feijie
1 year ago
24 changed files with 2250 additions and 0 deletions
@ -0,0 +1,103 @@ |
|||
# LINGYUN.Abp.OpenIddict.Application.Contracts |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application.Contracts) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.Application.Contracts` is the contract layer for OpenIddict application services, defining the interfaces, DTOs, and permissions required for OpenIddict management. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* Define OpenIddict Application Service Interfaces |
|||
* IOpenIddictApplicationAppService |
|||
* IOpenIddictAuthorizationAppService |
|||
* IOpenIddictTokenAppService |
|||
* IOpenIddictScopeAppService |
|||
|
|||
* Provide Standardized DTOs |
|||
* OpenIddictApplicationDto |
|||
* OpenIddictAuthorizationDto |
|||
* OpenIddictTokenDto |
|||
* OpenIddictScopeDto |
|||
* And corresponding Create and Update DTOs |
|||
|
|||
* Permission Definitions |
|||
* OpenIddict.Applications |
|||
* OpenIddict.Authorizations |
|||
* OpenIddict.Tokens |
|||
* OpenIddict.Scopes |
|||
|
|||
* Multilingual Support |
|||
* Built-in Chinese and English localization resources |
|||
* Support for custom language extensions |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.Application.Contracts |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictApplicationContractsModule))]` to your module class. |
|||
|
|||
2. Inject and use the corresponding application service interfaces: |
|||
|
|||
```csharp |
|||
public class YourService |
|||
{ |
|||
private readonly IOpenIddictApplicationAppService _applicationAppService; |
|||
|
|||
public YourService(IOpenIddictApplicationAppService applicationAppService) |
|||
{ |
|||
_applicationAppService = applicationAppService; |
|||
} |
|||
|
|||
public async Task DoSomethingAsync() |
|||
{ |
|||
var applications = await _applicationAppService.GetListAsync( |
|||
new OpenIddictApplicationGetListInput()); |
|||
// ... |
|||
} |
|||
} |
|||
``` |
|||
|
|||
## Permissions |
|||
|
|||
The module defines the following permissions: |
|||
|
|||
* OpenIddict.Applications |
|||
* OpenIddict.Applications.Create |
|||
* OpenIddict.Applications.Update |
|||
* OpenIddict.Applications.Delete |
|||
* OpenIddict.Applications.ManagePermissions |
|||
* OpenIddict.Applications.ManageSecret |
|||
* OpenIddict.Authorizations |
|||
* OpenIddict.Authorizations.Delete |
|||
* OpenIddict.Scopes |
|||
* OpenIddict.Scopes.Create |
|||
* OpenIddict.Scopes.Update |
|||
* OpenIddict.Scopes.Delete |
|||
* OpenIddict.Tokens |
|||
* OpenIddict.Tokens.Delete |
|||
|
|||
## Localization |
|||
|
|||
The module supports multiple languages with built-in support for: |
|||
|
|||
* English (en) |
|||
* Simplified Chinese (zh-Hans) |
|||
|
|||
You can extend new languages as follows: |
|||
|
|||
```csharp |
|||
Configure<AbpLocalizationOptions>(options => |
|||
{ |
|||
options.Resources |
|||
.Get<AbpOpenIddictResource>() |
|||
.AddVirtualJson("/YourPath/Localization/Resources"); |
|||
}); |
|||
``` |
|||
@ -0,0 +1,103 @@ |
|||
# LINGYUN.Abp.OpenIddict.Application.Contracts |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application.Contracts) |
|||
|
|||
## 简介 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.Application.Contracts` 是 OpenIddict 应用服务的契约层,定义了 OpenIddict 管理所需的接口、DTO和权限。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能特性 |
|||
|
|||
* 定义 OpenIddict 应用服务接口 |
|||
* IOpenIddictApplicationAppService |
|||
* IOpenIddictAuthorizationAppService |
|||
* IOpenIddictTokenAppService |
|||
* IOpenIddictScopeAppService |
|||
|
|||
* 提供标准化的 DTO 对象 |
|||
* OpenIddictApplicationDto |
|||
* OpenIddictAuthorizationDto |
|||
* OpenIddictTokenDto |
|||
* OpenIddictScopeDto |
|||
* 以及相应的创建和更新 DTO |
|||
|
|||
* 权限定义 |
|||
* OpenIddict.Applications |
|||
* OpenIddict.Authorizations |
|||
* OpenIddict.Tokens |
|||
* OpenIddict.Scopes |
|||
|
|||
* 多语言支持 |
|||
* 内置中文和英文本地化资源 |
|||
* 支持自定义语言扩展 |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.Application.Contracts |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictApplicationContractsModule))]` 到你的模块类。 |
|||
|
|||
2. 注入并使用相应的应用服务接口: |
|||
|
|||
```csharp |
|||
public class YourService |
|||
{ |
|||
private readonly IOpenIddictApplicationAppService _applicationAppService; |
|||
|
|||
public YourService(IOpenIddictApplicationAppService applicationAppService) |
|||
{ |
|||
_applicationAppService = applicationAppService; |
|||
} |
|||
|
|||
public async Task DoSomethingAsync() |
|||
{ |
|||
var applications = await _applicationAppService.GetListAsync( |
|||
new OpenIddictApplicationGetListInput()); |
|||
// ... |
|||
} |
|||
} |
|||
``` |
|||
|
|||
## 权限 |
|||
|
|||
模块定义了以下权限: |
|||
|
|||
* OpenIddict.Applications |
|||
* OpenIddict.Applications.Create |
|||
* OpenIddict.Applications.Update |
|||
* OpenIddict.Applications.Delete |
|||
* OpenIddict.Applications.ManagePermissions |
|||
* OpenIddict.Applications.ManageSecret |
|||
* OpenIddict.Authorizations |
|||
* OpenIddict.Authorizations.Delete |
|||
* OpenIddict.Scopes |
|||
* OpenIddict.Scopes.Create |
|||
* OpenIddict.Scopes.Update |
|||
* OpenIddict.Scopes.Delete |
|||
* OpenIddict.Tokens |
|||
* OpenIddict.Tokens.Delete |
|||
|
|||
## 本地化 |
|||
|
|||
模块支持多语言,内置了以下语言: |
|||
|
|||
* 英文 (en) |
|||
* 简体中文 (zh-Hans) |
|||
|
|||
可以通过以下方式扩展新的语言: |
|||
|
|||
```csharp |
|||
Configure<AbpLocalizationOptions>(options => |
|||
{ |
|||
options.Resources |
|||
.Get<AbpOpenIddictResource>() |
|||
.AddVirtualJson("/YourPath/Localization/Resources"); |
|||
}); |
|||
``` |
|||
@ -0,0 +1,65 @@ |
|||
# LINGYUN.Abp.OpenIddict.Application |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.Application` is an application service layer implementation based on ABP OpenIddict, providing management functionality for OpenIddict clients, authorizations, tokens, and scopes. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* OpenIddict Client Application Management |
|||
* Create, update, and delete client applications |
|||
* Manage client basic information (client ID, secret, name, etc.) |
|||
* Configure grant types, response types, scopes, and redirect URIs |
|||
* Support custom configuration of client properties and requirements |
|||
|
|||
* OpenIddict Authorization Management |
|||
* Query and delete authorization records |
|||
* Filter authorizations by client ID, creation time, status, etc. |
|||
|
|||
* OpenIddict Token Management |
|||
* Query and delete tokens |
|||
* Filter tokens by client ID, creation time, expiration time, status, etc. |
|||
|
|||
* OpenIddict Scope Management |
|||
* Create, update, and delete scopes |
|||
* Manage scope basic information (name, description, display name, etc.) |
|||
* Support multilingual display names and descriptions |
|||
* Configure resources associated with scopes |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.Application |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictApplicationModule))]` to your module class. |
|||
|
|||
