From 67445321833d417de1071cbbd09dfd09a60cc1b7 Mon Sep 17 00:00:00 2001
From: GreenShadeZhang <gil.zhang.dev@outlook.com>
Date: Wed, 17 Mar 2021 22:01:27 +0800
Subject: [PATCH] fix invalid_scope error  invalid_request

---
 .../Identity.API/Configuration/Config.cs         | 16 ++++++++++++++++
 .../Data/ConfigurationDbContextSeed.cs           | 10 ++++++++++
 2 files changed, 26 insertions(+)

diff --git a/src/Services/Identity/Identity.API/Configuration/Config.cs b/src/Services/Identity/Identity.API/Configuration/Config.cs
index 22c3c9b7b..30f9ecb21 100644
--- a/src/Services/Identity/Identity.API/Configuration/Config.cs
+++ b/src/Services/Identity/Identity.API/Configuration/Config.cs
@@ -20,6 +20,21 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
             };
         }
 
+        // ApiScope is used to protect the API 
+        //The effect is the same as that of API resources in IdentityServer 3.x
+        public static IEnumerable<ApiScope> GetApiScopes()
+        {
+            return new List<ApiScope>
+            {
+                new ApiScope("orders", "Orders Service"),
+                new ApiScope("basket", "Basket Service"),
+                new ApiScope("mobileshoppingagg", "Mobile Shopping Aggregator"),
+                new ApiScope("webshoppingagg", "Web Shopping Aggregator"),
+                new ApiScope("orders.signalrhub", "Ordering Signalr Hub"),
+                new ApiScope("webhooks", "Webhooks registration Service"),
+            };
+        }
+
         // Identity resources are data like user ID, name, or email address of a user
         // see: http://docs.identityserver.io/en/release/configuration/resources.html
         public static IEnumerable<IdentityResource> GetResources()
@@ -101,6 +116,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
                     RequireConsent = false,
                     AllowOfflineAccess = true,
                     AlwaysIncludeUserClaimsInIdToken = true,
+                    RequirePkce = false,
                     RedirectUris = new List<string>
                     {
                         $"{clientsUrl["Mvc"]}/signin-oidc"
diff --git a/src/Services/Identity/Identity.API/Data/ConfigurationDbContextSeed.cs b/src/Services/Identity/Identity.API/Data/ConfigurationDbContextSeed.cs
index 6c49106bb..4a0c78d88 100644
--- a/src/Services/Identity/Identity.API/Data/ConfigurationDbContextSeed.cs
+++ b/src/Services/Identity/Identity.API/Data/ConfigurationDbContextSeed.cs
@@ -76,6 +76,16 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Data
 
                 await context.SaveChangesAsync();
             }
+
+            if (!context.ApiScopes.Any())
+            {
+                foreach (var apiScope in Config.GetApiScopes())
+                {
+                    context.ApiScopes.Add(apiScope.ToEntity());
+                }
+
+                await context.SaveChangesAsync();
+            }
         }
     }
 }