Login/Register
How to add a new client to IdentityServer4 in the database?
Asked Answered
identityserver4
T

1

10

During the first tests I always used the AddInMemoryClients configuration of IdentityServer4 as described in their documentation.

However I'm in the process of deploying it to our test environment and want to get rid off the configuration file so I've setup the Entity Framework integration.

Now all client ID's, client secrets, scopes, ... are persisted in the database in an encrypted way. However, it's more difficult to add a new client.

What's the appropriate way to configure this?

Using Entity Framework migrations?

I know there's a UI available on top of IdentityServer4 but is that the only "easy" way?

Troop answered 13/10, 2017 at 12:33 Comment(3)
For now I have created an MVC controller in my IdentityServer solution and created a form which allows me to add new clients. The MVC controller itself is then protected with Windows Authentication and only allows specific AD groups.Troop
can you provide some insert samples, incuding relations between clients and scopes and api resources?Incapacity
@Incapacity This was a solution I created with a client I left a year ago and I don't have the source anymore. Maybe these scripts can get you started? github.com/IdentityServer/…Troop
A
0
var context = scope.ServiceProvider.GetRequiredService<ConfigurationDbContext>()
context.Database.Migrate()
use this too create context 

Code for client json for seed

new Client
{
    ClientId = "js",
    AllowedGrantTypes = GrantTypes.CodeAndClientCredentials,
    RequirePkce = false,
    RequireConsent = false,
    RedirectUris = JsConfig.RedirectUris.Split(',').Select(s => s.Trim()).ToArray(),
    //FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
    PostLogoutRedirectUris = JsConfig.PostLogoutRedirectUris.Split(',').Select(s => s.Trim()).ToArray(),
    AllowedCorsOrigins = JsConfig.AllowedCorsOrigins.Split(',').Select(s => s.Trim()).ToArray(),
    AllowPlainTextPkce = true,
    AllowOfflineAccess = true,
    AllowAccessTokensViaBrowser = true,
    AlwaysIncludeUserClaimsInIdToken = true,
    AlwaysSendClientClaims = true,
    ClientSecrets = new [] { new Secret("secret".Sha512()) },
    //AllowedScopes = { "openid", "profile", "scope2" },
    AllowedScopes = new List<string>
     {
        //Omitted for brevity        
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        IdentityServerConstants.StandardScopes.Email
     },
    ClientName = "eXate Portal",
    DeviceCodeLifetime = 0,

}

For Add
context.Clients.Add(client.ToEntity())
Ambala answered 2/1 at 14:1 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.