added installations, push scoped tokens, push api

src/Core/IdentityServer/ApiResources.cs

@@ -1,7 +1,6 @@
 using IdentityModel;
 using IdentityServer4.Models;
 using System.Collections.Generic;
-using System.Security.Claims;
 
 namespace Bit.Core.IdentityServer
 {
@@ -21,7 +20,8 @@ namespace Bit.Core.IdentityServer
                     "orgowner",
                     "orgadmin",
                     "orguser"
-                })
+                }),
+                new ApiResource("api.push")
             };
         }
     }

src/Core/IdentityServer/ClientStore.cs

@@ -0,0 +1,49 @@
+using IdentityServer4.Stores;
+using System.Threading.Tasks;
+using IdentityServer4.Models;
+using System.Collections.Generic;
+using Bit.Core.Repositories;
+using System;
+
+namespace Bit.Core.IdentityServer
+{
+    public class ClientStore : IClientStore
+    {
+        private static IDictionary<string, Client> _apiClients = StaticClients.GetApiClients();
+
+        private readonly IInstallationRepository _installationRepository;
+        public ClientStore(
+            IInstallationRepository installationRepository)
+        {
+            _installationRepository = installationRepository;
+        }
+
+        public async Task<Client> FindClientByIdAsync(string clientId)
+        {
+            if(clientId.StartsWith("installation."))
+            {
+                var idParts = clientId.Split('.');
+                Guid id;
+                if(idParts.Length > 1 && Guid.TryParse(idParts[1], out id))
+                {
+                    var installation = await _installationRepository.GetByIdAsync(id);
+                    if(installation != null)
+                    {
+                        return new Client
+                        {
+                            ClientId = $"installation.{installation.Id}",
+                            RequireClientSecret = true,
+                            ClientSecrets = { new Secret(installation.Key.Sha256()) },
+                            AllowedScopes = new string[] { "api.push" },
+                            AllowedGrantTypes = GrantTypes.ClientCredentials,
+                            AccessTokenLifetime = 3600 * 24,
+                            Enabled = installation.Enabled
+                        };
+                    }
+                }
+            }
+
+            return _apiClients.ContainsKey(clientId) ? _apiClients[clientId] : null;
+        }
+    }
+}

src/Core/IdentityServer/StaticClients.cs

@@ -1,11 +1,12 @@
 using IdentityServer4.Models;
 using System.Collections.Generic;
+using System.Linq;
 
 namespace Bit.Core.IdentityServer
 {
-    public class Clients
+    public class StaticClients
     {
-        public static IEnumerable<Client> GetClients()
+        public static IDictionary<string, Client> GetApiClients()
         {
             return new List<Client>
             {
@@ -14,7 +15,7 @@ namespace Bit.Core.IdentityServer
                 new ApiClient("browser", 30, 1),
                 new ApiClient("desktop", 30, 1),
                 new ApiClient("connector", 30, 24)
-            };
+            }.ToDictionary(c => c.ClientId);
         }
 
         public class ApiClient : Client