From b10126097f7458a867f35ffb4ba0f5496636a90a Mon Sep 17 00:00:00 2001 From: maliming Date: Mon, 25 Jul 2022 17:05:25 +0800 Subject: [PATCH 1/5] Migration Identity Server to OpenIddict Guides. --- .../IdentityServer_To_OpenIddict.md | 38 +++++++++++++++++++ docs/en/Modules/OpenIddict.md | 4 -- 2 files changed, 38 insertions(+), 4 deletions(-) create mode 100644 docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md diff --git a/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md b/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md new file mode 100644 index 0000000000..7496cde34f --- /dev/null +++ b/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md @@ -0,0 +1,38 @@ +# Migration Identity Server to OpenIddict Guides + +1. Replace all `Volo.Abp.IdentityServer.*` packages with corresponding `Volo.Abp.OpenIddict.*` packages. eg `Volo.Abp.IdentityServer.Domain` to `Volo.Abp.OpenIddict.Domain`. +2. Replace all `IdentityServer` modules with corresponding `OpenIddict` modules. eg `AbpIdentityServerDomainModule` to `AbpOpenIddictDomainModule`. +3. Rename the `ConfigureIdentityServer` to `ConfigureOpenIddict` in your `ProjectNameDbContext` class. +4. Remove the `UseIdentityServer` and add `UseAbpOpenIddictValidation` after `UseAuthentication`. +5. Add follow code to your startup module. +```cs +public override void PreConfigureServices(ServiceConfigurationContext context) +{ + PreConfigure(builder => + { + builder.AddValidation(options => + { + options.AddAudiences("MyProjectName"); + options.UseLocalServer(); + options.UseAspNetCore(); + }); + }); +} +``` +6. If your project is not separate AuthServer please also add `ForwardIdentityAuthenticationForBearer` +```cs +private void ConfigureAuthentication(ServiceConfigurationContext context) +{ + context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); +} +``` +7. Try compiling the project in the IDE and following the errors to remove and reference the code and namespaces. +8. Create a new version of the project, then copy `MyProjectName.Domain\OpenIddict\OpenIddictDataSeedContributor.cs` into your project, and update your `\appsettings.json` base on `MyProjectName.DbMigrator\appsettings.json` +9. Add migrations and update the database if you are using EF Core as the database provider. + +If in doubt with the above steps, create a new project to compare the code, or refer to the test project in the module + + +[OpenIddict module document](https://docs.abp.io/en/abp/6.0/Modules/OpenIddict) + +[OpenIddict module source code](https://github.com/abpframework/abp/tree/rel-6.0/modules/openiddict) \ No newline at end of file diff --git a/docs/en/Modules/OpenIddict.md b/docs/en/Modules/OpenIddict.md index ed25147be2..9e603f76a8 100644 --- a/docs/en/Modules/OpenIddict.md +++ b/docs/en/Modules/OpenIddict.md @@ -1,9 +1,5 @@ ## ABP OpenIddict Modules -## How to Install - -TODO: - ## User Interface This module implements the domain logic and database integrations, but not provides any UI. Management UI is useful if you need to add applications and scopes on the fly. In this case, you may build the management UI yourself or consider to purchase the [ABP Commercial](https://commercial.abp.io/) which provides the management UI for this module. From e685d2a80c8428b22d724e265846d7dc7ab5b58c Mon Sep 17 00:00:00 2001 From: maliming Date: Wed, 27 Jul 2022 14:25:58 +0800 Subject: [PATCH 2/5] Update IdentityServer_To_OpenIddict.md --- .../IdentityServer_To_OpenIddict.md | 26 +++++++++++-------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md b/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md index 7496cde34f..a4a076ed14 100644 --- a/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md +++ b/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md @@ -1,10 +1,10 @@ # Migration Identity Server to OpenIddict Guides -1. Replace all `Volo.Abp.IdentityServer.*` packages with corresponding `Volo.Abp.OpenIddict.*` packages. eg `Volo.Abp.IdentityServer.Domain` to `Volo.Abp.OpenIddict.Domain`. -2. Replace all `IdentityServer` modules with corresponding `OpenIddict` modules. eg `AbpIdentityServerDomainModule` to `AbpOpenIddictDomainModule`. -3. Rename the `ConfigureIdentityServer` to `ConfigureOpenIddict` in your `ProjectNameDbContext` class. -4. Remove the `UseIdentityServer` and add `UseAbpOpenIddictValidation` after `UseAuthentication`. -5. Add follow code to your startup module. +* Replace all `Volo's` `IdentityServer.*` packages with corresponding `OpenIddict.*` packages. eg `Volo.Abp.IdentityServer.Domain` to `Volo.Abp.OpenIddict.Domain`, `Volo.Abp.Account.Web.IdentityServer` to `Volo.Abp.Account.Web.OpenIddict`. +* Replace all `IdentityServer` modules with corresponding `OpenIddict` modules. eg `AbpIdentityServerDomainModule` to `AbpOpenIddictDomainModule`, `AbpAccountWebIdentityServerModule` to `AbpAccountWebOpenIddictModule`. +* Rename the `ConfigureIdentityServer` to `ConfigureOpenIddict` in your `ProjectNameDbContext` class. +* Remove the `UseIdentityServer` and add `UseAbpOpenIddictValidation` after `UseAuthentication`. +* Add follow code to your startup module. ```cs public override void PreConfigureServices(ServiceConfigurationContext context) { @@ -19,19 +19,23 @@ public override void PreConfigureServices(ServiceConfigurationContext context) }); } ``` -6. If your