IdentityServer4第二次介入了解(1)
一、配置
1、安装 IdentityServer4
2、InitMemoryData 中的配置信息如下:
using System.Collections.Generic; using IdentityServer4.Models; namespace SunnTu { public class InitMemoryData { // scopes define the API resources in your system public static IEnumerable<ApiResource> GetApiResources() { return new List<ApiResource> { new ApiResource("inventoryapi", "this is inventory api"), new ApiResource("orderapi", "this is order api"), new ApiResource("productapi", "this is product api") }; } // clients want to access resources (aka scopes) public static IEnumerable<Client> GetClients() { // client credentials client return new List<Client> { new Client { ClientId = "inventory", AllowedGrantTypes = GrantTypes.ClientCredentials, ClientSecrets = { new Secret("inventorysecret".Sha256()) }, AllowedScopes = { "inventoryapi" } }, new Client { ClientId = "order", AllowedGrantTypes = GrantTypes.ClientCredentials, ClientSecrets = { new Secret("ordersecret".Sha256()) }, AllowedScopes = { "orderapi" } }, new Client { ClientId = "product", AllowedGrantTypes = GrantTypes.ClientCredentials, ClientSecrets = { new Secret("productsecret".Sha256()) }, AllowedScopes = { "productapi" } } }; } } }
注意两种书写
using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using IdentityServer4.Models; using IdentityServer4.Test; namespace SunnTu { public class OAuthMemoryData { /// <summary> /// Api资源 静态方式定义 4.x 需要配置 apiscope ,ApiResource替换apiscope /// </summary> /// <returns></returns> //public static IEnumerable<ApiScope> ApiScope() //{ // // return new List<ApiResource> // //{ // // new ApiResource("inventoryapi", "this is inventory api"), // // new ApiResource("orderapi", "this is order api"), // // new ApiResource("productapi", "this is product api") // //}; // return new[] // { // new ApiScope("inventoryapi", "this is inventory api"), // new ApiScope("orderapi", "this is order api"), // new ApiScope("productapi", "this is product api") // }; //} public static IEnumerable<ApiResource> ApiResources => new ApiResource[] { new ApiResource("inventoryApi","订单服务") { ApiSecrets ={ new Secret("inventoryApi secret".Sha256()) }, Scopes = { "inventoryApiScope" } }, new ApiResource("orderApi","订单服务") { ApiSecrets ={ new Secret("orderApi secret".Sha256()) }, Scopes = { "orderApiScope" } }, new ApiResource("productApi","产品服务") { ApiSecrets ={ new Secret("productApi secret".Sha256()) }, Scopes = { "productApiScope" } } }; public static IEnumerable<ApiScope> ApiScopes => new ApiScope[] { new ApiScope("inventoryApiScope"), new ApiScope("orderApiScope"), new ApiScope("productApiScope"), }; /// <summary> /// 客户端应用程序,使用它来访问我们的API资源 /// </summary> /// <returns></returns> public static IEnumerable<Client> GetClients() { // client credentials client return new List<Client> { new Client { ClientId = "inventory", //客服端名称 ClientName = "库存",//描述 AllowedGrantTypes = new List<string>()//配置授权类型,可以配置多个授权类型 { GrantTypes.ResourceOwnerPassword.FirstOrDefault(),//授权类型,这里使用的是密码模式ResourceOwnerPassword }, ClientSecrets = { new Secret("inventorysecret".Sha256()) //客户端加密方式 }, AccessTokenLifetime = OAuthConfig.ExpireIn, //配置Token 失效时间 AllowedScopes = { "inventoryApiScope" } //配置授权范围,这里指定哪些API 受此方式保护 }, new Client { ClientId = "order", //订单 AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials, ClientSecrets = { new Secret("ordersecret".Sha256()) }, AllowedScopes = { "orderApiScope" } }, new Client { ClientId = "product", //产品 AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials, ClientSecrets = { new Secret("productsecret".Sha256()) }, AllowedScopes = { "productApiScope" } } }; } /// <summary> /// 测试的账号和密码 /// </summary> /// <returns></returns> public static List<TestUser> GetTestUsers() { return new List<TestUser> { new TestUser() { SubjectId = "1", Username = "test", Password = "123456" } }; } /* var settings = { "url": "http://localhost:5000/connect/token", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/x-www-form-urlencoded" }, "data": { "client_id": "product", "client_secret": "productsecret", "grant_type": "password", "username": "test", "password": "123456" } }; $.ajax(settings).done(function (response) { console.log(response); }); */ /* var settings = { "url": "http://localhost:5000/connect/token", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/x-www-form-urlencoded" }, "data": { "client_id": "order", "client_secret": "ordersecret", "grant_type": "password", "username": "test", "password": "123456" } }; $.ajax(settings).done(function (response) { console.log(response); }); */ /* var settings = { "url": "http://localhost:5000/connect/token", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/x-www-form-urlencoded" }, "data": { "client_id": "inventory", "client_secret": "inventorysecret", "grant_type": "password", "username": "test", "password": "123456" } }; $.ajax(settings).done(function (response) { console.log(response); }); */ } }
这里调用
注意:一开始以为是ApiScopes是4.x版本替换ApiResources的,才发现是不一样的
点到为止