├── .github
    └── workflows
    │   └── dotnet.yml
├── .gitignore
├── IdentityProvider
    ├── Areas
    │   └── Identity
    │   │   ├── IdentityHostingStartup.cs
    │   │   └── Pages
    │   │       ├── Account
    │   │           ├── Login.cshtml
    │   │           ├── Login.cshtml.cs
    │   │           ├── LoginFido2Mfa.cshtml
    │   │           ├── LoginFido2Mfa.cshtml.cs
    │   │           ├── Manage
    │   │           │   ├── Disable2fa.cshtml
    │   │           │   ├── Disable2fa.cshtml.cs
    │   │           │   ├── Fido2Mfa.cshtml
    │   │           │   ├── Fido2Mfa.cshtml.cs
    │   │           │   ├── ManageNavPages.cs
    │   │           │   ├── TwoFactorAuthentication.cshtml
    │   │           │   ├── TwoFactorAuthentication.cshtml.cs
    │   │           │   ├── _ManageNav.cshtml
    │   │           │   └── _ViewImports.cshtml
    │   │           └── _ViewImports.cshtml
    │   │       ├── _ValidationScriptsPartial.cshtml
    │   │       ├── _ViewImports.cshtml
    │   │       └── _ViewStart.cshtml
    ├── Controllers
    │   ├── AuthorizationController.cs
    │   ├── ErrorController.cs
    │   ├── HomeController.cs
    │   ├── ResourceController.cs
    │   └── UserinfoController.cs
    ├── Data
    │   ├── ApplicationDbContext.cs
    │   └── ApplicationUser.cs
    ├── Fido2
    │   ├── Fido2Store.cs
    │   ├── Fido2UserTwoFactorTokenProvider.cs
    │   ├── FidoStoredCredential.cs
    │   ├── MfaFido2RegisterController.cs
    │   ├── MfaFido2SignInFidoController.cs
    │   ├── PwFido2RegisterController.cs
    │   └── PwFido2SignInController.cs
    ├── Helpers
    │   ├── AsyncEnumerableExtensions.cs
    │   └── FormValueRequiredAttribute.cs
    ├── IdentityProvider.csproj
    ├── Migrations
    │   ├── 20220827060047_add-fido2.Designer.cs
    │   ├── 20220827060047_add-fido2.cs
    │   ├── 20231230171959_init_sts.Designer.cs
    │   ├── 20231230171959_init_sts.cs
    │   └── ApplicationDbContextModelSnapshot.cs
    ├── Program.cs
    ├── Properties
    │   └── launchSettings.json
    ├── StartupExtensions.cs
    ├── ViewModels
    │   ├── Authorization
    │   │   └── AuthorizeViewModel.cs
    │   └── Shared
    │   │   └── ErrorViewModel.cs
    ├── Views
    │   ├── Authorization
    │   │   ├── Authorize.cshtml
    │   │   └── Logout.cshtml
    │   ├── Home
    │   │   ├── Index.cshtml
    │   │   └── Privacy.cshtml
    │   ├── Shared
    │   │   ├── Error.cshtml
    │   │   ├── _Layout.cshtml
    │   │   ├── _Layout.cshtml.css
    │   │   └── _LoginPartial.cshtml
    │   ├── _ViewImports.cshtml
    │   └── _ViewStart.cshtml
    ├── Worker.cs
    ├── appsettings.json
    ├── usersdatabase.sqlite
    └── wwwroot
    │   ├── css
    │       └── site.css
    │   ├── favicon.ico
    │   ├── images
    │       ├── securitykey.min.svg
    │       └── securitykey.svg
    │   ├── js
    │       ├── helpers.js
    │       ├── instant.js
    │       ├── mfa.login.js
    │       ├── mfa.register.js
    │       └── site.js
    │   └── lib
    │       ├── bootstrap
    │           ├── LICENSE
    │           └── dist
    │           │   ├── css
    │           │       ├── bootstrap-grid.css
    │           │       ├── bootstrap-grid.css.map
    │           │       ├── bootstrap-grid.min.css
    │           │       ├── bootstrap-grid.min.css.map
    │           │       ├── bootstrap-grid.rtl.css
    │           │       ├── bootstrap-grid.rtl.css.map
    │           │       ├── bootstrap-grid.rtl.min.css
    │           │       ├── bootstrap-grid.rtl.min.css.map
    │           │       ├── bootstrap-reboot.css
    │           │       ├── bootstrap-reboot.css.map
    │           │       ├── bootstrap-reboot.min.css
    │           │       ├── bootstrap-reboot.min.css.map
    │           │       ├── bootstrap-reboot.rtl.css
    │           │       ├── bootstrap-reboot.rtl.css.map
    │           │       ├── bootstrap-reboot.rtl.min.css
    │           │       ├── bootstrap-reboot.rtl.min.css.map
    │           │       ├── bootstrap-utilities.css
    │           │       ├── bootstrap-utilities.css.map
    │           │       ├── bootstrap-utilities.min.css
    │           │       ├── bootstrap-utilities.min.css.map
    │           │       ├── bootstrap-utilities.rtl.css
    │           │       ├── bootstrap-utilities.rtl.css.map
    │           │       ├── bootstrap-utilities.rtl.min.css
    │           │       ├── bootstrap-utilities.rtl.min.css.map
    │           │       ├── bootstrap.css
    │           │       ├── bootstrap.css.map
    │           │       ├── bootstrap.min.css
    │           │       ├── bootstrap.min.css.map
    │           │       ├── bootstrap.rtl.css
    │           │       ├── bootstrap.rtl.css.map
    │           │       ├── bootstrap.rtl.min.css
    │           │       └── bootstrap.rtl.min.css.map
    │           │   └── js
    │           │       ├── bootstrap.bundle.js
    │           │       ├── bootstrap.bundle.js.map
    │           │       ├── bootstrap.bundle.min.js
    │           │       ├── bootstrap.bundle.min.js.map
    │           │       ├── bootstrap.esm.js
    │           │       ├── bootstrap.esm.js.map
    │           │       ├── bootstrap.esm.min.js
    │           │       ├── bootstrap.esm.min.js.map
    │           │       ├── bootstrap.js
    │           │       ├── bootstrap.js.map
    │           │       ├── bootstrap.min.js
    │           │       └── bootstrap.min.js.map
    │       ├── jquery-validation-unobtrusive
    │           ├── LICENSE.txt
    │           └── dist
    │           │   ├── jquery.validate.unobtrusive.js
    │           │   └── jquery.validate.unobtrusive.min.js
    │       ├── jquery-validation
    │           ├── LICENSE.md
    │           └── dist
    │           │   ├── additional-methods.js
    │           │   ├── additional-methods.min.js
    │           │   ├── jquery.validate.js
    │           │   └── jquery.validate.min.js
    │       └── jquery
    │           ├── LICENSE.txt
    │           └── dist
    │               ├── jquery.js
    │               ├── jquery.min.js
    │               ├── jquery.min.map
    │               ├── jquery.slim.js
    │               ├── jquery.slim.min.js
    │               └── jquery.slim.min.map
├── LICENSE
├── README.md
├── bff-openiddict.sln
└── bff
    ├── .gitignore
    ├── server
        ├── BffOpenIddict.Server.csproj
        ├── Controllers
        │   ├── AccountController.cs
        │   ├── DirectApiController.cs
        │   └── UserController.cs
        ├── Models
        │   ├── ClaimValue.cs
        │   └── UserInfo.cs
        ├── Pages
        │   ├── Error.cshtml
        │   ├── Error.cshtml.cs
        │   └── _Host.cshtml
        ├── Program.cs
        ├── Properties
        │   └── launchSettings.json
        ├── SecurityHeadersDefinitions.cs
        ├── Services
        │   ├── ApplicationBuilderExtensions.cs
        │   └── EndpointRouteBuilderExtensions.cs
        ├── appsettings.Development.json
        ├── appsettings.json
        └── wwwroot
        │   ├── 3rdpartylicenses.txt
        │   ├── favicon.ico
        │   ├── index.html
        │   ├── main.30351b27ad0c83f9.js
        │   ├── polyfills.8cdf208185fb5862.js
        │   ├── runtime.1cb9cb05f2deb873.js
        │   └── styles.ef46db3751d8e999.css
    └── ui
        ├── .eslintignore
        ├── .eslintrc.base.json
        ├── .eslintrc.json
        ├── .gitignore
        ├── .prettierignore
        ├── .prettierrc
        ├── .vscode
            ├── extensions.json
            └── settings.json
        ├── README.md
        ├── certs
            ├── Readme.md
            ├── dev_localhost.key
            └── dev_localhost.pem
        ├── e2e
            ├── .eslintrc.json
            ├── playwright.config.ts
            ├── project.json
            └── src
            │   └── example.spec.ts
        ├── jest.config.ts
        ├── jest.preset.js
        ├── migrations.json
        ├── nx.json
        ├── package-lock.json
        ├── package.json
        ├── project.json
        ├── src
            ├── app
            │   ├── app.component.html
            │   ├── app.component.scss
            │   ├── app.component.spec.ts
            │   ├── app.component.ts
            │   ├── app.config.ts
            │   ├── app.routes.ts
            │   ├── call-api
            │   │   ├── call-api.component.html
            │   │   ├── call-api.component.scss
            │   │   ├── call-api.component.spec.ts
            │   │   └── call-api.component.ts
            │   ├── getCookie.ts
            │   ├── home.component.html
            │   ├── home.component.ts
            │   └── secure-api.interceptor.ts
            ├── assets
            │   └── .gitkeep
            ├── favicon.ico
            ├── index.html
            ├── main.ts
            ├── styles.scss
            └── test-setup.ts
        ├── tsconfig.app.json
        ├── tsconfig.editor.json
        ├── tsconfig.json
        └── tsconfig.spec.json


/.github/workflows/dotnet.yml:
--------------------------------------------------------------------------------
 1 | 
 2 | name: .NET and npm build
 3 | 
 4 | on:
 5 |   push:
 6 |     branches: [ "main" ]
 7 |   pull_request:
 8 |     branches: [ "main" ]
 9 | 
10 | jobs:
11 |   build:
12 |     runs-on: ubuntu-latest
13 | 
14 |     steps:
15 | 
16 |       - uses: actions/checkout@v4
17 |       - name: Setup .NET
18 |         uses: actions/setup-dotnet@v4
19 |         with:
20 |           dotnet-version: 9.0.x
21 | 
22 |       - name: Restore dependencies
23 |         run: dotnet restore
24 | 
25 |       - name: npm setup
26 |         working-directory: bff/ui
27 |         run: npm install --force
28 | 
29 |       - name: ui-nx-build
30 |         working-directory: bff/ui
31 |         run: npm run build
32 | 
33 |       - name: Build
34 |         run: dotnet build --no-restore
35 |       - name: Test
36 |         run: dotnet test --no-build --verbosity normal
37 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/IdentityHostingStartup.cs:
--------------------------------------------------------------------------------
 1 | [assembly: HostingStartup(typeof(OpeniddictServer.Areas.Identity.IdentityHostingStartup))]
 2 | namespace OpeniddictServer.Areas.Identity
 3 | {
 4 |     public class IdentityHostingStartup : IHostingStartup
 5 |     {
 6 |         public void Configure(IWebHostBuilder builder)
 7 |         {
 8 |             builder.ConfigureServices((context, services) =>
 9 |             {
10 |             });
11 |         }
12 |     }
13 | }
14 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/Login.cshtml:
--------------------------------------------------------------------------------
 1 | @page
 2 | @model LoginModel
 3 | 
 4 | @{
 5 |     ViewData["Title"] = "Log in";
 6 | }
 7 | 
 8 | <h1>@ViewData["Title"]</h1>
 9 | <div class="row">
10 |     <div class="col-md-4">
11 |         <section>
12 |             <form id="account" method="post">
13 |                 <h3>Use a local account to log in.</h3>
14 |                 <hr />
15 |                 <div asp-validation-summary="ModelOnly" class="text-danger"></div>
16 | 
17 |                 <div class="mb-3">
18 |                     <label asp-for="Input.Email" class="form-label"></label>
19 |                     <input asp-for="Input.Email" class="form-control" autocomplete="username" aria-required="true" aria-describedby="emailHelp" />
20 |                     <div id="emailHelp" class="form-text">We'll never share your email with anyone else.</div>
21 |                     <span asp-validation-for="Input.Email" class="text-danger"></span>
22 |                 </div>
23 |                 <div class="mb-3">
24 |                     <label asp-for="Input.Password" class="form-label"></label>
25 |                     <input asp-for="Input.Password" class="form-control" autocomplete="current-password" aria-required="true" />
26 |                     <span asp-validation-for="Input.Password" class="text-danger"></span>
27 |                 </div>
28 |                 <div class="mb-3 form-check">
29 |                     <input type="checkbox" class="form-check-input" asp-for="Input.RememberMe">
30 |                     <label class="form-check-label" asp-for="Input.RememberMe">@Html.DisplayNameFor(m => m.Input.RememberMe)</label>
31 |                 </div>
32 | 
33 |                 <div>
34 |                     <button id="login-submit" type="submit" class="w-100 btn btn-lg btn-primary">Log in</button>
35 |                 </div>
36 |                 <br />
37 |                 <div>
38 |                     <p>
39 |                         <a id="forgot-password" asp-page="./ForgotPassword">Forgot your password?</a>
40 |                     </p>
41 |                     <p>
42 |                         <a asp-page="./Register" asp-route-returnUrl="@Model.ReturnUrl">Register as a new user</a>
43 |                     </p>
44 |                     <p>
45 |                         <a id="resend-confirmation" asp-page="./ResendEmailConfirmation">Resend email confirmation</a>
46 |                     </p>
47 |                 </div>
48 |             </form>
49 |         </section>
50 |     </div>
51 |     <div class="col-md-6 col-md-offset-2">
52 |         <section>
53 |             <h3>Use another service to log in.</h3>
54 |             <hr />
55 |             @{
56 |                 if ((Model.ExternalLogins?.Count ?? 0) == 0)
57 |                 {
58 |                     <div>
59 |                         <p>
60 |                             There are no external authentication services configured. See this <a href="https://go.microsoft.com/fwlink/?LinkID=532715">article
61 |                             about setting up this ASP.NET application to support logging in via external services</a>.
62 |                         </p>
63 |                     </div>
64 |                 }
65 |                 else
66 |                 {
67 |                     <form id="external-account" asp-page="./ExternalLogin" asp-route-returnUrl="@Model.ReturnUrl" method="post" class="form-horizontal">
68 |                         <div>
69 |                             <p>
70 |                                 @foreach (var provider in Model.ExternalLogins)
71 |                                 {
72 |                                     <button type="submit" class="w-100 btn btn-lg btn-primary" name="provider" value="@provider.Name" title="Log in using your @provider.DisplayName account">@provider.DisplayName</button>
73 |                                 }
74 |                             </p>
75 |                         </div>
76 |                     </form>
77 |                 }
78 |             }
79 |         </section>
80 |     </div>
81 | </div>
82 | 
83 | @section Scripts {
84 |     <script src="~/lib/jquery-validation/dist/jquery.validate.min.js"></script>
85 |     <script src="~/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.min.js"></script>
86 | }
87 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/Login.cshtml.cs:
--------------------------------------------------------------------------------
  1 | // Licensed to the .NET Foundation under one or more agreements.
  2 | // The .NET Foundation licenses this file to you under the MIT license.
  3 | #nullable disable
  4 | 
  5 | using Fido2Identity;
  6 | using Microsoft.AspNetCore.Authentication;
  7 | using Microsoft.AspNetCore.Identity;
  8 | using Microsoft.AspNetCore.Mvc;
  9 | using Microsoft.AspNetCore.Mvc.RazorPages;
 10 | using OpeniddictServer.Data;
 11 | using System.ComponentModel.DataAnnotations;
 12 | 
 13 | namespace OpeniddictServer.Areas.Identity.Pages.Account
 14 | {
 15 |     public class LoginModel : PageModel
 16 |     {
 17 |         private readonly SignInManager<ApplicationUser> _signInManager;
 18 |         private readonly Fido2Store _fido2Store;
 19 |         private readonly ILogger<LoginModel> _logger;
 20 | 
 21 |         public LoginModel(SignInManager<ApplicationUser> signInManager,
 22 |             Fido2Store fido2Store,
 23 |             ILogger<LoginModel> logger)
 24 |         {
 25 |             _signInManager = signInManager;
 26 |             _fido2Store = fido2Store;
 27 |             _logger = logger;
 28 |         }
 29 | 
 30 |         /// <summary>
 31 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 32 |         ///     directly from your code. This API may change or be removed in future releases.
 33 |         /// </summary>
 34 |         [BindProperty]
 35 |         public InputModel Input { get; set; }
 36 | 
 37 |         /// <summary>
 38 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 39 |         ///     directly from your code. This API may change or be removed in future releases.
 40 |         /// </summary>
 41 |         public IList<AuthenticationScheme> ExternalLogins { get; set; }
 42 | 
 43 |         /// <summary>
 44 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 45 |         ///     directly from your code. This API may change or be removed in future releases.
 46 |         /// </summary>
 47 |         public string ReturnUrl { get; set; }
 48 | 
 49 |         /// <summary>
 50 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 51 |         ///     directly from your code. This API may change or be removed in future releases.
 52 |         /// </summary>
 53 |         [TempData]
 54 |         public string ErrorMessage { get; set; }
 55 | 
 56 |         /// <summary>
 57 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 58 |         ///     directly from your code. This API may change or be removed in future releases.
 59 |         /// </summary>
 60 |         public class InputModel
 61 |         {
 62 |             /// <summary>
 63 |             ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 64 |             ///     directly from your code. This API may change or be removed in future releases.
 65 |             /// </summary>
 66 |             [Required]
 67 |             [EmailAddress]
 68 |             public string Email { get; set; }
 69 | 
 70 |             /// <summary>
 71 |             ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 72 |             ///     directly from your code. This API may change or be removed in future releases.
 73 |             /// </summary>
 74 |             [Required]
 75 |             [DataType(DataType.Password)]
 76 |             public string Password { get; set; }
 77 | 
 78 |             /// <summary>
 79 |             ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 80 |             ///     directly from your code. This API may change or be removed in future releases.
 81 |             /// </summary>
 82 |             [Display(Name = "Remember me?")]
 83 |             public bool RememberMe { get; set; }
 84 |         }
 85 | 
 86 |         public async Task OnGetAsync(string returnUrl = null)
 87 |         {
 88 |             if (!string.IsNullOrEmpty(ErrorMessage))
 89 |             {
 90 |                 ModelState.AddModelError(string.Empty, ErrorMessage);
 91 |             }
 92 | 
 93 |             returnUrl ??= Url.Content("~/");
 94 | 
 95 |             // Clear the existing external cookie to ensure a clean login process
 96 |             await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
 97 | 
 98 |             ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
 99 | 
100 |             ReturnUrl = returnUrl;
101 |         }
102 | 
103 |         public async Task<IActionResult> OnPostAsync(string returnUrl = null)
104 |         {
105 |             returnUrl ??= Url.Content("~/");
106 | 
107 |             ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
108 | 
109 |             if (ModelState.IsValid)
110 |             {
111 |                 // This doesn't count login failures towards account lockout
112 |                 // To enable password failures to trigger account lockout, set lockoutOnFailure: true
113 |                 var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);
114 |                 if (result.Succeeded)
115 |                 {
116 |                     _logger.LogInformation("User logged in.");
117 |                     return LocalRedirect(returnUrl);
118 |                 }
119 |                 if (result.RequiresTwoFactor)
120 |                 {
121 |                     var fido2ItemExistsForUser = await _fido2Store.GetCredentialsByUserNameAsync(Input.Email);
122 |                     if (fido2ItemExistsForUser.Count > 0)
123 |                     {
124 |                         return RedirectToPage("./LoginFido2Mfa", new { ReturnUrl = returnUrl, Input.RememberMe });
125 |                     }
126 | 
127 |                     return RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe });
128 |                 }
129 |                 if (result.IsLockedOut)
130 |                 {
131 |                     _logger.LogWarning("User account locked out.");
132 |                     return RedirectToPage("./Lockout");
133 |                 }
134 |                 else
135 |                 {
136 |                     ModelState.AddModelError(string.Empty, "Invalid login attempt.");
137 |                     return Page();
138 |                 }
139 |             }
140 | 
141 |             // If we got this far, something failed, redisplay form
142 |             return Page();
143 |         }
144 |     }
145 | }
146 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/LoginFido2Mfa.cshtml:
--------------------------------------------------------------------------------
 1 | @page
 2 | 
 3 | @using Microsoft.AspNetCore.Identity
 4 | @inject SignInManager<ApplicationUser> SignInManager
 5 | @inject UserManager<ApplicationUser> UserManager
 6 | @inject Microsoft.AspNetCore.Antiforgery.IAntiforgery Xsrf
 7 | @functions{
 8 |     public string? GetAntiXsrfRequestToken()
 9 |     {
10 |         return Xsrf.GetAndStoreTokens(this.HttpContext).RequestToken;
11 |     }
12 | }
13 | @model OpeniddictServer.Areas.Identity.Pages.Account.MfaModel
14 | @{
15 |     ViewData["Title"] = "Login with Fido2 MFA";
16 | }
17 | 
18 | <h4>@ViewData["Title"]</h4>
19 | <div class="section">
20 |     <div class="container">
21 |         <h1 class="title is-1">2FA/MFA</h1>
22 |         <div class="content"><p>This is scenario where we just want to use FIDO as the MFA. The user register and logins with their username and password. For demo purposes, we trigger the MFA registering on sign up.</p></div>
23 |         <div class="notification is-danger" style="display:none">
24 |             Please note: Your browser does not seem to support WebAuthn yet. <a href="https://caniuse.com/#search=webauthn" target="_blank">Supported browsers</a>
25 |         </div>
26 | 
27 |         <div class="columns">
28 |             <div class="column is-4">
29 | 
30 |                 <h3 class="title is-3">Fido2 2FA</h3>
31 |                 <form action="/LoginFido2Mfa" method="post" id="signin">
32 |                     <input type="hidden" id="RequestVerificationToken" name="RequestVerificationToken" value="@GetAntiXsrfRequestToken()">
33 |                     <div class="field">
34 |                         <div class="control">
35 |                             <button class="btn btn-primary">2FA with FIDO2 device</button>
36 |                         </div>
37 |                     </div>
38 |                 </form>
39 |             </div>
40 |         </div>
41 | 
42 |         <div id="fido2logindisplay"></div>
43 | 
44 |     </div>
45 | </div>
46 | 
47 | <div style="display:none" id="fido2TapKeyToLogin">FIDO2_TAP_YOUR_SECURITY_KEY_TO_LOGIN</div>
48 | <div style="display:none" id="fido2CouldNotVerifyAssertion">FIDO2_COULD_NOT_VERIFY_ASSERTION</div>
49 | <div style="display:none" id="fido2ReturnUrl">@Model.ReturnUrl</div>
50 | 
51 | 
52 | <script src="~/js/helpers.js"></script>
53 | <script src="~/js/instant.js"></script>
54 | <script src="~/js/mfa.login.js"></script>


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/LoginFido2Mfa.cshtml.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.AspNetCore.Authorization;
 2 | using Microsoft.AspNetCore.Mvc;
 3 | using Microsoft.AspNetCore.Mvc.RazorPages;
 4 | 
 5 | namespace OpeniddictServer.Areas.Identity.Pages.Account;
 6 | 
 7 | [AllowAnonymous]
 8 | public class MfaModel : PageModel
 9 | {
10 |     [BindProperty(SupportsGet = true)]
11 |     public bool RememberMe { get; set; }
12 | 
13 |     [BindProperty(SupportsGet = true)]
14 |     public string? ReturnUrl { get; set; }
15 | 
16 |     public void OnGet()
17 |     {
18 |     }
19 | 
20 |     public void OnPost()
21 |     {
22 |     }
23 | }
24 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/Manage/Disable2fa.cshtml:
--------------------------------------------------------------------------------
 1 | @page
 2 | @model Disable2faModel
 3 | @{
 4 |     ViewData["Title"] = "Disable two-factor authentication (2FA)";
 5 |     ViewData["ActivePage"] = ManageNavPages.TwoFactorAuthentication;
 6 | }
 7 | 
 8 | <partial name="_StatusMessage" for="StatusMessage" />
 9 | <h3>@ViewData["Title"]</h3>
10 | 
11 | <div class="alert alert-warning" role="alert">
12 |     <p>
13 |         <strong>This action only disables 2FA.</strong>
14 |     </p>
15 |     <p>
16 |         Disabling 2FA does not change the keys used in authenticator apps. If you wish to change the key
17 |         used in an authenticator app you should <a asp-page="./ResetAuthenticator">reset your authenticator keys.</a>
18 |     </p>
19 | </div>
20 | 
21 | <div>
22 |     <form method="post">
23 |         <button class="btn btn-danger" type="submit">Disable 2FA</button>
24 |     </form>
25 | </div>
26 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/Manage/Disable2fa.cshtml.cs:
--------------------------------------------------------------------------------
 1 | // Licensed to the .NET Foundation under one or more agreements.
 2 | // The .NET Foundation licenses this file to you under the MIT license.
 3 | #nullable disable
 4 | 
 5 | using Fido2Identity;
 6 | using Microsoft.AspNetCore.Identity;
 7 | using Microsoft.AspNetCore.Mvc;
 8 | using Microsoft.AspNetCore.Mvc.RazorPages;
 9 | using OpeniddictServer.Data;
10 | 
11 | namespace OpeniddictServer.Areas.Identity.Pages.Account.Manage
12 | {
13 |     public class Disable2faModel : PageModel
14 |     {
15 |         private readonly UserManager<ApplicationUser> _userManager;
16 |         private readonly ILogger<Disable2faModel> _logger;
17 |         private readonly Fido2Store _fido2Store;
18 | 
19 |         public Disable2faModel(
20 |             UserManager<ApplicationUser> userManager,
21 |             Fido2Store fido2Store,
22 |             ILogger<Disable2faModel> logger)
23 |         {
24 |             _userManager = userManager;
25 |             _fido2Store = fido2Store;
26 |             _logger = logger;
27 |         }
28 | 
29 |         /// <summary>
30 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
31 |         ///     directly from your code. This API may change or be removed in future releases.
32 |         /// </summary>
33 |         [TempData]
34 |         public string StatusMessage { get; set; }
35 | 
36 |         public async Task<IActionResult> OnGet()
37 |         {
38 |             var user = await _userManager.GetUserAsync(User);
39 |             if (user == null)
40 |             {
41 |                 return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
42 |             }
43 | 
44 |             if (!await _userManager.GetTwoFactorEnabledAsync(user))
45 |             {
46 |                 throw new InvalidOperationException($"Cannot disable 2FA for user as it's not currently enabled.");
47 |             }
48 | 
49 |             return Page();
50 |         }
51 | 
52 |         public async Task<IActionResult> OnPostAsync()
53 |         {
54 |             var user = await _userManager.GetUserAsync(User);
55 |             if (user == null)
56 |             {
57 |                 return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
58 |             }
59 | 
60 |             // remove Fido2 MFA if it exists
61 |             await _fido2Store.RemoveCredentialsByUserNameAsync(user.UserName);
62 | 
63 |             var disable2faResult = await _userManager.SetTwoFactorEnabledAsync(user, false);
64 |             if (!disable2faResult.Succeeded)
65 |             {
66 |                 throw new InvalidOperationException($"Unexpected error occurred disabling 2FA.");
67 |             }
68 | 
69 |             _logger.LogInformation("User with ID '{UserId}' has disabled 2fa.", _userManager.GetUserId(User));
70 |             StatusMessage = "2fa has been disabled. You can reenable 2fa when you setup an authenticator app";
71 |             return RedirectToPage("./TwoFactorAuthentication");
72 |         }
73 |     }
74 | }
75 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/Manage/Fido2Mfa.cshtml:
--------------------------------------------------------------------------------
 1 | @page "/Fido2Mfa/{handler?}"
 2 | @using Microsoft.AspNetCore.Identity
 3 | @inject SignInManager<ApplicationUser> SignInManager
 4 | @inject UserManager<ApplicationUser> UserManager
 5 | @inject Microsoft.AspNetCore.Antiforgery.IAntiforgery Xsrf
 6 | @functions{
 7 |     public string? GetAntiXsrfRequestToken()
 8 |     {
 9 |         return Xsrf.GetAndStoreTokens(this.HttpContext).RequestToken;
10 |     }
11 | }
12 | @model OpeniddictServer.Areas.Identity.Pages.Account.Manage.MfaModel
13 | @{
14 |     Layout = "_Layout.cshtml";
15 |     ViewData["Title"] = "Two-factor authentication (2FA)";
16 |     ViewData["ActivePage"] = ManageNavPages.Fido2Mfa;
17 | }
18 | 
19 | <h4>@ViewData["Title"]</h4>
20 | <div class="section">
21 |     <div class="container">
22 |         <h1 class="title is-1">2FA/MFA</h1>
23 |         <div class="content"><p>This is scenario where we just want to use FIDO as the MFA. The user register and logins with their username and password. For demo purposes, we trigger the MFA registering on sign up.</p></div>
24 |         <div class="notification is-danger" style="display:none">
25 |             Please note: Your browser does not seem to support WebAuthn yet. <a href="https://caniuse.com/#search=webauthn" target="_blank">Supported browsers</a>
26 |         </div>
27 | 
28 |         <div class="columns">
29 |             <div class="column is-4">
30 | 
31 |                 <h3 class="title is-3">Add a Fido2 MFA</h3>
32 |                 <form action="/Fido2Mfa" method="post" id="register">
33 |                     <input type="hidden" id="RequestVerificationToken" name="RequestVerificationToken" value="@GetAntiXsrfRequestToken()">
34 |                     <div class="field">
35 |                         <label class="label">Username</label>
36 |                         <div class="control has-icons-left has-icons-right">
37 |                             <input class="form-control" type="text" readonly placeholder="email" value="@User.Identity?.Name" name="username" required>
38 |                         </div>
39 |                     </div>
40 | 
41 |                     <div class="field" style="margin-top:10px;">
42 |                         <div class="control">
43 |                             <button class="btn btn-primary">Add FIDO2 MFA</button>
44 |                         </div>
45 |                     </div>
46 |                 </form>
47 |             </div>
48 |         </div>
49 | 
50 | 
51 |         <div id="fido2mfadisplay"></div>
52 | 
53 |     </div>
54 | </div>
55 | 
56 | 
57 | <div style="display:none" id="fido2TapYourSecurityKeyToFinishRegistration">FIDO2_TAP_YOUR_SECURITY_KEY_TO_FINISH_REGISTRATION</div>
58 | <div style="display:none" id="fido2RegistrationError">FIDO2_REGISTRATION_ERROR</div>
59 | 
60 | <script src="~/js/helpers.js"></script>
61 | <script src="~/js/instant.js"></script>
62 | <script src="~/js/mfa.register.js"></script>


