Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow initializing seed data for realms and scopes via JSON #815

Open
wants to merge 93 commits into
base: JsonSupport
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
93 commits
Select commit Hold shift + click to select a range
1339d7b
WIP
thabart Jun 3, 2024
3b09480
Cannot assign the same email twice
thabart Jun 3, 2024
21f83f2
Ticket #751 : Check migration scripts are applied
thabart Jun 3, 2024
d960c83
Can relaunch message
thabart Jun 3, 2024
6a366a3
Add migration scripts
thabart Jun 4, 2024
8bd4c45
Ticket #745 : Finish the ticket
thabart Jun 4, 2024
c19fed1
Merge remote-tracking branch 'origin/JsonSupport' into Ticket745
thabart Jun 4, 2024
94c9086
Fix build
thabart Jun 4, 2024
13e4615
Merge remote-tracking branch 'origin/master' into Ticket745
thabart Jun 4, 2024
dda44f6
Update client settings
thabart Jun 4, 2024
a595c36
Prepare the release 5.0.0
thabart Jun 5, 2024
0b70a71
Ignore the UTS in Ethr DID
thabart Jun 5, 2024
771ad96
Fix the UTs
thabart Jun 5, 2024
6deb90c
Fix azure pipelines
thabart Jun 6, 2024
ac824da
Update azure pipelines
thabart Jun 6, 2024
8de8c2a
Update
thabart Jun 6, 2024
5b50be6
Update the documentation + use the Nuget package "Microsoft.IdentityM…
thabart Jun 6, 2024
5cfe1e4
Fix the credential issuer
thabart Jun 6, 2024
9f7445b
Update documentation
thabart Jun 6, 2024
1395170
Ticket #664 : Fix issue
thabart Jun 10, 2024
4f0fe2d
WIP
thabart Jun 10, 2024
a10603c
WIP
thabart Jun 11, 2024
579fcfb
Enable swagger in SCIM + Fix minor issue in the UI
thabart Jun 12, 2024
e4815c9
WIP
thabart Jun 12, 2024
1fec778
Fix SCIM project
thabart Jun 13, 2024
54e571e
Can check DID:KEY:JwkJcsPub
thabart Jun 13, 2024
8389324
WIP
thabart Jun 14, 2024
cbb88e1
WIP
thabart Jun 14, 2024
58d6e58
Display the number of login attempts
thabart Jun 15, 2024
2fbabbd
WIP
thabart Jun 17, 2024
fe76afe
WIP
thabart Jun 18, 2024
f3cffda
Merge remote-tracking branch 'origin/Ticket754' into Ticket759
thabart Jun 18, 2024
a0eb5d1
WIP
thabart Jun 19, 2024
2c65b52
Ticket #760 : Fix different issues
thabart Jun 19, 2024
81c6638
WIP
thabart Jun 19, 2024
cfa3f98
WIP
thabart Jun 20, 2024
bf3addd
Forget to update the password
thabart Jun 20, 2024
282da8d
WIP
thabart Jun 24, 2024
82efdba
First conformance test is working
thabart Jun 24, 2024
ed05e5a
Ticket #759 : EBSI conformance test - Credential Issuance
thabart Jun 25, 2024
f2fc92b
Merge remote-tracking branch 'origin/Ticket759'
thabart Jun 25, 2024
91317ea
Start to implement deferred credential
thabart Jun 25, 2024
a146346
WIP
thabart Jun 26, 2024
e8de779
Update the website
thabart Jun 26, 2024
581793b
Support deferred credential + Start to suport pre-authorized and in-t…
thabart Jun 28, 2024
1e24138
Support credential issuer
thabart Jun 28, 2024
7acac51
Update migrations projects + UTS
thabart Jun 28, 2024
f8ee73f
Conform with EBSI "issuer"
thabart Jun 28, 2024
8dd771f
Start to implement openid-federation edps
thabart Jul 2, 2024
36fc422
WIP
thabart Jul 3, 2024
8fbce11
Add UT to check "openid-federation"
thabart Jul 3, 2024
9d9faaa
WIP
thabart Jul 5, 2024
7649ccb
Add indexes for SCIMRepresentationAttribute
antifree Jul 6, 2024
abadfa6
Merge pull request #774 from antifree/master
simpleidserver Jul 9, 2024
30522a9
Ticket #771 : Can resolve trust chain
thabart Jul 15, 2024
e24a39c
Ticket #771 : Start to add unit test to check automatic client regist…
thabart Jul 16, 2024
0ae885d
Ticket #771 : support automatic client registration
thabart Jul 16, 2024
15dacf0
