ASP.NET 3.1 中 Identity Server 4 中的 ApiResources 配置在哪里?
Where is ApiResources configuration in Identity Server 4 in ASP.NET 3.1?
按照 ASP.NET Core 2.2 教程构建 Identity Server 4 In-Memory 项目模板,ApiResources 配置位于 appsettings.json。
"ApiResources": [
{
"Name": "movie.api",
"DisplayName": "Movie API Services",
"Scopes": [
{
"Name": "movie.api",
"DisplayName": "Movie API Services"
}
]
}
],
但是,在 ASP.NET Core 3.1 中,appsettings.json 不再存在,取而代之的是 Config.cs。但是,我在那里找不到 ApiResources。如何在 Config.cs.
中创建 ApiResources
这是我现有的Config.cs
public 静态 class 配置
{
public 静态 IEnumerable IdentityResources =>
新身份资源[]
{
新 IdentityResources.OpenId(),
新 IdentityResources.Profile(),
};
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("scope1"),
new ApiScope("scope2"),
};
public static IEnumerable<Client> Clients =>
new Client[]
{
// m2m client credentials flow client
new Client
{
ClientId = "m2m.client",
ClientName = "Client Credentials Client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = { new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256()) },
AllowedScopes = { "scope1" }
},
// interactive client using code flow + pkce
new Client
{
ClientId = "interactive",
ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = { "https://localhost:44300/signin-oidc" },
FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },
AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile", "scope2" }
},
// Client - Configure Identity Service
// Step 2: Register client
new Client
{
ClientId = "movie.web", // match with what defined in startup.cs
//ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
AllowedGrantTypes = GrantTypes.Implicit,
RedirectUris = { "http://localhost:5000/signin-oidc" },
//FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
//PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },
//AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile" },
AllowAccessTokensViaBrowser = true
},
};
}
以最简单的方式使其工作,您可以像这样将其添加到 Config.cs:
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("movie.api")
};
public static IEnumerable<ApiResource> ApiResources =>
new ApiResource[]
{
new ApiResource("movie.api", "The Movie API")
{
Scopes = { "movie.api" }
}
};
并将其添加到 Startup.cs 上的 IdentityServer,如下所示:
var builder = services.AddIdentityServer(options =>
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddInMemoryApiResources(Config.ApiResources)
.AddInMemoryClients(Config.Clients)
.AddTestUsers(TestUsers.Users);
但在 IdentityServer4 的版本 4 中,作用域有自己的定义,并且可以选择性地被资源引用。这意味着如果您不需要,则不必拥有 ApiResource。
阅读更多here
按照 ASP.NET Core 2.2 教程构建 Identity Server 4 In-Memory 项目模板,ApiResources 配置位于 appsettings.json。
"ApiResources": [
{
"Name": "movie.api",
"DisplayName": "Movie API Services",
"Scopes": [
{
"Name": "movie.api",
"DisplayName": "Movie API Services"
}
]
}
],
但是,在 ASP.NET Core 3.1 中,appsettings.json 不再存在,取而代之的是 Config.cs。但是,我在那里找不到 ApiResources。如何在 Config.cs.
ApiResources
这是我现有的Config.cs
public 静态 class 配置 { public 静态 IEnumerable IdentityResources => 新身份资源[] { 新 IdentityResources.OpenId(), 新 IdentityResources.Profile(), };
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("scope1"),
new ApiScope("scope2"),
};
public static IEnumerable<Client> Clients =>
new Client[]
{
// m2m client credentials flow client
new Client
{
ClientId = "m2m.client",
ClientName = "Client Credentials Client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = { new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256()) },
AllowedScopes = { "scope1" }
},
// interactive client using code flow + pkce
new Client
{
ClientId = "interactive",
ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = { "https://localhost:44300/signin-oidc" },
FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },
AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile", "scope2" }
},
// Client - Configure Identity Service
// Step 2: Register client
new Client
{
ClientId = "movie.web", // match with what defined in startup.cs
//ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
AllowedGrantTypes = GrantTypes.Implicit,
RedirectUris = { "http://localhost:5000/signin-oidc" },
//FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
//PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },
//AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile" },
AllowAccessTokensViaBrowser = true
},
};
}
以最简单的方式使其工作,您可以像这样将其添加到 Config.cs:
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("movie.api")
};
public static IEnumerable<ApiResource> ApiResources =>
new ApiResource[]
{
new ApiResource("movie.api", "The Movie API")
{
Scopes = { "movie.api" }
}
};
并将其添加到 Startup.cs 上的 IdentityServer,如下所示:
var builder = services.AddIdentityServer(options =>
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddInMemoryApiResources(Config.ApiResources)
.AddInMemoryClients(Config.Clients)
.AddTestUsers(TestUsers.Users);
但在 IdentityServer4 的版本 4 中,作用域有自己的定义,并且可以选择性地被资源引用。这意味着如果您不需要,则不必拥有 ApiResource。
阅读更多here