PM-20532 - (1) Move ApiClient into new StaticClients folder (2) Create SendClientBuilder as don't need to use inheritance w/ client (3) Register new SendClient using builder in StaticClientStore (4) StaticClientStore - update name of clients list to not be ApiClients and instead just be Clients.

src/Identity/IdentityServer/DynamicClientStore.cs

@@ -36,7 +36,7 @@ internal class DynamicClientStore : IClientStore
         if (firstPeriod == -1)
         {
             // No splitter, attempt but don't fail for a static client
-            if (_staticClientStore.ApiClients.TryGetValue(clientId, out var client))
+            if (_staticClientStore.Clients.TryGetValue(clientId, out var client))
             {
                 return Task.FromResult<Client?>(client);
             }

src/Identity/IdentityServer/StaticClientStore.cs

@@ -1,6 +1,7 @@
 using System.Collections.Frozen;
 using Bit.Core.Enums;
 using Bit.Core.Settings;
+using Bit.Identity.IdentityServer.StaticClients;
 using Duende.IdentityServer.Models;
 
 namespace Bit.Identity.IdentityServer;
@@ -9,16 +10,17 @@ public class StaticClientStore
 {
     public StaticClientStore(GlobalSettings globalSettings)
     {
-        ApiClients = new List<Client>
+        Clients = new List<Client>
         {
             new ApiClient(globalSettings, BitwardenClient.Mobile, 60, 1),
             new ApiClient(globalSettings, BitwardenClient.Web, 7, 1),
             new ApiClient(globalSettings, BitwardenClient.Browser, 30, 1),
             new ApiClient(globalSettings, BitwardenClient.Desktop, 30, 1),
             new ApiClient(globalSettings, BitwardenClient.Cli, 30, 1),
-            new ApiClient(globalSettings, BitwardenClient.DirectoryConnector, 30, 24)
+            new ApiClient(globalSettings, BitwardenClient.DirectoryConnector, 30, 24),
+            SendClientBuilder.Build(globalSettings),
         }.ToFrozenDictionary(c => c.ClientId);
     }
 
-    public FrozenDictionary<string, Client> ApiClients { get; }
+    public FrozenDictionary<string, Client> Clients { get; }
 }

src/Identity/IdentityServer/StaticClients/SendClientBuilder.cs

@@ -0,0 +1,31 @@
+using Bit.Core.Enums;
+using Bit.Core.IdentityServer;
+using Bit.Core.Settings;
+using Bit.Identity.IdentityServer.RequestValidators;
+using Duende.IdentityServer.Models;
+
+namespace Bit.Identity.IdentityServer.StaticClients;
+public static class SendClientBuilder
+{
+    public static Client Build(GlobalSettings globalSettings)
+    {
+        return new Client()
+        {
+            ClientId = BitwardenClient.Send,
+            AllowedGrantTypes = new[] { SendAccessGrantValidator.GrantType },
+            AccessTokenLifetime = 60 * 5, // 5 minutes
+
+            // Do not allow refresh tokens to be issued.
+            AllowOfflineAccess = false,
+
+            // Send is a public anonymous client, so no secret is required (or really possible to use securely).
+            RequireClientSecret = false,
+
+            // Allow web vault to use this client.
+            AllowedCorsOrigins = new[] { globalSettings.BaseServiceUri.Vault },
+
+            // Setup API scopes that the client can request in the scope property of the token request.
+            AllowedScopes = new string[] { ApiScopes.Send },
+        };
+    }
+}