Commit 9f41325a authored by alan.f's avatar alan.f

add-pkce

parent e9666abe
......@@ -44,6 +44,7 @@ namespace IdentityServer
ClientId="client_id_mvc",
ClientSecrets={ new Secret("client_secret_mvc".ToSha256())},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce=true,
RedirectUris={ "https://localhost:44349/signin-oidc" },
PostLogoutRedirectUris={ "https://localhost:44349/Home/Index" },
AllowedScopes={
......@@ -62,8 +63,12 @@ namespace IdentityServer
{
ClientId="client_id_js",
AllowedGrantTypes = GrantTypes.Implicit,
// AllowedGrantTypes = GrantTypes.Implicit, //when add RequirePkce AllowedGrantTypes change to code
AllowedGrantTypes = GrantTypes.Code,
RequirePkce=true,
RequireClientSecret=false,
RedirectUris={ "https://localhost:44387/Home/signin" },
PostLogoutRedirectUris={ "https://localhost:44387/Home/Idex" },
AllowedCorsOrigins={ "https://localhost:44387" },
......
......@@ -9,6 +9,7 @@
<PackageReference Include="IdentityServer4.AspNetIdentity" Version="3.1.3" />
<PackageReference Include="IdentityServer4.EntityFramework" Version="3.1.3" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.Facebook" Version="3.1.4" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="3.1.4" />
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.4" />
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="3.1.4" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="3.1.4">
......
......@@ -32,36 +32,36 @@ namespace IdentityServer
new Claim("rc.api.garndma", "big.api.cookie"))
.GetAwaiter().GetResult();
scope.ServiceProvider.GetRequiredService<PersistedGrantDbContext>().Database.Migrate();
//scope.ServiceProvider.GetRequiredService<PersistedGrantDbContext>().Database.Migrate();
var context = scope.ServiceProvider.GetRequiredService<ConfigurationDbContext>();
context.Database.Migrate();
if (!context.Clients.Any())
{
foreach (var client in Configuration.GetClients())
{
context.Clients.Add(client.ToEntity());
}
context.SaveChanges();
}
//var context = scope.ServiceProvider.GetRequiredService<ConfigurationDbContext>();
//context.Database.Migrate();
//if (!context.Clients.Any())
//{
// foreach (var client in Configuration.GetClients())
// {
// context.Clients.Add(client.ToEntity());
// }
// context.SaveChanges();
//}
if (!context.IdentityResources.Any())
{
foreach (var resource in Configuration.GetIdentityResources())
{
context.IdentityResources.Add(resource.ToEntity());
}
context.SaveChanges();
}
//if (!context.IdentityResources.Any())
//{
// foreach (var resource in Configuration.GetIdentityResources())
// {
// context.IdentityResources.Add(resource.ToEntity());
// }
// context.SaveChanges();
//}
if (!context.ApiResources.Any())
{
foreach (var resource in Configuration.GetApis())
{
context.ApiResources.Add(resource.ToEntity());
}
context.SaveChanges();
}
//if (!context.ApiResources.Any())
//{
// foreach (var resource in Configuration.GetApis())
// {
// context.ApiResources.Add(resource.ToEntity());
// }
// context.SaveChanges();
//}
}
host.Run();
}
......
......@@ -55,22 +55,22 @@ namespace IdentityServer
//var certificate = new X509Certificate2(filePath,"Cesc007+");
services.AddIdentityServer()
.AddAspNetIdentity<IdentityUser>()
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(assembly));
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(assembly));
})
//.AddSigningCredential(certificate);
.AddDeveloperSigningCredential();
//.AddInMemoryApiResources(Configuration.GetApis())
//.AddInMemoryIdentityResources(Configuration.GetIdentityResources())
//.AddInMemoryClients(Configuration.GetClients())
//.AddConfigurationStore(options =>
//{
// options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
// sql => sql.MigrationsAssembly(assembly));
//})
//.AddOperationalStore(options =>
//{
// options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
// sql => sql.MigrationsAssembly(assembly));
//})
////.AddSigningCredential(certificate);
//.AddDeveloperSigningCredential();
.AddInMemoryApiResources(Configuration.GetApis())
.AddInMemoryIdentityResources(Configuration.GetIdentityResources())
.AddInMemoryClients(Configuration.GetClients())
.AddDeveloperSigningCredential();
services.AddAuthentication()
.AddFacebook(config =>
......
......@@ -2,7 +2,10 @@
<script>
//var userManger = new Oidc.UserManager();
var userManger = new Oidc.UserManager({userStore: new Oidc.WebStorageStateStore({ store: window.localStorage }) });
var userManger = new Oidc.UserManager({
userStore: new Oidc.WebStorageStateStore({ store: window.localStorage }),
response_mode: "query"
});
userManger.signinCallback().then(res => {
console.log(res);
......
......@@ -4,7 +4,8 @@
client_id: "client_id_js",
redirect_uri: "https://localhost:44387/Home/SignIn",
post_logout_redirect_uri: "https://localhost:44387/Home/Index",
response_type: "id_token token",
//response_type: "id_token token", //when add RequirePkce response_type change to code
response_type: "code",
scope: "openid rc.scope ApiOne ApiTwo"
};
......
......@@ -28,6 +28,7 @@ namespace MvcClient
config.ResponseType = "code";
config.SignedOutCallbackPath = "/Home/Index";
//config.UsePkce = true; //optional
//config cookie claim mapping
config.ClaimActions.DeleteClaim("amr");
config.ClaimActions.MapUniqueJsonKey("ReadaCoding.Grandma","rc.grandma");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment