zeldaiv / authserver Goto Github PK

Need UI to add Scopes and list existing scopes. A scope is defined with he following model:
ID: (generated by the BackEnd)
Name: The name of the scope
DisplayName: Additional human readable information, often used on ConsentScreens

Make it more intuitive when adding clients to the project, right now it is only possible to add one type of client.
A client can be many things, for now it should suffice to support 2 kinds of clients.

1. Machine-to-machine-clients
2. WebApp/Desktop-clients

A client model may look like this:

ClientId: Guid, Generated by backend
Enabled: Boolean, Default true
ClientSecrets: List of strings, For use with M-to-M
AllowedGrantTypes: Enum, M-to-M use ClientCredentials, WebApps/Desktop use Code with PKCE. (More to be added later)
RedirectUris: List of strings A list of allowed URIs to return tokens or authorization codes to
AllowedScopes: List of strings, Scopes (Api- or IdentityResources) this client has access to, default empty.
PostLogoutRedirectUris: List of strings, URIs that are allowed to redirect to.

It should be possible to create an admin user when starting the project. This needs to happen from the outside using some suitable method. Otherwise the admin user needs to be created on the fly, outputting this to the user of the docker-image.

It should be possible to edit and delete a ApiResource

A login-service such as this should support two-factor. This will then trigger the need to support sms or YubiKey or something similar.

It should be possible to edit or delete scopes.

Only the administrator should have access to adding users, clients and resources. Add policies to handle this.

When users are added it should be possible to send them a invite link they can use to set a password, to gain access.

It should be possible to get all users, update a user, delete a user and add a user.

Following the instructions in the READMEs and doing
docker-compose up gives the following error:
seqsink_1 | Failed to create CoreCLR, HRESULT: 0x8007FF06
seqsink_1 | Failed to create CoreCLR, HRESULT: 0x8007FF06

And eventually:

docker_seqsink_1 exited with code 137
web_1      | [17:02:07 ERR] Could not initialize identity db after 5 attempts
web_1      | [17:02:07 WRN] Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
web_1      | [17:02:07 INF] User profile is available. Using '/root/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
web_1      | [17:02:07 INF] Entity Framework Core 5.0.3 initialized 'ApplicationDbContext' using provider 'Pomelo.EntityFrameworkCore.MySql' with options: MaxPoolSize=128 ServerVersion 10.3.9-mariadb
web_1      | [17:02:07 ERR] An error occurred using the connection to database 'PowerDb' on server 'localhost'.
web_1      | [17:02:07 INF] A transient exception occurred during execution. The operation will be retried after 0ms.
web_1      | MySqlConnector.MySqlException (0x80004005): Unable to connect to any of the specified MySQL hosts.
web_1      |    at MySqlConnector.Core.ServerSession.ConnectAsync(ConnectionSettings cs, Int32 startTickCount, ILoadBalancer loadBalancer, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/ServerSession.cs:line 381
web_1      |    at MySqlConnector.Core.ConnectionPool.GetSessionAsync(MySqlConnection connection, Int32 startTickCount, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/ConnectionPool.cs:line 110
web_1      |    at MySqlConnector.Core.ConnectionPool.GetSessionAsync(MySqlConnection connection, Int32 startTickCount, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/ConnectionPool.cs:line 140
web_1      |    at MySqlConnector.MySqlConnection.CreateSessionAsync(ConnectionPool pool, Int32 startTickCount, Nullable`1 ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlConnection.cs:line 846
web_1      |    at MySqlConnector.MySqlConnection.OpenAsync(Nullable`1 ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlConnection.cs:line 410
web_1      |    at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)
web_1      |    at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)
web_1      |    at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenAsync(CancellationToken cancellationToken, Boolean errorsExpected)
web_1      |    at Pomelo.EntityFrameworkCore.MySql.Storage.Internal.MySqlRelationalConnection.OpenAsync(CancellationToken cancellationToken, Boolean errorsExpected)
web_1      |    at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
web_1      |    at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(DbContext _, Boolean result, CancellationToken cancellationToken)
web_1      |    at Microsoft.EntityFrameworkCore.Storage.ExecutionStrategy.ExecuteImplementationAsync[TState,TResult](Func`4 operation, Func`4 verifySucceeded, TState state, CancellationToken cancellationToken)

Error 137 indicates a SIGKIll or out of memory conditions so I also tried to increase the memory for docker to 4GBs and swap space to 2GB

I found this issue
datalust/seq-tickets#1224
but I don't know if that is related.

My computer is:
MacBook Air (M1, 2020) with 8Gbs of memory.

A user model should look like this:

Id: int, readonly for front end, used to lookup user
UserName: string, optional, the name of the user
Email: string, required, what is used as login
EmailConfirmed: boolean, default false
PhoneNumer: string, optional
PhoneNumberConfirmed: boolean, default false
TwoFactorEnabled: boolean, default false

It should be possible to add scopes to an APIResource, this is technically just a string, but it would be nice to have a UI-bit for this, as it is complex enough as it is. As a plus, having a ui for this, offers the option to explain some details to the user.

The readme file does not properly reflect how the frontend works, and how to get started when developing.

It can be useful to run the frontend without running the backend.

A working example is already implemented.

TBD: Perhaps this is not needed

This model should look like this:

Enabled: boolean, default true
Name: string, the name of the resource
DisplayName: string, can be used for consent screens
Description: string, can be used for consent screens
ApiSecrets: List of strings, used for token introspection, should be generated, and displayed once.
Scopes: List of string, comes from the APIScopes list, and should perhaps be added using UI, or as string

It should be possible to get all scopes, add a scope, update a scope and delete a scope.

When deleting a scope it needs to be deleted from any Clients and ApiResources also affected by that scope.

The landing page needs to be improved. Now you're just routed to the applications page

Handle secrets correctly by using UserSecretsID:
See here:
https://github.com/dotnet/dotnet-docker/blob/master/samples/aspnetapp/aspnetcore-docker-https-development.md
and here:
https://docs.microsoft.com/nb-no/aspnet/core/security/app-secrets?view=aspnetcore-2.1&tabs=macos

It should be possible to get all resources, add a resource, update a resource and delete a resource

It should be possible to edit or delete a user