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/Manage/Fido2Mfa.cshtml.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.AspNetCore.Mvc.RazorPages;
 2 | 
 3 | namespace OpeniddictServer.Areas.Identity.Pages.Account.Manage;
 4 | 
 5 | public class MfaModel : PageModel
 6 | {
 7 |     public void OnGet()
 8 |     {
 9 |     }
10 | 
11 |     public void OnPost()
12 |     {
13 |     }
14 | }
15 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/Manage/ManageNavPages.cs:
--------------------------------------------------------------------------------
  1 | // Licensed to the .NET Foundation under one or more agreements.
  2 | // The .NET Foundation licenses this file to you under the MIT license.
  3 | #nullable disable
  4 | 
  5 | using Microsoft.AspNetCore.Mvc.Rendering;
  6 | 
  7 | namespace OpeniddictServer.Areas.Identity.Pages.Account.Manage
  8 | {
  9 |     /// <summary>
 10 |     ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 11 |     ///     directly from your code. This API may change or be removed in future releases.
 12 |     /// </summary>
 13 |     public static class ManageNavPages
 14 |     {
 15 |         /// <summary>
 16 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 17 |         ///     directly from your code. This API may change or be removed in future releases.
 18 |         /// </summary>
 19 |         public static string Index => "Index";
 20 | 
 21 |         /// <summary>
 22 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 23 |         ///     directly from your code. This API may change or be removed in future releases.
 24 |         /// </summary>
 25 |         public static string Email => "Email";
 26 | 
 27 |         /// <summary>
 28 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 29 |         ///     directly from your code. This API may change or be removed in future releases.
 30 |         /// </summary>
 31 |         public static string ChangePassword => "ChangePassword";
 32 | 
 33 |         /// <summary>
 34 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 35 |         ///     directly from your code. This API may change or be removed in future releases.
 36 |         /// </summary>
 37 |         public static string DownloadPersonalData => "DownloadPersonalData";
 38 | 
 39 |         /// <summary>
 40 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 41 |         ///     directly from your code. This API may change or be removed in future releases.
 42 |         /// </summary>
 43 |         public static string DeletePersonalData => "DeletePersonalData";
 44 | 
 45 |         /// <summary>
 46 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 47 |         ///     directly from your code. This API may change or be removed in future releases.
 48 |         /// </summary>
 49 |         public static string ExternalLogins => "ExternalLogins";
 50 | 
 51 |         /// <summary>
 52 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 53 |         ///     directly from your code. This API may change or be removed in future releases.
 54 |         /// </summary>
 55 |         public static string PersonalData => "PersonalData";
 56 | 
 57 |         /// <summary>
 58 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 59 |         ///     directly from your code. This API may change or be removed in future releases.
 60 |         /// </summary>
 61 |         public static string TwoFactorAuthentication => "TwoFactorAuthentication";
 62 | 
 63 |         public static string Fido2Mfa => "Fido2Mfa";
 64 | 
 65 |         /// <summary>
 66 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 67 |         ///     directly from your code. This API may change or be removed in future releases.
 68 |         /// </summary>
 69 |         public static string IndexNavClass(ViewContext viewContext) => PageNavClass(viewContext, Index);
 70 | 
 71 |         /// <summary>
 72 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 73 |         ///     directly from your code. This API may change or be removed in future releases.
 74 |         /// </summary>
 75 |         public static string EmailNavClass(ViewContext viewContext) => PageNavClass(viewContext, Email);
 76 | 
 77 |         /// <summary>
 78 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 79 |         ///     directly from your code. This API may change or be removed in future releases.
 80 |         /// </summary>
 81 |         public static string ChangePasswordNavClass(ViewContext viewContext) => PageNavClass(viewContext, ChangePassword);
 82 | 
 83 |         /// <summary>
 84 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 85 |         ///     directly from your code. This API may change or be removed in future releases.
 86 |         /// </summary>
 87 |         public static string DownloadPersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, DownloadPersonalData);
 88 | 
 89 |         /// <summary>
 90 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 91 |         ///     directly from your code. This API may change or be removed in future releases.
 92 |         /// </summary>
 93 |         public static string DeletePersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, DeletePersonalData);
 94 | 
 95 |         /// <summary>
 96 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
 97 |         ///     directly from your code. This API may change or be removed in future releases.
 98 |         /// </summary>
 99 |         public static string ExternalLoginsNavClass(ViewContext viewContext) => PageNavClass(viewContext, ExternalLogins);
100 | 
101 |         /// <summary>
102 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
103 |         ///     directly from your code. This API may change or be removed in future releases.
104 |         /// </summary>
105 |         public static string PersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, PersonalData);
106 | 
107 |         /// <summary>
108 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
109 |         ///     directly from your code. This API may change or be removed in future releases.
110 |         /// </summary>
111 |         public static string TwoFactorAuthenticationNavClass(ViewContext viewContext) => PageNavClass(viewContext, TwoFactorAuthentication);
112 | 
113 |         public static string Fido2MfaNavClass(ViewContext viewContext) => PageNavClass(viewContext, Fido2Mfa);
114 | 
115 |         /// <summary>
116 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
117 |         ///     directly from your code. This API may change or be removed in future releases.
118 |         /// </summary>
119 |         public static string PageNavClass(ViewContext viewContext, string page)
120 |         {
121 |             var activePage = viewContext.ViewData["ActivePage"] as string
122 |                 ?? System.IO.Path.GetFileNameWithoutExtension(viewContext.ActionDescriptor.DisplayName);
123 |             return string.Equals(activePage, page, StringComparison.OrdinalIgnoreCase) ? "active" : null;
124 |         }
125 |     }
126 | }
127 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/Manage/TwoFactorAuthentication.cshtml:
--------------------------------------------------------------------------------
 1 | @page
 2 | @using Microsoft.AspNetCore.Http.Features
 3 | @model TwoFactorAuthenticationModel
 4 | @{
 5 |     ViewData["Title"] = "Two-factor authentication (2FA)";
 6 |     ViewData["ActivePage"] = ManageNavPages.TwoFactorAuthentication;
 7 | }
 8 | 
 9 | <partial name="_StatusMessage" for="StatusMessage" />
10 | <h3>@ViewData["Title"]</h3>
11 | @{
12 |     var consentFeature = HttpContext.Features.Get<ITrackingConsentFeature>();
13 |     @if (consentFeature?.CanTrack ?? true)
14 |     {
15 |         @if (Model.Is2faEnabled)
16 |         {
17 |             if (Model.RecoveryCodesLeft == 0)
18 |             {
19 |                 <div class="alert alert-danger">
20 |                     <strong>You have no recovery codes left.</strong>
21 |                     <p>You must <a asp-page="./GenerateRecoveryCodes">generate a new set of recovery codes</a> before you can log in with a recovery code.</p>
22 |                 </div>
23 |             }
24 |             else if (Model.RecoveryCodesLeft == 1)
25 |             {
26 |                 <div class="alert alert-danger">
27 |                     <strong>You have 1 recovery code left.</strong>
28 |                     <p>You can <a asp-page="./GenerateRecoveryCodes">generate a new set of recovery codes</a>.</p>
29 |                 </div>
30 |             }
31 |             else if (Model.RecoveryCodesLeft <= 3)
32 |             {
33 |                 <div class="alert alert-warning">
34 |                     <strong>You have @Model.RecoveryCodesLeft recovery codes left.</strong>
35 |                     <p>You should <a asp-page="./GenerateRecoveryCodes">generate a new set of recovery codes</a>.</p>
36 |                 </div>
37 |             }
38 | 
39 |             if (Model.IsMachineRemembered)
40 |             {
41 |                 <form method="post" style="display: inline-block">
42 |                     <button type="submit" class="btn btn-primary">Forget this browser</button>
43 |                 </form>
44 |             }
45 |             <a asp-page="./Disable2fa" class="btn btn-primary">Disable 2FA</a>
46 |             <a asp-page="./GenerateRecoveryCodes" class="btn btn-primary">Reset recovery codes</a>
47 |         }
48 | 
49 |         <h4>Authenticator app</h4>
50 |         @if (!Model.HasAuthenticator)
51 |         {
52 |             <a id="enable-authenticator" asp-page="./EnableAuthenticator" class="btn btn-primary">Add authenticator app</a>
53 |         }
54 |         else
55 |         {
56 |             <a id="enable-authenticator" asp-page="./EnableAuthenticator" class="btn btn-primary">Set up authenticator app</a>
57 |             <a id="reset-authenticator" asp-page="./ResetAuthenticator" class="btn btn-primary">Reset authenticator app</a>
58 |         }
59 |     }
60 |     else
61 |     {
62 |         <div class="alert alert-danger">
63 |             <strong>Privacy and cookie policy have not been accepted.</strong>
64 |             <p>You must accept the policy before you can enable two factor authentication.</p>
65 |         </div>
66 |     }
67 | }
68 | 
69 | <a id="enable-fido2mfa" asp-page="./Fido2Mfa" class="btn btn-primary">Add Fido2 MFA</a>
70 | 
71 | @section Scripts {
72 |     <script src="~/lib/jquery-validation/dist/jquery.validate.min.js"></script>
73 |     <script src="~/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.min.js"></script>
74 | }
75 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/Manage/TwoFactorAuthentication.cshtml.cs:
--------------------------------------------------------------------------------
 1 | // Licensed to the .NET Foundation under one or more agreements.
 2 | // The .NET Foundation licenses this file to you under the MIT license.
 3 | #nullable disable
 4 | 
 5 | using Microsoft.AspNetCore.Identity;
 6 | using Microsoft.AspNetCore.Mvc;
 7 | using Microsoft.AspNetCore.Mvc.RazorPages;
 8 | using OpeniddictServer.Data;
 9 | 
10 | namespace OpeniddictServer.Areas.Identity.Pages.Account.Manage
11 | {
12 |     public class TwoFactorAuthenticationModel : PageModel
13 |     {
14 |         private readonly UserManager<ApplicationUser> _userManager;
15 |         private readonly SignInManager<ApplicationUser> _signInManager;
16 | 
17 |         public TwoFactorAuthenticationModel(
18 |             UserManager<ApplicationUser> userManager, SignInManager<ApplicationUser> signInManager)
19 |         {
20 |             _userManager = userManager;
21 |             _signInManager = signInManager;
22 |         }
23 | 
24 |         /// <summary>
25 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
26 |         ///     directly from your code. This API may change or be removed in future releases.
27 |         /// </summary>
28 |         public bool HasAuthenticator { get; set; }
29 | 
30 |         /// <summary>
31 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
32 |         ///     directly from your code. This API may change or be removed in future releases.
33 |         /// </summary>
34 |         public int RecoveryCodesLeft { get; set; }
35 | 
36 |         /// <summary>
37 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
38 |         ///     directly from your code. This API may change or be removed in future releases.
39 |         /// </summary>
40 |         [BindProperty]
41 |         public bool Is2faEnabled { get; set; }
42 | 
43 |         /// <summary>
44 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
45 |         ///     directly from your code. This API may change or be removed in future releases.
46 |         /// </summary>
47 |         public bool IsMachineRemembered { get; set; }
48 | 
49 |         /// <summary>
50 |         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
51 |         ///     directly from your code. This API may change or be removed in future releases.
52 |         /// </summary>
53 |         [TempData]
54 |         public string StatusMessage { get; set; }
55 | 
56 |         public async Task<IActionResult> OnGetAsync()
57 |         {
58 |             var user = await _userManager.GetUserAsync(User);
59 |             if (user == null)
60 |             {
61 |                 return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
62 |             }
63 | 
64 |             HasAuthenticator = await _userManager.GetAuthenticatorKeyAsync(user) != null;
65 |             Is2faEnabled = await _userManager.GetTwoFactorEnabledAsync(user);
66 |             IsMachineRemembered = await _signInManager.IsTwoFactorClientRememberedAsync(user);
67 |             RecoveryCodesLeft = await _userManager.CountRecoveryCodesAsync(user);
68 | 
69 |             return Page();
70 |         }
71 | 
72 |         public async Task<IActionResult> OnPostAsync()
73 |         {
74 |             var user = await _userManager.GetUserAsync(User);
75 |             if (user == null)
76 |             {
77 |                 return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
78 |             }
79 | 
80 |             await _signInManager.ForgetTwoFactorClientAsync();
81 |             StatusMessage = "The current browser has been forgotten. When you login again from this browser you will be prompted for your 2fa code.";
82 |             return RedirectToPage();
83 |         }
84 |     }
85 | }
86 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/Manage/_ManageNav.cshtml:
--------------------------------------------------------------------------------
 1 | @inject SignInManager<ApplicationUser> SignInManager
 2 | @{
 3 |     var hasExternalLogins = (await SignInManager.GetExternalAuthenticationSchemesAsync()).Any();
 4 | }
 5 | <ul class="nav nav-pills flex-column">
 6 |     <li class="nav-item"><a class="nav-link @ManageNavPages.IndexNavClass(ViewContext)" id="profile" asp-page="./Index">Profile</a></li>
 7 |     <li class="nav-item"><a class="nav-link @ManageNavPages.EmailNavClass(ViewContext)" id="email" asp-page="./Email">Email</a></li>
 8 |     <li class="nav-item"><a class="nav-link @ManageNavPages.ChangePasswordNavClass(ViewContext)" id="change-password" asp-page="./ChangePassword">Password</a></li>
 9 |     @if (hasExternalLogins)
10 |     {
11 |         <li id="external-logins" class="nav-item"><a id="external-login" class="nav-link @ManageNavPages.ExternalLoginsNavClass(ViewContext)" asp-page="./ExternalLogins">External logins</a></li>
12 |     }
13 |     <li class="nav-item"><a class="nav-link @ManageNavPages.TwoFactorAuthenticationNavClass(ViewContext)" id="two-factor" asp-page="./TwoFactorAuthentication">Two-factor authentication</a></li>
14 |     <li class="nav-item"><a class="nav-link @ManageNavPages.PersonalDataNavClass(ViewContext)" id="personal-data" asp-page="./PersonalData">Personal data</a></li>
15 | </ul>
16 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/Manage/_ViewImports.cshtml:
--------------------------------------------------------------------------------
1 | @using OpeniddictServer.Areas.Identity.Pages.Account.Manage
2 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/Account/_ViewImports.cshtml:
--------------------------------------------------------------------------------
1 | @using OpeniddictServer.Areas.Identity.Pages.Account


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/_ValidationScriptsPartial.cshtml:
--------------------------------------------------------------------------------
 1 | <environment include="Development">
 2 |     <script src="~/Identity/lib/jquery-validation/dist/jquery.validate.js"></script>
 3 |     <script src="~/Identity/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.js"></script>
 4 | </environment>
 5 | <environment exclude="Development">
 6 |     <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.17.0/jquery.validate.min.js"
 7 |             asp-fallback-src="~/Identity/lib/jquery-validation/dist/jquery.validate.min.js"
 8 |             asp-fallback-test="window.jQuery && window.jQuery.validator"
 9 |             crossorigin="anonymous"
10 |             integrity="sha384-rZfj/ogBloos6wzLGpPkkOr/gpkBNLZ6b6yLy4o+ok+t/SAKlL5mvXLr0OXNi1Hp">
11 |     </script>
12 |     <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/3.2.11/jquery.validate.unobtrusive.min.js"
13 |             asp-fallback-src="~/Identity/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.min.js"
14 |             asp-fallback-test="window.jQuery && window.jQuery.validator && window.jQuery.validator.unobtrusive"
15 |             crossorigin="anonymous"
16 |             integrity="sha384-R3vNCHsZ+A2Lo3d5A6XNP7fdQkeswQWTIPfiYwSpEP3YV079R+93YzTeZRah7f/F">
17 |     </script>
18 | </environment>
19 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/_ViewImports.cshtml:
--------------------------------------------------------------------------------
1 | @using Microsoft.AspNetCore.Identity
2 | @using OpeniddictServer.Areas.Identity
3 | @using OpeniddictServer.Areas.Identity.Pages
4 | @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
5 | @using OpeniddictServer.Data
6 | 


--------------------------------------------------------------------------------
/IdentityProvider/Areas/Identity/Pages/_ViewStart.cshtml:
--------------------------------------------------------------------------------
1 | 
2 | @{
3 |     Layout = "/Views/Shared/_Layout.cshtml";
4 | }
5 | 


--------------------------------------------------------------------------------
/IdentityProvider/Controllers/ErrorController.cs:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
 3 |  * See https://github.com/openiddict/openiddict-core for more information concerning
 4 |  * the license and the contributors participating to this project.
 5 |  */
 6 | 
 7 | using Microsoft.AspNetCore;
 8 | using Microsoft.AspNetCore.Mvc;
 9 | using OpeniddictServer.ViewModels.Shared;
10 | 
11 | namespace OpeniddictServer.Controllers;
12 | 
13 | public class ErrorController : Controller
14 | {
15 |     [Route("error")]
16 |     [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
17 |     public IActionResult Error()
18 |     {
19 |         // If the error was not caused by an invalid
20 |         // OIDC request, display a generic error page.
21 |         var response = HttpContext.GetOpenIddictServerResponse();
22 |         if (response == null)
23 |         {
24 |             return View(new ErrorViewModel());
25 |         }
26 | 
27 |         return View(new ErrorViewModel
28 |         {
29 |             Error = response.Error,
30 |             ErrorDescription = response.ErrorDescription
31 |         });
32 |     }
33 | }
34 | 


--------------------------------------------------------------------------------
/IdentityProvider/Controllers/HomeController.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.AspNetCore.Mvc;
 2 | 
 3 | namespace OpeniddictServer.Controllers;
 4 | 
 5 | public class HomeController : Controller
 6 | {
 7 |     private readonly ILogger<HomeController> _logger;
 8 | 
 9 |     public HomeController(ILogger<HomeController> logger)
10 |     {
11 |         _logger = logger;
12 |     }
13 | 
14 |     public IActionResult Index()
15 |     {
16 |         return View();
17 |     }
18 | 
19 |     public IActionResult Privacy()
20 |     {
21 |         return View();
22 |     }
23 | 
24 |     public IActionResult Error()
25 |     {
26 |         return View();
27 |     }
28 | }
29 | 


--------------------------------------------------------------------------------
/IdentityProvider/Controllers/ResourceController.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.AspNetCore.Authorization;
 2 | using Microsoft.AspNetCore.Identity;
 3 | using Microsoft.AspNetCore.Mvc;
 4 | using OpenIddict.Validation.AspNetCore;
 5 | using OpeniddictServer.Data;
 6 | 
 7 | namespace OpeniddictServer.Controllers;
 8 | 
 9 | [Route("api")]
10 | public class ResourceController : Controller
11 | {
12 |     private readonly UserManager<ApplicationUser> _userManager;
13 | 
14 |     public ResourceController(UserManager<ApplicationUser> userManager)
15 |         => _userManager = userManager;
16 | 
17 |     [Authorize(AuthenticationSchemes = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)]
18 |     [HttpGet("message")]
19 |     public async Task<IActionResult> GetMessage()
20 |     {
21 |         var user = await _userManager.GetUserAsync(User);
22 |         if (user == null)
23 |         {
24 |             return BadRequest();
25 |         }
26 | 
27 |         return Content($"{user.UserName} has been successfully authenticated.");
28 |     }
29 | }
30 | 


--------------------------------------------------------------------------------
/IdentityProvider/Controllers/UserinfoController.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.AspNetCore.Authentication;
 2 | using Microsoft.AspNetCore.Authorization;
 3 | using Microsoft.AspNetCore.Identity;
 4 | using Microsoft.AspNetCore.Mvc;
 5 | using OpenIddict.Abstractions;
 6 | using OpenIddict.Server.AspNetCore;
 7 | using OpeniddictServer.Data;
 8 | using static OpenIddict.Abstractions.OpenIddictConstants;
 9 | 
10 | namespace OpeniddictServer.Controllers;
11 | 
12 | public class UserinfoController : Controller
13 | {
14 |     private readonly UserManager<ApplicationUser> _userManager;
15 | 
16 |     public UserinfoController(UserManager<ApplicationUser> userManager)
17 |         => _userManager = userManager;
18 | 
19 |     //
20 |     // GET: /api/userinfo
21 |     [Authorize(AuthenticationSchemes = OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)]
22 |     [HttpGet("~/connect/userinfo"), HttpPost("~/connect/userinfo"), Produces("application/json")]
23 |     public async Task<IActionResult> Userinfo()
24 |     {
25 |         var user = await _userManager.GetUserAsync(User);
26 |         if (user == null)
27 |         {
28 |             return Challenge(
29 |                 authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
30 |                 properties: new AuthenticationProperties(new Dictionary<string, string>
31 |                 {
32 |                     [OpenIddictServerAspNetCoreConstants.Properties.Error] = Errors.InvalidToken,
33 |                     [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] =
34 |                         "The specified access token is bound to an account that no longer exists."
35 |                 }));
36 |         }
37 | 
38 |         var claims = new Dictionary<string, object>(StringComparer.Ordinal)
39 |         {
40 |             // Note: the "sub" claim is a mandatory claim and must be included in the JSON response.
41 |             [Claims.Subject] = await _userManager.GetUserIdAsync(user)
42 |         };
43 | 
44 |         if (User.HasScope(Scopes.Email))
45 |         {
46 |             claims[Claims.Email] = await _userManager.GetEmailAsync(user);
47 |             claims[Claims.EmailVerified] = await _userManager.IsEmailConfirmedAsync(user);
48 |         }
49 | 
50 |         if (User.HasScope(Scopes.Phone))
51 |         {
52 |             claims[Claims.PhoneNumber] = await _userManager.GetPhoneNumberAsync(user);
53 |             claims[Claims.PhoneNumberVerified] = await _userManager.IsPhoneNumberConfirmedAsync(user);
54 |         }
55 | 
56 |         if (User.HasScope(Scopes.Roles))
57 |         {
58 |             claims[Claims.Role] = await _userManager.GetRolesAsync(user);
59 |         }
60 | 
61 |         // Note: the complete list of standard claims supported by the OpenID Connect specification
62 |         // can be found here: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
63 | 
64 |         return Ok(claims);
65 |     }
66 | }
67 | 


--------------------------------------------------------------------------------
/IdentityProvider/Data/ApplicationDbContext.cs:
--------------------------------------------------------------------------------
 1 | using Fido2Identity;
 2 | using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 3 | using Microsoft.EntityFrameworkCore;
 4 | 
 5 | namespace OpeniddictServer.Data;
 6 | 
 7 | public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
 8 | {
 9 |     public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
10 |         : base(options)
11 |     {
12 |     }
13 | 
14 |     public DbSet<FidoStoredCredential> FidoStoredCredential => Set<FidoStoredCredential>();
15 | 
16 |     protected override void OnModelCreating(ModelBuilder builder)
17 |     {
18 |         builder.Entity<FidoStoredCredential>().HasKey(m => m.Id);
19 | 
20 |         base.OnModelCreating(builder);
21 |     }
22 | }


--------------------------------------------------------------------------------
/IdentityProvider/Data/ApplicationUser.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.AspNetCore.Identity;
2 | 
3 | namespace OpeniddictServer.Data;
4 | 
5 | // Add profile data for application users by adding properties to the ApplicationUser class
6 | public class ApplicationUser : IdentityUser { }
7 | 


--------------------------------------------------------------------------------
/IdentityProvider/Fido2/Fido2Store.cs:
--------------------------------------------------------------------------------
  1 | using Fido2NetLib;
  2 | using Microsoft.EntityFrameworkCore;
  3 | using OpeniddictServer.Data;
  4 | using System.Text;
  5 | 
  6 | namespace Fido2Identity;
  7 | 
  8 | public class Fido2Store
  9 | {
 10 |     private readonly ApplicationDbContext _applicationDbContext;
 11 | 
 12 |     public Fido2Store(ApplicationDbContext applicationDbContext)
 13 |     {
 14 |         _applicationDbContext = applicationDbContext;
 15 |     }
 16 | 
 17 |     public async Task<ICollection<FidoStoredCredential>> GetCredentialsByUserNameAsync(string username)
 18 |     {
 19 |         return await _applicationDbContext.FidoStoredCredential.Where(c => c.UserName == username).ToListAsync();
 20 |     }
 21 | 
 22 |     public async Task RemoveCredentialsByUserNameAsync(string username)
 23 |     {
 24 |         var items = await _applicationDbContext.FidoStoredCredential.Where(c => c.UserName == username).ToListAsync();
 25 |         if (items != null)
 26 |         {
 27 |             foreach (var fido2Key in items)
 28 |             {
 29 |                 _applicationDbContext.FidoStoredCredential.Remove(fido2Key);
 30 |             }
 31 |             ;
 32 | 
 33 |             await _applicationDbContext.SaveChangesAsync();
 34 |         }
 35 |     }
 36 | 
 37 |     public async Task<FidoStoredCredential?> GetCredentialByIdAsync(byte[] id)
 38 |     {
 39 |         var credentialIdString = Base64Url.Encode(id);
 40 |         //byte[] credentialIdStringByte = Base64Url.Decode(credentialIdString);
 41 | 
 42 |         var cred = await _applicationDbContext.FidoStoredCredential
 43 |             .Where(c => c.DescriptorJson != null && c.DescriptorJson.Contains(credentialIdString))
 44 |             .FirstOrDefaultAsync();
 45 | 
 46 |         return cred;
 47 |     }
 48 | 
 49 |     public Task<ICollection<FidoStoredCredential>> GetCredentialsByUserHandleAsync(byte[] userHandle)
 50 |     {
 51 |         return Task.FromResult<ICollection<FidoStoredCredential>>(
 52 |             _applicationDbContext
 53 |                 .FidoStoredCredential.Where(c => c.UserHandle != null && c.UserHandle.SequenceEqual(userHandle))
 54 |                 .ToList());
 55 |     }
 56 | 
 57 |     public async Task UpdateCounterAsync(byte[] credentialId, uint counter)
 58 |     {
 59 |         var credentialIdString = Base64Url.Encode(credentialId);
 60 |         //byte[] credentialIdStringByte = Base64Url.Decode(credentialIdString);
 61 | 
 62 |         var cred = await _applicationDbContext.FidoStoredCredential
 63 |             .Where(c => c.DescriptorJson != null && c.DescriptorJson.Contains(credentialIdString)).FirstOrDefaultAsync();
 64 | 
 65 |         if (cred != null)
 66 |         {
 67 |             cred.SignatureCounter = counter;
 68 |             await _applicationDbContext.SaveChangesAsync();
 69 |         }
 70 |     }
 71 | 
 72 |     public async Task AddCredentialToUserAsync(Fido2User user, FidoStoredCredential credential)
 73 |     {
 74 |         credential.UserId = user.Id;
 75 |         _applicationDbContext.FidoStoredCredential.Add(credential);
 76 |         await _applicationDbContext.SaveChangesAsync();
 77 |     }
 78 | 
 79 |     public async Task<ICollection<Fido2User>> GetUsersByCredentialIdAsync(byte[] credentialId)
 80 |     {
 81 |         var credentialIdString = Base64Url.Encode(credentialId);
 82 |         //byte[] credentialIdStringByte = Base64Url.Decode(credentialIdString);
 83 | 
 84 |         var cred = await _applicationDbContext.FidoStoredCredential
 85 |             .Where(c => c.DescriptorJson != null && c.DescriptorJson.Contains(credentialIdString)).FirstOrDefaultAsync();
 86 | 
 87 |         if (cred == null || cred.UserId == null)
 88 |         {
 89 |             return new List<Fido2User>();
 90 |         }
 91 | 
 92 |         return await _applicationDbContext.Users
 93 |                 .Where(u => Encoding.UTF8.GetBytes(u.UserName)
 94 |                 .SequenceEqual(cred.UserId))
 95 |                 .Select(u => new Fido2User
 96 |                 {
 97 |                     DisplayName = u.UserName,
 98 |                     Name = u.UserName,
 99 |                     Id = Encoding.UTF8.GetBytes(u.UserName) // byte representation of userID is required
100 |                 }).ToListAsync();
101 |     }
102 | }
103 | 
104 | public static class Fido2Extenstions
105 | {
106 |     public static IEnumerable<T> NotNull<T>(this IEnumerable<T?> enumerable) where T : class
107 |     {
108 |         return enumerable.Where(e => e != null).Select(e => e!);
109 |     }
110 | }


--------------------------------------------------------------------------------
/IdentityProvider/Fido2/Fido2UserTwoFactorTokenProvider.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.AspNetCore.Identity;
 2 | using OpeniddictServer.Data;
 3 | 
 4 | namespace Fido2Identity;
 5 | 
 6 | public class Fido2UserTwoFactorTokenProvider : IUserTwoFactorTokenProvider<ApplicationUser>
 7 | {
 8 |     public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<ApplicationUser> manager, ApplicationUser user)
 9 |     {
10 |         return Task.FromResult(true);
11 |     }
12 | 
13 |     public Task<string> GenerateAsync(string purpose, UserManager<ApplicationUser> manager, ApplicationUser user)
14 |     {
15 |         return Task.FromResult("fido2");
16 |     }
17 | 
18 |     public Task<bool> ValidateAsync(string purpose, string token, UserManager<ApplicationUser> manager, ApplicationUser user)
19 |     {
20 |         return Task.FromResult(true);
21 |     }
22 | }