Ticket #771 : Support explicit registration
thabart Jul 17, 2024
8a4b84a
Ticket #771 : Check errors during explicit registration
thabart Jul 17, 2024
a8e4827
Ticket #771 : Add UTS for explicit registration
thabart Jul 18, 2024
72fb837
Ticket #771 : Add some sample projects for the OPENID federation
thabart Jul 19, 2024
7049077
Update the administration website to manage federation entities
thabart Jul 22, 2024
76696df
Ticket #771 : Fix build + update default.ps1 file
thabart Jul 22, 2024
3d8564a
Update the documentation (openid federation)
thabart Jul 23, 2024
01f8e93
Ticket #771 : Add documentation
thabart Jul 24, 2024
54a6a1f
Merge remote-tracking branch 'origin/Ticket771'
thabart Jul 24, 2024
528636d
Check client identifier is a URI
thabart Jul 24, 2024
652c6ab
Ticket #765 : Add RealmRouter and inject the realm into "CurrentRealm…
thabart Jul 25, 2024
3cc6f51
Ticket #765 : Fix URLs in the administration website
thabart Jul 26, 2024
3e1e9cf
Start to create a fake wallet
thabart Jul 26, 2024
2ebe5e8
Can get access and id tokens from the ESBI conformance
thabart Jul 26, 2024
d1706f9
Create a wallet to pass the EBSI conformance tests
thabart Jul 29, 2024
d947c59
Can assign realms to one client
thabart Jul 29, 2024
5f63c09
Use scope and not GroupRealmRole
thabart Jul 30, 2024
60db7d6
Can display the permissions of a realm
thabart Jul 30, 2024
a9141b0
WIP
thabart Jul 31, 2024
91f78a9
Support realm authentication in administration website
thabart Jul 31, 2024
8748932
Can update realm Permissions
thabart Aug 1, 2024
cc6bea1
Add authorization policies in the administration website
thabart Aug 2, 2024
564e96d
Fix the RealmRoles UI
thabart Aug 2, 2024
a2f140b
Can enable or disable realm
thabart Aug 2, 2024
700e099
Update URL in the website
thabart Aug 5, 2024
b904591
Fix the migration script + update the documentation
thabart Aug 5, 2024
4fb0a4d
Update the template project
thabart Aug 5, 2024
26d27c7
Merge remote-tracking branch 'origin/Ticket765'
thabart Aug 5, 2024
9822430
Returns the list of patch operations in the "RepresentationUpdatedEvent"
thabart Aug 5, 2024
c60c69d
Prepare the release 5.0.1
thabart Aug 6, 2024
62f8949
Publish the artifacts
thabart Aug 6, 2024
c5e0265
Allow initializing seed data for realms, initially for use with EF
lechediaz Nov 15, 2024
facb0e8
Allow initializing seed data for realms for use with SqlSugar
lechediaz Nov 15, 2024
3093e42
Se actualizan archivos JSON con datos de inicialización de prueba
lechediaz Nov 18, 2024
a2ccf81
Allow initializing seed data for scopes, initially for use with EF
lechediaz Nov 20, 2024
b5fde17
Allow initializing seed data for scopes for use with SqlSugar
lechediaz Nov 20, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Can get access and id tokens from the ESBI conformance
  • Loading branch information
thabart committed Jul 26, 2024
commit 2ebe5e8ff027907e2c0aac88c244d5dc34565240
150 changes: 140 additions & 10 deletions src/CredentialIssuer/SimpleIdServer.CredentialIssuer.Console/Program.cs
Original file line number Diff line number Diff line change
@@ -1,15 +1,35 @@
// See https://aka.ms/new-console-template for more information
using Microsoft.IdentityModel.JsonWebTokens;
using Microsoft.IdentityModel.Tokens;
using SimpleIdServer.CredentialIssuer.Api.CredentialIssuer;
using SimpleIdServer.Did.Crypto;
using SimpleIdServer.Did.Key;
using System;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using System.Text.Json.Nodes;
using System.Web;
using static QRCoder.PayloadGenerator;

