2017-05-29 08:30:33 +02:00
|
|
|
|
using IdentityServer4;
|
|
|
|
|
|
using IdentityServer4.Models;
|
2016-11-24 15:31:33 +01:00
|
|
|
|
using System.Collections.Generic;
|
|
|
|
|
|
|
2017-09-13 14:53:06 +02:00
|
|
|
|
namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
|
2016-11-24 15:31:33 +01:00
|
|
|
|
{
|
|
|
|
|
|
public class Config
|
|
|
|
|
|
{
|
2017-04-05 09:18:14 -03:00
|
|
|
|
// ApiResources define the apis in your system
|
|
|
|
|
|
public static IEnumerable<ApiResource> GetApis()
|
2016-11-24 15:31:33 +01:00
|
|
|
|
{
|
2017-04-05 09:18:14 -03:00
|
|
|
|
return new List<ApiResource>
|
2016-11-24 15:31:33 +01:00
|
|
|
|
{
|
2017-04-05 09:18:14 -03:00
|
|
|
|
new ApiResource("orders", "Orders Service"),
|
2017-06-01 10:10:37 +02:00
|
|
|
|
new ApiResource("basket", "Basket Service"),
|
2017-06-09 12:43:46 +02:00
|
|
|
|
new ApiResource("marketing", "Marketing Service"),
|
2018-01-26 16:09:36 +00:00
|
|
|
|
new ApiResource("locations", "Locations Service"),
|
2018-02-15 17:30:39 +01:00
|
|
|
|
new ApiResource("mobileshoppingagg", "Mobile Shopping Aggregator")
|
2017-04-05 09:18:14 -03:00
|
|
|
|
};
|
|
|
|
|
|
}
|
2016-11-24 15:31:33 +01:00
|
|
|
|
|
2017-04-05 09:18:14 -03:00
|
|
|
|
// Identity resources are data like user ID, name, or email address of a user
|
|
|
|
|
|
// see: http://docs.identityserver.io/en/release/configuration/resources.html
|
|
|
|
|
|
public static IEnumerable<IdentityResource> GetResources()
|
|
|
|
|
|
{
|
|
|
|
|
|
return new List<IdentityResource>
|
|
|
|
|
|
{
|
|
|
|
|
|
new IdentityResources.OpenId(),
|
|
|
|
|
|
new IdentityResources.Profile()
|
2016-11-24 15:31:33 +01:00
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// client want to access resources (aka scopes)
|
2016-12-07 13:57:31 +01:00
|
|
|
|
public static IEnumerable<Client> GetClients(Dictionary<string,string> clientsUrl)
|
2016-11-24 15:31:33 +01:00
|
|
|
|
{
|
|
|
|
|
|
return new List<Client>
|
|
|
|
|
|
{
|
|
|
|
|
|
// JavaScript Client
|
|
|
|
|
|
new Client
|
|
|
|
|
|
{
|
|
|
|
|
|
ClientId = "js",
|
|
|
|
|
|
ClientName = "eShop SPA OpenId Client",
|
|
|
|
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
|
|
|
|
AllowAccessTokensViaBrowser = true,
|
2016-12-22 18:34:57 +01:00
|
|
|
|
RedirectUris = { $"{clientsUrl["Spa"]}/" },
|
2017-01-04 11:08:24 +01:00
|
|
|
|
RequireConsent = false,
|
2016-12-22 18:34:57 +01:00
|
|
|
|
PostLogoutRedirectUris = { $"{clientsUrl["Spa"]}/" },
|
2016-12-07 13:57:31 +01:00
|
|
|
|
AllowedCorsOrigins = { $"{clientsUrl["Spa"]}" },
|
2016-11-24 15:31:33 +01:00
|
|
|
|
AllowedScopes =
|
|
|
|
|
|
{
|
2017-04-05 09:18:14 -03:00
|
|
|
|
IdentityServerConstants.StandardScopes.OpenId,
|
|
|
|
|
|
IdentityServerConstants.StandardScopes.Profile,
|
2016-11-24 15:31:33 +01:00
|
|
|
|
"orders",
|
2017-06-19 09:46:48 +02:00
|
|
|
|
"basket",
|
|
|
|
|
|
"locations",
|
2018-01-26 16:09:36 +00:00
|
|
|
|
"marketing",
|
2018-02-15 17:30:39 +01:00
|
|
|
|
"mobileshoppingagg"
|
2016-11-24 15:31:33 +01:00
|
|
|
|
}
|
2016-11-28 12:58:51 +01:00
|
|
|
|
},
|
|
|
|
|
|
new Client
|
|
|
|
|
|
{
|
|
|
|
|
|
ClientId = "xamarin",
|
|
|
|
|
|
ClientName = "eShop Xamarin OpenId Client",
|
2017-05-29 08:30:33 +02:00
|
|
|
|
AllowedGrantTypes = GrantTypes.Hybrid,
|
|
|
|
|
|
//Used to retrieve the access token on the back channel.
