From b9cea9d7d2a7d9e7fc67a8cbce6a5d706c1b8007 Mon Sep 17 00:00:00 2001 From: gil zhang Date: Sun, 5 Jun 2022 15:35:37 +0800 Subject: [PATCH] Adjust the code conflict of IdentityServer 4.1.2, and adjust the use mode according to the official example, the mvc project can log in and use normally, but there are some strange problems when the data is initialized, which needs to be further tracked. --- .../Mobile.Bff.Shopping/aggregator/Startup.cs | 10 ++++++++-- .../Web.Bff.Shopping/aggregator/Startup.cs | 10 ++++++++-- src/Services/Basket/Basket.API/Startup.cs | 8 +++++++- .../Identity.API/Configuration/Config.cs | 2 +- .../Identity/Identity.API/Identity.API.csproj | 16 +++++++++++----- .../AccountViewModels/ConsentInputModel.cs | 10 ---------- src/Services/Ordering/Ordering.API/Startup.cs | 8 +++++++- src/Services/Webhooks/Webhooks.API/Startup.cs | 8 +++++++- src/Web/WebMVC/Controllers/AccountController.cs | 4 ++-- src/Web/WebMVC/Controllers/CartController.cs | 2 +- src/Web/WebMVC/Controllers/OrderController.cs | 2 +- .../Controllers/OrderManagementController.cs | 2 +- src/Web/WebMVC/Startup.cs | 4 ++-- 13 files changed, 56 insertions(+), 30 deletions(-) delete mode 100644 src/Services/Identity/Identity.API/Models/AccountViewModels/ConsentInputModel.cs diff --git a/src/ApiGateways/Mobile.Bff.Shopping/aggregator/Startup.cs b/src/ApiGateways/Mobile.Bff.Shopping/aggregator/Startup.cs index 3f988395a..d79a822d3 100644 --- a/src/ApiGateways/Mobile.Bff.Shopping/aggregator/Startup.cs +++ b/src/ApiGateways/Mobile.Bff.Shopping/aggregator/Startup.cs @@ -1,4 +1,6 @@ -namespace Microsoft.eShopOnContainers.Mobile.Shopping.HttpAggregator; +using Microsoft.IdentityModel.Tokens; + +namespace Microsoft.eShopOnContainers.Mobile.Shopping.HttpAggregator; public class Startup { @@ -142,7 +144,11 @@ public static class ServiceCollectionExtensions { options.Authority = identityUrl; options.RequireHttpsMetadata = false; - options.Audience = "mobileshoppingagg"; + //options.Audience = "mobileshoppingagg"; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateAudience = false + }; }); return services; diff --git a/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs b/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs index 6e8e66931..ab9c3a210 100644 --- a/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs +++ b/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs @@ -1,4 +1,6 @@ -namespace Microsoft.eShopOnContainers.Web.Shopping.HttpAggregator; +using Microsoft.IdentityModel.Tokens; + +namespace Microsoft.eShopOnContainers.Web.Shopping.HttpAggregator; public class Startup { @@ -93,7 +95,11 @@ public static class ServiceCollectionExtensions { options.Authority = identityUrl; options.RequireHttpsMetadata = false; - options.Audience = "webshoppingagg"; + //options.Audience = "webshoppingagg"; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateAudience = false + }; }); return services; diff --git a/src/Services/Basket/Basket.API/Startup.cs b/src/Services/Basket/Basket.API/Startup.cs index 082560048..b9e903cdf 100644 --- a/src/Services/Basket/Basket.API/Startup.cs +++ b/src/Services/Basket/Basket.API/Startup.cs @@ -1,3 +1,5 @@ +using Microsoft.IdentityModel.Tokens; + namespace Microsoft.eShopOnContainers.Services.Basket.API; public class Startup { @@ -223,7 +225,11 @@ public class Startup { options.Authority = identityUrl; options.RequireHttpsMetadata = false; - options.Audience = "basket"; + //options.Audience = "basket"; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateAudience = false + }; }); } diff --git a/src/Services/Identity/Identity.API/Configuration/Config.cs b/src/Services/Identity/Identity.API/Configuration/Config.cs index 53d166ab7..3e60cb968 100644 --- a/src/Services/Identity/Identity.API/Configuration/Config.cs +++ b/src/Services/Identity/Identity.API/Configuration/Config.cs @@ -110,7 +110,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration new Secret("secret".Sha256()) }, ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client - AllowedGrantTypes = GrantTypes.Hybrid, + AllowedGrantTypes = GrantTypes.Code, AllowAccessTokensViaBrowser = false, RequireConsent = false, AllowOfflineAccess = true, diff --git a/src/Services/Identity/Identity.API/Identity.API.csproj b/src/Services/Identity/Identity.API/Identity.API.csproj index 51e2316be..ea315d9c0 100644 --- a/src/Services/Identity/Identity.API/Identity.API.csproj +++ b/src/Services/Identity/Identity.API/Identity.API.csproj @@ -17,11 +17,17 @@ - - - - - + + + + + + + + + + + diff --git a/src/Services/Identity/Identity.API/Models/AccountViewModels/ConsentInputModel.cs b/src/Services/Identity/Identity.API/Models/AccountViewModels/ConsentInputModel.cs deleted file mode 100644 index fd4e524cf..000000000 --- a/src/Services/Identity/Identity.API/Models/AccountViewModels/ConsentInputModel.cs +++ /dev/null @@ -1,10 +0,0 @@ -namespace Microsoft.eShopOnContainers.Services.Identity.API.Models.AccountViewModels -{ - public record ConsentInputModel - { - public string Button { get; init; } - public IEnumerable ScopesConsented { get; init; } - public bool RememberConsent { get; init; } - public string ReturnUrl { get; init; } - } -} \ No newline at end of file diff --git a/src/Services/Ordering/Ordering.API/Startup.cs b/src/Services/Ordering/Ordering.API/Startup.cs index 501a55361..8a4034138 100644 --- a/src/Services/Ordering/Ordering.API/Startup.cs +++ b/src/Services/Ordering/Ordering.API/Startup.cs @@ -1,3 +1,5 @@ +using Microsoft.IdentityModel.Tokens; + namespace Microsoft.eShopOnContainers.Services.Ordering.API; public class Startup @@ -382,7 +384,11 @@ static class CustomExtensionsMethods { options.Authority = identityUrl; options.RequireHttpsMetadata = false; - options.Audience = "orders"; + //options.Audience = "orders"; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateAudience = false + }; }); return services; diff --git a/src/Services/Webhooks/Webhooks.API/Startup.cs b/src/Services/Webhooks/Webhooks.API/Startup.cs index 256941efa..8ae2dcfc7 100644 --- a/src/Services/Webhooks/Webhooks.API/Startup.cs +++ b/src/Services/Webhooks/Webhooks.API/Startup.cs @@ -1,3 +1,5 @@ +using Microsoft.IdentityModel.Tokens; + namespace Webhooks.API; public class Startup { @@ -305,7 +307,11 @@ static class CustomExtensionMethods { options.Authority = identityUrl; options.RequireHttpsMetadata = false; - options.Audience = "webhooks"; + //options.Audience = "webhooks"; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateAudience = false + }; }); return services; diff --git a/src/Web/WebMVC/Controllers/AccountController.cs b/src/Web/WebMVC/Controllers/AccountController.cs index e2a191bd2..078132c40 100644 --- a/src/Web/WebMVC/Controllers/AccountController.cs +++ b/src/Web/WebMVC/Controllers/AccountController.cs @@ -1,6 +1,6 @@ namespace Microsoft.eShopOnContainers.WebMVC.Controllers; -[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] +[Authorize] public class AccountController : Controller { private readonly ILogger _logger; @@ -10,7 +10,7 @@ public class AccountController : Controller _logger = logger ?? throw new ArgumentNullException(nameof(logger)); } - [Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] + [Authorize] public async Task SignIn(string returnUrl) { var user = User as ClaimsPrincipal; diff --git a/src/Web/WebMVC/Controllers/CartController.cs b/src/Web/WebMVC/Controllers/CartController.cs index fc506ec43..f638c5a01 100644 --- a/src/Web/WebMVC/Controllers/CartController.cs +++ b/src/Web/WebMVC/Controllers/CartController.cs @@ -1,6 +1,6 @@ namespace Microsoft.eShopOnContainers.WebMVC.Controllers; -[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] +[Authorize] public class CartController : Controller { private readonly IBasketService _basketSvc; diff --git a/src/Web/WebMVC/Controllers/OrderController.cs b/src/Web/WebMVC/Controllers/OrderController.cs index a80d54072..5ef82b17c 100644 --- a/src/Web/WebMVC/Controllers/OrderController.cs +++ b/src/Web/WebMVC/Controllers/OrderController.cs @@ -2,7 +2,7 @@ namespace Microsoft.eShopOnContainers.WebMVC.Controllers; using Microsoft.eShopOnContainers.WebMVC.ViewModels; -[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] +[Authorize] public class OrderController : Controller { private IOrderingService _orderSvc; diff --git a/src/Web/WebMVC/Controllers/OrderManagementController.cs b/src/Web/WebMVC/Controllers/OrderManagementController.cs index ac699bade..4f01a0698 100644 --- a/src/Web/WebMVC/Controllers/OrderManagementController.cs +++ b/src/Web/WebMVC/Controllers/OrderManagementController.cs @@ -1,6 +1,6 @@ namespace WebMVC.Controllers; -[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] +[Authorize] public class OrderManagementController : Controller { private IOrderingService _orderSvc; diff --git a/src/Web/WebMVC/Startup.cs b/src/Web/WebMVC/Startup.cs index 405d2ced4..1b54e8966 100644 --- a/src/Web/WebMVC/Startup.cs +++ b/src/Web/WebMVC/Startup.cs @@ -163,7 +163,7 @@ static class ServiceCollectionExtensions services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; - options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; + options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie(setup => setup.ExpireTimeSpan = TimeSpan.FromMinutes(sessionCookieLifetime)) .AddOpenIdConnect(options => @@ -173,7 +173,7 @@ static class ServiceCollectionExtensions options.SignedOutRedirectUri = callBackUrl.ToString(); options.ClientId = "mvc"; options.ClientSecret = "secret"; - options.ResponseType = "code id_token"; + options.ResponseType = "code"; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.RequireHttpsMetadata = false;