Below is the list of configs,you can configure it according to the type of authorization you need.
// 控制台客户端 客户端凭证模式 new Client { ClientId = "credentials_client", ClientName = "Client Credentials Client", AllowedGrantTypes = GrantTypes.ClientCredentials, ClientSecrets = { new Secret("secret".Sha256()) }, AllowedScopes = { "blog.core.api" } },
using var client = new HttpClient(); var discoResponse = await client.GetDiscoveryDocumentAsync("http://localhost:5004"); if (discoResponse.IsError) { Console.WriteLine(discoResponse.Error); return; } var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest { Address = discoResponse.TokenEndpoint, ClientId = "Console",// 客户端id Scope = "blog.core.api",// 对应的受保护资源服务器id ClientSecret = "secret", }); if (tokenResponse.IsError) { Console.WriteLine(tokenResponse.Error); return; } Console.WriteLine(tokenResponse.Json); client.SetBearerToken(tokenResponse.AccessToken); // 获取access_token后,向资源服务器发起请求 var response = await client.GetAsync("http://localhost:8081/api/blog/1");
// 自定义claim public static IEnumerableApiScopes => new ApiScope[] { new ApiScope("password_scope1") }; public static IEnumerable ApiResources => new ApiResource[] { new ApiResource("blog.core.api","api1") { Scopes={ "blog.core.api" }, UserClaims={JwtClaimTypes.Role}, //添加Cliam 角色类型,同时,用户的claim也许配置! ApiSecrets={new Secret("apisecret".Sha256())} } }; // 控制台客户端 密码模式 new Client { ClientId = "password_client", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = new List () { GrantTypes.ResourceOwnerPassword.FirstOrDefault(), }, AllowedScopes = new List { "blog.core.api" } }
using var client = new HttpClient(); var discoResponse = await client.GetDiscoveryDocumentAsync("http://localhost:5004"); if (discoResponse.IsError) { Console.WriteLine(discoResponse.Error); return; } var tokenResponse = await client.RequestPasswordTokenAsync(new PasswordTokenRequest { Address = discoResponse.TokenEndpoint, ClientId = "password_client",// 客户端id Scope = "blog.core.api",// 对应的受保护资源服务器id ClientSecret = "secret", UserName = "laozhang",// 这里的用户名密码,是我SeedData的时候导入的 Password = "BlogIdp123$InitPwd" }); if (tokenResponse.IsError) { Console.WriteLine(tokenResponse.Error); return; } Console.WriteLine(tokenResponse.Json); client.SetBearerToken(tokenResponse.AccessToken); // 获取access_token后,向资源服务器发起请求 var response = await client.GetAsync("http://localhost:8081/api/blog/1");
new Client { ClientId = "Implicit_client", ClientName="Demo MVC Client", AllowedGrantTypes = GrantTypes.Implicit, RedirectUris = { "http://localhost:1003/signin-oidc" }, PostLogoutRedirectUris = { "http://localhost:1003/signout-callback-oidc" }, RequireConsent=true, AllowedScopes = new List{ IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "roles", "rolename", "blog.core.api" } }
services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies") .AddOpenIdConnect("oidc", options => { options.Authority = "http://localhost:5004"; options.RequireHttpsMetadata = false; options.ClientId = "Implicit_client"; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; });
new Client { ClientId = "blogvuejs", ClientName = "Blog.Vue JavaScript Client", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { "http://vueblog.neters.club/callback", "http://apk.neters.club/oauth2-redirect.html", "http://localhost:6688/callback", "http://localhost:8081/oauth2-redirect.html", }, PostLogoutRedirectUris = { "http://vueblog.neters.club","http://localhost:6688" }, AllowedCorsOrigins = { "http://vueblog.neters.club","http://localhost:6688" }, AccessTokenLifetime=3600, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, "roles", "blog.core.api.BlogModule" } },