const string url = "https://api-conformance.ebsi.eu/conformance/v3/issuer-mock/.well-known/openid-credential-issuer";
const string publicKey = "z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbpMAoXtZtunruYnM4gCV65AKAUX2AwEReRhEaf3BRQNJArZPwQdmf9ENZcF8VT13a58WsHeVjJtvAKKPYEibaEfdUxvU7sgxEUTJpjEkq6BJKrRV1JQ1CqhYvGbmJ1WyoUQ";
const string did = $"did:key:{publicKey}";
const string refDid = $"{did}#{publicKey}";

using (var httpClient = new HttpClient())
{
var (challenge, verifier) = PkceGenerate();
var openidCredentialIssuer = GetOpenidCredentialIssuer(httpClient).Result;
var authorizationEndpoint = GetAuthorizationEndpoint(httpClient, openidCredentialIssuer.AuthorizationServer).Result;
ExecuteAuthorizationRequest(httpClient, authorizationEndpoint).Wait();
var configuration = GetAuthorizationEndpoint(httpClient, openidCredentialIssuer.AuthorizationServer).Result;
var parameters = ExecuteAuthorizationRequest(httpClient, configuration.authorizationEndpoint, challenge).Result;
var redirectUri = parameters["redirect_uri"];
var nonce = parameters["nonce"];
var state = parameters["state"];
var postAuthResult = ExecutePostAuthorizationRequest(httpClient, redirectUri, configuration.issuer, nonce, state).Result;
var tokenResult = GetToken(httpClient, configuration.tokenEndpoint, postAuthResult["code"], verifier).Result;
// GET THE CREDENTIAL !!!
}

async Task<ESBICredentialIssuerResult> GetOpenidCredentialIssuer(HttpClient httpClient)
Expand All @@ -22,23 +42,56 @@ async Task<ESBICredentialIssuerResult> GetOpenidCredentialIssuer(HttpClient http
return openidCredentialIssuer;
}

async Task<string> GetAuthorizationEndpoint(HttpClient httpClient, string authUrl)
async Task<(string authorizationEndpoint, string issuer, string tokenEndpoint)> GetAuthorizationEndpoint(HttpClient httpClient, string authUrl)
{
var requestMessage = new HttpRequestMessage(HttpMethod.Get, $"{authUrl}/.well-known/openid-configuration");
var httpResult = await httpClient.SendAsync(requestMessage);
var json = await httpResult.Content.ReadAsStringAsync();
return JsonObject.Parse(json)["authorization_endpoint"].ToString();
var jsonObj = JsonObject.Parse(json);
return (jsonObj["authorization_endpoint"].ToString(), jsonObj["issuer"].ToString(), jsonObj["token_endpoint"].ToString());
}

async Task ExecuteAuthorizationRequest(HttpClient httpClient, string url)
async Task<Dictionary<string, string>> ExecuteAuthorizationRequest(HttpClient httpClient, string url, string challenge)
{
var uriBuilder = new UriBuilder(url);
var credentialTypes = new JsonArray
{
"VerifiableCredential",
"VerifiableAttestation",
"CTIssueQualificationCredential"
};
var authorizationDetails = new JsonArray
{
new JsonObject
{
{ "type", "openid_credential" },
{ "format", "jwt_vc" },
{ "types", credentialTypes }
}
};
var clientMetadata = new JsonObject
{
{ "response_types_supported",
new JsonArray
{
"vp_token", "id_token"
}
},
{ "authorization_endpoint", "openid://"}
};
var dic = new Dictionary<string, string>
{
{ "client_id", "did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbpMAoXtZtunruYnM4gCV65AKAUX2AwEReRhEaf3BRQNJArZPwQdmf9ENZcF8VT13a58WsHeVjJtvAKKPYEibaEfdUxvU7sgxEUTJpjEkq6BJKrRV1JQ1CqhYvGbmJ1WyoUQ" },
{ "redirect_uri", "http://localhost:5005" },
{ "response_type", "code" },
{ "scope", "openid" },
{ "response_type", "code" }
// { "issuer_state", "issuer-state" },
{ "state", "client-state" },
{ "client_id", "did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbpMAoXtZtunruYnM4gCV65AKAUX2AwEReRhEaf3BRQNJArZPwQdmf9ENZcF8VT13a58WsHeVjJtvAKKPYEibaEfdUxvU7sgxEUTJpjEkq6BJKrRV1JQ1CqhYvGbmJ1WyoUQ" },
{ "authorization_details", HttpUtility.UrlEncode(authorizationDetails.ToJsonString()) },
{ "redirect_uri", "openid://" },
{ "nonce", "nonce" },
{ "code_challenge", challenge },
{ "code_challenge_method", "S256" },
{ "client_metadata", HttpUtility.UrlEncode(clientMetadata.ToJsonString()) }
};
uriBuilder.Query = string.Join("&", dic.Select(kvp => $"{kvp.Key}={kvp.Value}"));
var requestMessage = new HttpRequestMessage
Expand All @@ -47,6 +100,83 @@ async Task ExecuteAuthorizationRequest(HttpClient httpClient, string url)
};
var httpResult = await httpClient.SendAsync(requestMessage);
var result = httpResult.Headers.Location.AbsoluteUri;
var json = await httpResult.Content.ReadAsStringAsync();
uriBuilder = new UriBuilder(result);
var queryParameters = uriBuilder.Query.Trim('?').Split('&').Select(s => s.Split('=')).ToDictionary(arr => arr[0], arr => arr[1]);
return queryParameters;
}

async Task<Dictionary<string, string>> ExecutePostAuthorizationRequest(HttpClient httpClient, string url, string aud, string nonce, string state)
{
var serializedPrivateKey = System.IO.File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "privatekey.json"));
var signatureKey = SignatureKeySerializer.Deserialize(serializedPrivateKey);
var signingCredentials = signatureKey.BuildSigningCredentials(refDid);
var handler = new JsonWebTokenHandler();
var securityTokenDescriptor = new SecurityTokenDescriptor
{
IssuedAt = DateTime.UtcNow,
SigningCredentials = signingCredentials,
Audience = aud
};
var claims = new Dictionary<string, object>
{
{ "nonce", nonce },
{ "iss", did },
{ "sub", did }
};
securityTokenDescriptor.Claims = claims;
var token = handler.CreateToken(securityTokenDescriptor);
var requestMessage = new HttpRequestMessage
{
RequestUri = new Uri(HttpUtility.UrlDecode(url)),
Content = new FormUrlEncodedContent(new List<KeyValuePair<string, string>>
{
new KeyValuePair<string, string>("id_token", token),
new KeyValuePair<string, string>("state", state)
}),
Method = HttpMethod.Post
};
var httpResult = await httpClient.SendAsync(requestMessage);
var result = httpResult.Headers.Location.AbsoluteUri;
var uriBuilder = new UriBuilder(result);
var queryParameters = uriBuilder.Query.Trim('?').Split('&').Select(s => s.Split('=')).ToDictionary(arr => arr[0], arr => arr[1]);
return queryParameters;
}

}
async Task<(string accessToken, string idToken)> GetToken(HttpClient httpClient, string url, string authorizationCode, string codeVerifier)
{
var requestMessage = new HttpRequestMessage
{
RequestUri = new Uri(url),
Content = new FormUrlEncodedContent(new List<KeyValuePair<string, string>>
{
new KeyValuePair<string, string>("grant_type", "authorization_code"),
new KeyValuePair<string, string>("client_id", did),
new KeyValuePair<string, string>("code", authorizationCode),
new KeyValuePair<string, string>("code_verifier", codeVerifier)
}),
Method = HttpMethod.Post
};
var httpResult = await httpClient.SendAsync(requestMessage);
var content = await httpResult.Content.ReadAsStringAsync();
var jObj = JsonObject.Parse(content);
return (jObj["access_token"].ToString(), jObj["id_token"].ToString());
}

static (string codeChallenge, string verifier) PkceGenerate(int size = 32)
{
using var rng = RandomNumberGenerator.Create();
var randomBytes = new byte[size];
rng.GetBytes(randomBytes);
var verifier = Base64UrlEncode(randomBytes);

var buffer = Encoding.UTF8.GetBytes(verifier);
var hash = SHA256.Create().ComputeHash(buffer);
var challenge = Base64UrlEncode(hash);

return (challenge, verifier);
}
static string Base64UrlEncode(byte[] data) =>
Convert.ToBase64String(data)
.Replace("+", "-")
.Replace("/", "_")
.TrimEnd('=');
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@
<Nullable>enable</Nullable>
</PropertyGroup>

<ItemGroup>
<Content Include="..\SimpleIdServer.CredentialIssuer.Startup\privatekey.json" Link="privatekey.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</Content>
</ItemGroup>

<ItemGroup>
<ProjectReference Include="..\SimpleIdServer.CredentialIssuer\SimpleIdServer.CredentialIssuer.csproj" />
</ItemGroup>
Expand Down