2. Configure permissions: |
|||
|
|||
The module predefines the following permissions: |
|||
|
|||
* OpenIddict.Applications: Client application management |
|||
* OpenIddict.Applications.Create: Create clients |
|||
* OpenIddict.Applications.Update: Update clients |
|||
* OpenIddict.Applications.Delete: Delete clients |
|||
* OpenIddict.Authorizations: Authorization management |
|||
* OpenIddict.Authorizations.Delete: Delete authorizations |
|||
* OpenIddict.Scopes: Scope management |
|||
* OpenIddict.Scopes.Create: Create scopes |
|||
* OpenIddict.Scopes.Update: Update scopes |
|||
* OpenIddict.Scopes.Delete: Delete scopes |
|||
* OpenIddict.Tokens: Token management |
|||
* OpenIddict.Tokens.Delete: Delete tokens |
|||
|
|||
## Notes |
|||
|
|||
* Client application ClientId cannot be modified after creation |
|||
* Deleting a client application will also delete related authorizations and tokens |
|||
* Scope names cannot be modified after creation |
|||
@ -0,0 +1,65 @@ |
|||
# LINGYUN.Abp.OpenIddict.Application |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application) |
|||
|
|||
## 简介 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.Application` 是基于 ABP OpenIddict 的应用服务层实现,提供了对 OpenIddict 客户端、授权、令牌和作用域的管理功能。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能特性 |
|||
|
|||
* OpenIddict 客户端应用程序管理 |
|||
* 创建、更新、删除客户端应用程序 |
|||
* 管理客户端基本信息(客户端ID、密钥、名称等) |
|||
* 配置授权类型、响应类型、作用域和重定向URI |
|||
* 支持客户端属性和要求的自定义配置 |
|||
|
|||
* OpenIddict 授权管理 |
|||
* 查询和删除授权记录 |
|||
* 按客户端ID、创建时间、状态等条件筛选授权 |
|||
|
|||
* OpenIddict 令牌管理 |
|||
* 查询和删除令牌 |
|||
* 按客户端ID、创建时间、过期时间、状态等条件筛选令牌 |
|||
|
|||
* OpenIddict 作用域管理 |
|||
* 创建、更新、删除作用域 |
|||
* 管理作用域基本信息(名称、描述、显示名称等) |
|||
* 支持多语言显示名称和描述 |
|||
* 配置作用域关联的资源 |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.Application |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictApplicationModule))]` 到你的模块类。 |
|||
|
|||
2. 配置权限: |
|||
|
|||
模块预定义了以下权限: |
|||
|
|||
* OpenIddict.Applications: 客户端应用管理 |
|||
* OpenIddict.Applications.Create: 创建客户端 |
|||
* OpenIddict.Applications.Update: 更新客户端 |
|||
* OpenIddict.Applications.Delete: 删除客户端 |
|||
* OpenIddict.Authorizations: 授权管理 |
|||
* OpenIddict.Authorizations.Delete: 删除授权 |
|||
* OpenIddict.Scopes: 作用域管理 |
|||
* OpenIddict.Scopes.Create: 创建作用域 |
|||
* OpenIddict.Scopes.Update: 更新作用域 |
|||
* OpenIddict.Scopes.Delete: 删除作用域 |
|||
* OpenIddict.Tokens: 令牌管理 |
|||
* OpenIddict.Tokens.Delete: 删除令牌 |
|||
|
|||
## 注意事项 |
|||
|
|||
* 客户端应用程序的 ClientId 在创建后不能修改 |
|||
* 删除客户端应用程序会同时删除相关的授权和令牌 |
|||
* 作用域名称在创建后不能修改 |
|||
@ -0,0 +1,76 @@ |
|||
# LINGYUN.Abp.OpenIddict.AspNetCore.Session |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore.Session) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.AspNetCore.Session` is a session management extension module for OpenIddict, providing functionality for user session persistence, validation, and revocation. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* User Session Management |
|||
* Automatic session persistence on login |
|||
* Automatic session termination on logout |
|||
* Automatic session termination on token revocation |
|||
* UserInfo endpoint session validation |
|||
|
|||
* Multi-tenancy Support |
|||
* Session management supports multi-tenant scenarios |
|||
* Tenant-isolated session storage |
|||
|
|||
* Configurable Session Persistence |
|||
* Support for configuring grant types that require session persistence |
|||
* Default support for password grant type |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore.Session |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictAspNetCoreSessionModule))]` to your module class. |
|||
|
|||
2. Configure session options: |
|||
|
|||
```csharp |
|||
Configure<IdentitySessionSignInOptions>(options => |
|||
{ |
|||
options.SignInSessionEnabled = true; // Enable login session |
|||
options.SignOutSessionEnabled = true; // Enable logout session |
|||
}); |
|||
|
|||
Configure<AbpOpenIddictAspNetCoreSessionOptions>(options => |
|||
{ |
|||
// Configure grant types that require session persistence |
|||
options.PersistentSessionGrantTypes.Add(GrantTypes.Password); |
|||
options.PersistentSessionGrantTypes.Add("custom_grant_type"); |
|||
}); |
|||
``` |
|||
|
|||
## Workflow |
|||
|
|||
1. User Login |
|||
* When a user successfully logs in through configured grant types |
|||
* System automatically creates and persists session information |
|||
|
|||
2. Session Validation |
|||
* When user accesses the UserInfo endpoint |
|||
* System automatically validates if the session is valid |
|||
* Returns appropriate error if session has expired or is invalid |
|||
|
|||
3. Session Termination |
|||
* Automatically terminates session on user logout |
|||
* Automatically terminates related sessions on token revocation |
|||
* Supports session management for multiple concurrent logins |
|||
|
|||
## Notes |
|||
|
|||
* Session persistence only applies to configured grant types |
|||
* Session validation automatically switches tenant context in multi-tenant environments |
|||
* Token revocation will terminate related user sessions |
|||
* UserInfo endpoint session validation is mandatory, invalid sessions will result in request rejection |
|||
@ -0,0 +1,76 @@ |
|||
# LINGYUN.Abp.OpenIddict.AspNetCore.Session |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore.Session) |
|||
|
|||
## 简介 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.AspNetCore.Session` 是 OpenIddict 的会话管理扩展模块,提供了用户会话的持久化、验证和撤销功能。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能特性 |
|||
|
|||
* 用户会话管理 |
|||
* 登录时自动持久化会话 |
|||
* 登出时自动终止会话 |
|||
* 令牌撤销时自动终止会话 |
|||
* UserInfo 端点会话验证 |
|||
|
|||
* 多租户支持 |
|||
* 会话管理支持多租户场景 |
|||
* 租户隔离的会话存储 |
|||
|
|||
* 可配置的会话持久化 |
|||
* 支持配置需要持久化会话的授权类型 |
|||
* 默认支持密码授权类型 |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore.Session |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictAspNetCoreSessionModule))]` 到你的模块类。 |
|||
|
|||
2. 配置会话选项: |
|||
|
|||
```csharp |
|||
Configure<IdentitySessionSignInOptions>(options => |
|||
{ |
|||
options.SignInSessionEnabled = true; // 启用登录会话 |
|||
options.SignOutSessionEnabled = true; // 启用登出会话 |
|||
}); |
|||
|
|||
Configure<AbpOpenIddictAspNetCoreSessionOptions>(options => |
|||
{ |
|||
// 配置需要持久化会话的授权类型 |
|||
options.PersistentSessionGrantTypes.Add(GrantTypes.Password); |
|||
options.PersistentSessionGrantTypes.Add("custom_grant_type"); |
|||
}); |
|||
``` |
|||
|
|||
## 工作流程 |
|||
|
|||
1. 用户登录 |
|||
* 当用户通过配置的授权类型登录成功时 |
|||
* 系统自动创建并持久化会话信息 |
|||
|
|||
2. 会话验证 |
|||
* 当用户访问 UserInfo 端点时 |
|||
* 系统自动验证会话是否有效 |
|||
* 如果会话已过期或无效,返回相应的错误 |
|||
|
|||
3. 会话终止 |
|||
* 用户主动登出时自动终止会话 |
|||
* 令牌撤销时自动终止相关会话 |
|||
* 支持多终端同时登录的会话管理 |
|||
|
|||
## 注意事项 |
|||
|
|||
* 会话持久化仅对配置的授权类型生效 |
|||
* 会话验证在多租户环境中会自动切换租户上下文 |
|||
* 令牌撤销会同时终止相关的用户会话 |
|||
* UserInfo 端点的会话验证是强制的,无效会话将导致请求被拒绝 |
|||
@ -0,0 +1,74 @@ |
|||
