时间戳

首页 > 解决方案 > ASP.NET 3.1 中 Identity Server 4 中的 ApiResources 配置在哪里?

identityserver4 - ASP.NET 3.1 中 Identity Server 4 中的 ApiResources 配置在哪里?

问题描述

按照 ASP.NET Core 2.2 教程搭建 Identity Server 4 In-Memory 项目模板,ApiResources配置位于appsettings.json.

  "ApiResources": [
    {
      "Name": "movie.api",
      "DisplayName": "Movie API Services",
      "Scopes": [
        {
          "Name": "movie.api",
          "DisplayName": "Movie API Services"
        }
      ]
    }
  ],

但是,在 ASP.NET Core 3.1 中,appsettings.json不再存在,而是替换为Config.cs. 但是,我找不到ApiResources那里。如何ApiResourcesConfig.cs.

这是我现有的Config.cs

公共静态类 Config { 公共静态 IEnumerable IdentityResources => new IdentityResource[] { new IdentityResources.OpenId(), new IdentityResources.Profile(), };

    public static IEnumerable<ApiScope> ApiScopes =>
        new ApiScope[]
        {
            new ApiScope("scope1"),
            new ApiScope("scope2"),
        };

    public static IEnumerable<Client> Clients =>
        new Client[]
        {
            // m2m client credentials flow client
            new Client
            {
                ClientId = "m2m.client",
                ClientName = "Client Credentials Client",

                AllowedGrantTypes = GrantTypes.ClientCredentials,
                ClientSecrets = { new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256()) },

                AllowedScopes = { "scope1" }
            },

            // interactive client using code flow + pkce
            new Client
            {
                ClientId = "interactive",
                ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
                
                AllowedGrantTypes = GrantTypes.Code,

                RedirectUris = { "https://localhost:44300/signin-oidc" },
                FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
                PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },

                AllowOfflineAccess = true,
                AllowedScopes = { "openid", "profile", "scope2" }
            },

            // Client - Configure Identity Service
            // Step 2: Register client
            new Client
            {
                ClientId = "movie.web", // match with what defined in startup.cs
                //ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },

                AllowedGrantTypes = GrantTypes.Implicit,

                RedirectUris = { "http://localhost:5000/signin-oidc" },
                //FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
                //PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },

                //AllowOfflineAccess = true,
                AllowedScopes = { "openid", "profile" },
                AllowAccessTokensViaBrowser =  true
            },
        };
}

标签: identityserver4

解决方案

以最简单的方式使其工作,您可以Config.cs像这样添加它:

 public static IEnumerable<ApiScope> ApiScopes =>
            new ApiScope[]
            { 
                new ApiScope("movie.api")
            };

        public static IEnumerable<ApiResource> ApiResources =>
            new ApiResource[]
            {
                new ApiResource("movie.api", "The Movie API")
                {
                    Scopes = { "movie.api" }
                }
            };

并将其添加到 IdentityServer 上,Startup.cs如下所示:

var builder = services.AddIdentityServer(options =>
                .AddInMemoryIdentityResources(Config.IdentityResources)
                .AddInMemoryApiScopes(Config.ApiScopes)
                .AddInMemoryApiResources(Config.ApiResources)
                .AddInMemoryClients(Config.Clients)
                .AddTestUsers(TestUsers.Users);

但是在 IdentityServer4 的第 4 版中,作用域有自己的定义,并且可以有选择地被资源引用。这意味着如果您不需要,您不必拥有 ApiResource。

在这里阅读更多

推荐阅读