add-pkce

IdentityServer/Configuration.cs

@@ -44,6 +44,7 @@ namespace IdentityServer
                      ClientId="client_id_mvc",
                      ClientSecrets={ new Secret("client_secret_mvc".ToSha256())},
                      AllowedGrantTypes = GrantTypes.Code,
+                     RequirePkce=true,
                      RedirectUris={ "https://localhost:44349/signin-oidc" },
                      PostLogoutRedirectUris={ "https://localhost:44349/Home/Index" },
                      AllowedScopes={
@@ -62,8 +63,12 @@ namespace IdentityServer
                 {
                      ClientId="client_id_js",
 
-                     AllowedGrantTypes = GrantTypes.Implicit,
+                    // AllowedGrantTypes = GrantTypes.Implicit, //when add RequirePkce AllowedGrantTypes change to code 
+                    
 
+                    AllowedGrantTypes = GrantTypes.Code,
+                    RequirePkce=true,
+                    RequireClientSecret=false,
                      RedirectUris={ "https://localhost:44387/Home/signin" },
                      PostLogoutRedirectUris={ "https://localhost:44387/Home/Idex" },
                      AllowedCorsOrigins={ "https://localhost:44387" },

IdentityServer/IdentityServer.csproj

@@ -9,6 +9,7 @@
     <PackageReference Include="IdentityServer4.AspNetIdentity" Version="3.1.3" />
     <PackageReference Include="IdentityServer4.EntityFramework" Version="3.1.3" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Facebook" Version="3.1.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="3.1.4" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.4" />
     <PackageReference Include="Microsoft.EntityFrameworkCore" Version="3.1.4" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="3.1.4">

IdentityServer/Program.cs

@@ -32,36 +32,36 @@ namespace IdentityServer
                     new Claim("rc.api.garndma", "big.api.cookie"))
                     .GetAwaiter().GetResult();
 
-                scope.ServiceProvider.GetRequiredService<PersistedGrantDbContext>().Database.Migrate();
+                //scope.ServiceProvider.GetRequiredService<PersistedGrantDbContext>().Database.Migrate();
 
-                var context = scope.ServiceProvider.GetRequiredService<ConfigurationDbContext>();
-                context.Database.Migrate();
-                if (!context.Clients.Any())
-                {
-                    foreach (var client in Configuration.GetClients())
-                    {
-                        context.Clients.Add(client.ToEntity());
-                    }
-                    context.SaveChanges();
-                }
+                //var context = scope.ServiceProvider.GetRequiredService<ConfigurationDbContext>();
+                //context.Database.Migrate();
+                //if (!context.Clients.Any())
+                //{
+                //    foreach (var client in Configuration.GetClients())
+                //    {
+                //        context.Clients.Add(client.ToEntity());
+                //    }
+                //    context.SaveChanges();
+                //}
 
-                if (!context.IdentityResources.Any())
-                {
-                    foreach (var resource in Configuration.GetIdentityResources())
-                    {
-                        context.IdentityResources.Add(resource.ToEntity());
-                    }
-                    context.SaveChanges();
-                }
+                //if (!context.IdentityResources.Any())
+                //{
+                //    foreach (var resource in Configuration.GetIdentityResources())
+                //    {
+                //        context.IdentityResources.Add(resource.ToEntity());
+                //    }
+                //    context.SaveChanges();
+                //}
 
-                if (!context.ApiResources.Any())
-                {
-                    foreach (var resource in Configuration.GetApis())
-                    {
-                        context.ApiResources.Add(resource.ToEntity());
-                    }
-                    context.SaveChanges();
-                }
+                //if (!context.ApiResources.Any())
+                //{
+                //    foreach (var resource in Configuration.GetApis())
+                //    {
+                //        context.ApiResources.Add(resource.ToEntity());
+                //    }
+                //    context.SaveChanges();
+                //}
             }
                 host.Run();
         }

IdentityServer/Startup.cs

@@ -55,22 +55,22 @@ namespace IdentityServer
             //var certificate = new X509Certificate2(filePath,"Cesc007+");
             services.AddIdentityServer()
                 .AddAspNetIdentity<IdentityUser>()
-                .AddConfigurationStore(options =>
-                {
-                    options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
-                        sql => sql.MigrationsAssembly(assembly));
-                })
-                .AddOperationalStore(options =>
-                {
-                    options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
-                        sql => sql.MigrationsAssembly(assembly));
-                })
-                //.AddSigningCredential(certificate);
-                .AddDeveloperSigningCredential();
-            //.AddInMemoryApiResources(Configuration.GetApis())
-            //.AddInMemoryIdentityResources(Configuration.GetIdentityResources())
-            //.AddInMemoryClients(Configuration.GetClients())
-            //.AddDeveloperSigningCredential(); 
+                //.AddConfigurationStore(options =>
+                //{
+                //    options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
+                //        sql => sql.MigrationsAssembly(assembly));
+                //})
+                //.AddOperationalStore(options =>
+                //{
+                //    options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
+                //        sql => sql.MigrationsAssembly(assembly));
+                //})
+                ////.AddSigningCredential(certificate);
+                //.AddDeveloperSigningCredential();
+            .AddInMemoryApiResources(Configuration.GetApis())
+            .AddInMemoryIdentityResources(Configuration.GetIdentityResources())
+            .AddInMemoryClients(Configuration.GetClients())
+            .AddDeveloperSigningCredential();
 
             services.AddAuthentication()
                 .AddFacebook(config =>

JavascriptClient/Views/Home/SignIn.cshtml

@@ -2,7 +2,10 @@
 
 <script>
     //var userManger = new Oidc.UserManager();
-    var userManger = new Oidc.UserManager({userStore: new Oidc.WebStorageStateStore({ store: window.localStorage })    });
+    var userManger = new Oidc.UserManager({
+        userStore: new Oidc.WebStorageStateStore({ store: window.localStorage }),
+        response_mode: "query"
+    });
 
     userManger.signinCallback().then(res => {
         console.log(res);

JavascriptClient/wwwroot/main.js

@@ -4,7 +4,8 @@
     client_id: "client_id_js",
     redirect_uri: "https://localhost:44387/Home/SignIn",
     post_logout_redirect_uri: "https://localhost:44387/Home/Index",
-    response_type: "id_token token",
+    //response_type: "id_token token", //when add RequirePkce response_type change to code
+    response_type: "code",
     scope: "openid rc.scope ApiOne ApiTwo"
 };
 

MvcClient/Startup.cs

@@ -28,6 +28,7 @@ namespace MvcClient
 
                     config.ResponseType = "code";
                     config.SignedOutCallbackPath = "/Home/Index";
+                    //config.UsePkce = true;  //optional
                     //config cookie claim mapping
                     config.ClaimActions.DeleteClaim("amr");
                     config.ClaimActions.MapUniqueJsonKey("ReadaCoding.Grandma","rc.grandma");