From 2108dfa864c38b00a4729383d8c5f795a8806d62 Mon Sep 17 00:00:00 2001 From: feijie Date: Wed, 11 Dec 2024 11:35:55 +0800 Subject: [PATCH] =?UTF-8?q?feat(docs):=20=E6=B7=BB=E5=8A=A0OpenIddict?= =?UTF-8?q?=E6=A8=A1=E5=9D=97=E6=96=87=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.EN.md | 103 +++++++++++++++ .../README.md | 103 +++++++++++++++ .../README.EN.md | 65 +++++++++ .../README.md | 65 +++++++++ .../README.EN.md | 76 +++++++++++ .../README.md | 76 +++++++++++ .../README.EN.md | 74 +++++++++++ .../README.md | 74 +++++++++++ .../README.EN.md | 89 +++++++++++++ .../README.md | 89 +++++++++++++ .../README.EN.md | 83 ++++++++++++ .../README.md | 83 ++++++++++++ .../README.EN.md | 117 +++++++++++++++++ .../LINGYUN.Abp.OpenIddict.HttpApi/README.md | 117 +++++++++++++++++ .../README.EN.md | 88 +++++++++++++ .../LINGYUN.Abp.OpenIddict.LinkUser/README.md | 88 +++++++++++++ .../README.EN.md | 124 ++++++++++++++++++ .../LINGYUN.Abp.OpenIddict.Portal/README.md | 124 ++++++++++++++++++ .../LINGYUN.Abp.OpenIddict.Sms/README.EN.md | 97 ++++++++++++++ .../LINGYUN.Abp.OpenIddict.Sms/README.md | 97 ++++++++++++++ .../README.EN.md | 99 ++++++++++++++ .../README.md | 99 ++++++++++++++ .../README.EN.md | 110 ++++++++++++++++ .../LINGYUN.Abp.OpenIddict.WeChat/README.md | 110 ++++++++++++++++ 24 files changed, 2250 insertions(+) create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application.Contracts/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application.Contracts/README.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application/README.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/README.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore/README.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Dapr.Client/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Dapr.Client/README.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi.Client/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi.Client/README.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi/README.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.LinkUser/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.LinkUser/README.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/README.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Sms/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Sms/README.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat.Work/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat.Work/README.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat/README.EN.md create mode 100644 aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat/README.md diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application.Contracts/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application.Contracts/README.EN.md new file mode 100644 index 000000000..52e4c8f14 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application.Contracts/README.EN.md @@ -0,0 +1,103 @@ +# LINGYUN.Abp.OpenIddict.Application.Contracts + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Application.Contracts%2FLINGYUN.Abp.OpenIddict.Application.Contracts.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Application.Contracts.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application.Contracts) + +## Introduction + +`LINGYUN.Abp.OpenIddict.Application.Contracts` is the contract layer for OpenIddict application services, defining the interfaces, DTOs, and permissions required for OpenIddict management. + +[简体中文](./README.md) + +## Features + +* Define OpenIddict Application Service Interfaces + * IOpenIddictApplicationAppService + * IOpenIddictAuthorizationAppService + * IOpenIddictTokenAppService + * IOpenIddictScopeAppService + +* Provide Standardized DTOs + * OpenIddictApplicationDto + * OpenIddictAuthorizationDto + * OpenIddictTokenDto + * OpenIddictScopeDto + * And corresponding Create and Update DTOs + +* Permission Definitions + * OpenIddict.Applications + * OpenIddict.Authorizations + * OpenIddict.Tokens + * OpenIddict.Scopes + +* Multilingual Support + * Built-in Chinese and English localization resources + * Support for custom language extensions + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.Application.Contracts +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictApplicationContractsModule))]` to your module class. + +2. Inject and use the corresponding application service interfaces: + +```csharp +public class YourService +{ + private readonly IOpenIddictApplicationAppService _applicationAppService; + + public YourService(IOpenIddictApplicationAppService applicationAppService) + { + _applicationAppService = applicationAppService; + } + + public async Task DoSomethingAsync() + { + var applications = await _applicationAppService.GetListAsync( + new OpenIddictApplicationGetListInput()); + // ... + } +} +``` + +## Permissions + +The module defines the following permissions: + +* OpenIddict.Applications + * OpenIddict.Applications.Create + * OpenIddict.Applications.Update + * OpenIddict.Applications.Delete + * OpenIddict.Applications.ManagePermissions + * OpenIddict.Applications.ManageSecret +* OpenIddict.Authorizations + * OpenIddict.Authorizations.Delete +* OpenIddict.Scopes + * OpenIddict.Scopes.Create + * OpenIddict.Scopes.Update + * OpenIddict.Scopes.Delete +* OpenIddict.Tokens + * OpenIddict.Tokens.Delete + +## Localization + +The module supports multiple languages with built-in support for: + +* English (en) +* Simplified Chinese (zh-Hans) + +You can extend new languages as follows: + +```csharp +Configure(options => +{ + options.Resources + .Get() + .AddVirtualJson("/YourPath/Localization/Resources"); +}); +``` diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application.Contracts/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application.Contracts/README.md new file mode 100644 index 000000000..cc2818580 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application.Contracts/README.md @@ -0,0 +1,103 @@ +# LINGYUN.Abp.OpenIddict.Application.Contracts + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Application.Contracts%2FLINGYUN.Abp.OpenIddict.Application.Contracts.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Application.Contracts.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application.Contracts) + +## 简介 + +`LINGYUN.Abp.OpenIddict.Application.Contracts` 是 OpenIddict 应用服务的契约层,定义了 OpenIddict 管理所需的接口、DTO和权限。 + +[English](./README.EN.md) + +## 功能特性 + +* 定义 OpenIddict 应用服务接口 + * IOpenIddictApplicationAppService + * IOpenIddictAuthorizationAppService + * IOpenIddictTokenAppService + * IOpenIddictScopeAppService + +* 提供标准化的 DTO 对象 + * OpenIddictApplicationDto + * OpenIddictAuthorizationDto + * OpenIddictTokenDto + * OpenIddictScopeDto + * 以及相应的创建和更新 DTO + +* 权限定义 + * OpenIddict.Applications + * OpenIddict.Authorizations + * OpenIddict.Tokens + * OpenIddict.Scopes + +* 多语言支持 + * 内置中文和英文本地化资源 + * 支持自定义语言扩展 + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.Application.Contracts +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictApplicationContractsModule))]` 到你的模块类。 + +2. 