IdentityServer4 + Web Api + Spa一起在一个项目中

我很难建立一个项目，其中所有这些东西都很好地发挥作用。

• 水疗
  • StaticFiles
Web API (MVC)
• 大摇大摆(虚张声势)
• IdentityServer4
  • IdentityServer4。AspNetIdentity
  • IdentityServer4。EntityFramework
  社会登录

我从IdentityServer4开始。示例Quickstart6_AspNetIdentity代码集成nuget后的nuget.

            // spa
            app.UseDefaultFiles();
            app.UseStaticFiles();
            app.UseCors("any");
            // api
            app.Map(new PathString("/api"), map =>
            {
                map.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
                {
                    Authority = PublicHostUri,
                    ScopeName = ScopeName,
                    ScopeSecret = "secret",
                    RequireHttpsMetadata = PublicHostUri.ToLower().StartsWith("https"),
                    SaveToken = true,
                    EnableCaching = true
                });
                map.UseMvc();
            });
                // sts
                JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
                app.UseIdentity();
                app.UseIdentityServer();
                // Add external authentication middleware below. To configure them please see http://go.microsoft.com/fwlink/?LinkID=532715
                app.UseCookieAuthentication(new CookieAuthenticationOptions
                {
                    AuthenticationScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
                    AutomaticAuthenticate = false,
                    AutomaticChallenge = false
                });
                app.UseTwitterAuthentication(new TwitterOptions
                {
                    ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g",
                    ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI"
                });
                app.UseGoogleAuthentication(new GoogleOptions
                {
                    AuthenticationScheme = "Google",
                    DisplayName = "Google",
                    SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
                    ClientId = "434483408261-55tc8n0cs4ff1fe21ea8df2o443v2iuc.apps.googleusercontent.com",
                    ClientSecret = "3gcoTrEDPPJ0ukn_aYYT6PWo"
                });                          
            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });           
            app.UseSwagger();
            app.UseSwaggerUi();

我正在努力以这样一种方式隔离Web API部分，即承载AuthenticationScheme是/API管道中唯一活跃的身份验证。

现在所有添加的认证方案，如cookie, Google, Twitter, OIDC, Bearer都用于/api路由。

我错过了什么?为什么/api不仅使用UseIdentityServerAuthentication又名承载令牌方案?

更新:我已经在这里分享了概念代码的工作证明https://github.com/ChrisRichner/CoreWebApp.Quickstart

        // api
        app.MapWhen(context => context.Request.Path.Value.StartsWith("/api"), builder=>
        {
            builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
            {
                Authority = PublicHostUri,
                ScopeName = ScopeName,
                ScopeSecret = "secret",
                RequireHttpsMetadata = PublicHostUri.ToLower().StartsWith("https"),
                SaveToken = true,
                EnableCaching = true
            });
            builder.UseMvc();
        });