hosts | + +Next, download the [Docker archive](https://github.com/simpleidserver/SimpleIdServer/releases/latest/download/Docker.zip), extract the contents into a directory, and execute the command `docker-compose up`. + +Now, SimpleIdServer is ready to be used, and the services can be accessed through the following URLs: + +| Service | Url | +| --------------------------- | ------------------------------------------------- | +| IdServer | https://idserver.localhost.com/master | +| IdServerWebsite | https://website.localhost.com | +| Scim | https://scim.localhost.com | +| CredentialIssuer | https://credentialissuer.localhost.com | +| CredentialIssuerWebsite | https://credentialissuerwebsite.localhost.com | + +## Kubernetes + +It is possible to run the SimpleIdServer solution through Kubernetes. + +In this setup, the domain `sid.svc.cluster.local` is used to represent the domain on which the solution is hosted. Therefore, the first step is to ensure that the domain `sid.svc.cluster.local` resolves to the Docker host machine. + +To achieve this, edit your hosts file and add the following entry: + +``` +127.0.0.1 sid.svc.cluster.local scim.sid.svc.cluster.local idserver.sid.svc.cluster.local website.sid.svc.cluster.local credentialissuer.sid.svc.cluster.local credentialissuerwebsite.sid.svc.cluster.local +``` + +Next, ensure that you have `Minikube` installed on your local machine. You can download it from [Minikube](https://minikube.sigs.k8s.io/docs/start/). + +Download the [Kubernetes archive file](https://github.com/simpleidserver/SimpleIdServer/releases/latest/download/Kubernetes.zip) and extract its contents into a directory. + Open a command prompt and navigate to this directory. Execute the following commands to start the solution: + +``` +minikube start +minikube addons enable ingress +eval $(minikube -p minikube docker-env) +kubectl apply -f sid-kubernetes.yaml +minikube tunnel +``` + +Now, SimpleIdServer is ready to be used, and the services can be accessed through the following URLs: + +| Service | Url | +| --------------------------- | --------------------------------------------------------- | +| IdServer | https://idserver.sid.svc.cluster.local/master | +| IdServerWebsite | https://website.sid.svc.cluster.local | +| Scim | https://scim.sid.svc.cluster.local | +| CredentialIssuer | https://credentialissuer.sid.svc.cluster.local | +| CredentialIssuerWebsite | https://credentialissuerwebsite.sid.svc.cluster.local | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/migrations/403to404.md b/website/versioned_docs/version-5.0.0/migrations/403to404.md new file mode 100644 index 000000000..fbab21f60 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/migrations/403to404.md @@ -0,0 +1,33 @@ +# Migrate from version 4.0.3 to 4.0.4 + +The SCIM project includes a breaking change in the database. Two columns have been added to the `SCIMRepresentationAttribute` table: +* `ComputedIndexValue` : This column stores a computed value for each attribute. If the attribute is complex, the value is the concatenation of its children's values. This value serves a useful purpose when the SCIM server is checking the uniqueness of the attribute. +* `IsComputed`: his column indicates whether the attribute is automatically computed or not. For example, the attribute `groups.type` is always computed by the server and only has two possible values, `direct` or `indirect`. + +## Entity Framework + +### Apply migration script + +If you are utilizing `Entity Framework`, make sure to reference the appropriate NuGet package for your specific database and apply the migration scripts included within the NuGet package. + +| Nuget | Database | +| --------------------------------------- | --------- | +| SimpleIdServer.Scim.PostgreMigrations | Postgre | +| SimpleIdServer.Scim.SqlServerMigrations | SQLServer | + +If you are not using the NuGet package, you can generate the migration script and apply it by executing the following commands. For more information, please refer to the [official documentation](https://learn.microsoft.com/en-us/ef/core/managing-schemas/migrations/?tabs=dotnet-core-cli). + +``` +dotnet ef add migrations add Release404 +dotnet ef database update +``` +Two columns, `ComputedIndexValue` and `IsComputed`, will be added to the table named `SCIMRepresentationAttributes`. + +### Launch migration + +Even though it's not ideal, you can use the [Startup project](https://github.com/simpleidserver/SimpleIdServer/blob/master/src/Scim/SimpleIdServer.Scim.Startup/Startup.cs) and uncomment the code for`MigrateFrom403To404EF`. + +## MongoDB + +Due to the size limit of a document, all the `FlatAttributes` property of the `SCIMRepresentation` collection must be transformed into a list of references to the `SCIMRepresentationAttribute` collection. +To accomplish this, you can use the [Startup project](https://github.com/simpleidserver/SimpleIdServer/blob/master/src/Scim/SimpleIdServer.Scim.Startup/Startup.cs). Uncomment the line `MigrateFrom403To404MongoDB(app);` and set the parameter `useVersion403` to true. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/mobileapplication.md b/website/versioned_docs/version-5.0.0/mobileapplication.md new file mode 100644 index 000000000..6c6125d9f --- /dev/null +++ b/website/versioned_docs/version-5.0.0/mobileapplication.md @@ -0,0 +1,41 @@ +# Mobile application + +import MobileSettings from './images/mobile-settings.png'; + +SimpleIdServer offers a mobile application that is both free and open-source. + +## Download + +The application can be downloaded for Android [here](https://install.appcenter.ms/users/agentsimpleidserver-gmail.com/apps/simpleidserver/distribution_groups/public). + +## Enroll + +The mobile application utilizes SimpleIdServer's FIDO U2F endpoints to enroll a public key, while the private key is securely stored on the device. + +During the authentication process, SimpleIdServer sends a challenge response to the device to verify the corresponding private key. + +Follow these steps to enroll your mobile application: + +1. Go to the following URL to register a new user [https://openid.simpleidserver.com/master/registration?workflowName=mobile](https://openid.simpleidserver.com/master/registration?workflowName=mobile). +2. Enter a random username and click on the `Generate QR Code` button. + +If you are using the [mobile application](https://install.appcenter.ms/users/agentsimpleidserver-gmail.com/apps/simpleidserver/distribution_groups/public), follow these steps: + +1. Open the mobile application. +2. Select the `Enroll` tab. +3. Click on the `Scan QR Code` button and scan the QR code displayed on the website. + +Your mobile application is now successfully enrolled and ready to be used for user authentication. + +## Push notification methods + +The mobile application can be configured to use one of the following notification methods: + +* **Firebase** : [Firebase Cloud Message (FCM)](https://firebase.google.com/docs/cloud-messaging) is a cross-platform messaging solution from Google. +* **Gotify** : [Gotify](https://gotify.net/) is a simple server for sending and receiving messages. Our Gotify server is hosted [here](https://gotify.simpleidserver.com/#/). + +The default notification method can be selected in the `Settings` tab. + +
    + +
    \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/overview.md b/website/versioned_docs/version-5.0.0/overview.md new file mode 100644 index 000000000..802ffc3d8 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/overview.md @@ -0,0 +1,41 @@ +# Overview + +import ClientCertificate from './images/clientcertificate.png'; +import Architecture from '@site/src/components/global/Architecture'; + +:::warning + +When attempting to authenticate with the Identity Provider or access the administration website, a prompt will appear, requesting user credentials. Please click the 'Cancel' button to proceed to the authentication screen. SimpleIdServer is configured by default to accept client certificates. + +
    + +
    +::: + +:::info + +Click on one of the elements in the architecture diagram to navigate through the documentation. + +::: + + + +SimpleIdServer is the first open-source project developed with .NET that comprehensively covers all aspects of an **Identity and Access Management** software + + + + + + + + + + + + + + + + + +
    IAM aspectsSimpleIdServer's features
    AuthenticationSupports multiple security protocols such as : OPENID, SAML2.0 and WS-Federation
    Configure one or more external identity providers, such as Facebook.
    Utilize various authentication methods such as Mobile application, OTP Code, Email, SMS and Login & Password.
    AuthorizationControl the user's permissions in one or more applications using Role-Based Access Control (RBAC).
    User managementConfigure one or more automatic identity provisioning workflows to fetch users automatically from LDAP and/or SCIM 2.0 REST API.
    Configure one or more manual identity provisioning workflows that can be used by the end-user to create an account.
    Central user repositoryOur SCIM 2.0 server can be used to store users and groups.
    \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/scim20.md b/website/versioned_docs/version-5.0.0/scim20.md new file mode 100644 index 000000000..6aef4bb98 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/scim20.md @@ -0,0 +1,374 @@ +# SCIM + +The SCIM server acts as a central repository where different representations coexist, including Users or Groups. + +It can be used by the [Identity Provider](../glossary) as a provisioning source. When a user is created or updated in SCIM, their local account in the [Identity Provider](../glossary) will be automatically created or updated. + +Only version 2.0 of SCIM is supported. + +## Storage + +The following storage options are supported. Each NuGet package contains migration scripts to create or update the database structure. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    NameNuget packageJSON PathValue
    SQLServerSimpleIdServer.Scim.SqlServerMigrations$.StorageConfiguration.ConnectionString
    $.StorageConfiguration.TypeSQLSERVER
    PostgresqlSimpleIdServer.Scim.PostgreMigrations$.StorageConfiguration.ConnectionString
    $.StorageConfiguration.TypePOSTGRE
    Mongodb$.StorageConfiguration.ConnectionString
    $.StorageConfiguration.TypeMONGODB
    MYSQLSimpleIdServer.Scim.MySQLMigrations$.StorageConfiguration.ConnectionString
    $.StorageConfiguration.TypeMYSQL
    + + +## Azure LDAP Provisioning + +To establish user provisioning from Azure Active Directory (AD) to the SCIM Endpoint, you can follow this tutorial [https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#integrate-your-scim-endpoint-with-the-azure-ad-provisioning-service](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#integrate-your-scim-endpoint-with-the-azure-ad-provisioning-service). + +When the provisioning mode is selected, the `Tenant URL` and `Secret Token` must be specified. + +![Create Organization Unit](images/azuread-1.png) + +Assign the value of the SCIM endpoint `http://localhost:5003` to the Tenant URL. +Set the Secret Token to one of the following values : + +| Owner | Value | +| -------- | ------------------------------------ | +| IdServer | ba521b3b-02f7-4a37-b03c-58f713bf88e7 | +| AzureAd | 1595a72a-2804-495d-8a8a-2c861e7a736a | + +:::warning + +When the user is provisioned from Azure AD to the SCIM server, the following exception can occur because, according to the [RFC SCIM CORE SCHEMA](https://datatracker.ietf.org/doc/html/draft-ietf-scim-core-schema,), the schema for user representation does not include a `primary` property in the `addresses` section. + +``` +SimpleIdServer.Scim.Exceptions.SCIMSchemaViolatedException: attribute primary is not recognized by the SCIM schema +``` + +If this property is required, edit the `UserSchema.json` file and add the following property under the `addresses` section : + +``` + { + "name": "primary", + "type": "boolean", + "multiValued": false, + "required": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none", + "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address. The primary attribute value 'true' MUST appear no more than once." + } +``` + +::: + +## Security + +By default, the API is protected by an API Key. +Any client wishing to execute an operation must include one of the following keys in the `Authorization` header. + +| Owner | Value | +| -------- | ------------------------------------ | +| IdServer | ba521b3b-02f7-4a37-b03c-58f713bf88e7 | +| AzureAd | 1595a72a-2804-495d-8a8a-2c861e7a736a | + +The keys have access to the following scopes + +| Scope | Description | +| -------------------- | --------------------------------- | +| query_scim_resource | Retrieve resource attributes | +| add_scim_resource | Add resource | +| delete_scim_resource | Delete resource | +| update_scim_resource | Update resource | +| bulk_scim_resource | Allows to execute bulk operations | + +## SCIM - Example messages + + +### POST User + +Minimal request for creating a user, username is the only mandatory field. + +**Request** + +``` +HTTP POST: https:///Users + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], + "externalId": "external", + "userName": "sid", + "name": { + "formatted": "formatted", + "givenName": "givenName", + "middleName": "middleName", + "familyName": "familyName" + } +} +``` + +**Response** + +``` +{ + "id": "6dc4ceb0-b376-4d4c-9ef0-e6c25e359754", + "userName": "sid", + "name": { + "formatted": "formatted", + "givenName": "givenName", + "middleName": "middleName", + "familyName": "familyName" + }, + "groups": [], + "photos": [], + "roles": [], + "emails": [], + "x509Certificates": [], + "ims": [], + "addresses": [], + "entitlements": [], + "phoneNumbers": [], + "meta": { + "resourceType": "User", + "created": "2023-06-12T11:12:45.0268402Z", + "lastModified": "2023-06-12T11:12:45.0269172Z", + "version": 0, + "location": "https://localhost:5003/Users/6dc4ceb0-b376-4d4c-9ef0-e6c25e359754" + }, + "externalId": "external", + "schemas": [ + "urn:ietf:params:scim:schemas:core:2.0:User" + ] +} +``` + +### GET User + +#### Get one user + +**Request** + +``` +HTTP GET: https://:5003/Users/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 +``` + +#### Search users + +**Request** + +``` +HTTP GET: https://:5003/Users?filter=(emails[type eq "home"]) and (active eq false) + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 +``` + +The filter parameter must contain at least one valid expression. Each expression must contain an attribute name followed by an attribute operator and optional value. + +The operators supported in the expression are listed below : + +| Operator | Description | Behavior | +| -------- | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| eq | equal | The attribute and operator values must be identical for a match. | +| ne | not equal | The attribute and operator values are not identical. | +| co | contains | The entire operator value must be a substring of the attribute value for a match. | +| sw | starts with | The entire operator value must be a substring of the attribute value, starting at the beginning of the attribute value. The criterion is satisfied if the two strings are identical. | +| ew | ends with | The entire operator value must be a substring of the attribute value, matching at the end of the attribute value. The criterion is satisfied if the two strings are identical. | +| pr | present (has value ) | If the attribute has a non-empty or non-null value, or if it contains a non-empty node for complex attributes, there is a match. | +| gt | greater than | If the attribute value is greater than the operator value, there is a match. | +| lt | less than | If the attribute value is less than the operator value, there is a match. | +| le | less than or equal to | If the attribute value is less than or equal to the operator value, there is a match. | + +### DELETE User + +**Request** + +``` +HTTP DELETE: https://:5003/Users/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 +``` + +### PATCH user + +#### Add one email address + +**Request** + +``` +HTTP PATCH: https://:5003/Users/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": [ + "urn:ietf:params:scim:api:messages:2.0:PatchOp" + ], + "Operations": [ + { + "op": "add", + "path": "emails", + "value": [ + { + "primary": true, + "value": "sid@gmail.com", + "type": "home" + } + ] + } + ] +} +``` + + +#### Remove one email address + +**Request** + +``` +HTTP PATCH: https://:5003/Users/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": [ + "urn:ietf:params:scim:api:messages:2.0:PatchOp" + ], + "Operations": [ + { + "op": "remove", + "path": "emails[type eq home]" + } + ] +} +``` + +#### Update Family name + +**Request** + +``` +HTTP PATCH: https://:5003/Users/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": [ + "urn:ietf:params:scim:api:messages:2.0:PatchOp" + ], + "Operations": [ + { + "op": "replace", + "path": "name.familyName", + "value": "newfamilyname" + } + ] +} +``` + +### ADD Group + +Request used for creating a group, displayName is the only mandatory field. + +**Request** + +``` +HTTP PATCH: https://:5003/Groups + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"], + "displayName": "administrator" +} +``` + +### PATCH Group + +#### Assign one user to a group + +**Request** + +``` +HTTP PATCH: https://:5003/Groups/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": [ + "urn:ietf:params:scim:api:messages:2.0:PatchOp" + ], + "Operations": [ + { + "op": "add", + "path": "members", + "value": { + "value": "{{userId}}" + } + } + ] +} +``` + +The user representation will contain a reference to the group in its `groups` property. + +#### Remove a user from a group + +``` +HTTP PATCH: https://:5003/Groups/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": [ + "urn:ietf:params:scim:api:messages:2.0:PatchOp" + ], + "Operations": [ + { + "op": "remove", + "path": "members[value eq {{userId}}]" + } + ] +} +``` \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/ciba.md b/website/versioned_docs/version-5.0.0/tutorial/ciba.md new file mode 100644 index 000000000..c125254ee --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/ciba.md @@ -0,0 +1,188 @@ +# Client-Initiated Backchannel Authentication (CIBA) + +import MobileNotification from './images/mobile-notification.png'; + +Client-Initiated Backchannel Authentication (CIBA) is an authentication flow where the client application initiates the authentication process on behalf of the end-user. +It is designed for scenarios where the end-user may not have a browser or cannot actively participate in the authentication process. + +According to the specification found at [https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html), Client-Initiated Backchannel Authentication (CIBA) is not applicable to Public Clients. Only Confidential Clients, such as Console Applications, Websites, or REST APIs, are eligible to use CIBA. + +The CIBA specification defines two types of devices: + +* `Consumption Device` : This device initiates the CIBA flow by interacting with the OPENID Server. +* `Authentication Device` : This device receives notifications coming from the OPENID Server. + +A classical use case is an E-Commerce REST API requesting an access token from the OPENID Server of the Bank. In this scenario, the `Consumption Device` is represented by the REST API, and the `Authentication Device` is the Bank Mobile Application. The Bank Mobile Application receives notifications from the OPENID Server. When the end-user accepts the consent, the Consumption Device can obtain an access token and interact with the Bank API to initiate the money transfer. + +In this tutorial, we will explain how to create a Console Application (`Consumption Device`) that initiates a CIBA Authentication Request and obtains an Access Token by polling the `Token` endpoint. + +The client will have the following configuration: + +| Configuration | Value | +| ---------------------------------------- | --------------- | +| Client Authentication Method | tls_client_auth | + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/DeviceUseCIBA). +::: + +To implement the CIBA in a console application, you'll need to follow the following steps. + +## 1. Configure a client certificate + +Utilize the administration UI to create a client certificate. + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. In the Certificate Authorities screen, choose a Certificate Authority from the available options. Remember that the selected Certificate Authority should be trusted by your machine. You can download the certificate and import it into the appropriate Certificate Store. +3. Click on the `Client Certificates` tab and then proceed to click on the `Add Client Certificate` button. +4. Set the value of the Subject Name to `CN=client` and click on the `Add` button. +5. Click on the `Download` button located next to the certificate. + +## 2. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. In the Clients screen, click on `Add client` button. +3. Choose `FAPI2.0`. +4. Select `Device` and click on next. +5. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ------------ | --------------- | +| Identifier | cibaConformance | +| Name | cibaConformance | +| Subject Name | CN=client | + +## 3. Create a consumption device + +Finally, create and configure a consumption device. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir DeviceUseCIBA +cd DeviceUseCIBA +mkdir src +dotnet new sln -n DeviceUseCIBA +``` + +2. Create a web project named `ConsoleApp` and install the `IdentityModel` NuGet package. + +``` +cd src +dotnet new console -n ConsoleApp +cd ConsoleApp +dotnet add package IdentityModel +``` + +3. Add the `ConsoleApp` project into your Visual Studio solution. + +``` +cd .. +dotnet sln add ./src/ConsoleApp/ConsoleApp.csproj +``` + +4. Edit the `Program.cs` file and copy the following code. + + +``` +using IdentityModel.Client; +using System.Security.Authentication; +using System.Security.Cryptography.X509Certificates; + +var certificate = new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "CN=client.pfx")); +var req = new BackchannelAuthenticationRequest() +{ + Address = "https://localhost:5001/master/mtls/bc-authorize", + ClientId = "cibaConformance", + Scope = "openid profile", + LoginHint = "user", + BindingMessage = "Message", + RequestedExpiry = 200 +}; +var handler = new HttpClientHandler(); +handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }; +handler.CheckCertificateRevocationList = false; +handler.ClientCertificateOptions = ClientCertificateOption.Manual; +handler.SslProtocols = SslProtocols.Tls12; +handler.ClientCertificates.Add(certificate); +var client = new HttpClient(handler); +var response = await client.RequestBackchannelAuthenticationAsync(req); + +bool cont = true; +while(cont) +{ + var tokenResponse = await client.RequestBackchannelAuthenticationTokenAsync(new BackchannelAuthenticationTokenRequest + { + Address = "https://localhost:5001/master/mtls/token", + ClientId = "cibaConformance", + AuthenticationRequestId = response.AuthenticationRequestId + }); + if(tokenResponse.IsError) + Console.WriteLine(tokenResponse.Error); + else + { + Console.WriteLine(tokenResponse.AccessToken); + cont = false; + } +} +``` + +5. Replace the `CN=client.pfx` certificate with the one you have previously downloaded. + +Once the consumption device is configured, you can choose one of the following push notification methods to receive the back channel authentication. + +## 3.1 Console notification method + +By default, the console notification method is configured in the settings of all users. + +When you run the consumption device, a `green message` will be displayed in the Identity Server instance. +Copy the URL from the browser and authenticate using the following credentials: + +| Credential | Value | +| ---------- | -------- | +| Login | user | +| Password | password | + + +Once the consent is granted, the access token will be displayed by the console application. + +## 3.2 Gotify notification method + +Before being able to use the Gotify Server as a notification method, you must check its configuration: + +1. Navigate to the details view of the `user`. +2. Under the notification mode, select `Gotify` and click on the `Save` button. +3. Open the `Authentications` screen and navigate to the `Gotify` authentication method. +4. Check the following parameters : + +| Parameter | Description | +| --------- | -------------------------------------- | +| BaseUrl | Url of the gotify service | +| Login | Login of the administration account | +| Password | Password of the administration account | + +Once the configuration of the Gotify Server is finished, the mobile application can be enrolled: + +1. Open the [Mobile application](../mobileapplication). +2. Click on the `Settings` tab. Next to the `Choose notification mode` option, select `Gotify`. +3. Browse the [Identity Server URL](https://openid.simpleidserver.com/master/Home/Profile), and authenticate with the `user` account. +4. Under the `Credentials` section, click on the `Mobile` to enroll the mobile application. +5. Set the Display name to `mobile` and click on the `Generate QR Code` button. + +![Generate QR Code](./images/generate-qr-code.png) + +6. Scan the QR code with your mobile application. If the mobile application is successfully enrolled, a success message should be displayed. + +![QR Code](./images/qr-code.png) + +The mobile application is ready to receive back-channel notifications. + +When you run the consumption device, a popup will be displayed in the mobile application. You can click on the `Accept` button. + +Once consent is granted, the access token will be displayed by the console application. + +
    + +
    \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/credentialissuer.md b/website/versioned_docs/version-5.0.0/tutorial/credentialissuer.md new file mode 100644 index 000000000..b64520a4d --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/credentialissuer.md @@ -0,0 +1,112 @@ +# Credential issuer + +import VcQrCode from './images/vc-qr.png'; +import WalletCredential from './images/wallet-credential.png'; + +A credential issuer is a protected REST API capable of issuing Verifiable Credentials. + +The Digital Credentials Protocols (DPC) working group of the OPENID standard has authored a technical specification for developing Credential Issuers. For more information, please refer to the [official documentation](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html). + +In this article, we will develop a REST API for a University capable of issuing University degrees to its students. The REST API adheres to the following technical specifications: + +* Verifiable credentials are returned in the [ldp_vc](https://identity.foundation/claim-format-registry/#term:ldp-registry) format. +* The [did:key](https://w3c-ccg.github.io/did-method-key/) algorithm is utilized to transform the credential into a verifiable credential. + +## 1. Configure a scope + +If a `university_degree` scope is configured, then skip this step. + +Utilize the administration UI to configure a new scope : + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. On the Scopes screen, click on the `Add scope` button. +3. Select API value and click on next. +4. Fill-in the form like this and click on the Save button to confirm the creation. + +| Parameter | Value | +| ----------------- | ----------------- | +| Name | university_degree | +| Description | University degree | + +## 2. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at https://localhost:5002. +2. In the Clients screen, click on `Add client` button. +3. Select `Credential Issuer`. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ------------- | ------------------------ | +| Identifier | CredentialIssuer | +| Secret | password | +| Name | Credential Issuer | +| Redirect URLS | https://localhost:5005/* | + +5. Click on the new client, then select the `Client scopes` tab click on the `Add client scope` button. Choose the `university_degree` scope and click on the `Save` button. + +## 3. Create credential issuer + +Create and configure the credential issuer API. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution : + +``` +mkdir CredentialIssuer +cd CredentialIssuer +mkdir src +dotnet new sln -n CredentialIssuer +``` + +2. Use the SimpleIderver template to create the credential issuer project : + +``` +cd src +dotnet new credissuer -n CredentialIssuer +``` + +3. Add the `CredentialIssuer` project into the solution : + +``` +cd .. +dotnet sln add ./src/CredentialIssuer/CredentialIssuer.csproj +``` + +By default, the CredentialIssuer project is configured to issue Verifiable Credentials, such as the `UniversityDegree`. + +The project configuration is located in the `CredentialIssuerConfiguration.cs` file, which contains the following properties: + +CredentialConfigurations: Definitions of credentials and the mapping rules with the user's claims. +CredentialClaims: Claims of the user. + +In a command prompt, navigate to the `src\CredentialIssuer` directory and launch the application. + +``` +dotnet run --urls=https://*:5005 +``` + +Please browse the following URL: [https://localhost:5005/credentials](https://localhost:5005/credentials). +The User-Agent will be automatically redirected to the OpenID server. Submit the following credentials and confirm the consent. You will then be redirected to a screen where your claims will be displayed. + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | + +Finally, click on the `Share` button next to the University Credential. +A QR will be displayed in a popup window : + +
    + +
    + +## 3. Enroll verifiable credentials + +If the mobile application is not yet installed, follow this [tutorial](../mobileapplication). + +Scan the QR code displayed by the credential issuer. If the enrollment is successful, a success message will be displayed. The verifiable credential is now visible in the `Wallet` tab. + +
    + +
    \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/delegation.md b/website/versioned_docs/version-5.0.0/tutorial/delegation.md new file mode 100644 index 000000000..d5fd05277 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/delegation.md @@ -0,0 +1,382 @@ +# Delegation or Impersonation + +There are situations in which a REST API needs to act on behalf of users or other clients. + +A subject can act on behalf of another subject in two ways: either through impersonation or delegation. + +**Impersonation** occurs when the subject in a token is indistinguishable from the original one. The recipient of the token will typically be unaware that impersonation is taking place. + +In case of a **Delegation** , a token contains explicit information that one subject delegates its rights to another entity. The call chain is preserved using the `act` claim. + +In this tutorial, we will implement the following delegation scenario. The `SecondAPI` REST API acts on behalf of the end-user. + +```mermaid +graph LR; + Website-->|Pass access token of the user|SecondAPI-->|Pass the impersonated access token|FirstAPI +``` + +1. The website calls a REST API to retrieve the list of shops. +2. The REST API uses the `urn:ietf:params:oauth:grant-type:token-exchange` grant type to receive an access token valid on the `shopApiOther` scope and acts on behalf of the authenticated user. This access token is used to access the second REST API. +3. The REST API receives the access token and checks its audience. + +## 1. Define the first permission + +1. Open the Identity Server website at [https://localhost:5002](https://localhost:5002). +2. Open the Scopes screen and click on the `Add scope` button. +3. Select `API value` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ----------- | ------- | +| Name | shopApi | +| Description | shopApi | + +5. Navigate to the new scope, then select the `API Resources` tab and click on the `Add API resource` button. +6. Fill-in the form like this and click on the `Add` button to confirm the creation. + +| Parameter | Value | +| ----------- | ------- | +| Name | shopApi | +| Audience | shopApi | +| Description | shopApi | + +## 2. Define the second permission + +1. Open the Identity Server website at [https://localhost:5002](https://localhost:5002). +2. Open the Scopes screen, click on the `Add scope` button. +3. Select `API value` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ----------- | ------------ | +| Name | shopApiOther | +| Description | shopApiOther | + +5. Navigate to the new scope, then select the `API Resources` tab and click on the `Add API resource` button. +6. Fill-in the form like this and click on the `Add` button to confirm the creation. + +| Parameter | Value | +| ----------- | ------------ | +| Name | shopApiOther | +| Audience | shopApiOther | +| Description | shopApiOther | + +## 3. Configure the website + +1. Open the Identity Server website at [https://localhost:5002](https://localhost:5002). +2. On the Client screen, click on the `Add client button`. +3. Select `web application` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | --------------------------------- | +| Identifier | delegationWebsite | +| Secret | password | +| Name | delegationWebsite | +| Redirection URLS | http://localhost:5004/signin-oidc | + +5. Click on the new client, then select the `Client scopes` tab and click on `Add client scope` button. Choose the `shopApi` scope and click on the `Save` button. + +## 4. Configure the API + +1. Open the Identity Server website at [https://localhost:5002](https://localhost:5002). +2. On the Client screen, click on the `Add client button`. +3. Select `machine` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | --------------------------------- | +| Identifier | firstDelegationApi | +| Secret | password | +| Name | firstDelegationApi | + +5. Click on the new client, in the `Details` tab, select the `Token exchange` grant-type, set the token exchange type to `Delegation` and click on the `Save` button. +6. Select the `Client scopes` tab and click on `Add client scope` button. Choose the `shopApiOther` scope and click on the `Save` button. + +## 5. Create the first API + +Create and configure the first REST.API service + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir Delegation +cd Delegation +mkdir src +dotnet new sln -n Delegation +``` + +2. Create a REST.API project named `ShopApiOther` and install the `Microsoft.AspNetCore.Authentication.JwtBearer` Nuget package. + +``` +cd src +dotnet new webapi -n ShopApiOther +cd ShopApiOther +dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer +``` + +3. Add the `ShopApiOther` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/ShopApiOther/ShopApiOther.csproj +``` + +4. Edit the file `ShopApiOther\Program.cs` and configure the JWT authentication. Additionally, add an Authorization policy named `Shops` that checks if the access token has the correct audience. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(options => +{ + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidAudiences = new List + { + "shopApiOther" + }, + ValidIssuers = new List + { + "https://localhost:5001/master" + } + }; +}); +builder.Services.AddAuthorization(options => +{ + options.AddPolicy("Shops", p => p.RequireAuthenticatedUser()); +}); +``` + +5. Add a `ShopsController` controller with one protected operation. + +``` +[ApiController] +[Route("shops")] +public class ShopsController : ControllerBase +{ + [HttpGet] + [Authorize("Shops")] + public IActionResult Get() + { + return new OkObjectResult(new[] { "shop1", "shop2" }); + } +} +``` + +6. In a command prompt, navigate to the `src\ShopApiOther` directory and launch the application. + +``` +dotnet run --urls=http://localhost:5006 +``` + +## 6. Create the second API + +Create and configure the second REST.API service + +1. Create a REST.API project named `ShopApi` and install the `Microsoft.AspNetCore.Authentication.JwtBearer` Nuget package. + +``` +cd src +dotnet new webapi -n ShopApi +cd ShopApi +dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer +``` + +3. Add the `ShopApi` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/ShopApi/ShopApi.csproj +``` + +4. Edit the file `ShopApi\Program.cs` and configure the JWT authentication. Additionally, add an Authorization policy named `Shops` that checks if the access token has the correct audience. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(options => +{ + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidAudiences = new List + { + "shopApi" + }, + ValidIssuers = new List + { + "https://localhost:5001/master" + } + }; +}); +builder.Services.AddAuthorization(options => +{ + options.AddPolicy("Shops", p => p.RequireAuthenticatedUser()); +}); +``` + +5. Add a `ShopsController` controller with one protected operation. It uses the `urn:ietf:params:oauth:grant-type:token-exchange` grant type to obtain an access token valid for the `shopApiOther` scope and utilizes it to make a call to the first REST API service. + +``` +[ApiController] +[Route("shops")] +public class ShopsController : ControllerBase +{ + [HttpGet] + [Authorize("Shops")] + public async Task Get() + { + const string url = "http://localhost:5006/shops"; + var accessToken = await GetAccessToken(); + using (var httpClient = new HttpClient()) + { + var requestMessage = new HttpRequestMessage(HttpMethod.Get, url); + requestMessage.Headers.Add("Authorization", $"Bearer {accessToken}"); + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var shopNames = JsonSerializer.Deserialize(json); + return new OkObjectResult(shopNames); + } + } + + private async Task GetAccessToken() + { + const string clientId = "firstDelegationAPi"; + const string clientSecret = "password"; + const string tokenUrl = "https://localhost:5001/master/token"; + var subjectToken = Request.Headers["Authorization"].ElementAt(0).Split(" ")[1]; + using (var httpClient = new HttpClient()) + { + var dic = new List> + { + new KeyValuePair("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"), + new KeyValuePair("client_id", clientId), + new KeyValuePair("client_secret", clientSecret), + new KeyValuePair("subject_token", subjectToken), + new KeyValuePair("subject_token_type", "urn:ietf:params:oauth:token-type:access_token"), + new KeyValuePair("scope", "shopApiOther") + }; + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Post, + Content = new FormUrlEncodedContent(dic), + RequestUri = new Uri(tokenUrl) + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var accessToken = (JsonObject.Parse(json) as JsonObject).First(k => k.Key == "access_token").Value.ToString(); + return accessToken; + } + } +} +``` + +The access contains the following claims : + +| Claim | Description | Value | +| --------- | --------------------------------- | ----------------------- | +| sub | subject of the authenticated user | administrator | +| act | Contains the chain of delegation | \{act : sub : shopApi \} | +| scope | List of scopes | shopApiOther | +| aud | Audience | shopApiOther | +| client_id | Client identifier | delegationWebsite | + +6. In a command prompt, navigate to the `src\ShopApi` directory and launch the application. + +``` +dotnet run --urls=http://localhost:5005 +``` + +## 7. Create the website + +Create and configure an ASP.NET CORE application + +1. Create a web project named `Website` and install the Microsoft.AspNetCore.Authentication.OpenIdConnect NuGet package. + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect +``` + +2. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +3. Edit the `Program.cs` file and configure the OpenID authentication. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; +}) + .AddCookie("Cookies") + .AddOpenIdConnect("sid", options => + { + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "delegationWebsite"; + options.ClientSecret = "password"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + options.Scope.Add("shopApi"); + }); +... +app.UseCookiePolicy(new CookiePolicyOptions +{ + Secure = CookieSecurePolicy.Always +}); +app.UseHttpsRedirection(); +app.UseStaticFiles(); +app.UseRouting(); +app.UseAuthorization(); +``` + +4. Add a `ShopsController` controller with one protected operation. + +``` +public class ShopsController : Controller +{ + [Authorize] + public async Task Index() + { + var accessToken = await HttpContext.GetTokenAsync("access_token"); + const string url = "http://localhost:5005/shops"; + using(var httpClient = new HttpClient()) + { + var requestMessage = new HttpRequestMessage(HttpMethod.Get, url); + requestMessage.Headers.Add("Authorization", $"Bearer {accessToken}"); + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var shopNames = JsonSerializer.Deserialize(json); + return View(new ShopsViewModel { Shops = shopNames }); + } + } +} +``` + +5. Create a view `Views\Shops\Index.cshtml`with the following content. This view will display the names of the Shop. +6. In a command prompt, navigate to the `src\Website` directory and launch the application. + +``` +dotnet run --urls=http://localhost:5004 +``` + +Finally, browse the following URL: [http://localhost:5004/shops]([http://localhost:5004/shops). The User-Agent will be automatically redirected to the OpenID server. Submit the following credentials and confirm the consent. You will be redirected to the screen where the shops will be displayed. + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/grantmgt.md b/website/versioned_docs/version-5.0.0/tutorial/grantmgt.md new file mode 100644 index 000000000..a5a929133 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/grantmgt.md @@ -0,0 +1,517 @@ +# Grant Management + +Grant Management was introduced by FAPI 2.0. This standard aims to replace the various consent management APIs that have been developed in open banking markets, such as [OPEN BANKING UK](https://www.openbanking.org.uk/). + +These capabilities include + +* Granting access and returning a `grant_id`. +* Querying the details of a grant throught a `GET`. +* Update of a grant. +* Deletion of a grant. + +The standard also incorporates the use of `Rich Authorization Request (RAR)`. It enables clients to specify their detailed authorization requirements using the expressive nature of JSON data structures. For example: + +``` +{ + "type":"account_information", + "actions":[ + "list_accounts", + "read_balances", + "read_transactions" + ], + "locations":[ + "https://example.com/accounts" + ] +} +``` + +For more information please refer to the [official documentation](https://openid.net/specs/fapi-grant-management-01.html). + +The OPENBANKING UK Standard identifies two types of Third-Party Providers (`TPPs`): + +* Offer Account Information Services (`AISPs`) : gather read-only financial information.. +* Payment Initiation Services (`PISPs`) : can access and present financial information, but also move money from a user's bank account. + +In this tutorial, we will explain how to create an `AISP website` that fetches all the bank accounts of the authenticated user from an `Account REST.API Service`. + +* The authorization policy implemented by the REST API is basic. It checks if the access token contains at least one authorization data type equal to list_accounts. +* The Third-Party Website requires the user's consent to access the `list_accounts` Authorization Data as well as the `openid` and `profile` scopes. When the consent is accepted, the Website stores the `grant_id` returned by the Identity Server in an in-memory store. + +The `grant_id` can be used by the website to manage the lifecycle of a grant, which includes the following actions: + +* Querying the grant. +* Revoke the grant. + +The TPP website will have the following configuration: + +| Configuration | Value | +| ---------------------------------------- | ------------------------------------------------------------- | +| Client Authentication Method | tls_client_auth | +| Authorization Signed Response Algorithm | ES256 | +| Identity Token Signed Response Algorithm | ES256 | +| Request Object Signed Response Algorithm | ES256 | +| Pushed Authorization Request | Yes | +| Response Mode | jwt | +| Authorization Data Types | account_information | +| Scopes | grant_management_query grant_management_revoke openid profile | + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/FapiGrantManagement). +::: + +## 1. Configure client certificate + +Utilize the administration UI to create a client certificate. + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. In the Certificate Authorities screen, choose a Certificate Authority from the available options. Remember that the selected Certificate Authority should be trusted by your machine. You can download the certificate and import it into the appropriate Certificate Store. +3. Click on the `Client Certificates` tab and then proceed to click on the `Add Client Certificate` button. +4. Set the value of the Subject Name to `CN=fapiGrant` and click on the `Add` button. +5. Click on the `Download` button located next to the certificate. + +## 2. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. In the Clients screen, click on `Add client` button. +3. Select `FAPI2.0`. +4. Select `Grant Management` and click on next. +5. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Property | Value | +| ------------------------ | --------------------------------- | +| Identifier | fapiGrant | +| Secret | password | +| Name | fapiGrant | +| Redirection URLs | http://localhost:7000/callback/* | +| Authorization Data Types | account_information | +| Proof of Possession | Mutual-TLS Client Authentication | +| Subject Name | CN=fapiGrant | + +## 3. Create Account Info REST.API + +Create and configure an Account Info REST.API Service. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir FapiGrantManagement +cd FapiGrantManagement +mkdir src +dotnet new sln -n FapiGrantManagement +``` + +2. Create a web project named `AccountInfoApi` and install the `Microsoft.AspNetCore.Authentication.JwtBearer` NuGet package. + +``` +cd src +dotnet new webapi -n AccountInfoApi +cd AccountInfoApi +dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer +``` + +3. Add the `AccountInfoApi` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/AccountInfoApi/AccountInfoApi.csproj +``` + +4. In the file `AccountInfoApi\Program.cs`, modify the code to configure JWT authentication. Additionally, add an Authorization policy named `account_information` that verifies the correctness of the Authorization Details. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}) + .AddJwtBearer(options => + { + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateAudience = false, + ValidIssuers = new List + { + "https://localhost:5001/master" + } + }; + }); +builder.Services.AddAuthorization(b => +{ + b.AddPolicy("account_information", p => p.RequireAssertion(c => + { + var cl = c.User.Claims.First(c => c.Type == "authorization_details"); + return JsonObject.Parse(cl.Value)["type"].GetValue() == "account_information"; + })); +}); +``` + +5. Add a new controller called `AccountInfoController`. This controller should be responsible for returning the list of bank accounts. + +``` +[ApiController] +[Route("[controller]")] +[Authorize("account_information")] +public class AccountInfoController : ControllerBase +{ + [HttpGet(Name = "Accounts")] + public IEnumerable Get() + { + return new List { "BE91798829733676", "BE90321175762332", "BE56631811788388" }; + } +} +``` + +Now that your REST API is configured, you can launch it on port 7001. + +``` +dotnet run --urls=http://localhost:7001 +``` + + +## 4. Create TPP Website + +Finally, create and configure a TPP Website. + +1. Create a web project named `Website`. + +``` +cd src +dotnet new mvc -n Website +``` + +2. Add the `Website` project into your Visual Studio solution. + +``` +cd .. +dotnet sln add ./src/Website/Website.csproj +``` + +3. Add a `BankInfo` class into the `Models` directory. + +``` +namespace Website.Models; + +public class BankInfo +{ + public string Name { get; set; } = null!; + public string ClientId { get; set; } = null!; + public string ClientSecret { get; set; } = null!; + public string AuthorizationUrl { get; set; } = null!; + public string TokenUrl { get; set; } = null!; + public string GrantId { get; set; } = null!; +} +``` + +4. Create a `BankInfoStore` class that will be utilized to store the information of banks. + +``` +using Website.Models; + +namespace Website.Stores; + +public interface IBankInfoStore +{ + IQueryable GetAll(); + Task SaveChanges(CancellationToken cancellationToken); +} + +public class BankInfoStore : IBankInfoStore +{ + private readonly ICollection _bankInfos; + + public BankInfoStore(ICollection bankInfos) + { + _bankInfos = bankInfos; + } + + public IQueryable GetAll() => _bankInfos.AsQueryable(); + + public Task SaveChanges(CancellationToken cancellationToken) => Task.FromResult(1); +} +``` + +5. Create a `AccessTokenStore` class that will be used to store the access token. + +``` +namespace Website.Stores; + +public class AccessTokenStore +{ + private static AccessTokenStore _instance; + private Dictionary _accessTokens = new Dictionary(); + + private AccessTokenStore() { } + + public string GetAccessToken(string bankName) => _accessTokens[bankName]; + + public void Add(string bankName, string token) + { + if(_accessTokens.ContainsKey(bankName)) _accessTokens.Remove(bankName); + _accessTokens.Add(bankName, token); + } + + public static AccessTokenStore Instance() + { + if(_instance == null) _instance = new AccessTokenStore(); + return _instance; + } +} +``` + +6. In the `Program.cs` class, modify the code to register the dependencies and the certificate. Make sure to replace the certificate `CN=fapiGrant.pfx` with the one you downloaded earlier (step 1.5). + +``` +var certificate = new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "CN=fapiGrant.pfx")); +builder.Services.AddControllersWithViews(); +builder.Services.Configure(o => +{ + o.MTLSCertificate = certificate; +}); +builder.Services.AddSingleton(new BankInfoStore(new List +{ + new BankInfo { Name = "Bank", ClientId = "fapiGrant", AuthorizationUrl = "https://localhost:5001/master/authorization", ClientSecret = "password", TokenUrl = "https://localhost:5001/master/token" } +})); +``` + +7. In the `HomeController.cs` class, include a new action named `Callback`. This action will be invoked by the Identity Server once the authorization is granted. Inside this action, retrieve the `access_token` and `grant_id`, and then utilize the `AccessTokenStore`class to store these values. + +``` + [Route("callback/{bankName}")] + public async Task Callback(string bankName) + { + var bankInfo = _bankInfoStore.GetAll().First(b => b.Name == bankName); + var accessToken = await GetAccessToken(); + AccessTokenStore.Instance().Add(bankName, accessToken); + await _bankInfoStore.SaveChanges(CancellationToken.None); + return RedirectToAction("Index"); + + async Task GetAccessToken() + { + var authorizationCode = Request.Query["code"].First(); + var handler = new HttpClientHandler + { + ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }, + CheckCertificateRevocationList = false, + ClientCertificateOptions = ClientCertificateOption.Manual, + SslProtocols = SslProtocols.Tls12 + }; + handler.ClientCertificates.Add(_options.MTLSCertificate); + using (var httpClient = new HttpClient(handler)) + { + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Post, + RequestUri = new Uri(bankInfo.TokenUrl), + Content = new FormUrlEncodedContent(new Dictionary + { + { "client_id", bankInfo.ClientId }, + { "grant_type", "authorization_code" }, + { "code", authorizationCode }, + { "redirect_uri", $"{_options.CallbackUrl}/{bankName}" } + }) + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var jsonObj = JsonObject.Parse(json).AsObject(); + if (jsonObj.ContainsKey("grant_id")) + { + var grantId = jsonObj["grant_id"].GetValue(); + bankInfo.GrantId = grantId; + } + + return jsonObj["access_token"].GetValue(); + } + } + } +``` + +8. Create a controller named `BanksController` and paste the following content into it. This controller enables the end-user to link one or multiple bank accounts. + +``` +namespace Website.Controllers; + +public class BanksController : Controller +{ + private readonly IBankInfoStore _bankInfoStore; + private readonly WebsiteOptions _options; + + public BanksController(IBankInfoStore bankInfoStore, IOptions options) + { + _bankInfoStore = bankInfoStore; + _options = options.Value; + } + + public IActionResult Index() + { + var bankInfos = _bankInfoStore.GetAll().Select(b => new BankInfoViewModel + { + Name = b.Name + }); + return View(bankInfos); + } + + public IActionResult Link(string name) + { + var bankInfo = _bankInfoStore.GetAll().First(b => b.Name == name); + const string authorizationDetails = "{ \"type\" : \"account_information\", \"actions\" : [\"read\"] }"; + var url = $"{bankInfo.AuthorizationUrl}?client_id={bankInfo.ClientId}&redirect_uri={_options.CallbackUrl}/{name}&response_type=code&scope=openid profile&authorization_details={authorizationDetails}&grant_management_action=create"; + return Redirect(url); + } +} +``` + +9. Create a controller named `AccountsController`. This controller is responsible for displaying the information of the bank account. + +``` +namespace Website.Controllers; + +public class AccountsController : Controller +{ + private readonly IBankInfoStore _bankInfoStore; + private readonly WebsiteOptions _options; + + public AccountsController(IBankInfoStore bankInfoStore, IOptions options) + { + _bankInfoStore = bankInfoStore; + _options = options.Value; + } + + public IActionResult Index() + { + var result = _bankInfoStore.GetAll().Where(b => !string.IsNullOrWhiteSpace(b.GrantId)).Select(b => new GrantedBankInfoViewModel + { + GrantId = b.GrantId, + BankName = b.Name + }); + return View(result); + } + + public async Task Details(string bankName) + { + var accessToken = AccessTokenStore.Instance().GetAccessToken(bankName); + using (var httpClient = new HttpClient()) + { + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Get, + RequestUri = new Uri(_options.AccountInfoUrl) + }; + requestMessage.Headers.Add("Authorization", $"Bearer {accessToken}"); + var httpResponse = await httpClient.SendAsync(requestMessage); + var json = await httpResponse.Content.ReadAsStringAsync(); + var viewModel = new BankDetailsViewModel + { + Name = bankName, + Accounts = JsonArray.Parse(json).AsArray().Select(x => x.GetValue()) + }; + return View(viewModel); + } + } +} +``` + +9. Finally add the following views : + +**Views\Banks\Index.cshtml** + +``` +@using Website.ViewModels; + +@{ + ViewData["Title"] = "Link a bank account"; +} + +@model IEnumerable + +