注入并使用相应的应用服务接口: + +```csharp +public class YourService +{ + private readonly IOpenIddictApplicationAppService _applicationAppService; + + public YourService(IOpenIddictApplicationAppService applicationAppService) + { + _applicationAppService = applicationAppService; + } + + public async Task DoSomethingAsync() + { + var applications = await _applicationAppService.GetListAsync( + new OpenIddictApplicationGetListInput()); + // ... + } +} +``` + +## 权限 + +模块定义了以下权限: + +* OpenIddict.Applications + * OpenIddict.Applications.Create + * OpenIddict.Applications.Update + * OpenIddict.Applications.Delete + * OpenIddict.Applications.ManagePermissions + * OpenIddict.Applications.ManageSecret +* OpenIddict.Authorizations + * OpenIddict.Authorizations.Delete +* OpenIddict.Scopes + * OpenIddict.Scopes.Create + * OpenIddict.Scopes.Update + * OpenIddict.Scopes.Delete +* OpenIddict.Tokens + * OpenIddict.Tokens.Delete + +## 本地化 + +模块支持多语言,内置了以下语言: + +* 英文 (en) +* 简体中文 (zh-Hans) + +可以通过以下方式扩展新的语言: + +```csharp +Configure(options => +{ + options.Resources + .Get() + .AddVirtualJson("/YourPath/Localization/Resources"); +}); +``` diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application/README.EN.md new file mode 100644 index 000000000..b6ccafd1a --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application/README.EN.md @@ -0,0 +1,65 @@ +# LINGYUN.Abp.OpenIddict.Application + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Application%2FLINGYUN.Abp.OpenIddict.Application.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Application.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application) + +## Introduction + +`LINGYUN.Abp.OpenIddict.Application` is an application service layer implementation based on ABP OpenIddict, providing management functionality for OpenIddict clients, authorizations, tokens, and scopes. + +[简体中文](./README.md) + +## Features + +* OpenIddict Client Application Management + * Create, update, and delete client applications + * Manage client basic information (client ID, secret, name, etc.) + * Configure grant types, response types, scopes, and redirect URIs + * Support custom configuration of client properties and requirements + +* OpenIddict Authorization Management + * Query and delete authorization records + * Filter authorizations by client ID, creation time, status, etc. + +* OpenIddict Token Management + * Query and delete tokens + * Filter tokens by client ID, creation time, expiration time, status, etc. + +* OpenIddict Scope Management + * Create, update, and delete scopes + * Manage scope basic information (name, description, display name, etc.) + * Support multilingual display names and descriptions + * Configure resources associated with scopes + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.Application +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictApplicationModule))]` to your module class. + +2. Configure permissions: + +The module predefines the following permissions: + +* OpenIddict.Applications: Client application management + * OpenIddict.Applications.Create: Create clients + * OpenIddict.Applications.Update: Update clients + * OpenIddict.Applications.Delete: Delete clients +* OpenIddict.Authorizations: Authorization management + * OpenIddict.Authorizations.Delete: Delete authorizations +* OpenIddict.Scopes: Scope management + * OpenIddict.Scopes.Create: Create scopes + * OpenIddict.Scopes.Update: Update scopes + * OpenIddict.Scopes.Delete: Delete scopes +* OpenIddict.Tokens: Token management + * OpenIddict.Tokens.Delete: Delete tokens + +## Notes + +* Client application ClientId cannot be modified after creation +* Deleting a client application will also delete related authorizations and tokens +* Scope names cannot be modified after creation diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application/README.md new file mode 100644 index 000000000..caa43eb87 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application/README.md @@ -0,0 +1,65 @@ +# LINGYUN.Abp.OpenIddict.Application + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Application%2FLINGYUN.Abp.OpenIddict.Application.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Application.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application) + +## 简介 + +`LINGYUN.Abp.OpenIddict.Application` 是基于 ABP OpenIddict 的应用服务层实现,提供了对 OpenIddict 客户端、授权、令牌和作用域的管理功能。 + +[English](./README.EN.md) + +## 功能特性 + +* OpenIddict 客户端应用程序管理 + * 创建、更新、删除客户端应用程序 + * 管理客户端基本信息(客户端ID、密钥、名称等) + * 配置授权类型、响应类型、作用域和重定向URI + * 支持客户端属性和要求的自定义配置 + +* OpenIddict 授权管理 + * 查询和删除授权记录 + * 按客户端ID、创建时间、状态等条件筛选授权 + +* OpenIddict 令牌管理 + * 查询和删除令牌 + * 按客户端ID、创建时间、过期时间、状态等条件筛选令牌 + +* OpenIddict 作用域管理 + * 创建、更新、删除作用域 + * 管理作用域基本信息(名称、描述、显示名称等) + * 支持多语言显示名称和描述 + * 配置作用域关联的资源 + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.Application +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictApplicationModule))]` 到你的模块类。 + +2. 配置权限: + +模块预定义了以下权限: + +* OpenIddict.Applications: 客户端应用管理 + * OpenIddict.Applications.Create: 创建客户端 + * OpenIddict.Applications.Update: 更新客户端 + * OpenIddict.Applications.Delete: 删除客户端 +* OpenIddict.Authorizations: 授权管理 + * OpenIddict.Authorizations.Delete: 删除授权 +* OpenIddict.Scopes: 作用域管理 + * OpenIddict.Scopes.Create: 创建作用域 + * OpenIddict.Scopes.Update: 更新作用域 + * OpenIddict.Scopes.Delete: 删除作用域 +* OpenIddict.Tokens: 令牌管理 + * OpenIddict.Tokens.Delete: 删除令牌 + +## 注意事项 + +* 客户端应用程序的 ClientId 在创建后不能修改 +* 删除客户端应用程序会同时删除相关的授权和令牌 +* 作用域名称在创建后不能修改 diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/README.EN.md new file mode 100644 index 000000000..6c3619f3a --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/README.EN.md @@ -0,0 +1,76 @@ +# LINGYUN.Abp.OpenIddict.AspNetCore.Session + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.AspNetCore.Session%2FLINGYUN.Abp.OpenIddict.AspNetCore.Session.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.AspNetCore.Session.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore.Session) + +## Introduction + +`LINGYUN.Abp.OpenIddict.AspNetCore.Session` is a session management extension module for OpenIddict, providing functionality for user session persistence, validation, and revocation. + +[简体中文](./README.md) + +## Features + +* User Session Management + * Automatic session persistence on login + * Automatic session termination on logout + * Automatic session termination on token revocation + * UserInfo endpoint session validation + +* Multi-tenancy Support + * Session management supports multi-tenant scenarios + * Tenant-isolated session storage + +* Configurable Session Persistence + * Support for configuring grant types that require session persistence + * Default support for password grant type + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore.Session +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictAspNetCoreSessionModule))]` to your module class. + +2. Configure session options: + +```csharp +Configure(options => +{ + options.SignInSessionEnabled = true; // Enable login session + options.SignOutSessionEnabled = true; // Enable logout session +}); + +Configure(options => +{ + // Configure grant types that require session persistence + options.PersistentSessionGrantTypes.Add(GrantTypes.Password); + options.PersistentSessionGrantTypes.Add("custom_grant_type"); +}); +``` + +## Workflow + +1. User Login + * When a user successfully logs in through configured grant types + * System automatically creates and persists session information + +2. Session Validation + * When user accesses the UserInfo endpoint + * System automatically validates if the session is valid + * Returns appropriate error if session has expired or is invalid + +3. Session Termination + * Automatically terminates session on user logout + * Automatically terminates related sessions on token revocation + * Supports session management for multiple concurrent logins + +## Notes + +* Session persistence only applies to configured grant types +* Session validation automatically switches tenant context in multi-tenant environments +* Token revocation will terminate related user sessions +* UserInfo endpoint session validation is mandatory, invalid sessions will result in request rejection diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/README.md new file mode 100644 index 000000000..93f8f6743 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/README.md @@ -0,0 +1,76 @@ +# LINGYUN.Abp.OpenIddict.AspNetCore.Session + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.AspNetCore.Session%2FLINGYUN.Abp.OpenIddict.AspNetCore.Session.