From 87bfb74f9fcc1b06b30a3af64fa5f48fc82c3f1a Mon Sep 17 00:00:00 2001
From: OpenIddict Bot <32257313+openiddict-bot@users.noreply.github.com>
Date: Tue, 6 Feb 2018 14:19:54 +0000
Subject: [PATCH] Update the documentation pages
---
guide/migration.html | 59 +++++++++++++++++++++++++++++++++++++++++---
manifest.json | 10 ++++----
2 files changed, 61 insertions(+), 8 deletions(-)
diff --git a/guide/migration.html b/guide/migration.html
index d803202..5f18667 100644
--- a/guide/migration.html
+++ b/guide/migration.html
@@ -199,8 +199,61 @@
UpdateOpenIddictTablesAsync(app.ApplicationServices).GetAwaiter().GetResult();
}
Run your application. Once it's correctly started, stop it and remove the migration script.
-List of changes (for applications using custom stores)
-Renamed properties
+If necessary, update your code to grant applications the required permissions
+If you have code that relies on OpenIddictApplicationManager.CreateAsync(OpenIddictApplicationDescriptor),
+make sure that the appropriate set of permissions is granted.
+For instance, to allow a client application to use the password and refresh token flows, you must grant the following permissions:
+var descriptor = new OpenIddictApplicationDescriptor
+{
+ // ...
+ Permissions =
+ {
+ OpenIddictConstants.Permissions.Endpoints.Token,
+ OpenIddictConstants.Permissions.GrantTypes.Password,
+ OpenIddictConstants.Permissions.GrantTypes.RefreshToken
+ }
+};
+
+await manager.CreateAsync(descriptor);
+
For the authorization code flow, the following permissions are required:
+var descriptor = new OpenIddictApplicationDescriptor
+{
+ // ...
+ Permissions =
+ {
+ OpenIddictConstants.Permissions.Endpoints.Authorization,
+ OpenIddictConstants.Permissions.Endpoints.Token,
+ OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode
+ }
+};
+
+await manager.CreateAsync(descriptor);
+
For custom flows, use the OpenIddictConstants.Permissions.Prefixes.GrantType constant:
+var descriptor = new OpenIddictApplicationDescriptor
+{
+ // ...
+ Permissions =
+ {
+ OpenIddictConstants.Permissions.Endpoints.Token,
+ OpenIddictConstants.Permissions.Prefixes.GrantType + "google_token_exchange"
+ }
+};
+
+await manager.CreateAsync(descriptor);
+
If your application uses introspection or revocation, these endpoints must also be enable. E.g:
+var descriptor = new OpenIddictApplicationDescriptor
+{
+ // ...
+ Permissions =
+ {
+ OpenIddictConstants.Permissions.Endpoints.Introspection,
+ OpenIddictConstants.Permissions.Endpoints.Revocation
+ }
+};
+
+await manager.CreateAsync(descriptor);
+
List of changes (for applications using custom stores)
+Renamed properties
-Added properties
+Added properties
diff --git a/manifest.json b/manifest.json
index 3aec10e..953939e 100644
--- a/manifest.json
+++ b/manifest.json
@@ -104,7 +104,7 @@
"output": {
".html": {
"relative_path": "guide/migration.html",
- "hash": "CE/SnB1CWsQYD3y5GPuFuA=="
+ "hash": "LslsCYsgYfBwjVuKYi3brg=="
}
},
"is_incremental": false,
@@ -172,15 +172,15 @@
"details": "Processor ResourceDocumentProcessor cannot suppport incremental build because the processor doesn't implement ISupportIncrementalDocumentProcessor interface.",
"incrementalPhase": "build"
},
+ "ConceptualDocumentProcessor": {
+ "can_incremental": false,
+ "incrementalPhase": "build"
+ },
"RestApiDocumentProcessor": {
"can_incremental": false,
"details": "Processor RestApiDocumentProcessor cannot suppport incremental build because the processor doesn't implement ISupportIncrementalDocumentProcessor interface.",
"incrementalPhase": "build"
},
- "ConceptualDocumentProcessor": {
- "can_incremental": false,
- "incrementalPhase": "build"
- },
"TocDocumentProcessor": {
"can_incremental": false,
"details": "Processor TocDocumentProcessor cannot suppport incremental build because the processor doesn't implement ISupportIncrementalDocumentProcessor interface.",