diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application.Contracts/README.EN.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application.Contracts/README.EN.md new file mode 100644 index 000000000..d27af794a --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application.Contracts/README.EN.md @@ -0,0 +1,79 @@ +# LINGYUN.Abp.IdentityServer.Application.Contracts + +IdentityServer application service contracts module, defining application service interfaces and DTOs for IdentityServer4 resource management functionality. + +## Features + +* Permission Definitions + * Client Permissions + * Default Permission - `AbpIdentityServer.Clients` + * Create Permission - `AbpIdentityServer.Clients.Create` + * Update Permission - `AbpIdentityServer.Clients.Update` + * Delete Permission - `AbpIdentityServer.Clients.Delete` + * Clone Permission - `AbpIdentityServer.Clients.Clone` + * Manage Permissions - `AbpIdentityServer.Clients.ManagePermissions` + * Manage Claims - `AbpIdentityServer.Clients.ManageClaims` + * Manage Secrets - `AbpIdentityServer.Clients.ManageSecrets` + * Manage Properties - `AbpIdentityServer.Clients.ManageProperties` + + * API Resource Permissions + * Default Permission - `AbpIdentityServer.ApiResources` + * Create Permission - `AbpIdentityServer.ApiResources.Create` + * Update Permission - `AbpIdentityServer.ApiResources.Update` + * Delete Permission - `AbpIdentityServer.ApiResources.Delete` + * Manage Claims - `AbpIdentityServer.ApiResources.ManageClaims` + * Manage Secrets - `AbpIdentityServer.ApiResources.ManageSecrets` + * Manage Scopes - `AbpIdentityServer.ApiResources.ManageScopes` + * Manage Properties - `AbpIdentityServer.ApiResources.ManageProperties` + + * API Scope Permissions + * Default Permission - `AbpIdentityServer.ApiScopes` + * Create Permission - `AbpIdentityServer.ApiScopes.Create` + * Update Permission - `AbpIdentityServer.ApiScopes.Update` + * Delete Permission - `AbpIdentityServer.ApiScopes.Delete` + * Manage Claims - `AbpIdentityServer.ApiScopes.ManageClaims` + * Manage Properties - `AbpIdentityServer.ApiScopes.ManageProperties` + + * Identity Resource Permissions + * Default Permission - `AbpIdentityServer.IdentityResources` + * Create Permission - `AbpIdentityServer.IdentityResources.Create` + * Update Permission - `AbpIdentityServer.IdentityResources.Update` + * Delete Permission - `AbpIdentityServer.IdentityResources.Delete` + * Manage Claims - `AbpIdentityServer.IdentityResources.ManageClaims` + * Manage Properties - `AbpIdentityServer.IdentityResources.ManageProperties` + + * Grant Permissions + * Default Permission - `AbpIdentityServer.Grants` + * Delete Permission - `AbpIdentityServer.Grants.Delete` + +* Localization Resources + * Support for multi-language localization + * Built-in Chinese and English resources + +## Module Dependencies + +```csharp +[DependsOn( + typeof(AbpIdentityServerApplicationContractsModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## Required Modules + +* `AbpAuthorizationModule` - ABP Authorization Module +* `AbpDddApplicationContractsModule` - ABP DDD Application Contracts Module +* `AbpIdentityServerDomainSharedModule` - IdentityServer Domain Shared Module + +## Configuration and Usage + +The module provides application service interface definitions and data transfer objects required for IdentityServer4 resource management. All permissions are by default only available to the host tenant. + +Related Documentation: +* [IdentityServer4 Documentation](https://identityserver4.readthedocs.io/) +* [ABP Authorization Documentation](https://docs.abp.io/en/abp/latest/Authorization) + +[查看中文文档](README.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application.Contracts/README.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application.Contracts/README.md new file mode 100644 index 000000000..32b633125 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application.Contracts/README.md @@ -0,0 +1,79 @@ +# LINGYUN.Abp.IdentityServer.Application.Contracts + +IdentityServer应用服务契约模块,定义IdentityServer4资源管理相关功能的应用服务接口和DTO。 + +## 功能特性 + +* 权限定义 + * 客户端权限 + * 默认权限 - `AbpIdentityServer.Clients` + * 创建权限 - `AbpIdentityServer.Clients.Create` + * 更新权限 - `AbpIdentityServer.Clients.Update` + * 删除权限 - `AbpIdentityServer.Clients.Delete` + * 克隆权限 - `AbpIdentityServer.Clients.Clone` + * 管理权限 - `AbpIdentityServer.Clients.ManagePermissions` + * 管理声明 - `AbpIdentityServer.Clients.ManageClaims` + * 管理密钥 - `AbpIdentityServer.Clients.ManageSecrets` + * 管理属性 - `AbpIdentityServer.Clients.ManageProperties` + + * API资源权限 + * 默认权限 - `AbpIdentityServer.ApiResources` + * 创建权限 - `AbpIdentityServer.ApiResources.Create` + * 更新权限 - `AbpIdentityServer.ApiResources.Update` + * 删除权限 - `AbpIdentityServer.ApiResources.Delete` + * 管理声明 - `AbpIdentityServer.ApiResources.ManageClaims` + * 管理密钥 - `AbpIdentityServer.ApiResources.ManageSecrets` + * 管理作用域 - `AbpIdentityServer.ApiResources.ManageScopes` + * 管理属性 - `AbpIdentityServer.ApiResources.ManageProperties` + + * API作用域权限 + * 默认权限 - `AbpIdentityServer.ApiScopes` + * 创建权限 - `AbpIdentityServer.ApiScopes.Create` + * 更新权限 - `AbpIdentityServer.ApiScopes.Update` + * 删除权限 - `AbpIdentityServer.ApiScopes.Delete` + * 管理声明 - `AbpIdentityServer.ApiScopes.ManageClaims` + * 管理属性 - `AbpIdentityServer.ApiScopes.ManageProperties` + + * 