# LINGYUN.Abp.OpenIddict.AspNetCore |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.AspNetCore` is an ASP.NET Core integration module based on ABP OpenIddict, providing user information extensions and avatar URL claim support. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* Extended UserInfo Endpoint |
|||
* Support for returning user avatar URL |
|||
* Extended standard OpenID Connect claims |
|||
* Multi-tenancy support |
|||
|
|||
* Avatar URL Claims Contributor |
|||
* Automatically add user avatar URL claim |
|||
* Integration with identity system |
|||
|
|||
* OpenIddict Server Configuration |
|||
* Pre-configured avatar URL claim support |
|||
* Inherits from Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictAspNetCoreModule))]` to your module class. |
|||
|
|||
2. The UserInfo endpoint will automatically be extended to include the following claims: |
|||
* sub (User ID) |
|||
* tenant_id (Tenant ID, if multi-tenancy is enabled) |
|||
* preferred_username (Username) |
|||
* family_name (Surname) |
|||
* given_name (Name) |
|||
* picture (Avatar URL) |
|||
* email |
|||
* email_verified |
|||
* phone_number |
|||
* phone_number_verified |
|||
* role |
|||
|
|||
3. The avatar URL claim will be automatically added to the user's identity claims. |
|||
|
|||
## Configuration |
|||
|
|||
By default, the module is pre-configured with the required settings. If you need to customize the configuration, you can modify it in the module's `PreConfigureServices` method: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// Custom configuration |
|||
builder.RegisterClaims(new[] { "your_custom_claim" }); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
## Notes |
|||
|
|||
* The avatar URL claim type is `IdentityConsts.ClaimType.Avatar.Name` |
|||
* The UserInfo endpoint requires corresponding scope permissions to return information: |
|||
* profile: Basic information and avatar |
|||
* email: Email-related information |
|||
* phone: Phone number-related information |
|||
* roles: User role information |
|||
@ -0,0 +1,74 @@ |
|||
# LINGYUN.Abp.OpenIddict.AspNetCore |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore) |
|||
|
|||
## 简介 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.AspNetCore` 是基于 ABP OpenIddict 的 ASP.NET Core 集成模块,提供了用户信息扩展和头像URL声明支持。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能特性 |
|||
|
|||
* 扩展用户信息端点 |
|||
* 支持返回用户头像URL |
|||
* 扩展标准 OpenID Connect 声明 |
|||
* 支持多租户 |
|||
|
|||
* 头像URL声明贡献者 |
|||
* 自动添加用户头像URL声明 |
|||
* 与身份系统集成 |
|||
|
|||
* OpenIddict 服务器配置 |
|||
* 预配置头像URL声明支持 |
|||
* 继承自 Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictAspNetCoreModule))]` 到你的模块类。 |
|||
|
|||
2. 用户信息端点将自动扩展以包含以下声明: |
|||
* sub (用户ID) |
|||
* tenant_id (租户ID,如果启用了多租户) |
|||
* preferred_username (用户名) |
|||
* family_name (姓氏) |
|||
* given_name (名字) |
|||
* picture (头像URL) |
|||
* email |
|||
* email_verified |
|||
* phone_number |
|||
* phone_number_verified |
|||
* role |
|||
|
|||
3. 头像URL声明会自动添加到用户的身份声明中。 |
|||
|
|||
## 配置 |
|||
|
|||
默认情况下,模块已预配置了所需的设置。如果需要自定义配置,可以在模块的 `PreConfigureServices` 方法中修改: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// 自定义配置 |
|||
builder.RegisterClaims(new[] { "your_custom_claim" }); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
## 注意事项 |
|||
|
|||
* 头像URL声明的类型为 `IdentityConsts.ClaimType.Avatar.Name` |
|||
* 用户信息端点需要相应的作用域权限才能返回信息: |
|||
* profile: 基本信息和头像 |
|||
* email: 电子邮件相关信息 |
|||
* phone: 电话号码相关信息 |
|||
* roles: 用户角色信息 |
|||
@ -0,0 +1,89 @@ |
|||
# LINGYUN.Abp.OpenIddict.Dapr.Client |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Dapr.Client) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.Dapr.Client` is a Dapr-based OpenIddict client module that provides functionality to call OpenIddict remote services using the Dapr service invocation building block. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* Dapr Service Invocation Integration |
|||
* Automatic registration of Dapr client proxies for OpenIddict application contracts |
|||
* Support accessing OpenIddict remote services via Dapr service invocation |
|||
* Support service-to-service communication in distributed systems |
|||
|
|||
* Remote Service Support |
|||
* Support all services defined in OpenIddict application contracts |
|||
* Support application management |
|||
* Support authorization management |
|||
* Support scope management |
|||
* Support token management |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.Dapr.Client |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictDaprClientModule))]` to your module class. |
|||
|
|||
2. Configure Dapr service invocation: |
|||
|
|||
```csharp |
|||
public override void ConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
Configure<AbpDaprClientOptions>(options => |
|||
{ |
|||
options.ApplicationServices.Configure(config => |
|||
{ |
|||
// Configure the AppId for OpenIddict service |
|||
config.AppId = "openiddict-service"; |
|||
}); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. Usage example: |
|||
|
|||
```csharp |
|||
public class MyService |
|||
{ |
|||
private readonly IOpenIddictApplicationAppService _applicationAppService; |
|||
|
|||
public MyService(IOpenIddictApplicationAppService applicationAppService) |
|||
{ |
|||
_applicationAppService = applicationAppService; |
|||
} |
|||
|
|||
public async Task DoSomethingAsync() |
|||
{ |
|||
// Access OpenIddict application service via Dapr service invocation |
|||
var applications = await _applicationAppService.GetListAsync( |
|||
new GetApplicationsInput()); |
|||
} |
|||
} |
|||
``` |
|||
|
|||
## Configuration |
|||
|
|||
* AppId |
|||
* Application identifier for the OpenIddict service |
|||
* Must match the app ID in Dapr component configuration |
|||
|
|||
* RemoteServiceName |
|||
* Name of the OpenIddict remote service |
|||
* Default value is "OpenIddict" |
|||
|
|||
## Notes |
|||
|
|||
* Ensure Dapr Sidecar is properly configured and running |
|||
* Ensure OpenIddict service is registered in Dapr |
|||
* Recommended to configure service-to-service authentication in production |
|||
* Recommended to configure retry policies for service invocation |
|||
* Recommended to configure service discovery mechanism |
|||
@ -0,0 +1,89 @@ |
|||
# LINGYUN.Abp.OpenIddict.Dapr.Client |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Dapr.Client) |
|||
|
|||
## 介绍 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.Dapr.Client` 是一个基于 Dapr 的 OpenIddict 客户端模块,提供了使用 Dapr 服务调用构建块来调用 OpenIddict 远程服务的功能。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能 |
|||
|
|||
* Dapr 服务调用集成 |
|||
* 自动注册 OpenIddict 应用程序契约的 Dapr 客户端代理 |
|||
* 支持通过 Dapr 服务调用访问 OpenIddict 远程服务 |
|||
* 支持分布式系统中的服务间通信 |
|||
|
|||
* 远程服务支持 |
|||
* 支持所有 OpenIddict 应用程序契约定义的服务 |
|||
* 支持应用程序管理 |
|||
* 支持授权管理 |
|||
* 支持作用域管理 |
|||
* 支持令牌管理 |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.Dapr.Client |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictDaprClientModule))]` 到你的模块类。 |
|||
|
|||
2. 配置 Dapr 服务调用: |
|||
|
|||
```csharp |
|||
public override void ConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