    Request account information

    + +
    + @foreach(var bankInfo in Model) + { + +
    +
    +
    +
    @bankInfo.Name
    +
    +
    +
    +     + } +
    +``` + +**Views\Accounts\Index.cshtml** + +``` +@using Website.ViewModels; + +@{ + ViewData["Title"] = "Link a bank account"; +} + +@model IEnumerable + +

    You've access to the following bank accounts

    + +
    + @foreach(var bankInfo in Model) + { + +
    +
    +
    +
    @bankInfo.BankName
    +

    The grant_id is @bankInfo.GrantId

    +
    +
    +
    +     + } +
    +``` + +**Views\Accounts\Details.cshtml** + +``` +@using Website.ViewModels; + +@{ + ViewData["Title"] = "Bank accounts"; +} + +@model BankDetailsViewModel + +

    @Model.Name

    + +

    List of accounts

    + +
      + @foreach(var account in Model.Accounts) + { +
    • + @account +
      • + } +
    +``` + +Now that your TPP website configured, you can launch it on port 7000. + +``` +dotnet run --urls=http://localhost:7000 +``` + +Browse the website [http://localhost:7000](http://localhost:7000) and then navigate to [http://localhost:7000/Banks](http://localhost:7000/Banks). + +Next, click on the `Bank` button, which will redirect you to the Identity Server. Authenticate using the following credentials and confirm the consent. + +Upon successful authentication, proceed to navigate to [http://localhost:7000/Accounts/Details?bankName=Bank](http://localhost:7000/Accounts/Details?bankName=Bank), where you will find the list of bank accounts displayed. + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/highlysecuredregularweb.md b/website/versioned_docs/version-5.0.0/tutorial/highlysecuredregularweb.md new file mode 100644 index 000000000..9b805d081 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/highlysecuredregularweb.md @@ -0,0 +1,306 @@ +# Highly Secured regular Web Application + +In this tutorial, we will provide a comprehensive explanation of the process involved in creating a highly secure regular Web Application that adheres to all the security recommendations outlined in the FAPI (Financial-grade API) specifications. The FAPI specifications can be found at [https://openid.net/specs/fapi-2_0-baseline.html#name-requirements-for-clients](https://openid.net/specs/fapi-2_0-baseline.html#name-requirements-for-clients) : + +* The client shall support `MTLS` or `DPoP` as mechanism for sender-constrained access tokens. +* The client shall include `request` or `request_uri` parameter as defined in Section 6 of [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) in the authentication request. +* If the Authorization Request is too large for example a [Rich Authorization Request](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-23), then it is recommended to use [Pushed Authorization Request (PAR)](https://datatracker.ietf.org/doc/html/rfc9126). +* [JWT-Secured OAUTH2.0 authorisation response](https://openid.net/specs/openid-financial-api-jarm.html) (JARM) is used to sign and / or encrypt the authorisation response, it protects against replay, credential leaks and mix-up attacks. +* The `PS256` or `ES256` algorithms must be used. + +Based on the algorithm you have chosen to implement for Proof of Possession, please refer to the appropriate chapter to configure your highly secure web application + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/HighlySecuredServersideWebsite). +::: + +## MTLS + +The website will be configured with the following settings: + +| Configuration | Value | +| ---------------------------------------- | --------------- | +| Client Authentication Method | tls_client_auth | +| Authorization Signed Response Algorithm | ES256 | +| Identity Token Signed Response Algorithm | ES256 | +| Request Object Signed Response Algorithm | ES256 | +| Pushed Authorization Request | Yes | +| Response Mode | jwt | + +To incorporate all the FAPI recommendations into your regular web application, it is necessary to follow the following steps: + +### 1. Configure client certificate + +Utilize the administration UI to create a client certificate. + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. In the Certificate Authorities screen, choose a Certificate Authority from the available options. Remember that the selected Certificate Authority should be trusted by your machine. You can download the certificate and import it into the appropriate Certificate Store. +3. Click on the `Client Certificates` tab and then proceed to click on the `Add Client Certificate` button. +4. Set the value of the Subject Name to `CN=websiteFAPI` and click on the `Add` button. +5. Click on the `Download` button located next to the certificate. + +### 2. Configure an application + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. On the Clients screen, click on the `Add client` button. +3. Choose `FAPI2.0` template. +4. Select `Highly secure Web Application` and click on next. +5. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Property | Value | +| ----------------------- | --------------------------------- | +| Identifier | websiteFAPIMTLS | +| Secret | password | +| Name | websiteFAPIMTLS | +| Redirection URLs | http://localhost:5003/signin-oidc | +| Proof of Possession | Mutual-TLS Client Authentication | +| Subject Name | CN=websiteFAPI | + +6. The generated JSON Web Key will be displayed. Copy the corresponding value and save it in a text file. It will be used by the web application to construct a signed `request` parameter. + +Now your client is ready to be used, you can develop the regular website. + +### 3. Create ASP.NET CORE Application + +Finally, create and configure an ASP.NET CORE Application. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir HighlySecuredServersideWebsite +cd HighlySecuredServersideWebsite +mkdir src +dotnet new sln -n HighlySecuredServersideWebsite +``` + +:::info +This NuGet Package includes support for all the features provided by the official `Microsoft.AspNetCore.Authentication.OpenIdConnect` NuGet Package. +Additionally, it introduces new features such as the `tls_client_auth` Client Authentication Method and supports new authorization response types including `jwt`, `query.jwt`, `fragment.jwt`, `form_post.jwt`, `fragment.jwt`, `Pushed Authorization Request (PAR)` and `DPoP`. +::: + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package SimpleIdServer.OpenIdConnect +``` + +2. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +3. In the `Program.cs` file, make the following modifications to configure the OPENID authentication: Replace the content of the `JWK.json` file with the content from the file you copied earlier (step 2.5). Make sure to replace the certificate `CN=websiteFAPI.pfx` with the one you downloaded earlier (step 1.5). + +| Configuration | Value | +| ---------------------------------------- | --------------- | +| Client Authentication Method | tls_client_auth | +| Authorization Signed Response Algorithm | ES256 | +| Identity Token Signed Response Algorithm | ES256 | +| Request Object Signed Response Algorithm | ES256 | +| Pushed Authorization Request | Yes | +| Response Mode | jwt | + +``` + var certificate = new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "CN=websiteFAPI.pfx")); + var serializedJwk = File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "JWK.json")); + var jsonWebKey = JsonExtensions.DeserializeFromJson(serializedJwk); + builder.Services.AddAuthentication(options => + { + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; + }) + .AddCookie("Cookies") + .AddCustomOpenIdConnect("sid", options => + { + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.ResponseMode = "jwt"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "websiteFAPIMTLS"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + options.UseMTLSProof(certificate, new SigningCredentials(jsonWebKey, jsonWebKey.Alg)); + }); +``` + +4. Add a `ClaimsController` controller with one protected operation. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public IActionResult Index() + { + return View(); + } +} +``` + +5. Create a view `Views\Claims\Index.cshtml` with the following content. This view will display all the claims of the authenticated user. + +``` +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    +``` + +6. In a command prompt, navigate to the directory `src\Website` and launch the application. + +``` +dotnet run --urls=http://localhost:5003 +``` + +Finally, browse the following URL: [http://localhost:5003/claims](http://localhost:5003/claims). The User-Agent will be automatically redirected to the OpenID server. +Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | + +## DPoP + +The website will be configured with the following settings: + +| Configuration | Value | +| ---------------------------------------- | --------------- | +| Client Authentication Method | private_key_jwt | +| Authorization Signed Response Algorithm | ES256 | +| Identity Token Signed Response Algorithm | ES256 | +| Request Object Signed Response Algorithm | ES256 | +| Pushed Authorization Request | Yes | +| Response Mode | jwt | + +To incorporate all the FAPI recommendations into your regular web application, it is necessary to follow the following steps: + +### 1. Configure an application + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. On the Clients screen, click on the `Add client` button. +3. Choose `FAPI2.0` template. +4. Select `Highly secure Web Application` and click on next. +5. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Property | Value | +| ----------------------- | --------------------------------- | +| Identifier | websiteFAPIDPoP | +| Secret | password | +| Name | websiteFAPIDPoP | +| Redirection URLs | http://localhost:5003/signin-oidc | +| Proof of Possession | DPoP | + +6. The generated JSON Web Key will be displayed. Copy the corresponding value and save it in a text file. It will be used by the web application to construct a signed `request` parameter and a signed `DPoP Proof`. + +Now your client is ready to be used, you can develop the regular website. + + +### 2. Create ASP.NET CORE Application + +Finally, create and configure an ASP.NET CORE Application. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir HighlySecuredServersideWebsite +cd HighlySecuredServersideWebsite +mkdir src +dotnet new sln -n HighlySecuredServersideWebsite +``` + +:::info +This NuGet Package includes support for all the features provided by the official `Microsoft.AspNetCore.Authentication.OpenIdConnect` NuGet Package. +Additionally, it introduces new features such as the `tls_client_auth` Client Authentication Method and supports new authorization response types including `jwt`, `query.jwt`, `fragment.jwt`, `form_post.jwt`, `fragment.jwt`, `Pushed Authorization Request (PAR)` and `DPoP`. +::: + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package SimpleIdServer.OpenIdConnect +``` + +2. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +3. In the `Program.cs` file, make the following modifications to configure the OPENID authentication: Replace the content of the `JWK.json` file with the content from the file you copied earlier (step 2.5). + +| Configuration | Value | +| ---------------------------------------- | --------------- | +| Client Authentication Method | private_key_jwt | +| Authorization Signed Response Algorithm | ES256 | +| Identity Token Signed Response Algorithm | ES256 | +| Request Object Signed Response Algorithm | ES256 | +| Pushed Authorization Request | Yes | +| Response Mode | jwt | + +``` + var serializedJwk = File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "JWK.json")); + var jwk = JsonExtensions.DeserializeFromJson(serializedJwk); + builder.Services.AddAuthentication(options => + { + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; + }) + .AddCookie("Cookies") + .AddCustomOpenIdConnect("sid", options => + { + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.ResponseMode = "jwt"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "websiteFAPIDPoP"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + options.UseDPoPProof(new SigningCredentials(jwk, jwk.Alg)); + }); +``` + +4. Add a `ClaimsController` controller with one protected operation. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public IActionResult Index() + { + return View(); + } +} +``` + +5. Create a view `Views\Claims\Index.cshtml` with the following content. This view will display all the claims of the authenticated user. + +``` +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    +``` + +6. In a command prompt, navigate to the directory `src\Website` and launch the application. + +``` +dotnet run --urls=http://localhost:5003 +``` + +Finally, browse the following URL: [http://localhost:5003/claims](http://localhost:5003/claims). The User-Agent will be automatically redirected to the OpenID server. +Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/generate-qr-code.png b/website/versioned_docs/version-5.0.0/tutorial/images/generate-qr-code.png new file mode 100644 index 000000000..f5a270098 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/generate-qr-code.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/ldap-1.png b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-1.png new file mode 100644 index 000000000..c4d3f3c33 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-1.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/ldap-2.png b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-2.png new file mode 100644 index 000000000..7a95d515b Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-2.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/ldap-3.png b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-3.png new file mode 100644 index 000000000..e7e13ceb0 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-3.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/ldap-4.png b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-4.png new file mode 100644 index 000000000..2ee9a7741 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-4.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/ldap-5.png b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-5.png new file mode 100644 index 000000000..682421c61 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-5.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/ldap-6.png b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-6.png new file mode 100644 index 000000000..8d4fd7734 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/ldap-6.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/mobile-notification.png b/website/versioned_docs/version-5.0.0/tutorial/images/mobile-notification.png new file mode 100644 index 000000000..a870229a0 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/mobile-notification.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/qr-code.png b/website/versioned_docs/version-5.0.0/tutorial/images/qr-code.png new file mode 100644 index 000000000..88ff5539e Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/qr-code.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/scim-1.png b/website/versioned_docs/version-5.0.0/tutorial/images/scim-1.png new file mode 100644 index 000000000..551e89b15 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/scim-1.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/scim-2.png b/website/versioned_docs/version-5.0.0/tutorial/images/scim-2.png new file mode 100644 index 000000000..822acd2ce Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/scim-2.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/spa-1.png b/website/versioned_docs/version-5.0.0/tutorial/images/spa-1.png new file mode 100644 index 000000000..4384f99da Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/spa-1.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/spa-2.png b/website/versioned_docs/version-5.0.0/tutorial/images/spa-2.png new file mode 100644 index 000000000..9f0e21443 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/spa-2.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/vc-qr.png b/website/versioned_docs/version-5.0.0/tutorial/images/vc-qr.png new file mode 100644 index 000000000..406d110d7 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/vc-qr.png differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/images/wallet-credential.PNG b/website/versioned_docs/version-5.0.0/tutorial/images/wallet-credential.PNG new file mode 100644 index 000000000..25d1abd05 Binary files /dev/null and b/website/versioned_docs/version-5.0.0/tutorial/images/wallet-credential.PNG differ diff --git a/website/versioned_docs/version-5.0.0/tutorial/ldap.md b/website/versioned_docs/version-5.0.0/tutorial/ldap.md new file mode 100644 index 000000000..9080164f3 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/ldap.md @@ -0,0 +1,147 @@ + +import Ldap1 from './images/ldap-1.png'; +import Ldap2 from './images/ldap-2.png'; +import Ldap3 from './images/ldap-3.png'; + +# LDAP - Identity Provisioning + +Users stored in the LDAP repository can be imported into the Identity Server. + +In this tutorial, we will explain how to import users from [OPENLDAP](https://www.openldap.org/) to the Identity Server. + +## Install OPENLDAP + +Before proceeding further, please ensure that Docker is installed on your machine. + +Open a command prompt and launch an OPENLDAP instance by executing the following command line: + +``` +docker run -p 389:389 -p 636:636 --name ldap-service -h ldap-service -e LDAP_ORGANISATION="XL" -e LDAP_DOMAIN="xl.com" -e LDAP_ADMIN_PASSWORD="password" -d osixia/openldap:latest +``` + +This command exposes LDAP over port 389 and LDAPS over port 636. + +## Create some users + +Download and install [Apache Directory Studio](https://directory.apache.org/studio/downloads.html). + +Authenticate as an admin with the appropriate login DN : + +``` +Login Credentials: +ID : cn=admin,dc=xl,dc=com +Password: password +``` + + +Under `dc=xl,dc=com`, create an entry with the object class `Organizational Unit (organizationalUnit)`. +The `ou` attribute of this entry should be set to `people`. +This entry will contain the users who will be migrated to the Identity Server. + +
    + +
    + + +Under `ou=people`, add two entries, each containing two object classes: `Organizational Person (organizationalPerson)` and `person`. + +The first user should have the following attributes and a password set to `password`. + + +| Attribute | Value | +| ------------ | -------------------- | +| objectClass | organizationalPerson | +| objectClass | person | +| cn | firstUser | +| sn | firstUser | +| userPassword | password | + +
    + +
    + +The second user should have the following attributes. + +| Attribute | Value | +| ----------- | -------------------- | +| objectClass | organizationalPerson | +| objectClass | person | +| cn | secondUser | +| sn | secondUser | + +
    + +
    + +Now that there is an up and running OPENLDAP server with two users, you can utilize the administration website to import both users. + +## Extract + +Browse the [administration UI](http://localhost:5002), navigate to the `Identity Provisioning` screen, and click on `LDAP`. + + +In the `Properties` tab, you can update the attributes of the extraction job + +| Field | Description | Default value | +| --------------------------- | --------------------------------------------------------------------------------------------------- | ------------- | +| Server | - | localhost | +| Port | - | 389 | +| Bind DN | DN of the LDAP admin, which will be used by IdServer to access LDAP Server | cn=admin,dc=xl,dc=com | +| Bind Credentials | Password of LDAP admin | password | +| Users DN | Full DN of LDAP tree where users are | ou=people,dc=xl,dc=com | +| User object classes | All values of LDAP objectClass attribute for users in LDAP, divided by commas | organizationalPerson,person | +| Groups DN | Full DN of LDAP tree where groups are | ou=groups,dc=xl,dc=com | +| Group object classes | All values of LDAP objectClass attribute for groups in LDAP, divided by commas | posixGroup | +| Membership Group LDAP Attribute | It is the name of the LDAP Attribute on the group, which is used for membership mappings, for example memberUid | memberUid | +| Membership User LDAP Attribute | It is the name of the LDAP Attribute on the user, which is used for membership mappings, for example uidNumber | uidNumber | +| User Groups Retrieve Strategy | Membership User LDAP Attribute | LOAD_BY_MEMBER_ATTRIBUTE | +| User Identifier LDAP Attribute | Name of the LDAP attribute, which is used as a unique object identifier for objects in LDAP, objectSID for Active Directory or uidNumber of Open Ldap | uidNumber | +| Group Identifier LDAP Attribute | Name of the LDAP attribute, which is used as a unique object identifier for objects in LDAP, objectSID for Active Directory or gidNumber of Open Ldap | gidNumber | +| Modification Date Attribute | Name of the LDAP Attribute, which is used as the modification date for objects in LDAP | modificationDate | +| Batch Size | Number of records | 1 | + +:::warning + +If the **UUID LDAP Attribute** does not exist, then the FULL DN is used as the unique identifier. + +If the **Modification Date Attribute** does not exist, the extracted users cannot be versioned. Therefore, even if no modifications have been made to the users since the last extraction, all users will be extracted in the next execution. + +::: + +In the scope of this tutorial, the default values are correct and should not be updated. + + +The `Mapping Rules` tab contains the rules used by IdServer to map properties from OPENLDAP to user attributes / properties. + +![Mapping rules](./images/ldap-4.png) + +Before initiating the extraction, ensure that both the Identity Server and the Administration UI are running/launched. + +Click on the `Histories` tab and then click on the `Launch` button. + +Wait for a few seconds and then refresh the page. A new line should appear in the table indicating that 2 records have been extracted from LDAP. + +![Exported users](./images/ldap-5.png) + +## Import + + +Navigate to the `Identity Provisioning` screen and click on the `Import` button. + +Wait for a few seconds and then refresh the page. A new line should appear in the table indicating that 2 records have been imported into the Identity Server. + +Both users are visible on the Users screen. + +![Users](./images/ldap-6.png) + +## Authenticate + + +Browse the [Identity Server](https://localhost:5001/master) and click on the Authenticate button. + +Authenticate using the following credentials. You are now authenticated with a user coming from OPENLDAP. + +``` +Login : firstUser +Password : password +``` \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/m2m.md b/website/versioned_docs/version-5.0.0/tutorial/m2m.md new file mode 100644 index 000000000..924af4e86 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/m2m.md @@ -0,0 +1,100 @@ +# Machine to Machine (M2M) + +Machine-to-machine communication (M2M communication) refers to the direct interaction and exchange of data between two or more machines without human intervention. +It involves the automated exchange of information, commands, or instructions between devices or systems. + +The appropriate grant type to use is typically the `Client Credentials Grant`. The Client Credentials Grant allows the machine (client) to authenticate itself directly with the authorization server using its own credentials, such as a client ID and client secret. This grant type is suitable when the machine needs to access protected resources on behalf of itself, without involving any end-user interactions. + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/RequestAccessTokenM2M). +::: + +To implement the M2M communication in a console application, you'll need to follow the following steps. + +## 1. Configure a scope + +If a `read` scope is configured, then skip this step. + +Utilize the administration UI to configure a new scope : + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. On the Scopes screen, click on the `Add scope` button. +3. Select `API value` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ----------- | ----- | +| Name | read | +| Description | Read | + +5. Navigate to the new scope, then select the `API Resources` tab and click on the `Add API resource` button. +6. Fill-in the form like this and click on the `Add` button to confirm the creation. + +| Parameter | Value | +| --------- | -------- | +| Name | shopApi | +| Value | Shop API | + +## 2. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. On the Clients screen, click on the `Add client` button. +3. Select `Machine` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | ---------------------------------- | +| Identifier | m2m | +| Secret | password | +| Name | m2m | + +5. Click on the new client, then select the `Client scopes` tab and click on the `Add client` scope button. Choose the `read` scope and click on the `Save` button. + +## 3. Create a console application + +Finally, create and configure a Console Application project. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir RequestAccessTokenM2M +cd RequestAccessTokenM2M +mkdir src +dotnet new sln -n RequestAccessTokenM2M +``` + +2. Create a console application project named `ConsoleApp` + +``` +cd src +dotnet new console -n ConsoleApp +``` + +3. Add the `ConsoleApp` project into your Visual Studio solution. + +``` +cd .. +dotnet sln add ./src/ConsoleApp/ConsoleApp.csproj +``` + +4. Edit the `Program.cs` file and copy the following code. This code executes an HTTP request to obtain an Access Token. + +``` +using (var httpClient = new HttpClient()) +{ + var form = new Dictionary + { + { "grant_type", "client_credentials" }, + { "client_id", "m2m" }, + { "client_secret", "password" }, + { "scope", "read" } + }; + var tokenResponse = httpClient.PostAsync("https://localhost:5001/master/token", new FormUrlEncodedContent(form)).Result; + var json = tokenResponse.Content.ReadAsStringAsync().Result; + System.Console.WriteLine(json); +} +``` + +When you run the Console Application, the Access Token will be displayed. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/other.md b/website/versioned_docs/version-5.0.0/tutorial/other.md new file mode 100644 index 000000000..25bb92f10 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/other.md @@ -0,0 +1 @@ +# Other \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/overview.md b/website/versioned_docs/version-5.0.0/tutorial/overview.md new file mode 100644 index 000000000..92ff990ff --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/overview.md @@ -0,0 +1,79 @@ +--- +hide_table_of_contents: true +--- + +import DocsCards from '@site/src/components/global/DocsCards'; +import DocsCard from '@site/src/components/global/DocsCard'; + +# Start building + +## Standard applications + + + +

    A client-side application running in a browser.