|
|
|
|
|
|
ClientSecrets =
|
|
|
|
|
|
{
|
|
|
|
|
|
new Secret("secret".Sha256())
|
|
|
|
|
|
},
|
|
|
|
|
|
RedirectUris = { clientsUrl["Xamarin"] },
|
2017-01-04 11:08:24 +01:00
|
|
|
|
RequireConsent = false,
|
2017-08-08 15:44:54 +01:00
|
|
|
|
RequirePkce = true,
|
2017-05-10 12:39:11 +02:00
|
|
|
|
PostLogoutRedirectUris = { $"{clientsUrl["Xamarin"]}/Account/Redirecting" },
|
2017-05-29 08:30:33 +02:00
|
|
|
|
AllowedCorsOrigins = { "http://eshopxamarin" },
|
|
|
|
|
|
AllowedScopes = new List<string>
|
2016-11-28 12:58:51 +01:00
|
|
|
|
{
|
2017-04-05 09:18:14 -03:00
|
|
|
|
IdentityServerConstants.StandardScopes.OpenId,
|
|
|
|
|
|
IdentityServerConstants.StandardScopes.Profile,
|
2017-05-29 08:30:33 +02:00
|
|
|
|
IdentityServerConstants.StandardScopes.OfflineAccess,
|
2016-11-28 12:58:51 +01:00
|
|
|
|
"orders",
|
2017-06-01 20:16:19 +02:00
|
|
|
|
"basket",
|
2017-06-19 09:46:48 +02:00
|
|
|
|
"locations",
|
2018-01-26 16:09:36 +00:00
|
|
|
|
"marketing",
|
2018-02-15 17:30:39 +01:00
|
|
|
|
"mobileshoppingagg"
|
2017-05-29 08:30:33 +02:00
|
|
|
|
},
|
|
|
|
|
|
//Allow requesting refresh tokens for long lived API access
|
2017-06-12 20:19:23 +02:00
|
|
|
|
AllowOfflineAccess = true,
|
|
|
|
|
|
AllowAccessTokensViaBrowser = true
|
2016-11-28 12:58:51 +01:00
|
|
|
|
},
|
|
|
|
|
|
new Client
|
|
|
|
|
|
{
|
|
|
|
|
|
ClientId = "mvc",
|
|
|
|
|
|
ClientName = "MVC Client",
|
|
|
|
|
|
ClientSecrets = new List<Secret>
|
|
|
|
|
|
{
|
|
|
|
|
|
new Secret("secret".Sha256())
|
|
|
|
|
|
},
|
2016-12-07 13:57:31 +01:00
|
|
|
|
ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client
|
2016-12-19 10:20:02 +01:00
|
|
|
|
AllowedGrantTypes = GrantTypes.Hybrid,
|
2017-06-05 21:54:03 +02:00
|
|
|
|
AllowAccessTokensViaBrowser = false,
|
2017-01-04 11:08:24 +01:00
|
|
|
|
RequireConsent = false,
|
2017-04-05 09:18:14 -03:00
|
|
|
|
AllowOfflineAccess = true,
|
2017-07-12 17:28:04 +02:00
|
|
|
|
AlwaysIncludeUserClaimsInIdToken = true,
|
2016-11-28 12:58:51 +01:00
|
|
|
|
RedirectUris = new List<string>
|
|
|
|
|
|
{
|
2017-05-10 12:39:11 +02:00
|
|
|
|
$"{clientsUrl["Mvc"]}/signin-oidc"
|
2016-11-28 12:58:51 +01:00
|
|
|
|
},
|
|
|
|
|
|
PostLogoutRedirectUris = new List<string>
|
|
|
|
|
|
{
|
2017-05-10 12:39:11 +02:00
|
|
|
|
$"{clientsUrl["Mvc"]}/signout-callback-oidc"
|
2016-11-28 12:58:51 +01:00
|
|
|
|
},
|
|
|
|
|
|
AllowedScopes = new List<string>
