From c769cbfb9475d530a1cd3460ff85b883b434fc3f Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Mon, 9 Dec 2019 08:50:37 +0100 Subject: [PATCH 1/7] Remove .NET claim type from Client model --- src/Storage/src/Models/Client.cs | 2 +- src/Storage/src/Models/ClientClaim.cs | 31 +++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 src/Storage/src/Models/ClientClaim.cs diff --git a/src/Storage/src/Models/Client.cs b/src/Storage/src/Models/Client.cs index a9bd3c5465..f73d5956fc 100644 --- a/src/Storage/src/Models/Client.cs +++ b/src/Storage/src/Models/Client.cs @@ -242,7 +242,7 @@ public ICollection AllowedGrantTypes /// /// The claims. /// - public ICollection Claims { get; set; } = new HashSet(new ClaimComparer()); + public ICollection Claims { get; set; } = new HashSet(); /// /// Gets or sets a value indicating whether client claims should be always included in the access tokens - or only for client credentials flow. diff --git a/src/Storage/src/Models/ClientClaim.cs b/src/Storage/src/Models/ClientClaim.cs new file mode 100644 index 0000000000..b4d4f40e4c --- /dev/null +++ b/src/Storage/src/Models/ClientClaim.cs @@ -0,0 +1,31 @@ +// Copyright (c) Brock Allen & Dominick Baier. All rights reserved. +// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. + + +using System; +using System.Collections.Generic; +using System.Text; + +namespace IdentityServer4.Models +{ + /// + /// A client claim + /// + public class ClientClaim + { + /// + /// The claim type + /// + public string Type { get; set; } + + /// + /// The claim value + /// + public string Value { get; set; } + + /// + /// The claim value type + /// + public string ValueType { get; set; } + } +} \ No newline at end of file From 430aa557956b5a9ac2fbf4419fb3c4dcc9890142 Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Mon, 9 Dec 2019 08:55:52 +0100 Subject: [PATCH 2/7] added ctor to ClientClaim --- src/Storage/src/Models/ClientClaim.cs | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/Storage/src/Models/ClientClaim.cs b/src/Storage/src/Models/ClientClaim.cs index b4d4f40e4c..3574d11540 100644 --- a/src/Storage/src/Models/ClientClaim.cs +++ b/src/Storage/src/Models/ClientClaim.cs @@ -2,9 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. -using System; -using System.Collections.Generic; -using System.Text; +using System.Security.Claims; namespace IdentityServer4.Models { @@ -27,5 +25,18 @@ public class ClientClaim /// The claim value type /// public string ValueType { get; set; } + + /// + /// ctor + /// + /// + /// + /// + public ClientClaim(string type, string value, string valueType = ClaimValueTypes.String) + { + Type = type; + Value = value; + ValueType = valueType; + } } } \ No newline at end of file From 4608387d5f7371d8441d242024571d77079ce0aa Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Mon, 9 Dec 2019 09:00:46 +0100 Subject: [PATCH 3/7] update core to use new ClientClaim --- src/IdentityServer4/src/Validation/Models/ValidatedRequest.cs | 2 +- .../Services/Default/DefaultClaimsServiceTests.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/IdentityServer4/src/Validation/Models/ValidatedRequest.cs b/src/IdentityServer4/src/Validation/Models/ValidatedRequest.cs index 760462bf35..dfc1532574 100644 --- a/src/IdentityServer4/src/Validation/Models/ValidatedRequest.cs +++ b/src/IdentityServer4/src/Validation/Models/ValidatedRequest.cs @@ -124,7 +124,7 @@ public void SetClient(Client client, ParsedSecret secret = null, string confirma AccessTokenLifetime = client.AccessTokenLifetime; AccessTokenType = client.AccessTokenType; - ClientClaims = client.Claims.Select(c => new Claim(c.Type, c.Value, c.ValueType, c.Issuer)).ToList(); + ClientClaims = client.Claims.Select(c => new Claim(c.Type, c.Value, c.ValueType)).ToList(); } } } \ No newline at end of file diff --git a/src/IdentityServer4/test/IdentityServer.UnitTests/Services/Default/DefaultClaimsServiceTests.cs b/src/IdentityServer4/test/IdentityServer.UnitTests/Services/Default/DefaultClaimsServiceTests.cs index efea4c6a96..467a908071 100644 --- a/src/IdentityServer4/test/IdentityServer.UnitTests/Services/Default/DefaultClaimsServiceTests.cs +++ b/src/IdentityServer4/test/IdentityServer.UnitTests/Services/Default/DefaultClaimsServiceTests.cs @@ -30,7 +30,7 @@ public DefaultClaimsServiceTests() _client = new Client { ClientId = "client", - Claims = { new Claim("some_claim", "some_claim_value") } + Claims = { new ClientClaim("some_claim", "some_claim_value") } }; _user = new IdentityServerUser("bob") From 3f2643514c1f80d9ba0f4c1c8b2315acebf41ae1 Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Mon, 9 Dec 2019 09:02:04 +0100 Subject: [PATCH 4/7] update EF.Storage to use ClientClaim --- .../test/IntegrationTests/Stores/ClientStoreTests.