Add DynamicClientStore (#5670)

* Add DynamicClientStore * Formatting * Fix Debug assertion * Make Identity internals visible to its unit tests * Add installation client provider tests * Add internal client provider tests * Add DynamicClientStore tests * Fix namespaces after merge * Format * Add docs and remove TODO comments * Use preferred prefix for API keys --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2026-01-14 14:33:51 +00:00 · 2025-05-30 12:58:54 -04:00
parent 63f836a73a
commit 0b2b573bd3
14 changed files with 698 additions and 294 deletions
--- a/src/Identity/IdentityServer/ClientProviders/InternalClientProvider.cs
+++ b/src/Identity/IdentityServer/ClientProviders/InternalClientProvider.cs
@@ -0,0 +1,40 @@
+#nullable enable
+
+using System.Diagnostics;
+using Bit.Core.IdentityServer;
+using Bit.Core.Settings;
+using Duende.IdentityServer.Models;
+using IdentityModel;
+
+namespace Bit.Identity.IdentityServer.ClientProviders;
+
+internal class InternalClientProvider : IClientProvider
+{
+    private readonly GlobalSettings _globalSettings;
+
+    public InternalClientProvider(GlobalSettings globalSettings)
+    {
+        // This class should not have been registered when it's not self hosted
+        Debug.Assert(globalSettings.SelfHosted);
+
+        _globalSettings = globalSettings;
+    }
+
+    public Task<Client?> GetAsync(string identifier)
+    {
+        return Task.FromResult<Client?>(new Client
+        {
+            ClientId = $"internal.{identifier}",
+            RequireClientSecret = true,
+            ClientSecrets = { new Secret(_globalSettings.InternalIdentityKey.Sha256()) },
+            AllowedScopes = [ApiScopes.Internal],
+            AllowedGrantTypes = GrantTypes.ClientCredentials,
+            AccessTokenLifetime = 3600 * 24,
+            Enabled = true,
+            Claims =
+            [
+                new(JwtClaimTypes.Subject, identifier),
+            ],
+        });
+    }
+}