[SM-394] Secrets Manager (#2164)

Long lived feature branch for Secrets Manager Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2026-01-20 09:23:28 +00:00 · 2023-01-13 15:02:53 +01:00
parent 09e524c9a2
commit 1f0fc43278
188 changed files with 21346 additions and 329 deletions
--- a/src/Identity/IdentityServer/ApiResources.cs
+++ b/src/Identity/IdentityServer/ApiResources.cs
@@ -1,4 +1,6 @@
-using IdentityModel;
+using Bit.Core.Identity;
+using Bit.Core.IdentityServer;
+using IdentityModel;
 using IdentityServer4.Models;

 namespace Bit.Identity.IdentityServer;
@@ -9,27 +11,27 @@ public class ApiResources
    {
        return new List<ApiResource>
        {
-            new ApiResource("api", new string[] {
+            new("api", new[] {
                JwtClaimTypes.Name,
                JwtClaimTypes.Email,
                JwtClaimTypes.EmailVerified,
-                "sstamp", // security stamp
-                "premium",
-                "device",
-                "orgowner",
-                "orgadmin",
-                "orgmanager",
-                "orguser",
-                "orgcustom",
-                "providerprovideradmin",
-                "providerserviceuser",
+                Claims.SecurityStamp,
+                Claims.Premium,
+                Claims.Device,
+                Claims.OrganizationOwner,
+                Claims.OrganizationAdmin,
+                Claims.OrganizationManager,
+                Claims.OrganizationUser,
+                Claims.OrganizationCustom,
+                Claims.ProviderAdmin,
+                Claims.ProviderServiceUser,
            }),
-            new ApiResource("internal", new string[] { JwtClaimTypes.Subject }),
-            new ApiResource("api.push", new string[] { JwtClaimTypes.Subject }),
-            new ApiResource("api.licensing", new string[] { JwtClaimTypes.Subject }),
-            new ApiResource("api.organization", new string[] { JwtClaimTypes.Subject }),
-            new ApiResource("api.provider", new string[] { JwtClaimTypes.Subject }),
-            new ApiResource("api.installation", new string[] { JwtClaimTypes.Subject }),
+            new(ApiScopes.Internal, new[] { JwtClaimTypes.Subject }),
+            new(ApiScopes.ApiPush, new[] { JwtClaimTypes.Subject }),
+            new(ApiScopes.ApiLicensing, new[] { JwtClaimTypes.Subject }),
+            new(ApiScopes.ApiOrganization, new[] { JwtClaimTypes.Subject }),
+            new(ApiScopes.ApiInstallation, new[] { JwtClaimTypes.Subject }),
+            new(ApiScopes.ApiSecrets, new[] { JwtClaimTypes.Subject, Claims.Organization }),
        };
    }
 }