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.AspNetCore.Session.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore.Session) + +## 简介 + +`LINGYUN.Abp.OpenIddict.AspNetCore.Session` 是 OpenIddict 的会话管理扩展模块,提供了用户会话的持久化、验证和撤销功能。 + +[English](./README.EN.md) + +## 功能特性 + +* 用户会话管理 + * 登录时自动持久化会话 + * 登出时自动终止会话 + * 令牌撤销时自动终止会话 + * UserInfo 端点会话验证 + +* 多租户支持 + * 会话管理支持多租户场景 + * 租户隔离的会话存储 + +* 可配置的会话持久化 + * 支持配置需要持久化会话的授权类型 + * 默认支持密码授权类型 + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore.Session +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictAspNetCoreSessionModule))]` 到你的模块类。 + +2. 配置会话选项: + +```csharp +Configure(options => +{ + options.SignInSessionEnabled = true; // 启用登录会话 + options.SignOutSessionEnabled = true; // 启用登出会话 +}); + +Configure(options => +{ + // 配置需要持久化会话的授权类型 + options.PersistentSessionGrantTypes.Add(GrantTypes.Password); + options.PersistentSessionGrantTypes.Add("custom_grant_type"); +}); +``` + +## 工作流程 + +1. 用户登录 + * 当用户通过配置的授权类型登录成功时 + * 系统自动创建并持久化会话信息 + +2. 会话验证 + * 当用户访问 UserInfo 端点时 + * 系统自动验证会话是否有效 + * 如果会话已过期或无效,返回相应的错误 + +3. 会话终止 + * 用户主动登出时自动终止会话 + * 令牌撤销时自动终止相关会话 + * 支持多终端同时登录的会话管理 + +## 注意事项 + +* 会话持久化仅对配置的授权类型生效 +* 会话验证在多租户环境中会自动切换租户上下文 +* 令牌撤销会同时终止相关的用户会话 +* UserInfo 端点的会话验证是强制的,无效会话将导致请求被拒绝 diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore/README.EN.md new file mode 100644 index 000000000..e65ba5bb1 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore/README.EN.md @@ -0,0 +1,74 @@ +# LINGYUN.Abp.OpenIddict.AspNetCore + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.AspNetCore%2FLINGYUN.Abp.OpenIddict.AspNetCore.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.AspNetCore.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore) + +## Introduction + +`LINGYUN.Abp.OpenIddict.AspNetCore` is an ASP.NET Core integration module based on ABP OpenIddict, providing user information extensions and avatar URL claim support. + +[简体中文](./README.md) + +## Features + +* Extended UserInfo Endpoint + * Support for returning user avatar URL + * Extended standard OpenID Connect claims + * Multi-tenancy support + +* Avatar URL Claims Contributor + * Automatically add user avatar URL claim + * Integration with identity system + +* OpenIddict Server Configuration + * Pre-configured avatar URL claim support + * Inherits from Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictAspNetCoreModule))]` to your module class. + +2. The UserInfo endpoint will automatically be extended to include the following claims: + * sub (User ID) + * tenant_id (Tenant ID, if multi-tenancy is enabled) + * preferred_username (Username) + * family_name (Surname) + * given_name (Name) + * picture (Avatar URL) + * email + * email_verified + * phone_number + * phone_number_verified + * role + +3. The avatar URL claim will be automatically added to the user's identity claims. + +## Configuration + +By default, the module is pre-configured with the required settings. If you need to customize the configuration, you can modify it in the module's `PreConfigureServices` method: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // Custom configuration + builder.RegisterClaims(new[] { "your_custom_claim" }); + }); +} +``` + +## Notes + +* The avatar URL claim type is `IdentityConsts.ClaimType.Avatar.Name` +* The UserInfo endpoint requires corresponding scope permissions to return information: + * profile: Basic information and avatar + * email: Email-related information + * phone: Phone number-related information + * roles: User role information diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore/README.md new file mode 100644 index 000000000..3a5a0eafc --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore/README.md @@ -0,0 +1,74 @@ +# LINGYUN.Abp.OpenIddict.AspNetCore + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.AspNetCore%2FLINGYUN.Abp.OpenIddict.AspNetCore.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.AspNetCore.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore) + +## 简介 + +`LINGYUN.Abp.OpenIddict.AspNetCore` 是基于 ABP OpenIddict 的 ASP.NET Core 集成模块,提供了用户信息扩展和头像URL声明支持。 + +[English](./README.EN.md) + +## 功能特性 + +* 扩展用户信息端点 + * 支持返回用户头像URL + * 扩展标准 OpenID Connect 声明 + * 支持多租户 + +* 头像URL声明贡献者 + * 自动添加用户头像URL声明 + * 与身份系统集成 + +* OpenIddict 服务器配置 + * 预配置头像URL声明支持 + * 继承自 Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictAspNetCoreModule))]` 到你的模块类。 + +2. 用户信息端点将自动扩展以包含以下声明: + * sub (用户ID) + * tenant_id (租户ID,如果启用了多租户) + * preferred_username (用户名) + * family_name (姓氏) + * given_name (名字) + * picture (头像URL) + * email + * email_verified + * phone_number + * phone_number_verified + * role + +3. 头像URL声明会自动添加到用户的身份声明中。 + +## 配置 + +默认情况下,模块已预配置了所需的设置。如果需要自定义配置,可以在模块的 `PreConfigureServices` 方法中修改: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // 自定义配置 + builder.RegisterClaims(new[] { "your_custom_claim" }); + }); +} +``` + +## 注意事项 + +* 头像URL声明的类型为 `IdentityConsts.ClaimType.Avatar.Name` +* 用户信息端点需要相应的作用域权限才能返回信息: + * profile: 基本信息和头像 + * email: 电子邮件相关信息 + * phone: 电话号码相关信息 + * roles: 用户角色信息 diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Dapr.Client/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Dapr.Client/README.EN.md new file mode 100644 index 000000000..1f04bce97 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Dapr.Client/README.EN.md @@ -0,0 +1,89 @@ +# LINGYUN.Abp.OpenIddict.Dapr.Client + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Dapr.Client%2FLINGYUN.Abp.OpenIddict.Dapr.Client.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Dapr.Client.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Dapr.Client) + +## Introduction + +`LINGYUN.Abp.OpenIddict.Dapr.Client` is a Dapr-based OpenIddict client module that provides functionality to call OpenIddict remote services using the Dapr service invocation building block. + +[简体中文](./README.md) + +## Features + +* Dapr Service Invocation Integration + * Automatic registration of Dapr client proxies for OpenIddict application contracts + * Support accessing OpenIddict remote services via Dapr service invocation + * Support service-to-service communication in distributed systems + +* Remote Service Support + * Support all services defined in OpenIddict application contracts + * Support application management + * Support authorization management + * Support scope management + * Support token management + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.Dapr.Client +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictDaprClientModule))]` to your module class. + +2. Configure Dapr service invocation: + +```csharp +public override void ConfigureServices(ServiceConfigurationContext context) +{ + Configure(options => + { + options.ApplicationServices.Configure(config => + { + // Configure the AppId for OpenIddict service + config.AppId = "openiddict-service"; + }); + }); +} +``` + +3. Usage example: + +```csharp +public class MyService +{ + private readonly IOpenIddictApplicationAppService _applicationAppService; + + public MyService(IOpenIddictApplicationAppService applicationAppService) + { + _applicationAppService = applicationAppService; + } + + public async Task DoSomethingAsync() + { + // Access OpenIddict application service via Dapr service invocation + var applications = await _applicationAppService.GetListAsync( + new GetApplicationsInput()); + } +} +``` + +## Configuration + +* AppId + * Application identifier for the OpenIddict service + * Must match the app ID in Dapr component configuration + +* RemoteServiceName + * Name of the OpenIddict remote service + * Default value is "OpenIddict" + +## Notes + +* Ensure Dapr Sidecar is properly configured and running +* Ensure OpenIddict service is registered in Dapr +* Recommended to configure service-to-service authentication in production +* Recommended to configure retry policies for service invocation +* Recommended to configure service discovery mechanism diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Dapr.Client/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Dapr.Client/README.md new file mode 100644 index 000000000..e3ca85d93 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Dapr.Client/README.md @@ -0,0 +1,89 @@ +# LINGYUN.Abp.OpenIddict.Dapr.Client + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Dapr.Client%2FLINGYUN.Abp.OpenIddict.Dapr.Client.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Dapr.Client.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Dapr.Client) + +## 介绍 + +`LINGYUN.Abp.OpenIddict.Dapr.Client` 是一个基于 Dapr 的 OpenIddict 客户端模块,提供了使用 Dapr 服务调用构建块来调用 OpenIddict 远程服务的功能。 + +[English](./README.EN.md) + +## 功能 + +* Dapr 服务调用集成 + * 自动注册 OpenIddict 应用程序契约的 Dapr 客户端代理 + * 支持通过 Dapr 服务调用访问 OpenIddict 远程服务 + * 支持分布式系统中的服务间通信 + +* 远程服务支持 + * 支持所有 OpenIddict 应用程序契约定义的服务 + * 支持应用程序管理 + * 支持授权管理 + * 支持作用域管理 + * 支持令牌管理 + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.Dapr.Client +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictDaprClientModule))]` 到你的模块类。 + +2. 配置 Dapr 服务调用: + +```csharp +public override void ConfigureServices(ServiceConfigurationContext context) +{ + Configure(options => + { + options.ApplicationServices.Configure(config => + { + // 配置 OpenIddict 服务的 AppId + config.AppId = "openiddict-service"; + }); + }); +} +``` + +3. 使用示例: + +```csharp +public class MyService +{ + private readonly IOpenIddictApplicationAppService _applicationAppService; + + public MyService(IOpenIddictApplicationAppService applicationAppService) + { + _applicationAppService = applicationAppService; + } + + public async Task DoSomethingAsync() + { + // 通过 Dapr 服务调用访问 OpenIddict 应用程序服务 + var applications = await _applicationAppService.GetListAsync( + new GetApplicationsInput()); + } +} +``` + +## 配置 + +* AppId + * OpenIddict 服务的应用程序标识符 + * 必须与 Dapr 组件配置中的应用 ID 匹配 + +* RemoteServiceName + * OpenIddict 远程服务的名称 + * 默认值为 "OpenIddict" + +## 注意事项 + +* 确保 Dapr Sidecar 已正确配置和运行 +* 确保 OpenIddict 服务已在 Dapr 中注册 +* 建议在生产环境中配置服务间的身份认证 +* 建议配置服务调用的重试策略 +* 建议配置服务发现机制 diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi.Client/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi.Client/README.EN.md new file mode 100644 index 000000000..e731875d5 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi.Client/README.EN.md @@ -0,0 +1,83 @@ +# LINGYUN.Abp.OpenIddict.HttpApi.Client + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.HttpApi.Client%2FLINGYUN.Abp.OpenIddict.HttpApi.Client.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.HttpApi.Client.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi.Client) + +## Introduction + +`LINGYUN.Abp.OpenIddict.HttpApi.Client` is the HTTP API client module for OpenIddict, providing client proxies for remote OpenIddict HTTP API calls. + +[简体中文](./README.md) + +## Features + +* HTTP API Client Proxies + * Automatic HTTP client proxy generation + * Support for remote service calls + * Integration with ABP dynamic HTTP client proxies + +* Remote Service Configuration + * Support for configuring remote service URLs + * Support for configuring authentication methods + * Support for configuring request headers + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.HttpApi.Client +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictHttpApiClientModule))]` to your module class. + +2. Configure remote services: + +```csharp +public override void ConfigureServices(ServiceConfigurationContext context) +{ + var configuration = context.Services.GetConfiguration(); + + Configure(options => + { + options.RemoteServices.Default = new RemoteServiceConfiguration + { + BaseUrl = configuration["RemoteServices:Default:BaseUrl"] + }; + }); +} +``` + +3. Usage example: + +```csharp +// Inject client proxy +private readonly IOpenIddictApplicationAppService _applicationService; + +public YourService(IOpenIddictApplicationAppService applicationService) +{ + _applicationService = applicationService; +} + +// Call remote service +var input = new OpenIddictApplicationCreateDto +{ + ClientId = "your-client-id", + DisplayName = "Your App", + // ... other properties +}; +var result = await _applicationService.CreateAsync(input); +``` + +## Configuration + +* RemoteServices + * Default:BaseUrl - Default remote service URL + * OpenIddict:BaseUrl - OpenIddict remote service URL + +## Notes + +* Correct remote service URLs need to be configured +* If remote services require authentication, corresponding authentication information needs to be configured +* HTTPS is recommended in production environments +* Client proxies automatically handle authentication token transmission diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi.Client/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi.Client/README.md new file mode 100644 index 000000000..7df1ab36c --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi.Client/README.md @@ -0,0 +1,83 @@ +# LINGYUN.Abp.OpenIddict.HttpApi.Client + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.HttpApi.Client%2FLINGYUN.Abp.OpenIddict.HttpApi.Client.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.HttpApi.Client.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi.Client) + +## 简介 + +`LINGYUN.Abp.OpenIddict.HttpApi.Client` 是 OpenIddict 的 HTTP API 客户端模块,提供了远程调用 OpenIddict HTTP API 的客户端代理。 + +[English](./README.EN.md) + +## 功能特性 + +* HTTP API 客户端代理 + * 自动生成 HTTP 客户端代理 + * 支持远程服务调用 + * 集成 ABP 动态 HTTP 客户端代理 + +* 远程服务配置 + * 支持配置远程服务地址 + * 支持配置认证方式 + * 支持配置请求头 + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.HttpApi.Client +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictHttpApiClientModule))]` 到你的模块类。 + +2. 配置远程服务: + +```csharp +public override void ConfigureServices(ServiceConfigurationContext context) +{ + var configuration = context.Services.GetConfiguration(); + + Configure(options => + { + options.RemoteServices.Default = new RemoteServiceConfiguration + { + BaseUrl = configuration["RemoteServices:Default:BaseUrl"] + }; + }); +} +``` + +3. 使用示例: + +```csharp +// 注入客户端代理 +private readonly IOpenIddictApplicationAppService _applicationService; + +public YourService(IOpenIddictApplicationAppService applicationService) +{ + _applicationService = applicationService; +} + +// 调用远程服务 +var input = new OpenIddictApplicationCreateDto +{ + ClientId = "your-client-id", + DisplayName = "Your App", + // ... 