    +     + +

    A server-side application running on your infrastructure.

    +     + +

    An API protected by SimpleIdServer.

    +     + +

    Machine-to-machine method of communication.

    +     +     + +# Applications compliant with FAPI 2.0 + +According to the [specification](https://openid.bitbucket.io/fapi/fapi-2_0-security-profile.html), there is no mechanism that would allow `public clients` to be secured to the same degree. + + + +

    A server-side application running on your infrastructure compliant with the FAPI recommendations.

    +     + +

    Authentication process on behalf of the end-user.

    +     + +

    Consent management APIs that have been developed in open banking markets.

    +     +     + +# Credential issuer + + + +

    Issue Verifiable Credentials

    +     +     + +# Other applications + + + +

    A server-side application running on your infrastructure that utilizes WS-Federation.

    +     + +

    A Service Provider (SP) is the entity providing the service, typically in the form of an application

    +     +     + +## Identity provisioning + + + +

    Configure automatic provisioning with LDAP.

    +     + +

    Configure automatic provisioning with SCIM

    +     +     + +## Delegation + + + +

    Configure impersonation or delegation.

    +     +     \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/protectapi.md b/website/versioned_docs/version-5.0.0/tutorial/protectapi.md new file mode 100644 index 000000000..a632bb77f --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/protectapi.md @@ -0,0 +1,105 @@ +# Protect an API + +In this tutorial, we will explain how to protect a REST API using ASP.NET Core. + +The validation of the JWT token passed in the HTTP request typically involves the following steps : + +1. **Signature Verification**: The first step is to verify the token's signature to ensure its integrity and authenticity. The signature is generated using a secret key or public/private key pair. The server or verifier needs access to the appropriate key to verify the signature. This step ensures that the token has not been tampered with during transit. +2. **Expiration Check**: The token includes an expiration time (exp) claim that specifies when the token expires. The verifier checks this claim to ensure that the token has not expired. If the current time is after the expiration time, the token is considered invalid and access is denied. +3. **Issuer Validation**: The token includes an issuer claim (iss) that identifies the entity that issued the token. The verifier checks this claim to ensure that the token is issued by a trusted authority. The verifier compares the issuer claim against a list of trusted issuers or a specific issuer that it expects. +4. **Audience Verification**: The token includes an audience claim (aud) that specifies the intended audience or recipient of the token. The verifier checks this claim to ensure that the token is intended for the specific API or application. The verifier compares the audience claim against the expected audience value or a list of valid audiences. + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/ProtectRESTApiJWT). +::: + +## 1. Define permission + +In SimpleIdServer, a permission consists of defining a scope along with its associated resources. +A **scope** defines an action, such as `read` or `delete`, which can be executed by any client that has access to this scope. +A **resource** defines a REST API, such as `shopApi`, that can accept the access token. The resource is identified in the `aud` claim of the access token. + +In this tutorial, we will configure a `read` permission for the `shopApi`. + +Utilize the administration UI to configure a new permission : + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. On the Scopes screen, click on the `Add scope` button. +3. Select `API value` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ----------- | ----- | +| Name | read | +| Description | Read | + +5. Navigate to the new scope, then select the `API Resources` tab and click on the `Add API resource` button. +6. Fill-in the form like this and click on the `Add` button to confirm the creation. + +| Parameter | Value | +| --------- | -------- | +| Name | shopApi | +| Value | Shop API | + +7. In the table, select the `shopApi` resource, and click on the Update button. This will assign the resource to the scope. + +## 2. Create REST.API + +Finally, create and configure a REST.API Service. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir ProtectRESTApiJWT +cd ProtectRESTApiJWT +mkdir src +dotnet new sln -n ProtectRESTApiJWT +``` + +2. Create a REST.API project named `ShopApi` and install the `Microsoft.AspNetCore.Authentication.JwtBearer` Nuget package. + +``` +cd src +dotnet new webapi -n ShopApi +cd ShopApi +dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer +``` + +3. Add the `ShopApi` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/ShopApi/ShopApi.csproj +``` + +4. Edit the file `ShopApi\Program.cs` and configure the JWT authentication. Additionally, add an Authorization policy named `read` that checks if the scope is equal to `read`. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}) + .AddJwtBearer(options => + { + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidAudiences = new List + { + "shopApi" + }, + ValidIssuers = new List + { + "https://localhost:5001/master" + } + }; + }); +builder.Services.AddAuthorization(b => +{ + b.AddPolicy("read", p => p.RequireClaim("scope", "read")); +}); +``` + +Now your REST.API is configured, the controller or action can be decorate by the `AuthorizeAttribute` with the appropriate authorization policy. +For example, the attribute `[Authorize("read")]` checks if the JWT contains a scope equal to `read`. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/regularweb.md b/website/versioned_docs/version-5.0.0/tutorial/regularweb.md new file mode 100644 index 000000000..84d0cc528 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/regularweb.md @@ -0,0 +1,133 @@ +# Regular Web Application + +To protect a regular web application, the recommended OpenID grant type is the **Authorization Code Flow**. This grant type provides a secure and robust mechanism for authentication and authorization. + +Here are the reasons why the Authorization Code Flow is suitable for protecting a regular web application: + +1. **Secure Token Exchange**: The Authorization Code Flow ensures that sensitive tokens, such as access tokens and refresh tokens, are exchanged securely between the web application and the OpenID provider's token endpoint. This flow mitigates the risk of token exposure since tokens are exchanged through server-side communication. +2. **Enhanced Security**: The Authorization Code Flow involves a server-to-server token exchange, which reduces the exposure of access tokens in the browser and helps protect against cross-site scripting (XSS) attacks. +3. **Refresh Token Support**: This flow allows the web application to obtain a refresh token, which can be used to obtain a new access token without requiring user interaction. This feature improves user experience by reducing the need for frequent re-authentication. +4. **Compliance with Standards**: The Authorization Code Flow is a widely adopted and standardized OAuth 2.0 flow. It ensures compatibility and interoperability across different OpenID providers and client applications. + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/ProtectWebsiteServerside). +::: + +To implement the Authorization Code Flow in a regular web application, you'll need to follow the following steps. + +## 1. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. On the Clients screen, click on the `Add client` button. +3. Select `web application` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | ---------------------------------- | +| Identifier | protectedServersideApp | +| Secret | password | +| Name | protectedServersideApp | +| Redirection URLS | http://localhost:7000/signin-oidc | + +Now your client is ready to be used, you can develop the regular website. + +## 2. Create ASP.NET CORE Application + +Finally, create and configure an ASP.NET CORE Application. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir ProtectWebsiteServerside +cd ProtectWebsiteServerside +mkdir src +dotnet new sln -n ProtectWebsiteServerside +``` + +2. Create a web project named `Website` and install the `Microsoft.AspNetCore.Authentication.OpenIdConnect` NuGet package. + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect +``` + +3. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +4. Edit the `Program.cs` file and configure the OpenID authentication. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; +}) + .AddCookie("Cookies") + .AddOpenIdConnect("sid", options => + { + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "protectedServersideApp"; + options.ClientSecret = "password"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + }); +... +app.UseCookiePolicy(new CookiePolicyOptions +{ + Secure = CookieSecurePolicy.Always +}); +app.UseHttpsRedirection(); +app.UseStaticFiles(); +app.UseRouting(); +app.UseAuthorization(); +... +``` + +5. Add a `ClaimsController` controller with one protected operation. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public IActionResult Index() + { + return View(); + } +} +``` + +6. Create a view `Views\Claims\Index.cshtml` with the following content. This view will display all the claims of the authenticated user. + +``` +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    +``` + +7. In a command prompt, navigate to the `src\Website` directory and launch the application. + +``` +dotnet run --urls=http://localhost:7000 +``` + +Finally, browse the following URL: [http://localhost:7000/claims](http://localhost:7000/claims). The User-Agent will be automatically redirected to the OpenID server. +Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/saml.md b/website/versioned_docs/version-5.0.0/tutorial/saml.md new file mode 100644 index 000000000..edb6ab2d8 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/saml.md @@ -0,0 +1,115 @@ +# Regular Web Application (SAML2.0) + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/SamlRpWebsite). +::: + +To implement SAML2.0 in a regular web application, you'll need to follow the following steps. + +## 1. Configure an application + +Utilize the administration UI to configure a new SAML2.0 SP (Service Provider) client : + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. On the Clients screen, click on the `Add client` button. +3. Select `SAML SP` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | ---------------------------------- | +| Identifier | samlSp | +| Name | samlSp | +| Metadata URL | http://localhost:5125/Metadata | + +If the checkbox `Use Artifact` is checked, then the Artifact binding will be used; if it is not checked, the Post Binding is used by default. + +The Public and Private keys are displayed, keep those values into a file, they will be used later during the configuration of the website. + +The Public and Private keys are displayed; please save these values in a file as they will be used later during the website configuration. + +## 2. Create ASP.NET CORE Application + +Finally, create and configure an ASP.NET CORE Application. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir SamlRpWebsite +cd SamlRpWebsite +mkdir src +dotnet new sln -n SamlRpWebsite +``` + +2. Create a web project named `Website` and install the `SimpleIdServer.IdServer.Saml.Sp` NuGet package. + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package SimpleIdServer.IdServer.Saml.Sp +``` + +3. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +4. Edit the `Program.cs` file and configure the SAML2.0 authentication. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "samlSp"; +}) + .AddCookie("Cookies") + .AddSamlSp("samlSp", options => + { + options.SPId = "samlSp"; + options.IdpMetadataUrl = "https://localhost:5001/master/saml/metadata"; + var currentPath = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location); + options.SigningCertificate = X509Certificate2.CreateFromPemFile(Path.Combine(currentPath, "sidClient.crt"), Path.Combine(currentPath, "sidClient.key")); + }); +``` + +5. Add a `ClaimsController` controller with one protected operation. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public IActionResult Index() + { + return View(); + } +} +``` + +6. Create a view `Views\Claims\Index.cshtml` with the following content. This view will display all the claims of the authenticated user. + +``` +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    +``` + +7. "Copy the `Private Key` obtained from the first step into the `sidClient.key` file, and the `Public Key` into the `sidClient.crt` file. + +8. In a command prompt, navigate to the `src\Website` directory and launch the application. + +``` +dotnet run --urls=http://localhost:5125 +``` + +Finally, browse the following URL: [http://localhost:5125/claims](http://localhost:5125/claims). The User-Agent will be automatically redirected to the OpenID server. +Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/scim.md b/website/versioned_docs/version-5.0.0/tutorial/scim.md new file mode 100644 index 000000000..0fd949ba2 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/scim.md @@ -0,0 +1,123 @@ +# SCIM - Identity Provisioning + +Users stored in SCIM can be imported into the Identity Server. + +In this tutorial, we will explain how to import users from SCIM to the Identity Server. + +## Create some users + +Open POSTMAN and execute the following requests to create two users. + +**First request** + +``` +HTTP POST : http://localhost:5003/Users + +Authorization Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +Content +{ + "schemas": [ + "urn:ietf:params:scim:schemas:core:2.0:User", + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" + ], + "userName": "firstUser", + "active": true, + "displayName": "lennay", + "externalId": "e1f4c134-2dec-4754-bb50-9e786e4ecae9", + "department": "Department", + "name": { + "formatted": "Andrew Ryan", + "familyName": "Ryan", + "givenName": "Andrew" + }, + "emails": [ + { + "primary": true, + "type": "work", + "value": "andrew@gmail.com" + }, + { + "primary": false, + "type": "home", + "value": "andrewhome@gmail.com" + } + ] +} +``` + +**Second request** + +``` +HTTP POST : http://localhost:5003/Users + +Authorization Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +Content +{ + "schemas": [ + "urn:ietf:params:scim:schemas:core:2.0:User", + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" + ], + "userName": "secondUser", + "active": true, + "displayName": "lennay", + "externalId": "e1f4c134-2dec-4754-bb50-9e786e4ecae9", + "department": "Department", + "name": { + "formatted": "Andrew Ryan", + "familyName": "Ryan", + "givenName": "Andrew" + }, + "emails": [ + { + "primary": true, + "type": "work", + "value": "andrew@gmail.com" + }, + { + "primary": false, + "type": "home", + "value": "andrewhome@gmail.com" + } + ] +} +``` + +## Extract + +Browse the [administration UI](http://localhost:5002), navigate to the `Identity Provisioning` screen, and click on `SCIM`. + +In the `Properties` tab, you can update the attributes of the extraction job + +| Field | Description | +| --------------------------- | --------------------------------------------------------------------------------------------------- | +| Authentication Type | Specify how to retrieve the access token. By default the value is APIKEY | +| API Key | When authentication type is equals to APIKEY then the APIKEY must be specified | +| ClientId | When authentication type is equals to CLIENT_SECRET_POST then the ClientId must be specified | +| ClientSecret | When authentication type is equals to CLIENT_SECRET_POST then the ClientSecret must be specified | + +In the scope of this tutorial, the default values are correct and should not be updated. + + +The `Mapping Rules` tab contains the rules used by IdServer to map properties from SCIM to user attributes / properties. + +![Mapping rules](./images/scim-1.png) + +Before launching the extraction, ensure that both the Identity Server and the Administration UI are launched. + +Click on the `Histories` tab and then click on the `Launch` button. + +Wait for a few seconds and then refresh the page. A new line should appear in the table indicating that 2 records have been extracted from SCIM. + +## Import + +Navigate to the `Identity Provisioning` screen and click on the `Import` button. + +Wait for a few seconds and then refresh the page. A new line should appear in the table indicating that 2 records have been imported into the Identity Server. + +Both users are visible on the Users screen. + +# ![Users](./images/scim-2.png) + +Because the SCIM API does not store passwords, it is not possible to authenticate with a newly imported SCIM user unless at least one credential has been defined. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/spa.md b/website/versioned_docs/version-5.0.0/tutorial/spa.md new file mode 100644 index 000000000..603092548 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/spa.md @@ -0,0 +1,146 @@ +# Single-Page Application (SPA) + +When it comes to protecting a single page application (SPA) with OpenID, the recommended grant type to use is the **Authorization Code Flow with PKCE (Proof Key for Code Exchange)**. This flow provides a higher level of security for SPAs compared to other grant types, such as the Implicit Flow, which is now considered less secure. + +Here's why the Authorization Code Flow with PKCE is recommended for SPAs: + +1. **Enhanced Security**: The Authorization Code Flow with PKCE provides an additional layer of security by using a dynamically generated code verifier and code challenge during the authentication process. This mitigates the risks associated with storing sensitive information like client secrets in the SPA. +2. **Support for Refresh Tokens**: With this flow, you have the ability to obtain a refresh token along with the access token. A refresh token allows the SPA to obtain a new access token without requiring user interaction, improving the user experience by reducing the frequency of logins. +3. **Compliance with OAuth 2.0 Standards**: The Authorization Code Flow with PKCE aligns with the OAuth 2.0 standard. It ensures that your authentication implementation is consistent and interoperable across different platforms and providers. + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/ProjectSPA). +::: + +To implement the Authorization Code Flow with PKCE in your SPA, you'll need to follow the following steps. + +## 1. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. On the Clients screen, click on the `Add client` button. +3. Select `User Agent Base application` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | ----------------------------- | +| Identifier | protectedSpa | +| Name | protectedSpa | +| Redirection URLS | https://localhost:44457 | + +## 2. Create Angular application + +Finally, create and configure an Angular project. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir ProjectSPA +cd ProjectSPA +mkdir src +dotnet new sln -n ProjectSPA +``` + +2. Create a web project named `Website` and install the `angular-oauth2-oidc` npm package. + +``` +cd src +dotnet new angular -n Website +cd Website\ClientApp +npm i angular-oauth2-oidc@14.0.1 --save +``` + +3. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +4. Edit the file `ClientApp\src\app\app.module.ts` and import the `OAuthModule` module. + +``` +@NgModule({ + declarations: [], + imports: [ + OAuthModule.forRoot() + ], + providers: [], + bootstrap: [] +}) +export class AppModule { } +``` + +5. Create an `auth-config.ts` file in the directory `ClientApp\src\app`, and copy the following code. The file contains the authentication settings, such as the URL of the Identity Provider and the client identifier. + +``` +import { AuthConfig } from 'angular-oauth2-oidc'; + +export const authCodeFlowConfig: AuthConfig = { + issuer: 'https://localhost:5001/master', + redirectUri: window.location.origin, + clientId: 'protectedSpa', + responseType: 'code', + scope: 'openid profile', + showDebugInformation: true, +}; +``` + +6. Edit the `ClientApp\src\app\nav-menu\nav-menu.component.ts` file. Import the `authCodeFlowConfig` JSON object, inject the `OAuthService` into the constructor, and add a `login` procedure. This procedure will be called to initiate the authentication workflow. + +``` +import { OAuthService } from 'angular-oauth2-oidc'; +import { authCodeFlowConfig } from '../auth-config'; + +@Component({ + selector: 'app-nav-menu', + templateUrl: './nav-menu.component.html', + styleUrls: ['./nav-menu.component.css'] +}) +export class NavMenuComponent { + isConnected: boolean = false; + name: string = ""; + + constructor(private oauthService: OAuthService) { + this.oauthService.configure(authCodeFlowConfig); + this.oauthService.loadDiscoveryDocumentAndTryLogin(); + var claims: any = this.oauthService.getIdentityClaims(); + if (!claims) { + return; + } + + this.isConnected = true; + this.name = claims["sub"]; + } + + login(evt: any) { + evt.preventDefault(); + this.oauthService.initImplicitFlow(); + } +} +``` + +7. Edit the `ClientApp\src\app\nav-menu\nav-menu.component.html` file and add a login button. + +``` +
  • + Authenticate +
    • +
  • + Welcome {{name}} +
    • +``` + +8. In a command prompt, navigate to the `src\Website` directory and launch the project. + +``` +dotnet run --urls=http://localhost:4200 +``` + +9. Navigate to the website at [http://localhost:4200](http://localhost:4200) and authenticate using the following credentials. + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.0/tutorial/wsfederation.md b/website/versioned_docs/version-5.0.0/tutorial/wsfederation.md new file mode 100644 index 000000000..b053b7440 --- /dev/null +++ b/website/versioned_docs/version-5.0.0/tutorial/wsfederation.md @@ -0,0 +1,116 @@ +# Regular Web Application (WS-Federation) + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/WsFederationWebsite). +::: + +To implement WS-Federation in a regular web application, you'll need to follow the following steps. + +## 1. Configure an application + +Utilize the administration UI to configure a new WS-Federation client : + +1. Open the IdentityServer website at [https://localhost:5002](https://localhost:5002). +2. On the Clients screen, click on the `Add client` button. +3. Select `WS-Fed Relying Party` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | ---------------------------------- | +| Identifier | urn:samplewebsite | +| Name | samplewebsite | + +Now your client is ready to be used, you can develop the regular website. + +## 2. Create ASP.NET CORE Application + +Finally, create and configure an ASP.NET CORE Application. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir WsFederationWebsite +cd WsFederationWebsite +mkdir src +dotnet new sln -n WsFederationWebsite +``` + +2. Create a web project named `Website` and install the `Microsoft.AspNetCore.Authentication.WsFederation` NuGet package. + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package Microsoft.AspNetCore.Authentication.WsFederation +``` + +3. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +4. Edit the `Program.cs` file and configure the OpenID authentication. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; +}) + .AddCookie("Cookies") + .AddWsFederation("sid", options => + { + options.Wtrealm = "urn:samplewebsite"; + options.MetadataAddress = "https://localhost:5001/master/FederationMetadata/2007-06/FederationMetadata.xml"; + }); +... +app.UseCookiePolicy(new CookiePolicyOptions +{ + Secure = CookieSecurePolicy.Always +}); +app.UseHttpsRedirection(); +app.UseStaticFiles(); +app.UseRouting(); +app.UseAuthorization(); +... +``` + +5. Add a `ClaimsController` controller with one protected operation. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public IActionResult Index() + { + return View(); + } +} +``` + +6. Create a view `Views\Claims\Index.cshtml` with the following content. This view will display all the claims of the authenticated user. + +``` +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    +``` + +7. In a command prompt, navigate to the `src\Website` directory and launch the application. + +``` +dotnet run --urls=http://localhost:7000 +``` + +Finally, browse the following URL: [http://localhost:7000/claims](http://localhost:7000/claims). The User-Agent will be automatically redirected to the OpenID server. +Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/advancedsettings/auditing.md b/website/versioned_docs/version-5.0.1/advancedsettings/auditing.md new file mode 100644 index 000000000..26a58b89a --- /dev/null +++ b/website/versioned_docs/version-5.0.1/advancedsettings/auditing.md @@ -0,0 +1,28 @@ +# Auditing + +The administration UI contains an auditing screen used to search for events. + +![Monitoring](images/monitoring-1.png) + +Following events are present : + +* AuthorizationFailureEvent +* AuthenticationSuccessEvent +* ClientAuthenticationFailureEvent +* ClientAuthenticationSuccessEvent +* ClientRegisteredFailureEvent +* ClientRegisteredSuccessEvent +* ConsentGrantedEvent +* ConsentRevokedEvent +* TokenIntrospectionFailureEvent +* TokenIntrospectionSuccessEvent +* TokenIssuedFailureEvent +* TokenIssuedSuccessEvent +* TokenRevokedFailureEvent +* TokenRevokedSuccessEvent +* UserInfoFailureEvent +* UserInfoSuccessEvent +* UserLoginSuccessEvent +* UserLogoutSuccessEvent +* PushedAuthorizationRequestSuccessEvent +* PushedAuthorizationRequestFailureEvent \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/advancedsettings/configuration.md b/website/versioned_docs/version-5.0.1/advancedsettings/configuration.md new file mode 100644 index 000000000..5515329a7 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/advancedsettings/configuration.md @@ -0,0 +1,118 @@ +# Configuration + +## IdentityServer + +The table below, list all the possible properties present in the `appsettings.json` file. Thanks to them, you can easily customize the behavior the [IdentityServer](../installation#create-identityserver-project). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    PropertyDescriptionValues
    AuthCookieNamePrefixName of the authentication cookie
    SessionCookieNamePrefixName of the session cookie
    ForceHttpsForce to use HTTPSTrue
    False
    IsForwardedEnabledEnable or disable the forwarded headerstrue
    false
    ClientCertificateMode + Specifies the client certificate requirements for an HTTPS connection.
    + This parameter is required when you are using the tls_client_auth or self_signed_tls_client_auth client authentication method.
    + By default, the value is NoCertificate. +     		NoCertificate
    AllowCertificate
    RequireCertificate
    DelayCertificate
    IsRealmEnabledEnable or disable the Realm. By default, the value is truetrue
    false
    SCIMBaseUrl + Base URL of the SCIM Server. This value is used during the launch time of IdentityServer to configure Automatic Identity Provisioning with the SCIM Server..
    + By default, the value is https://localhost:5003. +     		Base URL of the SCIM Server
    Authority + Base URL of the current IdentityServer. This value is used to configure OPENID authentication with the IdentityServer.
    + By default, the value is https://localhost:5001. +     		Base URL of the current IdentityServer.
    DistributedConfiguration + Distributed configuration helps various modules within SimpleIdServer to store their settings.
    + This property is used to configure the configuration storage, for example, Redis or SQL Server. +     		For more information, please refer to this chapter
    StorageConfigurationThis property is used to configure the data storage used by IdentityServer to store its various entities, such as Clients or Users.For more information, please refer to this chapter
    OtherThe other properties are used to configure the modules used by IdentityServer, such as Automatic Identity Provisioning with SCIM or an external Identity Provider like FacebookFacebook
    SCIM
    LDAP
    IdServerEmailOptions
    IdServerSmsOptions
    FidoOptions
    \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/advancedsettings/images/monitoring-1.png b/website/versioned_docs/version-5.0.1/advancedsettings/images/monitoring-1.png new file mode 100644 index 000000000..62f73cf07 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/advancedsettings/images/monitoring-1.png differ diff --git a/website/versioned_docs/version-5.0.1/advancedsettings/pki.md b/website/versioned_docs/version-5.0.1/advancedsettings/pki.md new file mode 100644 index 000000000..a7e8dea67 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/advancedsettings/pki.md @@ -0,0 +1,11 @@ +# Public Key Infrastructure (PKI) + +Here are the key components of SimpleIdServer's PKI. : + +1. **Certificate Authority (CA)** : The Certificate Authority is a trusted entity responsible for issuing and managing client certificates. +2. **Client Certificates** : Client certificates are used by OAuth 2.0 clients, for example during the "tls_client_auth" authentication. + +In the Administration UI, you can manage the Certificate Authorities (CAs). They can be generated and stored in the database or imported from the Certificate Store. +You can download one of them and install it into the appropriate certificate store. + +A Certificate Authority can be used to generate one or more client certificates. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/advancedsettings/realm.md b/website/versioned_docs/version-5.0.1/advancedsettings/realm.md new file mode 100644 index 000000000..634fc4e88 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/advancedsettings/realm.md @@ -0,0 +1,45 @@ +# Realm + +A [Realm](../glossary) is a space where you can manage Clients, Scopes, Users, External Identity Providers, and Certificate Authorities. Realms are isolated from one another, but the same resource can be located in one or more Realms. + +By default, there is one configured `master` realm. It must not be removed, as doing so would render the SimpleIdServer product inoperable. + +You can use the Realm to separate different environments, such as having one for the `test` environment and another for the `prd` environment. + +To add a realm, follow these steps : + +1. Click `Active realm: master`. +2. Click `Add realm`. +3. Enter the details for the new Realm. +4. Click `Save`. +5. Click `Choose realm`, select the new realm, and click the `Select` button. +6. You'll be redirected to the authentication page. Submit the `administrator` credentials to access the realm. + +By default, the `administrator` user has access to all the `realm`. + +## Permissions + +It is possible to assign user permissions to a realm and to limit access accordingly. +For each component present in the UI, there are two scopes defined for the `manage` and `view` permissions. +For example, for the `Clients` component, the master realm defines two scopes: `master/clients/view` and `master/clients/manage`. +These scopes can be assigned to one or more groups, and the groups can be assigned to one or more users. + +For example, to grant `manage` access to the `Clients` component of the `master` realm, execute the following steps: + +1. Create a new group named `ClientMaster`. +2. Navigate to the new group and select the `Role` tab. +3. Select the `/clients/manage` scope and click on the `Save` button. +4. Navigate to a user and select the `Groups` tab. +5. Select the `ClientMaster` group and click on the `Save` button. + +The user is now configured to manage the `clients` present in the realm. + +## Disable Realm + +By default, SimpleIdServer is configured to use the Realm. If you do not want to use it, you can disable it by updating the `appsettings.json` configuration files. + +To disable the Realm, follow these steps: + +1. Open the [IdentityServer](../installation/dotnettemplate#create-identityserver-project) project and edit the `appsettings.json` file. +2. Set the `IsRealmEnabled` property to `false` and save the file. +3. Open the [IdentityServer website](../installation/dotnettemplate#create-identityserver-website-project) and edit the `appsettings.json` file. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/consultancy.md b/website/versioned_docs/version-5.0.1/consultancy.md new file mode 100644 index 000000000..1b9a2771f --- /dev/null +++ b/website/versioned_docs/version-5.0.1/consultancy.md @@ -0,0 +1,23 @@ +--- +title: Consultancy +hide_table_of_contents: true +--- + +# Consultancy + +If you are seeking consultancy regarding any aspect of the Identity Access Management field, please feel free to contact us via email at agentsimpleidserver@gmail.com. + +We provide expertise in the following areas: + +* We offer expertise in reviewing and enhancing authentication and authorization strategies. +* We provide advice and guidelines on architectural considerations, such as implementing identity provisioning and more. +* We assist financial enterprises in achieving compliance with both FAPI 1.0 and FAPI 2.0 standards. +* We provide assistance to public sectors, including government and hospitals, in developing trusted APIs that enable the issuance of valid credentials such as Covid Certificates, Driving Licenses, University Degrees, and more. + +# Open source and free of charge + +The support provided by SimpleIdServer is free of charge, and the source code is open source, licensed under the Apache-2 license. + +When it comes to GIT, we kindly request that you take a moment to read the [code of conduct](https://github.com/simpleidserver/SimpleIdServer/blob/master/CONTRIBUTING.md) before initiating an issue. + +[If you appreciate our project and wish to extend your support, you have the opportunity to sponsor it or make a donation.](https://github.com/sponsors/simpleidserver?o=esb) \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/contactus.md b/website/versioned_docs/version-5.0.1/contactus.md new file mode 100644 index 000000000..6649ad4ec --- /dev/null +++ b/website/versioned_docs/version-5.0.1/contactus.md @@ -0,0 +1,16 @@ +--- +title: Contact us +hide_table_of_contents: true +--- + +# Who are we + +Belgian Company Specialized in the development of Identity and Access Management Solutions. + +# Contact us + +There are multiple communication methods available to contact our technical team: + +* Email : agentsimpleidserver@gmail.com +* Gitter : https://app.gitter.im/#/room/#simpleidserver:gitter.im +* Git : https://github.com/simpleidserver \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/developer/addlanguage.md b/website/versioned_docs/version-5.0.1/developer/addlanguage.md new file mode 100644 index 000000000..22d538b2b --- /dev/null +++ b/website/versioned_docs/version-5.0.1/developer/addlanguage.md @@ -0,0 +1,34 @@ +# Add language + +## Add a New Language to the Identity Server Website + +By default, the Identity Server website supports only the `English` language. + +However, it is still possible to incorporate support for a new language by making modifications in the codebase of the project. + +In the remainder of this article, we will explain the manual steps to enable support for a new language. + +1. **Register the language in the Identity Server** : Open the Identity Server solution and edit the `IdServerConfiguration.cs` file. Add a new language to the `Languages` property and specify its English translation. For example, to support the `French` language, you can have the following configuration : + +``` +public static ICollection Languages => new List +{ + LanguageBuilder.Build(Language.Default).AddDescription("English", "en").AddDescription("Anglais", "fr").Build(), + LanguageBuilder.Build("fr").AddDescription("Français", "fr").AddDescription("French", "en").Build() +}; +``` + +2. **Register the Language in the Identity Server website** : Open the Identity Server website solution and edit the `Program.cs` file. Modify the callback function of the `UseRequestLocalization` method and add the language code. For instance, to support the `French` language, use the following configuration: + +``` +app.UseRequestLocalization(e => +{ + e.SetDefaultCulture("en"); + e.AddSupportedCultures("en", "fr"); + e.AddSupportedUICultures("en", "fr"); +}); +``` + +3. **Resource file** : Each SimpleIdServer project contain a `Global.resx` file with all the `English` translations. To update the translation of the Identity Server website, create a `Global..resx` file in the `SimpleIdServer.IdServer.Website\Resources` folder. + +If you feel comfortable, you can easily contribute to the project by adding a new language :) \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/developer/adminwebsite.md b/website/versioned_docs/version-5.0.1/developer/adminwebsite.md new file mode 100644 index 000000000..f73562927 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/developer/adminwebsite.md @@ -0,0 +1,134 @@ +# Administration website + +## Nuget Packages + +| Name | Description | +| ------------------------------------ | ------------------------------------ | +| SimpleIdServer.IdServer.Website | Administration website | + +## Quick Start + +Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir AdminWebsite +cd AdminWebsite +mkdir src +dotnet new sln -n AdminWebsite +``` + +Create a web project named AdminWebsite and install the `SimpleIdServer.IdServer.Website` Nuget Package. + +``` +cd src +dotnet new blazorserver -n AdminWebsite +cd AdminWebsite +dotnet add package SimpleIdServer.IdServer.Website +``` + +Add the `AdminWebsite` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/AdminWebsite/AdminWebsite.csproj +``` + +Open the Visual Studio Solution and edit the `Program.cs` file. +Register the dependencies and configure the URL of the Identity Server. + +``` +builder.Services.AddSIDWebsite(o => +{ + o.IdServerBaseUrl = "https://localhost:5001"; + o.IsReamEnabled = false; +}); +``` + +Register the OPENID authentication handler. + +``` +builder.Services.AddDefaultSecurity(builder.Configuration); +``` + +Edit the AppBuilder to enable the `Authentication` and `Authorization`. + +``` +app.UseStaticFiles(); +app.UseRouting(); +app.UseCookiePolicy(); +app.UseAuthentication(); +app.UseAuthorization(); +app.UseEndpoints(edps => +{ + edps.MapBlazorHub(); + edps.MapFallbackToPage("/_Host"); + edps.MapControllers(); +}); +app.Run(); +``` + +Edit the `appsettings.json` file, and add the OPENID security. + +``` + "IdServerBaseUrl": "https://localhost:5001", + "DefaultSecurityOptions": { + "Issuer": "https://localhost:5001", + "ClientId": "SIDS-manager", + "ClientSecret": "password", + "Scope": "openid profile", + "IgnoreCertificateError": false + } +``` + +Edit the `App.razor` page and replace the content with the following code. + +``` +@using SimpleIdServer.IdServer.Website + +``` + +Edit the `Pages/_Host.cshtml` and relace the content with the following code. + +``` +@page "/" +@using Microsoft.AspNetCore.Components.Web +@namespace AdminWebsite.Pages +@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers + + + + + + + + + + + + + + + + + +
    + + An error has occurred. This application may no longer respond until reloaded. + + + An unhandled exception has occurred. See browser dev tools for details. + + Reload + 🗙 +
    + + + + +``` + +Run the application, and navigate to the [administration website](https://localhost:5002/master/clients). + +``` +dotnet run --urls https://*:5002 +``` \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/developer/idserver.md b/website/versioned_docs/version-5.0.1/developer/idserver.md new file mode 100644 index 000000000..fe666b573 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/developer/idserver.md @@ -0,0 +1,243 @@ +# Identity Server + +## Nuget Packages + +| Name | Description | +| ---------------------------- | -------------------------------------- | +| SimpleIdServer.IdServer | Identity Server (OPENID) | +| SimpleIdServer.IdServer.Pwd | Login / Password authentication module | +| SimpleIdServer.Configuration | Manage the configuration | + +## Quick Start + +Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir IdentityService +cd IdentityService +mkdir src +dotnet new sln -n IdentityService +``` + +Create a web project named IdentityService and install the `SimpleIdServer.IdServer`, `SimpleIdServer.IdServer.Pwd`, `SimpleIdServer.Configuration` Nuget packages. + +``` +cd src +dotnet new web -n IdentityService +cd IdentityService +dotnet add package SimpleIdServer.IdServer +dotnet add package SimpleIdServer.IdServer.Pwd +dotnet add package SimpleIdServer.Configuration +``` + +Add the `IdentityService` project to your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/IdentityService/IdentityService.csproj +``` + +Open the Visual Studio Solution, add a `DefaultConfiguration.cs` file, and copy the following content. +This class contains the default Scopes, Clients, Users, and Realms. + +``` +public class DefaultConfiguration +{ + public static Scope CredentialTemplates = new Scope + { + Id = Guid.NewGuid().ToString(), + Type = ScopeTypes.APIRESOURCE, + Name = "credential_templates", + Realms = new List + { + SimpleIdServer.IdServer.Constants.StandardRealms.Master + }, + Protocol = ScopeProtocols.OAUTH, + IsExposedInConfigurationEdp = true, + CreateDateTime = DateTime.UtcNow, + UpdateDateTime = DateTime.UtcNow + }; + + public static ICollection Scopes => new List + { + SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, + SimpleIdServer.IdServer.Constants.StandardScopes.Profile, + SimpleIdServer.IdServer.Constants.StandardScopes.SAMLProfile, + SimpleIdServer.IdServer.Constants.StandardScopes.GrantManagementQuery, + SimpleIdServer.IdServer.Constants.StandardScopes.GrantManagementRevoke, + SimpleIdServer.IdServer.Constants.StandardScopes.Users, + SimpleIdServer.IdServer.Constants.StandardScopes.Register, + SimpleIdServer.IdServer.Constants.StandardScopes.Provisioning, + SimpleIdServer.IdServer.Constants.StandardScopes.Address, + SimpleIdServer.IdServer.Constants.StandardScopes.Networks, + SimpleIdServer.IdServer.Constants.StandardScopes.Role, + SimpleIdServer.IdServer.Constants.StandardScopes.CredentialOffer, + SimpleIdServer.IdServer.Constants.StandardScopes.AuthenticationSchemeProviders, + SimpleIdServer.IdServer.Constants.StandardScopes.RegistrationWorkflows, + SimpleIdServer.IdServer.Constants.StandardScopes.AuthenticationMethods, + SimpleIdServer.Configuration.Constants.ConfigurationsScope, + SimpleIdServer.IdServer.Constants.StandardScopes.ApiResources, + SimpleIdServer.IdServer.Constants.StandardScopes.Auditing, + SimpleIdServer.IdServer.Constants.StandardScopes.Scopes, + SimpleIdServer.IdServer.Constants.StandardScopes.CertificateAuthorities, + CredentialTemplates, + SimpleIdServer.IdServer.Constants.StandardScopes.Clients, + SimpleIdServer.IdServer.Constants.StandardScopes.Realms, + SimpleIdServer.IdServer.Constants.StandardScopes.Groups, + }; + + public static ICollection Users => new List + { + UserBuilder.Create("administrator", "password", "Administrator").SetFirstname("Administrator").SetEmail("adm@email.com").SetPicture("https://cdn-icons-png.flaticon.com/512/149/149071.png").GenerateRandomTOTPKey().Build() + }; + + public static ICollection Realms = new List + { + SimpleIdServer.IdServer.Constants.StandardRealms.Master + }; + + public static ICollection Clients => new List + { + ClientBuilder.BuildTraditionalWebsiteClient("SIDS-manager", "password", null, "https://localhost:5002/*", "https://website.simpleidserver.com/*", "https://website.localhost.com/*", "http://website.localhost.com/*", "https://website.sid.svc.cluster.local/*").EnableClientGrantType().SetRequestObjectEncryption().AddPostLogoutUri("https://localhost:5002/signout-callback-oidc").AddPostLogoutUri("https://website.sid.svc.cluster.local/signout-callback-oidc") + .AddPostLogoutUri("https://website.simpleidserver.com/signout-callback-oidc") + .AddAuthDataTypes("photo") + .SetClientName("SimpleIdServer manager") + .SetBackChannelLogoutUrl("https://localhost:5002/bc-logout") + .SetClientLogoUri("https://cdn.logo.com/hotlink-ok/logo-social.png") + .AddScope( + SimpleIdServer.IdServer.Constants.StandardScopes.OpenIdScope, + SimpleIdServer.IdServer.Constants.StandardScopes.Profile, + SimpleIdServer.IdServer.Constants.StandardScopes.Provisioning, + SimpleIdServer.IdServer.Constants.StandardScopes.Users, + SimpleIdServer.IdServer.Constants.StandardScopes.Networks, + SimpleIdServer.IdServer.Constants.StandardScopes.CredentialOffer, + SimpleIdServer.IdServer.Constants.StandardScopes.Acrs, + SimpleIdServer.Configuration.Constants.ConfigurationsScope, + SimpleIdServer.IdServer.Constants.StandardScopes.AuthenticationSchemeProviders, + SimpleIdServer.IdServer.Constants.StandardScopes.AuthenticationMethods, + SimpleIdServer.IdServer.Constants.StandardScopes.RegistrationWorkflows, + SimpleIdServer.IdServer.Constants.StandardScopes.ApiResources, + SimpleIdServer.IdServer.Constants.StandardScopes.Auditing, + SimpleIdServer.IdServer.Constants.StandardScopes.Scopes, + SimpleIdServer.IdServer.Constants.StandardScopes.CertificateAuthorities, + SimpleIdServer.IdServer.Constants.StandardScopes.Clients, + SimpleIdServer.IdServer.Constants.StandardScopes.Realms, + CredentialTemplates, + SimpleIdServer.IdServer.Constants.StandardScopes.Groups).Build() + }; +} +``` + +Edit the `Program.cs` file, register the dependencies, add the Scopes, Clients, Users, and Realms into the in-memory database, and enable the Login/Password authentication. + +The `Masstransit` and `Hangfire` dependencies must be registered. MassTransit is used to raise Integration Events, such as `UserLoginSuccessEvent`. Hangfire is used to schedule jobs, for example, notifying the clients when a user's session has expired. + +``` +builder.Services.AddHangfire((o) => +{ + o.UseIgnoredAssemblyVersionTypeResolver(); + o.UseInMemoryStorage(); +}); +builder.Services.AddHangfireServer(); +builder.Services.AddMassTransit(o => +{ + o.UsingInMemory(); +}); +builder.AddAutomaticConfiguration(o => +{ + +}); +builder.Services.AddSIDIdentityServer() + .UseInMemoryStore(c => + { + c.AddInMemoryClients(DefaultConfiguration.Clients); + c.AddInMemoryScopes(DefaultConfiguration.Scopes); + c.AddInMemoryRealms(DefaultConfiguration.Realms); + c.AddInMemoryUsers(DefaultConfiguration.Users); + c.AddInMemorySerializedFileKeys(new List { KeyGenerator.GenerateRSASigningCredentials(SimpleIdServer.IdServer.Constants.StandardRealms.Master, "rsa-1") }); + }) + .AddPwdAuthentication(); +``` + +Register the Routes. + +``` +app.UseSID(); +``` + +Run the server and check if you can get the [Well-Known configuration](https://localhost:5001/.well-known/openid-configuration). + +``` +dotnet run --urls https://*:5001 +``` + +Views are not included in the Nuget packages; you must download them and copy them into your solution: + +* [wwwroot](https://github.com/simpleidserver/SimpleIdServer/tree/master/src/IdServer/SimpleIdServer.IdServer.Startup/wwwroot) : Javascript and CSS Files. +* [Views](https://github.com/simpleidserver/SimpleIdServer/tree/master/src/IdServer/SimpleIdServer.IdServer.Startup/Views) : CSHTML files. +* [Areas/Pwd](https://github.com/simpleidserver/SimpleIdServer/tree/master/src/IdServer/SimpleIdServer.IdServer.Startup/Areas/pwd) : CSHTML files of the Login/Password authentication module. +* [Resources](https://github.com/simpleidserver/SimpleIdServer/tree/master/src/IdServer/SimpleIdServer.IdServer.Startup/Resources) : Translations. +* [Helpers](https://github.com/simpleidserver/SimpleIdServer/tree/master/src/IdServer/SimpleIdServer.IdServer.Startup/Helpers) : CSHTML Helpers. + +Edit the `appsettings.json` file and add the following section. Each authentication module has its own configuration; its values must ALWAYS be present in the appsettings.json file: + +``` +"IdServerPasswordOptions": { + "NotificationMode": "email", + "ResetPasswordTitle": "Reset your password", + "ResetPasswordBody": "Link to reset your password {0}", + "ResetPasswordLinkExpirationInSeconds": "30", + "CanResetPassword": "true" +} +``` + +Fix all the build issues and launch the project. Navigate to the [Home page](https://localhost:5001/Home/Profile) page and check if the authentication is working: + +``` +dotnet run --urls https://*:5001 +``` + +## Custom EF Storage + +The DOTNET TEMPLATE supports the following storage options: +* POSTGRESQL +* SQLSERVER +* MYSQL + +Other databases can be supported; the requirement is to check if Entity Framework supports the database. +You can find the list of supported databases https://learn.microsoft.com/en-us/ef/ + +If you want to support SQLITE, execute the steps below: + +1. Open a command prompt, navigate to the `Identity Server` project, install `Microsoft.EntityFrameworkCore.Sqlite` and `Microsoft.EntityFrameworkCore.Design` Nuget packages. + +``` +dotnet add package Microsoft.EntityFrameworkCore.Sqlite +dotnet add package Microsoft.EntityFrameworkCore.Design +``` + +2. Edit the `Program.cs` file and configure the SQLITE storage. + +``` +.UseEFStore(c => +{ + c.UseSqlite("sid.db", o => + { + o.MigrationsAssembly("IdentityService"); + }); +}) +``` + +3. Create the migration script + +``` +dotnet ef migrations add InitialCreate +``` + +4. Apply the migration script + +``` +dotnet ef database update +``` + +The IdentityServer solution is now configured to use the SQLITE database. diff --git a/website/versioned_docs/version-5.0.1/download.md b/website/versioned_docs/version-5.0.1/download.md new file mode 100644 index 000000000..0363ba882 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/download.md @@ -0,0 +1,23 @@ +--- +title: Download +hide_table_of_contents: true +--- + +import DocsCards from '@site/src/components/global/DocsCards'; +import DocsCard from '@site/src/components/global/DocsCard'; +import Installers from '@site/src/components/global/Installers'; +import Installer from '@site/src/components/global/Installer'; + + + +

    LATEST STABLE 5.0.1

    +

    PLATFORM

    + + + + + + + +     +     \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/glossary.md b/website/versioned_docs/version-5.0.1/glossary.md new file mode 100644 index 000000000..aaa777cbe --- /dev/null +++ b/website/versioned_docs/version-5.0.1/glossary.md @@ -0,0 +1,22 @@ +# Glossary + +| Word | Definition | +| ------------------------------ | ---------------------------------------------------------------------------------------------- | +| **API Scope** | Restrict access to the REST API/resources. | +| **Automatic Identity Provisioning Workflow** | Retrieve users from one storage and create their accounts in the local Identity Provider. | +| **Authentication Method** | A process through which the Identity Management System verifies who the user or application is. | +| **Category** | A category describes the type of client, for example, Single Page Application (SPA) | +| **Client** | The client is the application that is attempting to act on behalf of the user or access the user's resources. | +| **Enrollment Process** | Register the mobile application in the Identity Server is necessary if you wish to receive PUSH notifications. | +| **Identity And Access Management (IAM)** | Identity and Access Management (IAM) is an approach that manages and organizes all of your user identities into one system with a consistent set or rules and policies. | +| **Identity Provider (IDP)** | An Identity Provider (IDP) is a system that creates, maintains, and manages a user's digital identity. | +| **Identity Scope** | OPENID/Identity scopes are used by a client during authentication to authorize access to a user's details, like name and picture. | +| **Just In Time Provisioning (JIT)** | Used to create users the first time they log in to an application via an external Identity Provider | +| **Manual Identity Provisioning Workflow** | Enables visitors to your web application to create a local account with the Identity Provider. | +| **Mapping Rule** | A set of rules used to transform input data into output claims. | +| **User Attribute** | A user account can contain one or more attributes or claims. Unlike the User Property, this list is not static. | +| **User property** | A user account contains one or more static claims. This list is fixed and defined by SimpleIdServer. | +| **Realm** | A Realm is a space where you can manage Clients, Scopes, Users, External Identity Providers, and Certificate Authorities. Realms are isolated from one another, but the same resource can be located in one or more Realms. | +| **Scope** | OAUTH2.0 scope provide a way to limit the amount of access that is granted to an access token. | +| **Template** | A template contains multiple categories. | +| **Visitor** | An anonymous user with no account registered in the Identity Provider. | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/iam/authmethods.md b/website/versioned_docs/version-5.0.1/iam/authmethods.md new file mode 100644 index 000000000..d024c2c62 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/iam/authmethods.md @@ -0,0 +1,43 @@ +# Authentication methods + +An [Authentication Method](../glossary) is of utmost importance as it ensures that the incoming user is indeed the person they claim to be + +During the authentication process, the end-user presents their credentials to the [Identity Provider](../glossary). These credentials must be sufficiently complex and unique to the end-user, as any compromise could enable malicious use, allowing unauthorized access to another user's account. + +Credentials can take various forms: +* A message signed by a cryptographic key owned by the end-user. +* A password. +* An OTP code generated by a mobile device. +* An OTP code sent by the Identity Server via email or SMS. + +Each type of credential carries different security risks. For instance, using a password is riskier than using a cryptographic key. When configuring the manual identity provisioning workflow, it is essential to consider these security risks. + +SimpleIdServer supports multiple authentication mechanisms. + +| Code | Name | Description | +| ------------ | ------------------ | ----------------------------------------------------- | +| **pwd** | Password | Login & Password | +| **sms** | SMS | Send an OTP code via SMS | +| **email** | Email | Send an OTP code via email | +| **webauthn** | WebAuthn | Utilize a FIDO-compliant device from your web browser | +| **mobile** | Mobile application | Scan the QR code with the mobile application | + +## SMS + +The SMS authentication module utilizes the [Twilio API](https://pages.twilio.com/) to send SMS messages to mobile devices. + +Before you can use this module, you need to update its configuration. + +To obtain the `Account SID`, `Auth Token`, and `Phone number of the sender` please refer to the [official documentation](https://www.twilio.com/docs/messaging/quickstart/csharp-dotnet-framework). + +By default, the TOTP algorithm is used to generate OTP codes. TThe content of the SMS consists of a concatenation between the message content and the OTP code. + +![SMS Authentication](./images/sms.png) + +## Email + +The Email authentication module uses an SMTP server to send emails. + +The properties `Smtp Port`, `Smtp Host`, `Email`, `Password` and `Email of the sender` must be updated with the appropriate values. + +![Email Authentication](./images/email.png) \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/iam/automaticidentityprovisioning.md b/website/versioned_docs/version-5.0.1/iam/automaticidentityprovisioning.md new file mode 100644 index 000000000..4156619c9 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/iam/automaticidentityprovisioning.md @@ -0,0 +1,78 @@ +# Automatic + +import DocsCards from '@site/src/components/global/DocsCards'; +import DocsCard from '@site/src/components/global/DocsCard'; + +The [Automatic Identity Provisioning](../glossary) workflow in SimpleIdServer can be configured to extract users from various types of storage and create their accounts in the local [Identity Provider](../glossary). + +The workflow consists of two steps: + +1. **Extract** : Retrieve users from the storage and store the results in CSV files. Only new or modified users are extracted. +2. **Import** : Read CSV files and create or update the local accounts. + +There are two supported types of storage. + + + + + + + + +## LDAP + +To configure automatic identity provisioning with LDAP, follow these steps : + +1. Navigate to the `Identity Provisioning` menu and click on the `Automatic Identity Provisioning` button. +2. Select `LDAP`. +3. Navigate to the `Properties` tab. +4. Update the properties with the appropriate values + +| Key | Description | Default value | +| ---------------------------- | -------------------------------------------------------------------------------------------------- | --------------------------- | +| Server | DNS of your server | localhost | +| Port | LDAP Port | 389 | +| Bind DN | DN of the LDAP Admin | cn=admin,dc=xl,dc=com | +| Bind Credentials | Password of the LDAP Admin | password | +| Users DN | Full DN of LDAP tree where you users are | ou=people,dc=xl,dc=com | +| User object class | All values of LDAP objectClass attribute for users in LDAP, divided by commas | organizationalPerson,person | +| entryUUID | Name of the LDAP Attribute, which is used as a unique object identifier (UUID) for objects in LDAP | entryUUID | +| Modification Date Attribute | Name of the LDAP Attribute, which is used as the modification date for objects in LDAP | modificationDate | +| Batch size | Number of records stored in each CSV file | 1 | + +5. Click on the `Update` button. +6. Click on the `Try to extract the users` button to check your settings. + +Once everything is configured, you can edit the Mapping rules, which are used during extraction to transform LDAP Attributes into [User Attribute](../glossary) or [User Property](../glossary). + +The `Add mapping rule` popup displays all the attributes coming from LDAP to facilitate the editing of the mapping rules. + +## SCIM + +To configure identity provisioning with SCIM, follow these steps: + +1. Navigate to the `Identity Provisioning` menu and click on the `Automatic Identity Provisioning` button. +2. Select `SCIM`. +3. Navigate to the `Properties` tab. +4. Update the properties with the appropriate values. + +| Key | Description | Default value | +| -------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------ | +| SCIM Endpoint | Base URL of the SCIM endpoint. | https://localhost:5003 | +| Authentication Types | Authentication type used to access the SCIM API. | API Key | +| API Key | Required when the authentication type is equal to **API Key**. This value is passed to the SCIM API. | ba521b3b-02f7-4a37-b03c-58f713bf88e7 | +| Client Id | Required when the authentication type is equals to ¨**Client Secret Post**. | | +| Client Secret | Required when the authentication type is equals to **Client Secret Post**. | | +| Count | Number of records stored in each CSV file. | 1 | + +There are two authentication types, depending on the security of your SCIM API, you must choose the correct one: + +* **API Key** : By default, our [SCIM API is protected by an API Key](../scim2), and the workflow uses the API Key to access the SCIM API. +* **Client secret post** : The workflow uses the Client Credentials grant to obtain an access token and uses it to access the SCIM API. + +5. Click on the `Update` button. +6. Click on the `Try to extract the users` button to check your settings. + +Once everything is configured, you can edit the Mapping rules, which are used during extraction to transform LDAP Attributes into [User Attribute](../glossary) or [User Property](../glossary). + +The `Add mapping rule` popup displays all the attributes coming from SCIM to facilitate the editing of the mapping rules. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/iam/caching.md b/website/versioned_docs/version-5.0.1/iam/caching.md new file mode 100644 index 000000000..ab4faec55 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/iam/caching.md @@ -0,0 +1,41 @@ +# Distributed caching + +All elements with a temporary lifetime, such as access, refresh, identity tokens, or temporary codes, are stored in a Distributed Cache. When they expire, they are removed from the Data Store. + +By default, the distributed caching is configured to use an SQL Server database. However, it is also possible to use the NoSQL Key-Value Pair [REDIS](https://redis.io/). + +## SQL Server + +To use SQL Server as a distributed caching, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | --------- | +| $.DistributedCacheConfiguration.ConnectionString | | +| $.DistributedCacheConfiguration.Type | SQLSERVER | + +## Redis + +To use SQL Server as a distributed caching, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | --------- | +| $.DistributedCacheConfiguration.ConnectionString | | +| $.DistributedCacheConfiguration.Type | REDIS | + +## Postgre + +To use Postgresql as a distributed caching, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | --------- | +| $.DistributedCacheConfiguration.ConnectionString | | +| $.DistributedCacheConfiguration.Type | POSTGRE | + +## Mysql + +To use Mysql as a distributed caching, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | --------- | +| $.DistributedCacheConfiguration.ConnectionString | | +| $.DistributedCacheConfiguration.Type | MYSQL | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/iam/configuration.md b/website/versioned_docs/version-5.0.1/iam/configuration.md new file mode 100644 index 000000000..c8de86530 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/iam/configuration.md @@ -0,0 +1,41 @@ +# Distributed configuration + +Different modules within SimpleIdServer utilize a distributed configuration storage to store their settings, including the Authentication and Provisioning modules. + +By default, SQL Server is used to store the configuration, but you also have the option to use the NoSQL Key-Value data store [Redis](https://redis.io/). + +## Redis + +To use Redis as a distributed configuration storage, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | ------------- | +| $.DistributedCacheConfiguration.Type | REDIS | +| $.DistributedCacheConfiguration.ConnectionString | | + +## SQLServer + +To use SQLServer as a distributed configuration storage, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | ------------- | +| $.DistributedCacheConfiguration.Type | SQLSERVER | +| $.DistributedCacheConfiguration.ConnectionString | | + +## Postgre + +To use Postgresql as a distributed configuration storage, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | ------------- | +| $.DistributedCacheConfiguration.Type | POSTGRE | +| $.DistributedCacheConfiguration.ConnectionString | | + +## Mysql + +To use Mysql as a distributed configuration storage, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| ------------------------------------------------ | ------------- | +| $.DistributedCacheConfiguration.Type | MYSQL | +| $.DistributedCacheConfiguration.ConnectionString | | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/iam/externalidproviders.md b/website/versioned_docs/version-5.0.1/iam/externalidproviders.md new file mode 100644 index 000000000..f554e286e --- /dev/null +++ b/website/versioned_docs/version-5.0.1/iam/externalidproviders.md @@ -0,0 +1,66 @@ +# External identity providers + +SimpleIdServer can utilize external [Identity Providers](../glossary) to authenticate the end-user. + +When the end-user authenticates for the first time with their external account, a local account will be automatically created in your [Identity Provider](../glossary). + +This process is also known as the [Just-In-Time Provisioning](../glossary) workflow. + +Currently, SimpleIdServer only supports [Facebook](#facebook) authentication. + +## Facebook + +To use Facebook as an external Identity Provider, follow these steps : + +1. Navigate to the `Authentication` menu and click on the `Authentication` link. +2. Select the `External identity providers` tab and click on the button `Add Identity Provider` button. +3. Under `Identity Provider Type`, choose `Facebook` and click on the `Next` button. +4. Fill-in the form like this and click on the `Next` button. + +| Key | Value | +| ------------ | ------------- | +| Name | OtherFacebook | +| Display Name | New facebook | +| Description | Facebook | + +5. Follow this [tutorial](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/facebook-logins?view=aspnetcore-7.0) to obtain the `AppId` and `AppSecret`. Then, complete the form accordingly and click `Add`. + +## Negotiate + +To enable Windows Authentication (also known as Negotiate, Kerberos, or NTLM authentication), follow these steps: + +1. Navigate o the `Authentication` menu and click on the `Authentication` link. +2. Select the `External identity providers` tab and click on the button `Add Identity Provider` button. +3. Under `Identity Provider Type`, choose `Facebook` and click on the `Next` button. +4. Fill-in the form like this and click on the `Next` button. + +| Key | Value | +| ------------ | ------------- | +| Name | Windows | +| Display Name | Windows | +| Description | Windows | + +5. Click on the `Add` button to confirm the creation and navigate to the new mapping rule. +6. Click on the `Mappers` tab, select and remove all the rows. +7. Click on the `Add mapper` button and add two rules with the following content: + +| Key | Value | +| ----------------- | ---------------------------------------------------------- | +| Mapper Type | Subject | +| Name | Subject | +| Source Claim Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | + +| Key | Value | +| ----------------- | ------------------------------------------------------------------ | +| Mapper Type | Identifier | +| Name | Identifier | +| Source Claim Name | http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid | + +## Mapping + +The [Just-In-Time Provisioning](../glossary) workflow utilizes a list of mapping rules to transform incoming Claims into a local account. + +There are two types of Mapping Rules: + +* [User attribute](../glossary) : It is a dynamic user claim, for example, DateOfBirth. +* [User property](../glossary) : It is a static user claim, for example, FirstName or Email. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/iam/images/clients.png b/website/versioned_docs/version-5.0.1/iam/images/clients.png new file mode 100644 index 000000000..54dcebc36 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/iam/images/clients.png differ diff --git a/website/versioned_docs/version-5.0.1/iam/images/clientview.png b/website/versioned_docs/version-5.0.1/iam/images/clientview.png new file mode 100644 index 000000000..f78f11260 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/iam/images/clientview.png differ diff --git a/website/versioned_docs/version-5.0.1/iam/images/email.png b/website/versioned_docs/version-5.0.1/iam/images/email.png new file mode 100644 index 000000000..82af857f0 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/iam/images/email.png differ diff --git a/website/versioned_docs/version-5.0.1/iam/images/register-pwd-email.png b/website/versioned_docs/version-5.0.1/iam/images/register-pwd-email.png new file mode 100644 index 000000000..94d829af7 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/iam/images/register-pwd-email.png differ diff --git a/website/versioned_docs/version-5.0.1/iam/images/sms.png b/website/versioned_docs/version-5.0.1/iam/images/sms.png new file mode 100644 index 000000000..7d7095525 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/iam/images/sms.png differ diff --git a/website/versioned_docs/version-5.0.1/iam/manualidentityprovisioning.md b/website/versioned_docs/version-5.0.1/iam/manualidentityprovisioning.md new file mode 100644 index 000000000..a6d7909e6 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/iam/manualidentityprovisioning.md @@ -0,0 +1,21 @@ +# Manual + +The [Manual Identity Provisioning](../glossary) workflow in SimpleIdServer enables [Visitors](../glossary) to your web application to create a local account with the Identity Provider. + +The workflow consists of one or more steps, with each step representing a different [Authentication Method](../glossary). +For each of these methods, the visitor will enroll their credentials. + +To create a Manual Identity Provisioning workflow, follow these steps : + +1. Navigate to the `Identity Provisioning` menu and click on the `Manual Identity Provisioning` button. +2. Click on the `Add registration workflow` button. +3. Fill in the name; it must be unique. +4. Select one or more registration methods. The order is important as it determines the sequence of actions for registring the [Visitor](../glossary). +5. If you want this new registration workflow to be the default one when a visitor navigates to the registration page, then check the `Is Default` checkbox. +6. Click on the `Add` button to register the workflow. + +You can view the registration workflow by clicking on the link displayed in the first column of the table. + +The screenshot below shows a registration workflow with two steps `pwd` and `email`. + +![Registration workflow](./images/register-pwd-email.png) \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/iam/openid.md b/website/versioned_docs/version-5.0.1/iam/openid.md new file mode 100644 index 000000000..03c6b13c1 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/iam/openid.md @@ -0,0 +1,114 @@ +# OPENID + +The SimpleIdServer's [Identity Provider](../glossary) can act as an OPENID server. + +## Supported Grant Types + +The following Grant Types are supported + +| Name | RFC | +| ---------------------------------------------------- | ---- | +| authorization_code | [https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.1](https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.1) | +| client_credentials | [https://datatracker.ietf.org/doc/html/rfc6749#section-4.4](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4) | +| password | [https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.3](https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.3) | +| refresh_token | [https://datatracker.ietf.org/doc/html/rfc6749#section-1.5](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5) | +| urn:openid:params:grant-type:ciba | [https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html) | +| urn:ietf:params:oauth:grant-type:device_code | [https://www.ietf.org/rfc/rfc8628.html#section-3.4](https://www.ietf.org/rfc/rfc8628.html#section-3.4) | +| urn:ietf:params:oauth:grant-type:pre-authorized_code | [https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-10.html](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-10.html) | +| urn:ietf:params:oauth:grant-type:uma-ticket | [https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html](https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html) | +| urn:ietf:params:oauth:grant-type:token-exchange | [https://datatracker.ietf.org/doc/html/rfc8693](https://datatracker.ietf.org/doc/html/rfc8693) | + +## Supported authentication methods + +The following client authentication methods are supported. + +| Name | RFC | +| --------------------------- | --- | +| client_secret_basic | [https://www.rfc-editor.org/rfc/rfc7591.html#section-2.3.1](https://www.rfc-editor.org/rfc/rfc7591.html#section-2.3.1) | +| client_secret_jwt | [https://www.rfc-editor.org/rfc/rfc7523](https://www.rfc-editor.org/rfc/rfc7523) +| client_secret_post | [https://www.rfc-editor.org/rfc/rfc7591.html#section-2.3.1](https://www.rfc-editor.org/rfc/rfc7591.html#section-2.3.1) | +| private_key_jwt | [https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication) | +| self_signed_tls_client_auth | [https://www.rfc-editor.org/rfc/rfc8705.html](https://www.rfc-editor.org/rfc/rfc8705.html) | +| tls_client_auth | [https://www.rfc-editor.org/rfc/rfc8705.html](https://www.rfc-editor.org/rfc/rfc8705.html) | +| pkce | [https://datatracker.ietf.org/doc/html/rfc7636](https://datatracker.ietf.org/doc/html/rfc7636) | + +## Clients + +The [Client](../glossary) is the application that is attempting to act on behalf of the user or access the user's resources. + +In SimpleIdServer, clients are categorized into [Categories](../glossary), and each category belongs to a [Template](../glossary). + +There are three templates + + + + + + + + + + + + + + + + + + + + +
    TemplateDescriptionCategories
    StandardThis template assists in creating an application that adheres to the standard security protocols, such as Ws-Federation, OPENID or SAML2User Agent Based application (SPA)
    Machine-to-Machine(M2M) applications
    Web application executed on server
    Desktop or mobile application
    A WS-Federation relying party
    A Service Provider (SP)
    Device - An IoT application
    FAPI2.0This template assists in creating an application used in the Financial Domain. This application must be highly secure and must adhere to a set of security practices.Highly secure Web Application
    Grant Management
    External Device Authentication
    Credentials issuer
    + +To manage the clients, navigate to the `Clients` menu. + +![Clients](./images/clients.png) + +You can view the configuration of the client by clicking on its identifier displayed in the first column of the table. + +The client view displays six tab elements: + +* **Details** : Display the details of the client; depending on the nature of the client (machine or website), the displayed parameters vary. For instance, if the client is a Single Page Application, the Redirect URLs are displayed; otherwise, if the client is a Console Application/Machine, the Redirect URLs are not displayed. + +* **Client Scopes** Display the list of [Scopes](../glossary) to which the client has access. There are two types of scopes : [Identity Scope](../glossary) and [Api Scope](../glossary).Identity Scopes grant the client access to specific claims of the authenticated user, such as Email. API Scopes grant the client access to certain [Api Resources](../glossary), for example, the Read action on the Clients REST API. + +* **Keys** : Some client authentication methods require a client secret signed by a key, such as private_key_jwt. The Identity Provider stores the public keys or uses the Json Web Key URL exposed by the client to verify the signature of the client secret. + +* **Credentials**: Select the authentication method. + +* **Roles** : One or more user roles can be assigned to a client, for example, 'administrator.' The role can also be assigned to a group, and that group can, in turn, be assigned to one or more users. The client's role will be included in the `role` claims of the authenticated user. When the client receives the token, it can check the permissions. + +* **Advanced**: Display all the available parameters of a client. + +![Client view](./images/clientview.png) + +## Scopes + +The [Scope](../glossary) provides a means to restrict the level of access granted to an access token. + +There are two types of scopes: + +| Name | Description | +| ----------------------- | ----------- | +| OpenId / Identity Scope | OPENID/Identity scopes are used by a client during authentication to authorize access to a user's details, such as name and picture. | +| API Scope | Restrict access to REST API/resources. | + +To manage the scopes, navigate to the `Scopes` menu. + +### Identity Scope + +An [Identity Scope](../glossary) contains one or more [Mapping Rules](../glossary). These rules are used to retrieve user information and convert it into a list of claims that will be included in the Identity Token. + +There are two types of mapping rules: + +| Name | Description | +| -------------- | -------------------------------------------------------------------------------------------------------- | +| User Attribute | Transform a user's claim into an output claim; claims are not static and can take any form | +| User Property | Transform a user's property into an output claim; properties are static and defined by SimpleIdServer | + +### API Scope + +An [API scope](../glossary) represents a permission for one or more API resources, such as `read` for the client named `ClientsApi`. + +The `aud` claim is populated with the relevant API resources. This claim is used by the API during the authorization process. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/iam/saml2.md b/website/versioned_docs/version-5.0.1/iam/saml2.md new file mode 100644 index 000000000..fc1cd4325 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/iam/saml2.md @@ -0,0 +1,12 @@ + # SAML2.0 + + The SimpleIdServer's [Identity Provider](../glossary) can act as a SAML Identity Provider thanks to the [IdentitySaml2](https://www.itfoxtec.com/IdentitySaml2) library. + +To create a website with SAML support, follow these steps: + +1. Navigate the client `Clients` page. +2. Click on the `Add client` button. +3. Select the `Standard` template and select and click on the `Next` button. +4. Fill in the form with the appropriate values and click on the `Save` button to confirm the creation. + +You can follow these [Tutorial](../tutorial/saml) to configure the SAML Authentication. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/iam/storage.md b/website/versioned_docs/version-5.0.1/iam/storage.md new file mode 100644 index 000000000..f253ca1e6 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/iam/storage.md @@ -0,0 +1,42 @@ +# Storage + +The [Identity Provider](../glossary) can utilize one of the following storage options. + +For each type of storage, there is a corresponding NuGet package containing all the migration scripts. These scripts encompass the logic necessary for creating the data structure, such as tables or schemas. Migration scripts will be applied during the startup of the [Identity Provider](../glossary). + +| Storage | Nuget package | +| --------- | -------------------------------------------------------------------------------------------------------------------------- | +| SQL Server | [SimpleIdServer.IdServer.SqlServerMigrations](https://www.nuget.org/packages/SimpleIdServer.IdServer.SqlServerMigrations) | +| PostGreSQL | [SimpleIdServer.IdServer.PostgreMigrations](https://www.nuget.org/packages/SimpleIdServer.IdServer.PostgreMigrations) | +| MySQL | [SimpleIdServer.IdServer.PostgreMigrations](https://www.nuget.org/packages/SimpleIdServer.IdServer.MySQLMigrations) | + +If your preferred storage option is not listed, please [contact-us](../contactus). We will make every effort to accommodate your requirements. + +Alternatively, if you are comfortable with our solution, you can make modifications in the `Program.cs` file of the [Identity Provider](../glossary) solution. + +## SQL Server + +To utilize SQL Server, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| --------------------------------------- | ------------- | +| $.StorageConfiguration.ConnectionString | | +| $.StorageConfiguration.Type | SQLSERVER | + +## POSTGRESQL + +To utilize Postgresql, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| --------------------------------------- | ------------- | +| $.StorageConfiguration.ConnectionString | | +| $.StorageConfiguration.Type | POSTGRE | + +## MYSQL + +To utilize Mysql, edit the `appsettings.json` file and modify the following values : + +| Json Path | Value | +| --------------------------------------- | ------------- | +| $.StorageConfiguration.ConnectionString | | +| $.StorageConfiguration.Type | MYSQL | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/iam/wsfederation.md b/website/versioned_docs/version-5.0.1/iam/wsfederation.md new file mode 100644 index 000000000..98fbed1e0 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/iam/wsfederation.md @@ -0,0 +1,12 @@ +# WS-Federation + +The SimpleIdServer's [Identity Provider](../glossary) can act as a WS-Federation server. + +The [WS-Federation Language](http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html) version 1.2 is supported. + +To create a website with WS-Federation support, follow these steps: + +1. Navigate to the `Clients` page. +2. Click on the `Add client` button. +3. Select the `Standard` template and select the `WS-Federation Relyng party`, then click on the `Next` button. +4. Fill in the form with the appropriate values and click on the `Save` button to confirm the creation. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/images/CredentialIssuer-1.png b/website/versioned_docs/version-5.0.1/images/CredentialIssuer-1.png new file mode 100644 index 000000000..3a402b142 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/images/CredentialIssuer-1.png differ diff --git a/website/versioned_docs/version-5.0.1/images/CredentialIssuer-2.png b/website/versioned_docs/version-5.0.1/images/CredentialIssuer-2.png new file mode 100644 index 000000000..33280e56a Binary files /dev/null and b/website/versioned_docs/version-5.0.1/images/CredentialIssuer-2.png differ diff --git a/website/versioned_docs/version-5.0.1/images/IdentityServer-1.png b/website/versioned_docs/version-5.0.1/images/IdentityServer-1.png new file mode 100644 index 000000000..61976afe5 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/images/IdentityServer-1.png differ diff --git a/website/versioned_docs/version-5.0.1/images/IdentityServerWebsite-2.png b/website/versioned_docs/version-5.0.1/images/IdentityServerWebsite-2.png new file mode 100644 index 000000000..7d872b167 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/images/IdentityServerWebsite-2.png differ diff --git a/website/versioned_docs/version-5.0.1/images/azuread-1.png b/website/versioned_docs/version-5.0.1/images/azuread-1.png new file mode 100644 index 000000000..3494101e2 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/images/azuread-1.png differ diff --git a/website/versioned_docs/version-5.0.1/images/clientcertificate.png b/website/versioned_docs/version-5.0.1/images/clientcertificate.png new file mode 100644 index 000000000..fbf4b19f4 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/images/clientcertificate.png differ diff --git a/website/versioned_docs/version-5.0.1/images/mobile-settings.png b/website/versioned_docs/version-5.0.1/images/mobile-settings.png new file mode 100644 index 000000000..0ebcef65e Binary files /dev/null and b/website/versioned_docs/version-5.0.1/images/mobile-settings.png differ diff --git a/website/versioned_docs/version-5.0.1/installation/dotnettemplate.md b/website/versioned_docs/version-5.0.1/installation/dotnettemplate.md new file mode 100644 index 000000000..bdc575a8d --- /dev/null +++ b/website/versioned_docs/version-5.0.1/installation/dotnettemplate.md @@ -0,0 +1,226 @@ +# DOTNET Template + +Install SimpleIdServer templates. + +``` +dotnet new --install SimpleIdServer.Templates +``` + +This will add the following templates + +| Command line | Description | +| ---------------------------- | ------------------------------------------------------------------------------------------------ | +| dotnet new idserver | Create Identity Server. By default, Entity Framework is configured to use SQLServer | +| dotnet new idserverwebsite | Create Identity Server website. By default, Entity Framework is configured to use SQLServer | +| dotnet new scim | Create SCIM Server. | +| dotnet new credissuer | Create credential issuer API. | +| dotnet new credissueradminui | Create credential issuer administration UI. | + +## Create Visual Studio Solution + +Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir Quickstart +cd Quickstart +mkdir src +dotnet new sln -n Quickstart +``` + +## Create IdentityServer project + +To create a web project named `IdServer` with the `SimpleIdServer.IdServer` package installed, execute the command line : + +``` +cd src +dotnet new idserver -n IdServer +``` + +The following files will be created within a new `src/IdServer` directory : + +* `IdServer.csproj` : Project file with the `SimpleIdServer.IdServer` NuGet package added. +* `appsettings.json` : Contains the ConnectionString. +* `Program.cs` : Main application entry point. +* `IdServerConfiguration.cs` : Contains the `Clients`, `Resources`. + +Next, add the `IdServer` project into the Visual Studio Solution + +``` +cd .. +dotnet sln add ./src/IdServer/IdServer.csproj +``` + +Run the IdServer project, ensuring that it listens on the URL `https://localhost:5001`. + +``` +cd src/IdServer +dotnet run --urls=https://localhost:5001 +``` + +The IdentityServer is now ready to be used. + +By default, there is one administrator account configured. You can access their profile by navigating to the URL `https://localhost:5001/master` and authenticate using the following credentials : + +* Login : administrator +* Password : password + +## IdentityServer UI preview + +The IdentityServer UI uses Bootstrap 5. + +![IdentityServer](../images/IdentityServer-1.png) + +## Create IdentityServer website project + +create a web project named `IdServerWebsite` with the `SimpleIdServer.IdServer.Website` package installed, execute the command line : + +``` +cd src +dotnet new idserverwebsite -n IdServerWebsite +``` + +Run the `IdServerWebsite` project, it must listens on the url `https://localhost:5002/master/clients`. + +``` +cd src/IdServerWebsite +dotnet run --urls=https://localhost:5002 +``` + +The IdentityServer website is now ready to be used. + +The website can be used to manage all aspects of an Identity Server solution, such as managing clients, users, and scopes. + +## Identity Server website UI preview + +The IdentityServer website UI uses Radzen. + +![IdentityServerWebsite](../images/IdentityServerWebsite-2.png) + +## SCIM Security + +By default SCIM is configured to use API KEY authentication. +For clients to perform any operation, they must include one of those keys in the `HTTP HEADER Authorization Bearer` field. + +| Owner | Value | +| -------- | ------------------------------------ | +| IdServer | ba521b3b-02f7-4a37-b03c-58f713bf88e7 | +| AzureAd | 1595a72a-2804-495d-8a8a-2c861e7a736a | + +## Create SCIM project with EF support + +Create a web project named `ScimEF` with the `SimpleIdServer.Scim.Persistence.EF` package installed and Entity Framework (EF) configured to use SQLServer, execute the command line : + +``` +cd src +dotnet new scim -n ScimEF --connectionString "Data Source=.;Initial Catalog=SCIM;Integrated Security=True;TrustServerCertificate=True" -t "SQLSERVER" +``` + +Next, add the `ScimEF` project into the Visual Studio Solution + +``` +cd .. +dotnet sln add ./src/ScimEF/ScimEF.csproj +``` + +Run the ScimEF project, ensuring that it listens on the URL `https://localhost:5003`. + +``` +cd src/SCIMEF +dotnet run --urls=https://localhost:5003 +``` + +Now that the SCIM server is running, you can check its Schemas endpoint by accessing [https://localhost:5003/Schemas](https://localhost:5003/Schemas). + +## Create SCIM project with MongoDB support + +To create a web project named ScimMongoDB with the SimpleIdServer.Scim.Persistence.MongoDB package installed and MongoDB support, execute the command line : + +``` +cd src +dotnet new scim -n ScimMongoDB --connectionString "mongodb://localhost:27017" -t "MONGODB" +``` + +Next, add the `ScimMongoDB` project into the Visual Studio Solution + +``` +cd .. +dotnet sln add ./src/ScimMongoDB/ScimMongoDB.csproj +``` + +Run the ScimMongoDB project, ensuring that it listens on the URL `https://localhost:5003`. + +``` +cd src/ScimMongoDB +dotnet run --urls=https://localhost:5003 +``` + +Now that the SCIM server is running, you can check its Schemas endpoint by accessing [https://localhost:5003/Schemas](https://localhost:5003/Schemas). + +## Create credential issuer project + +To create a web project named `CredentialIssuer` with the `SimpleIdServer.CredentialIssuer` package installed, execute the command line : + +``` +cd src +dotnet new credissuer -n CredentialIssuer +``` + +:::danger + +If you are using version 5.0.0, you must install the NuGet package `Microsoft.IdentityModel.Protocols.OpenIdConnect` version `7.5.1`. Otherwise, the OpenIdConnect library will not be able to read the OpenID configuration from the well-known endpoint. + +::: + +The following files will be created within a new `src/CredentialIssuer` directory : + +* `CredentialIssuer.csproj` : Project file with the `SimpleIdServer.CredentialIssuer` NuGet package added. +* `appsettings.json` : Contains the properties to configure the Openid authentication, such as the ClientId, ClientSecret and Issuer. +* `Program.cs` : Main application entry point. +* `CredentialIssuerConfiguration.cs` : Contains the `CredentialConfigurations`. + +Run the CredentialIssuer project, ensuring that it listens on the URL `https://localhost:5005`. + +``` +cd src/IdServer +dotnet run --urls=https://localhost:5005 +``` + +The CredentialIssuer is now ready to be used. + +## Credential issuer UI preview + +The CredentialIssuer UI uses Bootstrap 5. + +![CredentialIssuer](../images/CredentialIssuer-1.png) + +## Create credential issuer website project + +To create a web project named `CredentialIssuerAdminui` with the `SimpleIdServer.CredentialIssuer.Website` package installed, execute the command line : + +``` +cd src +dotnet new credissueradminui -n CredentialIssuerAdminui +``` + +:::danger + +If you are using version 5.0.0, you must install the NuGet package `Microsoft.IdentityModel.Protocols.OpenIdConnect` version `7.5.1`. Otherwise, the OpenIdConnect library will not be able to read the OpenID configuration from the well-known endpoint. + +::: + +Run the `CredentialIssuerAdminui` project, it must listens on the url `https://localhost:5006`. + +``` +cd src/IdServerWebsite +dotnet run --urls=https://localhost:5006 +``` + +The credential issuer administration ui is now ready to be used. + +The website can be used to manage the credential configurations. + +## Credential issuer website UI preview + +The CredentialIssuer website UI uses Radzen. + +![CredentialIssuerAdminUi](../images/CredentialIssuer-2.png) \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/installation/hosting.md b/website/versioned_docs/version-5.0.1/installation/hosting.md new file mode 100644 index 000000000..2dab15c6c --- /dev/null +++ b/website/versioned_docs/version-5.0.1/installation/hosting.md @@ -0,0 +1,206 @@ +# Hosting + +import DocsCards from '@site/src/components/global/DocsCards'; +import DocsCard from '@site/src/components/global/DocsCard'; + +## NGINX + +Once the solution is installed via [Copy and paste](./quickstart.md#copy-and-paste) on your server, you can configure a reverse proxy, such as NGINX, to redirect incoming HTTP traffic to the SimpleIdServer solution. + +In a Linux environment, three systemd daemons will be installed, each running a different part of the SimpleIdServer solution. + +There are three services hosted on different ports : + +| Service | Port | +| ----------------------- | ---- | +| IdServer | 5001 | +| Website | 5002 | +| Scim | 5003 | +| CredentialIssuer | 5005 | +| CredentialIssuerWebsite | 5006 | + +They share the same characteristics: +* Hosted under HTTPS. +* They use Forwarded Headers; these HTTP headers are employed to modify the Redirection URL returned by the Discovery endpoint. For example, when the parameter `X-Forwarded-Proto` equals http, the OPENID Well-Known configuration endpoint will return a redirection URL with an http scheme. + +You can choose one of the following options to host the solution. + + + +

