Commit 9f41325a authored by alan.f's avatar alan.f

add-pkce

parent e9666abe
...@@ -44,6 +44,7 @@ namespace IdentityServer ...@@ -44,6 +44,7 @@ namespace IdentityServer
ClientId="client_id_mvc", ClientId="client_id_mvc",
ClientSecrets={ new Secret("client_secret_mvc".ToSha256())}, ClientSecrets={ new Secret("client_secret_mvc".ToSha256())},
AllowedGrantTypes = GrantTypes.Code, AllowedGrantTypes = GrantTypes.Code,
RequirePkce=true,
RedirectUris={ "https://localhost:44349/signin-oidc" }, RedirectUris={ "https://localhost:44349/signin-oidc" },
PostLogoutRedirectUris={ "https://localhost:44349/Home/Index" }, PostLogoutRedirectUris={ "https://localhost:44349/Home/Index" },
AllowedScopes={ AllowedScopes={
...@@ -62,8 +63,12 @@ namespace IdentityServer ...@@ -62,8 +63,12 @@ namespace IdentityServer
{ {
ClientId="client_id_js", ClientId="client_id_js",
AllowedGrantTypes = GrantTypes.Implicit, // AllowedGrantTypes = GrantTypes.Implicit, //when add RequirePkce AllowedGrantTypes change to code
AllowedGrantTypes = GrantTypes.Code,
RequirePkce=true,
RequireClientSecret=false,
RedirectUris={ "https://localhost:44387/Home/signin" }, RedirectUris={ "https://localhost:44387/Home/signin" },
PostLogoutRedirectUris={ "https://localhost:44387/Home/Idex" }, PostLogoutRedirectUris={ "https://localhost:44387/Home/Idex" },
AllowedCorsOrigins={ "https://localhost:44387" }, AllowedCorsOrigins={ "https://localhost:44387" },
......
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
<PackageReference Include="IdentityServer4.AspNetIdentity" Version="3.1.3" /> <PackageReference Include="IdentityServer4.AspNetIdentity" Version="3.1.3" />
<PackageReference Include="IdentityServer4.EntityFramework" Version="3.1.3" /> <PackageReference Include="IdentityServer4.EntityFramework" Version="3.1.3" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.Facebook" Version="3.1.4" /> <PackageReference Include="Microsoft.AspNetCore.Authentication.Facebook" Version="3.1.4" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="3.1.4" />
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.4" /> <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.4" />
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="3.1.4" /> <PackageReference Include="Microsoft.EntityFrameworkCore" Version="3.1.4" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="3.1.4"> <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="3.1.4">
......
...@@ -32,36 +32,36 @@ namespace IdentityServer ...@@ -32,36 +32,36 @@ namespace IdentityServer
new Claim("rc.api.garndma", "big.api.cookie")) new Claim("rc.api.garndma", "big.api.cookie"))
.GetAwaiter().GetResult(); .GetAwaiter().GetResult();
scope.ServiceProvider.GetRequiredService<PersistedGrantDbContext>().Database.Migrate(); //scope.ServiceProvider.GetRequiredService<PersistedGrantDbContext>().Database.Migrate();
var context = scope.ServiceProvider.GetRequiredService<ConfigurationDbContext>(); //var context = scope.ServiceProvider.GetRequiredService<ConfigurationDbContext>();
context.Database.Migrate(); //context.Database.Migrate();
if (!context.Clients.Any()) //if (!context.Clients.Any())
{ //{
foreach (var client in Configuration.GetClients()) // foreach (var client in Configuration.GetClients())
{ // {
context.Clients.Add(client.ToEntity()); // context.Clients.Add(client.ToEntity());
} // }
context.SaveChanges(); // context.SaveChanges();
} //}
if (!context.IdentityResources.Any()) //if (!context.IdentityResources.Any())
{ //{
foreach (var resource in Configuration.GetIdentityResources()) // foreach (var resource in Configuration.GetIdentityResources())
{ // {
context.IdentityResources.Add(resource.ToEntity()); // context.IdentityResources.Add(resource.ToEntity());
} // }
context.SaveChanges(); // context.SaveChanges();
} //}
if (!context.ApiResources.Any()) //if (!context.ApiResources.Any())
{ //{
foreach (var resource in Configuration.GetApis()) // foreach (var resource in Configuration.GetApis())
{ // {
context.ApiResources.Add(resource.ToEntity()); // context.ApiResources.Add(resource.ToEntity());
} // }
context.SaveChanges(); // context.SaveChanges();
} //}
} }
host.Run(); host.Run();
} }
......
