using IdentityServer4; using IdentityServer4.Models; using System.Collections.Generic; namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration { public class Config { // ApiResources define the apis in your system public static IEnumerable GetApis() { return new List { new ApiResource("orders", "Orders Service"), new ApiResource("basket", "Basket Service"), new ApiResource("marketing", "Marketing Service"), new ApiResource("locations", "Locations Service"), new ApiResource("mobileshoppingagg", "Mobile Shopping Aggregator") }; } // Identity resources are data like user ID, name, or email address of a user // see: http://docs.identityserver.io/en/release/configuration/resources.html public static IEnumerable GetResources() { return new List { new IdentityResources.OpenId(), new IdentityResources.Profile() }; } // client want to access resources (aka scopes) public static IEnumerable GetClients(Dictionary clientsUrl) { return new List { // JavaScript Client new Client { ClientId = "js", ClientName = "eShop SPA OpenId Client", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["Spa"]}/" }, RequireConsent = false, PostLogoutRedirectUris = { $"{clientsUrl["Spa"]}/" }, AllowedCorsOrigins = { $"{clientsUrl["Spa"]}" }, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, "orders", "basket", "locations", "marketing", "mobileshoppingagg" } }, new Client { ClientId = "xamarin", ClientName = "eShop Xamarin OpenId Client", AllowedGrantTypes = GrantTypes.Hybrid, //Used to retrieve the access token on the back channel. ClientSecrets = { new Secret("secret".Sha256()) }, RedirectUris = { clientsUrl["Xamarin"] }, RequireConsent = false, RequirePkce = true, PostLogoutRedirectUris = { $"{clientsUrl["Xamarin"]}/Account/Redirecting" }, AllowedCorsOrigins = { "http://eshopxamarin" }, AllowedScopes = new List { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.OfflineAccess, "orders", "basket", "locations", "marketing", "mobileshoppingagg" }, //Allow requesting refresh tokens for long lived API access AllowOfflineAccess = true, AllowAccessTokensViaBrowser = true }, new Client { ClientId = "mvc", ClientName = "MVC Client", ClientSecrets = new List { new Secret("secret".Sha256()) }, ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client AllowedGrantTypes = GrantTypes.Hybrid, AllowAccessTokensViaBrowser = false, RequireConsent = false, AllowOfflineAccess = true, AlwaysIncludeUserClaimsInIdToken = true, RedirectUris = new List { $"{clientsUrl["Mvc"]}/signin-oidc" }, PostLogoutRedirectUris = new List { $"{clientsUrl["Mvc"]}/signout-callback-oidc" }, AllowedScopes = new List { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.OfflineAccess, "orders", "basket", "locations", "marketing", "mobileshoppingagg" }, }, new Client { ClientId = "mvctest", ClientName = "MVC Client Test", ClientSecrets = new List { new Secret("secret".Sha256()) }, ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client AllowedGrantTypes = GrantTypes.Hybrid, AllowAccessTokensViaBrowser = true, RequireConsent = false, AllowOfflineAccess = true, RedirectUris = new List { $"{clientsUrl["Mvc"]}/signin-oidc" }, PostLogoutRedirectUris = new List { $"{clientsUrl["Mvc"]}/signout-callback-oidc" }, AllowedScopes = new List { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.OfflineAccess, "orders", "basket", "locations", "marketing", "mobileshoppingagg" }, }, new Client { ClientId = "locationsswaggerui", ClientName = "Locations Swagger UI", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["LocationsApi"]}/swagger/o2c.html" }, PostLogoutRedirectUris = { $"{clientsUrl["LocationsApi"]}/swagger/" }, AllowedScopes = { "locations" } }, new Client { ClientId = "marketingswaggerui", ClientName = "Marketing Swagger UI", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["MarketingApi"]}/swagger/o2c.html" }, PostLogoutRedirectUris = { $"{clientsUrl["MarketingApi"]}/swagger/" }, AllowedScopes = { "marketing" } }, new Client { ClientId = "basketswaggerui", ClientName = "Basket Swagger UI", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["BasketApi"]}/swagger/o2c.html" }, PostLogoutRedirectUris = { $"{clientsUrl["BasketApi"]}/swagger/" }, AllowedScopes = { "basket" } }, new Client { ClientId = "orderingswaggerui", ClientName = "Ordering Swagger UI", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["OrderingApi"]}/swagger/o2c.html" }, PostLogoutRedirectUris = { $"{clientsUrl["OrderingApi"]}/swagger/" }, AllowedScopes = { "orders" } }, new Client { ClientId = "mobileshoppingaggswaggerui", ClientName = "Mobile Shopping Aggregattor Swagger UI", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, RedirectUris = { $"{clientsUrl["MobileShoppingAgg"]}/swagger/o2c.html" }, PostLogoutRedirectUris = { $"{clientsUrl["MobileShoppingAgg"]}/swagger/" }, AllowedScopes = { "mobileshoppingagg" } } }; } } }