mirror of
https://github.com/bitwarden/server
synced 2025-12-06 00:03:34 +00:00
22dd957543
* initial device removal * Unit Testing * Added unit tests fixed validator null checks * Finalized tests * formatting * fixed test * lint * addressing review notes * comments
73 lines
3.3 KiB
C#
73 lines
3.3 KiB
C#
using Bit.Core.Auth.Repositories;
|
|
using Bit.Core.IdentityServer;
|
|
using Bit.Core.Settings;
|
|
using Bit.Core.Utilities;
|
|
using Bit.Identity.IdentityServer;
|
|
using Bit.SharedWeb.Utilities;
|
|
using Duende.IdentityServer.ResponseHandling;
|
|
using Duende.IdentityServer.Services;
|
|
using Duende.IdentityServer.Stores;
|
|
|
|
namespace Bit.Identity.Utilities;
|
|
|
|
public static class ServiceCollectionExtensions
|
|
{
|
|
public static IIdentityServerBuilder AddCustomIdentityServerServices(this IServiceCollection services,
|
|
IWebHostEnvironment env, GlobalSettings globalSettings)
|
|
{
|
|
services.AddTransient<IDiscoveryResponseGenerator, DiscoveryResponseGenerator>();
|
|
|
|
services.AddSingleton<StaticClientStore>();
|
|
services.AddTransient<IAuthorizationCodeStore, AuthorizationCodeStore>();
|
|
services.AddTransient<IUserDecryptionOptionsBuilder, UserDecryptionOptionsBuilder>();
|
|
services.AddTransient<IDeviceValidator, DeviceValidator>();
|
|
|
|
var issuerUri = new Uri(globalSettings.BaseServiceUri.InternalIdentity);
|
|
var identityServerBuilder = services
|
|
.AddIdentityServer(options =>
|
|
{
|
|
options.LicenseKey = globalSettings.IdentityServer.LicenseKey;
|
|
options.Endpoints.EnableIntrospectionEndpoint = false;
|
|
options.Endpoints.EnableEndSessionEndpoint = false;
|
|
options.Endpoints.EnableUserInfoEndpoint = false;
|
|
options.Endpoints.EnableCheckSessionEndpoint = false;
|
|
options.Endpoints.EnableTokenRevocationEndpoint = false;
|
|
options.IssuerUri = $"{issuerUri.Scheme}://{issuerUri.Host}";
|
|
options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0);
|
|
if (env.IsDevelopment())
|
|
{
|
|
options.Authentication.CookieSameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
|
|
}
|
|
options.InputLengthRestrictions.UserName = 256;
|
|
options.KeyManagement.Enabled = false;
|
|
options.UserInteraction.LoginUrl = "/sso/Login";
|
|
})
|
|
.AddInMemoryCaching()
|
|
.AddInMemoryApiResources(ApiResources.GetApiResources())
|
|
.AddInMemoryApiScopes(ApiScopes.GetApiScopes())
|
|
.AddClientStoreCache<ClientStore>()
|
|
.AddCustomTokenRequestValidator<CustomTokenRequestValidator>()
|
|
.AddProfileService<ProfileService>()
|
|
.AddResourceOwnerValidator<ResourceOwnerPasswordValidator>()
|
|
.AddClientStore<ClientStore>()
|
|
.AddIdentityServerCertificate(env, globalSettings)
|
|
.AddExtensionGrantValidator<WebAuthnGrantValidator>();
|
|
|
|
if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CosmosConnectionString))
|
|
{
|
|
services.AddSingleton<IPersistedGrantStore>(sp =>
|
|
new PersistedGrantStore(sp.GetRequiredKeyedService<IGrantRepository>("cosmos"),
|
|
g => new Core.Auth.Models.Data.GrantItem(g)));
|
|
}
|
|
else
|
|
{
|
|
services.AddTransient<IPersistedGrantStore>(sp =>
|
|
new PersistedGrantStore(sp.GetRequiredService<IGrantRepository>(),
|
|
g => new Core.Auth.Entities.Grant(g)));
|
|
}
|
|
|
|
services.AddTransient<ICorsPolicyService, CustomCorsPolicyService>();
|
|
return identityServerBuilder;
|
|
}
|
|
}
|