PM-20532 - (1) Move ApiClient into new StaticClients folder (2) Create SendClientBuilder as don't need to use inheritance w/ client (3) Register new SendClient using builder in StaticClientStore (4) StaticClientStore - update name of clients list to not be ApiClients and instead just be Clients.

2025-05-25 13:24:50 -05:00 · 2025-05-15 22:27:44 -04:00 · 2025-05-15 22:27:44 -04:00 · e26b29f70e
commit e26b29f70e
parent 190624d955
4 changed files with 37 additions and 4 deletions
--- a/src/Identity/IdentityServer/DynamicClientStore.cs
+++ b/src/Identity/IdentityServer/DynamicClientStore.cs
@ -36,7 +36,7 @@ internal class DynamicClientStore : IClientStore
        if (firstPeriod == -1)
        {
            // No splitter, attempt but don't fail for a static client
-            if (_staticClientStore.ApiClients.TryGetValue(clientId, out var client))
+            if (_staticClientStore.Clients.TryGetValue(clientId, out var client))
            {
                return Task.FromResult<Client?>(client);
            }
--- a/src/Identity/IdentityServer/StaticClientStore.cs
+++ b/src/Identity/IdentityServer/StaticClientStore.cs
@ -1,6 +1,7 @@
 using System.Collections.Frozen;
 using Bit.Core.Enums;
 using Bit.Core.Settings;
+using Bit.Identity.IdentityServer.StaticClients;
 using Duende.IdentityServer.Models;

 namespace Bit.Identity.IdentityServer;
@ -9,16 +10,17 @@ public class StaticClientStore
 {
    public StaticClientStore(GlobalSettings globalSettings)
    {
-        ApiClients = new List<Client>
+        Clients = new List<Client>
        {
            new ApiClient(globalSettings, BitwardenClient.Mobile, 60, 1),
            new ApiClient(globalSettings, BitwardenClient.Web, 7, 1),
            new ApiClient(globalSettings, BitwardenClient.Browser, 30, 1),
            new ApiClient(globalSettings, BitwardenClient.Desktop, 30, 1),
            new ApiClient(globalSettings, BitwardenClient.Cli, 30, 1),
-            new ApiClient(globalSettings, BitwardenClient.DirectoryConnector, 30, 24)
+            new ApiClient(globalSettings, BitwardenClient.DirectoryConnector, 30, 24),
+            SendClientBuilder.Build(globalSettings),
        }.ToFrozenDictionary(c => c.ClientId);
    }

-    public FrozenDictionary<string, Client> ApiClients { get; }
+    public FrozenDictionary<string, Client> Clients { get; }
 }
--- a/src/Identity/IdentityServer/StaticClients/ApiClient.cs
+++ b/src/Identity/IdentityServer/StaticClients/ApiClient.cs
--- a/src/Identity/IdentityServer/StaticClients/SendClientBuilder.cs
+++ b/src/Identity/IdentityServer/StaticClients/SendClientBuilder.cs
@ -0,0 +1,31 @@
+using Bit.Core.Enums;
+using Bit.Core.IdentityServer;
+using Bit.Core.Settings;
+using Bit.Identity.IdentityServer.RequestValidators;
+using Duende.IdentityServer.Models;
+
+namespace Bit.Identity.IdentityServer.StaticClients;
+public static class SendClientBuilder
+{
+    public static Client Build(GlobalSettings globalSettings)
+    {
+        return new Client()
+        {
+            ClientId = BitwardenClient.Send,
+            AllowedGrantTypes = new[] { SendAccessGrantValidator.GrantType },
+            AccessTokenLifetime = 60 * 5, // 5 minutes
+
+            // Do not allow refresh tokens to be issued.
+            AllowOfflineAccess = false,
+
+            // Send is a public anonymous client, so no secret is required (or really possible to use securely).
+            RequireClientSecret = false,
+
+            // Allow web vault to use this client.
+            AllowedCorsOrigins = new[] { globalSettings.BaseServiceUri.Vault },
+
+            // Setup API scopes that the client can request in the scope property of the token request.
+            AllowedScopes = new string[] { ApiScopes.Send },
+        };
+    }
+}