    Each service is hosted on a subdomain.

    +     + +

    Each service is hosted on a subpath.

    +     +     + +### Subdomain hosting + +In the NGINX configuration, for each service, replicate the `server` block with the following content. + +Each block corresponds to a subdomain and handles one service. + +Replace the `` variable with the URL of your service, and the `` variable with the name of your service. + +For example, for the IdServer service, replace the variables as follows: + +| Parameter | Value | +| ------------ | ---------------------- | +| SERVICE_NAME | openid | +| SERVICE_URL | https://localhost:5001 | +| DOMAIN | simpleidserver.com | + +``` +server { + listen 443 ssl; + listen [::]:443 ssl; + + gzip on; + gzip_types text/plain text/css application/xml application/json application/javascript; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + large_client_header_buffers 4 32k; + + server_name .; + ssl_verify_client optional_no_ca; + + location / { + proxy_pass ; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection keep-alive; + proxy_set_header Host $host; + proxy_pass_header Set-Cookie; + proxy_pass_request_headers on; + proxy_cache_bypass $http_upgrade; + proxy_cookie_domain localhost $host; + proxy_set_header X-Scheme https; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-URL-SCHEME https; + client_max_body_size 1M; + client_body_buffer_size 4096k; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffer_size 128k; + proxy_buffers 32 256k; + } +} +``` + +### Subpath hosting + +In the NGINX configuration, add one `server` block for each service and replicate the `location` block with the following content. + +For example, for the IdServer service, replace the variables as follows: + +| Parameter | Value | +| ------------ | ---------------------- | +| PATH | openid | +| SERVICE_URL | https://localhost:5001 | +| DOMAIN | simpleidserver.com | + +``` +server { + listen 443 ssl; + listen [::]:443 ssl; + + gzip on; + gzip_types text/plain text/css application/xml application/json application/javascript; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + large_client_header_buffers 4 32k; + + server_name ; + ssl_verify_client optional_no_ca; + + location / { + proxy_pass ; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection keep-alive; + proxy_set_header Host $host; + proxy_pass_header Set-Cookie; + proxy_pass_request_headers on; + proxy_cache_bypass $http_upgrade; + proxy_cookie_domain localhost $host; + proxy_set_header X-Scheme https; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-URL-SCHEME https; + client_max_body_size 1M; + client_body_buffer_size 4096k; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffer_size 128k; + proxy_buffers 32 256k; + } +} +``` + +### SSL Certificate + +An SSL Certificate must be installed on your NGINX Server. + +You can use [Let's Encrypt](https://letsencrypt.org/) to generate SSL Certificates valid for all your domains and/or subdomains. + +For example, the following command line generates a certificate valid for three domains: + +``` +sudo certbot certonly -d openid.simpleidserver.com -d scim.simpleidserver.com -d website.simpleidserver.com credentialissuer.simpleidserver.com credentialissuerwebsite.simpleidserver.com +``` + +Once the certificate is generated, you must update the `server` blocks add the `ssl_certificate` and `ssl_certificate_key` directives. + +``` +ssl_certificate /etc/letsencrypt/live//fullchain.pem; +ssl_certificate_key /etc/letsencrypt/live//privkey.pem; +``` + +Additionally, add a new server block to redirect all HTTP traffic to HTTPS: + +``` +server { + listen 80; + server_name ; + return 301 https://$host$request_uri; +} +``` + +For more information about NGINX, you can refer to the official website: https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/ + +## IIS + +The zip file downloaded from [here](./quickstart.md#copy-and-paste), contains all of SimpleIdServer's services. + +They are ready to be run on IIS, and each of them has a `web.config` filer with a reference to the executable service to run. + +To deploy the application under IIS, follow these steps: +1. Add a new application pool named `SimpleIdServer`. +2. Enable the`Load User Profile` and check if the identity specified for the application pool is a member of the `Cryptographic perators` groups. his setting is required; otherwise, you'll encounter cryptographic exceptions such as: + +``` +Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer[2] +Connection ID "17942340921349636565", Request ID "800001d7-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application. +System.Security.Cryptography.CryptographicException: The system cannot find the file specified. +at System.Security.Cryptography.CngKey.Import(ReadOnlySpan1 keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider) at System.Security.Cryptography.CngPkcs8.ImportPkcs8(ReadOnlySpan1 keyBlob) +``` + +3. Add a new `SimpleIdServer` site, select your application pool, and specify the directory of your service. + + +:::info + +If the application is deployed on Azure, add the application setting `WEBSITE_LOAD_PROFILE` and set its value to `1`. + +::: \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/installation/quickstart.md b/website/versioned_docs/version-5.0.1/installation/quickstart.md new file mode 100644 index 000000000..e610399a0 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/installation/quickstart.md @@ -0,0 +1,127 @@ +# Quick Start + +import DocsCards from '@site/src/components/global/DocsCards'; +import DocsCard from '@site/src/components/global/DocsCard'; + +The entire SimpleIdServer solution can be easily installed and deployed through various methods: [Copy and Paste](#copy-and-paste), [Docker](#docker) or [Kubernetes](#kubernetes). + +If you want to install only certain parts of the solution or customize specific features like the UI, you can use our [DOTNET Template](#dotnet-template) project. + + + + +

    Install the entire solution with a single command..

    +     + +

    Utilize our DOTNET Template to install specific parts of the solution.