身份资源权限 + * 默认权限 - `AbpIdentityServer.IdentityResources` + * 创建权限 - `AbpIdentityServer.IdentityResources.Create` + * 更新权限 - `AbpIdentityServer.IdentityResources.Update` + * 删除权限 - `AbpIdentityServer.IdentityResources.Delete` + * 管理声明 - `AbpIdentityServer.IdentityResources.ManageClaims` + * 管理属性 - `AbpIdentityServer.IdentityResources.ManageProperties` + + * 授权许可权限 + * 默认权限 - `AbpIdentityServer.Grants` + * 删除权限 - `AbpIdentityServer.Grants.Delete` + +* 本地化资源 + * 支持多语言本地化 + * 内置中英文资源 + +## 模块引用 + +```csharp +[DependsOn( + typeof(AbpIdentityServerApplicationContractsModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## 依赖模块 + +* `AbpAuthorizationModule` - ABP授权模块 +* `AbpDddApplicationContractsModule` - ABP DDD应用服务契约模块 +* `AbpIdentityServerDomainSharedModule` - IdentityServer领域共享模块 + +## 配置使用 + +模块提供了IdentityServer4资源管理所需的应用服务接口定义和数据传输对象。所有权限默认只对宿主租户开放。 + +相关文档: +* [IdentityServer4文档](https://identityserver4.readthedocs.io/) +* [ABP授权文档](https://docs.abp.io/en/abp/latest/Authorization) + +[查看英文文档](README.EN.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application/README.EN.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application/README.EN.md new file mode 100644 index 000000000..409eb2486 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application/README.EN.md @@ -0,0 +1,61 @@ +# LINGYUN.Abp.IdentityServer.Application + +IdentityServer application service module, providing application layer implementation for IdentityServer4 resource management functionality. + +## Features + +* Client Management Services + * Client Secret Management + * Client Scope Management + * Client Grant Type Management + * Client CORS Origin Management + * Client Redirect URI Management + * Client Post-Logout Redirect URI Management + * Client Identity Provider Restriction Management + * Client Claim Management + * Client Property Management + +* API Resource Management Services + * API Resource Property Management + * API Resource Secret Management + * API Resource Scope Management + * API Resource Claim Management + +* API Scope Management Services + * API Scope Claim Management + * API Scope Property Management + +* Identity Resource Management Services + * Identity Resource Claim Management + * Identity Resource Property Management + +* Persisted Grant Management Services + +## Module Dependencies + +```csharp +[DependsOn( + typeof(AbpIdentityServerApplicationModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## Required Modules + +* `AbpIdentityServerApplicationContractsModule` - IdentityServer Application Contracts Module +* `AbpIdentityServerDomainModule` - IdentityServer Domain Module +* `AbpDddApplicationModule` - ABP DDD Application Base Module +* `AbpAutoMapperModule` - ABP AutoMapper Object Mapping Module + +## Configuration and Usage + +The module implements CRUD operations for IdentityServer4 resources, primarily used for managing IdentityServer4 configuration resources. + +Related Documentation: +* [IdentityServer4 Documentation](https://identityserver4.readthedocs.io/) +* [ABP Authorization Documentation](https://docs.abp.io/en/abp/latest/Authorization) + +[查看中文文档](README.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application/README.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application/README.md new file mode 100644 index 000000000..bd18a03e9 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Application/README.md @@ -0,0 +1,61 @@ +# LINGYUN.Abp.IdentityServer.Application + +IdentityServer应用服务模块,提供IdentityServer4资源管理相关功能的应用层实现。 + +## 功能特性 + +* 客户端管理服务 + * 客户端密钥管理 + * 客户端作用域管理 + * 客户端授权类型管理 + * 客户端跨域来源管理 + * 客户端重定向URI管理 + * 客户端登出重定向URI管理 + * 客户端身份提供程序限制管理 + * 客户端声明管理 + * 客户端属性管理 + +* API资源管理服务 + * API资源属性管理 + * API资源密钥管理 + * API资源作用域管理 + * API资源声明管理 + +* API作用域管理服务 + * API作用域声明管理 + * API作用域属性管理 + +* 身份资源管理服务 + * 身份资源声明管理 + * 身份资源属性管理 + +* 持久授权管理服务 + +## 模块引用 + +```csharp +[DependsOn( + typeof(AbpIdentityServerApplicationModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## 依赖模块 + +* `AbpIdentityServerApplicationContractsModule` - IdentityServer应用服务契约模块 +* `AbpIdentityServerDomainModule` - IdentityServer领域模块 +* `AbpDddApplicationModule` - ABP DDD应用服务基础模块 +* `AbpAutoMapperModule` - ABP AutoMapper对象映射模块 + +## 配置使用 + +模块实现了IdentityServer4资源的CRUD操作,主要用于管理IdentityServer4的配置资源。 + +相关文档: +* [IdentityServer4文档](https://identityserver4.readthedocs.io/) +* [ABP授权文档](https://docs.abp.io/en/abp/latest/Authorization) + +[查看英文文档](README.EN.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Domain/README.EN.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Domain/README.EN.md new file mode 100644 index 000000000..e8d273956 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Domain/README.EN.md @@ -0,0 +1,69 @@ +# LINGYUN.Abp.IdentityServer.Domain + +IdentityServer domain module, extending the domain layer functionality of IdentityServer4. + +## Features + +* Event Service Extensions + * Custom Event Service Implementation - `AbpEventService` + * Configurable Event Handlers - `IAbpIdentityServerEventServiceHandler` + * Default Event Handler - `AbpIdentityServerEventServiceHandler` + * Support for Failure Event Logging + * Support for Information Event Logging + * Support for Success Event Logging + * Support for Error Event Logging + * Event Handler Registration Mechanism + * Configure Event Handlers through `AbpIdentityServerEventOptions` + +## Module Dependencies + +```csharp +[DependsOn( + typeof(AbpIdentityServerDomainModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## Required Modules + +* `Volo.Abp.IdentityServer.AbpIdentityServerDomainModule` - ABP IdentityServer Domain Module + +## Configuration and Usage + +### Event Handler Configuration + +```csharp +Configure(options => +{ + // Add custom event handler + options.EventServiceHandlers.Add(); +}); +``` + +### Event Handler Implementation + +```csharp +public class YourEventServiceHandler : IAbpIdentityServerEventServiceHandler +{ + public virtual bool CanRaiseEventType(EventTypes evtType) + { + // Implement event type validation logic + return true; + } + + public virtual Task RaiseAsync(Event evt) + { + // Implement event handling logic + return Task.CompletedTask; + } +} +``` + +Related Documentation: +* [IdentityServer4 Documentation](https://identityserver4.readthedocs.io/) +* [ABP IdentityServer Documentation](https://docs.abp.io/en/abp/latest/Modules/IdentityServer) + +[查看中文文档](README.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Domain/README.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Domain/README.md new file mode 100644 index 000000000..cb3c7f0d1 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Domain/README.md @@ -0,0 +1,69 @@ +# LINGYUN.Abp.IdentityServer.Domain + +IdentityServer领域模块,扩展IdentityServer4的领域层功能。 + +## 功能特性 + +* 事件服务扩展 + * 自定义事件服务实现 - `AbpEventService` + * 可配置的事件处理程序 - `IAbpIdentityServerEventServiceHandler` + * 默认事件处理程序 - `AbpIdentityServerEventServiceHandler` + * 支持失败事件记录 + * 支持信息事件记录 + * 支持成功事件记录 + * 支持错误事件记录 + * 事件处理程序注册机制 + * 通过`AbpIdentityServerEventOptions`配置事件处理程序 + +## 模块引用 + +```csharp +[DependsOn( + typeof(AbpIdentityServerDomainModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## 依赖模块 + +* `Volo.Abp.IdentityServer.AbpIdentityServerDomainModule` - ABP IdentityServer领域模块 + +## 配置使用 + +### 事件处理程序配置 + +```csharp +Configure(options => +{ + // 添加自定义事件处理程序 + options.EventServiceHandlers.Add(); +}); +``` + +### 事件处理程序实现 + +```csharp +public class YourEventServiceHandler : IAbpIdentityServerEventServiceHandler +{ + public virtual bool CanRaiseEventType(EventTypes evtType) + { + // 实现事件类型判断逻辑 + return true; + } + + public virtual Task RaiseAsync(Event evt) + { + // 实现事件处理逻辑 + return Task.CompletedTask; + } +} +``` + +相关文档: +* [IdentityServer4文档](https://identityserver4.readthedocs.io/) +* [ABP IdentityServer文档](https://docs.abp.io/en/abp/latest/Modules/IdentityServer) + +[查看英文文档](README.EN.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.EntityFrameworkCore/README.EN.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.EntityFrameworkCore/README.EN.md new file mode 100644 index 000000000..1ceed889c --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.EntityFrameworkCore/README.EN.md @@ -0,0 +1,71 @@ +# LINGYUN.Abp.IdentityServer.EntityFrameworkCore + +IdentityServer EntityFrameworkCore module, providing Entity Framework Core implementation for IdentityServer4. + +## Features + +* Repository Implementations + * API Resource Repository - `EfCoreApiResourceRepository` + * Get API Resource Names List + * Inherits from ABP Framework's API Resource Repository Base Class + + * Identity Resource Repository - `EfCoreIdentityResourceRepository` + * Inherits from ABP Framework's Identity Resource Repository Base Class + + * Persistent Grant Repository - `EfCorePersistentGrantRepository` + * Inherits from ABP Framework's Persistent Grant Repository Base Class + +* Database Context + * Uses ABP Framework's `IIdentityServerDbContext` + * Supports Multi-tenant Data Isolation + +## Module Dependencies + +```csharp +[DependsOn( + typeof(AbpIdentityServerEntityFrameworkCoreModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## Required Modules + +* `LINGYUN.Abp.IdentityServer.AbpIdentityServerDomainModule` - IdentityServer Domain Module +* `Volo.Abp.IdentityServer.EntityFrameworkCore.AbpIdentityServerEntityFrameworkCoreModule` - ABP IdentityServer EntityFrameworkCore Module + +## Configuration and Usage + +### Configure Database Context + +```csharp +public class YourDbContext : AbpDbContext, IIdentityServerDbContext +{ + public DbSet ApiResources { get; set; } + public DbSet ApiScopes { get; set; } + public DbSet IdentityResources { get; set; } + public DbSet Clients { get; set; } + public DbSet PersistedGrants { get; set; } + public DbSet DeviceFlowCodes { get; set; } + + public YourDbContext(DbContextOptions options) + : base(options) + { + } + + protected override void OnModelCreating(ModelBuilder modelBuilder) + { + base.OnModelCreating(modelBuilder); + + modelBuilder.ConfigureIdentityServer(); + } +} +``` + +Related Documentation: +* [IdentityServer4 Documentation](https://identityserver4.readthedocs.io/) +* [ABP EntityFrameworkCore Documentation](https://docs.abp.io/en/abp/latest/Entity-Framework-Core) + +[查看中文文档](README.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.EntityFrameworkCore/README.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.EntityFrameworkCore/README.md new file mode 100644 index 000000000..fa2ac0600 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.EntityFrameworkCore/README.md @@ -0,0 +1,71 @@ +# LINGYUN.Abp.IdentityServer.EntityFrameworkCore + +IdentityServer EntityFrameworkCore模块,提供IdentityServer4的Entity Framework Core实现。 + +## 功能特性 + +* 仓储实现 + * API资源仓储 - `EfCoreApiResourceRepository` + * 获取API资源名称列表 + * 继承自ABP框架的API资源仓储基类 + + * 身份资源仓储 - `EfCoreIdentityResourceRepository` + * 继承自ABP框架的身份资源仓储基类 + + * 持久授权仓储 - `EfCorePersistentGrantRepository` + * 继承自ABP框架的持久授权仓储基类 + +* 数据库上下文 + * 使用ABP框架的`IIdentityServerDbContext` + * 支持多租户数据隔离 + +## 模块引用 + +```csharp +[DependsOn( + typeof(AbpIdentityServerEntityFrameworkCoreModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## 依赖模块 + +* `LINGYUN.Abp.IdentityServer.AbpIdentityServerDomainModule` - IdentityServer领域模块 +* `Volo.Abp.IdentityServer.EntityFrameworkCore.AbpIdentityServerEntityFrameworkCoreModule` - ABP IdentityServer EntityFrameworkCore模块 + +## 配置使用 + +### 配置数据库上下文 + +```csharp +public class YourDbContext : AbpDbContext, IIdentityServerDbContext +{ + public DbSet ApiResources { get; set; } + public DbSet ApiScopes { get; set; } + public DbSet IdentityResources { get; set; } + public DbSet Clients { get; set; } + public DbSet PersistedGrants { get; set; } + public DbSet DeviceFlowCodes { get; set; } + + public YourDbContext(DbContextOptions options) + : base(options) + { + } + + protected override void OnModelCreating(ModelBuilder modelBuilder) + { + base.OnModelCreating(modelBuilder); + + modelBuilder.ConfigureIdentityServer(); + } +} +``` + +相关文档: +* [IdentityServer4文档](https://identityserver4.readthedocs.io/) +* [ABP EntityFrameworkCore文档](https://docs.abp.io/en/abp/latest/Entity-Framework-Core) + +[查看英文文档](README.EN.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.HttpApi/README.EN.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.HttpApi/README.EN.md new file mode 100644 index 000000000..5037f6665 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.HttpApi/README.EN.md @@ -0,0 +1,69 @@ +# LINGYUN.Abp.IdentityServer.HttpApi + +IdentityServer HTTP API module, providing HTTP API interfaces for IdentityServer4 resource management. + +## Features + +* API Controllers + * API Scope Controller - `ApiScopeController` + * Create API Scope - POST `/api/identity-server/api-scopes` + * Delete API Scope - DELETE `/api/identity-server/api-scopes/{id}` + * Get API Scope - GET `/api/identity-server/api-scopes/{id}` + * Get API Scope List - GET `/api/identity-server/api-scopes` + * Update API Scope - PUT `/api/identity-server/api-scopes/{id}` + + * API Resource Controller - `ApiResourceController` + * Provides CRUD operation interfaces for API resources + * Route prefix: `/api/identity-server/api-resources` + +* Localization Support + * Inherits ABP UI resource localization configuration + * Supports multiple languages + +## Module Dependencies + +```csharp +[DependsOn( + typeof(AbpIdentityServerHttpApiModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## Required Modules + +* `AbpIdentityServerApplicationContractsModule` - IdentityServer Application Contracts Module +* `AbpAspNetCoreMvcModule` - ABP ASP.NET Core MVC Module + +## Configuration and Usage + +### Configure Remote Service Name + +```csharp +[RemoteService(Name = AbpIdentityServerConsts.RemoteServiceName)] +[Area("identity-server")] +[Route("api/identity-server/[controller]")] +public class YourController : AbpControllerBase +{ + // ... +} +``` + +### Add Localization Resource + +```csharp +Configure(options => +{ + options.Resources + .Get() + .AddBaseTypes(typeof(AbpUiResource)); +}); +``` + +Related Documentation: +* [IdentityServer4 Documentation](https://identityserver4.readthedocs.io/) +* [ABP ASP.NET Core MVC Documentation](https://docs.abp.io/en/abp/latest/AspNetCore-MVC) + +[查看中文文档](README.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.HttpApi/README.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.HttpApi/README.md new file mode 100644 index 000000000..4be6e73b0 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.HttpApi/README.md @@ -0,0 +1,69 @@ +# LINGYUN.Abp.IdentityServer.HttpApi + +IdentityServer HTTP API模块,提供IdentityServer4资源管理的HTTP API接口。 + +## 功能特性 + +* API控制器 + * API作用域控制器 - `ApiScopeController` + * 创建API作用域 - POST `/api/identity-server/api-scopes` + * 删除API作用域 - DELETE `/api/identity-server/api-scopes/{id}` + * 获取API作用域 - GET `/api/identity-server/api-scopes/{id}` + * 获取API作用域列表 - GET `/api/identity-server/api-scopes` + * 更新API作用域 - PUT `/api/identity-server/api-scopes/{id}` + + * API资源控制器 - `ApiResourceController` + * 提供API资源的CRUD操作接口 + * 路由前缀:`/api/identity-server/api-resources` + +* 本地化支持 + * 继承ABP UI资源的本地化配置 + * 支持多语言 + +## 模块引用 + +```csharp +[DependsOn( + typeof(AbpIdentityServerHttpApiModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## 依赖模块 + +* `AbpIdentityServerApplicationContractsModule` - IdentityServer应用服务契约模块 +* `AbpAspNetCoreMvcModule` - ABP ASP.NET Core MVC模块 + +## 配置使用 + +### 配置远程服务名称 + +```csharp +[RemoteService(Name = AbpIdentityServerConsts.RemoteServiceName)] +[Area("identity-server")] +[Route("api/identity-server/[controller]")] +public class YourController : AbpControllerBase +{ + // ... +} +``` + +### 添加本地化资源 + +```csharp +Configure(options => +{ + options.Resources + .Get() + .AddBaseTypes(typeof(AbpUiResource)); +}); +``` + +相关文档: +* [IdentityServer4文档](https://identityserver4.readthedocs.io/) +* [ABP ASP.NET Core MVC文档](https://docs.abp.io/en/abp/latest/AspNetCore-MVC) + +[查看英文文档](README.EN.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.LinkUser/README.EN.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.LinkUser/README.EN.md new file mode 100644 index 000000000..11dd48657 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.LinkUser/README.EN.md @@ -0,0 +1,75 @@ +# LINGYUN.Abp.IdentityServer.LinkUser + +IdentityServer user linking module, providing support for user linking extension grant type. + +## Features + +* Extension Grant Validator + * `LinkUserGrantValidator` - User Linking Grant Validator + * Grant Type: `link_user` + * Supports access token validation + * Supports user linking relationship validation + * Supports multi-tenant scenarios + * Supports custom claims extension + +* Localization Support + * Built-in Chinese and English resources + * Support for extending other languages + +## Module Dependencies + +```csharp +[DependsOn( + typeof(AbpIdentityServerLinkUserModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## Required Modules + +* `AbpIdentityServerDomainModule` - ABP IdentityServer Domain Module + +## Configuration and Usage + +### Authorization Request Parameters + +* `grant_type` - Must be `link_user` +* `access_token` - Current user's access token +* `LinkUserId` - Target user ID to link +* `LinkTenantId` - Target user's tenant ID (optional) + +### Authorization Request Example + +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=link_user& +access_token=current_user_access_token& +LinkUserId=target_user_id& +LinkTenantId=target_tenant_id +``` + +### Custom Claims Extension + +```csharp +public class CustomLinkUserGrantValidator : LinkUserGrantValidator +{ + protected override Task AddCustomClaimsAsync(List customClaims, IdentityUser user, ExtensionGrantValidationContext context) + { + // Add custom claims + customClaims.Add(new Claim("custom_claim", "custom_value")); + + return base.AddCustomClaimsAsync(customClaims, user, context); + } +} +``` + +Related Documentation: +* [IdentityServer4 Documentation](https://identityserver4.readthedocs.io/) +* [ABP Authentication Documentation](https://docs.abp.io/en/abp/latest/Authentication) + +[查看中文文档](README.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.LinkUser/README.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.LinkUser/README.md new file mode 100644 index 000000000..0d087b6e5 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.LinkUser/README.md @@ -0,0 +1,75 @@ +# LINGYUN.Abp.IdentityServer.LinkUser + +IdentityServer用户关联模块,提供用户关联的扩展授权类型支持。 + +## 功能特性 + +* 扩展授权验证器 + * `LinkUserGrantValidator` - 用户关联授权验证器 + * 授权类型:`link_user` + * 支持验证访问令牌 + * 支持验证用户关联关系 + * 支持多租户场景 + * 支持自定义声明扩展 + +* 本地化支持 + * 内置中英文资源 + * 支持扩展其他语言 + +## 模块引用 + +```csharp +[DependsOn( + typeof(AbpIdentityServerLinkUserModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## 依赖模块 + +* `AbpIdentityServerDomainModule` - ABP IdentityServer领域模块 + +## 配置使用 + +### 授权请求参数 + +* `grant_type` - 必须为 `link_user` +* `access_token` - 当前用户的访问令牌 +* `LinkUserId` - 要关联的用户ID +* `LinkTenantId` - 要关联的用户所属租户ID(可选) + +### 授权请求示例 + +```http +POST /connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=link_user& +access_token=current_user_access_token& +LinkUserId=target_user_id& +LinkTenantId=target_tenant_id +``` + +### 自定义声明扩展 + +```csharp +public class CustomLinkUserGrantValidator : LinkUserGrantValidator +{ + protected override Task AddCustomClaimsAsync(List customClaims, IdentityUser user, ExtensionGrantValidationContext context) + { + // 添加自定义声明 + customClaims.Add(new Claim("custom_claim", "custom_value")); + + return base.AddCustomClaimsAsync(customClaims, user, context); + } +} +``` + +相关文档: +* [IdentityServer4文档](https://identityserver4.readthedocs.io/) +* [ABP身份认证文档](https://docs.abp.io/en/abp/latest/Authentication) + +[查看英文文档](README.EN.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Portal/README.EN.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Portal/README.EN.md new file mode 100644 index 000000000..945847c83 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Portal/README.EN.md @@ -0,0 +1,94 @@ +# LINGYUN.Abp.IdentityServer.Portal + +IdentityServer portal authentication module that provides enterprise portal authentication functionality. + +## Features + +* Portal Authentication + * `PortalGrantValidator` - Portal Grant Validator + * Supports enterprise portal login + * Supports multi-tenant authentication + * Automatic tenant switching + * Enterprise information validation + * User password validation + * Security log recording + +* Authentication Flow + 1. User initiates login request using portal + 2. Check if enterprise identifier (EnterpriseId) is provided + * Without EnterpriseId: Returns list of enterprises with tenant information + * With EnterpriseId: Retrieves associated tenant information and switches to specified tenant + 3. Performs login validation using password method + 4. Returns token upon successful login + +## Module Reference + +```csharp +[DependsOn( + typeof(AbpIdentityServerPortalModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## Dependencies + +* `AbpIdentityServerDomainModule` - ABP IdentityServer Domain Module +* `AbpAspNetCoreMultiTenancyModule` - ABP Multi-tenancy Module +* `PlatformDomainModule` - Platform Domain Module + +## Configuration and Usage + +### Configure Portal Authentication + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + builder.AddExtensionGrantValidator(); + }); +} +``` + +### Authentication Request Parameters + +* `grant_type`: "portal" (required) +* `enterpriseId`: Enterprise identifier (optional) +* `username`: Username (required) +* `password`: Password (required) +* `scope`: Request scope (optional) + +### Authentication Response + +* When enterpriseId is not provided: +```json +{ + "error": "invalid_grant", + "enterprises": [ + { + "id": "enterprise_id", + "name": "enterprise_name", + "code": "enterprise_code" + } + ] +} +``` + +* On successful authentication: +```json +{ + "access_token": "access_token", + "expires_in": expiration_time, + "token_type": "Bearer", + "refresh_token": "refresh_token" +} +``` + +Related Documentation: +* [IdentityServer4 Documentation](https://identityserver4.readthedocs.io/) +* [ABP Multi-tenancy Documentation](https://docs.abp.io/en/abp/latest/Multi-Tenancy) + +[查看中文文档](README.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Portal/README.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Portal/README.md new file mode 100644 index 000000000..93cc44d64 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Portal/README.md @@ -0,0 +1,94 @@ +# LINGYUN.Abp.IdentityServer.Portal + +IdentityServer门户认证模块,提供企业门户的认证功能。 + +## 功能特性 + +* 门户认证 + * `PortalGrantValidator` - 门户授权验证器 + * 支持企业门户登录 + * 支持多租户认证 + * 自动切换租户 + * 企业信息验证 + * 用户密码验证 + * 安全日志记录 + +* 认证流程 + 1. 用户使用portal发起登录请求 + 2. 检查是否携带企业标识字段(EnterpriseId) + * 未携带EnterpriseId: 返回关联了租户信息的企业列表 + * 携带EnterpriseId: 检索关联租户信息并切换到指定租户 + 3. 使用password方式进行登录验证 + 4. 登录成功返回token + +## 模块引用 + +```csharp +[DependsOn( + typeof(AbpIdentityServerPortalModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## 依赖模块 + +* `AbpIdentityServerDomainModule` - ABP IdentityServer领域模块 +* `AbpAspNetCoreMultiTenancyModule` - ABP多租户模块 +* `PlatformDomainModule` - 平台领域模块 + +## 配置使用 + +### 配置门户认证 + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + builder.AddExtensionGrantValidator(); + }); +} +``` + +### 认证请求参数 + +* `grant_type`: "portal" (必填) +* `enterpriseId`: 企业标识 (可选) +* `username`: 用户名 (必填) +* `password`: 密码 (必填) +* `scope`: 请求范围 (可选) + +### 认证响应 + +* 未提供enterpriseId时: +```json +{ + "error": "invalid_grant", + "enterprises": [ + { + "id": "企业标识", + "name": "企业名称", + "code": "企业编码" + } + ] +} +``` + +* 认证成功: +```json +{ + "access_token": "访问令牌", + "expires_in": 有效期, + "token_type": "Bearer", + "refresh_token": "刷新令牌" +} +``` + +相关文档: +* [IdentityServer4文档](https://identityserver4.readthedocs.io/) +* [ABP多租户文档](https://docs.abp.io/en/abp/latest/Multi-Tenancy) + +[查看英文文档](README.EN.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Session/README.EN.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Session/README.EN.md new file mode 100644 index 000000000..b8f528fb7 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Session/README.EN.md @@ -0,0 +1,77 @@ +# LINGYUN.Abp.IdentityServer.Session + +IdentityServer session management module that provides user session management and validation functionality. + +## Features + +* Session Validation + * `AbpIdentitySessionUserInfoRequestValidator` - User Info Request Validator + * Validates user session status + * Validates access token validity + * Validates user active status + * Supports OpenID Connect standard + +* Session Event Handling + * `AbpIdentitySessionEventServiceHandler` - Session Event Handler + * Handles user login success events + * Saves session information + * Supports multi-tenancy + * Records client identifier + * Handles user logout success events + * Revokes session + * Handles token revocation success events + * Revokes session + +* Configuration Options + * Session Claims Configuration + * Add SessionId claim + * Session Login Configuration + * Disable explicit session saving + * Enable explicit session logout + +## Module Reference + +```csharp +[DependsOn( + typeof(AbpIdentityServerSessionModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## Dependencies + +* `AbpIdentityServerDomainModule` - ABP IdentityServer Domain Module +* `AbpIdentityDomainModule` - ABP Identity Domain Module +* `AbpIdentitySessionModule` - ABP Identity Session Module + +## Configuration and Usage + +### Configure Session Options + +```csharp +Configure(options => +{ + // UserLoginSuccessEvent is published by IdentityServer, no need for explicit session saving + options.SignInSessionEnabled = false; + // UserLoginSuccessEvent is published by user, requires explicit session logout + options.SignOutSessionEnabled = true; +}); +``` + +### Configure Claims Options + +```csharp +Configure(options => +{ + options.RequestedClaims.Add(AbpClaimTypes.SessionId); +}); +``` + +Related Documentation: +* [IdentityServer4 Documentation](https://identityserver4.readthedocs.io/) +* [ABP Identity Documentation](https://docs.abp.io/en/abp/latest/Modules/Identity) + +[查看中文文档](README.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Session/README.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Session/README.md index d03497843..15eef870c 100644 --- a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Session/README.md +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Session/README.md @@ -1,17 +1,77 @@ # LINGYUN.Abp.IdentityServer.Session -IdentityServer集成模块用户会话扩展,通过IdentityServer暴露的事件接口处理用户会话 +IdentityServer会话管理模块,提供用户会话管理和验证功能。 -## 参考实现 +## 功能特性 -* [Session Management](https://github.com/abpio/abp-commercial-docs/blob/dev/en/modules/identity/session-management.md#identitysessioncleanupoptions) +* 会话验证 + * `AbpIdentitySessionUserInfoRequestValidator` - 用户信息请求验证器 + * 验证用户会话状态 + * 验证访问令牌有效性 + * 验证用户活动状态 + * 支持OpenID Connect标准 -## 配置使用 +* 会话事件处理 + * `AbpIdentitySessionEventServiceHandler` - 会话事件处理器 + * 处理用户登录成功事件 + * 保存会话信息 + * 支持多租户 + * 记录客户端标识 + * 处理用户登出成功事件 + * 撤销会话 + * 处理令牌撤销成功事件 + * 撤销会话 + +* 配置选项 + * 会话声明配置 + * 添加SessionId声明 + * 会话登录配置 + * 禁用显式保存会话 + * 启用显式注销会话 + +## 模块引用 ```csharp -[DependsOn(typeof(AbpIdentityServerSessionModule))] -public class YouProjectModule : AbpModule +[DependsOn( + typeof(AbpIdentityServerSessionModule) +)] +public class YourModule : AbpModule { - // other + // ... } ``` + +## 依赖模块 + +* `AbpIdentityServerDomainModule` - ABP IdentityServer领域模块 +* `AbpIdentityDomainModule` - ABP Identity领域模块 +* `AbpIdentitySessionModule` - ABP Identity会话模块 + +## 配置使用 + +### 配置会话选项 + +```csharp +Configure(options => +{ + // UserLoginSuccessEvent由IdentityServer发布, 无需显式保存会话 + options.SignInSessionEnabled = false; + // UserLoginSuccessEvent由用户发布, 需要显式注销会话 + options.SignOutSessionEnabled = true; +}); +``` + +### 配置声明选项 + +```csharp +Configure(options => +{ + options.RequestedClaims.Add(AbpClaimTypes.SessionId); +}); +``` + +相关文档: +* [IdentityServer4文档](https://identityserver4.readthedocs.io/) +* [ABP Identity文档](https://docs.abp.io/en/abp/latest/Modules/Identity) + +[查看英文文档](README.EN.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/README.EN.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/README.EN.md new file mode 100644 index 000000000..d2ffed85b --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/README.EN.md @@ -0,0 +1,92 @@ +# LINGYUN.Abp.IdentityServer.SmsValidator + +IdentityServer SMS verification module that provides authentication functionality based on phone numbers and SMS verification codes. + +## Features + +* SMS Verification + * `SmsTokenGrantValidator` - SMS Token Grant Validator + * Phone number validation + * SMS verification code validation + * Brute force protection + * User lockout check + * Security log recording + * Event notifications + +* Authentication Flow + 1. User initiates login request with phone number and SMS verification code + 2. Validates phone number and verification code + 3. Checks user status (whether locked) + 4. Generates access token upon successful validation + 5. Records security logs and events + +## Module Reference + +```csharp +[DependsOn( + typeof(AbpIdentityServerSmsValidatorModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## Dependencies + +* `AbpIdentityServerDomainModule` - ABP IdentityServer Domain Module + +## Configuration and Usage + +### Configure SMS Validation + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + builder.AddExtensionGrantValidator(); + }); +} +``` + +### Authentication Request Parameters + +* `grant_type`: "phone_verify" (required) +* `phone_number`: Phone number (required) +* `phone_verify_code`: SMS verification code (required) +* `scope`: Request scope (optional) + +### Authentication Response + +* On successful authentication: +```json +{ + "access_token": "access_token", + "expires_in": expiration_time, + "token_type": "Bearer", + "refresh_token": "refresh_token" +} +``` + +* On authentication failure: +```json +{ + "error": "invalid_grant", + "error_description": "error description" +} +``` + +### Error Types + +* `invalid_grant`: Grant validation failed + * Phone number not registered + * Invalid verification code + * User locked out + * Missing parameters + +Related Documentation: +* [IdentityServer4 Documentation](https://identityserver4.readthedocs.io/) +* [ABP Identity Documentation](https://docs.abp.io/en/abp/latest/Modules/Identity) + +[查看中文文档](README.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/README.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/README.md new file mode 100644 index 000000000..e8c684b9b --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/README.md @@ -0,0 +1,92 @@ +# LINGYUN.Abp.IdentityServer.SmsValidator + +IdentityServer短信验证模块,提供基于手机号和短信验证码的身份认证功能。 + +## 功能特性 + +* 短信验证 + * `SmsTokenGrantValidator` - 短信验证授权器 + * 支持手机号验证 + * 支持短信验证码验证 + * 防暴力破解保护 + * 用户锁定检查 + * 安全日志记录 + * 事件通知 + +* 认证流程 + 1. 用户使用手机号和短信验证码发起登录请求 + 2. 验证手机号和验证码的有效性 + 3. 验证用户状态(是否被锁定) + 4. 验证通过后生成访问令牌 + 5. 记录安全日志和事件 + +## 模块引用 + +```csharp +[DependsOn( + typeof(AbpIdentityServerSmsValidatorModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## 依赖模块 + +* `AbpIdentityServerDomainModule` - ABP IdentityServer领域模块 + +## 配置使用 + +### 配置短信验证 + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + builder.AddExtensionGrantValidator(); + }); +} +``` + +### 认证请求参数 + +* `grant_type`: "phone_verify" (必填) +* `phone_number`: 手机号 (必填) +* `phone_verify_code`: 短信验证码 (必填) +* `scope`: 请求范围 (可选) + +### 认证响应 + +* 认证成功: +```json +{ + "access_token": "访问令牌", + "expires_in": 有效期, + "token_type": "Bearer", + "refresh_token": "刷新令牌" +} +``` + +* 认证失败: +```json +{ + "error": "invalid_grant", + "error_description": "错误描述" +} +``` + +### 错误类型 + +* `invalid_grant`: 授权验证失败 + * 手机号未注册 + * 验证码无效 + * 用户被锁定 + * 参数缺失 + +相关文档: +* [IdentityServer4文档](https://identityserver4.readthedocs.io/) +* [ABP Identity文档](https://docs.abp.io/en/abp/latest/Modules/Identity) + +[查看英文文档](README.EN.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.WeChat.Work/README.EN.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.WeChat.Work/README.EN.md new file mode 100644 index 000000000..a1c052b36 --- /dev/null +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.WeChat.Work/README.EN.md @@ -0,0 +1,106 @@ +# LINGYUN.Abp.IdentityServer.WeChat.Work + +IdentityServer WeChat Work authentication module that provides identity authentication functionality based on WeChat Work. + +## Features + +* WeChat Work Authentication + * `WeChatWorkGrantValidator` - WeChat Work Grant Validator + * WeChat Work login support + * Multi-tenant support + * Automatic user registration + * Security log recording + * Event notifications + * Localization support + +* Authentication Flow + 1. User initiates login request through WeChat Work + 2. Validates AgentId and Code + 3. Retrieves WeChat Work user information + 4. Verifies user registration status + * Direct login for registered users + * Automatic registration based on configuration for unregistered users + 5. Generates access token + 6. Records security logs and events + +## Module Reference + +```csharp +[DependsOn( + typeof(AbpIdentityServerWeChatWorkModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## Dependencies + +* `AbpIdentityServerDomainModule` - ABP IdentityServer Domain Module +* `AbpWeChatWorkModule` - ABP WeChat Work Module + +## Configuration and Usage + +### Configure WeChat Work Authentication + +```csharp +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + builder.AddExtensionGrantValidator(); + }); +} +``` + +### Authentication Request Parameters + +* `grant_type`: "wechat_work" (required) +* `agent_id`: WeChat Work application ID (required) +* `code`: WeChat Work authorization code (required) +* `scope`: Request scope (optional) + +### Authentication Response + +* On successful authentication: +```json +{ + "access_token": "access_token", + "expires_in": expiration_time, + "token_type": "Bearer", + "refresh_token": "refresh_token" +} +``` + +* On authentication failure: +```json +{ + "error": "invalid_grant", + "error_description": "error description" +} +``` + +### Configuration Options + +* Quick Login +```csharp +Configure(options => +{ + // Enable quick login for unregistered users + options.SetDefault(WeChatWorkSettingNames.EnabledQuickLogin, true); +}); +``` + +### Error Types + +* `invalid_grant`: Grant validation failed + * Invalid AgentId or Code + * User not registered and quick login not enabled + * WeChat Work API call failed + +Related Documentation: +* [IdentityServer4 Documentation](https://identityserver4.readthedocs.io/) +* [WeChat Work API Documentation](https://work.weixin.qq.com/api/doc) + +[查看中文文档](README.md) diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.WeChat.Work/README.md b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.WeChat.Work/README.md index 67be60641..07f034066 100644 --- a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.WeChat.Work/README.md +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.WeChat.Work/README.md @@ -1,25 +1,106 @@ # LINGYUN.Abp.IdentityServer.WeChat.Work -企业微信扩展登录集成 +IdentityServer企业微信认证模块,提供基于企业微信的身份认证功能。 +## 功能特性 + +* 企业微信认证 + * `WeChatWorkGrantValidator` - 企业微信授权验证器 + * 支持企业微信登录 + * 支持多租户 + * 自动用户注册 + * 安全日志记录 + * 事件通知 + * 本地化支持 + +* 认证流程 + 1. 用户通过企业微信发起登录请求 + 2. 验证AgentId和Code的有效性 + 3. 获取企业微信用户信息 + 4. 验证用户注册状态 + * 已注册用户直接登录 + * 未注册用户根据配置自动注册 + 5. 生成访问令牌 + 6. 记录安全日志和事件 + +## 模块引用 + +```csharp +[DependsOn( + typeof(AbpIdentityServerWeChatWorkModule) +)] +public class YourModule : AbpModule +{ + // ... +} +``` + +## 依赖模块 + +* `AbpIdentityServerDomainModule` - ABP IdentityServer领域模块 +* `AbpWeChatWorkModule` - ABP企业微信模块 ## 配置使用 +### 配置企业微信认证 + ```csharp -[DependsOn(typeof(AbpIdentityServerWeChatWorkModule))] -public class YouProjectModule : AbpModule +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + builder.AddExtensionGrantValidator(); + }); +} +``` + +### 认证请求参数 + +* `grant_type`: "wechat_work" (必填) +* `agent_id`: 企业微信应用ID (必填) +* `code`: 企业微信授权码 (必填) +* `scope`: 请求范围 (可选) + +### 认证响应 + +* 认证成功: +```json +{ + "access_token": "访问令牌", + "expires_in": 有效期, + "token_type": "Bearer", + "refresh_token": "刷新令牌" +} +``` + +* 认证失败: +```json { - // other + "error": "invalid_grant", + "error_description": "错误描述" } ``` -```shell +### 配置选项 -curl -X POST "http://127.0.0.1:44385/connect/token" \ ---header 'Content-Type: application/x-www-form-urlencoded' \ ---data-urlencode 'grant_type=wx-work' \ ---data-urlencode 'client_id=你的客户端标识' \ ---data-urlencode 'client_secret=你的客户端密钥' \ ---data-urlencode 'agent_id=你的企业微信应用标识' \ ---data-urlencode 'code=用户扫描登录二维码后重定向页面携带的code标识, 换取用户信息的关键' \ +* 快速登录 +```csharp +Configure(options => +{ + // 启用未注册用户快速登录 + options.SetDefault(WeChatWorkSettingNames.EnabledQuickLogin, true); +}); ``` + +### 错误类型 + +* `invalid_grant`: 授权验证失败 + * AgentId或Code无效 + * 用户未注册且未启用快速登录 + * 企业微信API调用失败 + +相关文档: +* [IdentityServer4文档](https://identityserver4.readthedocs.io/) +* [企业微信开发文档](https://work.weixin.qq.com/api/doc) + +[查看英文文档](README.EN.md)