--------------------------------------------------------------------------------
/IdentityProvider/Fido2/FidoStoredCredential.cs:
--------------------------------------------------------------------------------
 1 | using Fido2NetLib.Objects;
 2 | using System.ComponentModel.DataAnnotations.Schema;
 3 | using System.Text.Json;
 4 | 
 5 | namespace Fido2Identity;
 6 | 
 7 | /// <summary>
 8 | /// Represents a WebAuthn credential.
 9 | /// </summary>
10 | public class FidoStoredCredential
11 | {
12 |     /// <summary>
13 |     /// Gets or sets the primary key for this user.
14 |     /// </summary>
15 |     [DatabaseGenerated(DatabaseGeneratedOption.Identity)]
16 |     public virtual int Id { get; set; }
17 | 
18 |     /// <summary>
19 |     /// Gets or sets the user name for this user.
20 |     /// </summary>
21 |     public virtual string? UserName { get; set; }
22 | 
23 |     public virtual byte[]? UserId { get; set; }
24 | 
25 |     /// <summary>
26 |     /// Gets or sets the public key for this user.
27 |     /// </summary>
28 |     public virtual byte[]? PublicKey { get; set; }
29 | 
30 |     /// <summary>
31 |     /// Gets or sets the user handle for this user.
32 |     /// </summary>
33 |     public virtual byte[]? UserHandle { get; set; }
34 | 
35 |     public virtual uint SignatureCounter { get; set; }
36 | 
37 |     public virtual string? CredType { get; set; }
38 | 
39 |     /// <summary>
40 |     /// Gets or sets the registration date for this user.
41 |     /// </summary>
42 |     public virtual DateTime RegDate { get; set; }
43 | 
44 |     /// <summary>
45 |     /// Gets or sets the Authenticator Attestation GUID (AAGUID) for this user.
46 |     /// </summary>
47 |     /// <remarks>
48 |     /// An AAGUID is a 128-bit identifier indicating the type of the authenticator.
49 |     /// </remarks>
50 |     public virtual Guid AaGuid { get; set; }
51 | 
52 |     [NotMapped]
53 |     public PublicKeyCredentialDescriptor? Descriptor
54 |     {
55 |         get { return string.IsNullOrWhiteSpace(DescriptorJson) ? null : JsonSerializer.Deserialize<PublicKeyCredentialDescriptor>(DescriptorJson); }
56 |         set { DescriptorJson = JsonSerializer.Serialize(value); }
57 |     }
58 | 
59 |     public virtual string? DescriptorJson { get; set; }
60 | }
61 | 


--------------------------------------------------------------------------------
/IdentityProvider/Fido2/MfaFido2RegisterController.cs:
--------------------------------------------------------------------------------
  1 | using Fido2NetLib;
  2 | using Fido2NetLib.Objects;
  3 | using Microsoft.AspNetCore.Identity;
  4 | using Microsoft.AspNetCore.Mvc;
  5 | using Microsoft.Extensions.Options;
  6 | using OpeniddictServer.Data;
  7 | using System.Text;
  8 | using static Fido2NetLib.Fido2;
  9 | 
 10 | namespace Fido2Identity;
 11 | 
 12 | [Route("api/[controller]")]
 13 | public class MfaFido2RegisterController : Controller
 14 | {
 15 |     private readonly Fido2 _lib;
 16 |     public static IMetadataService? _mds;
 17 |     private readonly Fido2Store _fido2Store;
 18 |     private readonly UserManager<ApplicationUser> _userManager;
 19 |     private readonly IOptions<Fido2Configuration> _optionsFido2Configuration;
 20 | 
 21 |     public MfaFido2RegisterController(
 22 |         Fido2Store fido2Store,
 23 |         UserManager<ApplicationUser> userManager,
 24 |         IOptions<Fido2Configuration> optionsFido2Configuration)
 25 |     {
 26 |         _userManager = userManager;
 27 |         _optionsFido2Configuration = optionsFido2Configuration;
 28 |         _fido2Store = fido2Store;
 29 | 
 30 |         _lib = new Fido2(new Fido2Configuration()
 31 |         {
 32 |             ServerDomain = _optionsFido2Configuration.Value.ServerDomain,
 33 |             ServerName = _optionsFido2Configuration.Value.ServerName,
 34 |             Origins = _optionsFido2Configuration.Value.Origins,
 35 |             TimestampDriftTolerance = _optionsFido2Configuration.Value.TimestampDriftTolerance
 36 |         });
 37 |     }
 38 | 
 39 |     private static string FormatException(Exception e)
 40 |     {
 41 |         return string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "");
 42 |     }
 43 | 
 44 |     [HttpPost]
 45 |     [ValidateAntiForgeryToken]
 46 |     [Route("/mfamakeCredentialOptions")]
 47 |     public async Task<JsonResult> MakeCredentialOptions([FromForm] string username, [FromForm] string displayName, [FromForm] string attType, [FromForm] string authType, [FromForm] bool requireResidentKey, [FromForm] string userVerification)
 48 |     {
 49 |         try
 50 |         {
 51 |             if (string.IsNullOrEmpty(username))
 52 |             {
 53 |                 username = $"{displayName} (Usernameless user created at {DateTime.UtcNow})";
 54 |             }
 55 | 
 56 |             var ApplicationUser = await _userManager.FindByEmailAsync(username);
 57 |             var user = new Fido2User
 58 |             {
 59 |                 DisplayName = ApplicationUser.UserName,
 60 |                 Name = ApplicationUser.UserName,
 61 |                 Id = Encoding.UTF8.GetBytes(ApplicationUser.UserName) // byte representation of userID is required
 62 |             };
 63 | 
 64 |             // 2. Get user existing keys by username
 65 |             var items = await _fido2Store.GetCredentialsByUserNameAsync(ApplicationUser.UserName);
 66 |             var existingKeys = new List<PublicKeyCredentialDescriptor>();
 67 |             foreach (var publicKeyCredentialDescriptor in items)
 68 |             {
 69 |                 if (publicKeyCredentialDescriptor.Descriptor != null)
 70 |                     existingKeys.Add(publicKeyCredentialDescriptor.Descriptor);
 71 |             }
 72 | 
 73 |             // 3. Create options
 74 |             var authenticatorSelection = new AuthenticatorSelection
 75 |             {
 76 |                 RequireResidentKey = requireResidentKey,
 77 |                 UserVerification = userVerification.ToEnum<UserVerificationRequirement>()
 78 |             };
 79 | 
 80 |             if (!string.IsNullOrEmpty(authType))
 81 |                 authenticatorSelection.AuthenticatorAttachment = authType.ToEnum<AuthenticatorAttachment>();
 82 | 
 83 |             var exts = new AuthenticationExtensionsClientInputs
 84 |             {
 85 |                 Extensions = true,
 86 |                 UserVerificationMethod = true,
 87 |             };
 88 | 
 89 |             var options = _lib.RequestNewCredential(
 90 |                 user, existingKeys,
 91 |                 authenticatorSelection, attType.ToEnum<AttestationConveyancePreference>(), exts);
 92 | 
 93 |             // 4. Temporarily store options, session/in-memory cache/redis/db
 94 |             HttpContext.Session.SetString("fido2.attestationOptions", options.ToJson());
 95 | 
 96 |             // 5. return options to client
 97 |             return Json(options);
 98 |         }
 99 |         catch (Exception e)
100 |         {
101 |             return Json(new CredentialCreateOptions { Status = "error", ErrorMessage = FormatException(e) });
102 |         }
103 |     }
104 | 
105 |     [HttpPost]
106 |     [ValidateAntiForgeryToken]
107 |     [Route("/mfamakeCredential")]
108 |     public async Task<JsonResult> MakeCredential([FromBody] AuthenticatorAttestationRawResponse attestationResponse)
109 |     {
110 |         try
111 |         {
112 |             // 1. get the options we sent the client
113 |             var jsonOptions = HttpContext.Session.GetString("fido2.attestationOptions");
114 |             var options = CredentialCreateOptions.FromJson(jsonOptions);
115 | 
116 |             // 2. Create callback so that lib can verify credential id is unique to this user
117 |             async Task<bool> callback(IsCredentialIdUniqueToUserParams args, CancellationToken cancellationToken)
118 |             {
119 |                 var users = await _fido2Store.GetUsersByCredentialIdAsync(args.CredentialId);
120 |                 if (users.Count > 0) return false;
121 | 
122 |                 return true;
123 |             }
124 | 
125 |             // 2. Verify and make the credentials
126 |             var success = await _lib.MakeNewCredentialAsync(attestationResponse, options, callback);
127 | 
128 |             if (success.Result != null)
129 |             {
130 |                 // 3. Store the credentials in db
131 |                 await _fido2Store.AddCredentialToUserAsync(options.User, new FidoStoredCredential
132 |                 {
133 |                     UserName = options.User.Name,
134 |                     Descriptor = new PublicKeyCredentialDescriptor(success.Result.CredentialId),
135 |                     PublicKey = success.Result.PublicKey,
136 |                     UserHandle = success.Result.User.Id,
137 |                     SignatureCounter = success.Result.Counter,
138 |                     CredType = success.Result.CredType,
139 |                     RegDate = DateTime.Now,
140 |                     AaGuid = success.Result.Aaguid
141 |                 });
142 |             }
143 | 
144 |             // 4. return "ok" to the client
145 | 
146 |             var user = await _userManager.GetUserAsync(User);
147 |             if (user == null)
148 |             {
149 |                 return Json(new CredentialMakeResult("error",
150 |                         $"Unable to load user with ID '{_userManager.GetUserId(User)}'.",
151 |                         success.Result));
152 |             }
153 | 
154 |             await _userManager.SetTwoFactorEnabledAsync(user, true);
155 |             var userId = await _userManager.GetUserIdAsync(user);
156 | 
157 |             return Json(success);
158 |         }
159 |         catch (Exception e)
160 |         {
161 |             return Json(new CredentialMakeResult("error", FormatException(e), null));
162 |         }
163 |     }
164 | }


--------------------------------------------------------------------------------
/IdentityProvider/Fido2/MfaFido2SignInFidoController.cs:
--------------------------------------------------------------------------------
  1 | using Fido2NetLib;
  2 | using Fido2NetLib.Objects;
  3 | using Microsoft.AspNetCore.Identity;
  4 | using Microsoft.AspNetCore.Mvc;
  5 | using Microsoft.Extensions.Options;
  6 | using OpeniddictServer.Data;
  7 | using System.Text;
  8 | 
  9 | namespace Fido2Identity;
 10 | 
 11 | [Route("api/[controller]")]
 12 | public class MfaFido2SignInFidoController : Controller
 13 | {
 14 |     private readonly Fido2 _lib;
 15 |     private readonly Fido2Store _fido2Store;
 16 |     private readonly SignInManager<ApplicationUser> _signInManager;
 17 |     private readonly IOptions<Fido2Configuration> _optionsFido2Configuration;
 18 | 
 19 |     public MfaFido2SignInFidoController(
 20 |         Fido2Store fido2Store,
 21 |         SignInManager<ApplicationUser> signInManager,
 22 |         IOptions<Fido2Configuration> optionsFido2Configuration)
 23 |     {
 24 |         _optionsFido2Configuration = optionsFido2Configuration;
 25 |         _signInManager = signInManager;
 26 |         _fido2Store = fido2Store;
 27 | 
 28 |         _lib = new Fido2(new Fido2Configuration()
 29 |         {
 30 |             ServerDomain = _optionsFido2Configuration.Value.ServerDomain,
 31 |             ServerName = _optionsFido2Configuration.Value.ServerName,
 32 |             Origins = _optionsFido2Configuration.Value.Origins,
 33 |             TimestampDriftTolerance = _optionsFido2Configuration.Value.TimestampDriftTolerance
 34 |         });
 35 |     }
 36 | 
 37 |     private static string FormatException(Exception e)
 38 |     {
 39 |         return string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "");
 40 |     }
 41 | 
 42 |     [HttpPost]
 43 |     [ValidateAntiForgeryToken]
 44 |     [Route("/mfaassertionOptions")]
 45 |     public async Task<ActionResult> AssertionOptionsPost([FromForm] string username, [FromForm] string userVerification)
 46 |     {
 47 |         try
 48 |         {
 49 |             var ApplicationUser = await _signInManager.GetTwoFactorAuthenticationUserAsync();
 50 |             if (ApplicationUser == null)
 51 |             {
 52 |                 throw new InvalidOperationException($"Unable to load two-factor authentication user.");
 53 |             }
 54 | 
 55 |             var existingCredentials = new List<PublicKeyCredentialDescriptor>();
 56 | 
 57 |             if (!string.IsNullOrEmpty(ApplicationUser.UserName))
 58 |             {
 59 | 
 60 |                 var user = new Fido2User
 61 |                 {
 62 |                     DisplayName = ApplicationUser.UserName,
 63 |                     Name = ApplicationUser.UserName,
 64 |                     Id = Encoding.UTF8.GetBytes(ApplicationUser.UserName) // byte representation of userID is required
 65 |                 };
 66 | 
 67 |                 if (user == null) throw new ArgumentException("Username was not registered");
 68 | 
 69 |                 // 2. Get registered credentials from database
 70 |                 var items = await _fido2Store.GetCredentialsByUserNameAsync(ApplicationUser.UserName);
 71 |                 existingCredentials = items.Select(c => c.Descriptor).NotNull().ToList();
 72 |             }
 73 | 
 74 |             var exts = new AuthenticationExtensionsClientInputs
 75 |             {
 76 |                 UserVerificationMethod = true,
 77 |             };
 78 |             // 3. Create options
 79 |             var uv = string.IsNullOrEmpty(userVerification) ? UserVerificationRequirement.Discouraged : userVerification.ToEnum<UserVerificationRequirement>();
 80 |             var options = _lib.GetAssertionOptions(
 81 |                 existingCredentials,
 82 |                 uv,
 83 |                 exts
 84 |             );
 85 | 
 86 |             // 4. Temporarily store options, session/in-memory cache/redis/db
 87 |             HttpContext.Session.SetString("fido2.assertionOptions", options.ToJson());
 88 | 
 89 |             // 5. Return options to client
 90 |             return Json(options);
 91 |         }
 92 | 
 93 |         catch (Exception e)
 94 |         {
 95 |             return Json(new AssertionOptions { Status = "error", ErrorMessage = FormatException(e) });
 96 |         }
 97 |     }
 98 | 
 99 |     [HttpPost]
100 |     [ValidateAntiForgeryToken]
101 |     [Route("/mfamakeAssertion")]
102 |     public async Task<JsonResult> MakeAssertion([FromBody] AuthenticatorAssertionRawResponse clientResponse)
103 |     {
104 |         try
105 |         {
106 |             // 1. Get the assertion options we sent the client
107 |             var jsonOptions = HttpContext.Session.GetString("fido2.assertionOptions");
108 |             var options = AssertionOptions.FromJson(jsonOptions);
109 | 
110 |             // 2. Get registered credential from database
111 |             var creds = await _fido2Store.GetCredentialByIdAsync(clientResponse.Id);
112 | 
113 |             if (creds == null)
114 |             {
115 |                 throw new Exception("Unknown credentials");
116 |             }
117 | 
118 |             // 3. Get credential counter from database
119 |             var storedCounter = creds.SignatureCounter;
120 | 
121 |             // 4. Create callback to check if userhandle owns the credentialId
122 |             IsUserHandleOwnerOfCredentialIdAsync callback = async (args, cancellationToken) =>
123 |             {
124 |                 var storedCreds = await _fido2Store.GetCredentialsByUserHandleAsync(args.UserHandle);
125 |                 return storedCreds.Any(c => c.Descriptor != null && c.Descriptor.Id.SequenceEqual(args.CredentialId));
126 |             };
127 | 
128 |             if (creds.PublicKey == null)
129 |             {
130 |                 throw new InvalidOperationException($"No public key");
131 |             }
132 | 
133 |             // 5. Make the assertion
134 |             var res = await _lib.MakeAssertionAsync(
135 |                 clientResponse, options, creds.PublicKey, storedCounter, callback);
136 | 
137 |             // 6. Store the updated counter
138 |             await _fido2Store.UpdateCounterAsync(res.CredentialId, res.Counter);
139 | 
140 |             // complete sign-in
141 |             var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
142 |             if (user == null)
143 |             {
144 |                 throw new InvalidOperationException($"Unable to load two-factor authentication user.");
145 |             }
146 | 
147 |             var result = await _signInManager.TwoFactorSignInAsync("FIDO2", string.Empty, false, false);
148 | 
149 |             // 7. return OK to client
150 |             return Json(res);
151 |         }
152 |         catch (Exception e)
153 |         {
154 |             return Json(new AssertionVerificationResult { Status = "error", ErrorMessage = FormatException(e) });
155 |         }
156 |     }
157 | }
158 | 


--------------------------------------------------------------------------------
/IdentityProvider/Fido2/PwFido2RegisterController.cs:
--------------------------------------------------------------------------------
  1 | using Fido2NetLib;
  2 | using Fido2NetLib.Objects;
  3 | using Microsoft.AspNetCore.Identity;
  4 | using Microsoft.AspNetCore.Mvc;
  5 | using Microsoft.Extensions.Options;
  6 | using OpeniddictServer.Data;
  7 | using System.Text;
  8 | using static Fido2NetLib.Fido2;
  9 | 
 10 | namespace Fido2Identity;
 11 | 
 12 | [Route("api/[controller]")]
 13 | public class PwFido2RegisterController : Controller
 14 | {
 15 |     private readonly Fido2 _lib;
 16 |     private readonly Fido2Store _fido2Store;
 17 |     private readonly UserManager<ApplicationUser> _userManager;
 18 |     private readonly IOptions<Fido2Configuration> _optionsFido2Configuration;
 19 | 
 20 | 
 21 |     public PwFido2RegisterController(
 22 |         Fido2Store fido2Store,
 23 |         UserManager<ApplicationUser> userManager,
 24 |         IOptions<Fido2Configuration> optionsFido2Configuration)
 25 |     {
 26 |         _userManager = userManager;
 27 |         _optionsFido2Configuration = optionsFido2Configuration;
 28 |         _fido2Store = fido2Store;
 29 | 
 30 |         _lib = new Fido2(new Fido2Configuration()
 31 |         {
 32 |             ServerDomain = _optionsFido2Configuration.Value.ServerDomain,
 33 |             ServerName = _optionsFido2Configuration.Value.ServerName,
 34 |             Origins = _optionsFido2Configuration.Value.Origins,
 35 |             TimestampDriftTolerance = _optionsFido2Configuration.Value.TimestampDriftTolerance
 36 |         });
 37 |     }
 38 | 
 39 |     private static string FormatException(Exception e)
 40 |     {
 41 |         return string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "");
 42 |     }
 43 | 
 44 |     [HttpPost]
 45 |     [ValidateAntiForgeryToken]
 46 |     [Route("/pwmakeCredentialOptions")]
 47 |     public async Task<JsonResult> MakeCredentialOptions([FromForm] string username, [FromForm] string displayName, [FromForm] string attType, [FromForm] string authType, [FromForm] bool requireResidentKey, [FromForm] string userVerification)
 48 |     {
 49 |         try
 50 |         {
 51 |             if (string.IsNullOrEmpty(username))
 52 |             {
 53 |                 username = $"{displayName} (Usernameless user created at {DateTime.UtcNow})";
 54 |             }
 55 | 
 56 |             var user = new Fido2User
 57 |             {
 58 |                 DisplayName = displayName,
 59 |                 Name = username,
 60 |                 Id = Encoding.UTF8.GetBytes(username) // byte representation of userID is required
 61 |             };
 62 | 
 63 |             // 2. Get user existing keys by username
 64 |             var items = await _fido2Store.GetCredentialsByUserNameAsync(username);
 65 |             var existingKeys = new List<PublicKeyCredentialDescriptor>();
 66 |             foreach (var publicKeyCredentialDescriptor in items)
 67 |             {
 68 |                 if (publicKeyCredentialDescriptor.Descriptor != null)
 69 |                     existingKeys.Add(publicKeyCredentialDescriptor.Descriptor);
 70 |             }
 71 | 
 72 |             // 3. Create options
 73 |             var authenticatorSelection = new AuthenticatorSelection
 74 |             {
 75 |                 RequireResidentKey = requireResidentKey,
 76 |                 UserVerification = userVerification.ToEnum<UserVerificationRequirement>()
 77 |             };
 78 | 
 79 |             if (!string.IsNullOrEmpty(authType))
 80 |                 authenticatorSelection.AuthenticatorAttachment = authType.ToEnum<AuthenticatorAttachment>();
 81 | 
 82 |             var exts = new AuthenticationExtensionsClientInputs
 83 |             {
 84 |                 Extensions = true,
 85 |                 UserVerificationMethod = true,
 86 |             };
 87 | 
 88 |             var options = _lib.RequestNewCredential(user, existingKeys, authenticatorSelection, attType.ToEnum<AttestationConveyancePreference>(), exts);
 89 | 
 90 |             // 4. Temporarily store options, session/in-memory cache/redis/db
 91 |             HttpContext.Session.SetString("fido2.attestationOptions", options.ToJson());
 92 | 
 93 |             // 5. return options to client
 94 |             return Json(options);
 95 |         }
 96 |         catch (Exception e)
 97 |         {
 98 |             return Json(new CredentialCreateOptions { Status = "error", ErrorMessage = FormatException(e) });
 99 |         }
100 |     }
101 | 
102 |     [HttpPost]
103 |     [ValidateAntiForgeryToken]
104 |     [Route("/pwmakeCredential")]
105 |     public async Task<JsonResult> MakeCredential([FromBody] AuthenticatorAttestationRawResponse attestationResponse)
106 |     {
107 |         try
108 |         {
109 |             // 1. get the options we sent the client
110 |             var jsonOptions = HttpContext.Session.GetString("fido2.attestationOptions");
111 |             var options = CredentialCreateOptions.FromJson(jsonOptions);
112 | 
113 |             // 2. Create callback so that lib can verify credential id is unique to this user
114 |             IsCredentialIdUniqueToUserAsyncDelegate callback = async (args, cancellationToken) =>
115 |             {
116 |                 var users = await _fido2Store.GetUsersByCredentialIdAsync(args.CredentialId);
117 |                 if (users.Count > 0) return false;
118 | 
119 |                 return true;
120 |             };
121 | 
122 |             // 2. Verify and make the credentials
123 |             var success = await _lib.MakeNewCredentialAsync(attestationResponse, options, callback);
124 | 
125 |             if (success.Result != null)
126 |             {
127 |                 // 3. Store the credentials in db
128 |                 await _fido2Store.AddCredentialToUserAsync(options.User, new FidoStoredCredential
129 |                 {
130 |                     UserName = options.User.Name,
131 |                     Descriptor = new PublicKeyCredentialDescriptor(success.Result.CredentialId),
132 |                     PublicKey = success.Result.PublicKey,
133 |                     UserHandle = success.Result.User.Id,
134 |                     SignatureCounter = success.Result.Counter,
135 |                     CredType = success.Result.CredType,
136 |                     RegDate = DateTime.Now,
137 |                     AaGuid = success.Result.Aaguid
138 |                 });
139 |             }
140 | 
141 |             // 4. return "ok" to the client
142 | 
143 |             var user = await CreateUser(options.User.Name);
144 |             // await _userManager.GetUserAsync(User);
145 | 
146 |             if (user == null)
147 |             {
148 |                 return Json(new CredentialMakeResult("error",
149 |                     $"Unable to load user with ID '{_userManager.GetUserId(User)}'.",
150 |                     success.Result));
151 |             }
152 | 
153 |             //await _userManager.SetTwoFactorEnabledAsync(user, true);
154 |             //var userId = await _userManager.FindByNameAsync(user);
155 | 
156 |             return Json(success);
157 |         }
158 |         catch (Exception e)
159 |         {
160 |             return Json(new CredentialMakeResult("error", FormatException(e), null));
161 |         }
162 |     }
163 | 
164 |     private async Task<ApplicationUser> CreateUser(string userEmail)
165 |     {
166 |         var user = new ApplicationUser { UserName = userEmail, Email = userEmail, EmailConfirmed = true };
167 |         var result = await _userManager.CreateAsync(user);
168 |         if (result.Succeeded)
169 |         {
170 |             //await _signInManager.SignInAsync(user, isPersistent: false);
171 |         }
172 | 
173 |         return user;
174 |     }
175 | }


--------------------------------------------------------------------------------
/IdentityProvider/Fido2/PwFido2SignInController.cs:
--------------------------------------------------------------------------------
  1 | using Fido2NetLib;
  2 | using Fido2NetLib.Objects;
  3 | using Microsoft.AspNetCore.Identity;
  4 | using Microsoft.AspNetCore.Mvc;
  5 | using Microsoft.Extensions.Options;
  6 | using OpeniddictServer.Data;
  7 | using System.Text;
  8 | 
  9 | namespace Fido2Identity;
 10 | 
 11 | [Route("api/[controller]")]
 12 | public class PwFido2SignInController : Controller
 13 | {
 14 |     private readonly Fido2 _lib;
 15 |     private readonly Fido2Store _fido2Store;
 16 |     private readonly UserManager<ApplicationUser> _userManager;
 17 |     private readonly SignInManager<ApplicationUser> _signInManager;
 18 |     private readonly IOptions<Fido2Configuration> _optionsFido2Configuration;
 19 | 
 20 |     public PwFido2SignInController(
 21 |         Fido2Store fido2Store,
 22 |         UserManager<ApplicationUser> userManager,
 23 |         SignInManager<ApplicationUser> signInManager,
 24 |         IOptions<Fido2Configuration> optionsFido2Configuration)
 25 |     {
 26 |         _userManager = userManager;
 27 |         _optionsFido2Configuration = optionsFido2Configuration;
 28 |         _signInManager = signInManager;
 29 |         _userManager = userManager;
 30 |         _fido2Store = fido2Store;
 31 | 
 32 |         _lib = new Fido2(new Fido2Configuration()
 33 |         {
 34 |             ServerDomain = _optionsFido2Configuration.Value.ServerDomain,
 35 |             ServerName = _optionsFido2Configuration.Value.ServerName,
 36 |             Origins = _optionsFido2Configuration.Value.Origins,
 37 |             TimestampDriftTolerance = _optionsFido2Configuration.Value.TimestampDriftTolerance
 38 |         });
 39 |     }
 40 | 
 41 |     private static string FormatException(Exception e)
 42 |     {
 43 |         return string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "");
 44 |     }
 45 | 
 46 |     [HttpPost]
 47 |     [ValidateAntiForgeryToken]
 48 |     [Route("/pwassertionOptions")]
 49 |     public async Task<ActionResult> AssertionOptionsPost([FromForm] string username, [FromForm] string userVerification)
 50 |     {
 51 |         try
 52 |         {
 53 | 
 54 |             var existingCredentials = new List<PublicKeyCredentialDescriptor>();
 55 | 
 56 |             if (!string.IsNullOrEmpty(username))
 57 |             {
 58 |                 var ApplicationUser = await _userManager.FindByNameAsync(username);
 59 |                 var user = new Fido2User
 60 |                 {
 61 |                     DisplayName = ApplicationUser.UserName,
 62 |                     Name = ApplicationUser.UserName,
 63 |                     Id = Encoding.UTF8.GetBytes(ApplicationUser.UserName) // byte representation of userID is required
 64 |                 };
 65 | 
 66 |                 if (user == null) throw new ArgumentException("Username was not registered");
 67 | 
 68 |                 // 2. Get registered credentials from database
 69 |                 var items = await _fido2Store.GetCredentialsByUserNameAsync(ApplicationUser.UserName);
 70 |                 existingCredentials = items.Select(c => c.Descriptor).NotNull().ToList();
 71 |             }
 72 | 
 73 |             var exts = new AuthenticationExtensionsClientInputs
 74 |             {
 75 |                 UserVerificationMethod = true,
 76 |             };
 77 | 
 78 |             // 3. Create options
 79 |             var uv = string.IsNullOrEmpty(userVerification) ? UserVerificationRequirement.Discouraged : userVerification.ToEnum<UserVerificationRequirement>();
 80 |             var options = _lib.GetAssertionOptions(
 81 |                 existingCredentials,
 82 |                 uv,
 83 |                 exts
 84 |             );
 85 | 
 86 |             // 4. Temporarily store options, session/in-memory cache/redis/db
 87 |             HttpContext.Session.SetString("fido2.assertionOptions", options.ToJson());
 88 | 
 89 |             // 5. Return options to client
 90 |             return Json(options);
 91 |         }
 92 | 
 93 |         catch (Exception e)
 94 |         {
 95 |             return Json(new AssertionOptions { Status = "error", ErrorMessage = FormatException(e) });
 96 |         }
 97 |     }
 98 | 
 99 |     [HttpPost]
100 |     [ValidateAntiForgeryToken]
101 |     [Route("/pwmakeAssertion")]
102 |     public async Task<JsonResult> MakeAssertion([FromBody] AuthenticatorAssertionRawResponse clientResponse)
103 |     {
104 |         try
105 |         {
106 |             // 1. Get the assertion options we sent the client
107 |             var jsonOptions = HttpContext.Session.GetString("fido2.assertionOptions");
108 |             var options = AssertionOptions.FromJson(jsonOptions);
109 | 
110 |             // 2. Get registered credential from database
111 |             var creds = await _fido2Store.GetCredentialByIdAsync(clientResponse.Id);
112 | 
113 |             if (creds == null)
114 |             {
115 |                 throw new Exception("Unknown credentials");
116 |             }
117 | 
118 |             // 3. Get credential counter from database
119 |             var storedCounter = creds.SignatureCounter;
120 | 
121 |             // 4. Create callback to check if userhandle owns the credentialId
122 |             IsUserHandleOwnerOfCredentialIdAsync callback = async (args, cancellationToken) =>
123 |             {
124 |                 var storedCreds = await _fido2Store.GetCredentialsByUserHandleAsync(args.UserHandle);
125 |                 return storedCreds.Any(c => c.Descriptor != null && c.Descriptor.Id.SequenceEqual(args.CredentialId));
126 |             };
127 | 
128 |             if (creds.PublicKey == null)
129 |             {
130 |                 throw new InvalidOperationException($"No public key");
131 |             }
132 | 
133 |             // 5. Make the assertion
134 |             var res = await _lib.MakeAssertionAsync(
135 |                 clientResponse, options, creds.PublicKey, storedCounter, callback);
136 | 
137 |             // 6. Store the updated counter
138 |             await _fido2Store.UpdateCounterAsync(res.CredentialId, res.Counter);
139 | 
140 |             var ApplicationUser = await _userManager.FindByNameAsync(creds.UserName);
141 |             if (ApplicationUser == null)
142 |             {
143 |                 throw new InvalidOperationException($"Unable to load user.");
144 |             }
145 | 
146 |             await _signInManager.SignInAsync(ApplicationUser, isPersistent: false);
147 | 
148 |             // 7. return OK to client
149 |             return Json(res);
150 |         }
151 |         catch (Exception e)
152 |         {
153 |             return Json(new AssertionVerificationResult { Status = "error", ErrorMessage = FormatException(e) });
154 |         }
155 |     }
156 | }
157 | 