    +     +     + +## Copy and paste + +Installing SimpleIdServer is as simple as downloading it, unzipping it, and updating the connection string. +By default, the project is configured to use the SQLServer database. Other databases are supported. For more information, refer to the [configuration](configuration) section. + +The archive folder contains three projects: + +| Name | Port | Description | +| ----------------------- | --------------- | ------------------------- | +| IdServer | https://*:5001 | Identity server | +| IdServerWebsite | https://*:5002 | Administration website | +| Scim | https://*:5003 | SCIM server | +| CredentialIssuer | https://*:5005 | Credential issuer | +| CredentialIssuerWebsite | https://*:5006 | Credential issuer website | + +The technical account used to run the `IdServer` and `Scim` servers must have the privilege to create tables and databases. Otherwise, the application cannot deploy the database. +By default, the development certificate is utilized to host the applications under HTTPS. To install it on your local machine, execute the command line `dotnet dev-certs https`. +For more information, refer to the [documentation](https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-dev-certs). + +### Windows + +Procedure : + +1. Download the [zip file](https://github.com/simpleidserver/SimpleIdServer/releases/latest/download/SimpleIdServer-Windows-x64.zip). +2. Extract the contents into a directory. +3. In each subfolder, locate the `appsettings.json` file. Open your preferred text editor and update the Connection String. +4. Open three PowerShell prompts and navigate to the subdirectories: `IdServer`, `Scim`, `IdServerWebsite`, `CredentialIssuer` and `CredentialIssuerWebsite`. +5. Execute the command `run.ps1`. + +### Linux + +Procedure : + +1. Download the [zip file](https://github.com/simpleidserver/SimpleIdServer/releases/latest/download/SimpleIdServer-Linux-x64.zip) using the following command: + +`wget https://github.com/simpleidserver/SimpleIdServer/releases/latest/download/SimpleIdServer-Linux-x64.zip` + +2. Extract the contents into a directory using the following command: + +`unzip SimpleIdServer-Linux-x64.zip -d SimpleIdServer-Linux-x64` + +3. In the subdirectories, you will find two scripts. Use `run.sh` to launch the service and `install-daemon.sh` to install the server as a daemon service. + +## Docker + +It is possible to run the SimpleIdServer solution through Docker. + +In this setup, the domain `localhost.com` is used to represent the domain on which the solution is hosted. Therefore, the first step is to ensure that the domain `localhost.com` resolves to the Docker host machine. + +To achieve this, edit your hosts file and add the following entry: + +``` +127.0.0.1 localhost.com scim.localhost.com idserver.localhost.com website.localhost.com credentialissuer.localhost.com credentialissuerwebsite.localhost.com +``` + +The location of the hosts file varies based on the operating system: + +| Operating System | Path | +| ---------------- | ------------------------------------- | +| Linux | \etc\hosts | +| Windows | C:\Windows\system32\drivers\etc\hosts | + +Next, download the [Docker archive](https://github.com/simpleidserver/SimpleIdServer/releases/latest/download/Docker.zip), extract the contents into a directory, and execute the command `docker-compose up`. + +Now, SimpleIdServer is ready to be used, and the services can be accessed through the following URLs: + +| Service | Url | +| --------------------------- | ------------------------------------------------- | +| IdServer | https://idserver.localhost.com/master | +| IdServerWebsite | https://website.localhost.com/master/clients | +| Scim | https://scim.localhost.com | +| CredentialIssuer | https://credentialissuer.localhost.com | +| CredentialIssuerWebsite | https://credentialissuerwebsite.localhost.com | + +## Kubernetes + +It is possible to run the SimpleIdServer solution through Kubernetes. + +In this setup, the domain `sid.svc.cluster.local` is used to represent the domain on which the solution is hosted. Therefore, the first step is to ensure that the domain `sid.svc.cluster.local` resolves to the Docker host machine. + +To achieve this, edit your hosts file and add the following entry: + +``` +127.0.0.1 sid.svc.cluster.local scim.sid.svc.cluster.local idserver.sid.svc.cluster.local website.sid.svc.cluster.local credentialissuer.sid.svc.cluster.local credentialissuerwebsite.sid.svc.cluster.local +``` + +Next, ensure that you have `Minikube` installed on your local machine. You can download it from [Minikube](https://minikube.sigs.k8s.io/docs/start/). + +Download the [Kubernetes archive file](https://github.com/simpleidserver/SimpleIdServer/releases/latest/download/Kubernetes.zip) and extract its contents into a directory. + Open a command prompt and navigate to this directory. Execute the following commands to start the solution: + +``` +minikube start +minikube addons enable ingress +eval $(minikube -p minikube docker-env) +kubectl apply -f sid-kubernetes.yaml +minikube tunnel +``` + +Now, SimpleIdServer is ready to be used, and the services can be accessed through the following URLs: + +| Service | Url | +| --------------------------- | --------------------------------------------------------- | +| IdServer | https://idserver.sid.svc.cluster.local/master | +| IdServerWebsite | https://website.sid.svc.cluster.local/master/clients | +| Scim | https://scim.sid.svc.cluster.local | +| CredentialIssuer | https://credentialissuer.sid.svc.cluster.local | +| CredentialIssuerWebsite | https://credentialissuerwebsite.sid.svc.cluster.local | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/migrations/403to404.md b/website/versioned_docs/version-5.0.1/migrations/403to404.md new file mode 100644 index 000000000..fbab21f60 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/migrations/403to404.md @@ -0,0 +1,33 @@ +# Migrate from version 4.0.3 to 4.0.4 + +The SCIM project includes a breaking change in the database. Two columns have been added to the `SCIMRepresentationAttribute` table: +* `ComputedIndexValue` : This column stores a computed value for each attribute. If the attribute is complex, the value is the concatenation of its children's values. This value serves a useful purpose when the SCIM server is checking the uniqueness of the attribute. +* `IsComputed`: his column indicates whether the attribute is automatically computed or not. For example, the attribute `groups.type` is always computed by the server and only has two possible values, `direct` or `indirect`. + +## Entity Framework + +### Apply migration script + +If you are utilizing `Entity Framework`, make sure to reference the appropriate NuGet package for your specific database and apply the migration scripts included within the NuGet package. + +| Nuget | Database | +| --------------------------------------- | --------- | +| SimpleIdServer.Scim.PostgreMigrations | Postgre | +| SimpleIdServer.Scim.SqlServerMigrations | SQLServer | + +If you are not using the NuGet package, you can generate the migration script and apply it by executing the following commands. For more information, please refer to the [official documentation](https://learn.microsoft.com/en-us/ef/core/managing-schemas/migrations/?tabs=dotnet-core-cli). + +``` +dotnet ef add migrations add Release404 +dotnet ef database update +``` +Two columns, `ComputedIndexValue` and `IsComputed`, will be added to the table named `SCIMRepresentationAttributes`. + +### Launch migration + +Even though it's not ideal, you can use the [Startup project](https://github.com/simpleidserver/SimpleIdServer/blob/master/src/Scim/SimpleIdServer.Scim.Startup/Startup.cs) and uncomment the code for`MigrateFrom403To404EF`. + +## MongoDB + +Due to the size limit of a document, all the `FlatAttributes` property of the `SCIMRepresentation` collection must be transformed into a list of references to the `SCIMRepresentationAttribute` collection. +To accomplish this, you can use the [Startup project](https://github.com/simpleidserver/SimpleIdServer/blob/master/src/Scim/SimpleIdServer.Scim.Startup/Startup.cs). Uncomment the line `MigrateFrom403To404MongoDB(app);` and set the parameter `useVersion403` to true. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/migrations/500to501.md b/website/versioned_docs/version-5.0.1/migrations/500to501.md new file mode 100644 index 000000000..c8f459b19 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/migrations/500to501.md @@ -0,0 +1,14 @@ +# Migrate from version 5.0.0 to 5.0.1 + +In version 5.0.1, some changes have been made to the database. +The `SeedData` function in the `Program.cs` file has been adapted to migrate the database from version 5.0.0 to version 5.0.1. +Before migrating to the latest version, you must ensure that the `Program.cs` file has been properly updated link. + +The following modifications have been made to the database: + +* Added the `federation_entities` scope and assigned this scope to the `SIDS-Manager` client. +* Added the `SIDS-manager/administrator` scope and assigned it to the `administrator` group. +* Created the scopes for the `administrator` group. +* Added a new group `administrator` and assigned it to the Administrator user. +* Added a new group `administrator-ro` and assigned it to the new administrator-ro user. +* Added the columns `Action` and `Component` to the Scope table. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/mobileapplication.md b/website/versioned_docs/version-5.0.1/mobileapplication.md new file mode 100644 index 000000000..6c6125d9f --- /dev/null +++ b/website/versioned_docs/version-5.0.1/mobileapplication.md @@ -0,0 +1,41 @@ +# Mobile application + +import MobileSettings from './images/mobile-settings.png'; + +SimpleIdServer offers a mobile application that is both free and open-source. + +## Download + +The application can be downloaded for Android [here](https://install.appcenter.ms/users/agentsimpleidserver-gmail.com/apps/simpleidserver/distribution_groups/public). + +## Enroll + +The mobile application utilizes SimpleIdServer's FIDO U2F endpoints to enroll a public key, while the private key is securely stored on the device. + +During the authentication process, SimpleIdServer sends a challenge response to the device to verify the corresponding private key. + +Follow these steps to enroll your mobile application: + +1. Go to the following URL to register a new user [https://openid.simpleidserver.com/master/registration?workflowName=mobile](https://openid.simpleidserver.com/master/registration?workflowName=mobile). +2. Enter a random username and click on the `Generate QR Code` button. + +If you are using the [mobile application](https://install.appcenter.ms/users/agentsimpleidserver-gmail.com/apps/simpleidserver/distribution_groups/public), follow these steps: + +1. Open the mobile application. +2. Select the `Enroll` tab. +3. Click on the `Scan QR Code` button and scan the QR code displayed on the website. + +Your mobile application is now successfully enrolled and ready to be used for user authentication. + +## Push notification methods + +The mobile application can be configured to use one of the following notification methods: + +* **Firebase** : [Firebase Cloud Message (FCM)](https://firebase.google.com/docs/cloud-messaging) is a cross-platform messaging solution from Google. +* **Gotify** : [Gotify](https://gotify.net/) is a simple server for sending and receiving messages. Our Gotify server is hosted [here](https://gotify.simpleidserver.com/#/). + +The default notification method can be selected in the `Settings` tab. + +
    + +
    \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/overview.md b/website/versioned_docs/version-5.0.1/overview.md new file mode 100644 index 000000000..802ffc3d8 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/overview.md @@ -0,0 +1,41 @@ +# Overview + +import ClientCertificate from './images/clientcertificate.png'; +import Architecture from '@site/src/components/global/Architecture'; + +:::warning + +When attempting to authenticate with the Identity Provider or access the administration website, a prompt will appear, requesting user credentials. Please click the 'Cancel' button to proceed to the authentication screen. SimpleIdServer is configured by default to accept client certificates. + +
    + +
    +::: + +:::info + +Click on one of the elements in the architecture diagram to navigate through the documentation. + +::: + + + +SimpleIdServer is the first open-source project developed with .NET that comprehensively covers all aspects of an **Identity and Access Management** software + + + + + + + + + + + + + + + + + +
    IAM aspectsSimpleIdServer's features
    AuthenticationSupports multiple security protocols such as : OPENID, SAML2.0 and WS-Federation
    Configure one or more external identity providers, such as Facebook.
    Utilize various authentication methods such as Mobile application, OTP Code, Email, SMS and Login & Password.
    AuthorizationControl the user's permissions in one or more applications using Role-Based Access Control (RBAC).
    User managementConfigure one or more automatic identity provisioning workflows to fetch users automatically from LDAP and/or SCIM 2.0 REST API.
    Configure one or more manual identity provisioning workflows that can be used by the end-user to create an account.
    Central user repositoryOur SCIM 2.0 server can be used to store users and groups.
    \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/scim20.md b/website/versioned_docs/version-5.0.1/scim20.md new file mode 100644 index 000000000..6aef4bb98 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/scim20.md @@ -0,0 +1,374 @@ +# SCIM + +The SCIM server acts as a central repository where different representations coexist, including Users or Groups. + +It can be used by the [Identity Provider](../glossary) as a provisioning source. When a user is created or updated in SCIM, their local account in the [Identity Provider](../glossary) will be automatically created or updated. + +Only version 2.0 of SCIM is supported. + +## Storage + +The following storage options are supported. Each NuGet package contains migration scripts to create or update the database structure. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    NameNuget packageJSON PathValue
    SQLServerSimpleIdServer.Scim.SqlServerMigrations$.StorageConfiguration.ConnectionString
    $.StorageConfiguration.TypeSQLSERVER
    PostgresqlSimpleIdServer.Scim.PostgreMigrations$.StorageConfiguration.ConnectionString
    $.StorageConfiguration.TypePOSTGRE
    Mongodb$.StorageConfiguration.ConnectionString
    $.StorageConfiguration.TypeMONGODB
    MYSQLSimpleIdServer.Scim.MySQLMigrations$.StorageConfiguration.ConnectionString
    $.StorageConfiguration.TypeMYSQL
    + + +## Azure LDAP Provisioning + +To establish user provisioning from Azure Active Directory (AD) to the SCIM Endpoint, you can follow this tutorial [https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#integrate-your-scim-endpoint-with-the-azure-ad-provisioning-service](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#integrate-your-scim-endpoint-with-the-azure-ad-provisioning-service). + +When the provisioning mode is selected, the `Tenant URL` and `Secret Token` must be specified. + +![Create Organization Unit](images/azuread-1.png) + +Assign the value of the SCIM endpoint `http://localhost:5003` to the Tenant URL. +Set the Secret Token to one of the following values : + +| Owner | Value | +| -------- | ------------------------------------ | +| IdServer | ba521b3b-02f7-4a37-b03c-58f713bf88e7 | +| AzureAd | 1595a72a-2804-495d-8a8a-2c861e7a736a | + +:::warning + +When the user is provisioned from Azure AD to the SCIM server, the following exception can occur because, according to the [RFC SCIM CORE SCHEMA](https://datatracker.ietf.org/doc/html/draft-ietf-scim-core-schema,), the schema for user representation does not include a `primary` property in the `addresses` section. + +``` +SimpleIdServer.Scim.Exceptions.SCIMSchemaViolatedException: attribute primary is not recognized by the SCIM schema +``` + +If this property is required, edit the `UserSchema.json` file and add the following property under the `addresses` section : + +``` + { + "name": "primary", + "type": "boolean", + "multiValued": false, + "required": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none", + "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address. The primary attribute value 'true' MUST appear no more than once." + } +``` + +::: + +## Security + +By default, the API is protected by an API Key. +Any client wishing to execute an operation must include one of the following keys in the `Authorization` header. + +| Owner | Value | +| -------- | ------------------------------------ | +| IdServer | ba521b3b-02f7-4a37-b03c-58f713bf88e7 | +| AzureAd | 1595a72a-2804-495d-8a8a-2c861e7a736a | + +The keys have access to the following scopes + +| Scope | Description | +| -------------------- | --------------------------------- | +| query_scim_resource | Retrieve resource attributes | +| add_scim_resource | Add resource | +| delete_scim_resource | Delete resource | +| update_scim_resource | Update resource | +| bulk_scim_resource | Allows to execute bulk operations | + +## SCIM - Example messages + + +### POST User + +Minimal request for creating a user, username is the only mandatory field. + +**Request** + +``` +HTTP POST: https:///Users + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], + "externalId": "external", + "userName": "sid", + "name": { + "formatted": "formatted", + "givenName": "givenName", + "middleName": "middleName", + "familyName": "familyName" + } +} +``` + +**Response** + +``` +{ + "id": "6dc4ceb0-b376-4d4c-9ef0-e6c25e359754", + "userName": "sid", + "name": { + "formatted": "formatted", + "givenName": "givenName", + "middleName": "middleName", + "familyName": "familyName" + }, + "groups": [], + "photos": [], + "roles": [], + "emails": [], + "x509Certificates": [], + "ims": [], + "addresses": [], + "entitlements": [], + "phoneNumbers": [], + "meta": { + "resourceType": "User", + "created": "2023-06-12T11:12:45.0268402Z", + "lastModified": "2023-06-12T11:12:45.0269172Z", + "version": 0, + "location": "https://localhost:5003/Users/6dc4ceb0-b376-4d4c-9ef0-e6c25e359754" + }, + "externalId": "external", + "schemas": [ + "urn:ietf:params:scim:schemas:core:2.0:User" + ] +} +``` + +### GET User + +#### Get one user + +**Request** + +``` +HTTP GET: https://:5003/Users/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 +``` + +#### Search users + +**Request** + +``` +HTTP GET: https://:5003/Users?filter=(emails[type eq "home"]) and (active eq false) + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 +``` + +The filter parameter must contain at least one valid expression. Each expression must contain an attribute name followed by an attribute operator and optional value. + +The operators supported in the expression are listed below : + +| Operator | Description | Behavior | +| -------- | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| eq | equal | The attribute and operator values must be identical for a match. | +| ne | not equal | The attribute and operator values are not identical. | +| co | contains | The entire operator value must be a substring of the attribute value for a match. | +| sw | starts with | The entire operator value must be a substring of the attribute value, starting at the beginning of the attribute value. The criterion is satisfied if the two strings are identical. | +| ew | ends with | The entire operator value must be a substring of the attribute value, matching at the end of the attribute value. The criterion is satisfied if the two strings are identical. | +| pr | present (has value ) | If the attribute has a non-empty or non-null value, or if it contains a non-empty node for complex attributes, there is a match. | +| gt | greater than | If the attribute value is greater than the operator value, there is a match. | +| lt | less than | If the attribute value is less than the operator value, there is a match. | +| le | less than or equal to | If the attribute value is less than or equal to the operator value, there is a match. | + +### DELETE User + +**Request** + +``` +HTTP DELETE: https://:5003/Users/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 +``` + +### PATCH user + +#### Add one email address + +**Request** + +``` +HTTP PATCH: https://:5003/Users/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": [ + "urn:ietf:params:scim:api:messages:2.0:PatchOp" + ], + "Operations": [ + { + "op": "add", + "path": "emails", + "value": [ + { + "primary": true, + "value": "sid@gmail.com", + "type": "home" + } + ] + } + ] +} +``` + + +#### Remove one email address + +**Request** + +``` +HTTP PATCH: https://:5003/Users/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": [ + "urn:ietf:params:scim:api:messages:2.0:PatchOp" + ], + "Operations": [ + { + "op": "remove", + "path": "emails[type eq home]" + } + ] +} +``` + +#### Update Family name + +**Request** + +``` +HTTP PATCH: https://:5003/Users/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": [ + "urn:ietf:params:scim:api:messages:2.0:PatchOp" + ], + "Operations": [ + { + "op": "replace", + "path": "name.familyName", + "value": "newfamilyname" + } + ] +} +``` + +### ADD Group + +Request used for creating a group, displayName is the only mandatory field. + +**Request** + +``` +HTTP PATCH: https://:5003/Groups + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"], + "displayName": "administrator" +} +``` + +### PATCH Group + +#### Assign one user to a group + +**Request** + +``` +HTTP PATCH: https://:5003/Groups/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": [ + "urn:ietf:params:scim:api:messages:2.0:PatchOp" + ], + "Operations": [ + { + "op": "add", + "path": "members", + "value": { + "value": "{{userId}}" + } + } + ] +} +``` + +The user representation will contain a reference to the group in its `groups` property. + +#### Remove a user from a group + +``` +HTTP PATCH: https://:5003/Groups/ + +Authorization: Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +{ + "schemas": [ + "urn:ietf:params:scim:api:messages:2.0:PatchOp" + ], + "Operations": [ + { + "op": "remove", + "path": "members[value eq {{userId}}]" + } + ] +} +``` \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/ciba.md b/website/versioned_docs/version-5.0.1/tutorial/ciba.md new file mode 100644 index 000000000..ff93c0046 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/ciba.md @@ -0,0 +1,188 @@ +# Client-Initiated Backchannel Authentication (CIBA) + +import MobileNotification from './images/mobile-notification.png'; + +Client-Initiated Backchannel Authentication (CIBA) is an authentication flow where the client application initiates the authentication process on behalf of the end-user. +It is designed for scenarios where the end-user may not have a browser or cannot actively participate in the authentication process. + +According to the specification found at [https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html), Client-Initiated Backchannel Authentication (CIBA) is not applicable to Public Clients. Only Confidential Clients, such as Console Applications, Websites, or REST APIs, are eligible to use CIBA. + +The CIBA specification defines two types of devices: + +* `Consumption Device` : This device initiates the CIBA flow by interacting with the OPENID Server. +* `Authentication Device` : This device receives notifications coming from the OPENID Server. + +A classical use case is an E-Commerce REST API requesting an access token from the OPENID Server of the Bank. In this scenario, the `Consumption Device` is represented by the REST API, and the `Authentication Device` is the Bank Mobile Application. The Bank Mobile Application receives notifications from the OPENID Server. When the end-user accepts the consent, the Consumption Device can obtain an access token and interact with the Bank API to initiate the money transfer. + +In this tutorial, we will explain how to create a Console Application (`Consumption Device`) that initiates a CIBA Authentication Request and obtains an Access Token by polling the `Token` endpoint. + +The client will have the following configuration: + +| Configuration | Value | +| ---------------------------------------- | --------------- | +| Client Authentication Method | tls_client_auth | + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/DeviceUseCIBA). +::: + +To implement the CIBA in a console application, you'll need to follow the following steps. + +## 1. Configure a client certificate + +Utilize the administration UI to create a client certificate. + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. In the Certificate Authorities screen, choose a Certificate Authority from the available options. Remember that the selected Certificate Authority should be trusted by your machine. You can download the certificate and import it into the appropriate Certificate Store. +3. Click on the `Client Certificates` tab and then proceed to click on the `Add Client Certificate` button. +4. Set the value of the Subject Name to `CN=client` and click on the `Add` button. +5. Click on the `Download` button located next to the certificate. + +## 2. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. In the Clients screen, click on `Add client` button. +3. Choose `FAPI2.0`. +4. Select `Device` and click on next. +5. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ------------ | --------------- | +| Identifier | cibaConformance | +| Name | cibaConformance | +| Subject Name | CN=client | + +## 3. Create a consumption device + +Finally, create and configure a consumption device. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir DeviceUseCIBA +cd DeviceUseCIBA +mkdir src +dotnet new sln -n DeviceUseCIBA +``` + +2. Create a web project named `ConsoleApp` and install the `IdentityModel` NuGet package. + +``` +cd src +dotnet new console -n ConsoleApp +cd ConsoleApp +dotnet add package IdentityModel +``` + +3. Add the `ConsoleApp` project into your Visual Studio solution. + +``` +cd .. +dotnet sln add ./src/ConsoleApp/ConsoleApp.csproj +``` + +4. Edit the `Program.cs` file and copy the following code. + + +``` +using IdentityModel.Client; +using System.Security.Authentication; +using System.Security.Cryptography.X509Certificates; + +var certificate = new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "CN=client.pfx")); +var req = new BackchannelAuthenticationRequest() +{ + Address = "https://localhost:5001/master/mtls/bc-authorize", + ClientId = "cibaConformance", + Scope = "openid profile", + LoginHint = "user", + BindingMessage = "Message", + RequestedExpiry = 200 +}; +var handler = new HttpClientHandler(); +handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }; +handler.CheckCertificateRevocationList = false; +handler.ClientCertificateOptions = ClientCertificateOption.Manual; +handler.SslProtocols = SslProtocols.Tls12; +handler.ClientCertificates.Add(certificate); +var client = new HttpClient(handler); +var response = await client.RequestBackchannelAuthenticationAsync(req); + +bool cont = true; +while(cont) +{ + var tokenResponse = await client.RequestBackchannelAuthenticationTokenAsync(new BackchannelAuthenticationTokenRequest + { + Address = "https://localhost:5001/master/mtls/token", + ClientId = "cibaConformance", + AuthenticationRequestId = response.AuthenticationRequestId + }); + if(tokenResponse.IsError) + Console.WriteLine(tokenResponse.Error); + else + { + Console.WriteLine(tokenResponse.AccessToken); + cont = false; + } +} +``` + +5. Replace the `CN=client.pfx` certificate with the one you have previously downloaded. + +Once the consumption device is configured, you can choose one of the following push notification methods to receive the back channel authentication. + +## 3.1 Console notification method + +By default, the console notification method is configured in the settings of all users. + +When you run the consumption device, a `green message` will be displayed in the Identity Server instance. +Copy the URL from the browser and authenticate using the following credentials: + +| Credential | Value | +| ---------- | -------- | +| Login | user | +| Password | password | + + +Once the consent is granted, the access token will be displayed by the console application. + +## 3.2 Gotify notification method + +Before being able to use the Gotify Server as a notification method, you must check its configuration: + +1. Navigate to the details view of the `user`. +2. Under the notification mode, select `Gotify` and click on the `Save` button. +3. Open the `Authentications` screen and navigate to the `Gotify` authentication method. +4. Check the following parameters : + +| Parameter | Description | +| --------- | -------------------------------------- | +| BaseUrl | Url of the gotify service | +| Login | Login of the administration account | +| Password | Password of the administration account | + +Once the configuration of the Gotify Server is finished, the mobile application can be enrolled: + +1. Open the [Mobile application](../mobileapplication). +2. Click on the `Settings` tab. Next to the `Choose notification mode` option, select `Gotify`. +3. Browse the [Identity Server URL](https://openid.simpleidserver.com/master/Home/Profile), and authenticate with the `user` account. +4. Under the `Credentials` section, click on the `Mobile` to enroll the mobile application. +5. Set the Display name to `mobile` and click on the `Generate QR Code` button. + +![Generate QR Code](./images/generate-qr-code.png) + +6. Scan the QR code with your mobile application. If the mobile application is successfully enrolled, a success message should be displayed. + +![QR Code](./images/qr-code.png) + +The mobile application is ready to receive back-channel notifications. + +When you run the consumption device, a popup will be displayed in the mobile application. You can click on the `Accept` button. + +Once consent is granted, the access token will be displayed by the console application. + +
    + +
    \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/credentialissuer.md b/website/versioned_docs/version-5.0.1/tutorial/credentialissuer.md new file mode 100644 index 000000000..2f9bfee38 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/credentialissuer.md @@ -0,0 +1,112 @@ +# Credential issuer + +import VcQrCode from './images/vc-qr.png'; +import WalletCredential from './images/wallet-credential.png'; + +A credential issuer is a protected REST API capable of issuing Verifiable Credentials. + +The Digital Credentials Protocols (DPC) working group of the OPENID standard has authored a technical specification for developing Credential Issuers. For more information, please refer to the [official documentation](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html). + +In this article, we will develop a REST API for a University capable of issuing University degrees to its students. The REST API adheres to the following technical specifications: + +* Verifiable credentials are returned in the [ldp_vc](https://identity.foundation/claim-format-registry/#term:ldp-registry) format. +* The [did:key](https://w3c-ccg.github.io/did-method-key/) algorithm is utilized to transform the credential into a verifiable credential. + +## 1. Configure a scope + +If a `university_degree` scope is configured, then skip this step. + +Utilize the administration UI to configure a new scope : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Scopes screen, click on the `Add scope` button. +3. Select API value and click on next. +4. Fill-in the form like this and click on the Save button to confirm the creation. + +| Parameter | Value | +| ----------------- | ----------------- | +| Name | university_degree | +| Description | University degree | + +## 2. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at https://localhost:5002/master/clients. +2. In the Clients screen, click on `Add client` button. +3. Select `Credential Issuer`. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ------------- | ------------------------ | +| Identifier | CredentialIssuer | +| Secret | password | +| Name | Credential Issuer | +| Redirect URLS | https://localhost:5005/* | + +5. Click on the new client, then select the `Client scopes` tab click on the `Add client scope` button. Choose the `university_degree` scope and click on the `Save` button. + +## 3. Create credential issuer + +Create and configure the credential issuer API. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution : + +``` +mkdir CredentialIssuer +cd CredentialIssuer +mkdir src +dotnet new sln -n CredentialIssuer +``` + +2. Use the SimpleIderver template to create the credential issuer project : + +``` +cd src +dotnet new credissuer -n CredentialIssuer +``` + +3. Add the `CredentialIssuer` project into the solution : + +``` +cd .. +dotnet sln add ./src/CredentialIssuer/CredentialIssuer.csproj +``` + +By default, the CredentialIssuer project is configured to issue Verifiable Credentials, such as the `UniversityDegree`. + +The project configuration is located in the `CredentialIssuerConfiguration.cs` file, which contains the following properties: + +CredentialConfigurations: Definitions of credentials and the mapping rules with the user's claims. +CredentialClaims: Claims of the user. + +In a command prompt, navigate to the `src\CredentialIssuer` directory and launch the application. + +``` +dotnet run --urls=https://*:5005 +``` + +Please browse the following URL: [https://localhost:5005/credentials](https://localhost:5005/credentials). +The User-Agent will be automatically redirected to the OpenID server. Submit the following credentials and confirm the consent. You will then be redirected to a screen where your claims will be displayed. + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | + +Finally, click on the `Share` button next to the University Credential. +A QR will be displayed in a popup window : + +
    + +
    + +## 3. Enroll verifiable credentials + +If the mobile application is not yet installed, follow this [tutorial](../mobileapplication). + +Scan the QR code displayed by the credential issuer. If the enrollment is successful, a success message will be displayed. The verifiable credential is now visible in the `Wallet` tab. + +
    + +
    \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/delegation.md b/website/versioned_docs/version-5.0.1/tutorial/delegation.md new file mode 100644 index 000000000..8d842e77a --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/delegation.md @@ -0,0 +1,382 @@ +# Delegation or Impersonation + +There are situations in which a REST API needs to act on behalf of users or other clients. + +A subject can act on behalf of another subject in two ways: either through impersonation or delegation. + +**Impersonation** occurs when the subject in a token is indistinguishable from the original one. The recipient of the token will typically be unaware that impersonation is taking place. + +In case of a **Delegation** , a token contains explicit information that one subject delegates its rights to another entity. The call chain is preserved using the `act` claim. + +In this tutorial, we will implement the following delegation scenario. The `SecondAPI` REST API acts on behalf of the end-user. + +```mermaid +graph LR; + Website-->|Pass access token of the user|SecondAPI-->|Pass the impersonated access token|FirstAPI +``` + +1. The website calls a REST API to retrieve the list of shops. +2. The REST API uses the `urn:ietf:params:oauth:grant-type:token-exchange` grant type to receive an access token valid on the `shopApiOther` scope and acts on behalf of the authenticated user. This access token is used to access the second REST API. +3. The REST API receives the access token and checks its audience. + +## 1. Define the first permission + +1. Open the Identity Server website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. Open the Scopes screen and click on the `Add scope` button. +3. Select `API value` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ----------- | ------- | +| Name | shopApi | +| Description | shopApi | + +5. Navigate to the new scope, then select the `API Resources` tab and click on the `Add API resource` button. +6. Fill-in the form like this and click on the `Add` button to confirm the creation. + +| Parameter | Value | +| ----------- | ------- | +| Name | shopApi | +| Audience | shopApi | +| Description | shopApi | + +## 2. Define the second permission + +1. Open the Identity Server website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. Open the Scopes screen, click on the `Add scope` button. +3. Select `API value` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ----------- | ------------ | +| Name | shopApiOther | +| Description | shopApiOther | + +5. Navigate to the new scope, then select the `API Resources` tab and click on the `Add API resource` button. +6. Fill-in the form like this and click on the `Add` button to confirm the creation. + +| Parameter | Value | +| ----------- | ------------ | +| Name | shopApiOther | +| Audience | shopApiOther | +| Description | shopApiOther | + +## 3. Configure the website + +1. Open the Identity Server website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Client screen, click on the `Add client button`. +3. Select `web application` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | --------------------------------- | +| Identifier | delegationWebsite | +| Secret | password | +| Name | delegationWebsite | +| Redirection URLS | http://localhost:5004/signin-oidc | + +5. Click on the new client, then select the `Client scopes` tab and click on `Add client scope` button. Choose the `shopApi` scope and click on the `Save` button. + +## 4. Configure the API + +1. Open the Identity Server website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Client screen, click on the `Add client button`. +3. Select `machine` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | --------------------------------- | +| Identifier | firstDelegationApi | +| Secret | password | +| Name | firstDelegationApi | + +5. Click on the new client, in the `Details` tab, select the `Token exchange` grant-type, set the token exchange type to `Delegation` and click on the `Save` button. +6. Select the `Client scopes` tab and click on `Add client scope` button. Choose the `shopApiOther` scope and click on the `Save` button. + +## 5. Create the first API + +Create and configure the first REST.API service + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir Delegation +cd Delegation +mkdir src +dotnet new sln -n Delegation +``` + +2. Create a REST.API project named `ShopApiOther` and install the `Microsoft.AspNetCore.Authentication.JwtBearer` Nuget package. + +``` +cd src +dotnet new webapi -n ShopApiOther +cd ShopApiOther +dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer +``` + +3. Add the `ShopApiOther` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/ShopApiOther/ShopApiOther.csproj +``` + +4. Edit the file `ShopApiOther\Program.cs` and configure the JWT authentication. Additionally, add an Authorization policy named `Shops` that checks if the access token has the correct audience. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(options => +{ + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidAudiences = new List + { + "shopApiOther" + }, + ValidIssuers = new List + { + "https://localhost:5001/master" + } + }; +}); +builder.Services.AddAuthorization(options => +{ + options.AddPolicy("Shops", p => p.RequireAuthenticatedUser()); +}); +``` + +5. Add a `ShopsController` controller with one protected operation. + +``` +[ApiController] +[Route("shops")] +public class ShopsController : ControllerBase +{ + [HttpGet] + [Authorize("Shops")] + public IActionResult Get() + { + return new OkObjectResult(new[] { "shop1", "shop2" }); + } +} +``` + +6. In a command prompt, navigate to the `src\ShopApiOther` directory and launch the application. + +``` +dotnet run --urls=http://localhost:5006 +``` + +## 6. Create the second API + +Create and configure the second REST.API service + +1. Create a REST.API project named `ShopApi` and install the `Microsoft.AspNetCore.Authentication.JwtBearer` Nuget package. + +``` +cd src +dotnet new webapi -n ShopApi +cd ShopApi +dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer +``` + +3. Add the `ShopApi` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/ShopApi/ShopApi.csproj +``` + +4. Edit the file `ShopApi\Program.cs` and configure the JWT authentication. Additionally, add an Authorization policy named `Shops` that checks if the access token has the correct audience. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(options => +{ + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidAudiences = new List + { + "shopApi" + }, + ValidIssuers = new List + { + "https://localhost:5001/master" + } + }; +}); +builder.Services.AddAuthorization(options => +{ + options.AddPolicy("Shops", p => p.RequireAuthenticatedUser()); +}); +``` + +5. Add a `ShopsController` controller with one protected operation. It uses the `urn:ietf:params:oauth:grant-type:token-exchange` grant type to obtain an access token valid for the `shopApiOther` scope and utilizes it to make a call to the first REST API service. + +``` +[ApiController] +[Route("shops")] +public class ShopsController : ControllerBase +{ + [HttpGet] + [Authorize("Shops")] + public async Task Get() + { + const string url = "http://localhost:5006/shops"; + var accessToken = await GetAccessToken(); + using (var httpClient = new HttpClient()) + { + var requestMessage = new HttpRequestMessage(HttpMethod.Get, url); + requestMessage.Headers.Add("Authorization", $"Bearer {accessToken}"); + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var shopNames = JsonSerializer.Deserialize(json); + return new OkObjectResult(shopNames); + } + } + + private async Task GetAccessToken() + { + const string clientId = "firstDelegationAPi"; + const string clientSecret = "password"; + const string tokenUrl = "https://localhost:5001/master/token"; + var subjectToken = Request.Headers["Authorization"].ElementAt(0).Split(" ")[1]; + using (var httpClient = new HttpClient()) + { + var dic = new List> + { + new KeyValuePair("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange"), + new KeyValuePair("client_id", clientId), + new KeyValuePair("client_secret", clientSecret), + new KeyValuePair("subject_token", subjectToken), + new KeyValuePair("subject_token_type", "urn:ietf:params:oauth:token-type:access_token"), + new KeyValuePair("scope", "shopApiOther") + }; + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Post, + Content = new FormUrlEncodedContent(dic), + RequestUri = new Uri(tokenUrl) + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var accessToken = (JsonObject.Parse(json) as JsonObject).First(k => k.Key == "access_token").Value.ToString(); + return accessToken; + } + } +} +``` + +The access contains the following claims : + +| Claim | Description | Value | +| --------- | --------------------------------- | ----------------------- | +| sub | subject of the authenticated user | administrator | +| act | Contains the chain of delegation | \{act : sub : shopApi \} | +| scope | List of scopes | shopApiOther | +| aud | Audience | shopApiOther | +| client_id | Client identifier | delegationWebsite | + +6. In a command prompt, navigate to the `src\ShopApi` directory and launch the application. + +``` +dotnet run --urls=http://localhost:5005 +``` + +## 7. Create the website + +Create and configure an ASP.NET CORE application + +1. Create a web project named `Website` and install the Microsoft.AspNetCore.Authentication.OpenIdConnect NuGet package. + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect +``` + +2. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +3. Edit the `Program.cs` file and configure the OpenID authentication. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; +}) + .AddCookie("Cookies") + .AddOpenIdConnect("sid", options => + { + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "delegationWebsite"; + options.ClientSecret = "password"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + options.Scope.Add("shopApi"); + }); +... +app.UseCookiePolicy(new CookiePolicyOptions +{ + Secure = CookieSecurePolicy.Always +}); +app.UseHttpsRedirection(); +app.UseStaticFiles(); +app.UseRouting(); +app.UseAuthorization(); +``` + +4. Add a `ShopsController` controller with one protected operation. + +``` +public class ShopsController : Controller +{ + [Authorize] + public async Task Index() + { + var accessToken = await HttpContext.GetTokenAsync("access_token"); + const string url = "http://localhost:5005/shops"; + using(var httpClient = new HttpClient()) + { + var requestMessage = new HttpRequestMessage(HttpMethod.Get, url); + requestMessage.Headers.Add("Authorization", $"Bearer {accessToken}"); + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var shopNames = JsonSerializer.Deserialize(json); + return View(new ShopsViewModel { Shops = shopNames }); + } + } +} +``` + +5. Create a view `Views\Shops\Index.cshtml`with the following content. This view will display the names of the Shop. +6. In a command prompt, navigate to the `src\Website` directory and launch the application. + +``` +dotnet run --urls=http://localhost:5004 +``` + +Finally, browse the following URL: [http://localhost:5004/shops]([http://localhost:5004/shops). The User-Agent will be automatically redirected to the OpenID server. Submit the following credentials and confirm the consent. You will be redirected to the screen where the shops will be displayed. + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/grantmgt.md b/website/versioned_docs/version-5.0.1/tutorial/grantmgt.md new file mode 100644 index 000000000..c91315f46 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/grantmgt.md @@ -0,0 +1,517 @@ +# Grant Management + +Grant Management was introduced by FAPI 2.0. This standard aims to replace the various consent management APIs that have been developed in open banking markets, such as [OPEN BANKING UK](https://www.openbanking.org.uk/). + +These capabilities include + +* Granting access and returning a `grant_id`. +* Querying the details of a grant throught a `GET`. +* Update of a grant. +* Deletion of a grant. + +The standard also incorporates the use of `Rich Authorization Request (RAR)`. It enables clients to specify their detailed authorization requirements using the expressive nature of JSON data structures. For example: + +``` +{ + "type":"account_information", + "actions":[ + "list_accounts", + "read_balances", + "read_transactions" + ], + "locations":[ + "https://example.com/accounts" + ] +} +``` + +For more information please refer to the [official documentation](https://openid.net/specs/fapi-grant-management-01.html). + +The OPENBANKING UK Standard identifies two types of Third-Party Providers (`TPPs`): + +* Offer Account Information Services (`AISPs`) : gather read-only financial information.. +* Payment Initiation Services (`PISPs`) : can access and present financial information, but also move money from a user's bank account. + +In this tutorial, we will explain how to create an `AISP website` that fetches all the bank accounts of the authenticated user from an `Account REST.API Service`. + +* The authorization policy implemented by the REST API is basic. It checks if the access token contains at least one authorization data type equal to list_accounts. +* The Third-Party Website requires the user's consent to access the `list_accounts` Authorization Data as well as the `openid` and `profile` scopes. When the consent is accepted, the Website stores the `grant_id` returned by the Identity Server in an in-memory store. + +The `grant_id` can be used by the website to manage the lifecycle of a grant, which includes the following actions: + +* Querying the grant. +* Revoke the grant. + +The TPP website will have the following configuration: + +| Configuration | Value | +| ---------------------------------------- | ------------------------------------------------------------- | +| Client Authentication Method | tls_client_auth | +| Authorization Signed Response Algorithm | ES256 | +| Identity Token Signed Response Algorithm | ES256 | +| Request Object Signed Response Algorithm | ES256 | +| Pushed Authorization Request | Yes | +| Response Mode | jwt | +| Authorization Data Types | account_information | +| Scopes | grant_management_query grant_management_revoke openid profile | + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/FapiGrantManagement). +::: + +## 1. Configure client certificate + +Utilize the administration UI to create a client certificate. + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. In the Certificate Authorities screen, choose a Certificate Authority from the available options. Remember that the selected Certificate Authority should be trusted by your machine. You can download the certificate and import it into the appropriate Certificate Store. +3. Click on the `Client Certificates` tab and then proceed to click on the `Add Client Certificate` button. +4. Set the value of the Subject Name to `CN=fapiGrant` and click on the `Add` button. +5. Click on the `Download` button located next to the certificate. + +## 2. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. In the Clients screen, click on `Add client` button. +3. Select `FAPI2.0`. +4. Select `Grant Management` and click on next. +5. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Property | Value | +| ------------------------ | --------------------------------- | +| Identifier | fapiGrant | +| Secret | password | +| Name | fapiGrant | +| Redirection URLs | http://localhost:7000/callback/* | +| Authorization Data Types | account_information | +| Proof of Possession | Mutual-TLS Client Authentication | +| Subject Name | CN=fapiGrant | + +## 3. Create Account Info REST.API + +Create and configure an Account Info REST.API Service. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir FapiGrantManagement +cd FapiGrantManagement +mkdir src +dotnet new sln -n FapiGrantManagement +``` + +2. Create a web project named `AccountInfoApi` and install the `Microsoft.AspNetCore.Authentication.JwtBearer` NuGet package. + +``` +cd src +dotnet new webapi -n AccountInfoApi +cd AccountInfoApi +dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer +``` + +3. Add the `AccountInfoApi` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/AccountInfoApi/AccountInfoApi.csproj +``` + +4. In the file `AccountInfoApi\Program.cs`, modify the code to configure JWT authentication. Additionally, add an Authorization policy named `account_information` that verifies the correctness of the Authorization Details. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}) + .AddJwtBearer(options => + { + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateAudience = false, + ValidIssuers = new List + { + "https://localhost:5001/master" + } + }; + }); +builder.Services.AddAuthorization(b => +{ + b.AddPolicy("account_information", p => p.RequireAssertion(c => + { + var cl = c.User.Claims.First(c => c.Type == "authorization_details"); + return JsonObject.Parse(cl.Value)["type"].GetValue() == "account_information"; + })); +}); +``` + +5. Add a new controller called `AccountInfoController`. This controller should be responsible for returning the list of bank accounts. + +``` +[ApiController] +[Route("[controller]")] +[Authorize("account_information")] +public class AccountInfoController : ControllerBase +{ + [HttpGet(Name = "Accounts")] + public IEnumerable Get() + { + return new List { "BE91798829733676", "BE90321175762332", "BE56631811788388" }; + } +} +``` + +Now that your REST API is configured, you can launch it on port 7001. + +``` +dotnet run --urls=http://localhost:7001 +``` + + +## 4. Create TPP Website + +Finally, create and configure a TPP Website. + +1. Create a web project named `Website`. + +``` +cd src +dotnet new mvc -n Website +``` + +2. Add the `Website` project into your Visual Studio solution. + +``` +cd .. +dotnet sln add ./src/Website/Website.csproj +``` + +3. Add a `BankInfo` class into the `Models` directory. + +``` +namespace Website.Models; + +public class BankInfo +{ + public string Name { get; set; } = null!; + public string ClientId { get; set; } = null!; + public string ClientSecret { get; set; } = null!; + public string AuthorizationUrl { get; set; } = null!; + public string TokenUrl { get; set; } = null!; + public string GrantId { get; set; } = null!; +} +``` + +4. Create a `BankInfoStore` class that will be utilized to store the information of banks. + +``` +using Website.Models; + +namespace Website.Stores; + +public interface IBankInfoStore +{ + IQueryable GetAll(); + Task SaveChanges(CancellationToken cancellationToken); +} + +public class BankInfoStore : IBankInfoStore +{ + private readonly ICollection _bankInfos; + + public BankInfoStore(ICollection bankInfos) + { + _bankInfos = bankInfos; + } + + public IQueryable GetAll() => _bankInfos.AsQueryable(); + + public Task SaveChanges(CancellationToken cancellationToken) => Task.FromResult(1); +} +``` + +5. Create a `AccessTokenStore` class that will be used to store the access token. + +``` +namespace Website.Stores; + +public class AccessTokenStore +{ + private static AccessTokenStore _instance; + private Dictionary _accessTokens = new Dictionary(); + + private AccessTokenStore() { } + + public string GetAccessToken(string bankName) => _accessTokens[bankName]; + + public void Add(string bankName, string token) + { + if(_accessTokens.ContainsKey(bankName)) _accessTokens.Remove(bankName); + _accessTokens.Add(bankName, token); + } + + public static AccessTokenStore Instance() + { + if(_instance == null) _instance = new AccessTokenStore(); + return _instance; + } +} +``` + +6. In the `Program.cs` class, modify the code to register the dependencies and the certificate. Make sure to replace the certificate `CN=fapiGrant.pfx` with the one you downloaded earlier (step 1.5). + +``` +var certificate = new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "CN=fapiGrant.pfx")); +builder.Services.AddControllersWithViews(); +builder.Services.Configure(o => +{ + o.MTLSCertificate = certificate; +}); +builder.Services.AddSingleton(new BankInfoStore(new List +{ + new BankInfo { Name = "Bank", ClientId = "fapiGrant", AuthorizationUrl = "https://localhost:5001/master/authorization", ClientSecret = "password", TokenUrl = "https://localhost:5001/master/token" } +})); +``` + +7. In the `HomeController.cs` class, include a new action named `Callback`. This action will be invoked by the Identity Server once the authorization is granted. Inside this action, retrieve the `access_token` and `grant_id`, and then utilize the `AccessTokenStore`class to store these values. + +``` + [Route("callback/{bankName}")] + public async Task Callback(string bankName) + { + var bankInfo = _bankInfoStore.GetAll().First(b => b.Name == bankName); + var accessToken = await GetAccessToken(); + AccessTokenStore.Instance().Add(bankName, accessToken); + await _bankInfoStore.SaveChanges(CancellationToken.None); + return RedirectToAction("Index"); + + async Task GetAccessToken() + { + var authorizationCode = Request.Query["code"].First(); + var handler = new HttpClientHandler + { + ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }, + CheckCertificateRevocationList = false, + ClientCertificateOptions = ClientCertificateOption.Manual, + SslProtocols = SslProtocols.Tls12 + }; + handler.ClientCertificates.Add(_options.MTLSCertificate); + using (var httpClient = new HttpClient(handler)) + { + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Post, + RequestUri = new Uri(bankInfo.TokenUrl), + Content = new FormUrlEncodedContent(new Dictionary + { + { "client_id", bankInfo.ClientId }, + { "grant_type", "authorization_code" }, + { "code", authorizationCode }, + { "redirect_uri", $"{_options.CallbackUrl}/{bankName}" } + }) + }; + var httpResult = await httpClient.SendAsync(requestMessage); + var json = await httpResult.Content.ReadAsStringAsync(); + var jsonObj = JsonObject.Parse(json).AsObject(); + if (jsonObj.ContainsKey("grant_id")) + { + var grantId = jsonObj["grant_id"].GetValue(); + bankInfo.GrantId = grantId; + } + + return jsonObj["access_token"].GetValue(); + } + } + } +``` + +8. Create a controller named `BanksController` and paste the following content into it. This controller enables the end-user to link one or multiple bank accounts. + +``` +namespace Website.Controllers; + +public class BanksController : Controller +{ + private readonly IBankInfoStore _bankInfoStore; + private readonly WebsiteOptions _options; + + public BanksController(IBankInfoStore bankInfoStore, IOptions options) + { + _bankInfoStore = bankInfoStore; + _options = options.Value; + } + + public IActionResult Index() + { + var bankInfos = _bankInfoStore.GetAll().Select(b => new BankInfoViewModel + { + Name = b.Name + }); + return View(bankInfos); + } + + public IActionResult Link(string name) + { + var bankInfo = _bankInfoStore.GetAll().First(b => b.Name == name); + const string authorizationDetails = "{ \"type\" : \"account_information\", \"actions\" : [\"read\"] }"; + var url = $"{bankInfo.AuthorizationUrl}?client_id={bankInfo.ClientId}&redirect_uri={_options.CallbackUrl}/{name}&response_type=code&scope=openid profile&authorization_details={authorizationDetails}&grant_management_action=create"; + return Redirect(url); + } +} +``` + +9. Create a controller named `AccountsController`. This controller is responsible for displaying the information of the bank account. + +``` +namespace Website.Controllers; + +public class AccountsController : Controller +{ + private readonly IBankInfoStore _bankInfoStore; + private readonly WebsiteOptions _options; + + public AccountsController(IBankInfoStore bankInfoStore, IOptions options) + { + _bankInfoStore = bankInfoStore; + _options = options.Value; + } + + public IActionResult Index() + { + var result = _bankInfoStore.GetAll().Where(b => !string.IsNullOrWhiteSpace(b.GrantId)).Select(b => new GrantedBankInfoViewModel + { + GrantId = b.GrantId, + BankName = b.Name + }); + return View(result); + } + + public async Task Details(string bankName) + { + var accessToken = AccessTokenStore.Instance().GetAccessToken(bankName); + using (var httpClient = new HttpClient()) + { + var requestMessage = new HttpRequestMessage + { + Method = HttpMethod.Get, + RequestUri = new Uri(_options.AccountInfoUrl) + }; + requestMessage.Headers.Add("Authorization", $"Bearer {accessToken}"); + var httpResponse = await httpClient.SendAsync(requestMessage); + var json = await httpResponse.Content.ReadAsStringAsync(); + var viewModel = new BankDetailsViewModel + { + Name = bankName, + Accounts = JsonArray.Parse(json).AsArray().Select(x => x.GetValue()) + }; + return View(viewModel); + } + } +} +``` + +9. Finally add the following views : + +**Views\Banks\Index.cshtml** + +``` +@using Website.ViewModels; + +@{ + ViewData["Title"] = "Link a bank account"; +} + +@model IEnumerable + +

