upgrade to Identity Server 4 rtm
This commit is contained in:
André Passos
parent
608c4c512a
commit
f337898143
@ -1,31 +1,30 @@
|
|||||||
using IdentityServer4.Models;
|
using IdentityServer4.Models;
|
||||||
using Microsoft.Extensions.Options;
|
using Microsoft.Extensions.Options;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
using IdentityServer4;
|
||||||
|
|
||||||
namespace Identity.API.Configuration
|
namespace Identity.API.Configuration
|
||||||
{
|
{
|
||||||
public class Config
|
public class Config
|
||||||
{
|
{
|
||||||
// scopes define the resources in your system
|
// ApiResources define the apis in your system
|
||||||
public static IEnumerable<Scope> GetScopes()
|
public static IEnumerable<ApiResource> GetApis()
|
||||||
{
|
{
|
||||||
return new List<Scope>
|
return new List<ApiResource>
|
||||||
{
|
{
|
||||||
//Authentication OpenId uses this scopes;
|
new ApiResource("orders", "Orders Service"),
|
||||||
StandardScopes.OpenId,
|
new ApiResource("basket", "Basket Service")
|
||||||
StandardScopes.Profile,
|
};
|
||||||
|
}
|
||||||
|
|
||||||
//Each api we want to securice;
|
// Identity resources are data like user ID, name, or email address of a user
|
||||||
new Scope
|
// see: http://docs.identityserver.io/en/release/configuration/resources.html
|
||||||
{
|
public static IEnumerable<IdentityResource> GetResources()
|
||||||
Name = "orders",
|
{
|
||||||
Description = "Orders Service"
|
return new List<IdentityResource>
|
||||||
},
|
{
|
||||||
new Scope
|
new IdentityResources.OpenId(),
|
||||||
{
|
new IdentityResources.Profile()
|
||||||
Name = "basket",
|
|
||||||
Description = "Basket Service"
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -47,8 +46,8 @@ namespace Identity.API.Configuration
|
|||||||
AllowedCorsOrigins = { $"{clientsUrl["Spa"]}" },
|
AllowedCorsOrigins = { $"{clientsUrl["Spa"]}" },
|
||||||
AllowedScopes =
|
AllowedScopes =
|
||||||
{
|
{
|
||||||
StandardScopes.OpenId.Name,
|
IdentityServerConstants.StandardScopes.OpenId,
|
||||||
StandardScopes.Profile.Name,
|
IdentityServerConstants.StandardScopes.Profile,
|
||||||
"orders",
|
"orders",
|
||||||
"basket"
|
"basket"
|
||||||
}
|
}
|
||||||
@ -65,8 +64,8 @@ namespace Identity.API.Configuration
|
|||||||
AllowedCorsOrigins = { "http://eshopxamarin" },
|
AllowedCorsOrigins = { "http://eshopxamarin" },
|
||||||
AllowedScopes =
|
AllowedScopes =
|
||||||
{
|
{
|
||||||
StandardScopes.OpenId.Name,
|
IdentityServerConstants.StandardScopes.OpenId,
|
||||||
StandardScopes.Profile.Name,
|
IdentityServerConstants.StandardScopes.Profile,
|
||||||
"orders",
|
"orders",
|
||||||
"basket"
|
"basket"
|
||||||
}
|
}
|
||||||
@ -82,6 +81,7 @@ namespace Identity.API.Configuration
|
|||||||
ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client
|
ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client
|
||||||
AllowedGrantTypes = GrantTypes.Hybrid,
|
AllowedGrantTypes = GrantTypes.Hybrid,
|
||||||
RequireConsent = false,
|
RequireConsent = false,
|
||||||
|
AllowOfflineAccess = true,
|
||||||
RedirectUris = new List<string>
|
RedirectUris = new List<string>
|
||||||
{
|
{
|
||||||
$"{clientsUrl["Mvc"]}/signin-oidc",
|
$"{clientsUrl["Mvc"]}/signin-oidc",
|
||||||
@ -96,9 +96,9 @@ namespace Identity.API.Configuration
|
|||||||
},
|
},
|
||||||
AllowedScopes = new List<string>
|
AllowedScopes = new List<string>
|
||||||
{
|
{
|
||||||
StandardScopes.OpenId.Name,
|
IdentityServerConstants.StandardScopes.OpenId,
|
||||||
StandardScopes.Profile.Name,
|
IdentityServerConstants.StandardScopes.Profile,
|
||||||
StandardScopes.OfflineAccess.Name,
|
IdentityServerConstants.StandardScopes.OfflineAccess,
|
||||||
"orders",
|
"orders",
|
||||||
"basket",
|
"basket",
|
||||||
},
|
},
|
||||||
|
|||||||
@ -5,7 +5,6 @@
|
|||||||
using IdentityModel;
|
using IdentityModel;
|
||||||
using IdentityServer4.Quickstart.UI.Models;
|
using IdentityServer4.Quickstart.UI.Models;
|
||||||
using IdentityServer4.Services;
|
using IdentityServer4.Services;
|
||||||
using IdentityServer4.Services.InMemory;
|
|
||||||
using Microsoft.AspNetCore.Http.Authentication;
|
using Microsoft.AspNetCore.Http.Authentication;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
using System;
|
using System;
|
||||||
|
|||||||
@ -22,7 +22,7 @@ namespace IdentityServer4.Quickstart.UI.Controllers
|
|||||||
{
|
{
|
||||||
private readonly ILogger<ConsentController> _logger;
|
private readonly ILogger<ConsentController> _logger;
|
||||||
private readonly IClientStore _clientStore;
|
private readonly IClientStore _clientStore;
|
||||||
private readonly IScopeStore _scopeStore;
|
private readonly IResourceStore _resourceStore;
|
||||||
private readonly IIdentityServerInteractionService _interaction;
|
private readonly IIdentityServerInteractionService _interaction;
|
||||||
|
|
||||||
|
|
||||||
@ -30,12 +30,12 @@ namespace IdentityServer4.Quickstart.UI.Controllers
|
|||||||
ILogger<ConsentController> logger,
|
ILogger<ConsentController> logger,
|
||||||
IIdentityServerInteractionService interaction,
|
IIdentityServerInteractionService interaction,
|
||||||
IClientStore clientStore,
|
IClientStore clientStore,
|
||||||
IScopeStore scopeStore)
|
IResourceStore resourceStore)
|
||||||
{
|
{
|
||||||
_logger = logger;
|
_logger = logger;
|
||||||
_interaction = interaction;
|
_interaction = interaction;
|
||||||
_clientStore = clientStore;
|
_clientStore = clientStore;
|
||||||
_scopeStore = scopeStore;
|
_resourceStore = resourceStore;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -120,10 +120,10 @@ namespace IdentityServer4.Quickstart.UI.Controllers
|
|||||||
var client = await _clientStore.FindEnabledClientByIdAsync(request.ClientId);
|
var client = await _clientStore.FindEnabledClientByIdAsync(request.ClientId);
|
||||||
if (client != null)
|
if (client != null)
|
||||||
{
|
{
|
||||||
var scopes = await _scopeStore.FindEnabledScopesAsync(request.ScopesRequested);
|
var resources = await _resourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested);
|
||||||
if (scopes != null && scopes.Any())
|
if (resources != null && (resources.IdentityResources.Any() || resources.ApiResources.Any()))
|
||||||
{
|
{
|
||||||
return new ConsentViewModel(model, returnUrl, request, client, scopes);
|
return new ConsentViewModel(model, returnUrl, request, client, resources);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|||||||
@ -41,8 +41,8 @@
|
|||||||
<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="1.1.0-msbuild3-final">
|
<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="1.1.0-msbuild3-final">
|
||||||
<PrivateAssets>All</PrivateAssets>
|
<PrivateAssets>All</PrivateAssets>
|
||||||
</PackageReference>
|
</PackageReference>
|
||||||
<PackageReference Include="IdentityServer4.AspNetIdentity" Version="1.0.0-rc3" />
|
<PackageReference Include="IdentityServer4.AspNetIdentity" Version="1.0.0" />
|
||||||
<PackageReference Include="IdentityServer4.EntityFramework" Version="1.0.0-rc3" />
|
<PackageReference Include="IdentityServer4.EntityFramework" Version="1.0.0" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
|
||||||
<Target Name="PrepublishScript" BeforeTargets="PrepareForPublish">
|
<Target Name="PrepublishScript" BeforeTargets="PrepareForPublish">
|
||||||
|
|||||||
@ -10,7 +10,7 @@ namespace Identity.API.Models.AccountViewModels
|
|||||||
{
|
{
|
||||||
public class ConsentViewModel : ConsentInputModel
|
public class ConsentViewModel : ConsentInputModel
|
||||||
{
|
{
|
||||||
public ConsentViewModel(ConsentInputModel model, string returnUrl, AuthorizationRequest request, Client client, IEnumerable<Scope> scopes)
|
public ConsentViewModel(ConsentInputModel model, string returnUrl, AuthorizationRequest request, Client client, Resources resources)
|
||||||
{
|
{
|
||||||
