using IdentityServer4; using IdentityServer4.Models; using System.Collections.Generic; namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration { public class Config { // ApiResources define the apis in your system public static IEnumerable GetApis() { return new List { new ApiResource("orders", "Orders Service"), new ApiResource("basket", "Basket Service"), new ApiResource("marketing", "Marketing Service"), new ApiResource("locations", "Locations Service"), new ApiResource("mobileshoppingagg", "Mobile Shopping Aggregator"), new ApiResource("webshoppingagg", "Web Shopping Aggregator"), new ApiResource("orders.signalrhub", "Ordering Signalr Hub") }; } // Identity resources are data like user ID, name, or email address of a user // see: http://docs.identityserver.io/en/release/configuration/resources.html public static IEnumerable GetResources() { return new List { new IdentityResources.OpenId(), new IdentityResources.Profile() }; } // client want to access resources (aka scopes) public static IEnumerable GetClients(Dictionary clientsUrl) { return new List { // JavaScript Client new Client { ClientId = "js", ClientName = "eShop SPA OpenId Client", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["Spa"]}/" }, RequireConsent = false, PostLogoutRedirectUris = { $"{clientsUrl["Spa"]}/" }, AllowedCorsOrigins = { $"{clientsUrl["Spa"]}" }, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, "orders", "basket", "locations", "marketing", "webshoppingagg", "orders.signalrhub" } }, new Client { ClientId = "xamarin", ClientName = "eShop Xamarin OpenId Client", AllowedGrantTypes = GrantTypes.Hybrid, //Used to retrieve the access token on the back channel. ClientSecrets = { new Secret("secret".Sha256()) }, RedirectUris = { clientsUrl["Xamarin"] }, RequireConsent = false, RequirePkce = true, PostLogoutRedirectUris = { $"{clientsUrl["Xamarin"]}/Account/Redirecting" }, AllowedCorsOrigins = { "http://eshopxamarin" }, AllowedScopes = new List { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.OfflineAccess, "orders", "basket", "locations", "marketing", "mobileshoppingagg" }, //Allow requesting refresh tokens for long lived API access AllowOfflineAccess = true, AllowAccessTokensViaBrowser = true }, new Client { ClientId = "mvc", ClientName = "MVC Client", ClientSecrets = new List { new Secret("secret".Sha256()) }, ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client AllowedGrantTypes = GrantTypes.Hybrid, AllowAccessTokensViaBrowser = false, RequireConsent = false, AllowOfflineAccess = true, AlwaysIncludeUserClaimsInIdToken = true, RedirectUris = new List { $"{clientsUrl["Mvc"]}/signin-oidc" }, PostLogoutRedirectUris = new List { $"{clientsUrl["Mvc"]}/signout-callback-oidc" }, AllowedScopes = new List { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.OfflineAccess, "orders", "basket", "locations", "marketing", "webshoppingagg", "orders.signalrhub" }, }, new Client { ClientId = "mvctest", ClientName = "MVC Client Test", ClientSecrets = new List { new Secret("secret".Sha256()) }, ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client AllowedGrantTypes = GrantTypes.Hybrid, AllowAccessTokensViaBrowser = true, RequireConsent = false, AllowOfflineAccess = true, RedirectUris = new List { $"{clientsUrl["Mvc"]}/signin-oidc" }, PostLogoutRedirectUris = new List { $"{clientsUrl["Mvc"]}/signout-callback-oidc" }, AllowedScopes = new List { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.OfflineAccess, "orders", "basket", "locations", "marketing", "webshoppingagg" }, }, new Client { ClientId = "locationsswaggerui", ClientName = "Locations Swagger UI", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["LocationsApi"]}/swagger/oauth2-redirect.html" }, PostLogoutRedirectUris = { $"{clientsUrl["LocationsApi"]}/swagger/" }, AllowedScopes = { "locations" } }, new Client { ClientId = "marketingswaggerui", ClientName = "Marketing Swagger UI", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["MarketingApi"]}/swagger/oauth2-redirect.html" }, PostLogoutRedirectUris = { $"{clientsUrl["MarketingApi"]}/swagger/" }, AllowedScopes = { "marketing" } }, new Client { ClientId = "basketswaggerui", ClientName = "Basket Swagger UI", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["BasketApi"]}/swagger/oauth2-redirect.html" }, PostLogoutRedirectUris = { $"{clientsUrl["BasketApi"]}/swagger/" }, AllowedScopes = { "basket" } }, new Client { ClientId = "orderingswaggerui", ClientName = "Ordering Swagger UI", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["OrderingApi"]}/swagger/oauth2-redirect.html" }, PostLogoutRedirectUris = { $"{clientsUrl["OrderingApi"]}/swagger/" }, AllowedScopes = { "orders" } }, new Client { ClientId = "mobileshoppingaggswaggerui", ClientName = "Mobile Shopping Aggregattor Swagger UI", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["MobileShoppingAgg"]}/swagger/oauth2-redirect.html" }, PostLogoutRedirectUris = { $"{clientsUrl["MobileShoppingAgg"]}/swagger/" }, AllowedScopes = { "mobileshoppingagg" } }, new Client { ClientId = "webshoppingaggswaggerui", ClientName = "Web Shopping Aggregattor Swagger UI", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["WebShoppingAgg"]}/swagger/oauth2-redirect.html" }, PostLogoutRedirectUris = { $"{clientsUrl["WebShoppingAgg"]}/swagger/" }, AllowedScopes = { "webshoppingagg" } } }; } } }