项目背景:基于人脉关系的金融行业项目
用户:
1、账号:
2、管理自己的项目
3、引入别人的项目
4、消息:
5、好友:
OAuth是一个关于授权(authorization)的开放网络标准
四种授权方式:
理解OAuth 2.0:
https://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html
dotnet new webapi --name IdentityServerCenter
VS Code 如何安装 nuget:
https://blog.csdn.net/qq_36051316/article/details/84106418
安装失败原因及解决方案:
vscode解决nuget插件不能使用的问题:
https://www.cnblogs.com/lori/p/11651079.html
Visual Studio 连接不上NuGet 官方程序包源的解决办法:
https://blog.csdn.net/weixin_34161083/article/details/85764761
添加引用
using IdentityServer4;
注册服务
services.AddIdentityServer()
.AddDeveloperSigningCredential();
使用服务
app.UseIdentityServer();
在 Program.cs 中配置启动端口
webBuilder.UseUrls("http://localhost:5000");
添加配置类 Config.cs,初始化 IdentityServer4
using System.Collections;
using System.Collections.Generic;
using IdentityServer4.Models;
namespace IdentityServerCenter
{
public class Config
{
public static IEnumerable<ApiResource> GetResource()
{
return new List<ApiResource>
{
new ApiResource("api", "My Api")
};
}
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client()
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = {"api"},
}
};
}
}
}
更改 IdentityServer4 配置
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(Config.GetResource())
.AddInMemoryClients(Config.GetClients());
启动程序
dotnet run
访问地址
http://localhost:5000/.well-known/openid-configuration
结果如下( json 格式化)
{
"issuer": "http://localhost:5000",
"jwks_uri": "http://localhost:5000/.well-known/openid-configuration/jwks",
"authorization_endpoint": "http://localhost:5000/connect/authorize",
"token_endpoint": "http://localhost:5000/connect/token",
"userinfo_endpoint": "http://localhost:5000/connect/userinfo",
"end_session_endpoint": "http://localhost:5000/connect/endsession",
"check_session_iframe": "http://localhost:5000/connect/checksession",
"revocation_endpoint": "http://localhost:5000/connect/revocation",
"introspection_endpoint": "http://localhost:5000/connect/introspect",
"device_authorization_endpoint": "http://localhost:5000/connect/deviceauthorization",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"backchannel_logout_supported": true,
"backchannel_logout_session_supported": true,
"scopes_supported": [
"api",
"offline_access"
],
"claims_supported": [],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"urn:ietf:params:oauth:grant-type:device_code"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"subject_types_supported": [
"public"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"request_parameter_supported": true
}
可以看到四种授权方式:
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"urn:ietf:params:oauth:grant-type:device_code"
],
http://video.jessetalk.cn/course/explore
本作品采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议进行许可。
欢迎转载、使用、重新发布,但务必保留文章署名 郑子铭 (包含链接: http://www.cnblogs.com/MingsonZheng/ ),不得用于商业目的,基于本文修改后的作品务必以相同的许可发布。
如有任何疑问,请与我联系 (MingsonZheng@outlook.com) 。
ASP.NET Core分布式项目实战(业务介绍,架构设计,oAuth2,IdentityServer4)--学习笔记
原文:https://www.cnblogs.com/MingsonZheng/p/12630155.html