diff --git a/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.Configure.cs b/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.Configure.cs index bd45d1590..c9c9c2e7e 100644 --- a/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.Configure.cs +++ b/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.Configure.cs @@ -29,6 +29,8 @@ using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Tokens; +using OpenIddict.Server; +using OpenIddict.Server.AspNetCore; using OpenIddict.Validation.AspNetCore; using StackExchange.Redis; using System; @@ -111,7 +113,7 @@ public partial class AuthServerModule }); } - private void PreConfigureAuth() + private void PreConfigureAuthServer() { PreConfigure(builder => { @@ -139,7 +141,7 @@ public partial class AuthServerModule PreConfigure(builder => { - builder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "e1c48393-0c43-11f0-9582-4aecacda42db"); + builder.AddProductionEncryptionAndSigningCertificate(configuration["App:SslFile"], configuration["App:SslPassword"]); }); } @@ -367,6 +369,31 @@ public partial class AuthServerModule } }); } + + private void ConfigureAuthServer(IConfiguration configuration) + { + Configure(builder => + { + builder.DisableTransportSecurityRequirement(); + }); + + Configure(options => + { + options.DisableTransportSecurityRequirement = true; + }); + + Configure(options => + { + var lifetime = configuration.GetSection("OpenIddict:Lifetime"); + options.AuthorizationCodeLifetime = lifetime.GetValue("AuthorizationCode", options.AuthorizationCodeLifetime); + options.AccessTokenLifetime = lifetime.GetValue("AccessToken", options.AccessTokenLifetime); + options.DeviceCodeLifetime = lifetime.GetValue("DeviceCode", options.DeviceCodeLifetime); + options.IdentityTokenLifetime = lifetime.GetValue("IdentityToken", options.IdentityTokenLifetime); + options.RefreshTokenLifetime = lifetime.GetValue("RefreshToken", options.RefreshTokenLifetime); + options.RefreshTokenReuseLeeway = lifetime.GetValue("RefreshTokenReuseLeeway", options.RefreshTokenReuseLeeway); + options.UserCodeLifetime = lifetime.GetValue("UserCode", options.UserCodeLifetime); + }); + } private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false) { services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); diff --git a/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.cs b/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.cs index 160bb7d4a..f79f1b147 100644 --- a/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.cs +++ b/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.cs @@ -84,10 +84,10 @@ public partial class AuthServerModule : AbpModule var configuration = context.Services.GetConfiguration(); var hostingEnvironment = context.Services.GetHostingEnvironment(); - PreConfigureAuth(); PreConfigureWrapper(); PreConfigureFeature(); PreForwardedHeaders(); + PreConfigureAuthServer(); PreConfigureApp(configuration); PreConfigureCAP(configuration); PreConfigureCertificate(configuration, hostingEnvironment); @@ -110,6 +110,7 @@ public partial class AuthServerModule : AbpModule ConfigureUrls(configuration); ConfigureTiming(configuration); ConfigureAuditing(configuration); + ConfigureAuthServer(configuration); ConfigureMultiTenancy(configuration); ConfigureJsonSerializer(configuration); ConfigureMvc(context.Services, configuration); diff --git a/aspnet-core/services/LY.MicroService.AuthServer/appsettings.json b/aspnet-core/services/LY.MicroService.AuthServer/appsettings.json index c2de7ad1c..baa0334c7 100644 --- a/aspnet-core/services/LY.MicroService.AuthServer/appsettings.json +++ b/aspnet-core/services/LY.MicroService.AuthServer/appsettings.json @@ -2,7 +2,9 @@ "App": { "Branding": { "AppName": "Auth Server" - } + }, + "SslFile": "openiddict.pfx", + "SslPassword": "e1c48393-0c43-11f0-9582-4aecacda42db" }, "Clock": { "Kind": "Local"