|
|
|
|
|
|
{
|
2017-04-05 09:18:14 -03:00
|
|
|
|
IdentityServerConstants.StandardScopes.OpenId,
|
|
|
|
|
|
IdentityServerConstants.StandardScopes.Profile,
|
|
|
|
|
|
IdentityServerConstants.StandardScopes.OfflineAccess,
|
2016-11-28 12:58:51 +01:00
|
|
|
|
"orders",
|
2017-06-01 20:16:19 +02:00
|
|
|
|
"basket",
|
2017-06-16 01:20:03 +02:00
|
|
|
|
"locations",
|
2018-01-26 16:09:36 +00:00
|
|
|
|
"marketing",
|
2018-02-15 17:30:39 +01:00
|
|
|
|
"mobileshoppingagg"
|
2016-11-28 12:58:51 +01:00
|
|
|
|
},
|
2017-07-10 14:25:03 +02:00
|
|
|
|
},
|
|
|
|
|
|
new Client
|
|
|
|
|
|
{
|
|
|
|
|
|
ClientId = "mvctest",
|
|
|
|
|
|
ClientName = "MVC Client Test",
|
|
|
|
|
|
ClientSecrets = new List<Secret>
|
|
|
|
|
|
{
|
|
|
|
|
|
new Secret("secret".Sha256())
|
|
|
|
|
|
},
|
|
|
|
|
|
ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client
|
|
|
|
|
|
AllowedGrantTypes = GrantTypes.Hybrid,
|
|
|
|
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
|
|
RequireConsent = false,
|
|
|
|
|
|
AllowOfflineAccess = true,
|
|
|
|
|
|
RedirectUris = new List<string>
|
|
|
|
|
|
{
|
|
|
|
|
|
$"{clientsUrl["Mvc"]}/signin-oidc"
|
|
|
|
|
|
},
|
|
|
|
|
|
PostLogoutRedirectUris = new List<string>
|
|
|
|
|
|
{
|
|
|
|
|
|
$"{clientsUrl["Mvc"]}/signout-callback-oidc"
|
|
|
|
|
|
},
|
|
|
|
|
|
AllowedScopes = new List<string>
|
|
|
|
|
|
{
|
|
|
|
|
|
IdentityServerConstants.StandardScopes.OpenId,
|
|
|
|
|
|
IdentityServerConstants.StandardScopes.Profile,
|
|
|
|
|
|
IdentityServerConstants.StandardScopes.OfflineAccess,
|
|
|
|
|
|
"orders",
|
|
|
|
|
|
"basket",
|
|
|
|
|
|
"locations",
|
2018-01-26 16:09:36 +00:00
|
|
|
|
"marketing",
|
2018-02-15 17:30:39 +01:00
|
|
|
|
"mobileshoppingagg"
|
2017-07-10 14:25:03 +02:00
|
|
|
|
},
|
2017-07-12 12:10:10 +02:00
|
|
|
|
},
|
|
|
|
|
|
new Client
|
|
|
|
|
|
{
|
|
|
|
|
|
ClientId = "locationsswaggerui",
|
|
|
|
|
|
ClientName = "Locations Swagger UI",
|
|
|
|
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
|
|
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
|
|
|
|
|
|
|
|
RedirectUris = { $"{clientsUrl["LocationsApi"]}/swagger/o2c.html" },
|
|
|
|
|
|
PostLogoutRedirectUris = { $"{clientsUrl["LocationsApi"]}/swagger/" },
|
|
|
|
|
|
|
|
|
|
|
|
AllowedScopes =
|
|
|
|
|
|
{
|
|
|
|
|
|
"locations"
|
|
|
|
|
|
}
|
|
|
|
|
|
},
|
|
|
|
|
|
new Client
|
|
|
|
|
|
{
|
|
|
|
|
|