    Request account information

    + +
    + @foreach(var bankInfo in Model) + { + +
    +
    +
    +
    @bankInfo.Name
    +
    +
    +
    +     + } +
    +``` + +**Views\Accounts\Index.cshtml** + +``` +@using Website.ViewModels; + +@{ + ViewData["Title"] = "Link a bank account"; +} + +@model IEnumerable + +

    You've access to the following bank accounts

    + +
    + @foreach(var bankInfo in Model) + { + +
    +
    +
    +
    @bankInfo.BankName
    +

    The grant_id is @bankInfo.GrantId

    +
    +
    +
    +     + } +
    +``` + +**Views\Accounts\Details.cshtml** + +``` +@using Website.ViewModels; + +@{ + ViewData["Title"] = "Bank accounts"; +} + +@model BankDetailsViewModel + +

    @Model.Name

    + +

    List of accounts

    + +
      + @foreach(var account in Model.Accounts) + { +
    • + @account +
      • + } +
    +``` + +Now that your TPP website configured, you can launch it on port 7000. + +``` +dotnet run --urls=http://localhost:7000 +``` + +Browse the website [http://localhost:7000](http://localhost:7000) and then navigate to [http://localhost:7000/Banks](http://localhost:7000/Banks). + +Next, click on the `Bank` button, which will redirect you to the Identity Server. Authenticate using the following credentials and confirm the consent. + +Upon successful authentication, proceed to navigate to [http://localhost:7000/Accounts/Details?bankName=Bank](http://localhost:7000/Accounts/Details?bankName=Bank), where you will find the list of bank accounts displayed. + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/highlysecuredregularweb.md b/website/versioned_docs/version-5.0.1/tutorial/highlysecuredregularweb.md new file mode 100644 index 000000000..a4c95be1d --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/highlysecuredregularweb.md @@ -0,0 +1,306 @@ +# Highly Secured regular Web Application + +In this tutorial, we will provide a comprehensive explanation of the process involved in creating a highly secure regular Web Application that adheres to all the security recommendations outlined in the FAPI (Financial-grade API) specifications. The FAPI specifications can be found at [https://openid.net/specs/fapi-2_0-baseline.html#name-requirements-for-clients](https://openid.net/specs/fapi-2_0-baseline.html#name-requirements-for-clients) : + +* The client shall support `MTLS` or `DPoP` as mechanism for sender-constrained access tokens. +* The client shall include `request` or `request_uri` parameter as defined in Section 6 of [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) in the authentication request. +* If the Authorization Request is too large for example a [Rich Authorization Request](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-23), then it is recommended to use [Pushed Authorization Request (PAR)](https://datatracker.ietf.org/doc/html/rfc9126). +* [JWT-Secured OAUTH2.0 authorisation response](https://openid.net/specs/openid-financial-api-jarm.html) (JARM) is used to sign and / or encrypt the authorisation response, it protects against replay, credential leaks and mix-up attacks. +* The `PS256` or `ES256` algorithms must be used. + +Based on the algorithm you have chosen to implement for Proof of Possession, please refer to the appropriate chapter to configure your highly secure web application + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/HighlySecuredServersideWebsite). +::: + +## MTLS + +The website will be configured with the following settings: + +| Configuration | Value | +| ---------------------------------------- | --------------- | +| Client Authentication Method | tls_client_auth | +| Authorization Signed Response Algorithm | ES256 | +| Identity Token Signed Response Algorithm | ES256 | +| Request Object Signed Response Algorithm | ES256 | +| Pushed Authorization Request | Yes | +| Response Mode | jwt | + +To incorporate all the FAPI recommendations into your regular web application, it is necessary to follow the following steps: + +### 1. Configure client certificate + +Utilize the administration UI to create a client certificate. + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. In the Certificate Authorities screen, choose a Certificate Authority from the available options. Remember that the selected Certificate Authority should be trusted by your machine. You can download the certificate and import it into the appropriate Certificate Store. +3. Click on the `Client Certificates` tab and then proceed to click on the `Add Client Certificate` button. +4. Set the value of the Subject Name to `CN=websiteFAPI` and click on the `Add` button. +5. Click on the `Download` button located next to the certificate. + +### 2. Configure an application + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Clients screen, click on the `Add client` button. +3. Choose `FAPI2.0` template. +4. Select `Highly secure Web Application` and click on next. +5. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Property | Value | +| ----------------------- | --------------------------------- | +| Identifier | websiteFAPIMTLS | +| Secret | password | +| Name | websiteFAPIMTLS | +| Redirection URLs | http://localhost:5003/signin-oidc | +| Proof of Possession | Mutual-TLS Client Authentication | +| Subject Name | CN=websiteFAPI | + +6. The generated JSON Web Key will be displayed. Copy the corresponding value and save it in a text file. It will be used by the web application to construct a signed `request` parameter. + +Now your client is ready to be used, you can develop the regular website. + +### 3. Create ASP.NET CORE Application + +Finally, create and configure an ASP.NET CORE Application. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir HighlySecuredServersideWebsite +cd HighlySecuredServersideWebsite +mkdir src +dotnet new sln -n HighlySecuredServersideWebsite +``` + +:::info +This NuGet Package includes support for all the features provided by the official `Microsoft.AspNetCore.Authentication.OpenIdConnect` NuGet Package. +Additionally, it introduces new features such as the `tls_client_auth` Client Authentication Method and supports new authorization response types including `jwt`, `query.jwt`, `fragment.jwt`, `form_post.jwt`, `fragment.jwt`, `Pushed Authorization Request (PAR)` and `DPoP`. +::: + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package SimpleIdServer.OpenIdConnect +``` + +2. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +3. In the `Program.cs` file, make the following modifications to configure the OPENID authentication: Replace the content of the `JWK.json` file with the content from the file you copied earlier (step 2.5). Make sure to replace the certificate `CN=websiteFAPI.pfx` with the one you downloaded earlier (step 1.5). + +| Configuration | Value | +| ---------------------------------------- | --------------- | +| Client Authentication Method | tls_client_auth | +| Authorization Signed Response Algorithm | ES256 | +| Identity Token Signed Response Algorithm | ES256 | +| Request Object Signed Response Algorithm | ES256 | +| Pushed Authorization Request | Yes | +| Response Mode | jwt | + +``` + var certificate = new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "CN=websiteFAPI.pfx")); + var serializedJwk = File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "JWK.json")); + var jsonWebKey = JsonExtensions.DeserializeFromJson(serializedJwk); + builder.Services.AddAuthentication(options => + { + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; + }) + .AddCookie("Cookies") + .AddCustomOpenIdConnect("sid", options => + { + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.ResponseMode = "jwt"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "websiteFAPIMTLS"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + options.UseMTLSProof(certificate, new SigningCredentials(jsonWebKey, jsonWebKey.Alg)); + }); +``` + +4. Add a `ClaimsController` controller with one protected operation. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public IActionResult Index() + { + return View(); + } +} +``` + +5. Create a view `Views\Claims\Index.cshtml` with the following content. This view will display all the claims of the authenticated user. + +``` +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    +``` + +6. In a command prompt, navigate to the directory `src\Website` and launch the application. + +``` +dotnet run --urls=http://localhost:5003 +``` + +Finally, browse the following URL: [http://localhost:5003/claims](http://localhost:5003/claims). The User-Agent will be automatically redirected to the OpenID server. +Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | + +## DPoP + +The website will be configured with the following settings: + +| Configuration | Value | +| ---------------------------------------- | --------------- | +| Client Authentication Method | private_key_jwt | +| Authorization Signed Response Algorithm | ES256 | +| Identity Token Signed Response Algorithm | ES256 | +| Request Object Signed Response Algorithm | ES256 | +| Pushed Authorization Request | Yes | +| Response Mode | jwt | + +To incorporate all the FAPI recommendations into your regular web application, it is necessary to follow the following steps: + +### 1. Configure an application + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Clients screen, click on the `Add client` button. +3. Choose `FAPI2.0` template. +4. Select `Highly secure Web Application` and click on next. +5. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Property | Value | +| ----------------------- | --------------------------------- | +| Identifier | websiteFAPIDPoP | +| Secret | password | +| Name | websiteFAPIDPoP | +| Redirection URLs | http://localhost:5003/signin-oidc | +| Proof of Possession | DPoP | + +6. The generated JSON Web Key will be displayed. Copy the corresponding value and save it in a text file. It will be used by the web application to construct a signed `request` parameter and a signed `DPoP Proof`. + +Now your client is ready to be used, you can develop the regular website. + + +### 2. Create ASP.NET CORE Application + +Finally, create and configure an ASP.NET CORE Application. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir HighlySecuredServersideWebsite +cd HighlySecuredServersideWebsite +mkdir src +dotnet new sln -n HighlySecuredServersideWebsite +``` + +:::info +This NuGet Package includes support for all the features provided by the official `Microsoft.AspNetCore.Authentication.OpenIdConnect` NuGet Package. +Additionally, it introduces new features such as the `tls_client_auth` Client Authentication Method and supports new authorization response types including `jwt`, `query.jwt`, `fragment.jwt`, `form_post.jwt`, `fragment.jwt`, `Pushed Authorization Request (PAR)` and `DPoP`. +::: + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package SimpleIdServer.OpenIdConnect +``` + +2. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +3. In the `Program.cs` file, make the following modifications to configure the OPENID authentication: Replace the content of the `JWK.json` file with the content from the file you copied earlier (step 2.5). + +| Configuration | Value | +| ---------------------------------------- | --------------- | +| Client Authentication Method | private_key_jwt | +| Authorization Signed Response Algorithm | ES256 | +| Identity Token Signed Response Algorithm | ES256 | +| Request Object Signed Response Algorithm | ES256 | +| Pushed Authorization Request | Yes | +| Response Mode | jwt | + +``` + var serializedJwk = File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "JWK.json")); + var jwk = JsonExtensions.DeserializeFromJson(serializedJwk); + builder.Services.AddAuthentication(options => + { + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; + }) + .AddCookie("Cookies") + .AddCustomOpenIdConnect("sid", options => + { + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.ResponseMode = "jwt"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "websiteFAPIDPoP"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + options.UseDPoPProof(new SigningCredentials(jwk, jwk.Alg)); + }); +``` + +4. Add a `ClaimsController` controller with one protected operation. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public IActionResult Index() + { + return View(); + } +} +``` + +5. Create a view `Views\Claims\Index.cshtml` with the following content. This view will display all the claims of the authenticated user. + +``` +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    +``` + +6. In a command prompt, navigate to the directory `src\Website` and launch the application. + +``` +dotnet run --urls=http://localhost:5003 +``` + +Finally, browse the following URL: [http://localhost:5003/claims](http://localhost:5003/claims). The User-Agent will be automatically redirected to the OpenID server. +Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/generate-qr-code.png b/website/versioned_docs/version-5.0.1/tutorial/images/generate-qr-code.png new file mode 100644 index 000000000..f5a270098 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/generate-qr-code.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/ldap-1.png b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-1.png new file mode 100644 index 000000000..c4d3f3c33 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-1.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/ldap-2.png b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-2.png new file mode 100644 index 000000000..7a95d515b Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-2.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/ldap-3.png b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-3.png new file mode 100644 index 000000000..e7e13ceb0 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-3.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/ldap-4.png b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-4.png new file mode 100644 index 000000000..2ee9a7741 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-4.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/ldap-5.png b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-5.png new file mode 100644 index 000000000..682421c61 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-5.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/ldap-6.png b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-6.png new file mode 100644 index 000000000..8d4fd7734 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/ldap-6.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/mobile-notification.png b/website/versioned_docs/version-5.0.1/tutorial/images/mobile-notification.png new file mode 100644 index 000000000..a870229a0 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/mobile-notification.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/openidfederation.png b/website/versioned_docs/version-5.0.1/tutorial/images/openidfederation.png new file mode 100644 index 000000000..3bb93bd2a Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/openidfederation.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/pki.png b/website/versioned_docs/version-5.0.1/tutorial/images/pki.png new file mode 100644 index 000000000..e78f11a67 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/pki.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/qr-code.png b/website/versioned_docs/version-5.0.1/tutorial/images/qr-code.png new file mode 100644 index 000000000..88ff5539e Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/qr-code.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/scim-1.png b/website/versioned_docs/version-5.0.1/tutorial/images/scim-1.png new file mode 100644 index 000000000..551e89b15 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/scim-1.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/scim-2.png b/website/versioned_docs/version-5.0.1/tutorial/images/scim-2.png new file mode 100644 index 000000000..822acd2ce Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/scim-2.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/spa-1.png b/website/versioned_docs/version-5.0.1/tutorial/images/spa-1.png new file mode 100644 index 000000000..4384f99da Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/spa-1.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/spa-2.png b/website/versioned_docs/version-5.0.1/tutorial/images/spa-2.png new file mode 100644 index 000000000..9f0e21443 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/spa-2.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/vc-qr.png b/website/versioned_docs/version-5.0.1/tutorial/images/vc-qr.png new file mode 100644 index 000000000..406d110d7 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/vc-qr.png differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/images/wallet-credential.PNG b/website/versioned_docs/version-5.0.1/tutorial/images/wallet-credential.PNG new file mode 100644 index 000000000..25d1abd05 Binary files /dev/null and b/website/versioned_docs/version-5.0.1/tutorial/images/wallet-credential.PNG differ diff --git a/website/versioned_docs/version-5.0.1/tutorial/ldap.md b/website/versioned_docs/version-5.0.1/tutorial/ldap.md new file mode 100644 index 000000000..9080164f3 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/ldap.md @@ -0,0 +1,147 @@ + +import Ldap1 from './images/ldap-1.png'; +import Ldap2 from './images/ldap-2.png'; +import Ldap3 from './images/ldap-3.png'; + +# LDAP - Identity Provisioning + +Users stored in the LDAP repository can be imported into the Identity Server. + +In this tutorial, we will explain how to import users from [OPENLDAP](https://www.openldap.org/) to the Identity Server. + +## Install OPENLDAP + +Before proceeding further, please ensure that Docker is installed on your machine. + +Open a command prompt and launch an OPENLDAP instance by executing the following command line: + +``` +docker run -p 389:389 -p 636:636 --name ldap-service -h ldap-service -e LDAP_ORGANISATION="XL" -e LDAP_DOMAIN="xl.com" -e LDAP_ADMIN_PASSWORD="password" -d osixia/openldap:latest +``` + +This command exposes LDAP over port 389 and LDAPS over port 636. + +## Create some users + +Download and install [Apache Directory Studio](https://directory.apache.org/studio/downloads.html). + +Authenticate as an admin with the appropriate login DN : + +``` +Login Credentials: +ID : cn=admin,dc=xl,dc=com +Password: password +``` + + +Under `dc=xl,dc=com`, create an entry with the object class `Organizational Unit (organizationalUnit)`. +The `ou` attribute of this entry should be set to `people`. +This entry will contain the users who will be migrated to the Identity Server. + +
    + +
    + + +Under `ou=people`, add two entries, each containing two object classes: `Organizational Person (organizationalPerson)` and `person`. + +The first user should have the following attributes and a password set to `password`. + + +| Attribute | Value | +| ------------ | -------------------- | +| objectClass | organizationalPerson | +| objectClass | person | +| cn | firstUser | +| sn | firstUser | +| userPassword | password | + +
    + +
    + +The second user should have the following attributes. + +| Attribute | Value | +| ----------- | -------------------- | +| objectClass | organizationalPerson | +| objectClass | person | +| cn | secondUser | +| sn | secondUser | + +
    + +
    + +Now that there is an up and running OPENLDAP server with two users, you can utilize the administration website to import both users. + +## Extract + +Browse the [administration UI](http://localhost:5002), navigate to the `Identity Provisioning` screen, and click on `LDAP`. + + +In the `Properties` tab, you can update the attributes of the extraction job + +| Field | Description | Default value | +| --------------------------- | --------------------------------------------------------------------------------------------------- | ------------- | +| Server | - | localhost | +| Port | - | 389 | +| Bind DN | DN of the LDAP admin, which will be used by IdServer to access LDAP Server | cn=admin,dc=xl,dc=com | +| Bind Credentials | Password of LDAP admin | password | +| Users DN | Full DN of LDAP tree where users are | ou=people,dc=xl,dc=com | +| User object classes | All values of LDAP objectClass attribute for users in LDAP, divided by commas | organizationalPerson,person | +| Groups DN | Full DN of LDAP tree where groups are | ou=groups,dc=xl,dc=com | +| Group object classes | All values of LDAP objectClass attribute for groups in LDAP, divided by commas | posixGroup | +| Membership Group LDAP Attribute | It is the name of the LDAP Attribute on the group, which is used for membership mappings, for example memberUid | memberUid | +| Membership User LDAP Attribute | It is the name of the LDAP Attribute on the user, which is used for membership mappings, for example uidNumber | uidNumber | +| User Groups Retrieve Strategy | Membership User LDAP Attribute | LOAD_BY_MEMBER_ATTRIBUTE | +| User Identifier LDAP Attribute | Name of the LDAP attribute, which is used as a unique object identifier for objects in LDAP, objectSID for Active Directory or uidNumber of Open Ldap | uidNumber | +| Group Identifier LDAP Attribute | Name of the LDAP attribute, which is used as a unique object identifier for objects in LDAP, objectSID for Active Directory or gidNumber of Open Ldap | gidNumber | +| Modification Date Attribute | Name of the LDAP Attribute, which is used as the modification date for objects in LDAP | modificationDate | +| Batch Size | Number of records | 1 | + +:::warning + +If the **UUID LDAP Attribute** does not exist, then the FULL DN is used as the unique identifier. + +If the **Modification Date Attribute** does not exist, the extracted users cannot be versioned. Therefore, even if no modifications have been made to the users since the last extraction, all users will be extracted in the next execution. + +::: + +In the scope of this tutorial, the default values are correct and should not be updated. + + +The `Mapping Rules` tab contains the rules used by IdServer to map properties from OPENLDAP to user attributes / properties. + +![Mapping rules](./images/ldap-4.png) + +Before initiating the extraction, ensure that both the Identity Server and the Administration UI are running/launched. + +Click on the `Histories` tab and then click on the `Launch` button. + +Wait for a few seconds and then refresh the page. A new line should appear in the table indicating that 2 records have been extracted from LDAP. + +![Exported users](./images/ldap-5.png) + +## Import + + +Navigate to the `Identity Provisioning` screen and click on the `Import` button. + +Wait for a few seconds and then refresh the page. A new line should appear in the table indicating that 2 records have been imported into the Identity Server. + +Both users are visible on the Users screen. + +![Users](./images/ldap-6.png) + +## Authenticate + + +Browse the [Identity Server](https://localhost:5001/master) and click on the Authenticate button. + +Authenticate using the following credentials. You are now authenticated with a user coming from OPENLDAP. + +``` +Login : firstUser +Password : password +``` \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/m2m.md b/website/versioned_docs/version-5.0.1/tutorial/m2m.md new file mode 100644 index 000000000..2e19e37e8 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/m2m.md @@ -0,0 +1,100 @@ +# Machine to Machine (M2M) + +Machine-to-machine communication (M2M communication) refers to the direct interaction and exchange of data between two or more machines without human intervention. +It involves the automated exchange of information, commands, or instructions between devices or systems. + +The appropriate grant type to use is typically the `Client Credentials Grant`. The Client Credentials Grant allows the machine (client) to authenticate itself directly with the authorization server using its own credentials, such as a client ID and client secret. This grant type is suitable when the machine needs to access protected resources on behalf of itself, without involving any end-user interactions. + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/RequestAccessTokenM2M). +::: + +To implement the M2M communication in a console application, you'll need to follow the following steps. + +## 1. Configure a scope + +If a `read` scope is configured, then skip this step. + +Utilize the administration UI to configure a new scope : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Scopes screen, click on the `Add scope` button. +3. Select `API value` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ----------- | ----- | +| Name | read | +| Description | Read | + +5. Navigate to the new scope, then select the `API Resources` tab and click on the `Add API resource` button. +6. Fill-in the form like this and click on the `Add` button to confirm the creation. + +| Parameter | Value | +| --------- | -------- | +| Name | shopApi | +| Value | Shop API | + +## 2. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Clients screen, click on the `Add client` button. +3. Select `Machine` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | ---------------------------------- | +| Identifier | m2m | +| Secret | password | +| Name | m2m | + +5. Click on the new client, then select the `Client scopes` tab and click on the `Add client` scope button. Choose the `read` scope and click on the `Save` button. + +## 3. Create a console application + +Finally, create and configure a Console Application project. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir RequestAccessTokenM2M +cd RequestAccessTokenM2M +mkdir src +dotnet new sln -n RequestAccessTokenM2M +``` + +2. Create a console application project named `ConsoleApp` + +``` +cd src +dotnet new console -n ConsoleApp +``` + +3. Add the `ConsoleApp` project into your Visual Studio solution. + +``` +cd .. +dotnet sln add ./src/ConsoleApp/ConsoleApp.csproj +``` + +4. Edit the `Program.cs` file and copy the following code. This code executes an HTTP request to obtain an Access Token. + +``` +using (var httpClient = new HttpClient()) +{ + var form = new Dictionary + { + { "grant_type", "client_credentials" }, + { "client_id", "m2m" }, + { "client_secret", "password" }, + { "scope", "read" } + }; + var tokenResponse = httpClient.PostAsync("https://localhost:5001/master/token", new FormUrlEncodedContent(form)).Result; + var json = tokenResponse.Content.ReadAsStringAsync().Result; + System.Console.WriteLine(json); +} +``` + +When you run the Console Application, the Access Token will be displayed. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/openidfederation.md b/website/versioned_docs/version-5.0.1/tutorial/openidfederation.md new file mode 100644 index 000000000..f05106c19 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/openidfederation.md @@ -0,0 +1,415 @@ +# Openid Federation + +The OpenID Federation specification was officially published by the OpenID Connect Working Group on May 31, 2024. + +The objective of this new specification is to establish a trust relationship between the OpenID server and the relying parties. +Therefore, the manual provisioning of the relying parties via a web portal or a dedicated REST API will no longer be needed. + +There are several advantages to using OpenID Federation: + +* Less human administration. +* Relying parties can manage their properties, such as the redirect_uri. +* Easily establish a trust relationship between the OpenID server and the relying party. + +The OpenID Federation is already required by other technologies, such as the issuance of [Verifiable Credentials](https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#section-11.2). +In this context, the OpenID Federation is used to establish a trust relationship between an electronic wallet/verifier and a credential issuer. +Suppose both applications adhere to a known trust scheme, for example, `BSc chemistry degree`. +In that case, the electronic wallet will be able to call its federation API to determine if the credential issuer is indeed a member of the federation/trust scheme that it claims to be. + +For more information about the interactions between the electronic wallet and the credential issuer, you can refer to the [official documentation](https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html). + +This specification takes all its concepts from the Public Key Infrastructure (PKI), but there are some differences between the two: + +* The Public Key Infrastructure uses certificates, and the Certificate Authority is installed in the Trusted Root Certificate Authorities certificate store. It contains the root certificates of all CAs that Windows trusts. + +* The OpenID Federation uses Entity Statements. Each entity involved in the trust chain has a REST API that exposes some operations described in the [specification](https://openid.net/specs/openid-federation-1_0.html). + +Before proceeding further, we will explain the Public Key Infrastructure. + +## Chain of trust in Public Key Infrastructure (PKI) + +The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking, and confidential email. + +PKI uses cryptographic public keys that are connected to a digital certificate, which authenticates the device or user sending the digital communication. Digital certificates are issued by a trusted source, a certificate authority (CA), and act as a type of digital passport to ensure that the sender is who they say they are. + +The client who receives a digital certificate, for example, a browser visiting a secure website, validates if the issuer of this certificate exists in its list of trusted root certificates. If there is no match, the client tries to resolve the chain of trust by finding the trusted root certificate authority that has signed the issuing CA certificate. + +The chain of trust is an important concept because it proves that the certificate comes from a trusted source. The usage of a certificate store is sufficient to resolve a chain of trust. + +There are three basic types of entities that comprise a valid chain of trust: + +* **Root CA certificate** : The Root CA certificate is a self-signed X.509 certificate. This certificate acts as a trust anchor, used by all the relying parties as the starting point for path validation. The Root CA private key is used to sign the Intermediate CA certificates. + +* **Intermediate CA certificate** : The Intermediate CA certificate sits between the Root CA certificate and the end entity certificate. The Intermediate CA certificate signs the end entity certificates. + +* **End-Entity certificate** : The End-Entity certificate is the server certificate that is issued to the website domain. + +![Public Key Infrastructure](./images/pki.png) + +This chain of trust is also present in the OpenID Federation specification. + +## Chain of trust in OPENID federation + +The chain of trust in the OpenID Federation is made up of more than two Entity Statements. + +An Entity Statement is a signed JSON Web Token (JWT). The subject of the JWT is the entity itself. The issuer of the JWT is the party that issued the Entity Statement. All entities in a federation publish an Entity Statement about themselves called an Entity Configuration. + +Entities whose statements build a trust chain are categorized as: + +* **Trust anchor** : An entity that represents a trusted third party. + +* **Leaf** : In an OpenID Connect identity federation, a relying party or a protected resource. + +* **Intermediate** : Neither a leaf entity nor a trust anchor. + +![Openid federation trust chain](./images/openidfederation.png) + +The resolution of the trust chain is more complex than that present in the Public Key Infrastructure. + +Consider the following entities: + +* **Relying party** : http://localhost:7001 + +* **Trust anchor** : http://localhost:7000 + +The algorithm used to fetch the trust chain consists of the following actions: + +1. Retrieve the entity configuration from the endpoint `http://localhost:7001/.well-known/openid-federation`. + +2. Store the JSON Web Token into the trust chain. + +3. Parse the JSON Web Token and retrieve the list of `authority_hints` from the payload. + +4. For each record in the `authority_hints`, execute the following actions : + + 4.1. Retrieve the entity configuration from the `authority_hint` (`/.well-known/openid-federation`). + + 4.2. Parse the JSON Web Token and extract the `federation_fetch_endpoint`. + + 4.3. Fetch the entity configuration of the relying party `http://localhost:7001` (`/?sub=http://localhost:7000`) and store the result into the trust chain. + +5. The last entity configuration coming from the `/.well-known/openid-federation` is the trust anchor and must be stored into the trust chain. + +In the end, the trust chain must contain three records. + +## Difference between PKI and OPENID federation + +The structure of the trust chain between both technologies is similar and consists of the same components. +The difference lies in the terminology of the entities used and their nature. +In PKI, an entity is a certificate; however, in OpenID Federation, an entity is represented as an Entity Statement. + +| PKI | Openid federation | +| --------------------------- | ----------------- | +| Root CA certificate | Trust anchor | +| Intermediate CA certificate | Intermediate | +| End-entity certificate | Leaf | + +The trust chain algorithm proposed by OpenID Federation is more complex than the one used by PKI. +In OpenID Federation, a set of HTTP requests is executed to retrieve a list of Entity Statements, whereas in PKI, only the certificate store is used. + +Now that you understand the differences between PKI and OpenID Federation, we will explain how a relying party can register itself against an OpenID Identity Server. + +## Client registration + +There are two approaches to establish trust between a relying party and an identity provider: automatic registration and explicit registration. + +### Automatic registration + +Automatic registration enables a relying party to make authentication requests without a prior registration step with the identity provider. Once the authorization request is received by the identity provider, it will use the client identifier to resolve the chain of trust and check its validity. For more information about this type of registration, refer to the [documentation](https://openid.net/specs/openid-federation-1_0.html#section-12.1). +If the chain of trust is valid, then the client will be registered. + +### Explicit registration + +The relying party establishes its client registration with the identity provider by means of a dedicated registration request, similar to the [Openid Registration](https://openid.net/specs/openid-connect-registration-1_0.html). However, instead of its metadata, the relying party submits its Entity Configuration or an entire trust chain. When the explicit registration is completed, the relying party can proceed to make regular OpenID authentication requests to the identity provider. + +The expiration time of the client corresponds to the minimum of the expiration time of the trust chain. +When the client expires, the identity provider tries to refresh the trust chain and update the metadata of the client accordingly. + +In the next chapter, we will describe how to implement the OpenID Federation with .NET Core. + +## Demo + +In this demo, we will create a solution with three projects. + +| Project | Url | +| ----------------- | ---------------------- | +| Relying Party | http://localhost:7001 | +| Trust anchor | http://localhost:7000 | +| Identity Provider | https://localhost:5001 | + +### 1. Create the trust anchor project + +Create and configure the trust anchor project. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir OpenidFederation +cd OpenidFederation +mkdir src +dotnet new sln -n OpenidFederation +``` + +2. Create a REST.API project named `TaApi` and install the Nuget packages `SimpleIdServer.Authority.Federation` and `SimpleIdServer.OpenidFederation.Store.EF`. + +``` +cd src +dotnet new webapi -n TaApi +cd TaApi +dotnet add package SimpleIdServer.Authority.Federation +dotnet add package SimpleIdServer.OpenidFederation.Store.EF +``` + +3. Add the `TaApi` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/TaApi/TaApi.csproj +``` + +4. Edit the file `TaApi\Program.cs` and configure the Openid federation. + +``` +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.OpenidFederation.Domains; +using SimpleIdServer.OpenidFederation.Store.EF; +using System.Security.Cryptography; + +var builder = WebApplication.CreateBuilder(args); +builder.Services.AddControllers(); +builder.Services.AddDistributedMemoryCache(); +builder.Services.AddAuthorityFederation(o => +{ + o.OrganizationName = "Trust anchor"; + o.SigningCredentials = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "taId" }, SecurityAlgorithms.RsaSha256); +}); +builder.Services.AddOpenidFederationStore(); + +var app = builder.Build(); +AddTrustedEntities(app.Services); +app.MapControllers(); +app.Run(); + +static void AddTrustedEntities(IServiceProvider services) +{ + using (var scope = services.CreateScope()) + { + var dbContext = scope.ServiceProvider.GetRequiredService(); + dbContext.FederationEntities.AddRange(new List + { + new FederationEntity + { + Id = Guid.NewGuid().ToString(), + Sub = "http://localhost:7001", + Realm = string.Empty, + IsSubordinate = true + } + }); + dbContext.SaveChanges(); + } +} +``` + +5. Run the application on the url `http://localhost:7000`. + +``` +dotnet run --urls=http://localhost:7000 +``` + +### 2. Configure the trust anchor + +Utilize the administration UI to add a trust anchor : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). + +2. On the Trust anchors screen, click on the `Add federation entity` button. + +3. Select `Trust anchor` and click on next. + +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| --------- | --------------------- | +| Url | http://localhost:7000 | + +### 3. Create the relying party project + +Create and configure the relying party project. + +1. Create a REST.API project named `RpApi` and install the Nuget packages `SimpleIdServer.OpenIdConnect`, `SimpleIdServer.OpenidFederation.Store.EF` and `SimpleIdServer.Rp.Federation`. + +``` +cd src +dotnet new mvc -n RpApi +cd RpApi +dotnet add package SimpleIdServer.OpenIdConnect +dotnet add package SimpleIdServer.OpenidFederation.Store.EF +dotnet add package SimpleIdServer.Rp.Federation +``` + +2. Add the `RpApi` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/RpApi/RpApi.csproj +``` + +3. Edit the file `RpApi\Program.cs` and configure the Openid federation. + +``` +using Microsoft.IdentityModel.Tokens; +using SimpleIdServer.IdServer.Domains; +using SimpleIdServer.OpenidFederation.Domains; +using SimpleIdServer.OpenidFederation.Store.EF; +using System.Security.Cryptography; + +var builder = WebApplication.CreateBuilder(args); +var signatureCredentials = new SigningCredentials(new RsaSecurityKey(RSA.Create()) { KeyId = "raId" }, SecurityAlgorithms.RsaSha256); + +var jsonWebKey = signatureCredentials.SerializePublicJWK(); +jsonWebKey.Alg = SecurityAlgorithms.RsaSha256; +jsonWebKey.Use = "sig"; + +builder.Services.AddDistributedMemoryCache(); +builder.Services.AddRpFederation(r => +{ + r.Client = new SimpleIdServer.IdServer.Domains.Client + { + ClientId = "http://localhost:7001", + RedirectionUrls = new List + { + "http://localhost:7001/signin-oidc" + }, + ClientRegistrationTypesSupported = new List + { + "automatic" + }, + RequestObjectSigningAlg = SecurityAlgorithms.RsaSha256, + Scopes = new List + { + new Scope + { + Name = "openid" + }, + new Scope + { + Name = "profile" + } + }, + ResponseTypes = new List + { + "code" + }, + GrantTypes = new List + { + "authorization_code" + }, + TokenEndPointAuthMethod = "private_key_jwt" + }; + r.Client.Add(jsonWebKey.Kid, jsonWebKey, "sig", SecurityKeyTypes.RSA); + r.SigningCredentials = signatureCredentials; +}); +builder.Services.AddOpenidFederationStore(); +builder.Services.AddControllersWithViews(); +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; +}) + .AddCookie("Cookies") + .AddCustomOpenIdConnect("sid", options => + { + + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "http://localhost:7001"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + options.UseFederationAutomaticRegistration(signatureCredentials); + }); + +var app = builder.Build(); +AddTrustedEntities(app.Services); +app.UseHttpsRedirection(); +app.UseStaticFiles(); +app.UseRouting(); +app.UseAuthorization(); +app.MapControllerRoute( + name: "default", + pattern: "{controller=Home}/{action=Index}/{id?}"); + +app.Run(); +static void AddTrustedEntities(IServiceProvider services) +{ + using (var scope = services.CreateScope()) + { + var dbContext = scope.ServiceProvider.GetRequiredService(); + dbContext.FederationEntities.AddRange(new List + { + new FederationEntity + { + Id = Guid.NewGuid().ToString(), + Sub = "http://localhost:7000", + Realm = string.Empty, + IsSubordinate = false + } + }); + dbContext.SaveChanges(); + } +} +``` + +4. Add the `ClaimsController`. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public async Task Index() + { + var accessToken = await HttpContext.GetTokenAsync("access_token"); + return View(new ClaimsViewModel + { + AccessToken = accessToken + }); + } +} +``` + +5. Add the `ClaimsViewModel`. + +``` +public class ClaimsViewModel +{ + public string AccessToken { get; set; } +} +``` + +6. Add the `Claims` view. + +``` +@model RpApi.ViewModels.ClaimsViewModel + +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    + +
    +

