Add default OpenId scopes (#16661)

src/OrchardCore.Modules/OrchardCore.OpenId/Migrations/DefaultScopesMigration.cs

@@ -0,0 +1,61 @@
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Localization;
+using OpenIddict.Abstractions;
+using OrchardCore.Data.Migration;
+using OrchardCore.Environment.Shell.Scope;
+using OrchardCore.OpenId.Abstractions.Descriptors;
+using OrchardCore.OpenId.Abstractions.Managers;
+
+namespace OrchardCore.OpenId.Migrations;
+
+public sealed class DefaultScopesMigration : DataMigration
+{
+#pragma warning disable CA1822 // Mark members as static
+    public int Create()
+#pragma warning restore CA1822 // Mark members as static
+    {
+        ShellScope.AddDeferredTask(async shellScope =>
+        {
+            var S = shellScope.ServiceProvider.GetService<IStringLocalizer<DefaultScopesMigration>>();
+            var scopeManager = shellScope.ServiceProvider.GetRequiredService<IOpenIdScopeManager>();
+
+            if (await scopeManager.FindByNameAsync(OpenIddictConstants.Scopes.Profile) == null)
+            {
+                var descriptor = new OpenIdScopeDescriptor
+                {
+                    DisplayName = S["Profile"],
+                    Name = OpenIddictConstants.Scopes.Profile,
+                    Description = S["Requests access to the user's default profile information."]
+                };
+
+                await scopeManager.CreateAsync(descriptor);
+            }
+
+            if (await scopeManager.FindByNameAsync(OpenIddictConstants.Scopes.Email) == null)
+            {
+                var descriptor = new OpenIdScopeDescriptor
+                {
+                    DisplayName = S["Email"],
+                    Name = OpenIddictConstants.Scopes.Email,
+                    Description = S["Requests access to the user's email address. This scope provides the email and email_verified claims, which indicate the user's email address and whether it has been verified."]
+                };
+
+                await scopeManager.CreateAsync(descriptor);
+            }
+
+            if (await scopeManager.FindByNameAsync(OpenIddictConstants.Scopes.Phone) == null)
+            {
+                var descriptor = new OpenIdScopeDescriptor
+                {
+                    DisplayName = S["Phone"],
+                    Name = OpenIddictConstants.Scopes.Phone,
+                    Description = S["Requests access to the user's phone number. This scope includes the phone_number and phone_number_verified claims, which provide the user's phone number and indicate whether it has been verified."]
+                };
+
+                await scopeManager.CreateAsync(descriptor);
+            }
+        });
+
+        return 1;
+    }
+}

src/OrchardCore.Modules/OrchardCore.OpenId/Startup.cs

@@ -14,6 +14,7 @@
 using OpenIddict.Validation.AspNetCore;
 using OpenIddict.Validation.DataProtection;
 using OrchardCore.BackgroundTasks;
+using OrchardCore.Data.Migration;
 using OrchardCore.Deployment;
 using OrchardCore.DisplayManagement.Handlers;
 using OrchardCore.Environment.Shell.Builders;
@@ -22,6 +23,7 @@
 using OrchardCore.OpenId.Configuration;
 using OrchardCore.OpenId.Deployment;
 using OrchardCore.OpenId.Drivers;
+using OrchardCore.OpenId.Migrations;
 using OrchardCore.OpenId.Recipes;
 using OrchardCore.OpenId.Services;
 using OrchardCore.OpenId.Services.Handlers;
@@ -99,6 +101,7 @@ public override void ConfigureServices(IServiceCollection services)
 
         services.TryAddSingleton<IOpenIdServerService, OpenIdServerService>();
 
+        services.AddDataMigration<DefaultScopesMigration>();
         // Note: the following services are registered using TryAddEnumerable to prevent duplicate registrations.
         services.TryAddEnumerable(new[]
         {