其他属性 +}; +var result = await _applicationService.CreateAsync(input); +``` + +## 配置项 + +* RemoteServices + * Default:BaseUrl - 默认远程服务地址 + * OpenIddict:BaseUrl - OpenIddict 远程服务地址 + +## 注意事项 + +* 需要配置正确的远程服务地址 +* 如果远程服务需要认证,需要配置相应的认证信息 +* 建议在生产环境中使用 HTTPS +* 客户端代理会自动处理认证令牌的传递 diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi/README.EN.md new file mode 100644 index 000000000..f9d673ea9 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi/README.EN.md @@ -0,0 +1,117 @@ +# LINGYUN.Abp.OpenIddict.HttpApi + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.HttpApi%2FLINGYUN.Abp.OpenIddict.HttpApi.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.HttpApi.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi) + +## Introduction + +`LINGYUN.Abp.OpenIddict.HttpApi` is the HTTP API module for OpenIddict, providing RESTful API interfaces for OpenIddict-related functionality. + +[简体中文](./README.md) + +## Features + +* OpenIddict Application Management + * Create, update, delete applications + * Query application list + * Get application details + +* OpenIddict Authorization Management + * Query authorization list + * Get authorization details + * Delete authorization records + +* OpenIddict Token Management + * Query token list + * Get token details + * Delete token records + +* OpenIddict Scope Management + * Create, update, delete scopes + * Query scope list + * Get scope details + +* Localization Support + * Integrated with ABP localization framework + * Support for custom localization resources + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.HttpApi +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictHttpApiModule))]` to your module class. + +2. Configure permissions: + +```csharp +public override void ConfigureServices(ServiceConfigurationContext context) +{ + Configure(options => + { + options.ValueProviders.Add(); + }); +} +``` + +3. API usage example: + +```csharp +// Inject service +private readonly IOpenIddictApplicationAppService _applicationService; + +public YourService(IOpenIddictApplicationAppService applicationService) +{ + _applicationService = applicationService; +} + +// Create application +var input = new OpenIddictApplicationCreateDto +{ + ClientId = "your-client-id", + DisplayName = "Your App", + // ... other properties +}; +var result = await _applicationService.CreateAsync(input); + +// Query application list +var query = new OpenIddictApplicationGetListInput +{ + MaxResultCount = 10, + SkipCount = 0, + Filter = "search-term" +}; +var list = await _applicationService.GetListAsync(query); +``` + +## Permissions + +* OpenIddict.Applications + * OpenIddict.Applications.Create + * OpenIddict.Applications.Update + * OpenIddict.Applications.Delete + * OpenIddict.Applications.ManagePermissions + +* OpenIddict.Scopes + * OpenIddict.Scopes.Create + * OpenIddict.Scopes.Update + * OpenIddict.Scopes.Delete + * OpenIddict.Scopes.ManagePermissions + +* OpenIddict.Authorizations + * OpenIddict.Authorizations.Delete + * OpenIddict.Authorizations.ManagePermissions + +* OpenIddict.Tokens + * OpenIddict.Tokens.Delete + * OpenIddict.Tokens.ManagePermissions + +## Notes + +* All API endpoints require corresponding permissions to access +* Deleting an application will also delete related authorizations and tokens +* API endpoints support multi-tenant scenarios +* It is recommended to enable API authentication and authorization in production environments diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi/README.md new file mode 100644 index 000000000..05e1c6353 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi/README.md @@ -0,0 +1,117 @@ +# LINGYUN.Abp.OpenIddict.HttpApi + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.HttpApi%2FLINGYUN.Abp.OpenIddict.HttpApi.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.HttpApi.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi) + +## 简介 + +`LINGYUN.Abp.OpenIddict.HttpApi` 是 OpenIddict 的 HTTP API 模块,提供了 OpenIddict 相关功能的 RESTful API 接口。 + +[English](./README.EN.md) + +## 功能特性 + +* OpenIddict 应用程序管理 + * 创建、更新、删除应用程序 + * 查询应用程序列表 + * 获取应用程序详情 + +* OpenIddict 授权管理 + * 查询授权列表 + * 获取授权详情 + * 删除授权记录 + +* OpenIddict 令牌管理 + * 查询令牌列表 + * 获取令牌详情 + * 删除令牌记录 + +* OpenIddict 作用域管理 + * 创建、更新、删除作用域 + * 查询作用域列表 + * 获取作用域详情 + +* 多语言支持 + * 集成 ABP 本地化框架 + * 支持自定义本地化资源 + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.HttpApi +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictHttpApiModule))]` 到你的模块类。 + +2. 配置权限: + +```csharp +public override void ConfigureServices(ServiceConfigurationContext context) +{ + Configure(options => + { + options.ValueProviders.Add(); + }); +} +``` + +3. API 接口使用示例: + +```csharp +// 注入服务 +private readonly IOpenIddictApplicationAppService _applicationService; + +public YourService(IOpenIddictApplicationAppService applicationService) +{ + _applicationService = applicationService; +} + +// 创建应用程序 +var input = new OpenIddictApplicationCreateDto +{ + ClientId = "your-client-id", + DisplayName = "Your App", + // ... 其他属性 +}; +var result = await _applicationService.CreateAsync(input); + +// 查询应用程序列表 +var query = new OpenIddictApplicationGetListInput +{ + MaxResultCount = 10, + SkipCount = 0, + Filter = "search-term" +}; +var list = await _applicationService.GetListAsync(query); +``` + +## 权限 + +* OpenIddict.Applications + * OpenIddict.Applications.Create + * OpenIddict.Applications.Update + * OpenIddict.Applications.Delete + * OpenIddict.Applications.ManagePermissions + +* OpenIddict.Scopes + * OpenIddict.Scopes.Create + * OpenIddict.Scopes.Update + * OpenIddict.Scopes.Delete + * OpenIddict.Scopes.ManagePermissions + +* OpenIddict.Authorizations + * OpenIddict.Authorizations.Delete + * OpenIddict.Authorizations.ManagePermissions + +* OpenIddict.Tokens + * OpenIddict.Tokens.Delete + * OpenIddict.Tokens.ManagePermissions + +## 注意事项 + +* 所有 API 接口都需要相应的权限才能访问 +* 删除应用程序会同时删除相关的授权和令牌 +* API 接口支持多租户场景 +* 建议在生产环境中启用 API 认证和授权 diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.LinkUser/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.LinkUser/README.EN.md new file mode 100644 index 000000000..9cd07c579 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.LinkUser/README.EN.md @@ -0,0 +1,88 @@ +# LINGYUN.Abp.OpenIddict.LinkUser + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.LinkUser%2FLINGYUN.Abp.OpenIddict.LinkUser.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.LinkUser.