    Access token

    +

    @Model.AccessToken

    +
    +``` + +7. Run the application on the URL `http://localhost:7001`. + +``` +dotnet run --urls=http://localhost:7001 +``` + +Browse the URL [http://localhost:7001/claims](http://localhost:7001/claims). +Even if the relying party is not known by the identity provider, you’ll be redirected to the authorization endpoint, and you’ll follow a normal OpenID workflow. The client will automatically be registered with the identity provider. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/other.md b/website/versioned_docs/version-5.0.1/tutorial/other.md new file mode 100644 index 000000000..25bb92f10 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/other.md @@ -0,0 +1 @@ +# Other \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/overview.md b/website/versioned_docs/version-5.0.1/tutorial/overview.md new file mode 100644 index 000000000..59a36b226 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/overview.md @@ -0,0 +1,82 @@ +--- +hide_table_of_contents: true +--- + +import DocsCards from '@site/src/components/global/DocsCards'; +import DocsCard from '@site/src/components/global/DocsCard'; + +# Start building + +## Standard applications + + + +

    A client-side application running in a browser.

    +     + +

    A server-side application running on your infrastructure.

    +     + +

    An API protected by SimpleIdServer.

    +     + +

    Machine-to-machine method of communication.

    +     +     + +# Applications compliant with FAPI 2.0 + +According to the [specification](https://openid.bitbucket.io/fapi/fapi-2_0-security-profile.html), there is no mechanism that would allow `public clients` to be secured to the same degree. + + + +

    A server-side application running on your infrastructure compliant with the FAPI recommendations.

    +     + +

    Authentication process on behalf of the end-user.

    +     + +

    Consent management APIs that have been developed in open banking markets.

    +     +     + +# Credential issuer + + + +

    Issue Verifiable Credentials

    +     +     + +# Other applications + + + +

    A server-side application running on your infrastructure that utilizes WS-Federation.

    +     + +

    A Service Provider (SP) is the entity providing the service, typically in the form of an application

    +     + +

    A server-side application running on your infrastructure that utilizes OPENID federation.

    +     +     + +## Identity provisioning + + + +

    Configure automatic provisioning with LDAP.

    +     + +

    Configure automatic provisioning with SCIM

    +     +     + +## Delegation + + + +

    Configure impersonation or delegation.

    +     +     \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/protectapi.md b/website/versioned_docs/version-5.0.1/tutorial/protectapi.md new file mode 100644 index 000000000..70c8f2bc7 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/protectapi.md @@ -0,0 +1,105 @@ +# Protect an API + +In this tutorial, we will explain how to protect a REST API using ASP.NET Core. + +The validation of the JWT token passed in the HTTP request typically involves the following steps : + +1. **Signature Verification**: The first step is to verify the token's signature to ensure its integrity and authenticity. The signature is generated using a secret key or public/private key pair. The server or verifier needs access to the appropriate key to verify the signature. This step ensures that the token has not been tampered with during transit. +2. **Expiration Check**: The token includes an expiration time (exp) claim that specifies when the token expires. The verifier checks this claim to ensure that the token has not expired. If the current time is after the expiration time, the token is considered invalid and access is denied. +3. **Issuer Validation**: The token includes an issuer claim (iss) that identifies the entity that issued the token. The verifier checks this claim to ensure that the token is issued by a trusted authority. The verifier compares the issuer claim against a list of trusted issuers or a specific issuer that it expects. +4. **Audience Verification**: The token includes an audience claim (aud) that specifies the intended audience or recipient of the token. The verifier checks this claim to ensure that the token is intended for the specific API or application. The verifier compares the audience claim against the expected audience value or a list of valid audiences. + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/ProtectRESTApiJWT). +::: + +## 1. Define permission + +In SimpleIdServer, a permission consists of defining a scope along with its associated resources. +A **scope** defines an action, such as `read` or `delete`, which can be executed by any client that has access to this scope. +A **resource** defines a REST API, such as `shopApi`, that can accept the access token. The resource is identified in the `aud` claim of the access token. + +In this tutorial, we will configure a `read` permission for the `shopApi`. + +Utilize the administration UI to configure a new permission : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Scopes screen, click on the `Add scope` button. +3. Select `API value` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ----------- | ----- | +| Name | read | +| Description | Read | + +5. Navigate to the new scope, then select the `API Resources` tab and click on the `Add API resource` button. +6. Fill-in the form like this and click on the `Add` button to confirm the creation. + +| Parameter | Value | +| --------- | -------- | +| Name | shopApi | +| Value | Shop API | + +7. In the table, select the `shopApi` resource, and click on the Update button. This will assign the resource to the scope. + +## 2. Create REST.API + +Finally, create and configure a REST.API Service. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir ProtectRESTApiJWT +cd ProtectRESTApiJWT +mkdir src +dotnet new sln -n ProtectRESTApiJWT +``` + +2. Create a REST.API project named `ShopApi` and install the `Microsoft.AspNetCore.Authentication.JwtBearer` Nuget package. + +``` +cd src +dotnet new webapi -n ShopApi +cd ShopApi +dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer +``` + +3. Add the `ShopApi` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/ShopApi/ShopApi.csproj +``` + +4. Edit the file `ShopApi\Program.cs` and configure the JWT authentication. Additionally, add an Authorization policy named `read` that checks if the scope is equal to `read`. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}) + .AddJwtBearer(options => + { + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidAudiences = new List + { + "shopApi" + }, + ValidIssuers = new List + { + "https://localhost:5001/master" + } + }; + }); +builder.Services.AddAuthorization(b => +{ + b.AddPolicy("read", p => p.RequireClaim("scope", "read")); +}); +``` + +Now your REST.API is configured, the controller or action can be decorate by the `AuthorizeAttribute` with the appropriate authorization policy. +For example, the attribute `[Authorize("read")]` checks if the JWT contains a scope equal to `read`. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/regularweb.md b/website/versioned_docs/version-5.0.1/tutorial/regularweb.md new file mode 100644 index 000000000..60e1a6a57 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/regularweb.md @@ -0,0 +1,133 @@ +# Regular Web Application + +To protect a regular web application, the recommended OpenID grant type is the **Authorization Code Flow**. This grant type provides a secure and robust mechanism for authentication and authorization. + +Here are the reasons why the Authorization Code Flow is suitable for protecting a regular web application: + +1. **Secure Token Exchange**: The Authorization Code Flow ensures that sensitive tokens, such as access tokens and refresh tokens, are exchanged securely between the web application and the OpenID provider's token endpoint. This flow mitigates the risk of token exposure since tokens are exchanged through server-side communication. +2. **Enhanced Security**: The Authorization Code Flow involves a server-to-server token exchange, which reduces the exposure of access tokens in the browser and helps protect against cross-site scripting (XSS) attacks. +3. **Refresh Token Support**: This flow allows the web application to obtain a refresh token, which can be used to obtain a new access token without requiring user interaction. This feature improves user experience by reducing the need for frequent re-authentication. +4. **Compliance with Standards**: The Authorization Code Flow is a widely adopted and standardized OAuth 2.0 flow. It ensures compatibility and interoperability across different OpenID providers and client applications. + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/ProtectWebsiteServerside). +::: + +To implement the Authorization Code Flow in a regular web application, you'll need to follow the following steps. + +## 1. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Clients screen, click on the `Add client` button. +3. Select `web application` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | ---------------------------------- | +| Identifier | protectedServersideApp | +| Secret | password | +| Name | protectedServersideApp | +| Redirection URLS | http://localhost:7000/signin-oidc | + +Now your client is ready to be used, you can develop the regular website. + +## 2. Create ASP.NET CORE Application + +Finally, create and configure an ASP.NET CORE Application. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir ProtectWebsiteServerside +cd ProtectWebsiteServerside +mkdir src +dotnet new sln -n ProtectWebsiteServerside +``` + +2. Create a web project named `Website` and install the `Microsoft.AspNetCore.Authentication.OpenIdConnect` NuGet package. + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect +``` + +3. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +4. Edit the `Program.cs` file and configure the OpenID authentication. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; +}) + .AddCookie("Cookies") + .AddOpenIdConnect("sid", options => + { + options.SignInScheme = "Cookies"; + options.ResponseType = "code"; + options.Authority = "https://localhost:5001/master"; + options.RequireHttpsMetadata = false; + options.ClientId = "protectedServersideApp"; + options.ClientSecret = "password"; + options.GetClaimsFromUserInfoEndpoint = true; + options.SaveTokens = true; + }); +... +app.UseCookiePolicy(new CookiePolicyOptions +{ + Secure = CookieSecurePolicy.Always +}); +app.UseHttpsRedirection(); +app.UseStaticFiles(); +app.UseRouting(); +app.UseAuthorization(); +... +``` + +5. Add a `ClaimsController` controller with one protected operation. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public IActionResult Index() + { + return View(); + } +} +``` + +6. Create a view `Views\Claims\Index.cshtml` with the following content. This view will display all the claims of the authenticated user. + +``` +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    +``` + +7. In a command prompt, navigate to the `src\Website` directory and launch the application. + +``` +dotnet run --urls=http://localhost:7000 +``` + +Finally, browse the following URL: [http://localhost:7000/claims](http://localhost:7000/claims). The User-Agent will be automatically redirected to the OpenID server. +Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/saml.md b/website/versioned_docs/version-5.0.1/tutorial/saml.md new file mode 100644 index 000000000..e8ac8d256 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/saml.md @@ -0,0 +1,115 @@ +# Regular Web Application (SAML2.0) + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/SamlRpWebsite). +::: + +To implement SAML2.0 in a regular web application, you'll need to follow the following steps. + +## 1. Configure an application + +Utilize the administration UI to configure a new SAML2.0 SP (Service Provider) client : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Clients screen, click on the `Add client` button. +3. Select `SAML SP` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | ---------------------------------- | +| Identifier | samlSp | +| Name | samlSp | +| Metadata URL | http://localhost:5125/Metadata | + +If the checkbox `Use Artifact` is checked, then the Artifact binding will be used; if it is not checked, the Post Binding is used by default. + +The Public and Private keys are displayed, keep those values into a file, they will be used later during the configuration of the website. + +The Public and Private keys are displayed; please save these values in a file as they will be used later during the website configuration. + +## 2. Create ASP.NET CORE Application + +Finally, create and configure an ASP.NET CORE Application. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir SamlRpWebsite +cd SamlRpWebsite +mkdir src +dotnet new sln -n SamlRpWebsite +``` + +2. Create a web project named `Website` and install the `SimpleIdServer.IdServer.Saml.Sp` NuGet package. + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package SimpleIdServer.IdServer.Saml.Sp +``` + +3. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +4. Edit the `Program.cs` file and configure the SAML2.0 authentication. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "samlSp"; +}) + .AddCookie("Cookies") + .AddSamlSp("samlSp", options => + { + options.SPId = "samlSp"; + options.IdpMetadataUrl = "https://localhost:5001/master/saml/metadata"; + var currentPath = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location); + options.SigningCertificate = X509Certificate2.CreateFromPemFile(Path.Combine(currentPath, "sidClient.crt"), Path.Combine(currentPath, "sidClient.key")); + }); +``` + +5. Add a `ClaimsController` controller with one protected operation. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public IActionResult Index() + { + return View(); + } +} +``` + +6. Create a view `Views\Claims\Index.cshtml` with the following content. This view will display all the claims of the authenticated user. + +``` +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    +``` + +7. "Copy the `Private Key` obtained from the first step into the `sidClient.key` file, and the `Public Key` into the `sidClient.crt` file. + +8. In a command prompt, navigate to the `src\Website` directory and launch the application. + +``` +dotnet run --urls=http://localhost:5125 +``` + +Finally, browse the following URL: [http://localhost:5125/claims](http://localhost:5125/claims). The User-Agent will be automatically redirected to the OpenID server. +Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/scim.md b/website/versioned_docs/version-5.0.1/tutorial/scim.md new file mode 100644 index 000000000..0fd949ba2 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/scim.md @@ -0,0 +1,123 @@ +# SCIM - Identity Provisioning + +Users stored in SCIM can be imported into the Identity Server. + +In this tutorial, we will explain how to import users from SCIM to the Identity Server. + +## Create some users + +Open POSTMAN and execute the following requests to create two users. + +**First request** + +``` +HTTP POST : http://localhost:5003/Users + +Authorization Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +Content +{ + "schemas": [ + "urn:ietf:params:scim:schemas:core:2.0:User", + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" + ], + "userName": "firstUser", + "active": true, + "displayName": "lennay", + "externalId": "e1f4c134-2dec-4754-bb50-9e786e4ecae9", + "department": "Department", + "name": { + "formatted": "Andrew Ryan", + "familyName": "Ryan", + "givenName": "Andrew" + }, + "emails": [ + { + "primary": true, + "type": "work", + "value": "andrew@gmail.com" + }, + { + "primary": false, + "type": "home", + "value": "andrewhome@gmail.com" + } + ] +} +``` + +**Second request** + +``` +HTTP POST : http://localhost:5003/Users + +Authorization Bearer ba521b3b-02f7-4a37-b03c-58f713bf88e7 + +Content +{ + "schemas": [ + "urn:ietf:params:scim:schemas:core:2.0:User", + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" + ], + "userName": "secondUser", + "active": true, + "displayName": "lennay", + "externalId": "e1f4c134-2dec-4754-bb50-9e786e4ecae9", + "department": "Department", + "name": { + "formatted": "Andrew Ryan", + "familyName": "Ryan", + "givenName": "Andrew" + }, + "emails": [ + { + "primary": true, + "type": "work", + "value": "andrew@gmail.com" + }, + { + "primary": false, + "type": "home", + "value": "andrewhome@gmail.com" + } + ] +} +``` + +## Extract + +Browse the [administration UI](http://localhost:5002), navigate to the `Identity Provisioning` screen, and click on `SCIM`. + +In the `Properties` tab, you can update the attributes of the extraction job + +| Field | Description | +| --------------------------- | --------------------------------------------------------------------------------------------------- | +| Authentication Type | Specify how to retrieve the access token. By default the value is APIKEY | +| API Key | When authentication type is equals to APIKEY then the APIKEY must be specified | +| ClientId | When authentication type is equals to CLIENT_SECRET_POST then the ClientId must be specified | +| ClientSecret | When authentication type is equals to CLIENT_SECRET_POST then the ClientSecret must be specified | + +In the scope of this tutorial, the default values are correct and should not be updated. + + +The `Mapping Rules` tab contains the rules used by IdServer to map properties from SCIM to user attributes / properties. + +![Mapping rules](./images/scim-1.png) + +Before launching the extraction, ensure that both the Identity Server and the Administration UI are launched. + +Click on the `Histories` tab and then click on the `Launch` button. + +Wait for a few seconds and then refresh the page. A new line should appear in the table indicating that 2 records have been extracted from SCIM. + +## Import + +Navigate to the `Identity Provisioning` screen and click on the `Import` button. + +Wait for a few seconds and then refresh the page. A new line should appear in the table indicating that 2 records have been imported into the Identity Server. + +Both users are visible on the Users screen. + +# ![Users](./images/scim-2.png) + +Because the SCIM API does not store passwords, it is not possible to authenticate with a newly imported SCIM user unless at least one credential has been defined. \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/spa.md b/website/versioned_docs/version-5.0.1/tutorial/spa.md new file mode 100644 index 000000000..c8d812d16 --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/spa.md @@ -0,0 +1,146 @@ +# Single-Page Application (SPA) + +When it comes to protecting a single page application (SPA) with OpenID, the recommended grant type to use is the **Authorization Code Flow with PKCE (Proof Key for Code Exchange)**. This flow provides a higher level of security for SPAs compared to other grant types, such as the Implicit Flow, which is now considered less secure. + +Here's why the Authorization Code Flow with PKCE is recommended for SPAs: + +1. **Enhanced Security**: The Authorization Code Flow with PKCE provides an additional layer of security by using a dynamically generated code verifier and code challenge during the authentication process. This mitigates the risks associated with storing sensitive information like client secrets in the SPA. +2. **Support for Refresh Tokens**: With this flow, you have the ability to obtain a refresh token along with the access token. A refresh token allows the SPA to obtain a new access token without requiring user interaction, improving the user experience by reducing the frequency of logins. +3. **Compliance with OAuth 2.0 Standards**: The Authorization Code Flow with PKCE aligns with the OAuth 2.0 standard. It ensures that your authentication implementation is consistent and interoperable across different platforms and providers. + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/ProjectSPA). +::: + +To implement the Authorization Code Flow with PKCE in your SPA, you'll need to follow the following steps. + +## 1. Configure an application + +Utilize the administration UI to configure a new OpenID client : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Clients screen, click on the `Add client` button. +3. Select `User Agent Base application` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | ----------------------------- | +| Identifier | protectedSpa | +| Name | protectedSpa | +| Redirection URLS | https://localhost:44457 | + +## 2. Create Angular application + +Finally, create and configure an Angular project. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir ProjectSPA +cd ProjectSPA +mkdir src +dotnet new sln -n ProjectSPA +``` + +2. Create a web project named `Website` and install the `angular-oauth2-oidc` npm package. + +``` +cd src +dotnet new angular -n Website +cd Website\ClientApp +npm i angular-oauth2-oidc@14.0.1 --save +``` + +3. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +4. Edit the file `ClientApp\src\app\app.module.ts` and import the `OAuthModule` module. + +``` +@NgModule({ + declarations: [], + imports: [ + OAuthModule.forRoot() + ], + providers: [], + bootstrap: [] +}) +export class AppModule { } +``` + +5. Create an `auth-config.ts` file in the directory `ClientApp\src\app`, and copy the following code. The file contains the authentication settings, such as the URL of the Identity Provider and the client identifier. + +``` +import { AuthConfig } from 'angular-oauth2-oidc'; + +export const authCodeFlowConfig: AuthConfig = { + issuer: 'https://localhost:5001/master', + redirectUri: window.location.origin, + clientId: 'protectedSpa', + responseType: 'code', + scope: 'openid profile', + showDebugInformation: true, +}; +``` + +6. Edit the `ClientApp\src\app\nav-menu\nav-menu.component.ts` file. Import the `authCodeFlowConfig` JSON object, inject the `OAuthService` into the constructor, and add a `login` procedure. This procedure will be called to initiate the authentication workflow. + +``` +import { OAuthService } from 'angular-oauth2-oidc'; +import { authCodeFlowConfig } from '../auth-config'; + +@Component({ + selector: 'app-nav-menu', + templateUrl: './nav-menu.component.html', + styleUrls: ['./nav-menu.component.css'] +}) +export class NavMenuComponent { + isConnected: boolean = false; + name: string = ""; + + constructor(private oauthService: OAuthService) { + this.oauthService.configure(authCodeFlowConfig); + this.oauthService.loadDiscoveryDocumentAndTryLogin(); + var claims: any = this.oauthService.getIdentityClaims(); + if (!claims) { + return; + } + + this.isConnected = true; + this.name = claims["sub"]; + } + + login(evt: any) { + evt.preventDefault(); + this.oauthService.initImplicitFlow(); + } +} +``` + +7. Edit the `ClientApp\src\app\nav-menu\nav-menu.component.html` file and add a login button. + +``` +
  • + Authenticate +
    • +
  • + Welcome {{name}} +
    • +``` + +8. In a command prompt, navigate to the `src\Website` directory and launch the project. + +``` +dotnet run --urls=http://localhost:4200 +``` + +9. Navigate to the website at [http://localhost:4200](http://localhost:4200) and authenticate using the following credentials. + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_docs/version-5.0.1/tutorial/wsfederation.md b/website/versioned_docs/version-5.0.1/tutorial/wsfederation.md new file mode 100644 index 000000000..78b842bda --- /dev/null +++ b/website/versioned_docs/version-5.0.1/tutorial/wsfederation.md @@ -0,0 +1,116 @@ +# Regular Web Application (WS-Federation) + +:::info +The source code of this project can be found [here](https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/WsFederationWebsite). +::: + +To implement WS-Federation in a regular web application, you'll need to follow the following steps. + +## 1. Configure an application + +Utilize the administration UI to configure a new WS-Federation client : + +1. Open the IdentityServer website at [https://localhost:5002/master/clients](https://localhost:5002/master/clients). +2. On the Clients screen, click on the `Add client` button. +3. Select `WS-Fed Relying Party` and click on next. +4. Fill-in the form like this and click on the `Save` button to confirm the creation. + +| Parameter | Value | +| ---------------- | ---------------------------------- | +| Identifier | urn:samplewebsite | +| Name | samplewebsite | + +Now your client is ready to be used, you can develop the regular website. + +## 2. Create ASP.NET CORE Application + +Finally, create and configure an ASP.NET CORE Application. + +1. Open a command prompt and execute the following commands to create the directory structure for the solution. + +``` +mkdir WsFederationWebsite +cd WsFederationWebsite +mkdir src +dotnet new sln -n WsFederationWebsite +``` + +2. Create a web project named `Website` and install the `Microsoft.AspNetCore.Authentication.WsFederation` NuGet package. + +``` +cd src +dotnet new mvc -n Website +cd Website +dotnet add package Microsoft.AspNetCore.Authentication.WsFederation +``` + +3. Add the `Website` project into your Visual Studio solution. + +``` +cd ..\.. +dotnet sln add ./src/Website/Website.csproj +``` + +4. Edit the `Program.cs` file and configure the OpenID authentication. + +``` +builder.Services.AddAuthentication(options => +{ + options.DefaultScheme = "Cookies"; + options.DefaultChallengeScheme = "sid"; +}) + .AddCookie("Cookies") + .AddWsFederation("sid", options => + { + options.Wtrealm = "urn:samplewebsite"; + options.MetadataAddress = "https://localhost:5001/master/FederationMetadata/2007-06/FederationMetadata.xml"; + }); +... +app.UseCookiePolicy(new CookiePolicyOptions +{ + Secure = CookieSecurePolicy.Always +}); +app.UseHttpsRedirection(); +app.UseStaticFiles(); +app.UseRouting(); +app.UseAuthorization(); +... +``` + +5. Add a `ClaimsController` controller with one protected operation. + +``` +public class ClaimsController : Controller +{ + [Authorize] + public IActionResult Index() + { + return View(); + } +} +``` + +6. Create a view `Views\Claims\Index.cshtml` with the following content. This view will display all the claims of the authenticated user. + +``` +
      + @foreach (var claim in User.Claims) + { +
    • @claim.Type : @claim.Value
      • + } +
    +``` + +7. In a command prompt, navigate to the `src\Website` directory and launch the application. + +``` +dotnet run --urls=http://localhost:7000 +``` + +Finally, browse the following URL: [http://localhost:7000/claims](http://localhost:7000/claims). The User-Agent will be automatically redirected to the OpenID server. +Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed + +| Credential | Value | +| ---------- | ------------- | +| Login | administrator | +| Password | password | \ No newline at end of file diff --git a/website/versioned_sidebars/version-5.0.0-sidebars.json b/website/versioned_sidebars/version-5.0.0-sidebars.json new file mode 100644 index 000000000..fdd6b03e0 --- /dev/null +++ b/website/versioned_sidebars/version-5.0.0-sidebars.json @@ -0,0 +1,92 @@ +{ + "docs": [ + "overview", + { + "type": "category", + "label": "Installation", + "items": [ + "installation/quickstart", + "installation/dotnettemplate", + "installation/hosting" + ] + }, + "glossary", + { + "type": "category", + "label": "Identity and Access Management", + "items": [ + "iam/authmethods", + "iam/externalidproviders", + { + "type": "category", + "label": "Identity Provisioning", + "items": [ + "iam/automaticidentityprovisioning", + "iam/manualidentityprovisioning" + ] + }, + { + "type": "category", + "label": "Security protocols", + "items": [ + "iam/openid", + "iam/saml2", + "iam/wsfederation" + ] + }, + "iam/storage", + "iam/configuration", + "iam/caching" + ] + }, + "scim20", + "mobileapplication", + { + "type": "category", + "label": "Advanced settings", + "items": [ + "advancedsettings/auditing", + "advancedsettings/realm", + "advancedsettings/pki", + "advancedsettings/configuration" + ] + }, + { + "type": "category", + "label": "Migrations", + "items": [ + "migrations/403to404" + ] + }, + { + "type": "category", + "label": "Developer", + "items": [ + "developer/idserver", + "developer/adminwebsite", + "developer/addlanguage" + ] + } + ], + "tutorials": [ + "tutorial/overview", + { + "type": "category", + "label": "Tutorial", + "items": [ + "tutorial/spa", + "tutorial/regularweb", + "tutorial/protectapi", + "tutorial/m2m", + "tutorial/highlysecuredregularweb", + "tutorial/ciba", + "tutorial/grantmgt", + "tutorial/wsfederation", + "tutorial/saml", + "tutorial/ldap", + "tutorial/scim", + "tutorial/delegation" + ] + } + ] +} diff --git a/website/versioned_sidebars/version-5.0.1-sidebars.json b/website/versioned_sidebars/version-5.0.1-sidebars.json new file mode 100644 index 000000000..ec67d57aa --- /dev/null +++ b/website/versioned_sidebars/version-5.0.1-sidebars.json @@ -0,0 +1,93 @@ +{ + "docs": [ + "overview", + { + "type": "category", + "label": "Installation", + "items": [ + "installation/quickstart", + "installation/dotnettemplate", + "installation/hosting" + ] + }, + "glossary", + { + "type": "category", + "label": "Identity and Access Management", + "items": [ + "iam/authmethods", + "iam/externalidproviders", + { + "type": "category", + "label": "Identity Provisioning", + "items": [ + "iam/automaticidentityprovisioning", + "iam/manualidentityprovisioning" + ] + }, + { + "type": "category", + "label": "Security protocols", + "items": [ + "iam/openid", + "iam/saml2", + "iam/wsfederation" + ] + }, + "iam/storage", + "iam/configuration", + "iam/caching" + ] + }, + "scim20", + "mobileapplication", + { + "type": "category", + "label": "Advanced settings", + "items": [ + "advancedsettings/auditing", + "advancedsettings/realm", + "advancedsettings/pki", + "advancedsettings/configuration" + ] + }, + { + "type": "category", + "label": "Migrations", + "items": [ + "migrations/403to404", + "migrations/500to501" + ] + }, + { + "type": "category", + "label": "Developer", + "items": [ + "developer/idserver", + "developer/adminwebsite", + "developer/addlanguage" + ] + } + ], + "tutorials": [ + "tutorial/overview", + { + "type": "category", + "label": "Tutorial", + "items": [ + "tutorial/spa", + "tutorial/regularweb", + "tutorial/protectapi", + "tutorial/m2m", + "tutorial/highlysecuredregularweb", + "tutorial/ciba", + "tutorial/grantmgt", + "tutorial/wsfederation", + "tutorial/saml", + "tutorial/ldap", + "tutorial/scim", + "tutorial/delegation" + ] + } + ] +} diff --git a/website/versions.json b/website/versions.json index c7cd85195..38b5d5a07 100644 --- a/website/versions.json +++ b/website/versions.json @@ -1,4 +1,6 @@ [ + "5.0.1", + "5.0.0", "4.0.8", "4.0.7", "4.0.6",