import { UserManager } from 'oidc-client' class ApplicationUserManager extends UserManager { constructor () { super({ authority: 'https://ids.neters.club', client_id: 'blogadminjs', redirect_uri: 'http://vueadmin.neters.club/callback', response_type: 'id_token token', scope: 'openid profile roles blog.core.api', post_logout_redirect_uri: 'http://vueadmin.neters.club' }) } async login () { await this.signinRedirect() return this.getUser() } async logout () { return this.signoutRedirect() } }
new Client { ClientId = "blazorserver", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Code, RequireConsent = false, RequirePkce = true, AlwaysIncludeUserClaimsInIdToken=true,//将用户所有的claims包含在IdToken内 AllowAccessTokensViaBrowser = true, // where to redirect to after login RedirectUris = { "https://mvp.neters.club/signin-oidc" }, AllowedCorsOrigins = { "https://mvp.neters.club" }, // where to redirect to after logout PostLogoutRedirectUris = { "https://mvp.neters.club/signout-callback-oidc" }, AllowedScopes = new List{ IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "roles", "rolename", "blog.core.api" } },
// 第一部分:认证方案的配置 // add cookie-based session management with OpenID Connect authentication services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies", options => { //options.Cookie.Name = "blazorclient"; //options.ExpireTimeSpan = TimeSpan.FromHours(1); //options.SlidingExpiration = false; }) .AddOpenIdConnect("oidc", options => { options.Authority = "https://ids.neters.club/"; options.RequireHttpsMetadata = false;//必须https协议 options.ClientId = "blazorserver"; // 75 seconds options.ClientSecret = "secret"; options.ResponseType = "code"; options.SaveTokens = true; // 为api在使用refresh_token的时候,配置offline_access作用域 options.GetClaimsFromUserInfoEndpoint = true; // 作用域获取 options.Scope.Clear(); options.Scope.Add("roles");//"roles" options.Scope.Add("rolename");//"rolename" options.Scope.Add("blog.core.api"); options.Scope.Add("profile"); options.Scope.Add("openid"); options.Events = new OpenIdConnectEvents { // called if user clicks Cancel during login OnAccessDenied = context => { context.HandleResponse(); context.Response.Redirect("/"); return Task.CompletedTask; } }; });
new Client { ClientId = "hybridclent", ClientName="Demo MVC Client", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Hybrid, AllowAccessTokensViaBrowser = true,//返回类型包含token时候,配置 RequirePkce = false,//v4.x需要配置这个 RedirectUris = { "http://localhost:1003/signin-oidc" }, PostLogoutRedirectUris = { "http://localhost:1003/signout-callback-oidc" }, AllowOfflineAccess=true, AlwaysIncludeUserClaimsInIdToken=true, AllowedScopes = new List{ IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "roles", "rolename", "blog.core.api" } }
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); // 认证方案的配置 services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies", options => { options.AccessDeniedPath = "/Authorization/NoPermission"; }) .AddOpenIdConnect("oidc", options => { options.SignInScheme = "Cookies"; options.Authority = "https://ids.neters.club"; options.RequireHttpsMetadata = false; options.ClientId = "hybridclent"; options.ClientSecret = "secret"; options.ResponseType = "code id_token"; options.GetClaimsFromUserInfoEndpoint = true; options.SaveTokens = true; // 为api在使用refresh_token的时候,配置offline_access作用域 //options.GetClaimsFromUserInfoEndpoint = true; // 作用域获取 options.Scope.Clear(); options.Scope.Add("roles"); options.Scope.Add("rolename"); options.Scope.Add("blog.core.api"); options.Scope.Add("profile"); options.Scope.Add("openid"); //options.ClaimActions.MapJsonKey("website", "website"); options.TokenValidationParameters = new TokenValidationParameters { //映射 User.Name //NameClaimType = JwtClaimTypes.Name, //RoleClaimType = JwtClaimTypes.Role }; });