255 lines
10 KiB
C#
255 lines
10 KiB
C#
using IdentityServer4;
|
|
using IdentityServer4.Models;
|
|
using System.Collections.Generic;
|
|
|
|
namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
|
|
{
|
|
public class Config
|
|
{
|
|
// ApiResources define the apis in your system
|
|
public static IEnumerable<ApiResource> GetApis()
|
|
{
|
|
return new List<ApiResource>
|
|
{
|
|
new ApiResource("orders", "Orders Service"),
|
|
new ApiResource("basket", "Basket Service"),
|
|
new ApiResource("marketing", "Marketing Service"),
|
|
new ApiResource("locations", "Locations Service"),
|
|
new ApiResource("mobileshoppingagg", "Mobile Shopping Aggregator"),
|
|
new ApiResource("webshoppingagg", "Web Shopping Aggregator"),
|
|
new ApiResource("orders.signalrhub", "Ordering Signalr Hub")
|
|
};
|
|
}
|
|
|
|
// Identity resources are data like user ID, name, or email address of a user
|
|
// see: http://docs.identityserver.io/en/release/configuration/resources.html
|
|
public static IEnumerable<IdentityResource> GetResources()
|
|
{
|
|
return new List<IdentityResource>
|
|
{
|
|
new IdentityResources.OpenId(),
|
|
new IdentityResources.Profile()
|
|
};
|
|
}
|
|
|
|
// client want to access resources (aka scopes)
|
|
public static IEnumerable<Client> GetClients(Dictionary<string,string> clientsUrl)
|
|
{
|
|
return new List<Client>
|
|
{
|
|
// JavaScript Client
|
|
new Client
|
|
{
|
|
ClientId = "js",
|
|
ClientName = "eShop SPA OpenId Client",
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
AllowAccessTokensViaBrowser = true,
|
|
RedirectUris = { $"{clientsUrl["Spa"]}/" },
|
|
RequireConsent = false,
|
|
PostLogoutRedirectUris = { $"{clientsUrl["Spa"]}/" },
|
|
AllowedCorsOrigins = { $"{clientsUrl["Spa"]}" },
|
|
AllowedScopes =
|
|
{
|
|
IdentityServerConstants.StandardScopes.OpenId,
|
|
IdentityServerConstants.StandardScopes.Profile,
|
|
"orders",
|
|
"basket",
|
|
"locations",
|
|
"marketing",
|
|
"webshoppingagg",
|
|
"orders.signalrhub"
|
|
}
|
|
},
|
|
new Client
|
|
{
|
|
ClientId = "xamarin",
|
|
ClientName = "eShop Xamarin OpenId Client",
|
|
AllowedGrantTypes = GrantTypes.Hybrid,
|
|
//Used to retrieve the access token on the back channel.
|
|
ClientSecrets =
|
|
{
|
|
new Secret("secret".Sha256())
|
|
},
|
|
RedirectUris = { clientsUrl["Xamarin"] },
|
|
RequireConsent = false,
|
|
RequirePkce = true,
|
|
PostLogoutRedirectUris = { $"{clientsUrl["Xamarin"]}/Account/Redirecting" },
|
|
AllowedCorsOrigins = { "http://eshopxamarin" },
|
|
AllowedScopes = new List<string>
|
|
{
|
|
IdentityServerConstants.StandardScopes.OpenId,
|
|
IdentityServerConstants.StandardScopes.Profile,
|
|
IdentityServerConstants.StandardScopes.OfflineAccess,
|
|
"orders",
|
|
"basket",
|
|
"locations",
|
|
"marketing",
|
|
"mobileshoppingagg"
|
|
},
|
|
//Allow requesting refresh tokens for long lived API access
|
|
AllowOfflineAccess = true,
|
|
AllowAccessTokensViaBrowser = true
|
|
},
|
|
new Client
|
|
{
|
|
ClientId = "mvc",
|
|
ClientName = "MVC Client",
|
|
ClientSecrets = new List<Secret>
|
|
{
|
|
new Secret("secret".Sha256())
|
|
},
|
|
ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client
|
|
AllowedGrantTypes = GrantTypes.Hybrid,
|
|
AllowAccessTokensViaBrowser = false,
|
|
RequireConsent = false,
|
|
AllowOfflineAccess = true,
|
|
AlwaysIncludeUserClaimsInIdToken = true,
|
|
RedirectUris = new List<string>
|
|
{
|
|
$"{clientsUrl["Mvc"]}/signin-oidc"
|
|
},
|
|
PostLogoutRedirectUris = new List<string>
|
|
{
|
|
$"{clientsUrl["Mvc"]}/signout-callback-oidc"
|
|
},
|
|
AllowedScopes = new List<string>
|
|
{
|
|
IdentityServerConstants.StandardScopes.OpenId,
|
|
IdentityServerConstants.StandardScopes.Profile,
|
|
IdentityServerConstants.StandardScopes.OfflineAccess,
|
|
"orders",
|
|
"basket",
|
|
"locations",
|
|
"marketing",
|
|
"webshoppingagg",
|
|
"orders.signalrhub"
|
|
},
|
|
},
|
|
new Client
|
|
{
|
|
ClientId = "mvctest",
|
|
ClientName = "MVC Client Test",
|
|
ClientSecrets = new List<Secret>
|
|
{
|
|
new Secret("secret".Sha256())
|
|
},
|
|
ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client
|
|
AllowedGrantTypes = GrantTypes.Hybrid,
|
|
AllowAccessTokensViaBrowser = true,
|
|
RequireConsent = false,
|
|
AllowOfflineAccess = true,
|
|
RedirectUris = new List<string>
|
|
{
|
|
$"{clientsUrl["Mvc"]}/signin-oidc"
|
|
},
|
|
PostLogoutRedirectUris = new List<string>
|
|
{
|
|
$"{clientsUrl["Mvc"]}/signout-callback-oidc"
|
|
},
|
|
AllowedScopes = new List<string>
|
|
{
|
|
IdentityServerConstants.StandardScopes.OpenId,
|
|
IdentityServerConstants.StandardScopes.Profile,
|
|
IdentityServerConstants.StandardScopes.OfflineAccess,
|
|
"orders",
|
|
"basket",
|
|
"locations",
|
|
"marketing",
|
|
"webshoppingagg"
|
|
},
|
|
},
|
|
new Client
|
|
{
|
|
ClientId = "locationsswaggerui",
|
|
ClientName = "Locations Swagger UI",
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
RedirectUris = { $"{clientsUrl["LocationsApi"]}/swagger/oauth2-redirect.html" },
|
|
PostLogoutRedirectUris = { $"{clientsUrl["LocationsApi"]}/swagger/" },
|
|
|
|
AllowedScopes =
|
|
{
|
|
"locations"
|
|
}
|
|
},
|
|
new Client
|
|
{
|
|
ClientId = "marketingswaggerui",
|
|
ClientName = "Marketing Swagger UI",
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
RedirectUris = { $"{clientsUrl["MarketingApi"]}/swagger/oauth2-redirect.html" },
|
|
PostLogoutRedirectUris = { $"{clientsUrl["MarketingApi"]}/swagger/" },
|
|
|
|
AllowedScopes =
|
|
{
|
|
"marketing"
|
|
}
|
|
},
|
|
new Client
|
|
{
|
|
ClientId = "basketswaggerui",
|
|
ClientName = "Basket Swagger UI",
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
RedirectUris = { $"{clientsUrl["BasketApi"]}/swagger/oauth2-redirect.html" },
|
|
PostLogoutRedirectUris = { $"{clientsUrl["BasketApi"]}/swagger/" },
|
|
|
|
AllowedScopes =
|
|
{
|
|
"basket"
|
|
}
|
|
},
|
|
new Client
|
|
{
|
|
ClientId = "orderingswaggerui",
|
|
ClientName = "Ordering Swagger UI",
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
RedirectUris = { $"{clientsUrl["OrderingApi"]}/swagger/oauth2-redirect.html" },
|
|
PostLogoutRedirectUris = { $"{clientsUrl["OrderingApi"]}/swagger/" },
|
|
|
|
AllowedScopes =
|
|
{
|
|
"orders"
|
|
}
|
|
},
|
|
new Client
|
|
{
|
|
ClientId = "mobileshoppingaggswaggerui",
|
|
ClientName = "Mobile Shopping Aggregattor Swagger UI",
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
RedirectUris = { $"{clientsUrl["MobileShoppingAgg"]}/swagger/oauth2-redirect.html" },
|
|
PostLogoutRedirectUris = { $"{clientsUrl["MobileShoppingAgg"]}/swagger/" },
|
|
|
|
AllowedScopes =
|
|
{
|
|
"mobileshoppingagg"
|
|
}
|
|
},
|
|
new Client
|
|
{
|
|
ClientId = "webshoppingaggswaggerui",
|
|
ClientName = "Web Shopping Aggregattor Swagger UI",
|
|
AllowedGrantTypes = GrantTypes.Implicit,
|
|
AllowAccessTokensViaBrowser = true,
|
|
|
|
RedirectUris = { $"{clientsUrl["WebShoppingAgg"]}/swagger/oauth2-redirect.html" },
|
|
PostLogoutRedirectUris = { $"{clientsUrl["WebShoppingAgg"]}/swagger/" },
|
|
|
|
AllowedScopes =
|
|
{
|
|
"webshoppingagg"
|
|
}
|
|
}
|
|
|
|
};
|
|
}
|
|
}
|
|
} |