...@@ -55,22 +55,22 @@ namespace IdentityServer ...@@ -55,22 +55,22 @@ namespace IdentityServer
//var certificate = new X509Certificate2(filePath,"Cesc007+"); //var certificate = new X509Certificate2(filePath,"Cesc007+");
services.AddIdentityServer() services.AddIdentityServer()
.AddAspNetIdentity<IdentityUser>() .AddAspNetIdentity<IdentityUser>()
.AddConfigurationStore(options => //.AddConfigurationStore(options =>
{ //{
options.ConfigureDbContext = b => b.UseSqlServer(connectionString, // options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(assembly)); // sql => sql.MigrationsAssembly(assembly));
}) //})
.AddOperationalStore(options => //.AddOperationalStore(options =>
{ //{
options.ConfigureDbContext = b => b.UseSqlServer(connectionString, // options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(assembly)); // sql => sql.MigrationsAssembly(assembly));
}) //})
//.AddSigningCredential(certificate); ////.AddSigningCredential(certificate);
.AddDeveloperSigningCredential(); //.AddDeveloperSigningCredential();
//.AddInMemoryApiResources(Configuration.GetApis()) .AddInMemoryApiResources(Configuration.GetApis())
//.AddInMemoryIdentityResources(Configuration.GetIdentityResources()) .AddInMemoryIdentityResources(Configuration.GetIdentityResources())
//.AddInMemoryClients(Configuration.GetClients()) .AddInMemoryClients(Configuration.GetClients())
//.AddDeveloperSigningCredential(); .AddDeveloperSigningCredential();
services.AddAuthentication() services.AddAuthentication()
.AddFacebook(config => .AddFacebook(config =>
......
...@@ -2,7 +2,10 @@ ...@@ -2,7 +2,10 @@
<script> <script>
//var userManger = new Oidc.UserManager(); //var userManger = new Oidc.UserManager();
var userManger = new Oidc.UserManager({userStore: new Oidc.WebStorageStateStore({ store: window.localStorage }) }); var userManger = new Oidc.UserManager({
userStore: new Oidc.WebStorageStateStore({ store: window.localStorage }),
response_mode: "query"
});
userManger.signinCallback().then(res => { userManger.signinCallback().then(res => {
console.log(res); console.log(res);
......
...@@ -4,7 +4,8 @@ ...@@ -4,7 +4,8 @@
client_id: "client_id_js", client_id: "client_id_js",
redirect_uri: "https://localhost:44387/Home/SignIn", redirect_uri: "https://localhost:44387/Home/SignIn",
post_logout_redirect_uri: "https://localhost:44387/Home/Index", post_logout_redirect_uri: "https://localhost:44387/Home/Index",
response_type: "id_token token", //response_type: "id_token token", //when add RequirePkce response_type change to code
response_type: "code",
scope: "openid rc.scope ApiOne ApiTwo" scope: "openid rc.scope ApiOne ApiTwo"
}; };
......
...@@ -28,6 +28,7 @@ namespace MvcClient ...@@ -28,6 +28,7 @@ namespace MvcClient
config.ResponseType = "code"; config.ResponseType = "code";
config.SignedOutCallbackPath = "/Home/Index"; config.SignedOutCallbackPath = "/Home/Index";
//config.UsePkce = true; //optional
//config cookie claim mapping //config cookie claim mapping
config.ClaimActions.DeleteClaim("amr"); config.ClaimActions.DeleteClaim("amr");
config.ClaimActions.MapUniqueJsonKey("ReadaCoding.Grandma","rc.grandma"); config.ClaimActions.MapUniqueJsonKey("ReadaCoding.Grandma","rc.grandma");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment