服务端安装 install-package Duende.IdentityServer
客户端 install-package IdentityModel
webapi 基于jwt 需要安装 install-package Microsoft.AspNetCore.Authentication.JwtBearer
在 IdentityServer 中启用OIDC需要
- 交互式用户界面 dotnet new isui
- OIDC范围的配置
public static IEnumerable<IdentityResource> IdentityResources => new IdentityResource[]
{
// 创建一个IdentityResources.OpenId类型的IdentityResource对象
new IdentityResources.OpenId(),
// 创建一个IdentityResources.Profile类型的IdentityResource对象
new IdentityResources.Profile(),
}; - OIDC客户端的配置
new Client
{
ClientId = "web",
ClientSecrets = {new Secret("secret".Sha256())},
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = { "https://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "https://localhost:5002/signout-callback-oidc" },
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
}
} - 要登录的用户
public static List<TestUser> TestUsers => new List<TestUser>
{
// 创建一个TestUser对象,并设置其属性
new TestUser
{
SubjectId = "1", // 设置SubjectId属性为"1"
Username = "admin", // 设置Username属性为"admin"
Password = "123456" // 设置Password属性为"123456"
}
};
创建OIDC客户端
dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect
配置身份验证服务
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
}).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://localhost:5001";
options.ClientId = "web";
options.ClientSecret = "secret";
options.ResponseType = "code";
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.MapInboundClaims = false;
options.SaveTokens = true;
});
标签:package,new,IdentityResources,IdentityServer,Duende,options,oidc From: https://www.cnblogs.com/yangchaonet/p/18472489