identityserver4 - ASP.NET 3.1 中 Identity Server 4 中的 ApiResources 配置在哪里?
问题描述
按照 ASP.NET Core 2.2 教程搭建 Identity Server 4 In-Memory 项目模板,ApiResources
配置位于appsettings.json
.
"ApiResources": [
{
"Name": "movie.api",
"DisplayName": "Movie API Services",
"Scopes": [
{
"Name": "movie.api",
"DisplayName": "Movie API Services"
}
]
}
],
但是,在 ASP.NET Core 3.1 中,appsettings.json
不再存在,而是替换为Config.cs
. 但是,我找不到ApiResources
那里。如何ApiResources
在Config.cs
.
这是我现有的Config.cs
公共静态类 Config { 公共静态 IEnumerable IdentityResources => new IdentityResource[] { new IdentityResources.OpenId(), new IdentityResources.Profile(), };
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("scope1"),
new ApiScope("scope2"),
};
public static IEnumerable<Client> Clients =>
new Client[]
{
// m2m client credentials flow client
new Client
{
ClientId = "m2m.client",
ClientName = "Client Credentials Client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = { new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256()) },
AllowedScopes = { "scope1" }
},
// interactive client using code flow + pkce
new Client
{
ClientId = "interactive",
ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = { "https://localhost:44300/signin-oidc" },
FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },
AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile", "scope2" }
},
// Client - Configure Identity Service
// Step 2: Register client
new Client
{
ClientId = "movie.web", // match with what defined in startup.cs
//ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
AllowedGrantTypes = GrantTypes.Implicit,
RedirectUris = { "http://localhost:5000/signin-oidc" },
//FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
//PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },
//AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile" },
AllowAccessTokensViaBrowser = true
},
};
}
解决方案
以最简单的方式使其工作,您可以Config.cs
像这样添加它:
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("movie.api")
};
public static IEnumerable<ApiResource> ApiResources =>
new ApiResource[]
{
new ApiResource("movie.api", "The Movie API")
{
Scopes = { "movie.api" }
}
};
并将其添加到 IdentityServer 上,Startup.cs
如下所示:
var builder = services.AddIdentityServer(options =>
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddInMemoryApiResources(Config.ApiResources)
.AddInMemoryClients(Config.Clients)
.AddTestUsers(TestUsers.Users);
但是在 IdentityServer4 的第 4 版中,作用域有自己的定义,并且可以有选择地被资源引用。这意味着如果您不需要,您不必拥有 ApiResource。
在这里阅读更多
推荐阅读
- python - 为什么我所有的海生地块都融为一个地块?
- java - 将 long 编码为 int,反之亦然
- macos - 如何找回钥匙串访问权限
- javascript - 启动用电子构建的应用程序不起作用
- javascript - JavaScript xPath 命令不会在每次运行时与 Selenium Java 程序混合运行
- r - 如何从网站中提取图表后端数据?
- python-3.x - pygatt:无法执行 device.subscribe()
- c# - 删除两个日期之间的 Dynamics CRM 审核日志
- java - 如何使用带有 Retrofit 的 MVVM 将存储库实现到我的项目中
- python - OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_n', 'unexpected eof while reading')] 更新/搜索/安装 conda 包时