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.LinkUser) + +## Introduction + +`LINGYUN.Abp.OpenIddict.LinkUser` is a user linking extension module for OpenIddict, providing authentication functionality between linked users. + +[简体中文](./README.md) + +## Features + +* User Link Authentication + * Support for user-to-user linking authentication + * Support for cross-tenant user linking + * Support for access token exchange + +* Extension Grant Type + * Add link_user grant type + * Support for custom authorization flow + * Security log recording + +* Localization Support + * Integrated with ABP localization framework + * Support for custom error messages + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.LinkUser +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictLinkUserModule))]` to your module class. + +2. Configure OpenIddict server: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // Allow link_user grant type + builder.AllowLinkUserFlow(); + }); +} +``` + +3. Usage example: + +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=link_user& +access_token=current-user-access-token& +LinkUserId=target-user-id& +LinkTenantId=target-tenant-id& +scope=openid profile +``` + +## Parameters + +* access_token (required) + * Current user's access token + * Used to verify current user's identity + +* LinkUserId (required) + * Target linked user's ID + * Must be a valid GUID format + +* LinkTenantId (optional) + * Tenant ID of the target linked user + * If specified, must be a valid GUID format + +* scope (optional) + * Requested permission scopes + * Defaults include openid profile + +## Notes + +* A valid access token must be provided +* The target user must have a linking relationship with the current user +* Correct tenant ID must be specified for cross-tenant linking +* All operations are recorded in security logs +* HTTPS is recommended in production environments diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.LinkUser/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.LinkUser/README.md new file mode 100644 index 000000000..0b9cad994 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.LinkUser/README.md @@ -0,0 +1,88 @@ +# LINGYUN.Abp.OpenIddict.LinkUser + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.LinkUser%2FLINGYUN.Abp.OpenIddict.LinkUser.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.LinkUser.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.LinkUser) + +## 简介 + +`LINGYUN.Abp.OpenIddict.LinkUser` 是 OpenIddict 的用户链接扩展模块,提供了用户之间的链接认证功能。 + +[English](./README.EN.md) + +## 功能特性 + +* 用户链接认证 + * 支持用户之间的链接认证 + * 支持跨租户用户链接 + * 支持访问令牌交换 + +* 扩展授权类型 + * 添加 link_user 授权类型 + * 支持自定义授权流程 + * 安全日志记录 + +* 多语言支持 + * 集成 ABP 本地化框架 + * 支持自定义错误消息 + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.LinkUser +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictLinkUserModule))]` 到你的模块类。 + +2. 配置 OpenIddict 服务器: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // 允许 link_user 授权类型 + builder.AllowLinkUserFlow(); + }); +} +``` + +3. 使用示例: + +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=link_user& +access_token=current-user-access-token& +LinkUserId=target-user-id& +LinkTenantId=target-tenant-id& +scope=openid profile +``` + +## 参数说明 + +* access_token (必填) + * 当前用户的访问令牌 + * 用于验证当前用户身份 + +* LinkUserId (必填) + * 目标链接用户的ID + * 必须是有效的GUID格式 + +* LinkTenantId (可选) + * 目标链接用户所属的租户ID + * 如果指定,必须是有效的GUID格式 + +* scope (可选) + * 请求的权限范围 + * 默认包含 openid profile + +## 注意事项 + +* 必须提供有效的访问令牌 +* 目标用户必须与当前用户存在链接关系 +* 跨租户链接时需要指定正确的租户ID +* 所有操作都会记录安全日志 +* 建议在生产环境中使用 HTTPS diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/README.EN.md new file mode 100644 index 000000000..1cb496de0 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/README.EN.md @@ -0,0 +1,124 @@ +# LINGYUN.Abp.OpenIddict.Portal + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Portal%2FLINGYUN.Abp.OpenIddict.Portal.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Portal.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Portal) + +## Introduction + +`LINGYUN.Abp.OpenIddict.Portal` is a portal authentication extension module for OpenIddict, providing enterprise portal authentication functionality, including multi-tenant selection, two-factor authentication, password policies, and more. + +[简体中文](./README.md) + +## Features + +* Enterprise Portal Authentication + * Support for enterprise list selection + * Support for multi-tenant authentication + * Support for enterprise logo display + +* Enhanced Password Authentication + * Support for email login + * Support for external login providers + * Support for password policy validation + * Support for forced password change + * Support for periodic password change + +* Two-Factor Authentication + * Support for multiple verification providers + * Support for verification code validation + * Support for authenticator validation + +* Security Logging + * Record login attempts + * Record login failures + * Record password changes + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.Portal +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictPortalModule))]` to your module class. + +2. Configure OpenIddict server: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // Allow portal authentication flow + builder.AllowPortalFlow(); + }); +} +``` + +3. Usage example: + +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=portal& +username=admin& +password=1q2w3E*& +enterpriseId=your-enterprise-id& +scope=openid profile +``` + +## Authentication Flow + +1. Enterprise Selection + * User provides enterprise ID (enterpriseId) + * Returns available enterprise list if not provided or invalid + +2. Password Verification + * Support for username or email login + * Password policy validation + * Account status check + +3. Two-Factor Authentication (if enabled) + * Verify two-factor authentication code + * Support for multiple verification providers + +4. Password Change (if required) + * Force password change on first login + * Periodic password change requirement + +## Parameters + +* username (required) + * Username or email address + +* password (required) + * User password + +* enterpriseId (required) + * Enterprise ID, must be a valid GUID format + +* TwoFactorProvider (optional) + * Two-factor authentication provider name + * Only required when two-factor authentication is enabled + +* TwoFactorCode (optional) + * Two-factor authentication code + * Only required when two-factor authentication is enabled + +* ChangePasswordToken (optional) + * Password change token + * Only required when password change is needed + +* NewPassword (optional) + * New password + * Only required when password change is needed + +## Notes + +* Enterprise ID must be a valid GUID format +* Password must comply with system-configured password policy +* Two-factor authentication codes have limited validity +* All authentication operations are recorded in security logs +* HTTPS is recommended in production environments diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/README.md new file mode 100644 index 000000000..b65cdefc7 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/README.md @@ -0,0 +1,124 @@ +# LINGYUN.Abp.OpenIddict.Portal + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Portal%2FLINGYUN.Abp.OpenIddict.Portal.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Portal.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Portal) + +## 简介 + +`LINGYUN.Abp.OpenIddict.Portal` 是 OpenIddict 的门户认证扩展模块,提供了企业门户的认证功能,包括多租户选择、双因素认证、密码策略等特性。 + +[English](./README.EN.md) + +## 功能特性 + +* 企业门户认证 + * 支持企业列表选择 + * 支持多租户认证 + * 支持企业 Logo 显示 + +* 密码认证增强 + * 支持邮箱登录 + * 支持外部登录提供程序 + * 支持密码策略验证 + * 支持强制修改密码 + * 支持定期修改密码 + +* 双因素认证 + * 支持多种验证提供程序 + * 支持验证码验证 + * 支持认证器验证 + +* 安全日志 + * 记录登录尝试 + * 记录登录失败 + * 记录密码修改 + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.Portal +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictPortalModule))]` 到你的模块类。 + +2. 配置 OpenIddict 服务器: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // 允许门户认证流程 + builder.AllowPortalFlow(); + }); +} +``` + +3. 使用示例: + +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=portal& +username=admin& +password=1q2w3E*& +enterpriseId=your-enterprise-id& +scope=openid profile +``` + +## 认证流程 + +1. 企业选择 + * 用户提供企业ID (enterpriseId) + * 如未提供或无效,返回可选企业列表 + +2. 