按照ASP.NET Core 2.2教程构建Identity Server 4 In-Memory项目模板,ApiResources配置位于appsettings.json。
"ApiResources": [
{
"Name": "movie.api",
"DisplayName": "Movie API Services",
"Scopes": [
{
"Name": "movie.api",
"DisplayName": "Movie API Services"
}
]
}
],
但是,在ASP.NET Core 3.1中,appsettings.json不再存在,而是被Config.cs所取代。但是,我在那里找不到ApiResources。如何在Config.cs中创建ApiResources。
这是我现有的Config.cs
公共静态类Config{公共静态IEnumerable标识资源=>新标识资源[]{new IdentityResources.OpenId((,new IdentityResources.Profile((,};
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("scope1"),
new ApiScope("scope2"),
};
public static IEnumerable<Client> Clients =>
new Client[]
{
// m2m client credentials flow client
new Client
{
ClientId = "m2m.client",
ClientName = "Client Credentials Client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = { new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256()) },
AllowedScopes = { "scope1" }
},
// interactive client using code flow + pkce
new Client
{
ClientId = "interactive",
ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = { "https://localhost:44300/signin-oidc" },
FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },
AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile", "scope2" }
},
// Client - Configure Identity Service
// Step 2: Register client
new Client
{
ClientId = "movie.web", // match with what defined in startup.cs
//ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
AllowedGrantTypes = GrantTypes.Implicit,
RedirectUris = { "http://localhost:5000/signin-oidc" },
//FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
//PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },
//AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile" },
AllowAccessTokensViaBrowser = true
},
};
}
用一种最简单的方式将其添加到Config.cs中,如下所示:
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("movie.api")
};
public static IEnumerable<ApiResource> ApiResources =>
new ApiResource[]
{
new ApiResource("movie.api", "The Movie API")
{
Scopes = { "movie.api" }
}
};
并将其添加到Startup.cs上的IdentityServer中,如下所示:
var builder = services.AddIdentityServer(options =>
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddInMemoryApiResources(Config.ApiResources)
.AddInMemoryClients(Config.Clients)
.AddTestUsers(TestUsers.Users);
但是在IdentityServer4的第4版中,作用域有自己的定义,并且可以选择由资源引用。这意味着如果你不需要的话,你不必拥有ApiResource
点击此处阅读更多