--------------------------------------------------------------------------------
/IdentityProvider/Helpers/AsyncEnumerableExtensions.cs:
--------------------------------------------------------------------------------
 1 | namespace OpeniddictServer.Helpers;
 2 | 
 3 | public static class AsyncEnumerableExtensions
 4 | {
 5 |     public static Task<List<T>> ToListAsync<T>(this IAsyncEnumerable<T> source)
 6 |     {
 7 |         if (source == null)
 8 |         {
 9 |             throw new ArgumentNullException(nameof(source));
10 |         }
11 | 
12 |         return ExecuteAsync();
13 | 
14 |         async Task<List<T>> ExecuteAsync()
15 |         {
16 |             var list = new List<T>();
17 | 
18 |             await foreach (var element in source)
19 |             {
20 |                 list.Add(element);
21 |             }
22 | 
23 |             return list;
24 |         }
25 |     }
26 | }
27 | 


--------------------------------------------------------------------------------
/IdentityProvider/Helpers/FormValueRequiredAttribute.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.AspNetCore.Mvc.Abstractions;
 2 | using Microsoft.AspNetCore.Mvc.ActionConstraints;
 3 | 
 4 | namespace OpeniddictServer.Helpers;
 5 | 
 6 | public sealed class FormValueRequiredAttribute : ActionMethodSelectorAttribute
 7 | {
 8 |     private readonly string _name;
 9 | 
10 |     public FormValueRequiredAttribute(string name)
11 |     {
12 |         _name = name;
13 |     }
14 | 
15 |     public override bool IsValidForRequest(RouteContext context, ActionDescriptor action)
16 |     {
17 |         if (string.Equals(context.HttpContext.Request.Method, "GET", StringComparison.OrdinalIgnoreCase) ||
18 |             string.Equals(context.HttpContext.Request.Method, "HEAD", StringComparison.OrdinalIgnoreCase) ||
19 |             string.Equals(context.HttpContext.Request.Method, "DELETE", StringComparison.OrdinalIgnoreCase) ||
20 |             string.Equals(context.HttpContext.Request.Method, "TRACE", StringComparison.OrdinalIgnoreCase))
21 |         {
22 |             return false;
23 |         }
24 | 
25 |         if (string.IsNullOrEmpty(context.HttpContext.Request.ContentType))
26 |         {
27 |             return false;
28 |         }
29 | 
30 |         if (!context.HttpContext.Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase))
31 |         {
32 |             return false;
33 |         }
34 | 
35 |         return !string.IsNullOrEmpty(context.HttpContext.Request.Form[_name]);
36 |     }
37 | }
38 | 


--------------------------------------------------------------------------------
/IdentityProvider/IdentityProvider.csproj:
--------------------------------------------------------------------------------
 1 | <Project Sdk="Microsoft.NET.Sdk.Web">
 2 | 
 3 |   <PropertyGroup>
 4 |     <TargetFramework>net9.0</TargetFramework>
 5 |     <CopyRefAssembliesToPublishDirectory>false</CopyRefAssembliesToPublishDirectory>
 6 |     <UserSecretsId>728e892b-c8e1-40df-a44c-805a4a138e98</UserSecretsId>
 7 |     <ImplicitUsings>enable</ImplicitUsings>
 8 |     <!--<Nullable>enable</Nullable>-->
 9 |   </PropertyGroup>
10 | 
11 |   <ItemGroup>
12 |     <PackageReference Include="Fido2" Version="3.0.1" />
13 |     <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="9.0.4" />
14 |     <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="9.0.4" />
15 |     <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="9.0.4" />
16 |     <PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="9.0.4" />
17 |     <PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="9.0.4" />
18 |     <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.4" />
19 |     <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" PrivateAssets="All" Version="9.0.4" />
20 |     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="9.0.0" />
21 |     <PackageReference Include="NuGet.Protocol" Version="6.13.2" />
22 |     <PackageReference Include="OpenIddict.AspNetCore" Version="6.2.1" />
23 |     <PackageReference Include="OpenIddict.EntityFrameworkCore" Version="6.2.1" />
24 |     <PackageReference Include="OpenIddict.Quartz" Version="6.2.1" />
25 |     <PackageReference Include="Quartz.Extensions.Hosting" Version="3.14.0" />
26 |     <PackageReference Include="Serilog.AspNetCore" Version="9.0.0" />
27 |     <PackageReference Include="Swashbuckle.AspNetCore" Version="8.1.1" />
28 |   </ItemGroup>
29 | 
30 | </Project>
31 | 


--------------------------------------------------------------------------------
/IdentityProvider/Migrations/20231230171959_init_sts.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.EntityFrameworkCore.Migrations;
 2 | 
 3 | #nullable disable
 4 | 
 5 | namespace IdentityProvider.Migrations
 6 | {
 7 |     /// <inheritdoc />
 8 |     public partial class init_sts : Migration
 9 |     {
10 |         /// <inheritdoc />
11 |         protected override void Up(MigrationBuilder migrationBuilder)
12 |         {
13 |             migrationBuilder.RenameColumn(
14 |                 name: "Type",
15 |                 table: "OpenIddictApplications",
16 |                 newName: "ClientType");
17 | 
18 |             migrationBuilder.AddColumn<string>(
19 |                 name: "ApplicationType",
20 |                 table: "OpenIddictApplications",
21 |                 type: "TEXT",
22 |                 maxLength: 50,
23 |                 nullable: true);
24 | 
25 |             migrationBuilder.AddColumn<string>(
26 |                 name: "JsonWebKeySet",
27 |                 table: "OpenIddictApplications",
28 |                 type: "TEXT",
29 |                 nullable: true);
30 | 
31 |             migrationBuilder.AddColumn<string>(
32 |                 name: "Settings",
33 |                 table: "OpenIddictApplications",
34 |                 type: "TEXT",
35 |                 nullable: true);
36 |         }
37 | 
38 |         /// <inheritdoc />
39 |         protected override void Down(MigrationBuilder migrationBuilder)
40 |         {
41 |             migrationBuilder.DropColumn(
42 |                 name: "ApplicationType",
43 |                 table: "OpenIddictApplications");
44 | 
45 |             migrationBuilder.DropColumn(
46 |                 name: "JsonWebKeySet",
47 |                 table: "OpenIddictApplications");
48 | 
49 |             migrationBuilder.DropColumn(
50 |                 name: "Settings",
51 |                 table: "OpenIddictApplications");
52 | 
53 |             migrationBuilder.RenameColumn(
54 |                 name: "ClientType",
55 |                 table: "OpenIddictApplications",
56 |                 newName: "Type");
57 |         }
58 |     }
59 | }
60 | 


--------------------------------------------------------------------------------
/IdentityProvider/Program.cs:
--------------------------------------------------------------------------------
 1 | using OpeniddictServer;
 2 | using Serilog;
 3 | 
 4 | Log.Logger = new LoggerConfiguration()
 5 |     .WriteTo.Console()
 6 |     .CreateBootstrapLogger();
 7 | 
 8 | Log.Information("Starting up OpeniddictServer");
 9 | 
10 | try
11 | {
12 |     var builder = WebApplication.CreateBuilder(args);
13 | 
14 |     builder.Host.UseSerilog((context, loggerConfiguration) => loggerConfiguration
15 |         .WriteTo.Console(outputTemplate: "[{Timestamp:HH:mm:ss} {Level}] {SourceContext}{NewLine}{Message:lj}{NewLine}{Exception}{NewLine}")
16 |         .WriteTo.File("../_logs-IdentityProvider.txt")
17 |         .Enrich.FromLogContext()
18 |         .ReadFrom.Configuration(context.Configuration));
19 | 
20 |     var app = builder
21 |         .ConfigureServices()
22 |         .ConfigurePipeline();
23 | 
24 |     app.Run();
25 | }
26 | catch (Exception ex) when (ex.GetType().Name is not "StopTheHostException" && ex.GetType().Name is not "HostAbortedException")
27 | {
28 |     Log.Fatal(ex, "Unhandled exception");
29 | }
30 | finally
31 | {
32 |     Log.Information("Shut down complete");
33 |     Log.CloseAndFlush();
34 | }


--------------------------------------------------------------------------------
/IdentityProvider/Properties/launchSettings.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "iisSettings": {
 3 |     "windowsAuthentication": false,
 4 |     "anonymousAuthentication": true,
 5 |     "iisExpress": {
 6 |       "applicationUrl": "https://localhost:44318/",
 7 |       "sslPort": 44318
 8 |     }
 9 |   },
10 |   "profiles": {
11 |     "IIS Express": {
12 |       "commandName": "IISExpress",
13 |       "launchBrowser": true,
14 |       "environmentVariables": {
15 |         "ASPNETCORE_ENVIRONMENT": "Development",
16 |         "ASPNETCORE_HOSTINGSTARTUPASSEMBLIES": "Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation"
17 |       }
18 |     },
19 |     "OpeniddictServer": {
20 |       "commandName": "Project",
21 |       "launchBrowser": true,
22 |       "environmentVariables": {
23 |         "ASPNETCORE_ENVIRONMENT": "Development",
24 |         "ASPNETCORE_HOSTINGSTARTUPASSEMBLIES": "Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation"
25 |       },
26 |       "dotnetRunMessages": "true",
27 |       "applicationUrl": "https://localhost:44318/"
28 |     }
29 |   }
30 | }


--------------------------------------------------------------------------------
/IdentityProvider/ViewModels/Authorization/AuthorizeViewModel.cs:
--------------------------------------------------------------------------------
 1 | using System.ComponentModel.DataAnnotations;
 2 | 
 3 | namespace OpeniddictServer.ViewModels.Authorization;
 4 | 
 5 | public class AuthorizeViewModel
 6 | {
 7 |     [Display(Name = "Application")]
 8 |     public string ApplicationName { get; set; }
 9 | 
10 |     [Display(Name = "Scope")]
11 |     public string Scope { get; set; }
12 | }
13 | 


--------------------------------------------------------------------------------
/IdentityProvider/ViewModels/Shared/ErrorViewModel.cs:
--------------------------------------------------------------------------------
 1 | using System.ComponentModel.DataAnnotations;
 2 | 
 3 | namespace OpeniddictServer.ViewModels.Shared;
 4 | 
 5 | public class ErrorViewModel
 6 | {
 7 |     [Display(Name = "Error")]
 8 |     public string Error { get; set; }
 9 | 
10 |     [Display(Name = "Description")]
11 |     public string ErrorDescription { get; set; }
12 | }
13 | 


--------------------------------------------------------------------------------
/IdentityProvider/Views/Authorization/Authorize.cshtml:
--------------------------------------------------------------------------------
 1 | @using Microsoft.Extensions.Primitives
 2 | @model AuthorizeViewModel
 3 | 
 4 | <div class="jumbotron">
 5 |     <h1>Authorization</h1>
 6 | 
 7 |     <p class="lead text-left">Do you want to grant <strong>@Model.ApplicationName</strong> access to your data? (scopes requested: @Model.Scope)</p>
 8 | 
 9 |     <form asp-controller="Authorization" asp-action="Authorize" method="post">
10 |         @* Flow the request parameters so they can be received by the Accept/Reject actions: *@
11 |         @foreach (var parameter in Context.Request.HasFormContentType ?
12 |             (IEnumerable<KeyValuePair<string, StringValues>>) Context.Request.Form : Context.Request.Query)
13 |         {
14 |             <input type="hidden" name="@parameter.Key" value="@parameter.Value" />
15 |         }
16 | 
17 |         <input class="btn btn-lg btn-success" name="submit.Accept" type="submit" value="Yes" />
18 |         <input class="btn btn-lg btn-danger" name="submit.Deny" type="submit" value="No" />
19 |     </form>
20 | </div>
21 | 


--------------------------------------------------------------------------------
/IdentityProvider/Views/Authorization/Logout.cshtml:
--------------------------------------------------------------------------------
 1 | @using Microsoft.Extensions.Primitives
 2 | 
 3 | <div class="jumbotron">
 4 |     <h1>Log out</h1>
 5 |     <p class="lead text-left">Are you sure you want to sign out?</p>
 6 | 
 7 |     <form asp-controller="Authorization" asp-action="Logout" method="post">
 8 |         @* Flow the request parameters so they can be received by the LogoutPost action: *@
 9 |         @foreach (var parameter in Context.Request.HasFormContentType ?
10 |            (IEnumerable<KeyValuePair<string, StringValues>>) Context.Request.Form : Context.Request.Query)
11 |         {
12 |             <input type="hidden" name="@parameter.Key" value="@parameter.Value" />
13 |         }
14 | 
15 |         <input class="btn btn-lg btn-success" name="Confirm" type="submit" value="Yes" />
16 |     </form>
17 | </div>


--------------------------------------------------------------------------------
/IdentityProvider/Views/Home/Index.cshtml:
--------------------------------------------------------------------------------
1 | @{
2 |     ViewData["Title"] = "Home Page";
3 | }
4 | 
5 | <div class="text-center">
6 |     <h1 class="display-4">Welcome</h1>
7 |     <p>Learn about <a href="https://docs.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
8 | </div>
9 | 


--------------------------------------------------------------------------------
/IdentityProvider/Views/Home/Privacy.cshtml:
--------------------------------------------------------------------------------
1 | @{
2 |     ViewData["Title"] = "Privacy Policy";
3 | }
4 | <h1>@ViewData["Title"]</h1>
5 | 
6 | <p>Use this page to detail your site's privacy policy.</p>
7 | 


--------------------------------------------------------------------------------
/IdentityProvider/Views/Shared/Error.cshtml:
--------------------------------------------------------------------------------
 1 | @model ErrorViewModel
 2 |     
 3 | <div class="jumbotron">
 4 |     <h2>Ooooops, something went really bad! :(</h2>
 5 |     <p class="lead text-left">
 6 |         @if (!string.IsNullOrEmpty(Model.Error)) {
 7 |             <strong>@Model.Error</strong>
 8 |         }
 9 | 
10 |         @if (!string.IsNullOrEmpty(Model.ErrorDescription)) {
11 |             <small>@Model.ErrorDescription</small>
12 |         }
13 |     </p>
14 | </div>


--------------------------------------------------------------------------------
/IdentityProvider/Views/Shared/_Layout.cshtml:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 | <head>
 4 |     <meta charset="utf-8" />
 5 |     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
 6 |     <title>@ViewData["Title"] - IdentityProvider</title>
 7 |     <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/sweetalert2"></script>
 8 |     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.10.1/sweetalert2.min.css" />
 9 |     <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.min.css" />
10 |     <link rel="stylesheet" href="~/css/site.css" />
11 |     <link rel="stylesheet" href="~/IdentityProvider.styles.css" asp-append-version="true" />
12 | </head>
13 | <body>
14 |     <header>
15 |         <nav class="navbar navbar-expand-sm navbar-toggleable-sm navbar-light bg-white border-bottom box-shadow mb-3">
16 |             <div class="container">
17 |                 <a class="navbar-brand" asp-area="" asp-controller="Home" asp-action="Index">IdentityProvider</a>
18 |                 <button class="navbar-toggler" type="button" data-toggle="collapse" data-target=".navbar-collapse" aria-controls="navbarSupportedContent"
19 |                         aria-expanded="false" aria-label="Toggle navigation">
20 |                     <span class="navbar-toggler-icon"></span>
21 |                 </button>
22 |                 <div class="navbar-collapse collapse d-sm-inline-flex justify-content-between">
23 |                     <ul class="navbar-nav flex-grow-1">
24 |                         <li class="nav-item">
25 |                             <a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="Index">Home</a>
26 |                         </li>
27 |                         <li class="nav-item">
28 |                             <a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="Privacy">Privacy</a>
29 |                         </li>
30 |                     </ul>
31 |                     <partial name="_LoginPartial" />
32 |                 </div>
33 |             </div>
34 |         </nav>
35 |     </header>
36 |     <div class="container">
37 |         <main role="main" class="pb-3">
38 |             @RenderBody()
39 |         </main>
40 |     </div>
41 | 
42 |     <footer class="border-top footer text-muted">
43 |         <div class="container">
44 |             &copy; 2024 - OpenIddict Server - <a asp-area="" asp-controller="Home" asp-action="Privacy">Privacy</a>
45 |         </div>
46 |     </footer>
47 |     <script src="~/lib/jquery/dist/jquery.min.js"></script>
48 |     <script src="~/lib/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
49 | 
50 |     <script src="~/js/site.js" asp-append-version="true"></script>
51 | 
52 |     @await RenderSectionAsync("Scripts", required: false)
53 | </body>
54 | </html>
55 | 


--------------------------------------------------------------------------------
/IdentityProvider/Views/Shared/_Layout.cshtml.css:
--------------------------------------------------------------------------------
 1 | /* Please see documentation at https://learn.microsoft.com/aspnet/core/client-side/bundling-and-minification
 2 | for details on configuring this project to bundle and minify static web assets. */
 3 | 
 4 | a.navbar-brand {
 5 |   white-space: normal;
 6 |   text-align: center;
 7 |   word-break: break-all;
 8 | }
 9 | 
10 | a {
11 |   color: #0077cc;
12 | }
13 | 
14 | .btn-primary {
15 |   color: #fff;
16 |   background-color: #1b6ec2;
17 |   border-color: #1861ac;
18 | }
19 | 
20 | .nav-pills .nav-link.active, .nav-pills .show > .nav-link {
21 |   color: #fff;
22 |   background-color: #1b6ec2;
23 |   border-color: #1861ac;
24 | }
25 | 
26 | .border-top {
27 |   border-top: 1px solid #e5e5e5;
28 | }
29 | .border-bottom {
30 |   border-bottom: 1px solid #e5e5e5;
31 | }
32 | 
33 | .box-shadow {
34 |   box-shadow: 0 .25rem .75rem rgba(0, 0, 0, .05);
35 | }
36 | 
37 | button.accept-policy {
38 |   font-size: 1rem;
39 |   line-height: inherit;
40 | }
41 | 
42 | .footer {
43 |   position: absolute;
44 |   bottom: 0;
45 |   width: 100%;
46 |   white-space: nowrap;
47 |   line-height: 60px;
48 | }
49 | 


--------------------------------------------------------------------------------
/IdentityProvider/Views/Shared/_LoginPartial.cshtml:
--------------------------------------------------------------------------------
 1 | @using Microsoft.AspNetCore.Identity
 2 | @inject SignInManager<ApplicationUser> SignInManager
 3 | @inject UserManager<ApplicationUser> UserManager
 4 | 
 5 | <ul class="navbar-nav">
 6 | @if (SignInManager.IsSignedIn(User))
 7 | {
 8 |     <li class="nav-item">
 9 |         <a  class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Manage/Index" title="Manage">Hello @User.Identity!.Name!</a>
10 |     </li>
11 |     <li class="nav-item">
12 |         <form  class="form-inline" asp-area="Identity" asp-page="/Account/Logout" asp-route-returnUrl="@Url.Action("Index", "Home", new { area = "" })">
13 |             <button  type="submit" class="nav-link btn btn-link text-dark">Logout</button>
14 |         </form>
15 |     </li>
16 | }
17 | else
18 | {
19 |     <li class="nav-item">
20 |         <a class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Register">Register</a>
21 |     </li>
22 |     <li class="nav-item">
23 |         <a class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Login">Login</a>
24 |     </li>
25 | }
26 | </ul>
27 | 


--------------------------------------------------------------------------------
/IdentityProvider/Views/_ViewImports.cshtml:
--------------------------------------------------------------------------------
1 | @using OpeniddictServer
2 | @using OpeniddictServer.Data
3 | @using OpeniddictServer.ViewModels.Authorization
4 | @using OpeniddictServer.ViewModels.Shared
5 | @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
6 | 


--------------------------------------------------------------------------------
/IdentityProvider/Views/_ViewStart.cshtml:
--------------------------------------------------------------------------------
1 | @{
2 |     Layout = "_Layout";
3 | }
4 | 


--------------------------------------------------------------------------------
/IdentityProvider/Worker.cs:
--------------------------------------------------------------------------------
 1 | using OpenIddict.Abstractions;
 2 | using OpeniddictServer.Data;
 3 | using System.Globalization;
 4 | using static OpenIddict.Abstractions.OpenIddictConstants;
 5 | 
 6 | namespace OpeniddictServer;
 7 | 
 8 | public class Worker : IHostedService
 9 | {
10 |     private readonly IServiceProvider _serviceProvider;
11 | 
12 |     public Worker(IServiceProvider serviceProvider)
13 |         => _serviceProvider = serviceProvider;
14 | 
15 |     public async Task StartAsync(CancellationToken cancellationToken)
16 |     {
17 |         using var scope = _serviceProvider.CreateScope();
18 | 
19 |         var context = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
20 |         await context.Database.EnsureCreatedAsync(cancellationToken);
21 | 
22 |         await RegisterApplicationsAsync(scope.ServiceProvider);
23 |         await RegisterScopesAsync(scope.ServiceProvider);
24 | 
25 |         static async Task RegisterApplicationsAsync(IServiceProvider provider)
26 |         {
27 |             var manager = provider.GetRequiredService<IOpenIddictApplicationManager>();
28 | 
29 |             // OIDC Code flow confidential client
30 |             if (await manager.FindByClientIdAsync("oidc-pkce-confidential") is null)
31 |             {
32 |                 await manager.CreateAsync(new OpenIddictApplicationDescriptor
33 |                 {
34 |                     ClientId = "oidc-pkce-confidential",
35 |                     ConsentType = ConsentTypes.Explicit,
36 |                     DisplayName = "OIDC confidential Code Flow PKCE",
37 |                     DisplayNames =
38 |                     {
39 |                         [CultureInfo.GetCultureInfo("fr-FR")] = "Application cliente MVC"
40 |                     },
41 |                     PostLogoutRedirectUris =
42 |                     {
43 |                         new Uri("https://localhost:5001/signout-callback-oidc")
44 |                     },
45 |                     RedirectUris =
46 |                     {
47 |                         new Uri("https://localhost:5001/signin-oidc")
48 |                     },
49 |                     ClientSecret = "oidc-pkce-confidential_secret",
50 |                     Permissions =
51 |                     {
52 |                         Permissions.Endpoints.Authorization,
53 |                         Permissions.Endpoints.EndSession,
54 |                         Permissions.Endpoints.Token,
55 |                         Permissions.Endpoints.Revocation,
56 |                         Permissions.GrantTypes.AuthorizationCode,
57 |                         Permissions.GrantTypes.RefreshToken,
58 |                         Permissions.ResponseTypes.Code,
59 |                         Permissions.Scopes.Email,
60 |                         Permissions.Scopes.Profile,
61 |                         Permissions.Scopes.Roles,
62 |                         Permissions.Prefixes.Scope + "dataEventRecords"
63 |                     },
64 |                     Requirements =
65 |                     {
66 |                         Requirements.Features.ProofKeyForCodeExchange
67 |                     }
68 |                 });
69 |             }
70 |         }
71 | 
72 |         static async Task RegisterScopesAsync(IServiceProvider provider)
73 |         {
74 |             var manager = provider.GetRequiredService<IOpenIddictScopeManager>();
75 | 
76 |             if (await manager.FindByNameAsync("dataEventRecords") is null)
77 |             {
78 |                 await manager.CreateAsync(new OpenIddictScopeDescriptor
79 |                 {
80 |                     DisplayName = "dataEventRecords API access",
81 |                     DisplayNames =
82 |                     {
83 |                         [CultureInfo.GetCultureInfo("fr-FR")] = "Accès à l'API de démo"
84 |                     },
85 |                     Name = "dataEventRecords",
86 |                     Resources =
87 |                     {
88 |                         "rs_dataEventRecordsApi"
89 |                     }
90 |                 });
91 |             }
92 |         }
93 |     }
94 | 
95 |     public Task StopAsync(CancellationToken cancellationToken) => Task.CompletedTask;
96 | }
97 | 


--------------------------------------------------------------------------------
/IdentityProvider/appsettings.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "ConnectionStrings": {
 3 |     "DefaultConnection": "Data Source=usersdatabase.sqlite"
 4 |   },
 5 |   "Fido2": {
 6 |     "ServerDomain": "localhost",
 7 |     "ServerName": "Fido2OpenIddict",
 8 |     "Origins": [ "https://localhost:44318" ],
 9 |     "TimestampDriftTolerance": 300000,
10 |     "MDSAccessKey": null
11 |   },
12 |   "Serilog": {
13 |     "MinimumLevel": {
14 |       "Default": "Debug",
15 |       "Override": {
16 |         "Microsoft": "Warning",
17 |         "Microsoft.Hosting.Lifetime": "Information",
18 |         "Microsoft.AspNetCore.Authentication": "Debug",
19 |         "System": "Warning"
20 |       }
21 |     }
22 |   },
23 |   "AllowedHosts": "*"
24 | }


--------------------------------------------------------------------------------
/IdentityProvider/usersdatabase.sqlite:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/damienbod/bff-openiddict-aspnetcore-angular/03cb006e4ae205947bed8c3f7a8662d6fe5e72f0/IdentityProvider/usersdatabase.sqlite


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/css/site.css:
--------------------------------------------------------------------------------
 1 | html {
 2 |   font-size: 14px;
 3 | }
 4 | 
 5 | @media (min-width: 768px) {
 6 |   html {
 7 |     font-size: 16px;
 8 |   }
 9 | }
10 | 
11 | .btn:focus, .btn:active:focus, .btn-link.nav-link:focus, .form-control:focus, .form-check-input:focus {
12 |   box-shadow: 0 0 0 0.1rem white, 0 0 0 0.25rem #258cfb;
13 | }
14 | 
15 | html {
16 |   position: relative;
17 |   min-height: 100%;
18 | }
19 | 
20 | body {
21 |   margin-bottom: 60px;
22 | }
23 | 
24 | .form-floating > .form-control-plaintext::placeholder, .form-floating > .form-control::placeholder {
25 |   color: var(--bs-secondary-color);
26 |   text-align: end;
27 | }
28 | 
29 | .form-floating > .form-control-plaintext:focus::placeholder, .form-floating > .form-control:focus::placeholder {
30 |   text-align: start;
31 | }


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/damienbod/bff-openiddict-aspnetcore-angular/03cb006e4ae205947bed8c3f7a8662d6fe5e72f0/IdentityProvider/wwwroot/favicon.ico


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/images/securitykey.min.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" width="783.478" height="321.091" viewBox="0 0 734.51033 301.02249"><g transform="translate(71.951 -314.708)"><rect width="285.714" height="122.857" x="105.714" y="403.791" ry="6" fill="#fff" stroke="#446cb3"/><path fill="#fff" stroke="#446cb3" d="M391.465 416.976h16.162v93.944h-16.162z"/><circle cx="246.429" cy="462.362" r="40" fill="#446cb3" stroke="#446cb3"/><circle r="14.603" cy="463.791" cx="125.714" fill="#fff" stroke="#446cb3"/><path fill="#f9bf3b" fill-opacity=".497" stroke="#f9bf3b" stroke-width="1.223" d="M408.861 428.802h62.991v14.471h-62.991zM408.861 484.958h62.991v14.471h-62.991z"/><path fill="#f9bf3b" fill-opacity=".497" stroke="#f9bf3b" stroke-width="1.078" d="M408.789 447.653h48.493v14.615h-48.493zM408.789 466.106h48.493v14.615h-48.493z"/><path fill="none" stroke="#446cb3" d="M407.784 417.011h77.11v93.943h-77.11z"/><path d="M236.034 451.289a10.094 10.094 0 0 0-10.093 10.094 10.094 10.094 0 0 0 10.093 10.093 10.094 10.094 0 0 0 10.097-10.093 10.094 10.094 0 0 0-10.097-10.094zm0 3.73a6.365 6.365 0 0 1 6.367 6.364 6.365 6.365 0 0 1-6.367 6.364 6.365 6.365 0 0 1-6.364-6.364 6.365 6.365 0 0 1 6.364-6.365z" fill="#fff" stroke="#446cb3" stroke-width=".691"/><path fill="#fff" d="M245.102 459.194h25.987v3.939h-25.987z"/><path fill="#fff" d="M266.719 462.841h2.669v5.463h-2.669zM259.949 462.841h2.669v4.334h-2.669z"/><circle r="40" cy="462.362" cx="246.429" fill="none" stroke="#446cb3"><animate attributeType="SVG" attributeName="r" begin="0s" dur="1.5s" repeatCount="indefinite" from="10%" to="25%"/><animate attributeType="CSS" attributeName="stroke-width" begin="0s" dur="1.5s" repeatCount="indefinite" from="1%" to="0%"/><animate attributeType="CSS" attributeName="opacity" begin="0s" dur="1.5s" repeatCount="indefinite" from="1" to="0"/></circle></g></svg>