Configure<AbpDaprClientOptions>(options => |
|||
{ |
|||
options.ApplicationServices.Configure(config => |
|||
{ |
|||
// 配置 OpenIddict 服务的 AppId |
|||
config.AppId = "openiddict-service"; |
|||
}); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. 使用示例: |
|||
|
|||
```csharp |
|||
public class MyService |
|||
{ |
|||
private readonly IOpenIddictApplicationAppService _applicationAppService; |
|||
|
|||
public MyService(IOpenIddictApplicationAppService applicationAppService) |
|||
{ |
|||
_applicationAppService = applicationAppService; |
|||
} |
|||
|
|||
public async Task DoSomethingAsync() |
|||
{ |
|||
// 通过 Dapr 服务调用访问 OpenIddict 应用程序服务 |
|||
var applications = await _applicationAppService.GetListAsync( |
|||
new GetApplicationsInput()); |
|||
} |
|||
} |
|||
``` |
|||
|
|||
## 配置 |
|||
|
|||
* AppId |
|||
* OpenIddict 服务的应用程序标识符 |
|||
* 必须与 Dapr 组件配置中的应用 ID 匹配 |
|||
|
|||
* RemoteServiceName |
|||
* OpenIddict 远程服务的名称 |
|||
* 默认值为 "OpenIddict" |
|||
|
|||
## 注意事项 |
|||
|
|||
* 确保 Dapr Sidecar 已正确配置和运行 |
|||
* 确保 OpenIddict 服务已在 Dapr 中注册 |
|||
* 建议在生产环境中配置服务间的身份认证 |
|||
* 建议配置服务调用的重试策略 |
|||
* 建议配置服务发现机制 |
|||
@ -0,0 +1,83 @@ |
|||
# LINGYUN.Abp.OpenIddict.HttpApi.Client |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi.Client) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.HttpApi.Client` is the HTTP API client module for OpenIddict, providing client proxies for remote OpenIddict HTTP API calls. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* HTTP API Client Proxies |
|||
* Automatic HTTP client proxy generation |
|||
* Support for remote service calls |
|||
* Integration with ABP dynamic HTTP client proxies |
|||
|
|||
* Remote Service Configuration |
|||
* Support for configuring remote service URLs |
|||
* Support for configuring authentication methods |
|||
* Support for configuring request headers |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.HttpApi.Client |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictHttpApiClientModule))]` to your module class. |
|||
|
|||
2. Configure remote services: |
|||
|
|||
```csharp |
|||
public override void ConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
var configuration = context.Services.GetConfiguration(); |
|||
|
|||
Configure<AbpRemoteServiceOptions>(options => |
|||
{ |
|||
options.RemoteServices.Default = new RemoteServiceConfiguration |
|||
{ |
|||
BaseUrl = configuration["RemoteServices:Default:BaseUrl"] |
|||
}; |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. Usage example: |
|||
|
|||
```csharp |
|||
// Inject client proxy |
|||
private readonly IOpenIddictApplicationAppService _applicationService; |
|||
|
|||
public YourService(IOpenIddictApplicationAppService applicationService) |
|||
{ |
|||
_applicationService = applicationService; |
|||
} |
|||
|
|||
// Call remote service |
|||
var input = new OpenIddictApplicationCreateDto |
|||
{ |
|||
ClientId = "your-client-id", |
|||
DisplayName = "Your App", |
|||
// ... other properties |
|||
}; |
|||
var result = await _applicationService.CreateAsync(input); |
|||
``` |
|||
|
|||
## Configuration |
|||
|
|||
* RemoteServices |
|||
* Default:BaseUrl - Default remote service URL |
|||
* OpenIddict:BaseUrl - OpenIddict remote service URL |
|||
|
|||
## Notes |
|||
|
|||
* Correct remote service URLs need to be configured |
|||
* If remote services require authentication, corresponding authentication information needs to be configured |
|||
* HTTPS is recommended in production environments |
|||
* Client proxies automatically handle authentication token transmission |
|||
@ -0,0 +1,83 @@ |
|||
# LINGYUN.Abp.OpenIddict.HttpApi.Client |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi.Client) |
|||
|
|||
## 简介 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.HttpApi.Client` 是 OpenIddict 的 HTTP API 客户端模块,提供了远程调用 OpenIddict HTTP API 的客户端代理。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能特性 |
|||
|
|||
* HTTP API 客户端代理 |
|||
* 自动生成 HTTP 客户端代理 |
|||
* 支持远程服务调用 |
|||
* 集成 ABP 动态 HTTP 客户端代理 |
|||
|
|||
* 远程服务配置 |
|||
* 支持配置远程服务地址 |
|||
* 支持配置认证方式 |
|||
* 支持配置请求头 |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.HttpApi.Client |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictHttpApiClientModule))]` 到你的模块类。 |
|||
|
|||
2. 配置远程服务: |
|||
|
|||
```csharp |
|||
public override void ConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
var configuration = context.Services.GetConfiguration(); |
|||
|
|||
Configure<AbpRemoteServiceOptions>(options => |
|||
{ |
|||
options.RemoteServices.Default = new RemoteServiceConfiguration |
|||
{ |
|||
BaseUrl = configuration["RemoteServices:Default:BaseUrl"] |
|||
}; |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. 使用示例: |
|||
|
|||
```csharp |
|||
// 注入客户端代理 |
|||
private readonly IOpenIddictApplicationAppService _applicationService; |
|||
|
|||
public YourService(IOpenIddictApplicationAppService applicationService) |
|||
{ |
|||
_applicationService = applicationService; |
|||
} |
|||
|
|||
// 调用远程服务 |
|||
var input = new OpenIddictApplicationCreateDto |
|||
{ |
|||
ClientId = "your-client-id", |
|||
DisplayName = "Your App", |
|||
// ... 其他属性 |
|||
}; |
|||
var result = await _applicationService.CreateAsync(input); |
|||
``` |
|||
|
|||
## 配置项 |
|||
|
|||
* RemoteServices |
|||
* Default:BaseUrl - 默认远程服务地址 |
|||
* OpenIddict:BaseUrl - OpenIddict 远程服务地址 |
|||
|
|||
## 注意事项 |
|||
|
|||
* 需要配置正确的远程服务地址 |
|||
* 如果远程服务需要认证,需要配置相应的认证信息 |
|||
* 建议在生产环境中使用 HTTPS |
|||
* 客户端代理会自动处理认证令牌的传递 |
|||
@ -0,0 +1,117 @@ |
|||
# LINGYUN.Abp.OpenIddict.HttpApi |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.HttpApi` is the HTTP API module for OpenIddict, providing RESTful API interfaces for OpenIddict-related functionality. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* OpenIddict Application Management |
|||
* Create, update, delete applications |
|||
* Query application list |
|||
* Get application details |
|||
|
|||
* OpenIddict Authorization Management |
|||
* Query authorization list |
|||
* Get authorization details |
|||
* Delete authorization records |
|||
|
|||
* OpenIddict Token Management |
|||
* Query token list |
|||
* Get token details |
|||
* Delete token records |
|||
|
|||
* OpenIddict Scope Management |
|||
* Create, update, delete scopes |
|||
* Query scope list |
|||
* Get scope details |
|||
|
|||
* Localization Support |
|||
* Integrated with ABP localization framework |
|||
* Support for custom localization resources |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.HttpApi |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictHttpApiModule))]` to your module class. |
|||
|
|||
2. Configure permissions: |
|||
|
|||
```csharp |
|||
public override void ConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
Configure<AbpPermissionOptions>(options => |
|||
{ |
|||
options.ValueProviders.Add<OpenIddictPermissionValueProvider>(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. API usage example: |
|||
|
|||
```csharp |
|||
// Inject service |
|||
private readonly IOpenIddictApplicationAppService _applicationService; |
|||
|
|||
public YourService(IOpenIddictApplicationAppService applicationService) |
|||
{ |
|||
_applicationService = applicationService; |
|||
} |
|||
|
|||
// Create application |
|||
var input = new OpenIddictApplicationCreateDto |
|||
{ |
|||
ClientId = "your-client-id", |
|||
DisplayName = "Your App", |
|||
// ... other properties |
|||
}; |
|||
var result = await _applicationService.CreateAsync(input); |
|||
|
|||
// Query application list |
|||
var query = new OpenIddictApplicationGetListInput |
|||
{ |
|||
MaxResultCount = 10, |
|||
SkipCount = 0, |
|||
Filter = "search-term" |
|||
}; |
|||
var list = await _applicationService.GetListAsync(query); |
|||
``` |
|||
|
|||
## Permissions |
|||
|
|||
* OpenIddict.Applications |
|||
* OpenIddict.Applications.Create |
|||
* OpenIddict.Applications.Update |
|||
* OpenIddict.Applications.Delete |
|||
* OpenIddict.Applications.ManagePermissions |
|||
|
|||
* OpenIddict.Scopes |
|||
* OpenIddict.Scopes.Create |
|||
* OpenIddict.Scopes.Update |
|||
* OpenIddict.Scopes.Delete |
|||
* OpenIddict.Scopes.ManagePermissions |
|||
|
|||
* OpenIddict.Authorizations |
|||
* OpenIddict.Authorizations.Delete |
|||
* OpenIddict.Authorizations.ManagePermissions |
|||
|
|||
* OpenIddict.Tokens |
|||
* OpenIddict.Tokens.Delete |
|||
* OpenIddict.Tokens.ManagePermissions |
|||
|
|||
## Notes |
|||
|
|||
* All API endpoints require corresponding permissions to access |
|||
* Deleting an application will also delete related authorizations and tokens |
|||
* API endpoints support multi-tenant scenarios |
|||
* It is recommended to enable API authentication and authorization in production environments |
|||
@ -0,0 +1,117 @@ |
|||
# LINGYUN.Abp.OpenIddict.HttpApi |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi) |
|||
|
|||
## 简介 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.HttpApi` 是 OpenIddict 的 HTTP API 模块,提供了 OpenIddict 相关功能的 RESTful API 接口。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能特性 |
|||
|
|||
* OpenIddict 应用程序管理 |
|||
* 创建、更新、删除应用程序 |
|||
* 查询应用程序列表 |
|||
* 获取应用程序详情 |
|||
|
|||
* OpenIddict 授权管理 |
|||
* 查询授权列表 |
|||
* 获取授权详情 |
|||
* 删除授权记录 |
|||
|
|||
* OpenIddict 令牌管理 |
|||
* 查询令牌列表 |
|||
* 获取令牌详情 |
|||
* 删除令牌记录 |
|||
|
|||
* OpenIddict 作用域管理 |
|||
* 创建、更新、删除作用域 |
|||
* 查询作用域列表 |
|||
* 获取作用域详情 |
|||
|
|||
* 多语言支持 |
|||
* 集成 ABP 本地化框架 |
|||
* 支持自定义本地化资源 |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.HttpApi |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictHttpApiModule))]` 到你的模块类。 |
|||
|
|||
2. 配置权限: |
|||
|
|||
```csharp |
|||
public override void ConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
Configure<AbpPermissionOptions>(options => |
|||
{ |
|||
options.ValueProviders.Add<OpenIddictPermissionValueProvider>(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. API 接口使用示例: |
|||
|
|||
```csharp |
|||
// 注入服务 |
|||
private readonly IOpenIddictApplicationAppService _applicationService; |
|||
|
|||
public YourService(IOpenIddictApplicationAppService applicationService) |
|||
{ |
|||
_applicationService = applicationService; |
|||
} |
|||
|
|||
// 创建应用程序 |
|||
var input = new OpenIddictApplicationCreateDto |
|||
{ |
|||
ClientId = "your-client-id", |
|||
DisplayName = "Your App", |
|||
// ... 其他属性 |
|||
}; |
|||
var result = await _applicationService.CreateAsync(input); |
|||
|
|||
// 查询应用程序列表 |
|||
var query = new OpenIddictApplicationGetListInput |
|||
{ |
|||
MaxResultCount = 10, |
|||
SkipCount = 0, |
|||
Filter = "search-term" |
|||
}; |
|||
var list = await _applicationService.GetListAsync(query); |
|||
``` |
|||
|
|||
## 权限 |
|||
|
|||
* OpenIddict.Applications |
|||
* OpenIddict.Applications.Create |
|||
* OpenIddict.Applications.Update |
|||
* OpenIddict.Applications.Delete |
|||
* OpenIddict.Applications.ManagePermissions |
|||
|
|||
* OpenIddict.Scopes |
|||
* OpenIddict.Scopes.Create |
|||
* OpenIddict.Scopes.Update |
|||
* OpenIddict.Scopes.Delete |
|||
* OpenIddict.Scopes.ManagePermissions |
|||
|
|||
* OpenIddict.Authorizations |
|||
* OpenIddict.Authorizations.Delete |
|||
* OpenIddict.Authorizations.ManagePermissions |
|||
|
|||
* OpenIddict.Tokens |
|||
* OpenIddict.Tokens.Delete |
|||
* OpenIddict.Tokens.ManagePermissions |
|||
|
|||
## 注意事项 |
|||
|
|||
* 所有 API 接口都需要相应的权限才能访问 |
|||
* 删除应用程序会同时删除相关的授权和令牌 |
|||
* API 接口支持多租户场景 |
|||
* 建议在生产环境中启用 API 认证和授权 |
|||
@ -0,0 +1,88 @@ |
|||
# LINGYUN.Abp.OpenIddict.LinkUser |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.LinkUser) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.LinkUser` is a user linking extension module for OpenIddict, providing authentication functionality between linked users. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* User Link Authentication |
|||
* Support for user-to-user linking authentication |
|||
* Support for cross-tenant user linking |
|||
* Support for access token exchange |
|||
|
|||
* Extension Grant Type |
|||
* Add link_user grant type |
|||
* Support for custom authorization flow |
|||
* Security log recording |
|||
|
|||
* Localization Support |
|||
* Integrated with ABP localization framework |
|||
* Support for custom error messages |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.LinkUser |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictLinkUserModule))]` to your module class. |
|||
|
|||
2. Configure OpenIddict server: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// Allow link_user grant type |
|||
builder.AllowLinkUserFlow(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. Usage example: |
|||
|
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=link_user& |
|||
access_token=current-user-access-token& |
|||
LinkUserId=target-user-id& |
|||
LinkTenantId=target-tenant-id& |
|||
scope=openid profile |
|||
``` |
|||
|
|||
## Parameters |
|||
|
|||
* access_token (required) |
|||
* Current user's access token |
|||
* Used to verify current user's identity |
|||
|
|||
* LinkUserId (required) |
|||
* Target linked user's ID |
|||
* Must be a valid GUID format |
|||
|
|||
* LinkTenantId (optional) |
|||
* Tenant ID of the target linked user |
|||
* If specified, must be a valid GUID format |
|||
|
|||
* scope (optional) |
|||
* Requested permission scopes |
|||
* Defaults include openid profile |
|||
|
|||
## Notes |
|||
|
|||
* A valid access token must be provided |
|||
* The target user must have a linking relationship with the current user |
|||
* Correct tenant ID must be specified for cross-tenant linking |
|||
* All operations are recorded in security logs |
|||
* HTTPS is recommended in production environments |
|||
@ -0,0 +1,88 @@ |
|||
# LINGYUN.Abp.OpenIddict.LinkUser |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.LinkUser) |
|||
|
|||
## 简介 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.LinkUser` 是 OpenIddict 的用户链接扩展模块,提供了用户之间的链接认证功能。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能特性 |
|||
|
|||
* 用户链接认证 |
|||
* 支持用户之间的链接认证 |
|||
* 支持跨租户用户链接 |
|||
* 支持访问令牌交换 |
|||
|
|||
* 扩展授权类型 |
|||
* 添加 link_user 授权类型 |
|||
* 支持自定义授权流程 |
|||
* 安全日志记录 |
|||
|
|||
* 多语言支持 |
|||
* 集成 ABP 本地化框架 |
|||
* 支持自定义错误消息 |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.LinkUser |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictLinkUserModule))]` 到你的模块类。 |
|||
|
|||
2. 配置 OpenIddict 服务器: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// 允许 link_user 授权类型 |
|||
builder.AllowLinkUserFlow(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. 使用示例: |
|||
|
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=link_user& |
|||
access_token=current-user-access-token& |
|||
LinkUserId=target-user-id& |
|||
LinkTenantId=target-tenant-id& |
|||
scope=openid profile |
|||
``` |
|||
|
|||
## 参数说明 |
|||
|
|||
* access_token (必填) |
|||
* 当前用户的访问令牌 |
|||
* 用于验证当前用户身份 |
|||
|
|||
* LinkUserId (必填) |
|||
* 目标链接用户的ID |
|||
* 必须是有效的GUID格式 |
|||
|
|||
* LinkTenantId (可选) |
|||
* 目标链接用户所属的租户ID |
|||
* 如果指定,必须是有效的GUID格式 |
|||
|
|||
* scope (可选) |
|||
* 请求的权限范围 |
|||
* 默认包含 openid profile |
|||
|
|||
## 注意事项 |
|||
|
|||
* 必须提供有效的访问令牌 |
|||
* 目标用户必须与当前用户存在链接关系 |
|||
* 跨租户链接时需要指定正确的租户ID |
|||
* 所有操作都会记录安全日志 |
|||
* 建议在生产环境中使用 HTTPS |
|||
@ -0,0 +1,124 @@ |
|||
# LINGYUN.Abp.OpenIddict.Portal |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Portal) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.Portal` is a portal authentication extension module for OpenIddict, providing enterprise portal authentication functionality, including multi-tenant selection, two-factor authentication, password policies, and more. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* Enterprise Portal Authentication |
|||
* Support for enterprise list selection |
|||
* Support for multi-tenant authentication |
|||
* Support for enterprise logo display |
|||
|
|||
* Enhanced Password Authentication |
|||
* Support for email login |
|||
* Support for external login providers |
|||
* Support for password policy validation |
|||
* Support for forced password change |
|||
* Support for periodic password change |
|||
|
|||
* Two-Factor Authentication |
|||
* Support for multiple verification providers |
|||
* Support for verification code validation |
|||
* Support for authenticator validation |
|||
|
|||
* Security Logging |
|||
* Record login attempts |
|||
* Record login failures |
|||
* Record password changes |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.Portal |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictPortalModule))]` to your module class. |
|||
|
|||
2. Configure OpenIddict server: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// Allow portal authentication flow |
|||
builder.AllowPortalFlow(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. Usage example: |
|||
|
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=portal& |
|||
username=admin& |
|||
password=1q2w3E*& |
|||
enterpriseId=your-enterprise-id& |
|||
scope=openid profile |
|||
``` |
|||
|
|||
## Authentication Flow |
|||
|
|||
1. Enterprise Selection |
|||
* User provides enterprise ID (enterpriseId) |
|||
* Returns available enterprise list if not provided or invalid |
|||
|
|||
2. Password Verification |
|||
* Support for username or email login |
|||
* Password policy validation |
|||
* Account status check |
|||
|
|||
3. Two-Factor Authentication (if enabled) |
|||
* Verify two-factor authentication code |
|||
* Support for multiple verification providers |
|||
|
|||
4. Password Change (if required) |
|||
* Force password change on first login |
|||
* Periodic password change requirement |
|||
|
|||
## Parameters |
|||
|
|||
* username (required) |
|||
* Username or email address |
|||
|
|||
* password (required) |
|||
* User password |
|||
|
|||
* enterpriseId (required) |
|||
* Enterprise ID, must be a valid GUID format |
|||
|
|||
* TwoFactorProvider (optional) |
|||
* Two-factor authentication provider name |
|||
* Only required when two-factor authentication is enabled |
|||
|
|||
* TwoFactorCode (optional) |
|||
* Two-factor authentication code |
|||
* Only required when two-factor authentication is enabled |
|||
|
|||
* ChangePasswordToken (optional) |
|||
* Password change token |
|||
* Only required when password change is needed |
|||
|
|||
* NewPassword (optional) |
|||
* New password |
|||
* Only required when password change is needed |
|||
|
|||
## Notes |
|||
|
|||
* Enterprise ID must be a valid GUID format |
|||
* Password must comply with system-configured password policy |
|||
* Two-factor authentication codes have limited validity |
|||
* All authentication operations are recorded in security logs |
|||
* HTTPS is recommended in production environments |
|||
@ -0,0 +1,124 @@ |
|||
# LINGYUN.Abp.OpenIddict.Portal |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Portal) |
|||
|
|||
## 简介 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.Portal` 是 OpenIddict 的门户认证扩展模块,提供了企业门户的认证功能,包括多租户选择、双因素认证、密码策略等特性。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能特性 |
|||
|
|||
* 企业门户认证 |
|||
* 支持企业列表选择 |
|||
* 支持多租户认证 |
|||
* 支持企业 Logo 显示 |
|||
|
|||
* 密码认证增强 |
|||
* 支持邮箱登录 |
|||
* 支持外部登录提供程序 |
|||
* 支持密码策略验证 |
|||
* 支持强制修改密码 |
|||
* 支持定期修改密码 |
|||
|
|||
* 双因素认证 |
|||
* 支持多种验证提供程序 |
|||
* 支持验证码验证 |
|||
* 支持认证器验证 |
|||
|
|||
* 安全日志 |
|||
* 记录登录尝试 |
|||
* 记录登录失败 |
|||
* 记录密码修改 |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.Portal |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictPortalModule))]` 到你的模块类。 |
|||
|
|||
2. 配置 OpenIddict 服务器: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// 允许门户认证流程 |
|||
builder.AllowPortalFlow(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. 使用示例: |
|||
|
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=portal& |
|||
username=admin& |
|||
password=1q2w3E*& |
|||
enterpriseId=your-enterprise-id& |
|||
scope=openid profile |
|||
``` |
|||
|
|||
## 认证流程 |
|||
|
|||
1. 企业选择 |
|||
* 用户提供企业ID (enterpriseId) |
|||
* 如未提供或无效,返回可选企业列表 |
|||
|
|||
2. 密码验证 |
|||
* 支持用户名或邮箱登录 |
|||
* 验证密码策略 |
|||
* 检查账户状态 |
|||
|
|||
3. 双因素认证 (如启用) |
|||
* 验证双因素认证码 |
|||
* 支持多种验证提供程序 |
|||
|
|||
4. 密码修改 (如需要) |
|||
* 首次登录强制修改密码 |
|||
* 定期修改密码要求 |
|||
|
|||
## 参数说明 |
|||
|
|||
* username (必填) |
|||
* 用户名或邮箱地址 |
|||
|
|||
* password (必填) |
|||
* 用户密码 |
|||
|
|||
* enterpriseId (必填) |
|||
* 企业ID,必须是有效的GUID格式 |
|||
|
|||
* TwoFactorProvider (可选) |
|||
* 双因素认证提供程序名称 |
|||
* 仅在启用双因素认证时需要 |
|||
|
|||
* TwoFactorCode (可选) |
|||
* 双因素认证码 |
|||
* 仅在启用双因素认证时需要 |
|||
|
|||
* ChangePasswordToken (可选) |
|||
* 修改密码令牌 |
|||
* 仅在需要修改密码时需要 |
|||
|
|||
* NewPassword (可选) |
|||
* 新密码 |
|||
* 仅在需要修改密码时需要 |
|||
|
|||
## 注意事项 |
|||
|
|||
* 企业ID必须是有效的GUID格式 |
|||
* 密码必须符合系统配置的密码策略 |
|||
* 双因素认证码有效期有限 |
|||
* 所有认证操作都会记录安全日志 |
|||
* 建议在生产环境中使用 HTTPS |
|||
@ -0,0 +1,97 @@ |
|||