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/EntityFramework.Storage/test/IntegrationTests/Stores/ClientStoreTests.cs b/src/EntityFramework.Storage/test/IntegrationTests/Stores/ClientStoreTests.cs index bc7c548b38..2a60eb168b 100644 --- a/src/EntityFramework.Storage/test/IntegrationTests/Stores/ClientStoreTests.cs +++ b/src/EntityFramework.Storage/test/IntegrationTests/Stores/ClientStoreTests.cs @@ -77,7 +77,7 @@ public async Task FindClientByIdAsync_WhenClientExistsWithCollections_ExpectClie AllowedCorsOrigins = {"https://localhost"}, AllowedGrantTypes = GrantTypes.HybridAndClientCredentials, AllowedScopes = {"openid", "profile", "api1"}, - Claims = {new Claim("test", "value")}, + Claims = {new ClientClaim("test", "value")}, ClientSecrets = {new Secret("secret".Sha256())}, IdentityProviderRestrictions = {"AD"}, PostLogoutRedirectUris = {"https://locahost/signout-callback"}, From 1957a72c491dec48a23bbafe15d8340a835f23f1 Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Mon, 9 Dec 2019 09:12:29 +0100 Subject: [PATCH 5/7] updated AutoMapper map --- .../src/Mappers/ClientMapperProfile.cs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/EntityFramework.Storage/src/Mappers/ClientMapperProfile.cs b/src/EntityFramework.Storage/src/Mappers/ClientMapperProfile.cs index 30d537383d..5b2539cbbf 100644 --- a/src/EntityFramework.Storage/src/Mappers/ClientMapperProfile.cs +++ b/src/EntityFramework.Storage/src/Mappers/ClientMapperProfile.cs @@ -5,6 +5,7 @@ using System.Collections.Generic; using System.Security.Claims; using AutoMapper; +using IdentityServer4.Models; namespace IdentityServer4.EntityFramework.Mappers { @@ -38,8 +39,8 @@ public ClientMapperProfile() .ReverseMap() .ForMember(dest => dest.Provider, opt => opt.MapFrom(src => src)); - CreateMap(MemberList.None) - .ConstructUsing(src => new Claim(src.Type, src.Value)) + CreateMap(MemberList.None) + .ConstructUsing(src => new ClientClaim(src.Type, src.Value, ClaimValueTypes.String)) .ReverseMap(); CreateMap() From 3c6272e9653886834015cad76b79e66b3941a9f5 Mon Sep 17 00:00:00 2001 From: Dominick Baier Date: Mon, 9 Dec 2019 18:38:53 +0100 Subject: [PATCH 6/7] add equality for ClientClaim --- src/Storage/src/Models/ClientClaim.cs | 29 +++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/src/Storage/src/Models/ClientClaim.cs b/src/Storage/src/Models/ClientClaim.cs index 3574d11540..b28acfe78f 100644 --- a/src/Storage/src/Models/ClientClaim.cs +++ b/src/Storage/src/Models/ClientClaim.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. +using System; using System.Security.Claims; namespace IdentityServer4.Models @@ -38,5 +39,33 @@ public ClientClaim(string type, string value, string valueType = ClaimValueTypes Value = value; ValueType = valueType; } + + /// + public override int GetHashCode() + { + unchecked + { + int hash = 17; + + hash = hash * 23 + Value.GetHashCode(); + hash = hash * 23 + Type.GetHashCode(); + hash = hash * 23 + ValueType.GetHashCode(); + return hash; + } + } + + /// + public override bool Equals(object obj) + { + if (obj is null) return false; + if (obj is ClientClaim c) + { + return (string.Equals(Type, c.Type, StringComparison.Ordinal) && + string.Equals(Value, c.Value, StringComparison.Ordinal) && + string.Equals(ValueType, c.ValueType, StringComparison.Ordinal)); + } + + return false; + } } } \ No newline at end of file From ed14abc204960b2d5ca3418a868882a698e54d90 Mon Sep 17 00:00:00 2001 From: Brock Allen Date: Fri, 27 Dec 2019 10:19:36 -0500 Subject: [PATCH 7/7] add additional ctors --- src/IdentityServer4/host/appsettings.json | 12 +++++++++++- src/Storage/src/Models/ClientClaim.cs | 24 ++++++++++++++++++++--- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/src/IdentityServer4/host/appsettings.json b/src/IdentityServer4/host/appsettings.json index 40c9e84d48..b9419d469c 100644 --- a/src/IdentityServer4/host/appsettings.json +++ b/src/IdentityServer4/host/appsettings.json @@ -5,7 +5,17 @@ "ClientSecrets": [ { "Value": "K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=" } ], "AllowedGrantTypes": [ "client_credentials" ], "AllowedScopes": [ "api1", "api2.read_only" ], - "Properties": {"foo": "bar" } + "Properties": { "foo": "bar" }, + "Claims": [ + { + "type": "c1", + "value": "c1value" + }, + { + "type": "c2", + "value": "c2value" + } + ] }, { "ClientId": "hybrid", diff --git a/src/Storage/src/Models/ClientClaim.cs b/src/Storage/src/Models/ClientClaim.cs index b28acfe78f..b71d5b99df 100644 --- a/src/Storage/src/Models/ClientClaim.cs +++ b/src/Storage/src/Models/ClientClaim.cs @@ -21,11 +21,29 @@ public class ClientClaim /// The claim value /// public string Value { get; set; } - + /// /// The claim value type /// - public string ValueType { get; set; } + public string ValueType { get; set; } = ClaimValueTypes.String; + + /// + /// ctor + /// + public ClientClaim() + { + } + + /// + /// ctor + /// + /// + /// + public ClientClaim(string type, string value) + { + Type = type; + Value = value; + } /// /// ctor @@ -33,7 +51,7 @@ public class ClientClaim /// /// /// - public ClientClaim(string type, string value, string valueType = ClaimValueTypes.String) + public ClientClaim(string type, string value, string valueType) { Type = type; Value = value;