密码验证 + * 支持用户名或邮箱登录 + * 验证密码策略 + * 检查账户状态 + +3. 双因素认证 (如启用) + * 验证双因素认证码 + * 支持多种验证提供程序 + +4. 密码修改 (如需要) + * 首次登录强制修改密码 + * 定期修改密码要求 + +## 参数说明 + +* username (必填) + * 用户名或邮箱地址 + +* password (必填) + * 用户密码 + +* enterpriseId (必填) + * 企业ID,必须是有效的GUID格式 + +* TwoFactorProvider (可选) + * 双因素认证提供程序名称 + * 仅在启用双因素认证时需要 + +* TwoFactorCode (可选) + * 双因素认证码 + * 仅在启用双因素认证时需要 + +* ChangePasswordToken (可选) + * 修改密码令牌 + * 仅在需要修改密码时需要 + +* NewPassword (可选) + * 新密码 + * 仅在需要修改密码时需要 + +## 注意事项 + +* 企业ID必须是有效的GUID格式 +* 密码必须符合系统配置的密码策略 +* 双因素认证码有效期有限 +* 所有认证操作都会记录安全日志 +* 建议在生产环境中使用 HTTPS diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Sms/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Sms/README.EN.md new file mode 100644 index 000000000..3f6afa88b --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Sms/README.EN.md @@ -0,0 +1,97 @@ +# LINGYUN.Abp.OpenIddict.Sms + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Sms%2FLINGYUN.Abp.OpenIddict.Sms.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Sms.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Sms) + +## Introduction + +`LINGYUN.Abp.OpenIddict.Sms` is an SMS verification extension module for OpenIddict, providing authentication functionality based on phone numbers and SMS verification codes. + +[简体中文](./README.md) + +## Features + +* SMS Verification Code Authentication + * Support for phone number login + * Support for SMS verification code validation + * Support for multi-tenant authentication + +* User Management Integration + * Support for finding users by phone number + * Support for account lockout policy + * Support for failed attempt counting + +* Security Logging + * Record login attempts + * Record verification code failures + * Record account lockouts + +* Localization Support + * Integrated with ABP localization framework + * Support for custom error messages + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.Sms +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictSmsModule))]` to your module class. + +2. Configure OpenIddict server: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // Allow SMS verification code authentication flow + builder.AllowSmsFlow(); + }); +} +``` + +3. Usage example: + +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=sms& +phone_number=13800138000& +phone_verify=123456& +scope=openid profile +``` + +## Parameters + +* phone_number (required) + * Phone number + * Must be a valid phone number format + +* phone_verify (required) + * SMS verification code + * Must be a valid verification code + +* scope (optional) + * Requested permission scopes + * Defaults include openid profile + +## Error Codes + +* invalid_grant + * GrantTypeInvalid - Authorization type not allowed + * PhoneVerifyInvalid - Phone verification code invalid or expired + * PhoneOrTokenCodeNotFound - Phone number or verification code not provided + * PhoneNumberNotRegister - Phone number not registered + +## Notes + +* Phone number must be registered +* Verification codes have limited validity +* Failed verifications increase failure count +* Multiple verification failures may lead to account lockout +* All authentication operations are recorded in security logs +* HTTPS is recommended in production environments diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Sms/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Sms/README.md new file mode 100644 index 000000000..761407e1b --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Sms/README.md @@ -0,0 +1,97 @@ +# LINGYUN.Abp.OpenIddict.Sms + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Sms%2FLINGYUN.Abp.OpenIddict.Sms.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Sms.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Sms) + +## 简介 + +`LINGYUN.Abp.OpenIddict.Sms` 是 OpenIddict 的短信验证扩展模块,提供了基于手机号码和短信验证码的认证功能。 + +[English](./README.EN.md) + +## 功能特性 + +* 短信验证码认证 + * 支持手机号码登录 + * 支持短信验证码验证 + * 支持多租户认证 + +* 用户管理集成 + * 支持手机号码查找用户 + * 支持账户锁定策略 + * 支持失败尝试计数 + +* 安全日志 + * 记录登录尝试 + * 记录验证码验证失败 + * 记录账户锁定 + +* 多语言支持 + * 集成 ABP 本地化框架 + * 支持自定义错误消息 + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.Sms +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictSmsModule))]` 到你的模块类。 + +2. 配置 OpenIddict 服务器: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // 允许短信验证码认证流程 + builder.AllowSmsFlow(); + }); +} +``` + +3. 使用示例: + +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=sms& +phone_number=13800138000& +phone_verify=123456& +scope=openid profile +``` + +## 参数说明 + +* phone_number (必填) + * 手机号码 + * 必须是有效的手机号码格式 + +* phone_verify (必填) + * 短信验证码 + * 必须是有效的验证码 + +* scope (可选) + * 请求的权限范围 + * 默认包含 openid profile + +## 错误码说明 + +* invalid_grant + * GrantTypeInvalid - 不被允许的授权类型 + * PhoneVerifyInvalid - 手机验证码无效或已过期 + * PhoneOrTokenCodeNotFound - 手机号码或验证码未输入 + * PhoneNumberNotRegister - 登录的手机号码未注册 + +## 注意事项 + +* 手机号码必须已经注册 +* 验证码有效期有限 +* 验证失败会增加失败计数 +* 多次验证失败可能导致账户锁定 +* 所有认证操作都会记录安全日志 +* 建议在生产环境中使用 HTTPS diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat.Work/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat.Work/README.EN.md new file mode 100644 index 000000000..9a4e6e43f --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat.Work/README.EN.md @@ -0,0 +1,99 @@ +# LINGYUN.Abp.OpenIddict.WeChat.Work + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.WeChat.Work%2FLINGYUN.Abp.OpenIddict.WeChat.Work.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.WeChat.Work.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat.Work) + +## Introduction + +`LINGYUN.Abp.OpenIddict.WeChat.Work` is a WeChat Work (Enterprise WeChat) authentication extension module based on OpenIddict, supporting WeChat Work authentication flow. + +[简体中文](./README.md) + +## Features + +* WeChat Work Authentication + * Support WeChat Work authorization login + * Support automatic new user registration + * Support cross-tenant authentication + * Support security logging + +* User Management Integration + * Support WeChat Work account binding + * Support account lockout policy + * Support failed attempt counting + +* Security Logging + * Record login attempts + * Record authentication failures + * Record account lockouts + +* Localization Support + * Integrated with ABP localization framework + * Support custom error messages + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.WeChat.Work +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictWeChatWorkModule))]` to your module class. + +2. Configure OpenIddict server: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // Allow WeChat Work authentication flow + builder.AllowWeChatWorkFlow(); + }); +} +``` + +3. Usage example: + +WeChat Work Authentication: +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=wechat_work& +agent_id=1000001& +code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& +scope=openid profile wechat_work +``` + +## Parameters + +* agent_id (required) + * WeChat Work application ID + * Must be a valid WeChat Work application ID + +* code (required) + * WeChat Work authorization code + * Must be a valid WeChat Work authorization code + +* scope (optional) + * Requested permission scopes + * Defaults include openid profile wechat_work + +## Error Codes + +* invalid_grant + * GrantTypeInvalid - Authorization type not allowed + * WeChatTokenInvalid - WeChat Work authentication failed + * AgentIdOrCodeNotFound - Application ID or authorization code empty or not found + * UserIdNotRegister - User WeChat Work account not bound + +## Notes + +* Must configure correct WeChat Work application ID and secret +* Must configure correct WeChat Work enterprise ID +* Authorization codes have limited validity +* Multiple authentication failures may lead to account lockout +* All authentication operations are recorded in security logs +* HTTPS is recommended in production environments diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat.Work/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat.Work/README.md new file mode 100644 index 000000000..307f4f293 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat.Work/README.md @@ -0,0 +1,99 @@ +# LINGYUN.Abp.OpenIddict.WeChat.Work + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.WeChat.Work%2FLINGYUN.Abp.OpenIddict.WeChat.Work.