# LINGYUN.Abp.OpenIddict.Sms |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Sms) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.Sms` is an SMS verification extension module for OpenIddict, providing authentication functionality based on phone numbers and SMS verification codes. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* SMS Verification Code Authentication |
|||
* Support for phone number login |
|||
* Support for SMS verification code validation |
|||
* Support for multi-tenant authentication |
|||
|
|||
* User Management Integration |
|||
* Support for finding users by phone number |
|||
* Support for account lockout policy |
|||
* Support for failed attempt counting |
|||
|
|||
* Security Logging |
|||
* Record login attempts |
|||
* Record verification code failures |
|||
* Record account lockouts |
|||
|
|||
* Localization Support |
|||
* Integrated with ABP localization framework |
|||
* Support for custom error messages |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.Sms |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictSmsModule))]` to your module class. |
|||
|
|||
2. Configure OpenIddict server: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// Allow SMS verification code authentication flow |
|||
builder.AllowSmsFlow(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. Usage example: |
|||
|
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=sms& |
|||
phone_number=13800138000& |
|||
phone_verify=123456& |
|||
scope=openid profile |
|||
``` |
|||
|
|||
## Parameters |
|||
|
|||
* phone_number (required) |
|||
* Phone number |
|||
* Must be a valid phone number format |
|||
|
|||
* phone_verify (required) |
|||
* SMS verification code |
|||
* Must be a valid verification code |
|||
|
|||
* scope (optional) |
|||
* Requested permission scopes |
|||
* Defaults include openid profile |
|||
|
|||
## Error Codes |
|||
|
|||
* invalid_grant |
|||
* GrantTypeInvalid - Authorization type not allowed |
|||
* PhoneVerifyInvalid - Phone verification code invalid or expired |
|||
* PhoneOrTokenCodeNotFound - Phone number or verification code not provided |
|||
* PhoneNumberNotRegister - Phone number not registered |
|||
|
|||
## Notes |
|||
|
|||
* Phone number must be registered |
|||
* Verification codes have limited validity |
|||
* Failed verifications increase failure count |
|||
* Multiple verification failures may lead to account lockout |
|||
* All authentication operations are recorded in security logs |
|||
* HTTPS is recommended in production environments |
|||
@ -0,0 +1,97 @@ |
|||
# LINGYUN.Abp.OpenIddict.Sms |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Sms) |
|||
|
|||
## 简介 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.Sms` 是 OpenIddict 的短信验证扩展模块,提供了基于手机号码和短信验证码的认证功能。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能特性 |
|||
|
|||
* 短信验证码认证 |
|||
* 支持手机号码登录 |
|||
* 支持短信验证码验证 |
|||
* 支持多租户认证 |
|||
|
|||
* 用户管理集成 |
|||
* 支持手机号码查找用户 |
|||
* 支持账户锁定策略 |
|||
* 支持失败尝试计数 |
|||
|
|||
* 安全日志 |
|||
* 记录登录尝试 |
|||
* 记录验证码验证失败 |
|||
* 记录账户锁定 |
|||
|
|||
* 多语言支持 |
|||
* 集成 ABP 本地化框架 |
|||
* 支持自定义错误消息 |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.Sms |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictSmsModule))]` 到你的模块类。 |
|||
|
|||
2. 配置 OpenIddict 服务器: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// 允许短信验证码认证流程 |
|||
builder.AllowSmsFlow(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. 使用示例: |
|||
|
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=sms& |
|||
phone_number=13800138000& |
|||
phone_verify=123456& |
|||
scope=openid profile |
|||
``` |
|||
|
|||
## 参数说明 |
|||
|
|||
* phone_number (必填) |
|||
* 手机号码 |
|||
* 必须是有效的手机号码格式 |
|||
|
|||
* phone_verify (必填) |
|||
* 短信验证码 |
|||
* 必须是有效的验证码 |
|||
|
|||
* scope (可选) |
|||
* 请求的权限范围 |
|||
* 默认包含 openid profile |
|||
|
|||
## 错误码说明 |
|||
|
|||
* invalid_grant |
|||
* GrantTypeInvalid - 不被允许的授权类型 |
|||
* PhoneVerifyInvalid - 手机验证码无效或已过期 |
|||
* PhoneOrTokenCodeNotFound - 手机号码或验证码未输入 |
|||
* PhoneNumberNotRegister - 登录的手机号码未注册 |
|||
|
|||
## 注意事项 |
|||
|
|||
* 手机号码必须已经注册 |
|||
* 验证码有效期有限 |
|||
* 验证失败会增加失败计数 |
|||
* 多次验证失败可能导致账户锁定 |
|||
* 所有认证操作都会记录安全日志 |
|||
* 建议在生产环境中使用 HTTPS |
|||
@ -0,0 +1,99 @@ |
|||
# LINGYUN.Abp.OpenIddict.WeChat.Work |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat.Work) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.WeChat.Work` is a WeChat Work (Enterprise WeChat) authentication extension module based on OpenIddict, supporting WeChat Work authentication flow. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* WeChat Work Authentication |
|||
* Support WeChat Work authorization login |
|||
* Support automatic new user registration |
|||
* Support cross-tenant authentication |
|||
* Support security logging |
|||
|
|||
* User Management Integration |
|||
* Support WeChat Work account binding |
|||
* Support account lockout policy |
|||
* Support failed attempt counting |
|||
|
|||
* Security Logging |
|||
* Record login attempts |
|||
* Record authentication failures |
|||
* Record account lockouts |
|||
|
|||
* Localization Support |
|||
* Integrated with ABP localization framework |
|||
* Support custom error messages |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.WeChat.Work |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictWeChatWorkModule))]` to your module class. |
|||
|
|||
2. Configure OpenIddict server: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// Allow WeChat Work authentication flow |
|||
builder.AllowWeChatWorkFlow(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. Usage example: |
|||
|
|||
WeChat Work Authentication: |
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=wechat_work& |
|||
agent_id=1000001& |
|||
code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& |
|||
scope=openid profile wechat_work |
|||
``` |
|||
|
|||
## Parameters |
|||
|
|||
* agent_id (required) |
|||
* WeChat Work application ID |
|||
* Must be a valid WeChat Work application ID |
|||
|
|||
* code (required) |
|||
* WeChat Work authorization code |
|||
* Must be a valid WeChat Work authorization code |
|||
|
|||
* scope (optional) |
|||
* Requested permission scopes |
|||
* Defaults include openid profile wechat_work |
|||
|
|||
## Error Codes |
|||
|
|||
* invalid_grant |
|||
* GrantTypeInvalid - Authorization type not allowed |
|||
* WeChatTokenInvalid - WeChat Work authentication failed |
|||
* AgentIdOrCodeNotFound - Application ID or authorization code empty or not found |
|||
* UserIdNotRegister - User WeChat Work account not bound |
|||
|
|||
## Notes |
|||
|
|||
* Must configure correct WeChat Work application ID and secret |
|||
* Must configure correct WeChat Work enterprise ID |
|||
* Authorization codes have limited validity |
|||
* Multiple authentication failures may lead to account lockout |
|||
* All authentication operations are recorded in security logs |
|||
* HTTPS is recommended in production environments |
|||
@ -0,0 +1,99 @@ |
|||
# LINGYUN.Abp.OpenIddict.WeChat.Work |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat.Work) |
|||
|
|||
