Add DynamicClientStore (#5670)

* Add DynamicClientStore * Formatting * Fix Debug assertion * Make Identity internals visible to its unit tests * Add installation client provider tests * Add internal client provider tests * Add DynamicClientStore tests * Fix namespaces after merge * Format * Add docs and remove TODO comments * Use preferred prefix for API keys --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2025-12-28 22:23:30 +00:00 · 2025-05-30 12:58:54 -04:00
parent 63f836a73a
commit 0b2b573bd3
14 changed files with 698 additions and 294 deletions
--- a/src/Identity/Utilities/ServiceCollectionExtensions.cs
+++ b/src/Identity/Utilities/ServiceCollectionExtensions.cs
@@ -3,6 +3,7 @@ using Bit.Core.IdentityServer;
 using Bit.Core.Settings;
 using Bit.Core.Utilities;
 using Bit.Identity.IdentityServer;
+using Bit.Identity.IdentityServer.ClientProviders;
 using Bit.Identity.IdentityServer.RequestValidators;
 using Bit.SharedWeb.Utilities;
 using Duende.IdentityServer.ResponseHandling;
@@ -48,14 +49,29 @@ public static class ServiceCollectionExtensions
            .AddInMemoryCaching()
            .AddInMemoryApiResources(ApiResources.GetApiResources())
            .AddInMemoryApiScopes(ApiScopes.GetApiScopes())
-            .AddClientStoreCache<ClientStore>()
+            .AddClientStoreCache<DynamicClientStore>()
            .AddCustomTokenRequestValidator<CustomTokenRequestValidator>()
            .AddProfileService<ProfileService>()
            .AddResourceOwnerValidator<ResourceOwnerPasswordValidator>()
-            .AddClientStore<ClientStore>()
+            .AddClientStore<DynamicClientStore>()
            .AddIdentityServerCertificate(env, globalSettings)
            .AddExtensionGrantValidator<WebAuthnGrantValidator>();

+        if (!globalSettings.SelfHosted)
+        {
+            // Only cloud instances should be able to handle installations
+            services.AddClientProvider<InstallationClientProvider>("installation");
+        }
+
+        if (globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.InternalIdentityKey))
+        {
+            services.AddClientProvider<InternalClientProvider>("internal");
+        }
+
+        services.AddClientProvider<UserClientProvider>("user");
+        services.AddClientProvider<OrganizationClientProvider>("organization");
+        services.AddClientProvider<SecretsManagerApiKeyProvider>(SecretsManagerApiKeyProvider.ApiKeyPrefix);
+
        if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CosmosConnectionString))
        {
            services.AddSingleton<IPersistedGrantStore>(sp =>