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/images/securitykey.svg:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
  2 | <!-- Created with Inkscape (http://www.inkscape.org/) -->
  3 | 
  4 | <svg
  5 |    xmlns:dc="http://purl.org/dc/elements/1.1/"
  6 |    xmlns:cc="http://creativecommons.org/ns#"
  7 |    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
  8 |    xmlns:svg="http://www.w3.org/2000/svg"
  9 |    xmlns="http://www.w3.org/2000/svg"
 10 |    xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
 11 |    xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
 12 |    width="207.29514mm"
 13 |    height="84.955238mm"
 14 |    viewBox="0 0 734.51033 301.02249"
 15 |    id="svg2"
 16 |    version="1.1"
 17 |    inkscape:version="0.91 r13725"
 18 |    sodipodi:docname="yubico.svg">
 19 |   <defs
 20 |      id="defs4" />
 21 |   <sodipodi:namedview
 22 |      id="base"
 23 |      pagecolor="#ffffff"
 24 |      bordercolor="#666666"
 25 |      borderopacity="1.0"
 26 |      inkscape:pageopacity="0.0"
 27 |      inkscape:pageshadow="2"
 28 |      inkscape:zoom="0.7"
 29 |      inkscape:cx="168.94487"
 30 |      inkscape:cy="103.83617"
 31 |      inkscape:document-units="px"
 32 |      inkscape:current-layer="layer1"
 33 |      showgrid="false"
 34 |      inkscape:window-width="1366"
 35 |      inkscape:window-height="705"
 36 |      inkscape:window-x="-8"
 37 |      inkscape:window-y="-8"
 38 |      inkscape:window-maximized="1"
 39 |      fit-margin-top="25"
 40 |      fit-margin-left="50"
 41 |      fit-margin-right="50"
 42 |      fit-margin-bottom="25" />
 43 |   <metadata
 44 |      id="metadata7">
 45 |     <rdf:RDF>
 46 |       <cc:Work
 47 |          rdf:about="">
 48 |         <dc:format>image/svg+xml</dc:format>
 49 |         <dc:type
 50 |            rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
 51 |         <dc:title></dc:title>
 52 |       </cc:Work>
 53 |     </rdf:RDF>
 54 |   </metadata>
 55 |   <g
 56 |      inkscape:label="Layer 1"
 57 |      inkscape:groupmode="layer"
 58 |      id="layer1"
 59 |      transform="translate(71.951068,-314.70811)">
 60 |     <rect
 61 |        style="fill:#ffffff;fill-opacity:1;stroke:#446cb3;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
 62 |        id="rect3336"
 63 |        width="285.71429"
 64 |        height="122.85714"
 65 |        x="105.71429"
 66 |        y="403.79077"
 67 |        ry="6" />
 68 |     <rect
 69 |        style="fill:#ffffff;fill-opacity:1;stroke:#446cb3;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
 70 |        id="rect3338"
 71 |        width="16.162441"
 72 |        height="93.944183"
 73 |        x="391.46475"
 74 |        y="416.97626" />
 75 |     <circle
 76 |        style="fill:#446cb3;fill-opacity:1;stroke:#446cb3;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
 77 |        id="path4142"
 78 |        cx="246.42857"
 79 |        cy="462.36221"
 80 |        r="40" />
 81 |     <circle
 82 |        r="14.603174"
 83 |        cy="463.79077"
 84 |        cx="125.71429"
 85 |        id="circle4144"
 86 |        style="fill:#ffffff;fill-opacity:1;stroke:#446cb3;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
 87 |     <rect
 88 |        style="fill:#f9bf3b;fill-opacity:0.49704147;stroke:#f9bf3b;stroke-width:1.22285771;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
 89 |        id="rect4146"
 90 |        width="62.991428"
 91 |        height="14.470762"
 92 |        x="408.86142"
 93 |        y="428.8024" />
 94 |     <rect
 95 |        y="484.95779"
 96 |        x="408.86142"
 97 |        height="14.470762"
 98 |        width="62.991428"
 99 |        id="rect4148"
100 |        style="fill:#f9bf3b;fill-opacity:0.49704147;stroke:#f9bf3b;stroke-width:1.22285771;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
101 |     <rect
102 |        y="447.65253"
103 |        x="408.78912"
104 |        height="14.615334"
105 |        width="48.493141"
106 |        id="rect4150"
107 |        style="fill:#f9bf3b;fill-opacity:0.49704147;stroke:#f9bf3b;stroke-width:1.07828617;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
108 |     <rect
109 |        style="fill:#f9bf3b;fill-opacity:0.49704147;stroke:#f9bf3b;stroke-width:1.07828617;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
110 |        id="rect4152"
111 |        width="48.493141"
112 |        height="14.615335"
113 |        x="408.78912"
114 |        y="466.10574" />
115 |     <rect
116 |        y="417.01102"
117 |        x="407.784"
118 |        height="93.943275"
119 |        width="77.109886"
120 |        id="rect4140"
121 |        style="fill:none;fill-opacity:1;stroke:#446cb3;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
122 |     <path
123 |        inkscape:connector-curvature="0"
124 |        style="fill:#ffffff;fill-opacity:1;stroke:#446cb3;stroke-width:0.69124842;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
125 |        d="m 236.03445,451.28886 a 10.094421,10.094421 0 0 0 -10.09367,10.09367 10.094421,10.094421 0 0 0 10.09367,10.09368 10.094421,10.094421 0 0 0 10.09622,-10.09368 10.094421,10.094421 0 0 0 -10.09622,-10.09367 z m 0,3.72928 a 6.3652119,6.3652119 0 0 1 6.36694,6.36439 6.3652119,6.3652119 0 0 1 -6.36694,6.3644 6.3652119,6.3652119 0 0 1 -6.36439,-6.3644 6.3652119,6.3652119 0 0 1 6.36439,-6.36439 z"
126 |        id="circle4154" />
127 |     <rect
128 |        style="fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
129 |        id="rect4156"
130 |        width="25.986658"
131 |        height="3.9389563"
132 |        x="245.10188"
133 |        y="459.19366" />
134 |     <rect
135 |        style="fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
136 |        id="rect4158"
137 |        width="2.66921"
138 |        height="5.4627204"
139 |        x="266.71918"
140 |        y="462.84055" />
141 |     <rect
142 |        y="462.84055"
143 |        x="259.9491"
144 |        height="4.3343735"
145 |        width="2.66921"
146 |        id="rect4160"
147 |        style="fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
148 |     <circle
149 |        r="40"
150 |        cy="462.36221"
151 |        cx="246.42857"
152 |        id="circle4155"
153 |        style="fill:none;fill-opacity:1;stroke:#446cb3;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1">
154 |        <animate attributeType="SVG" attributeName="r" begin="0s" dur="1.5s" repeatCount="indefinite" from="10%" to="25%"/>
155 |               <animate attributeType="CSS" attributeName="stroke-width" begin="0s"  dur="1.5s" repeatCount="indefinite" from="1%" to="0%" />
156 |               <animate attributeType="CSS" attributeName="opacity" begin="0s"  dur="1.5s" repeatCount="indefinite" from="1" to="0"/>
157 |        </circle>
158 |   </g>
159 | </svg>
160 | 


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/js/helpers.js:
--------------------------------------------------------------------------------
  1 | coerceToArrayBuffer = function (thing, name) {
  2 |     if (typeof thing === "string") {
  3 |         // base64url to base64
  4 |         thing = thing.replace(/-/g, "+").replace(/_/g, "/");
  5 | 
  6 |         // base64 to Uint8Array
  7 |         var str = window.atob(thing);
  8 |         var bytes = new Uint8Array(str.length);
  9 |         for (var i = 0; i < str.length; i++) {
 10 |             bytes[i] = str.charCodeAt(i);
 11 |         }
 12 |         thing = bytes;
 13 |     }
 14 | 
 15 |     // Array to Uint8Array
 16 |     if (Array.isArray(thing)) {
 17 |         thing = new Uint8Array(thing);
 18 |     }
 19 | 
 20 |     // Uint8Array to ArrayBuffer
 21 |     if (thing instanceof Uint8Array) {
 22 |         thing = thing.buffer;
 23 |     }
 24 | 
 25 |     // error if none of the above worked
 26 |     if (!(thing instanceof ArrayBuffer)) {
 27 |         throw new TypeError("could not coerce '" + name + "' to ArrayBuffer");
 28 |     }
 29 | 
 30 |     return thing;
 31 | };
 32 | 
 33 | 
 34 | coerceToBase64Url = function (thing) {
 35 |     // Array or ArrayBuffer to Uint8Array
 36 |     if (Array.isArray(thing)) {
 37 |         thing = Uint8Array.from(thing);
 38 |     }
 39 | 
 40 |     if (thing instanceof ArrayBuffer) {
 41 |         thing = new Uint8Array(thing);
 42 |     }
 43 | 
 44 |     // Uint8Array to base64
 45 |     if (thing instanceof Uint8Array) {
 46 |         var str = "";
 47 |         var len = thing.byteLength;
 48 | 
 49 |         for (var i = 0; i < len; i++) {
 50 |             str += String.fromCharCode(thing[i]);
 51 |         }
 52 |         thing = window.btoa(str);
 53 |     }
 54 | 
 55 |     if (typeof thing !== "string") {
 56 |         throw new Error("could not coerce to string");
 57 |     }
 58 | 
 59 |     // base64 to base64url
 60 |     // NOTE: "=" at the end of challenge is optional, strip it off here
 61 |     thing = thing.replace(/\+/g, "-").replace(/\//g, "_").replace(/=*$/g, "");
 62 | 
 63 |     return thing;
 64 | };
 65 | 
 66 | 
 67 | 
 68 | // HELPERS
 69 | 
 70 | function showErrorAlert(message, error) {
 71 |     let footermsg = '';
 72 |     if (error) {
 73 |         footermsg = 'exception:' + error.toString();
 74 |     }
 75 |     Swal.fire({
 76 |         //type: 'error',
 77 |         title: 'Error',
 78 |         text: message,
 79 |         footer: footermsg
 80 |         //footer: '<a href>Why do I have this issue?</a>'
 81 |     })
 82 | }
 83 | 
 84 | function detectFIDOSupport() {
 85 |     if (window.PublicKeyCredential === undefined ||
 86 |         typeof window.PublicKeyCredential !== "function") {
 87 |         //$('#register-button').attr("disabled", true);
 88 |         //$('#login-button').attr("disabled", true);
 89 |         var el = document.getElementById("notSupportedWarning");
 90 |         if (el) {
 91 |             el.style.display = 'block';
 92 |         }
 93 |         return;
 94 |     }
 95 | }
 96 | 
 97 | /**
 98 |  * 
 99 |  * Get a form value
100 |  * @param {any} selector
101 |  */
102 | function value(selector) {
103 |     var el = document.querySelector(selector);
104 |     if (el.type === "checkbox") {
105 |         return el.checked;
106 |     }
107 |     return el.value;
108 | }


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/js/instant.js:
--------------------------------------------------------------------------------
  1 | /*! instant.page v1.1.0 - (C) 2019 Alexandre Dieulot - https://instant.page/license */
  2 | 
  3 | let urlToPreload
  4 | let mouseoverTimer
  5 | let lastTouchTimestamp
  6 | 
  7 | const prefetcher = document.createElement('link')
  8 | const isSupported = prefetcher.relList && prefetcher.relList.supports && prefetcher.relList.supports('prefetch')
  9 | const allowQueryString = 'instantAllowQueryString' in document.body.dataset
 10 | 
 11 | if (isSupported) {
 12 |     prefetcher.rel = 'prefetch'
 13 |     document.head.appendChild(prefetcher)
 14 | 
 15 |     const eventListenersOptions = {
 16 |         capture: true,
 17 |         passive: true,
 18 |     }
 19 |     document.addEventListener('touchstart', touchstartListener, eventListenersOptions)
 20 |     document.addEventListener('mouseover', mouseoverListener, eventListenersOptions)
 21 | }
 22 | 
 23 | function touchstartListener(event) {
 24 |     /* Chrome on Android calls mouseover before touchcancel so `lastTouchTimestamp`
 25 |      * must be assigned on touchstart to be measured on mouseover. */
 26 |     lastTouchTimestamp = performance.now()
 27 | 
 28 |     const linkElement = event.target.closest('a')
 29 | 
 30 |     if (!linkElement) {
 31 |         return
 32 |     }
 33 | 
 34 |     if (!isPreloadable(linkElement)) {
 35 |         return
 36 |     }
 37 | 
 38 |     linkElement.addEventListener('touchcancel', touchendAndTouchcancelListener, { passive: true })
 39 |     linkElement.addEventListener('touchend', touchendAndTouchcancelListener, { passive: true })
 40 | 
 41 |     urlToPreload = linkElement.href
 42 |     preload(linkElement.href)
 43 | }
 44 | 
 45 | function touchendAndTouchcancelListener() {
 46 |     urlToPreload = undefined
 47 |     stopPreloading()
 48 | }
 49 | 
 50 | function mouseoverListener(event) {
 51 |     if (performance.now() - lastTouchTimestamp < 1100) {
 52 |         return
 53 |     }
 54 | 
 55 |     const linkElement = event.target.closest('a')
 56 | 
 57 |     if (!linkElement) {
 58 |         return
 59 |     }
 60 | 
 61 |     if (!isPreloadable(linkElement)) {
 62 |         return
 63 |     }
 64 | 
 65 |     linkElement.addEventListener('mouseout', mouseoutListener, { passive: true })
 66 | 
 67 |     urlToPreload = linkElement.href
 68 | 
 69 |     mouseoverTimer = setTimeout(() => {
 70 |         preload(linkElement.href)
 71 |         mouseoverTimer = undefined
 72 |     }, 65)
 73 | }
 74 | 
 75 | function mouseoutListener(event) {
 76 |     if (event.relatedTarget && event.target.closest('a') == event.relatedTarget.closest('a')) {
 77 |         return
 78 |     }
 79 | 
 80 |     if (mouseoverTimer) {
 81 |         clearTimeout(mouseoverTimer)
 82 |         mouseoverTimer = undefined
 83 |     }
 84 |     else {
 85 |         urlToPreload = undefined
 86 |         stopPreloading()
 87 |     }
 88 | }
 89 | 
 90 | function isPreloadable(linkElement) {
 91 |     if (urlToPreload == linkElement.href) {
 92 |         return
 93 |     }
 94 | 
 95 |     const urlObject = new URL(linkElement.href)
 96 | 
 97 |     if (urlObject.origin != location.origin) {
 98 |         return
 99 |     }
100 | 
101 |     if (!allowQueryString && urlObject.search && !('instant' in linkElement.dataset)) {
102 |         return
103 |     }
104 | 
105 |     if (urlObject.hash && urlObject.pathname + urlObject.search == location.pathname + location.search) {
106 |         return
107 |     }
108 | 
109 |     if ('noInstant' in linkElement.dataset) {
110 |         return
111 |     }
112 | 
113 |     return true
114 | }
115 | 
116 | function preload(url) {
117 |     prefetcher.href = url
118 | }
119 | 
120 | function stopPreloading() {
121 |     /* The spec says an empty string should abort the prefetching
122 |     * but Firefox 64 interprets it as a relative URL to prefetch. */
123 |     prefetcher.removeAttribute('href')
124 | }
125 | 


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/js/mfa.login.js:
--------------------------------------------------------------------------------
  1 | //document.getElementById('signin').addEventListener('click', handleSignInSubmit);
  2 | 
  3 | window.onload = function () {
  4 |     handleSignInSubmit();
  5 | };
  6 | 
  7 | async function handleSignInSubmit(event) {
  8 |     //event.preventDefault();
  9 | 
 10 |     //let username = this.username.value;
 11 |     // passwordfield is omitted in demo
 12 |     // let password = this.password.value;
 13 |     // prepare form post data
 14 |     var formData = new FormData();
 15 |     //formData.append('username', username);
 16 |     // not done in demo
 17 |     // todo: validate username + password with server (has nothing to do with FIDO2/WebAuthn)
 18 | 
 19 |     // send to server for registering
 20 |     let makeAssertionOptions;
 21 |     try {
 22 |         var res = await fetch('/mfaassertionOptions', {
 23 |             method: 'POST', // or 'PUT'
 24 |             body: formData, // data can be `string` or {object}!
 25 |             headers: {
 26 |                 'Accept': 'application/json',
 27 |                 'RequestVerificationToken': document.getElementById('RequestVerificationToken').value
 28 |             }
 29 |         });
 30 | 
 31 |         makeAssertionOptions = await res.json();
 32 |     } catch (e) {
 33 |         showErrorAlert("Request to server failed", e);
 34 |     }
 35 | 
 36 |     //console.log("Assertion Options Object", makeAssertionOptions);
 37 | 
 38 |     // show options error to user
 39 |     if (makeAssertionOptions.status !== "ok") {
 40 |         console.log("Error creating assertion options");
 41 |         console.log(makeAssertionOptions.errorMessage);
 42 |         showErrorAlert(makeAssertionOptions.errorMessage);
 43 |         return;
 44 |     }
 45 | 
 46 |     // todo: switch this to coercebase64
 47 |     const challenge = makeAssertionOptions.challenge.replace(/-/g, "+").replace(/_/g, "/");
 48 |     makeAssertionOptions.challenge = Uint8Array.from(atob(challenge), c => c.charCodeAt(0));
 49 | 
 50 |     // fix escaping. Change this to coerce
 51 |     makeAssertionOptions.allowCredentials.forEach(function (listItem) {
 52 |         var fixedId = listItem.id.replace(/\_/g, "/").replace(/\-/g, "+");
 53 |         listItem.id = Uint8Array.from(atob(fixedId), c => c.charCodeAt(0));
 54 |     });
 55 | 
 56 |     //console.log("Assertion options", makeAssertionOptions);
 57 | 
 58 |     const fido2TapKeyToLogin = document.getElementById('fido2TapKeyToLogin').innerText;
 59 |     document.getElementById('fido2logindisplay').innerHTML += '<br><b>' + fido2TapKeyToLogin + '</b><img src = "/images/securitykey.min.svg" alt = "fido login" />';
 60 | 
 61 |     //Swal.fire({
 62 |     //    title: 'Logging In...',
 63 |     //    text: 'Tap your security key to login.',
 64 |     //    imageUrl: "/images/securitykey.min.svg",
 65 |     //    showCancelButton: true,
 66 |     //    showConfirmButton: false,
 67 |     //    focusConfirm: false,
 68 |     //    focusCancel: false
 69 |     //});
 70 | 
 71 |     // ask browser for credentials (browser will ask connected authenticators)
 72 |     let credential;
 73 |     try {
 74 |         credential = await navigator.credentials.get({ publicKey: makeAssertionOptions });
 75 |     } catch (err) {
 76 |         document.getElementById('fido2logindisplay').innerHTML = '';
 77 |         showErrorAlert(err.message ? err.message : err);
 78 |     }
 79 | 
 80 |     //document.getElementById('fido2logindisplay').innerHTML = '<p>Processing</p>';
 81 | 
 82 |     try {
 83 |         await verifyAssertionWithServer(credential);
 84 |     } catch (e) {
 85 |         document.getElementById('fido2logindisplay').innerHTML = '';
 86 |         const fido2CouldNotVerifyAssertion = document.getElementById('fido2CouldNotVerifyAssertion').innerText;
 87 |         showErrorAlert(fido2CouldNotVerifyAssertion, e);
 88 |     }
 89 | }
 90 | 
 91 | async function verifyAssertionWithServer(assertedCredential) {
 92 |     // Move data into Arrays incase it is super long
 93 |     let authData = new Uint8Array(assertedCredential.response.authenticatorData);
 94 |     let clientDataJSON = new Uint8Array(assertedCredential.response.clientDataJSON);
 95 |     let rawId = new Uint8Array(assertedCredential.rawId);
 96 |     let sig = new Uint8Array(assertedCredential.response.signature);
 97 |     let userHandle = new Uint8Array(assertedCredential.response.userHandle);
 98 |     const data = {
 99 |         id: assertedCredential.id,
100 |         rawId: coerceToBase64Url(rawId),
101 |         type: assertedCredential.type,
102 |         extensions: assertedCredential.getClientExtensionResults(),
103 |         response: {
104 |             authenticatorData: coerceToBase64Url(authData),
105 |             clientDataJson: coerceToBase64Url(clientDataJSON),
106 |             //userHandle: userHandle !== null ? coerceToBase64Url(userHandle) : null,
107 |             signature: coerceToBase64Url(sig)
108 |         }
109 |     };
110 | 
111 |     let response;
112 |     try {
113 |         let res = await fetch("/mfamakeAssertion", {
114 |             method: 'POST', // or 'PUT'
115 |             body: JSON.stringify(data), // data can be `string` or {object}!
116 |             headers: {
117 |                 'Accept': 'application/json',
118 |                 'Content-Type': 'application/json',
119 |                 'RequestVerificationToken': document.getElementById('RequestVerificationToken').value
120 |             }
121 |         });
122 | 
123 |         response = await res.json();
124 |     } catch (e) {
125 |         showErrorAlert("Request to server failed", e);
126 |         throw e;
127 |     }
128 | 
129 |     //console.log("Assertion Object", response);
130 | 
131 |     // show error
132 |     if (response.status !== "ok") {
133 |         console.log("Error doing assertion");
134 |         console.log(response.errorMessage);
135 |         document.getElementById('fido2logindisplay').innerHTML = '';
136 |         showErrorAlert(response.errorMessage);
137 |         return;
138 |     }
139 | 
140 |     //document.getElementById('fido2logindisplay').innerHTML = '<p>Logged In!</p>';
141 | 
142 |     // show success message
143 |     //await Swal.fire({
144 |     //    title: 'Logged In!',
145 |     //    text: 'You\'re logged in successfully.',
146 |     //    //type: 'success',
147 |     //    timer: 2000
148 |     //});
149 |     let fido2ReturnUrl = document.getElementById('fido2ReturnUrl').innerText;
150 |     if (!fido2ReturnUrl) {
151 |         fido2ReturnUrl = "/";
152 |     }
153 |     window.location.href = fido2ReturnUrl;
154 | }
155 | 


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/js/mfa.register.js:
--------------------------------------------------------------------------------
  1 | document.getElementById('register').addEventListener('submit', handleRegisterSubmit);
  2 | 
  3 | async function handleRegisterSubmit(event) {
  4 |     event.preventDefault();
  5 | 
  6 |     let username = this.username.value;
  7 |     //let displayName = this.displayName.value;
  8 |     // passwordfield is omitted in demo
  9 |     // let password = this.password.value;
 10 |     // possible values: none, direct, indirect
 11 |     let attestation_type = "none";
 12 |     // possible values: <empty>, platform, cross-platform
 13 |     let authenticator_attachment = "";
 14 |     // possible values: preferred, required, discouraged
 15 |     let user_verification = "preferred";
 16 |     // possible values: true,false
 17 |     let require_resident_key = false;
 18 |     // prepare form post data
 19 |     var data = new FormData();
 20 |     data.append('username', username);
 21 |    // data.append('displayName', displayName);
 22 |     data.append('attType', attestation_type);
 23 |     data.append('authType', authenticator_attachment);
 24 |     data.append('userVerification', user_verification);
 25 |     data.append('requireResidentKey', require_resident_key);
 26 | 
 27 |     // send to server for registering
 28 |     let makeCredentialOptions;
 29 |     try {
 30 |         makeCredentialOptions = await fetchMakeCredentialOptions(data);
 31 | 
 32 |     } catch (e) {
 33 |         console.error(e);
 34 |         let msg = "Something wen't really wrong";
 35 |         showErrorAlert(msg);
 36 |     }
 37 | 
 38 |     //console.log("Credential Options Object", makeCredentialOptions);
 39 | 
 40 |     if (makeCredentialOptions.status !== "ok") {
 41 |         console.log("Error creating credential options");
 42 |         console.log(makeCredentialOptions.errorMessage);
 43 |         showErrorAlert(makeCredentialOptions.errorMessage);
 44 |         return;
 45 |     }
 46 | 
 47 |     // Turn the challenge back into the accepted format of padded base64
 48 |     makeCredentialOptions.challenge = coerceToArrayBuffer(makeCredentialOptions.challenge);
 49 |     // Turn ID into a UInt8Array Buffer for some reason
 50 |     makeCredentialOptions.user.id = coerceToArrayBuffer(makeCredentialOptions.user.id);
 51 | 
 52 |     makeCredentialOptions.excludeCredentials = makeCredentialOptions.excludeCredentials.map((c) => {
 53 |         c.id = coerceToArrayBuffer(c.id);
 54 |         return c;
 55 |     });
 56 | 
 57 |     if (makeCredentialOptions.authenticatorSelection.authenticatorAttachment === null) {
 58 |         makeCredentialOptions.authenticatorSelection.authenticatorAttachment = undefined;
 59 |     }
 60 | 
 61 |     //console.log("Credential Options Formatted", makeCredentialOptions);
 62 | 
 63 |     const fido2TapYourSecurityKeyToFinishRegistration = document.getElementById('fido2TapYourSecurityKeyToFinishRegistration').innerText;
 64 |     document.getElementById('fido2mfadisplay').innerHTML += '<br><b>' + fido2TapYourSecurityKeyToFinishRegistration +'</b><img src = "/images/securitykey.min.svg" alt = "fido login" />';
 65 | 
 66 |     //Swal.fire({
 67 |     //    title: 'Registering...',
 68 |     //    text: 'Tap your security key to finish registration.',
 69 |     //    imageUrl: "/images/securitykey.min.svg",
 70 |     //    showCancelButton: true,
 71 |     //    showConfirmButton: false,
 72 |     //    focusConfirm: false,
 73 |     //    focusCancel: false
 74 |     //});
 75 | 
 76 |     //console.log("Creating PublicKeyCredential...");
 77 |     //console.log(navigator);
 78 |     //console.log(navigator.credentials);
 79 |     //console.log(makeCredentialOptions);
 80 |     let newCredential;
 81 |     try {
 82 |         newCredential = await navigator.credentials.create({
 83 |             publicKey: makeCredentialOptions
 84 |         });
 85 |     } catch (e) {
 86 |         const fido2RegistrationError = document.getElementById('fido2RegistrationError').innerText;
 87 |         console.error(fido2RegistrationError, e);
 88 |         document.getElementById('fido2mfadisplay').innerHTML = '';
 89 |         showErrorAlert(fido2RegistrationError, e);
 90 |     }
 91 | 
 92 |     console.log("PublicKeyCredential Created", newCredential);
 93 | 
 94 |     try {
 95 |         registerNewCredential(newCredential);
 96 | 
 97 |     } catch (e) {
 98 |         showErrorAlert(err.message ? err.message : err);
 99 |     }
100 | }
101 | 
102 | async function fetchMakeCredentialOptions(formData) {
103 |     let response = await fetch('/mfamakeCredentialOptions', {
104 |         method: 'POST', // or 'PUT'
105 |         body: formData, // data can be `string` or {object}!
106 |         headers: {
107 |             'Accept': 'application/json',
108 |             'RequestVerificationToken': document.getElementById('RequestVerificationToken').value
109 |         }
110 |     });
111 | 
112 |     let data = await response.json();
113 | 
114 |     return data;
115 | }
116 | 
117 | // This should be used to verify the auth data with the server
118 | async function registerNewCredential(newCredential) {
119 |     // Move data into Arrays incase it is super long
120 |     let attestationObject = new Uint8Array(newCredential.response.attestationObject);
121 |     let clientDataJSON = new Uint8Array(newCredential.response.clientDataJSON);
122 |     let rawId = new Uint8Array(newCredential.rawId);
123 | 
124 |     const data = {
125 |         id: newCredential.id,
126 |         rawId: coerceToBase64Url(rawId),
127 |         type: newCredential.type,
128 |         extensions: newCredential.getClientExtensionResults(),
129 |         response: {
130 |             AttestationObject: coerceToBase64Url(attestationObject),
131 |             clientDataJson: coerceToBase64Url(clientDataJSON)
132 |         }
133 |     };
134 | 
135 |     let response;
136 |     try {
137 |         response = await registerCredentialWithServer(data);
138 |     } catch (e) {
139 |         showErrorAlert(e);
140 |     }
141 | 
142 |     //console.log("Credential Object", response);
143 | 
144 |     // show error
145 |     if (response.status !== "ok") {
146 |         console.log("Error creating credential");
147 |         console.log(response.errorMessage);
148 |         showErrorAlert(response.errorMessage);
149 |         return;
150 |     }
151 | 
152 |     // show success 
153 |     Swal.fire({
154 |         title: 'Registration Successful!',
155 |         text: 'You\'ve registered successfully.',
156 |        // type: 'success',
157 |         timer: 2000
158 |     });
159 | 
160 |     // possible values: true,false
161 |     window.location.href = "/Identity/Account/Manage/GenerateRecoveryCodes";
162 | }
163 | 
164 | async function registerCredentialWithServer(formData) {
165 |     let response = await fetch('/mfamakeCredential', {
166 |         method: 'POST', // or 'PUT'
167 |         body: JSON.stringify(formData), // data can be `string` or {object}!
168 |         headers: {
169 |             'Accept': 'application/json',
170 |             'Content-Type': 'application/json',
171 |             'RequestVerificationToken': document.getElementById('RequestVerificationToken').value
172 |         }
173 |     });
174 | 
175 |     let data = await response.json();
176 | 
177 |     return data;
178 | }


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/js/site.js:
--------------------------------------------------------------------------------
1 | // Please see documentation at https://learn.microsoft.com/aspnet/core/client-side/bundling-and-minification
2 | // for details on configuring this project to bundle and minify static web assets.
3 | 
4 | // Write your JavaScript code.
5 | 


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/lib/bootstrap/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2011-2021 Twitter, Inc.
 4 | Copyright (c) 2011-2021 The Bootstrap Authors
 5 | 
 6 | Permission is hereby granted, free of charge, to any person obtaining a copy
 7 | of this software and associated documentation files (the "Software"), to deal
 8 | in the Software without restriction, including without limitation the rights
 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 | copies of the Software, and to permit persons to whom the Software is
11 | furnished to do so, subject to the following conditions:
12 | 
13 | The above copyright notice and this permission notice shall be included in
14 | all copies or substantial portions of the Software.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 | THE SOFTWARE.
23 | 


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/lib/jquery-validation-unobtrusive/LICENSE.txt:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) .NET Foundation and Contributors
 4 | 
 5 | All rights reserved.
 6 | 
 7 | Permission is hereby granted, free of charge, to any person obtaining a copy
 8 | of this software and associated documentation files (the "Software"), to deal
 9 | in the Software without restriction, including without limitation the rights
10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 | copies of the Software, and to permit persons to whom the Software is
12 | furnished to do so, subject to the following conditions:
13 | 
14 | The above copyright notice and this permission notice shall be included in all
15 | copies or substantial portions of the Software.
16 | 
17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 | SOFTWARE.
24 | 


