identityServer4 AuthorizationCode Flow

时间:2019-06-11
本文章向大家介绍identityServer4 AuthorizationCode Flow,主要包括identityServer4 AuthorizationCode Flow使用实例、应用技巧、基本知识点总结和需要注意事项,具有一定的参考价值,需要的朋友可以参考一下。

1.mvc Client配置

(1)Startup

 1 JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
 2 
 3             services.AddAuthentication(options =>
 4                 {
 5                     options.DefaultScheme = "Cookies";
 6                     options.DefaultChallengeScheme = "oidc";
 7                 })
 8                 .AddCookie("Cookies")
 9                 .AddOpenIdConnect("oidc", options =>
10                 {
11                     options.SignInScheme = "Cookies";
12                     options.Authority = "http://localhost:5000";
13                     options.RequireHttpsMetadata = false;
14                     options.ClientId = "mvc client";
15                     options.ClientSecret = "mvc secret";
16                     options.SaveTokens = true;
17                     options.ResponseType = "code"; 
18 
19                     options.Scope.Clear();
20                     options.Scope.Add("api1");
21                     options.Scope.Add("openid");
22                     options.Scope.Add("profile");
23                     options.Scope.Add(OidcConstants.StandardScopes.OfflineAccess);
24 
25                 });

(2)Controller

 1  [Authorize]
 2     public class HomeController : Controller
 3     {
 4         public async Task<IActionResult> Index()
 5         {
 6             var client = new HttpClient();
 7             var disco = await client.GetDiscoveryDocumentAsync("http://localhost:5000/");
 8 
 9             if (disco.IsError)
10             {
11                 throw  new Exception(disco.Error);
12 
13 
14             }
15 
16             var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);
17 
18             client.SetBearerToken(accessToken);
19 
20             var response = await client.GetAsync("http://localhost:5001/api/values");
21 
22             if (!response.IsSuccessStatusCode)
23             {
24                 throw new Exception(response.ReasonPhrase);
25             }
26 
27             var content = await response.Content.ReadAsStringAsync();
28             return View("Index", content);
29 
30 
31 
32             //return View();
33         }
34 
35         public async Task<IActionResult> Privacy()
36         {
37             var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);
38             var idToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.IdToken);
39 
40             var refreshToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.RefreshToken);
41             var authorizationCode = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.Code);
42             return View();
43         }
44 
45         [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
46         public IActionResult Error()
47         {
48             return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
49         }
50 
51         public async Task Logout()
52         {
53             await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
54 
55             await HttpContext.SignOutAsync("oidc");
56         }
57     }

2.id4 配置

 1 new Client
 2                 {
 3                     ClientId = "mvc client",
 4                     ClientName = "MVC Client",
 5                     AllowedGrantTypes = GrantTypes.CodeAndClientCredentials,
 6                     ClientSecrets = {new Secret("mvc secret".Sha256())},
 7 
 8                     // where to redirect to after login
 9                     RedirectUris = { "http://localhost:5002/signin-oidc" },
10                     FrontChannelLogoutUri = "http://localhost:5002/signout-oidc",
11                     // where to redirect to after logout
12                     PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
13 
14                     AllowOfflineAccess = true,
15 
16                     AllowedScopes = new List<string>
17                     { "api1",
18                         IdentityServerConstants.StandardScopes.OpenId,
19                         IdentityServerConstants.StandardScopes.Profile
20                          
21                     }
22                 }

3.apiResource 在上一篇文章中

 

$flag 上一页 下一页