## 介绍 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.WeChat.Work` 是一个基于 OpenIddict 的企业微信认证扩展模块,支持企业微信的认证流程。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能 |
|||
|
|||
* 企业微信认证 |
|||
* 支持企业微信授权登录 |
|||
* 支持自动注册新用户 |
|||
* 支持跨租户认证 |
|||
* 支持安全日志记录 |
|||
|
|||
* 用户管理集成 |
|||
* 支持企业微信账号绑定 |
|||
* 支持账号锁定策略 |
|||
* 支持失败尝试计数 |
|||
|
|||
* 安全日志 |
|||
* 记录登录尝试 |
|||
* 记录认证失败 |
|||
* 记录账号锁定 |
|||
|
|||
* 本地化支持 |
|||
* 集成 ABP 本地化框架 |
|||
* 支持自定义错误消息 |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.WeChat.Work |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictWeChatWorkModule))]` 到你的模块类。 |
|||
|
|||
2. 配置 OpenIddict 服务器: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// 允许企业微信认证流程 |
|||
builder.AllowWeChatWorkFlow(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. 使用示例: |
|||
|
|||
企业微信认证: |
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=wechat_work& |
|||
agent_id=1000001& |
|||
code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& |
|||
scope=openid profile wechat_work |
|||
``` |
|||
|
|||
## 参数 |
|||
|
|||
* agent_id (必填) |
|||
* 企业微信应用ID |
|||
* 必须是有效的企业微信应用ID |
|||
|
|||
* code (必填) |
|||
* 企业微信授权码 |
|||
* 必须是有效的企业微信授权码 |
|||
|
|||
* scope (可选) |
|||
* 请求的权限范围 |
|||
* 默认包含 openid profile wechat_work |
|||
|
|||
## 错误码 |
|||
|
|||
* invalid_grant |
|||
* GrantTypeInvalid - 不被允许的授权类型 |
|||
* WeChatTokenInvalid - 企业微信认证失败 |
|||
* AgentIdOrCodeNotFound - 应用ID或授权码为空或不存在 |
|||
* UserIdNotRegister - 用户企业微信账号未绑定 |
|||
|
|||
## 注意事项 |
|||
|
|||
* 必须配置正确的企业微信应用ID和密钥 |
|||
* 必须配置正确的企业微信企业ID |
|||
* 授权码有效期有限 |
|||
* 多次认证失败可能导致账号锁定 |
|||
* 所有认证操作都会记录在安全日志中 |
|||
* 生产环境建议使用 HTTPS |
|||
@ -0,0 +1,110 @@ |
|||
# LINGYUN.Abp.OpenIddict.WeChat |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat) |
|||
|
|||
## Introduction |
|||
|
|||
`LINGYUN.Abp.OpenIddict.WeChat` is a WeChat authentication extension module based on OpenIddict, supporting authentication flows for WeChat Official Platform and WeChat Mini Program. |
|||
|
|||
[简体中文](./README.md) |
|||
|
|||
## Features |
|||
|
|||
* WeChat Official Platform Authentication |
|||
* Support Official Account authorization login |
|||
* Support automatic new user registration |
|||
* Support cross-tenant authentication |
|||
* Support security logging |
|||
|
|||
* WeChat Mini Program Authentication |
|||
* Support Mini Program authorization login |
|||
* Support automatic new user registration |
|||
* Support cross-tenant authentication |
|||
* Support security logging |
|||
|
|||
* User Management Integration |
|||
* Support WeChat account binding |
|||
* Support account lockout policy |
|||
* Support failed attempt counting |
|||
|
|||
* Security Logging |
|||
* Record login attempts |
|||
* Record authentication failures |
|||
* Record account lockouts |
|||
|
|||
* Localization Support |
|||
* Integrated with ABP localization framework |
|||
* Support custom error messages |
|||
|
|||
## Installation |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.WeChat |
|||
``` |
|||
|
|||
## Usage |
|||
|
|||
1. Add `[DependsOn(typeof(AbpOpenIddictWeChatModule))]` to your module class. |
|||
|
|||
2. Configure OpenIddict server: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// Allow WeChat authentication flow |
|||
builder.AllowWeChatFlow(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. Usage examples: |
|||
|
|||
WeChat Official Platform Authentication: |
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=wechat_official& |
|||
code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& |
|||
scope=openid profile wechat |
|||
``` |
|||
|
|||
WeChat Mini Program Authentication: |
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=wechat_mini_program& |
|||
code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& |
|||
scope=openid profile wechat |
|||
``` |
|||
|
|||
## Parameters |
|||
|
|||
* code (required) |
|||
* WeChat authorization code |
|||
* Must be a valid WeChat authorization code |
|||
|
|||
* scope (optional) |
|||
* Requested permission scopes |
|||
* Defaults include openid profile wechat |
|||
|
|||
## Error Codes |
|||
|
|||
* invalid_grant |
|||
* GrantTypeInvalid - Authorization type not allowed |
|||
* WeChatTokenInvalid - WeChat authentication failed |
|||
* WeChatCodeNotFound - WeChat authorization code empty or not found |
|||
* WeChatNotRegister - User WeChat account not bound |
|||
|
|||
## Notes |
|||
|
|||
* Must enable corresponding features (Official Platform or Mini Program authorization) |
|||
* Must configure correct WeChat application ID and secret |
|||
* Authorization codes have limited validity |
|||
* Multiple authentication failures may lead to account lockout |
|||
* All authentication operations are recorded in security logs |
|||
* HTTPS is recommended in production environments |
|||
@ -0,0 +1,110 @@ |
|||
# LINGYUN.Abp.OpenIddict.WeChat |
|||
|
|||
[](https://abp.io) |
|||
[](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat) |
|||
|
|||
## 介绍 |
|||
|
|||
`LINGYUN.Abp.OpenIddict.WeChat` 是一个基于 OpenIddict 的微信认证扩展模块,支持微信公众平台和微信小程序的认证流程。 |
|||
|
|||
[English](./README.EN.md) |
|||
|
|||
## 功能 |
|||
|
|||
* 微信公众平台认证 |
|||
* 支持公众号授权登录 |
|||
* 支持自动注册新用户 |
|||
* 支持跨租户认证 |
|||
* 支持安全日志记录 |
|||
|
|||
* 微信小程序认证 |
|||
* 支持小程序授权登录 |
|||
* 支持自动注册新用户 |
|||
* 支持跨租户认证 |
|||
* 支持安全日志记录 |
|||
|
|||
* 用户管理集成 |
|||
* 支持微信账号绑定 |
|||
* 支持账号锁定策略 |
|||
* 支持失败尝试计数 |
|||
|
|||
* 安全日志 |
|||
* 记录登录尝试 |
|||
* 记录认证失败 |
|||
* 记录账号锁定 |
|||
|
|||
* 本地化支持 |
|||
* 集成 ABP 本地化框架 |
|||
* 支持自定义错误消息 |
|||
|
|||
## 安装 |
|||
|
|||
```bash |
|||
dotnet add package LINGYUN.Abp.OpenIddict.WeChat |
|||
``` |
|||
|
|||
## 使用 |
|||
|
|||
1. 添加 `[DependsOn(typeof(AbpOpenIddictWeChatModule))]` 到你的模块类。 |
|||
|
|||
2. 配置 OpenIddict 服务器: |
|||
|
|||
```csharp |
|||
public override void PreConfigureServices(ServiceConfigurationContext context) |
|||
{ |
|||
PreConfigure<OpenIddictServerBuilder>(builder => |
|||
{ |
|||
// 允许微信认证流程 |
|||
builder.AllowWeChatFlow(); |
|||
}); |
|||
} |
|||
``` |
|||
|
|||
3. 使用示例: |
|||
|
|||
微信公众平台认证: |
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=wechat_official& |
|||
code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& |
|||
scope=openid profile wechat |
|||
``` |
|||
|
|||
微信小程序认证: |
|||
```http |
|||
POST /connect/token |
|||
Content-Type: application/x-www-form-urlencoded |
|||
|
|||
grant_type=wechat_mini_program& |
|||
code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& |
|||
scope=openid profile wechat |
|||
``` |
|||
|
|||
## 参数 |
|||
|
|||
* code (必填) |
|||
* 微信授权码 |
|||
* 必须是有效的微信授权码 |
|||
|
|||
* scope (可选) |
|||
* 请求的权限范围 |
|||
* 默认包含 openid profile wechat |
|||
|
|||
## 错误码 |
|||
|
|||
* invalid_grant |
|||
* GrantTypeInvalid - 不被允许的授权类型 |
|||
* WeChatTokenInvalid - 微信认证失败 |
|||
* WeChatCodeNotFound - 微信授权码为空或不存在 |
|||
* WeChatNotRegister - 用户微信账号未绑定 |
|||
|
|||
## 注意事项 |
|||
|
|||
* 必须启用相应的功能(公众平台或小程序授权) |
|||
* 必须配置正确的微信应用 ID 和密钥 |
|||
* 授权码有效期有限 |
|||
* 多次认证失败可能导致账号锁定 |
|||
* 所有认证操作都会记录在安全日志中 |
|||
* 生产环境建议使用 HTTPS |
|||
Loading…
Reference in new issue