sso integrations (#822)

* stub out hybrid sso * support for PKCE authorization_code clients * sso service urls * sso client key * abstract request validator * support for verifying password * custom AuthorizationCodeStore that does not remove codes * cleanup * comment * created master password * ResetMasterPassword * rename Sso client to OidcIdentity * update env builder * bitwarden sso project in docker-compose * sso path in nginx config
2025-07-05 01:52:49 -05:00 · 2020-07-16 08:01:39 -04:00
parent 2742b414fd
commit 0d0c6c7167
29 changed files with 1093 additions and 435 deletions
--- a/src/Core/IdentityServer/AuthorizationCodeStore.cs
+++ b/src/Core/IdentityServer/AuthorizationCodeStore.cs
@ -0,0 +1,44 @@
+using System.Threading.Tasks;
+using IdentityServer4;
+using IdentityServer4.Extensions;
+using IdentityServer4.Models;
+using IdentityServer4.Services;
+using IdentityServer4.Stores;
+using IdentityServer4.Stores.Serialization;
+using Microsoft.Extensions.Logging;
+
+namespace Bit.Core.IdentityServer
+{
+    // ref: https://raw.githubusercontent.com/IdentityServer/IdentityServer4/3.1.3/src/IdentityServer4/src/Stores/Default/DefaultAuthorizationCodeStore.cs
+    public class AuthorizationCodeStore : DefaultGrantStore<AuthorizationCode>, IAuthorizationCodeStore
+    {
+        public AuthorizationCodeStore(
+            IPersistedGrantStore store,
+            IPersistentGrantSerializer serializer,
+            IHandleGenerationService handleGenerationService,
+            ILogger<DefaultAuthorizationCodeStore> logger)
+            : base(IdentityServerConstants.PersistedGrantTypes.AuthorizationCode, store, serializer,
+                  handleGenerationService, logger)
+        { }
+
+        public Task<string> StoreAuthorizationCodeAsync(AuthorizationCode code)
+        {
+            return CreateItemAsync(code, code.ClientId, code.Subject.GetSubjectId(), code.CreationTime, code.Lifetime);
+        }
+
+        public Task<AuthorizationCode> GetAuthorizationCodeAsync(string code)
+        {
+            return GetItemAsync(code);
+        }
+
+        public Task RemoveAuthorizationCodeAsync(string code)
+        {
+            // return RemoveItemAsync(code);
+
+            // We don't want to delete authorization codes during validation.
+            // We'll rely on the authorization code lifecycle for short term validation and the
+            // DatabaseExpiredGrantsJob to clean up old authorization codes.
+            return Task.FromResult(0);
+        }
+    }
+}