IdentityShroud/IdentityShroud.Core/Services/ClientService.cs

using System.Security.Cryptography;
using IdentityShroud.Core.Contracts;
using IdentityShroud.Core.Model;
using Microsoft.EntityFrameworkCore;

namespace IdentityShroud.Core.Services;

public class ClientService(
    Db db,
    IEncryptionService cryptor,
    IClock clock) : IClientService
{
    public async Task<Result<Client>> Create(Guid realmId, ClientCreateRequest request, CancellationToken ct = default)
    {
        Client client = new()
        {
            RealmId = realmId,
            ClientId = request.ClientId,
            Name = request.Name,
            Description = request.Description,
            SignatureAlgorithm = request.SignatureAlgorithm,
            AllowClientCredentialsFlow = request.AllowClientCredentialsFlow ?? false,
            CreatedAt = clock.UtcNow(),
        };
        
        if (client.AllowClientCredentialsFlow)
        {
            client.Secrets.Add(CreateSecret());
        }

        await db.AddAsync(client, ct);
        await db.SaveChangesAsync(ct);

        return client;
    }

    public async Task<Client?> GetByClientId(
        Guid realmId,
        string clientId, 
        CancellationToken ct = default)
    {
        return await db.Clients.FirstOrDefaultAsync(c => c.ClientId == clientId && c.RealmId == realmId, ct);
    }

    public async Task<Client?> FindById(
        Guid realmId,
        int id, 
        CancellationToken ct = default)
    {
        return await db.Clients.FirstOrDefaultAsync(c => c.Id == id && c.RealmId == realmId, ct);
    }

    private ClientSecret CreateSecret()
    {
        byte[] secret = RandomNumberGenerator.GetBytes(24);

        return new ClientSecret()
        {
            CreatedAt = clock.UtcNow(),
            Secret = cryptor.Encrypt(secret),
        };

    }
}
WIP making ClientCreate endpoint 2026-02-20 17:35:38 +01:00			`using System.Security.Cryptography;`
			`using IdentityShroud.Core.Contracts;`
			`using IdentityShroud.Core.Model;`
			`using Microsoft.EntityFrameworkCore;`

			`namespace IdentityShroud.Core.Services;`

			`public class ClientService(`
			`Db db,`
			`IEncryptionService cryptor,`
			`IClock clock) : IClientService`
			`{`
			`public async Task<Result<Client>> Create(Guid realmId, ClientCreateRequest request, CancellationToken ct = default)`
			`{`
			`Client client = new()`
			`{`
			`RealmId = realmId,`
			`ClientId = request.ClientId,`
			`Name = request.Name,`
			`Description = request.Description,`
			`SignatureAlgorithm = request.SignatureAlgorithm,`
			`AllowClientCredentialsFlow = request.AllowClientCredentialsFlow ?? false,`
			`CreatedAt = clock.UtcNow(),`
			`};`

			`if (client.AllowClientCredentialsFlow)`
			`{`
			`client.Secrets.Add(CreateSecret());`
			`}`

			`await db.AddAsync(client, ct);`
			`await db.SaveChangesAsync(ct);`

			`return client;`
			`}`

Tests voor client api and service 2026-02-22 09:27:48 +01:00			`public async Task<Client?> GetByClientId(`
			`Guid realmId,`
			`string clientId,`
			`CancellationToken ct = default)`
WIP making ClientCreate endpoint 2026-02-20 17:35:38 +01:00			`{`
Tests voor client api and service 2026-02-22 09:27:48 +01:00			`return await db.Clients.FirstOrDefaultAsync(c => c.ClientId == clientId && c.RealmId == realmId, ct);`
WIP making ClientCreate endpoint 2026-02-20 17:35:38 +01:00			`}`

Tests voor client api and service 2026-02-22 09:27:48 +01:00			`public async Task<Client?> FindById(`
			`Guid realmId,`
			`int id,`
			`CancellationToken ct = default)`
Reworked code around signing keys have key details much more isolated from the other parts of the program. 2026-02-21 20:15:46 +01:00			`{`
Tests voor client api and service 2026-02-22 09:27:48 +01:00			`return await db.Clients.FirstOrDefaultAsync(c => c.Id == id && c.RealmId == realmId, ct);`
Reworked code around signing keys have key details much more isolated from the other parts of the program. 2026-02-21 20:15:46 +01:00			`}`

WIP making ClientCreate endpoint 2026-02-20 17:35:38 +01:00			`private ClientSecret CreateSecret()`
			`{`
			`byte[] secret = RandomNumberGenerator.GetBytes(24);`

			`return new ClientSecret()`
			`{`
			`CreatedAt = clock.UtcNow(),`
Support rotation of master key. The EncryptionService now loads a set of keys and uses the active one to encrypt and selects key based on keyid during decryption. Introduced EncryptedValue to hold keyId and encrypted data. (There are no intermeddiate keys yet) 2026-02-24 06:32:58 +01:00			`Secret = cryptor.Encrypt(secret),`
WIP making ClientCreate endpoint 2026-02-20 17:35:38 +01:00			`};`

			`}`
			`}`