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.min.js:
--------------------------------------------------------------------------------
1 | /**
2 |  * @license
3 |  * Unobtrusive validation support library for jQuery and jQuery Validate
4 |  * Copyright (c) .NET Foundation. All rights reserved.
5 |  * Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
6 |  * @version v4.0.0
7 |  */
8 | !function(a){"function"==typeof define&&define.amd?define("jquery.validate.unobtrusive",["jquery-validation"],a):"object"==typeof module&&module.exports?module.exports=a(require("jquery-validation")):jQuery.validator.unobtrusive=a(jQuery)}(function(s){var a,o=s.validator,d="unobtrusiveValidation";function l(a,e,n){a.rules[e]=n,a.message&&(a.messages[e]=a.message)}function u(a){return a.replace(/([!"#$%&'()*+,./:;<=>?@\[\\\]^`{|}~])/g,"\\$1")}function n(a){return a.substr(0,a.lastIndexOf(".")+1)}function m(a,e){return a=0===a.indexOf("*.")?a.replace("*.",e):a}function f(a){var e=s(this),n="__jquery_unobtrusive_validation_form_reset";if(!e.data(n)){e.data(n,!0);try{e.data("validator").resetForm()}finally{e.removeData(n)}e.find(".validation-summary-errors").addClass("validation-summary-valid").removeClass("validation-summary-errors"),e.find(".field-validation-error").addClass("field-validation-valid").removeClass("field-validation-error").removeData("unobtrusiveContainer").find(">*").removeData("unobtrusiveContainer")}}function p(n){function a(a,e){(a=r[a])&&s.isFunction(a)&&a.apply(n,e)}var e=s(n),t=e.data(d),i=s.proxy(f,n),r=o.unobtrusive.options||{};return t||(t={options:{errorClass:r.errorClass||"input-validation-error",errorElement:r.errorElement||"span",errorPlacement:function(){!function(a,e){var e=s(this).find("[data-valmsg-for='"+u(e[0].name)+"']"),n=(n=e.attr("data-valmsg-replace"))?!1!==s.parseJSON(n):null;e.removeClass("field-validation-valid").addClass("field-validation-error"),a.data("unobtrusiveContainer",e),n?(e.empty(),a.removeClass("input-validation-error").appendTo(e)):a.hide()}.apply(n,arguments),a("errorPlacement",arguments)},invalidHandler:function(){!function(a,e){var n=s(this).find("[data-valmsg-summary=true]"),t=n.find("ul");t&&t.length&&e.errorList.length&&(t.empty(),n.addClass("validation-summary-errors").removeClass("validation-summary-valid"),s.each(e.errorList,function(){s("<li />").html(this.message).appendTo(t)}))}.apply(n,arguments),a("invalidHandler",arguments)},messages:{},rules:{},success:function(){!function(a){var e,n=a.data("unobtrusiveContainer");n&&(e=(e=n.attr("data-valmsg-replace"))?s.parseJSON(e):null,n.addClass("field-validation-valid").removeClass("field-validation-error"),a.removeData("unobtrusiveContainer"),e&&n.empty())}.apply(n,arguments),a("success",arguments)}},attachValidation:function(){e.off("reset."+d,i).on("reset."+d,i).validate(this.options)},validate:function(){return e.validate(),e.valid()}},e.data(d,t)),t}return o.unobtrusive={adapters:[],parseElement:function(t,a){var e,i,r,o=s(t),d=o.parents("form")[0];d&&((e=p(d)).options.rules[t.name]=i={},e.options.messages[t.name]=r={},s.each(this.adapters,function(){var a="data-val-"+this.name,e=o.attr(a),n={};void 0!==e&&(a+="-",s.each(this.params,function(){n[this]=o.attr(a+this)}),this.adapt({element:t,form:d,message:e,params:n,rules:i,messages:r}))}),s.extend(i,{__dummy__:!0}),a||e.attachValidation())},parse:function(a){var a=s(a),e=a.parents().addBack().filter("form").add(a.find("form")).has("[data-val=true]");a.find("[data-val=true]").each(function(){o.unobtrusive.parseElement(this,!0)}),e.each(function(){var a=p(this);a&&a.attachValidation()})}},(a=o.unobtrusive.adapters).add=function(a,e,n){return n||(n=e,e=[]),this.push({name:a,params:e,adapt:n}),this},a.addBool=function(e,n){return this.add(e,function(a){l(a,n||e,!0)})},a.addMinMax=function(a,t,i,r,e,n){return this.add(a,[e||"min",n||"max"],function(a){var e=a.params.min,n=a.params.max;e&&n?l(a,r,[e,n]):e?l(a,t,e):n&&l(a,i,n)})},a.addSingleVal=function(e,n,t){return this.add(e,[n||"val"],function(a){l(a,t||e,a.params[n])})},o.addMethod("__dummy__",function(a,e,n){return!0}),o.addMethod("regex",function(a,e,n){return!!this.optional(e)||(e=new RegExp(n).exec(a))&&0===e.index&&e[0].length===a.length}),o.addMethod("nonalphamin",function(a,e,n){var t;return t=n?(t=a.match(/\W/g))&&t.length>=n:t}),o.methods.extension?(a.addSingleVal("accept","mimtype"),a.addSingleVal("extension","extension")):a.addSingleVal("extension","extension","accept"),a.addSingleVal("regex","pattern"),a.addBool("creditcard").addBool("date").addBool("digits").addBool("email").addBool("number").addBool("url"),a.addMinMax("length","minlength","maxlength","rangelength").addMinMax("range","min","max","range"),a.addMinMax("minlength","minlength").addMinMax("maxlength","minlength","maxlength"),a.add("equalto",["other"],function(a){var e=n(a.element.name),e=m(a.params.other,e);l(a,"equalTo",s(a.form).find(":input").filter("[name='"+u(e)+"']")[0])}),a.add("required",function(a){"INPUT"===a.element.tagName.toUpperCase()&&"CHECKBOX"===a.element.type.toUpperCase()||l(a,"required",!0)}),a.add("remote",["url","type","additionalfields"],function(t){var i={url:t.params.url,type:t.params.type||"GET",data:{}},r=n(t.element.name);s.each((t.params.additionalfields||t.element.name).replace(/^\s+|\s+$/g,"").split(/\s*,\s*/g),function(a,e){var n=m(e,r);i.data[n]=function(){var a=s(t.form).find(":input").filter("[name='"+u(n)+"']");return a.is(":checkbox")?a.filter(":checked").val()||a.filter(":hidden").val()||"":a.is(":radio")?a.filter(":checked").val()||"":a.val()}}),l(t,"remote",i)}),a.add("password",["min","nonalphamin","regex"],function(a){a.params.min&&l(a,"minlength",a.params.min),a.params.nonalphamin&&l(a,"nonalphamin",a.params.nonalphamin),a.params.regex&&l(a,"regex",a.params.regex)}),a.add("fileextensions",["extensions"],function(a){l(a,"extension",a.params.extensions)}),s(function(){o.unobtrusive.parse(document)}),o.unobtrusive});


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/lib/jquery-validation/LICENSE.md:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | =====================
 3 | 
 4 | Copyright Jörn Zaefferer
 5 | 
 6 | Permission is hereby granted, free of charge, to any person obtaining a copy
 7 | of this software and associated documentation files (the "Software"), to deal
 8 | in the Software without restriction, including without limitation the rights
 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 | copies of the Software, and to permit persons to whom the Software is
11 | furnished to do so, subject to the following conditions:
12 | 
13 | The above copyright notice and this permission notice shall be included in
14 | all copies or substantial portions of the Software.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 | THE SOFTWARE.
23 | 


--------------------------------------------------------------------------------
/IdentityProvider/wwwroot/lib/jquery/LICENSE.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | Copyright OpenJS Foundation and other contributors, https://openjsf.org/
 3 | 
 4 | Permission is hereby granted, free of charge, to any person obtaining
 5 | a copy of this software and associated documentation files (the
 6 | "Software"), to deal in the Software without restriction, including
 7 | without limitation the rights to use, copy, modify, merge, publish,
 8 | distribute, sublicense, and/or sell copies of the Software, and to
 9 | permit persons to whom the Software is furnished to do so, subject to
10 | the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be
13 | included in all copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
19 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
20 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
21 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # OpenIddict BFF security architecture using ASP.NET Core and nx Angular standalone
 2 | 
 3 |  [![.NET and npm build](https://github.com/damienbod/bff-openiddict-aspnetcore-angular/actions/workflows/dotnet.yml/badge.svg)](https://github.com/damienbod/bff-openiddict-aspnetcore-angular/actions/workflows/dotnet.yml) [![License](https://img.shields.io/badge/license-Apache%20License%202.0-blue.svg)](https://github.com/damienbod/bff-openiddict-aspnetcore-angular/blob/main/bff/LICENSE)
 4 | 
 5 | [Secure Angular application using OpenIddict and ASP.NET Core with BFF](https://damienbod.com/2023/09/25/secure-angular-application-using-openiddict-and-asp-net-core-with-bff/)
 6 | 
 7 | ## Debugging
 8 | 
 9 | Start the Angular project from the **ui** folder
10 | 
11 | ```
12 | nx serve --ssl
13 | ```
14 | 
15 | Start the ASP.NET Core projects from the **server** folder and the **identityProvider**
16 | 
17 | ```
18 | dotnet run
19 | ```
20 | 
21 | Or just open Visual Studio and run the solution.
22 | 
23 | ## Credits and used libraries
24 | 
25 | - NetEscapades.AspNetCore.SecurityHeaders
26 | - Yarp.ReverseProxy
27 | - OpenIddict
28 | - ASP.NET Core
29 | - Angular 
30 | - Nx
31 | - OpenIddict
32 | 
33 | ## Angular nx Updates
34 | 
35 | ```
36 | nx migrate latest
37 | 
38 | nx migrate --run-migrations=migrations.json
39 | ```
40 | 
41 | ## History
42 | 
43 | - 2024-12-31 Bootstrap 5
44 | - 2024-12-31 Fix script loading
45 | - 2024-12-18 .NET 9, Openiddict 6.0, Angular 19
46 | - 2024-10-17 Code clean up
47 | - 2024-10-17 Updated packages, update security headers performance
48 | - 2024-10-06 Updated Angular 18.2.7
49 | - 2024-10-03 Updated packages
50 | - 2024-06-06 Updated packages, Angular 18
51 | - 2024-04-27 Updated packages and build, code clean up
52 | - 2024-01-22 Updated packages
53 | - 2023-12-30 Open Redirect protection for login
54 | - 2023-11-16 .NET 8 updates
55 | 
56 | ## Links
57 | 
58 | https://github.com/damienbod/bff-aspnetcore-angular
59 | 
60 | https://learn.microsoft.com/en-us/aspnet/core/introduction-to-aspnet-core
61 | 
62 | https://nx.dev/getting-started/intro
63 | 
64 | https://github.com/isolutionsag/aspnet-react-bff-proxy-example
65 | 
66 | https://github.com/openiddict
67 | 
68 | https://github.com/damienbod/bff-auth0-aspnetcore-angular
69 | 
70 | https://github.com/damienbod/bff-azureadb2c-aspnetcore-angular
71 | 
72 | https://github.com/damienbod/bff-aspnetcore-vuejs
73 | 
74 | https://github.com/damienbod/bff-MicrosoftEntraExternalID-aspnetcore-angular
75 | 


--------------------------------------------------------------------------------
/bff-openiddict.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.8.34004.107
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "IdentityProvider", "IdentityProvider\IdentityProvider.csproj", "{4F06C65B-2476-4ABA-98FF-DAF99F60C159}"
 7 | EndProject
 8 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "BffOpenIddict.Server", "bff\server\BffOpenIddict.Server.csproj", "{AD83F3C5-5450-448F-BEE0-4891730265A5}"
 9 | EndProject
10 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{9F2768D9-8B53-4905-95DB-226C76C040CC}"
11 | 	ProjectSection(SolutionItems) = preProject
12 | 		.github\workflows\dotnet.yml = .github\workflows\dotnet.yml
13 | 		README.md = README.md
14 | 	EndProjectSection
15 | EndProject
16 | Global
17 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
18 | 		Debug|Any CPU = Debug|Any CPU
19 | 		Release|Any CPU = Release|Any CPU
20 | 	EndGlobalSection
21 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
22 | 		{4F06C65B-2476-4ABA-98FF-DAF99F60C159}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
23 | 		{4F06C65B-2476-4ABA-98FF-DAF99F60C159}.Debug|Any CPU.Build.0 = Debug|Any CPU
24 | 		{4F06C65B-2476-4ABA-98FF-DAF99F60C159}.Release|Any CPU.ActiveCfg = Release|Any CPU
25 | 		{4F06C65B-2476-4ABA-98FF-DAF99F60C159}.Release|Any CPU.Build.0 = Release|Any CPU
26 | 		{AD83F3C5-5450-448F-BEE0-4891730265A5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
27 | 		{AD83F3C5-5450-448F-BEE0-4891730265A5}.Debug|Any CPU.Build.0 = Debug|Any CPU
28 | 		{AD83F3C5-5450-448F-BEE0-4891730265A5}.Release|Any CPU.ActiveCfg = Release|Any CPU
29 | 		{AD83F3C5-5450-448F-BEE0-4891730265A5}.Release|Any CPU.Build.0 = Release|Any CPU
30 | 	EndGlobalSection
31 | 	GlobalSection(SolutionProperties) = preSolution
32 | 		HideSolutionNode = FALSE
33 | 	EndGlobalSection
34 | 	GlobalSection(ExtensibilityGlobals) = postSolution
35 | 		SolutionGuid = {71ABB31C-4A0F-4FC3-9C49-C9985B1CE6AB}
36 | 	EndGlobalSection
37 | EndGlobal
38 | 


--------------------------------------------------------------------------------
/bff/server/BffOpenIddict.Server.csproj:
--------------------------------------------------------------------------------
 1 | <Project Sdk="Microsoft.NET.Sdk.Web">
 2 | 
 3 | 	<PropertyGroup>
 4 | 		<TargetFramework>net9.0</TargetFramework>
 5 | 		<Nullable>enable</Nullable>
 6 | 		<ImplicitUsings>enable</ImplicitUsings>
 7 | 	</PropertyGroup>
 8 | 
 9 | 	<ItemGroup>
10 | 		<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="9.0.4" NoWarn="NU1605" />
11 | 		<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="9.0.4" />
12 | 		<PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.1.0" />
13 | 		<PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.1.0" />
14 | 		<PackageReference Include="Yarp.ReverseProxy" Version="2.3.0" />
15 | 	</ItemGroup>
16 | 
17 | </Project>
18 | 


--------------------------------------------------------------------------------
/bff/server/Controllers/AccountController.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.AspNetCore.Authentication;
 2 | using Microsoft.AspNetCore.Authentication.Cookies;
 3 | using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 4 | using Microsoft.AspNetCore.Authorization;
 5 | using Microsoft.AspNetCore.Mvc;
 6 | 
 7 | namespace BffOpenIddict.Server.Controllers;
 8 | 
 9 | [Route("api/[controller]")]
10 | public class AccountController : ControllerBase
11 | {
12 |     [HttpGet("Login")]
13 |     public ActionResult Login(string? returnUrl, string? claimsChallenge)
14 |     {
15 |         var properties = GetAuthProperties(returnUrl);
16 | 
17 |         if (claimsChallenge != null)
18 |         {
19 |             string jsonString = claimsChallenge.Replace("\\", "").Trim('"');
20 | 
21 |             properties.Items["claims"] = jsonString;
22 |         }
23 | 
24 |         return Challenge(properties);
25 |     }
26 | 
27 |     // [ValidateAntiForgeryToken] // not needed explicitly due the the Auto global definition.
28 |     [IgnoreAntiforgeryToken] // need to apply this to the form post request
29 |     [Authorize]
30 |     [HttpPost("Logout")]
31 |     public IActionResult Logout()
32 |     {
33 |         return SignOut(
34 |             new AuthenticationProperties { RedirectUri = "/" },
35 |             CookieAuthenticationDefaults.AuthenticationScheme,
36 |             OpenIdConnectDefaults.AuthenticationScheme);
37 |     }
38 | 
39 |     /// <summary>
40 |     /// Original src:
41 |     /// https://github.com/dotnet/blazor-samples/blob/main/8.0/BlazorWebOidc/BlazorWebOidc/LoginLogoutEndpointRouteBuilderExtensions.cs
42 |     /// </summary>
43 |     private static AuthenticationProperties GetAuthProperties(string? returnUrl)
44 |     {
45 |         const string pathBase = "/";
46 | 
47 |         // Prevent open redirects.
48 |         if (string.IsNullOrEmpty(returnUrl))
49 |         {
50 |             returnUrl = pathBase;
51 |         }
52 |         else if (!Uri.IsWellFormedUriString(returnUrl, UriKind.Relative))
53 |         {
54 |             returnUrl = new Uri(returnUrl, UriKind.Absolute).PathAndQuery;
55 |         }
56 |         else if (returnUrl[0] != '/')
57 |         {
58 |             returnUrl = $"{pathBase}{returnUrl}";
59 |         }
60 | 
61 |         return new AuthenticationProperties { RedirectUri = returnUrl };
62 |     }
63 | }
64 | 


--------------------------------------------------------------------------------
/bff/server/Controllers/DirectApiController.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.AspNetCore.Authentication.Cookies;
 2 | using Microsoft.AspNetCore.Authorization;
 3 | using Microsoft.AspNetCore.Mvc;
 4 | 
 5 | namespace BffOpenIddict.Server.Controllers;
 6 | 
 7 | [ValidateAntiForgeryToken]
 8 | [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
 9 | [ApiController]
10 | [Route("api/[controller]")]
11 | public class DirectApiController : ControllerBase
12 | {
13 |     [HttpGet]
14 |     public IEnumerable<string> Get()
15 |     {
16 |         return new List<string> { "some data", "more data", "loads of data" };
17 |     }
18 | }
19 | 


--------------------------------------------------------------------------------
/bff/server/Controllers/UserController.cs:
--------------------------------------------------------------------------------
 1 | using BffOpenIddict.Server.Models;
 2 | using Microsoft.AspNetCore.Authorization;
 3 | using Microsoft.AspNetCore.Mvc;
 4 | 
 5 | using System.Security.Claims;
 6 | 
 7 | namespace BlazorBffOpenIDConnect.Server.Controllers;
 8 | 
 9 | [Route("api/[controller]")]
10 | [ApiController]
11 | public class UserController : ControllerBase
12 | {
13 |     [HttpGet]
14 |     [AllowAnonymous]
15 |     public IActionResult GetCurrentUser() => Ok(CreateUserInfo(User));
16 | 
17 |     private static UserInfo CreateUserInfo(ClaimsPrincipal claimsPrincipal)
18 |     {
19 |         if (!claimsPrincipal?.Identity?.IsAuthenticated ?? true)
20 |         {
21 |             return UserInfo.Anonymous;
22 |         }
23 | 
24 |         var userInfo = new UserInfo
25 |         {
26 |             IsAuthenticated = true
27 |         };
28 | 
29 |         if (claimsPrincipal?.Identity is ClaimsIdentity claimsIdentity)
30 |         {
31 |             userInfo.NameClaimType = claimsIdentity.NameClaimType;
32 |             userInfo.RoleClaimType = claimsIdentity.RoleClaimType;
33 |         }
34 |         else
35 |         {
36 |             userInfo.NameClaimType = ClaimTypes.Name;
37 |             userInfo.RoleClaimType = ClaimTypes.Role;
38 |         }
39 | 
40 |         if (claimsPrincipal?.Claims?.Any() ?? false)
41 |         {
42 |             // Add just the name claim
43 |             var claims = claimsPrincipal.FindAll(userInfo.NameClaimType)
44 |                                         .Select(u => new ClaimValue(userInfo.NameClaimType, u.Value))
45 |                                         .ToList();
46 | 
47 |             // Uncomment this code if you want to send additional claims to the client.
48 |             //var claims = claimsPrincipal.Claims.Select(u => new ClaimValue(u.Type, u.Value))
49 |             //                                      .ToList();
50 | 
51 |             userInfo.Claims = claims;
52 |         }
53 | 
54 |         return userInfo;
55 |     }
56 | }
57 | 


--------------------------------------------------------------------------------
/bff/server/Models/ClaimValue.cs:
--------------------------------------------------------------------------------
 1 | namespace BffOpenIddict.Server.Models;
 2 | 
 3 | public class ClaimValue
 4 | {
 5 |     public ClaimValue()
 6 |     {
 7 |     }
 8 | 
 9 |     public ClaimValue(string type, string value)
10 |     {
11 |         Type = type;
12 |         Value = value;
13 |     }
14 | 
15 |     public string Type { get; set; } = string.Empty;
16 | 
17 |     public string Value { get; set; } = string.Empty;
18 | }


--------------------------------------------------------------------------------
/bff/server/Models/UserInfo.cs:
--------------------------------------------------------------------------------
 1 | namespace BffOpenIddict.Server.Models;
 2 | 
 3 | public class UserInfo
 4 | {
 5 |     public static readonly UserInfo Anonymous = new();
 6 | 
 7 |     public bool IsAuthenticated { get; set; }
 8 | 
 9 |     public string NameClaimType { get; set; } = string.Empty;
10 | 
11 |     public string RoleClaimType { get; set; } = string.Empty;
12 | 
13 |     public ICollection<ClaimValue> Claims { get; set; } = new List<ClaimValue>();
14 | }
15 | 


--------------------------------------------------------------------------------
/bff/server/Pages/Error.cshtml:
--------------------------------------------------------------------------------
 1 | @page
 2 | @model BffOpenIddict.Server.Pages.ErrorModel
 3 | 
 4 | <!DOCTYPE html>
 5 | <html lang="en">
 6 | 
 7 | <head>
 8 |     <meta charset="utf-8" />
 9 |     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
10 |     <title>Error</title>
11 | </head>
12 | 
13 | <body>
14 |     <div class="main">
15 |         <div class="content px-4">
16 |             <h1 class="text-danger">Error.</h1>
17 |             <h2 class="text-danger">An error occurred while processing your request.</h2>
18 | 
19 |             @if (Model.ShowRequestId)
20 |             {
21 |                 <p>
22 |                     <strong>Request ID:</strong> <code>@Model.RequestId</code>
23 |                 </p>
24 |             }
25 | 
26 |             <h3>Development Mode</h3>
27 |             <p>
28 |                 Swapping to the <strong>Development</strong> environment displays detailed information about the error that occurred.
29 |             </p>
30 |             <p>
31 |                 <strong>The Development environment shouldn't be enabled for deployed applications.</strong>
32 |                 It can result in displaying sensitive information from exceptions to end users.
33 |                 For local debugging, enable the <strong>Development</strong> environment by setting the <strong>ASPNETCORE_ENVIRONMENT</strong> environment variable to <strong>Development</strong>
34 |                 and restarting the app.
35 |             </p>
36 |         </div>
37 |     </div>
38 | </body>
39 | 
40 | </html>
41 | 


--------------------------------------------------------------------------------
/bff/server/Pages/Error.cshtml.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.AspNetCore.Mvc;
 2 | using Microsoft.AspNetCore.Mvc.RazorPages;
 3 | using System.Diagnostics;
 4 | 
 5 | namespace BffOpenIddict.Server.Pages;
 6 | 
 7 | [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
 8 | public class ErrorModel : PageModel
 9 | {
10 |     public string? RequestId { get; set; }
11 | 
12 |     public bool ShowRequestId => !string.IsNullOrEmpty(RequestId);
13 | 
14 |     public void OnGet()
15 |     {
16 |         RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier;
17 |     }
18 | }
19 | 


--------------------------------------------------------------------------------
/bff/server/Pages/_Host.cshtml:
--------------------------------------------------------------------------------
 1 | @page "/"
 2 | @namespace BlazorBffAzureAD.Pages
 3 | @using System.Net;
 4 | @using NetEscapades.AspNetCore.SecurityHeaders;
 5 | @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
 6 | @addTagHelper *, NetEscapades.AspNetCore.SecurityHeaders.TagHelpers
 7 | @inject IHostEnvironment hostEnvironment
 8 | @inject IConfiguration config
 9 | @inject Microsoft.AspNetCore.Antiforgery.IAntiforgery antiForgery
10 | @{
11 |     Layout = null;
12 | 
13 |     var source = "";
14 |     if (hostEnvironment.IsDevelopment())
15 |     {
16 |         var httpClient = new HttpClient();
17 |         source = await httpClient.GetStringAsync($"{config["UiDevServerUrl"]}/index.html");
18 |     }
19 |     else
20 |     {
21 |         source = System.IO.File.ReadAllText($"{System.IO.Directory.GetCurrentDirectory()}{@"/wwwroot/index.html"}");
22 |     }
23 | 
24 |     var nonce = HttpContext.GetNonce();
25 | 
26 |     // The nonce is passed to the client through the HTML to avoid sync issues between tabs
27 |     source = source.Replace("**PLACEHOLDER_NONCE_SERVER**", nonce);
28 | 
29 |     if (hostEnvironment.IsDevelopment())
30 |     {
31 |         // do nothing in development, Angular > 18.1.0 adds the nonce automatically
32 |     }
33 |     else
34 |     {
35 |         // Angular release build does not add any nonce to the scripts, so we need to add it manually
36 |         var nonceScript = $"<script nonce=\"{nonce}\" ";
37 |         source = source.Replace("<script ", nonceScript);
38 |     }
39 | 
40 |     // link rel="stylesheet"
41 |     var nonceLinkStyle = $"<link nonce=\"{nonce}\" rel=\"stylesheet\" ";
42 |     source = source.Replace("<link rel=\"stylesheet\" ", nonceLinkStyle);
43 | 
44 |     var xsrf = antiForgery.GetAndStoreTokens(HttpContext);
45 |     var requestToken = xsrf.RequestToken;
46 | 
47 |     // The XSRF-Tokens are passed to the client through cookies, since we always want the most up-to-date cookies across all tabs
48 |     Response.Cookies.Append("XSRF-RequestToken", requestToken ?? "", new CookieOptions() { HttpOnly = false, IsEssential = true, Secure = true, SameSite = SameSiteMode.Strict });
49 | }
50 | 
51 | @Html.Raw(source)
52 | 


--------------------------------------------------------------------------------
/bff/server/Program.cs:
--------------------------------------------------------------------------------
  1 | using BffOpenIddict.Server;
  2 | using BffOpenIddict.Server.Services;
  3 | using Microsoft.AspNetCore.Authentication.Cookies;
  4 | using Microsoft.AspNetCore.Authentication.OpenIdConnect;
  5 | using Microsoft.AspNetCore.Mvc;
  6 | using Microsoft.IdentityModel.JsonWebTokens;
  7 | using Microsoft.IdentityModel.Logging;
  8 | using Microsoft.IdentityModel.Protocols.OpenIdConnect;
  9 | using Microsoft.IdentityModel.Tokens;
 10 | using NetEscapades.AspNetCore.SecurityHeaders.Infrastructure;
 11 | 
 12 | var builder = WebApplication.CreateBuilder(args);
 13 | 
 14 | builder.WebHost.ConfigureKestrel(serverOptions =>
 15 | {
 16 |     serverOptions.AddServerHeader = false;
 17 | });
 18 | 
 19 | var services = builder.Services;
 20 | var configuration = builder.Configuration;
 21 | 
 22 | var stsServer = configuration["OpenIDConnectSettings:Authority"];
 23 | 
 24 | services.AddSecurityHeaderPolicies()
 25 |   .SetPolicySelector((PolicySelectorContext ctx) =>
 26 |   {
 27 |       return SecurityHeadersDefinitions.GetHeaderPolicyCollection(
 28 |           builder.Environment.IsDevelopment(), stsServer);
 29 |   });
 30 | 
 31 | services.AddAntiforgery(options =>
 32 | {
 33 |     options.HeaderName = "X-XSRF-TOKEN";
 34 |     options.Cookie.Name = "__Host-X-XSRF-TOKEN";
 35 |     options.Cookie.SameSite = SameSiteMode.Strict;
 36 |     options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
 37 | });
 38 | 
 39 | services.AddHttpClient();
 40 | services.AddOptions();
 41 | 
 42 | services.AddAuthentication(options =>
 43 | {
 44 |     options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
 45 |     options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
 46 | })
 47 | .AddCookie()
 48 | .AddOpenIdConnect(options =>
 49 | {
 50 |     configuration.GetSection("OpenIDConnectSettings").Bind(options);
 51 |     options.Authority = configuration["OpenIDConnectSettings:Authority"];
 52 |     options.ClientId = configuration["OpenIDConnectSettings:ClientId"];
 53 |     options.ClientSecret = configuration["OpenIDConnectSettings:ClientSecret"];
 54 | 
 55 |     options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
 56 |     options.ResponseType = OpenIdConnectResponseType.Code;
 57 | 
 58 |     options.SaveTokens = true;
 59 |     options.GetClaimsFromUserInfoEndpoint = true;
 60 |     options.TokenValidationParameters = new TokenValidationParameters
 61 |     {
 62 |         NameClaimType = "name"
 63 |     };
 64 | });
 65 | 
 66 | services.AddControllersWithViews(options =>
 67 |     options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()));
 68 | 
 69 | services.AddRazorPages().AddMvcOptions(options =>
 70 | {
 71 |     //var policy = new AuthorizationPolicyBuilder()
 72 |     //    .RequireAuthenticatedUser()
 73 |     //    .Build();
 74 |     //options.Filters.Add(new AuthorizeFilter(policy));
 75 | });
 76 | 
 77 | builder.Services.AddReverseProxy()
 78 |    .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy"));
 79 | 
 80 | var app = builder.Build();
 81 | 
 82 | JsonWebTokenHandler.DefaultInboundClaimTypeMap.Clear();
 83 | // Do not add to deployments, for debug reasons
 84 | IdentityModelEventSource.ShowPII = true;
 85 | 
 86 | if (app.Environment.IsDevelopment())
 87 | {
 88 |     app.UseDeveloperExceptionPage();
 89 |     app.UseWebAssemblyDebugging();
 90 | }
 91 | else
 92 | {
 93 |     app.UseExceptionHandler("/Error");
 94 | }
 95 | 
 96 | app.UseSecurityHeaders();
 97 | 
 98 | app.UseHttpsRedirection();
 99 | app.UseStaticFiles();
100 | app.UseRouting();
101 | 
102 | app.UseNoUnauthorizedRedirect("/api");
103 | 
104 | app.UseAuthentication();
105 | app.UseAuthorization();
106 | 
107 | app.MapRazorPages();
108 | app.MapControllers();
109 | app.MapNotFound("/api/{**segment}");
110 | 
111 | if (app.Environment.IsDevelopment())
112 | {
113 |     var uiDevServer = app.Configuration.GetValue<string>("UiDevServerUrl");
114 |     if (!string.IsNullOrEmpty(uiDevServer))
115 |     {
116 |         app.MapReverseProxy();
117 |     }
118 | }
119 | 
120 | app.MapFallbackToPage("/_Host");
121 | 
122 | app.Run();
123 | 