RememberConsent = model?.RememberConsent ?? true;
|
RememberConsent = model?.RememberConsent ?? true;
|
||||||
ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty<string>();
|
ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty<string>();
|
||||||
@ -22,8 +22,8 @@ namespace Identity.API.Models.AccountViewModels
|
|||||||
ClientLogoUrl = client.LogoUri;
|
ClientLogoUrl = client.LogoUri;
|
||||||
AllowRememberConsent = client.AllowRememberConsent;
|
AllowRememberConsent = client.AllowRememberConsent;
|
||||||
|
|
||||||
IdentityScopes = scopes.Where(x => x.Type == ScopeType.Identity).Select(x => new ScopeViewModel(x, ScopesConsented.Contains(x.Name) || model == null)).ToArray();
|
IdentityScopes = resources.IdentityResources.Select(x => new ScopeViewModel(x, ScopesConsented.Contains(x.Name) || model == null)).ToArray();
|
||||||
ResourceScopes = scopes.Where(x => x.Type == ScopeType.Resource).Select(x => new ScopeViewModel(x, ScopesConsented.Contains(x.Name) || model == null)).ToArray();
|
ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes).Select(x => new ScopeViewModel(x, ScopesConsented.Contains(x.Name) || model == null)).ToArray();
|
||||||
}
|
}
|
||||||
|
|
||||||
public string ClientName { get; set; }
|
public string ClientName { get; set; }
|
||||||
@ -47,6 +47,16 @@ namespace Identity.API.Models.AccountViewModels
|
|||||||
Checked = check || scope.Required;
|
Checked = check || scope.Required;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public ScopeViewModel(IdentityResource identity, bool check)
|
||||||
|
{
|
||||||
|
Name = identity.Name;
|
||||||
|
DisplayName = identity.DisplayName;
|
||||||
|
Description = identity.Description;
|
||||||
|
Emphasize = identity.Emphasize;
|
||||||
|
Required = identity.Required;
|
||||||
|
Checked = check || identity.Required;
|
||||||
|
}
|
||||||
|
|
||||||
public string Name { get; set; }
|
public string Name { get; set; }
|
||||||
public string DisplayName { get; set; }
|
public string DisplayName { get; set; }
|
||||||
public string Description { get; set; }
|
public string Description { get; set; }
|
||||||
|
|||||||
@ -77,7 +77,8 @@ namespace eShopOnContainers.Identity
|
|||||||
// Adds IdentityServer
|
// Adds IdentityServer
|
||||||
services.AddIdentityServer(x => x.IssuerUri = "null")
|
services.AddIdentityServer(x => x.IssuerUri = "null")
|
||||||
.AddSigningCredential(Certificate.Get())
|
.AddSigningCredential(Certificate.Get())
|
||||||
.AddInMemoryScopes(Config.GetScopes())
|
.AddInMemoryApiResources(Config.GetApis())
|
||||||
|
.AddInMemoryIdentityResources(Config.GetResources())
|
||||||
.AddInMemoryClients(Config.GetClients(clientUrls))
|
.AddInMemoryClients(Config.GetClients(clientUrls))
|
||||||
.AddAspNetIdentity<ApplicationUser>()
|
.AddAspNetIdentity<ApplicationUser>()
|
||||||
.Services.AddTransient<IProfileService, ProfileService>();
|
.Services.AddTransient<IProfileService, ProfileService>();
|
||||||
|
|||||||
@ -112,15 +112,10 @@ namespace Microsoft.eShopOnContainers.WebMVC
|
|||||||
ResponseType = "code id_token",
|
ResponseType = "code id_token",
|
||||||
SaveTokens = true,
|
SaveTokens = true,
|
||||||
GetClaimsFromUserInfoEndpoint = true,
|
GetClaimsFromUserInfoEndpoint = true,
|
||||||
RequireHttpsMetadata = false,
|
RequireHttpsMetadata = false,
|
||||||
|
Scope = { "openid", "profile", "orders", "basket" }
|
||||||
};
|
};
|
||||||
|
|
||||||
oidcOptions.Scope.Clear();
|
|
||||||
oidcOptions.Scope.Add("openid");
|
|
||||||
oidcOptions.Scope.Add("profile");
|
|
||||||
oidcOptions.Scope.Add("orders");
|
|
||||||
oidcOptions.Scope.Add("basket");
|
|
||||||
|
|
||||||
//Wait untill identity service is ready on compose.
|
//Wait untill identity service is ready on compose.
|
||||||
app.UseOpenIdConnectAuthentication(oidcOptions);
|
app.UseOpenIdConnectAuthentication(oidcOptions);
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user