第一步安装identityservice4模板
dotnet new -i IdentityServer4.Templates
打开模板项目https://localhost:5001/.well-known/openid-configuration
出现
{
"issuer": "https://localhost:5001",//验证的网站站点
"jwks_uri": "https://localhost:5001/.well-known/openid-configuration/jwks",//获取验证jwt数字签名的公钥
"authorization_endpoint": "https://localhost:5001/connect/authorize",
"token_endpoint": "https://localhost:5001/connect/token",//获取token
"userinfo_endpoint": "https://localhost:5001/connect/userinfo",//获取用户信息
"end_session_endpoint": "https://localhost:5001/connect/endsession",//注销
"check_session_iframe": "https://localhost:5001/connect/checksession",
"revocation_endpoint": "https://localhost:5001/connect/revocation",
"introspection_endpoint": "https://localhost:5001/connect/introspect",
"device_authorization_endpoint": "https://localhost:5001/connect/deviceauthorization",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"backchannel_logout_supported": true,
"backchannel_logout_session_supported": true,
"scopes_supported": ["openid", "offline_access"],
"claims_supported": ["sub"],
"grant_types_supported": ["authorization_code", "client_credentials", "refresh_token", "implicit", "urn:ietf:params:oauth:grant-type:device_code"],
"response_types_supported": ["code", "token", "id_token", "id_token token", "code id_token", "code token", "code id_token token"],
"response_modes_supported": ["form_post", "query", "fragment"],
"token_endpoint_auth_methods_supported": ["client_secret_basic", "client_secret_post"],
"id_token_signing_alg_values_supported": ["RS256"],
"subject_types_supported": ["public"],
"code_challenge_methods_supported": ["plain", "S256"],
"request_parameter_supported": true
}
public class IdentityServer
{
public static IEnumerable GetClients()
{
return new List
{
new Client
{
ClientId = "client1",
// AllowedGrantTypes = GrantTypes.ClientCredentials,//客户端模式
//AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,//密码模式
AllowedGrantTypes = GrantTypes.Code,// 授权码 模式
// AllowedGrantTypes = GrantTypes.Implicit,// 隐藏 模式
RedirectUris = { "http://localhost:5008/api/Identity/Get"}, // 认证成功后允许的回调地址
// RequireConsent = false, //隐藏模式下面的是否需要确认授权.
RequirePkce= false,//授权码模式下面的
// 用于认证的密码
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowAccessTokensViaBrowser=true, //允许token通过浏览器 (必须 true)
// 客户端有权访问的范围(Scopes)
AllowedScopes = {
"api1",
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
}
}
};
}
public static IEnumerable GetApiScopes()
{
return new List
{
new ApiScope("api1", "我的 API"),
};
}
///
/// 密码模式下面的用户资源
///
/// GetTestUsers()
{
return new List
{
new TestUser
{
SubjectId="1",
Username="admin",
Password="123456"
}
};
}
}
}
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryClients(IdentityServer.GetClients())
.AddInMemoryApiScopes(IdentityServer.GetApiScopes())
//.AddTestUsers(IdentityServer.GetTestUsers())密码模式
.AddTestUsers(IdentityServerHost.Quickstart.UI.TestUsers.Users)
;
app.UseIdentityServer(); // 要放在 UseRouting 的后面
在客户端api项目中
// 认证和授权中间件要放到路由中间后面
app.UseAuthentication();
app.UseAuthorization();
services.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", o => {
o.Authority = "http://localhost:5007";
o.RequireHttpsmetadata = false;
o.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
{
ValidateAudience = false
};
})
;
[Route("api/[controller]/[action]")]
[Authorize]
public class IdentityController : Controllerbase
{
[HttpGet]
public string Get()
{
return "极限编程网";
}
}