--------------------------------------------------------------------------------
/bff/server/Properties/launchSettings.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "profiles": {
 3 |     "BffOpenIddict.Server": {
 4 |       "commandName": "Project",
 5 |       "launchBrowser": true,
 6 |       "environmentVariables": {
 7 |         "ASPNETCORE_ENVIRONMENT": "Development"
 8 |       },
 9 |       "applicationUrl": "https://localhost:5001"
10 |     }
11 |   }
12 | }


--------------------------------------------------------------------------------
/bff/server/SecurityHeadersDefinitions.cs:
--------------------------------------------------------------------------------
 1 | namespace BffOpenIddict.Server;
 2 | 
 3 | public static class SecurityHeadersDefinitions
 4 | {
 5 |     private static HeaderPolicyCollection? policy;
 6 | 
 7 |     public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, string? idpHost)
 8 |     {
 9 |         ArgumentNullException.ThrowIfNull(idpHost);
10 | 
11 |         // Avoid building a new HeaderPolicyCollection on every request for performance reasons.
12 |         // Where possible, cache and reuse HeaderPolicyCollection instances.
13 |         if (policy != null) return policy;
14 | 
15 |         policy = new HeaderPolicyCollection()
16 |             .AddFrameOptionsDeny()
17 |             .AddContentTypeOptionsNoSniff()
18 |             .AddReferrerPolicyStrictOriginWhenCrossOrigin()
19 |             .AddCrossOriginOpenerPolicy(builder => builder.SameOrigin())
20 |             .AddCrossOriginResourcePolicy(builder => builder.SameOrigin())
21 |             .AddCrossOriginEmbedderPolicy(builder => builder.RequireCorp()) // remove for dev if using hot reload
22 |             .AddContentSecurityPolicy(builder =>
23 |             {
24 |                 builder.AddObjectSrc().None();
25 |                 builder.AddBlockAllMixedContent();
26 |                 builder.AddImgSrc().Self().From("data:");
27 |                 builder.AddFormAction().Self().From(idpHost);
28 |                 builder.AddFontSrc().Self();
29 |                 builder.AddBaseUri().Self();
30 |                 builder.AddFrameAncestors().None();
31 | 
32 |                 if (isDev)
33 |                 {
34 |                     builder.AddStyleSrc().Self().UnsafeInline();
35 |                 }
36 |                 else
37 |                 {
38 |                     builder.AddStyleSrc().WithNonce().UnsafeInline();
39 |                 }
40 | 
41 |                 builder.AddScriptSrc().WithNonce().UnsafeInline();
42 |             })
43 |             .RemoveServerHeader()
44 |             .AddPermissionsPolicyWithDefaultSecureDirectives();
45 | 
46 |         if (!isDev)
47 |         {
48 |             // maxage = one year in seconds
49 |             policy.AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365);
50 |         }
51 | 
52 |         return policy;
53 |     }
54 | }
55 | 


--------------------------------------------------------------------------------
/bff/server/Services/ApplicationBuilderExtensions.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.Net.Http.Headers;
 2 | 
 3 | namespace BffOpenIddict.Server.Services;
 4 | 
 5 | public static class ApplicationBuilderExtensions
 6 | {
 7 |     public static IApplicationBuilder UseNoUnauthorizedRedirect(this IApplicationBuilder applicationBuilder, params string[] segments)
 8 |     {
 9 |         applicationBuilder.Use(async (httpContext, func) =>
10 |         {
11 |             if (segments.Any(s => httpContext.Request.Path.StartsWithSegments(s)))
12 |             {
13 |                 httpContext.Request.Headers[HeaderNames.XRequestedWith] = "XMLHttpRequest";
14 |             }
15 | 
16 |             await func();
17 |         });
18 | 
19 |         return applicationBuilder;
20 |     }
21 | }
22 | 


--------------------------------------------------------------------------------
/bff/server/Services/EndpointRouteBuilderExtensions.cs:
--------------------------------------------------------------------------------
 1 | namespace BffOpenIddict.Server.Services;
 2 | 
 3 | public static class EndpointRouteBuilderExtensions
 4 | {
 5 |     public static IEndpointRouteBuilder MapNotFound(this IEndpointRouteBuilder endpointRouteBuilder, string pattern)
 6 |     {
 7 |         endpointRouteBuilder.Map(pattern, context =>
 8 |         {
 9 |             context.Response.StatusCode = StatusCodes.Status404NotFound;
10 |             return Task.CompletedTask;
11 |         });
12 | 
13 |         return endpointRouteBuilder;
14 |     }
15 | }
16 | 


--------------------------------------------------------------------------------
/bff/server/appsettings.Development.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "Logging": {
 3 |     "LogLevel": {
 4 |       "Default": "Information",
 5 |       "Microsoft": "Warning",
 6 |       "Microsoft.Hosting.Lifetime": "Information"
 7 |     }
 8 |   },
 9 |   "UiDevServerUrl": "https://localhost:4201",
10 |   "ReverseProxy": {
11 |     "Routes": {
12 |       "assets": {
13 |         "ClusterId": "cluster1",
14 |         "Match": {
15 |           "Path": "assets/{**catch-all}"
16 |         }
17 |       },
18 |       "routealljs": {
19 |         "ClusterId": "cluster1",
20 |         "Match": {
21 |           "Path": "{nomatterwhat}.js"
22 |         }
23 |       },
24 |       "routeallcss": {
25 |         "ClusterId": "cluster1",
26 |         "Match": {
27 |           "Path": "{nomatterwhat}.css"
28 |         }
29 |       },
30 |       "webpacklazyloadingsources": {
31 |         "ClusterId": "cluster1",
32 |         "Match": {
33 |           "Path": "/src_{nomatterwhat}_ts.js"
34 |         }
35 |       },
36 |       "signalr": {
37 |         "ClusterId": "cluster1",
38 |         "Match": {
39 |           "Path": "/ng-cli-ws"
40 |         }
41 |       },
42 |       "webpacknodesrcmap": {
43 |         "ClusterId": "cluster1",
44 |         "Match": {
45 |           "Path": "/{nomatterwhat}.js.map"
46 |         }
47 |       }
48 |     },
49 |     "Clusters": {
50 |       "cluster1": {
51 |         "HttpClient": {
52 |           "SslProtocols": [
53 |             "Tls12"
54 |           ]
55 |         },
56 |         "Destinations": {
57 |           "cluster1/destination1": {
58 |             "Address": "https://localhost:4201/"
59 |           }
60 |         }
61 |       }
62 |     }
63 |   }
64 | }
65 | 


--------------------------------------------------------------------------------
/bff/server/appsettings.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "OpenIDConnectSettings": {
 3 |     "Authority": "https://localhost:44318",
 4 |     "ClientId": "oidc-pkce-confidential",
 5 |     "ClientSecret": "oidc-pkce-confidential_secret"
 6 |   },
 7 |   "Logging": {
 8 |     "LogLevel": {
 9 |       "Default": "Information",
10 |       "Microsoft": "Warning",
11 |       "Microsoft.Hosting.Lifetime": "Information"
12 |     }
13 |   },
14 |   "AllowedHosts": "*"
15 | }
16 | 


--------------------------------------------------------------------------------
/bff/server/wwwroot/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/damienbod/bff-openiddict-aspnetcore-angular/03cb006e4ae205947bed8c3f7a8662d6fe5e72f0/bff/server/wwwroot/favicon.ico


--------------------------------------------------------------------------------
/bff/server/wwwroot/index.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en" data-critters-container="">
 3 |   <head>
 4 |     <meta charset="utf-8">
 5 | 	<meta name="CSP_NONCE" content="**PLACEHOLDER_NONCE_SERVER**">
 6 |     <title>ui</title>
 7 |     <base href="/">
 8 |     <meta name="viewport" content="width=device-width, initial-scale=1">
 9 |     <link rel="icon" type="image/x-icon" href="favicon.ico">
10 |   <link rel="stylesheet" href="styles.ef46db3751d8e999.css"></head>
11 |   <body>
12 |     <app-root ngcspnonce="**PLACEHOLDER_NONCE_SERVER**"></app-root>
13 |   <script src="runtime.1cb9cb05f2deb873.js" type="module"></script><script src="polyfills.8cdf208185fb5862.js" type="module"></script><script src="main.30351b27ad0c83f9.js" type="module"></script></body>
14 | </html>
15 | 


--------------------------------------------------------------------------------
/bff/server/wwwroot/runtime.1cb9cb05f2deb873.js:
--------------------------------------------------------------------------------
1 | (()=>{"use strict";var e,v={},_={};function n(e){var l=_[e];if(void 0!==l)return l.exports;var r=_[e]={exports:{}};return v[e](r,r.exports,n),r.exports}n.m=v,e=[],n.O=(l,r,o,f)=>{if(!r){var c=1/0;for(a=0;a<e.length;a++){for(var[r,o,f]=e[a],i=!0,u=0;u<r.length;u++)(!1&f||c>=f)&&Object.keys(n.O).every(p=>n.O[p](r[u]))?r.splice(u--,1):(i=!1,f<c&&(c=f));if(i){e.splice(a--,1);var s=o();void 0!==s&&(l=s)}}return l}f=f||0;for(var a=e.length;a>0&&e[a-1][2]>f;a--)e[a]=e[a-1];e[a]=[r,o,f]},n.o=(e,l)=>Object.prototype.hasOwnProperty.call(e,l),(()=>{var e={666:0};n.O.j=o=>0===e[o];var l=(o,f)=>{var u,s,[a,c,i]=f,t=0;if(a.some(h=>0!==e[h])){for(u in c)n.o(c,u)&&(n.m[u]=c[u]);if(i)var d=i(n)}for(o&&o(f);t<a.length;t++)n.o(e,s=a[t])&&e[s]&&e[s][0](),e[s]=0;return n.O(d)},r=self.webpackChunkui=self.webpackChunkui||[];r.forEach(l.bind(null,0)),r.push=l.bind(null,r.push.bind(r))})()})();


--------------------------------------------------------------------------------
/bff/server/wwwroot/styles.ef46db3751d8e999.css:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/damienbod/bff-openiddict-aspnetcore-angular/03cb006e4ae205947bed8c3f7a8662d6fe5e72f0/bff/server/wwwroot/styles.ef46db3751d8e999.css


--------------------------------------------------------------------------------
/bff/ui/.eslintignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | 


--------------------------------------------------------------------------------
/bff/ui/.eslintrc.base.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "root": true,
 3 |   "ignorePatterns": ["**/*"],
 4 |   "plugins": ["@nx"],
 5 |   "overrides": [
 6 |     {
 7 |       "files": ["*.ts", "*.tsx", "*.js", "*.jsx"],
 8 |       "rules": {
 9 |         "@nx/enforce-module-boundaries": [
10 |           "error",
11 |           {
12 |             "enforceBuildableLibDependency": true,
13 |             "allow": [],
14 |             "depConstraints": [
15 |               {
16 |                 "sourceTag": "*",
17 |                 "onlyDependOnLibsWithTags": ["*"]
18 |               }
19 |             ]
20 |           }
21 |         ]
22 |       }
23 |     },
24 |     {
25 |       "files": ["*.ts", "*.tsx"],
26 |       "extends": ["plugin:@nx/typescript"],
27 |       "rules": {}
28 |     },
29 |     {
30 |       "files": ["*.js", "*.jsx"],
31 |       "extends": ["plugin:@nx/javascript"],
32 |       "rules": {}
33 |     }
34 |   ]
35 | }
36 | 


--------------------------------------------------------------------------------
/bff/ui/.eslintrc.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "ignorePatterns": ["!**/*"],
 3 |   "overrides": [
 4 |     {
 5 |       "files": ["*.ts"],
 6 |       "extends": [
 7 |         "plugin:@nx/angular",
 8 |         "plugin:@angular-eslint/template/process-inline-templates"
 9 |       ],
10 |       "rules": {
11 |         "@angular-eslint/directive-selector": [
12 |           "error",
13 |           {
14 |             "type": "attribute",
15 |             "prefix": "app",
16 |             "style": "camelCase"
17 |           }
18 |         ],
19 |         "@angular-eslint/component-selector": [
20 |           "error",
21 |           {
22 |             "type": "element",
23 |             "prefix": "app",
24 |             "style": "kebab-case"
25 |           }
26 |         ],
27 |         "@angular-eslint/prefer-standalone": "off"
28 |       }
29 |     },
30 |     {
31 |       "files": ["*.html"],
32 |       "extends": ["plugin:@nx/angular-template"],
33 |       "rules": {}
34 |     }
35 |   ],
36 |   "extends": ["./.eslintrc.base.json"]
37 | }
38 | 


--------------------------------------------------------------------------------
/bff/ui/.gitignore:
--------------------------------------------------------------------------------
 1 | # See http://help.github.com/ignore-files/ for more about ignoring files.
 2 | 
 3 | # compiled output
 4 | dist
 5 | tmp
 6 | /out-tsc
 7 | 
 8 | # dependencies
 9 | node_modules
10 | 
11 | # IDEs and editors
12 | /.idea
13 | .project
14 | .classpath
15 | .c9/
16 | *.launch
17 | .settings/
18 | *.sublime-workspace
19 | 
20 | # IDE - VSCode
21 | .vscode/*
22 | !.vscode/settings.json
23 | !.vscode/tasks.json
24 | !.vscode/launch.json
25 | !.vscode/extensions.json
26 | 
27 | # misc
28 | /.sass-cache
29 | /connect.lock
30 | /coverage
31 | /libpeerconnection.log
32 | npm-debug.log
33 | yarn-error.log
34 | testem.log
35 | /typings
36 | 
37 | # System Files
38 | .DS_Store
39 | Thumbs.db
40 | 
41 | .angular
42 | 
43 | .nx/cache
44 | .nx/workspace-data


--------------------------------------------------------------------------------
/bff/ui/.prettierignore:
--------------------------------------------------------------------------------
1 | # Add files here to ignore them from prettier formatting
2 | /dist
3 | /coverage
4 | .angular
5 | 
6 | /.nx/cache
7 | /.nx/workspace-data


--------------------------------------------------------------------------------
/bff/ui/.prettierrc:
--------------------------------------------------------------------------------
1 | {
2 |   "singleQuote": true
3 | }
4 | 


--------------------------------------------------------------------------------
/bff/ui/.vscode/extensions.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "recommendations": [
 3 |     "nrwl.angular-console",
 4 |     "esbenp.prettier-vscode",
 5 |     "firsttris.vscode-jest-runner",
 6 |     "ms-playwright.playwright",
 7 |     "dbaeumer.vscode-eslint"
 8 |   ]
 9 | }
10 | 


--------------------------------------------------------------------------------
/bff/ui/.vscode/settings.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "editor.defaultFormatter": "esbenp.prettier-vscode",
 3 |   "[typescript]": {
 4 |     "editor.defaultFormatter": "esbenp.prettier-vscode"
 5 |   },
 6 |   "[json]": {
 7 |     "editor.defaultFormatter": "esbenp.prettier-vscode"
 8 |   },
 9 |   "[jsonc]": {
10 |     "editor.defaultFormatter": "esbenp.prettier-vscode"
11 |   },
12 |   "[javascript]": {
13 |     "editor.defaultFormatter": "esbenp.prettier-vscode"
14 |   },
15 |   "[html]": {
16 |     "editor.defaultFormatter": "esbenp.prettier-vscode"
17 |   },
18 |   "[less]": {
19 |     "editor.defaultFormatter": "esbenp.prettier-vscode"
20 |   },
21 |   "editor.codeActionsOnSave": {
22 |     "source.organizeImports": "explicit",
23 |     "source.fixAll.eslint": "explicit"
24 |   },
25 |   "editor.formatOnSave": true,
26 |   "editor.formatOnPaste": true
27 | }
28 | 


--------------------------------------------------------------------------------
/bff/ui/README.md:
--------------------------------------------------------------------------------
 1 | # ui
 2 | 
 3 | <a alt="Nx logo" href="https://nx.dev" target="_blank" rel="noreferrer"><img src="https://raw.githubusercontent.com/nrwl/nx/master/images/nx-logo.png" width="45"></a>
 4 | 
 5 | ✨ **This workspace has been generated by [Nx, a Smart, fast and extensible build system.](https://nx.dev)** ✨
 6 | 
 7 | 
 8 | ## Start the app
 9 | 
10 | To start the development server run `nx serve ui`. Open your browser and navigate to http://localhost:4200/. Happy coding!
11 | 
12 | 
13 | ## Generate code
14 | 
15 | If you happen to use Nx plugins, you can leverage code generators that might come with it.
16 | 
17 | Run `nx list` to get a list of available plugins and whether they have generators. Then run `nx list <plugin-name>` to see what generators are available.
18 | 
19 | Learn more about [Nx generators on the docs](https://nx.dev/plugin-features/use-code-generators).
20 | 
21 | ## Running tasks
22 | 
23 | To execute tasks with Nx use the following syntax:
24 | 
25 | ```
26 | nx <target> <project> <...options>
27 | ```
28 | 
29 | You can also run multiple targets:
30 | 
31 | ```
32 | nx run-many -t <target1> <target2>
33 | ```
34 | 
35 | ..or add `-p` to filter specific projects
36 | 
37 | ```
38 | nx run-many -t <target1> <target2> -p <proj1> <proj2>
39 | ```
40 | 
41 | Targets can be defined in the `package.json` or `projects.json`. Learn more [in the docs](https://nx.dev/core-features/run-tasks).
42 | 
43 | ## Want better Editor Integration?
44 | 
45 | Have a look at the [Nx Console extensions](https://nx.dev/nx-console). It provides autocomplete support, a UI for exploring and running tasks & generators, and more! Available for VSCode, IntelliJ and comes with a LSP for Vim users.
46 | 
47 | ## Ready to deploy?
48 | 
49 | Just run `nx build demoapp` to build the application. The build artifacts will be stored in the `dist/` directory, ready to be deployed.
50 | 
51 | ## Set up CI!
52 | 
53 | Nx comes with local caching already built-in (check your `nx.json`). On CI you might want to go a step further.
54 | 
55 | - [Set up remote caching](https://nx.dev/core-features/share-your-cache)
56 | - [Set up task distribution across multiple machines](https://nx.dev/core-features/distribute-task-execution)
57 | - [Learn more how to setup CI](https://nx.dev/recipes/ci)
58 | 
59 | ## Connect with us!
60 | 
61 | - [Join the community](https://nx.dev/community)
62 | - [Subscribe to the Nx Youtube Channel](https://www.youtube.com/@nxdevtools)
63 | - [Follow us on Twitter](https://twitter.com/nxdevtools)
64 | 


--------------------------------------------------------------------------------
/bff/ui/certs/Readme.md:
--------------------------------------------------------------------------------
 1 | This certificate is only an example. Please use your own.
 2 | 
 3 | Double click the pfx on a windows mc and use the 1234 password to install. 
 4 | 
 5 | Add the certificates to the nx project for example in the **/certs** folder
 6 | 
 7 | Update the nx project.json file:
 8 | 
 9 | ```json
10 | "serve": {
11 |     "executor": "@angular-devkit/build-angular:dev-server",
12 |     "options": {
13 |     "browserTarget": "ui:build",
14 |     "sslKey": "certs/dev_localhost.key",
15 |     "sslCert": "certs/dev_localhost.pem",
16 |     "port": 4201
17 | },
18 | ```
19 | 


--------------------------------------------------------------------------------
/bff/ui/certs/dev_localhost.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIICXQIBAAKBgQCs7HI0KWqXEjH1fxXdkgVHg+1UgbtBhwkeZ3WhBsTGcwlqGUmzqlhKiR2hTd9G
 3 | dMhQm1tFeU9qAMpmglxR+XgoZoEv9uoXw/TeegdKvn1V3exTxeULIDGJOXK6wQ1M+4FLMr7zBWlM
 4 | hWmqcbYTHHVwwYd+ycDRHU3NAIxDfMUSQQIDAQABAoGAIB8z/7iJ0lJQ8XeQCj6ruGMrXP1UWZHK
 5 | AdnaIfVt7CdGYm0cIcHM8NuTo3khtqbO5xpU1Az60YggEPa6S4f558kGBIg4PQVxgE/Kv77ptGAk
 6 | rZG9FaCyIibGMh5aJLtxG0Fh1FGnuK1Xk1BKXtaGRUkZpKGg4rMJ9w3qp/T5vLkCQQDe+FiMqY2s
 7 | pxHEz+h3NJ0H2T81FCx2upf1fjTVtlQnJ7Gds6eZT0zwa3z1bSw+VkxICERY8C43bzPUJUgPIyLX
 8 | AkEAxooyVkJHmxlcIvZfrZPvQs+2GOXpWVnyjNUWf8t9G2MsmkdGIkp7oJhi5obpdNR+3jQe0xyr
 9 | Dvy1hbHuGp5opwJBALO6Zc5EogGozgbiPBVSoL2B3ZRQhaLSt8jYCYi3JtBFC8P927wVkwQ88IX4
10 | kXBSKbzqhQVX3Tkr9xArWRFylhMCQFmigt9WxSVM6cAPI1smctrjE/9hrVxds5fJjILdx/nZaIWu
11 | sAdDQVVb9yrEthm85hpDxbbiNohppzpY/nqeEfkCQQDInS/pP5dYTUxFV+/YweK+6smN2v+dYZAi
12 | 5KShWRl5fwpl+mdJT3aziRb/kfYkhGPQMO06OnGzjNKt7Rg0Z8mD
13 | -----END RSA PRIVATE KEY-----
14 | 


--------------------------------------------------------------------------------
/bff/ui/certs/dev_localhost.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIICQDCCAamgAwIBAgIJAIKGapdMCt4NMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMTCWxvY2Fs
 3 | aG9zdDAeFw0yMDAyMjAyMjU3MjFaFw0zMDAyMjEyMjU3MjFaMBQxEjAQBgNVBAMTCWxvY2FsaG9z
 4 | dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArOxyNClqlxIx9X8V3ZIFR4PtVIG7QYcJHmd1
 5 | oQbExnMJahlJs6pYSokdoU3fRnTIUJtbRXlPagDKZoJcUfl4KGaBL/bqF8P03noHSr59Vd3sU8Xl
 6 | CyAxiTlyusENTPuBSzK+8wVpTIVpqnG2Exx1cMGHfsnA0R1NzQCMQ3zFEkECAwEAAaOBmTCBljAS
 7 | BgNVHRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIB/jAUBgNVHREEDTALgglsb2NhbGhvc3Qw
 8 | OwYDVR0lBDQwMgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUF
 9 | BwMIMB0GA1UdDgQWBBQaVighscgq5k8BjEzeSsZp+6RxITANBgkqhkiG9w0BAQsFAAOBgQBXH/Sq
10 | jekwz+O0eG0zA2MA2LSwt7OELi54vATFYkXO45IO5frRagUTWDkx85/Vfm9OcdfoaHD1UzPkGBU0
11 | BPsnN3SGCB3Pk5jSRaXIBBiqByDFiP+G6EYmUYhLxB3FpJp6S5KlnQtdtLkl3KuT8KBtc9haro+e
12 | lDlUx5s/FM3SJw==
13 | -----END CERTIFICATE-----
14 | 


--------------------------------------------------------------------------------
/bff/ui/e2e/.eslintrc.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "extends": ["plugin:playwright/recommended", "../.eslintrc.base.json"],
 3 |   "ignorePatterns": ["!**/*"],
 4 |   "overrides": [
 5 |     {
 6 |       "files": ["*.ts", "*.tsx", "*.js", "*.jsx"],
 7 |       "rules": {}
 8 |     },
 9 |     {
10 |       "files": ["*.ts", "*.tsx"],
11 |       "rules": {}
12 |     },
13 |     {
14 |       "files": ["*.js", "*.jsx"],
15 |       "rules": {}
16 |     },
17 |     {
18 |       "files": ["src/**/*.{ts,js,tsx,jsx}"],
19 |       "rules": {}
20 |     }
21 |   ]
22 | }
23 | 


--------------------------------------------------------------------------------
/bff/ui/e2e/playwright.config.ts:
--------------------------------------------------------------------------------
 1 | import { defineConfig } from '@playwright/test';
 2 | import { nxE2EPreset } from '@nx/playwright/preset';
 3 | 
 4 | import { workspaceRoot } from '@nx/devkit';
 5 | 
 6 | // For CI, you may want to set BASE_URL to the deployed application.
 7 | const baseURL = process.env['BASE_URL'] || 'http://localhost:4200';
 8 | 
 9 | /**
10 |  * Read environment variables from file.
11 |  * https://github.com/motdotla/dotenv
12 |  */
13 | // require('dotenv').config();
14 | 
15 | /**
16 |  * See https://playwright.dev/docs/test-configuration.
17 |  */
18 | export default defineConfig({
19 |   ...nxE2EPreset(__filename, { testDir: './src' }),
20 |   /* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
21 |   use: {
22 |     baseURL,
23 |     /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
24 |     trace: 'on-first-retry',
25 |   },
26 |   /* Run your local dev server before starting the tests */
27 |   webServer: {
28 |     command: 'npx nx serve ui',
29 |     url: 'http://localhost:4200',
30 |     reuseExistingServer: !process.env.CI,
31 |     cwd: workspaceRoot,
32 |   },
33 | });
34 | 


--------------------------------------------------------------------------------
/bff/ui/e2e/project.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "e2e",
 3 |   "$schema": "../node_modules/nx/schemas/project-schema.json",
 4 |   "sourceRoot": "e2e/src",
 5 |   "targets": {
 6 |     "e2e": {
 7 |       "executor": "@nx/playwright:playwright",
 8 |       "outputs": ["{workspaceRoot}/dist/.playwright/e2e"],
 9 |       "options": {
10 |         "config": "e2e/playwright.config.ts"
11 |       }
12 |     },
13 |     "lint": {
14 |       "executor": "@nx/eslint:lint",
15 |       "outputs": ["{options.outputFile}"]
16 |     }
17 |   },
18 |   "implicitDependencies": ["ui"]
19 | }
20 | 


--------------------------------------------------------------------------------
/bff/ui/e2e/src/example.spec.ts:
--------------------------------------------------------------------------------
1 | import { test, expect } from '@playwright/test';
2 | 
3 | test('has title', async ({ page }) => {
4 |   await page.goto('/');
5 | 
6 |   // Expect h1 to contain a substring.
7 |   expect(await page.locator('h1').innerText()).toContain('Welcome');
8 | });
9 | 


--------------------------------------------------------------------------------
/bff/ui/jest.config.ts:
--------------------------------------------------------------------------------
 1 | /* eslint-disable */
 2 | export default {
 3 |   displayName: 'ui',
 4 |   preset: './jest.preset.js',
 5 |   setupFilesAfterEnv: ['<rootDir>/src/test-setup.ts'],
 6 |   coverageDirectory: './coverage/ui',
 7 |   transform: {
 8 |     '^.+\\.(ts|mjs|js|html)$': [
 9 |       'jest-preset-angular',
10 |       {
11 |         tsconfig: '<rootDir>/tsconfig.spec.json',
12 |         stringifyContentPathRegex: '\\.(html|svg)$',
13 |       },
14 |     ],
15 |   },
16 |   transformIgnorePatterns: ['node_modules/(?!.*\\.mjs$)'],
17 |   snapshotSerializers: [
18 |     'jest-preset-angular/build/serializers/no-ng-attributes',
19 |     'jest-preset-angular/build/serializers/ng-snapshot',
20 |     'jest-preset-angular/build/serializers/html-comment',
21 |   ],
22 |   testMatch: [
23 |     '<rootDir>/src/**/__tests__/**/*.[jt]s?(x)',
24 |     '<rootDir>/src/**/*(*.)@(spec|test).[jt]s?(x)',
25 |   ],
26 | };
27 | 


--------------------------------------------------------------------------------
/bff/ui/jest.preset.js:
--------------------------------------------------------------------------------
1 | const nxPreset = require('@nx/jest/preset').default;
2 | 
3 | module.exports = { ...nxPreset };
4 | 


