授权服务器设置
添加用户
添加测试用户,也可以从数据库查
public static List<TestUser> GetTestUser() { return new List<TestUser>() { new TestUser(){ SubjectId = "1", Username ="zps", Password = "zps", Claims = new List<Claim>(){ new Claim("role","zps"), new Claim("aaa","asdasdsd"), } }, new TestUser(){ SubjectId = "2", Username ="admin", Password = "admin", Claims = new List<Claim>(){ new Claim("role","admin") } } }; }
添加Api资源
添加api资源 ,api的key要和注册的client的api要匹配
public static IEnumerable<ApiResource> GetResource() { return new List<ApiResource>(){ new ApiResource("api","my api") }; }
添加客户端
- 客户端模式
- 密码模式
- 授权码模式
- 混合模式
授权码模式和mvc模式的时候 这两个模式先不管
//请求确认
RequireConsent = false, 这个属性要注意 如果是true 会先跳转到确认页面 然后再跳转到RedirectUris
public static IEnumerable<Client> GetClients() { return new List<Client>(){ new Client(){ ClientId="client", //客户端模式 AllowedGrantTypes=GrantTypes.ClientCredentials, ClientSecrets={new Secret("secret".Sha256())}, AllowedScopes={"api"} }, new Client(){ ClientId="pwdClient", //OAuth密码模式 AllowedGrantTypes=GrantTypes.ResourceOwnerPassword, ClientSecrets={new Secret("secret".Sha256())}, AllowedScopes={"api"} }, new Client { ClientId = "mvc", ClientName = "MVC Client", AllowedGrantTypes = GrantTypes.Hybrid, ClientSecrets = { new Secret("secret".Sha256()) }, // where to redirect to after login RedirectUris = { "http://localhost:5001/signin-oidc" }, RequireConsent = false, AllowOfflineAccess = true, // where to redirect to after logout PostLogoutRedirectUris = { "http://localhost:5001/signout-callback-oidc" }, AllowedScopes = new List<string> { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, } }, new Client { ClientId = "js", ClientName = "java script Client", AllowedGrantTypes = GrantTypes.Code, RequirePkce = true, RequireClientSecret = false, RedirectUris = { "http://localhost:5003/callback.html" }, PostLogoutRedirectUris = { "http://localhost:5003/index.html" }, AllowedCorsOrigins = { "http://localhost:5003" }, RequireConsent = false, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, "api" } } }; }
添加IdentityServer 保护的资源
可以自定义Claim
public static IEnumerable<IdentityResource> GetIdentityResources() { return new IdentityResource[] { new IdentityResources.OpenId(), new IdentityResources.Profile(), }; }
把identityserver注入到容器
.AddDeveloperSigningCredential() 生成token 需要的密钥和公钥 正式环境需要换成正经的
o.UserInteraction.LoginUrl = "/Auth/Logi