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.WeChat.Work.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat.Work) + +## 介绍 + +`LINGYUN.Abp.OpenIddict.WeChat.Work` 是一个基于 OpenIddict 的企业微信认证扩展模块,支持企业微信的认证流程。 + +[English](./README.EN.md) + +## 功能 + +* 企业微信认证 + * 支持企业微信授权登录 + * 支持自动注册新用户 + * 支持跨租户认证 + * 支持安全日志记录 + +* 用户管理集成 + * 支持企业微信账号绑定 + * 支持账号锁定策略 + * 支持失败尝试计数 + +* 安全日志 + * 记录登录尝试 + * 记录认证失败 + * 记录账号锁定 + +* 本地化支持 + * 集成 ABP 本地化框架 + * 支持自定义错误消息 + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.WeChat.Work +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictWeChatWorkModule))]` 到你的模块类。 + +2. 配置 OpenIddict 服务器: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // 允许企业微信认证流程 + builder.AllowWeChatWorkFlow(); + }); +} +``` + +3. 使用示例: + +企业微信认证: +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=wechat_work& +agent_id=1000001& +code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& +scope=openid profile wechat_work +``` + +## 参数 + +* agent_id (必填) + * 企业微信应用ID + * 必须是有效的企业微信应用ID + +* code (必填) + * 企业微信授权码 + * 必须是有效的企业微信授权码 + +* scope (可选) + * 请求的权限范围 + * 默认包含 openid profile wechat_work + +## 错误码 + +* invalid_grant + * GrantTypeInvalid - 不被允许的授权类型 + * WeChatTokenInvalid - 企业微信认证失败 + * AgentIdOrCodeNotFound - 应用ID或授权码为空或不存在 + * UserIdNotRegister - 用户企业微信账号未绑定 + +## 注意事项 + +* 必须配置正确的企业微信应用ID和密钥 +* 必须配置正确的企业微信企业ID +* 授权码有效期有限 +* 多次认证失败可能导致账号锁定 +* 所有认证操作都会记录在安全日志中 +* 生产环境建议使用 HTTPS diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat/README.EN.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat/README.EN.md new file mode 100644 index 000000000..78bb877c5 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat/README.EN.md @@ -0,0 +1,110 @@ +# LINGYUN.Abp.OpenIddict.WeChat + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.WeChat%2FLINGYUN.Abp.OpenIddict.WeChat.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.WeChat.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat) + +## Introduction + +`LINGYUN.Abp.OpenIddict.WeChat` is a WeChat authentication extension module based on OpenIddict, supporting authentication flows for WeChat Official Platform and WeChat Mini Program. + +[简体中文](./README.md) + +## Features + +* WeChat Official Platform Authentication + * Support Official Account authorization login + * Support automatic new user registration + * Support cross-tenant authentication + * Support security logging + +* WeChat Mini Program Authentication + * Support Mini Program authorization login + * Support automatic new user registration + * Support cross-tenant authentication + * Support security logging + +* User Management Integration + * Support WeChat account binding + * Support account lockout policy + * Support failed attempt counting + +* Security Logging + * Record login attempts + * Record authentication failures + * Record account lockouts + +* Localization Support + * Integrated with ABP localization framework + * Support custom error messages + +## Installation + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.WeChat +``` + +## Usage + +1. Add `[DependsOn(typeof(AbpOpenIddictWeChatModule))]` to your module class. + +2. Configure OpenIddict server: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // Allow WeChat authentication flow + builder.AllowWeChatFlow(); + }); +} +``` + +3. Usage examples: + +WeChat Official Platform Authentication: +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=wechat_official& +code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& +scope=openid profile wechat +``` + +WeChat Mini Program Authentication: +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=wechat_mini_program& +code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& +scope=openid profile wechat +``` + +## Parameters + +* code (required) + * WeChat authorization code + * Must be a valid WeChat authorization code + +* scope (optional) + * Requested permission scopes + * Defaults include openid profile wechat + +## Error Codes + +* invalid_grant + * GrantTypeInvalid - Authorization type not allowed + * WeChatTokenInvalid - WeChat authentication failed + * WeChatCodeNotFound - WeChat authorization code empty or not found + * WeChatNotRegister - User WeChat account not bound + +## Notes + +* Must enable corresponding features (Official Platform or Mini Program authorization) +* Must configure correct WeChat application ID and secret +* Authorization codes have limited validity +* Multiple authentication failures may lead to account lockout +* All authentication operations are recorded in security logs +* HTTPS is recommended in production environments diff --git a/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat/README.md b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat/README.md new file mode 100644 index 000000000..a15819531 --- /dev/null +++ b/aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat/README.md @@ -0,0 +1,110 @@ +# LINGYUN.Abp.OpenIddict.WeChat + +[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.WeChat%2FLINGYUN.Abp.OpenIddict.WeChat.csproj)](https://abp.io) +[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.WeChat.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat) + +## 介绍 + +`LINGYUN.Abp.OpenIddict.WeChat` 是一个基于 OpenIddict 的微信认证扩展模块,支持微信公众平台和微信小程序的认证流程。 + +[English](./README.EN.md) + +## 功能 + +* 微信公众平台认证 + * 支持公众号授权登录 + * 支持自动注册新用户 + * 支持跨租户认证 + * 支持安全日志记录 + +* 微信小程序认证 + * 支持小程序授权登录 + * 支持自动注册新用户 + * 支持跨租户认证 + * 支持安全日志记录 + +* 用户管理集成 + * 支持微信账号绑定 + * 支持账号锁定策略 + * 支持失败尝试计数 + +* 安全日志 + * 记录登录尝试 + * 记录认证失败 + * 记录账号锁定 + +* 本地化支持 + * 集成 ABP 本地化框架 + * 支持自定义错误消息 + +## 安装 + +```bash +dotnet add package LINGYUN.Abp.OpenIddict.WeChat +``` + +## 使用 + +1. 添加 `[DependsOn(typeof(AbpOpenIddictWeChatModule))]` 到你的模块类。 + +2. 配置 OpenIddict 服务器: + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + // 允许微信认证流程 + builder.AllowWeChatFlow(); + }); +} +``` + +3. 使用示例: + +微信公众平台认证: +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=wechat_official& +code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& +scope=openid profile wechat +``` + +微信小程序认证: +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=wechat_mini_program& +code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7& +scope=openid profile wechat +``` + +## 参数 + +* code (必填) + * 微信授权码 + * 必须是有效的微信授权码 + +* scope (可选) + * 请求的权限范围 + * 默认包含 openid profile wechat + +## 错误码 + +* invalid_grant + * GrantTypeInvalid - 不被允许的授权类型 + * WeChatTokenInvalid - 微信认证失败 + * WeChatCodeNotFound - 微信授权码为空或不存在 + * WeChatNotRegister - 用户微信账号未绑定 + +## 注意事项 + +* 必须启用相应的功能(公众平台或小程序授权) +* 必须配置正确的微信应用 ID 和密钥 +* 授权码有效期有限 +* 多次认证失败可能导致账号锁定 +* 所有认证操作都会记录在安全日志中 +* 生产环境建议使用 HTTPS