--------------------------------------------------------------------------------
/bff/ui/migrations.json:
--------------------------------------------------------------------------------
  1 | {
  2 |   "migrations": [
  3 |     {
  4 |       "version": "20.0.0-beta.7",
  5 |       "description": "Migration for v20.0.0-beta.7",
  6 |       "implementation": "./src/migrations/update-20-0-0/move-use-daemon-process",
  7 |       "package": "nx",
  8 |       "name": "move-use-daemon-process"
  9 |     },
 10 |     {
 11 |       "version": "20.0.1",
 12 |       "description": "Set `useLegacyCache` to true for migrating workspaces",
 13 |       "implementation": "./src/migrations/update-20-0-1/use-legacy-cache",
 14 |       "x-repair-skip": true,
 15 |       "package": "nx",
 16 |       "name": "use-legacy-cache"
 17 |     },
 18 |     {
 19 |       "version": "20.2.0-beta.5",
 20 |       "description": "Update TypeScript ESLint packages to v8.13.0 if they are already on v8",
 21 |       "implementation": "./src/migrations/update-20-2-0/update-typescript-eslint-v8-13-0",
 22 |       "package": "@nx/eslint",
 23 |       "name": "update-typescript-eslint-v8.13.0"
 24 |     },
 25 |     {
 26 |       "cli": "nx",
 27 |       "version": "20.0.0-beta.5",
 28 |       "description": "replace getJestProjects with getJestProjectsAsync",
 29 |       "implementation": "./src/migrations/update-20-0-0/replace-getJestProjects-with-getJestProjectsAsync",
 30 |       "package": "@nx/jest",
 31 |       "name": "replace-getJestProjects-with-getJestProjectsAsync"
 32 |     },
 33 |     {
 34 |       "cli": "nx",
 35 |       "version": "20.2.0-beta.2",
 36 |       "description": "Update the ModuleFederationConfig import use @nx/module-federation.",
 37 |       "factory": "./src/migrations/update-20-2-0/migrate-mf-imports-to-new-package",
 38 |       "package": "@nx/angular",
 39 |       "name": "update-20-2-0-update-module-federation-config-import"
 40 |     },
 41 |     {
 42 |       "cli": "nx",
 43 |       "version": "20.2.0-beta.2",
 44 |       "description": "Update the withModuleFederation import use @nx/module-federation/angular.",
 45 |       "factory": "./src/migrations/update-20-2-0/migrate-with-mf-import-to-new-package",
 46 |       "package": "@nx/angular",
 47 |       "name": "update-20-2-0-update-with-module-federation-import"
 48 |     },
 49 |     {
 50 |       "cli": "nx",
 51 |       "version": "20.2.0-beta.5",
 52 |       "requires": { "@angular/core": ">=19.0.0" },
 53 |       "description": "Update the @angular/cli package version to ~19.0.0.",
 54 |       "factory": "./src/migrations/update-20-2-0/update-angular-cli",
 55 |       "package": "@nx/angular",
 56 |       "name": "update-angular-cli-version-19-0-0"
 57 |     },
 58 |     {
 59 |       "cli": "nx",
 60 |       "version": "20.2.0-beta.5",
 61 |       "requires": { "@angular/core": ">=19.0.0" },
 62 |       "description": "Add the '@angular/localize/init' polyfill to the 'polyfills' option of targets using esbuild-based executors.",
 63 |       "factory": "./src/migrations/update-20-2-0/add-localize-polyfill-to-targets",
 64 |       "package": "@nx/angular",
 65 |       "name": "add-localize-polyfill-to-targets"
 66 |     },
 67 |     {
 68 |       "cli": "nx",
 69 |       "version": "20.2.0-beta.5",
 70 |       "requires": { "@angular/core": ">=19.0.0" },
 71 |       "description": "Update '@angular/ssr' import paths to use the new '/node' entry point when 'CommonEngine' is detected.",
 72 |       "factory": "./src/migrations/update-20-2-0/update-angular-ssr-imports-to-use-node-entry-point",
 73 |       "package": "@nx/angular",
 74 |       "name": "update-angular-ssr-imports-to-use-node-entry-point"
 75 |     },
 76 |     {
 77 |       "cli": "nx",
 78 |       "version": "20.2.0-beta.6",
 79 |       "requires": { "@angular/core": ">=19.0.0" },
 80 |       "description": "Disable the Angular ESLint prefer-standalone rule if not set.",
 81 |       "factory": "./src/migrations/update-20-2-0/disable-angular-eslint-prefer-standalone",
 82 |       "package": "@nx/angular",
 83 |       "name": "disable-angular-eslint-prefer-standalone"
 84 |     },
 85 |     {
 86 |       "cli": "nx",
 87 |       "version": "20.2.0-beta.8",
 88 |       "requires": { "@angular/core": ">=19.0.0" },
 89 |       "description": "Remove Angular ESLint rules that were removed in v19.0.0.",
 90 |       "factory": "./src/migrations/update-20-2-0/remove-angular-eslint-rules",
 91 |       "package": "@nx/angular",
 92 |       "name": "remove-angular-eslint-rules"
 93 |     },
 94 |     {
 95 |       "cli": "nx",
 96 |       "version": "20.2.0-beta.8",
 97 |       "requires": { "@angular/core": ">=19.0.0" },
 98 |       "description": "Remove the deprecated 'tailwindConfig' option from ng-packagr executors. Tailwind CSS configurations located at the project or workspace root will be picked up automatically.",
 99 |       "factory": "./src/migrations/update-20-2-0/remove-tailwind-config-from-ng-packagr-executors",
100 |       "package": "@nx/angular",
101 |       "name": "remove-tailwind-config-from-ng-packagr-executors"
102 |     },
103 |     {
104 |       "version": "19.0.0",
105 |       "description": "Updates non-standalone Directives, Component and Pipes to 'standalone:false' and removes 'standalone:true' from those who are standalone",
106 |       "factory": "./bundles/explicit-standalone-flag#migrate",
107 |       "package": "@angular/core",
108 |       "name": "explicit-standalone-flag"
109 |     },
110 |     {
111 |       "version": "19.0.0",
112 |       "description": "Updates ExperimentalPendingTasks to PendingTasks",
113 |       "factory": "./bundles/pending-tasks#migrate",
114 |       "package": "@angular/core",
115 |       "name": "pending-tasks"
116 |     },
117 |     {
118 |       "version": "19.0.0",
119 |       "description": "Replaces `APP_INITIALIZER`, `ENVIRONMENT_INITIALIZER` & `PLATFORM_INITIALIZER` respectively with `provideAppInitializer`, `provideEnvironmentInitializer` & `providePlatformInitializer`.",
120 |       "factory": "./bundles/provide-initializer#migrate",
121 |       "optional": true,
122 |       "package": "@angular/core",
123 |       "name": "provide-initializer"
124 |     }
125 |   ]
126 | }
127 | 


--------------------------------------------------------------------------------
/bff/ui/nx.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "$schema": "./node_modules/nx/schemas/nx-schema.json",
 3 |   "targetDefaults": {
 4 |     "build": {
 5 |       "dependsOn": ["^build"],
 6 |       "inputs": ["production", "^production"],
 7 |       "cache": true
 8 |     },
 9 |     "lint": {
10 |       "inputs": [
11 |         "default",
12 |         "{workspaceRoot}/.eslintrc.json",
13 |         "{workspaceRoot}/.eslintignore"
14 |       ],
15 |       "cache": true
16 |     },
17 |     "e2e": {
18 |       "inputs": ["default", "^production"],
19 |       "cache": true
20 |     },
21 |     "@nx/jest:jest": {
22 |       "inputs": ["default", "^production", "{workspaceRoot}/jest.preset.js"],
23 |       "cache": true,
24 |       "options": {
25 |         "passWithNoTests": true
26 |       },
27 |       "configurations": {
28 |         "ci": {
29 |           "ci": true,
30 |           "codeCoverage": true
31 |         }
32 |       }
33 |     }
34 |   },
35 |   "namedInputs": {
36 |     "default": ["{projectRoot}/**/*", "sharedGlobals"],
37 |     "production": [
38 |       "default",
39 |       "!{projectRoot}/**/?(*.)+(spec|test).[jt]s?(x)?(.snap)",
40 |       "!{projectRoot}/tsconfig.spec.json",
41 |       "!{projectRoot}/jest.config.[jt]s",
42 |       "!{projectRoot}/src/test-setup.[jt]s",
43 |       "!{projectRoot}/test-setup.[jt]s",
44 |       "!{projectRoot}/.eslintrc.json"
45 |     ],
46 |     "sharedGlobals": []
47 |   },
48 |   "generators": {
49 |     "@nx/angular:application": {
50 |       "style": "scss",
51 |       "linter": "eslint",
52 |       "unitTestRunner": "jest",
53 |       "e2eTestRunner": "playwright"
54 |     },
55 |     "@nx/angular:library": {
56 |       "linter": "eslint",
57 |       "unitTestRunner": "jest"
58 |     },
59 |     "@nx/angular:component": {
60 |       "style": "scss"
61 |     }
62 |   },
63 |   "defaultProject": "ui",
64 |   "nxCloudAccessToken": "NGJmZDYwYzItOTg1NS00ZTYyLWFkMmYtMDk1YWRlN2EzNjJifHJlYWQtd3JpdGU=",
65 |   "useLegacyCache": true
66 | }
67 | 


--------------------------------------------------------------------------------
/bff/ui/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "ui",
 3 |   "version": "0.0.5",
 4 |   "license": "MIT",
 5 |   "scripts": {
 6 |     "start": "nx serve --ssl",
 7 |     "build": "nx build",
 8 |     "test": "nx test"
 9 |   },
10 |   "private": true,
11 |   "dependencies": {
12 |     "@angular/animations": "19.0.4",
13 |     "@angular/common": "19.0.4",
14 |     "@angular/compiler": "19.0.4",
15 |     "@angular/core": "19.0.4",
16 |     "@angular/forms": "19.0.4",
17 |     "@angular/platform-browser": "19.0.4",
18 |     "@angular/platform-browser-dynamic": "19.0.4",
19 |     "@angular/router": "19.0.4",
20 |     "@nx/angular": "20.2.2",
21 |     "bootstrap": "^5.3.3",
22 |     "rxjs": "~7.8.0",
23 |     "tslib": "^2.3.0",
24 |     "zone.js": "0.15.0"
25 |   },
26 |   "devDependencies": {
27 |     "@angular-devkit/build-angular": "19.0.5",
28 |     "@angular-devkit/core": "19.0.5",
29 |     "@angular-devkit/schematics": "19.0.5",
30 |     "@angular-eslint/eslint-plugin": "19.0.2",
31 |     "@angular-eslint/eslint-plugin-template": "19.0.2",
32 |     "@angular-eslint/template-parser": "19.0.2",
33 |     "@angular/cli": "~19.0.0",
34 |     "@angular/compiler-cli": "19.0.4",
35 |     "@angular/language-service": "19.0.4",
36 |     "@nx/eslint": "20.2.2",
37 |     "@nx/eslint-plugin": "20.2.2",
38 |     "@nx/jest": "20.2.2",
39 |     "@nx/js": "20.2.2",
40 |     "@nx/playwright": "20.2.2",
41 |     "@nx/workspace": "20.2.2",
42 |     "@playwright/test": "^1.36.0",
43 |     "@schematics/angular": "19.0.5",
44 |     "@types/jest": "29.5.13",
45 |     "@types/node": "^18.16.9",
46 |     "@typescript-eslint/eslint-plugin": "7.16.0",
47 |     "@typescript-eslint/parser": "7.16.0",
48 |     "@typescript-eslint/utils": "^7.16.0",
49 |     "eslint": "8.57.0",
50 |     "eslint-config-prettier": "9.0.0",
51 |     "eslint-plugin-playwright": "^0.15.3",
52 |     "jest": "29.7.0",
53 |     "jest-environment-jsdom": "29.7.0",
54 |     "jest-preset-angular": "14.4.2",
55 |     "nx": "20.2.2",
56 |     "prettier": "^2.6.2",
57 |     "ts-jest": "^29.1.0",
58 |     "ts-node": "10.9.1",
59 |     "typescript": "5.6.3"
60 |   }
61 | }
62 | 


--------------------------------------------------------------------------------
/bff/ui/project.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "ui",
 3 |   "$schema": "node_modules/nx/schemas/project-schema.json",
 4 |   "projectType": "application",
 5 |   "prefix": "app",
 6 |   "sourceRoot": "./src",
 7 |   "tags": [],
 8 |   "targets": {
 9 |     "build": {
10 |       "executor": "@angular-devkit/build-angular:browser",
11 |       "outputs": ["{options.outputPath}"],
12 |       "options": {
13 |         "outputPath": "../server/wwwroot",
14 |         "index": "./src/index.html",
15 |         "main": "./src/main.ts",
16 |         "polyfills": ["zone.js"],
17 |         "tsConfig": "./tsconfig.app.json",
18 |         "assets": ["./src/favicon.ico", "./src/assets"],
19 |         "styles": [
20 | 			"node_modules/bootstrap/dist/css/bootstrap.min.css",
21 | 			"./src/styles.scss"
22 | 			],
23 |         "scripts": [
24 | 			"node_modules/bootstrap/dist/js/bootstrap.bundle.min.js"
25 | 		]
26 |       },
27 |       "configurations": {
28 |         "production": {
29 |           "budgets": [
30 |             {
31 |               "type": "initial",
32 |               "maximumWarning": "500kb",
33 |               "maximumError": "1mb"
34 |             },
35 |             {
36 |               "type": "anyComponentStyle",
37 |               "maximumWarning": "2kb",
38 |               "maximumError": "4kb"
39 |             }
40 |           ],
41 |           "outputHashing": "all"
42 |         },
43 |         "development": {
44 |           "buildOptimizer": false,
45 |           "optimization": false,
46 |           "vendorChunk": true,
47 |           "extractLicenses": false,
48 |           "sourceMap": true,
49 |           "namedChunks": true
50 |         }
51 |       },
52 |       "defaultConfiguration": "production"
53 |     },
54 |     "serve": {
55 |       "executor": "@angular-devkit/build-angular:dev-server",
56 |       "options": {
57 |         "sslKey": "certs/dev_localhost.key",
58 |         "sslCert": "certs/dev_localhost.pem",
59 |         "port": 4201,
60 |         "buildTarget": "ui:build"
61 |       },
62 |       "configurations": {
63 |         "production": {
64 |           "buildTarget": "ui:build:production"
65 |         },
66 |         "development": {
67 |           "buildTarget": "ui:build:development"
68 |         }
69 |       },
70 |       "defaultConfiguration": "development"
71 |     },
72 |     "extract-i18n": {
73 |       "executor": "@angular-devkit/build-angular:extract-i18n",
74 |       "options": {
75 |         "buildTarget": "ui:build"
76 |       }
77 |     },
78 |     "lint": {
79 |       "executor": "@nx/eslint:lint",
80 |       "outputs": ["{options.outputFile}"],
81 |       "options": {
82 |         "lintFilePatterns": ["./src"]
83 |       }
84 |     },
85 |     "test": {
86 |       "executor": "@nx/jest:jest",
87 |       "outputs": ["{workspaceRoot}/coverage/{projectName}"],
88 |       "options": {
89 |         "jestConfig": "jest.config.ts"
90 |       }
91 |     }
92 |   }
93 | }
94 | 


--------------------------------------------------------------------------------
/bff/ui/src/app/app.component.html:
--------------------------------------------------------------------------------
1 | 
2 | 
3 | <app-home></app-home>
4 | 
5 | <router-outlet></router-outlet>
6 | 


--------------------------------------------------------------------------------
/bff/ui/src/app/app.component.scss:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/damienbod/bff-openiddict-aspnetcore-angular/03cb006e4ae205947bed8c3f7a8662d6fe5e72f0/bff/ui/src/app/app.component.scss


--------------------------------------------------------------------------------
/bff/ui/src/app/app.component.spec.ts:
--------------------------------------------------------------------------------
 1 | import { TestBed } from '@angular/core/testing';
 2 | import { AppComponent } from './app.component';
 3 | import { NxWelcomeComponent } from './nx-welcome.component';
 4 | import { RouterTestingModule } from '@angular/router/testing';
 5 | 
 6 | describe('AppComponent', () => {
 7 |   beforeEach(async () => {
 8 |     await TestBed.configureTestingModule({
 9 |       imports: [AppComponent, NxWelcomeComponent, RouterTestingModule],
10 |     }).compileComponents();
11 |   });
12 | 
13 |   it('should render title', () => {
14 |     const fixture = TestBed.createComponent(AppComponent);
15 |     fixture.detectChanges();
16 |     const compiled = fixture.nativeElement as HTMLElement;
17 |     expect(compiled.querySelector('h1')?.textContent).toContain(
18 |       'Welcome ui'
19 |     );
20 |   });
21 | 
22 |   it(`should have as title 'ui'`, () => {
23 |     const fixture = TestBed.createComponent(AppComponent);
24 |     const app = fixture.componentInstance;
25 |     expect(app.title).toEqual('ui');
26 |   });
27 | });
28 | 


--------------------------------------------------------------------------------
/bff/ui/src/app/app.component.ts:
--------------------------------------------------------------------------------
 1 | import { Component } from '@angular/core';
 2 | import { RouterModule } from '@angular/router';
 3 | import { HomeComponent } from './home.component';
 4 | 
 5 | @Component({
 6 |     imports: [HomeComponent, RouterModule],
 7 |     selector: 'app-root',
 8 |     templateUrl: './app.component.html',
 9 |     styleUrls: ['./app.component.scss']
10 | })
11 | export class AppComponent {
12 |   title = 'ui';
13 | }
14 | 


--------------------------------------------------------------------------------
/bff/ui/src/app/app.config.ts:
--------------------------------------------------------------------------------
 1 | import { provideHttpClient, withInterceptors } from '@angular/common/http';
 2 | import { ApplicationConfig, CSP_NONCE } from '@angular/core';
 3 | import { secureApiInterceptor } from './secure-api.interceptor';
 4 | 
 5 | import {
 6 |   provideRouter,
 7 |   withEnabledBlockingInitialNavigation,
 8 | } from '@angular/router';
 9 | import { appRoutes } from './app.routes';
10 | 
11 | const nonce = (
12 |   document.querySelector('meta[name="CSP_NONCE"]') as HTMLMetaElement
13 | )?.content;
14 | 
15 | export const appConfig: ApplicationConfig = {
16 |   providers: [
17 |     provideRouter(appRoutes, withEnabledBlockingInitialNavigation()),
18 |     provideHttpClient(withInterceptors([secureApiInterceptor])),
19 |     {
20 |       provide: CSP_NONCE,
21 |       useValue: nonce,
22 |     },
23 |   ],
24 | };
25 | 


--------------------------------------------------------------------------------
/bff/ui/src/app/app.routes.ts:
--------------------------------------------------------------------------------
1 | import { Route } from '@angular/router';
2 | import { CallApiComponent } from './call-api/call-api.component';
3 | 
4 | export const appRoutes: Route[] =  [
5 |   {
6 |     path: 'call-api',
7 |     component: CallApiComponent
8 |   }
9 | ];


--------------------------------------------------------------------------------
/bff/ui/src/app/call-api/call-api.component.html:
--------------------------------------------------------------------------------
 1 | <h2>Data from API:</h2>
 2 | 
 3 | <div>
 4 | <button class="btn btn-link" (click)="getDirectApiData()">Get data from API direct</button>
 5 | </div>
 6 | 
 7 | <hr />
 8 | 
 9 | <pre>{{ dataFromAzureProtectedApi$ | async | json }}</pre>
10 | 


--------------------------------------------------------------------------------
/bff/ui/src/app/call-api/call-api.component.scss:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/damienbod/bff-openiddict-aspnetcore-angular/03cb006e4ae205947bed8c3f7a8662d6fe5e72f0/bff/ui/src/app/call-api/call-api.component.scss


--------------------------------------------------------------------------------
/bff/ui/src/app/call-api/call-api.component.spec.ts:
--------------------------------------------------------------------------------
 1 | import { ComponentFixture, TestBed } from '@angular/core/testing';
 2 | import { CallApiComponent } from './call-api.component';
 3 | 
 4 | describe('CallApiComponent', () => {
 5 |   let component: CallApiComponent;
 6 |   let fixture: ComponentFixture<CallApiComponent>;
 7 | 
 8 |   beforeEach(async () => {
 9 |     await TestBed.configureTestingModule({
10 |       imports: [CallApiComponent],
11 |     }).compileComponents();
12 | 
13 |     fixture = TestBed.createComponent(CallApiComponent);
14 |     component = fixture.componentInstance;
15 |     fixture.detectChanges();
16 |   });
17 | 
18 |   it('should create', () => {
19 |     expect(component).toBeTruthy();
20 |   });
21 | });
22 | 


--------------------------------------------------------------------------------
/bff/ui/src/app/call-api/call-api.component.ts:
--------------------------------------------------------------------------------
 1 | import { CommonModule } from '@angular/common';
 2 | import { HttpClient } from '@angular/common/http';
 3 | import { Component, OnInit, inject } from '@angular/core';
 4 | import { Observable } from 'rxjs';
 5 | 
 6 | @Component({
 7 |     selector: 'app-call-api',
 8 |     imports: [CommonModule],
 9 |     templateUrl: './call-api.component.html',
10 |     styleUrl: './call-api.component.scss'
11 | })
12 | 
13 | export class CallApiComponent {
14 | 
15 |   private readonly httpClient = inject(HttpClient);
16 |   dataFromAzureProtectedApi$: Observable<string[]>;
17 | 
18 |   getDirectApiData() {
19 |     this.dataFromAzureProtectedApi$ = this.httpClient.get<string[]>(
20 |       `${this.getCurrentHost()}/api/DirectApi`
21 |     );
22 |   }
23 | 
24 |   private getCurrentHost() {
25 |     const host = window.location.host;
26 |     const url = `${window.location.protocol}//${host}`;
27 | 
28 |     return url;
29 |   }
30 | }
31 | 


--------------------------------------------------------------------------------
/bff/ui/src/app/getCookie.ts:
--------------------------------------------------------------------------------
 1 | export const getCookie = (cookieName: string) => {
 2 |   const name = `${cookieName}=`;
 3 |   const decodedCookie = decodeURIComponent(document.cookie);
 4 |   const ca = decodedCookie.split(";");
 5 |   for (let i = 0; i < ca.length; i += 1) {
 6 |     let c = ca[i];
 7 |     while (c.charAt(0) === " ") {
 8 |       c = c.substring(1);
 9 |     }
10 |     if (c.indexOf(name) === 0) {
11 |       return c.substring(name.length, c.length);
12 |     }
13 |   }
14 |   return "";
15 | };
16 | 


--------------------------------------------------------------------------------
/bff/ui/src/app/home.component.html:
--------------------------------------------------------------------------------
 1 | <h2>BFF OpenIddict Security architecture with Angular nx</h2>
 2 | 
 3 | <ng-container *ngIf="userProfileClaims$ | async as userProfileClaims; else noAuth">
 4 |   <div *ngIf="userProfileClaims?.isAuthenticated; else noAuth">
 5 | 	  <nav class="navbar navbar-expand-lg navbar-light bg-light">
 6 | 		<a class="btn btn-link" href="./call-api">Call API</a>
 7 | 		
 8 | 		<form method="post" action="api/Account/Logout">
 9 | 		  <button class="btn btn-link" type="submit">Sign out</button>
10 | 		</form>
11 | 	  </nav>
12 |   </div>
13 | 
14 |   <hr />
15 | 
16 |   <h2>User profile:</h2>
17 |   <pre>{{ userProfileClaims | json }}</pre>
18 | 
19 | </ng-container>
20 | 
21 | <ng-template #noAuth>
22 | 	<nav class="navbar navbar-expand-lg navbar-light bg-light">
23 | 	  <a class="btn btn-link" href="api/Account/Login">Log in</a>
24 | 	</nav>
25 | </ng-template>
26 | 
27 |  <hr />


--------------------------------------------------------------------------------
/bff/ui/src/app/home.component.ts:
--------------------------------------------------------------------------------
 1 | import { CommonModule } from '@angular/common';
 2 | import { HttpClient } from '@angular/common/http';
 3 | import { Component, OnInit, inject } from '@angular/core';
 4 | import { Observable } from 'rxjs';
 5 | 
 6 | interface Claim {
 7 |   type: string;
 8 |   value: string;
 9 | }
10 | 
11 | interface UserProfile {
12 |   isAuthenticated: boolean;
13 |   nameClaimType: string;
14 |   roleClaimType: string;
15 |   claims: Claim[];
16 | }
17 | 
18 | @Component({
19 |     selector: 'app-home',
20 |     templateUrl: 'home.component.html',
21 |     imports: [CommonModule]
22 | })
23 | export class HomeComponent implements OnInit {
24 |   private readonly httpClient = inject(HttpClient);
25 |   dataFromAzureProtectedApi$: Observable<string[]>;
26 |   dataGraphApiCalls$: Observable<string[]>;
27 |   userProfileClaims$: Observable<UserProfile>;
28 | 
29 |   ngOnInit() {
30 |     console.info('home component');
31 |     this.getUserProfile();
32 |   }
33 | 
34 |   getUserProfile() {
35 |     this.userProfileClaims$ = this.httpClient.get<UserProfile>(
36 |       `${this.getCurrentHost()}/api/User`
37 |     );
38 |   }
39 | 
40 |   getDirectApiData() {
41 |     this.dataFromAzureProtectedApi$ = this.httpClient.get<string[]>(
42 |       `${this.getCurrentHost()}/api/DirectApi`
43 |     );
44 |   }
45 | 
46 |   private getCurrentHost() {
47 |     const host = window.location.host;
48 |     const url = `${window.location.protocol}//${host}`;
49 | 
50 |     return url;
51 |   }
52 | }
53 | 


--------------------------------------------------------------------------------
/bff/ui/src/app/secure-api.interceptor.ts:
--------------------------------------------------------------------------------
 1 | import { HttpHandlerFn, HttpRequest } from '@angular/common/http';
 2 | import { getCookie } from './getCookie';
 3 | 
 4 | export function secureApiInterceptor(
 5 |   request: HttpRequest<unknown>,
 6 |   next: HttpHandlerFn
 7 | ) {
 8 |   const secureRoutes = [getApiUrl()];
 9 | 
10 |   if (!secureRoutes.find((x) => request.url.startsWith(x))) {
11 |     return next(request);
12 |   }
13 | 
14 |   request = request.clone({
15 |     headers: request.headers.set(
16 |       'X-XSRF-TOKEN',
17 |       getCookie('XSRF-RequestToken')
18 |     ),
19 |   });
20 | 
21 |   return next(request);
22 | }
23 | 
24 | function getApiUrl() {
25 |   const backendHost = getCurrentHost();
26 | 
27 |   return `${backendHost}/api/`;
28 | }
29 | 
30 | function getCurrentHost() {
31 |   const host = window.location.host;
32 |   const url = `${window.location.protocol}//${host}`;
33 |   return url;
34 | }
35 | 


--------------------------------------------------------------------------------
/bff/ui/src/assets/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/damienbod/bff-openiddict-aspnetcore-angular/03cb006e4ae205947bed8c3f7a8662d6fe5e72f0/bff/ui/src/assets/.gitkeep


--------------------------------------------------------------------------------
/bff/ui/src/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/damienbod/bff-openiddict-aspnetcore-angular/03cb006e4ae205947bed8c3f7a8662d6fe5e72f0/bff/ui/src/favicon.ico


--------------------------------------------------------------------------------
/bff/ui/src/index.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 |   <head>
 4 |     <meta charset="utf-8" />
 5 |     <meta name="CSP_NONCE" content="**PLACEHOLDER_NONCE_SERVER**" />
 6 |     <title>ui</title>
 7 |     <base href="/" />
 8 |     <meta name="viewport" content="width=device-width, initial-scale=1" />
 9 |     <link rel="icon" type="image/x-icon" href="favicon.ico" />
10 |   </head>
11 |   <body>
12 |     <app-root ngCspNonce="**PLACEHOLDER_NONCE_SERVER**"></app-root>
13 |   </body>
14 | </html>
15 | 


--------------------------------------------------------------------------------
/bff/ui/src/main.ts:
--------------------------------------------------------------------------------
1 | import { bootstrapApplication } from '@angular/platform-browser';
2 | import { appConfig } from './app/app.config';
3 | import { AppComponent } from './app/app.component';
4 | 
5 | bootstrapApplication(AppComponent, appConfig).catch((err) =>
6 |   console.error(err)
7 | );
8 | 


--------------------------------------------------------------------------------
/bff/ui/src/styles.scss:
--------------------------------------------------------------------------------
1 | /* You can add global styles to this file, and also import other style files */
2 | 


--------------------------------------------------------------------------------
/bff/ui/src/test-setup.ts:
--------------------------------------------------------------------------------
1 | // @ts-expect-error https://thymikee.github.io/jest-preset-angular/docs/getting-started/test-environment
2 | globalThis.ngJest = {
3 |   testEnvironmentOptions: {
4 |     errorOnUnknownElements: true,
5 |     errorOnUnknownProperties: true,
6 |   },
7 | };
8 | import 'jest-preset-angular/setup-jest';
9 | 


--------------------------------------------------------------------------------
/bff/ui/tsconfig.app.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "extends": "./tsconfig.json",
 3 |   "compilerOptions": {
 4 |     "outDir": "./dist/out-tsc",
 5 |     "types": []
 6 |   },
 7 |   "files": ["src/main.ts"],
 8 |   "include": ["src/**/*.d.ts"],
 9 |   "exclude": ["jest.config.ts", "src/**/*.test.ts", "src/**/*.spec.ts"]
10 | }
11 | 


--------------------------------------------------------------------------------
/bff/ui/tsconfig.editor.json:
--------------------------------------------------------------------------------
1 | {
2 |   "extends": "./tsconfig.json",
3 |   "include": ["src/**/*.ts"],
4 |   "compilerOptions": {
5 |     "types": ["jest", "node"]
6 |   }
7 | }
8 | 


--------------------------------------------------------------------------------
/bff/ui/tsconfig.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "compilerOptions": {
 3 |     "rootDir": ".",
 4 |     "sourceMap": true,
 5 |     "declaration": false,
 6 |     "moduleResolution": "node",
 7 |     "emitDecoratorMetadata": true,
 8 |     "experimentalDecorators": true,
 9 |     "importHelpers": true,
10 |     "target": "es2022",
11 |     "module": "esnext",
12 |     "lib": ["es2020", "dom"],
13 |     "skipLibCheck": true,
14 |     "skipDefaultLibCheck": true,
15 |     "baseUrl": ".",
16 |     "paths": {},
17 |     "useDefineForClassFields": false,
18 |     "forceConsistentCasingInFileNames": true,
19 |     "strict": false,
20 |     "noImplicitOverride": true,
21 |     "noPropertyAccessFromIndexSignature": true,
22 |     "noImplicitReturns": true,
23 |     "noFallthroughCasesInSwitch": true
24 |   },
25 |   "files": [],
26 |   "include": [],
27 |   "references": [
28 |     {
29 |       "path": "./tsconfig.app.json"
30 |     },
31 |     {
32 |       "path": "./tsconfig.spec.json"
33 |     },
34 |     {
35 |       "path": "./tsconfig.editor.json"
36 |     }
37 |   ],
38 |   "compileOnSave": false,
39 |   "exclude": ["node_modules", "tmp"],
40 |   "angularCompilerOptions": {
41 |     "enableI18nLegacyMessageIdFormat": false,
42 |     "strictInjectionParameters": true,
43 |     "strictInputAccessModifiers": true,
44 |     "strictTemplates": true
45 |   }
46 | }
47 | 


--------------------------------------------------------------------------------
/bff/ui/tsconfig.spec.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "extends": "./tsconfig.json",
 3 |   "compilerOptions": {
 4 |     "outDir": "./dist/out-tsc",
 5 |     "module": "commonjs",
 6 |     "target": "es2016",
 7 |     "types": ["jest", "node"]
 8 |   },
 9 |   "files": ["src/test-setup.ts"],
10 |   "include": [
11 |     "jest.config.ts",
12 |     "src/**/*.test.ts",
13 |     "src/**/*.spec.ts",
14 |     "src/**/*.d.ts"
15 |   ]
16 | }
17 | 


--------------------------------------------------------------------------------