ClientId = "marketingswaggerui",
|
|
|
|
|
|
ClientName = "Marketing Swagger UI",
|
|
|
|
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
|
|
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
|
|
|
|
|
|
|
|
RedirectUris = { $"{clientsUrl["MarketingApi"]}/swagger/o2c.html" },
|
|
|
|
|
|
PostLogoutRedirectUris = { $"{clientsUrl["MarketingApi"]}/swagger/" },
|
|
|
|
|
|
|
|
|
|
|
|
AllowedScopes =
|
|
|
|
|
|
{
|
|
|
|
|
|
"marketing"
|
|
|
|
|
|
}
|
|
|
|
|
|
},
|
|
|
|
|
|
new Client
|
|
|
|
|
|
{
|
|
|
|
|
|
ClientId = "basketswaggerui",
|
|
|
|
|
|
ClientName = "Basket Swagger UI",
|
|
|
|
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
|
|
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
|
|
|
|
|
|
|
|
RedirectUris = { $"{clientsUrl["BasketApi"]}/swagger/o2c.html" },
|
|
|
|
|
|
PostLogoutRedirectUris = { $"{clientsUrl["BasketApi"]}/swagger/" },
|
|
|
|
|
|
|
|
|
|
|
|
AllowedScopes =
|
|
|
|
|
|
{
|
|
|
|
|
|
"basket"
|
|
|
|
|
|
}
|
|
|
|
|
|
},
|
|
|
|
|
|
new Client
|
|
|
|
|
|
{
|
|
|
|
|
|
ClientId = "orderingswaggerui",
|
|
|
|
|
|
ClientName = "Ordering Swagger UI",
|
|
|
|
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
|
|
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
|
|
|
|
|
|
|
|
RedirectUris = { $"{clientsUrl["OrderingApi"]}/swagger/o2c.html" },
|
|
|
|
|
|
PostLogoutRedirectUris = { $"{clientsUrl["OrderingApi"]}/swagger/" },
|
|
|
|
|
|
|
|
|
|
|
|
AllowedScopes =
|
|
|
|
|
|
{
|
|
|
|
|
|
"orders"
|
|
|
|
|
|
}
|
2018-01-26 16:09:36 +00:00
|
|
|
|
},
|
|
|
|
|
|
new Client
|
|
|
|
|
|
{
|
2018-02-15 17:30:39 +01:00
|
|
|
|
ClientId = "mobileshoppingaggswaggerui",
|
|
|
|
|
|
ClientName = "Mobile Shopping Aggregattor Swagger UI",
|
2018-01-26 16:09:36 +00:00
|
|
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
|
|
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
|
|
|
2018-02-15 17:30:39 +01:00
|
|
|
|
RedirectUris = { $"{clientsUrl["MobileShoppingAgg"]}/swagger/o2c.html" },
|
|
|
|
|
|
PostLogoutRedirectUris = { $"{clientsUrl["MobileShoppingAgg"]}/swagger/" },
|
2018-01-26 16:09:36 +00:00
|
|
|
|
|
|
|
|
|
|
AllowedScopes =
|
|
|
|
|
|
{
|
2018-02-15 17:30:39 +01:00
|
|
|
|
"mobileshoppingagg"
|
2018-01-26 16:09:36 +00:00
|
|
|
|
}
|
2016-11-24 15:31:33 +01:00
|
|
|
|
}
|
2018-01-26 16:09:36 +00:00
|
|
|
|
|
2016-11-24 15:31:33 +01:00
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