project is not separate AuthServer please also add `ForwardIdentityAuthenticationForBearer` +* If your project is not separate AuthServer please also add `ForwardIdentityAuthenticationForBearer` ```cs private void ConfigureAuthentication(ServiceConfigurationContext context) { context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); } ``` -7. Try compiling the project in the IDE and following the errors to remove and reference the code and namespaces. -8. Create a new version of the project, then copy `MyProjectName.Domain\OpenIddict\OpenIddictDataSeedContributor.cs` into your project, and update your `\appsettings.json` base on `MyProjectName.DbMigrator\appsettings.json` -9. Add migrations and update the database if you are using EF Core as the database provider. - -If in doubt with the above steps, create a new project to compare the code, or refer to the test project in the module +* Update all `Volo.Abp.*` packages to 6.x. +* Remove the `IdentityServerDataSeedContributor` from the `Domain` project. +* Create a new version of the project, then copy `MyProjectName.Domain\OpenIddict\OpenIddictDataSeedContributor.cs` into your project, and update your `\appsettings.json` base on `MyProjectName.DbMigrator\appsettings.json`, Be careful to change the port number. +* Copy the `Index.cshtml.cs` and `Index.cs` of new project to your project if you're using `IClientRepository` in `IndexModel`. +* Update the scope name from `role` to `roles` in `AddAbpOpenIdConnect` method. +* Remove `options.OAuthClientSecret(configuration["AuthServer:SwaggerClientSecret"]);` from `HttpApi.Host` project. +* Try compiling the project in the IDE and following the errors to remove and reference the code and namespaces. +* Add migrations and update the database if you are using EF Core as the database provider. +There is a sample that [migrate Identity Server to OpenIddct](https://github.com/abpframework/abp-samples/commit/c6b28246021935566ab2b58e539a1b9602ee5341) for tiered and separate auth server project. [OpenIddict module document](https://docs.abp.io/en/abp/6.0/Modules/OpenIddict) From e0f3c51caa618d651edaa594d6333c87c7452e99 Mon Sep 17 00:00:00 2001 From: maliming Date: Wed, 27 Jul 2022 15:31:06 +0800 Subject: [PATCH 3/5] Update IdentityServer_To_OpenIddict.md --- .../IdentityServer_To_OpenIddict.md | 38 ++++++++++++++++--- 1 file changed, 33 insertions(+), 5 deletions(-) diff --git a/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md b/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md index a4a076ed14..3453674738 100644 --- a/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md +++ b/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md @@ -1,5 +1,8 @@ # Migration Identity Server to OpenIddict Guides +## Steps + +* Create a new version of the project, with the same name as your existing project. * Replace all `Volo's` `IdentityServer.*` packages with corresponding `OpenIddict.*` packages. eg `Volo.Abp.IdentityServer.Domain` to `Volo.Abp.OpenIddict.Domain`, `Volo.Abp.Account.Web.IdentityServer` to `Volo.Abp.Account.Web.OpenIddict`. * Replace all `IdentityServer` modules with corresponding `OpenIddict` modules. eg `AbpIdentityServerDomainModule` to `AbpOpenIddictDomainModule`, `AbpAccountWebIdentityServerModule` to `AbpAccountWebOpenIddictModule`. * Rename the `ConfigureIdentityServer` to `ConfigureOpenIddict` in your `ProjectNameDbContext` class. @@ -12,7 +15,7 @@ public override void PreConfigureServices(ServiceConfigurationContext context) { builder.AddValidation(options => { - options.AddAudiences("MyProjectName"); + options.AddAudiences("ProjectName"); // Change ProjectName to your project name. options.UseLocalServer(); options.UseAspNetCore(); }); @@ -26,17 +29,42 @@ private void ConfigureAuthentication(ServiceConfigurationContext context) context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); } ``` -* Update all `Volo.Abp.*` packages to 6.x. +* Update all `Volo's` packages to `6.x`. * Remove the `IdentityServerDataSeedContributor` from the `Domain` project. -* Create a new version of the project, then copy `MyProjectName.Domain\OpenIddict\OpenIddictDataSeedContributor.cs` into your project, and update your `\appsettings.json` base on `MyProjectName.DbMigrator\appsettings.json`, Be careful to change the port number. +* Copy the `ProjectName.Domain\OpenIddict\OpenIddictDataSeedContributor.cs` of new project into your project and update `appsettings.json` base on `ProjectName.DbMigrator\appsettings.json`, Be careful to change the port number. * Copy the `Index.cshtml.cs` and `Index.cs` of new project to your project if you're using `IClientRepository` in `IndexModel`. * Update the scope name from `role` to `roles` in `AddAbpOpenIdConnect` method. * Remove `options.OAuthClientSecret(configuration["AuthServer:SwaggerClientSecret"]);` from `HttpApi.Host` project. +* AuthServer no longer requires `JWT bearer authentication`. Please remove it. eg `AddJwtBearer` and `UseJwtTokenMiddleware`. * Try compiling the project in the IDE and following the errors to remove and reference the code and namespaces. * Add migrations and update the database if you are using EF Core as the database provider. -There is a sample that [migrate Identity Server to OpenIddct](https://github.com/abpframework/abp-samples/commit/c6b28246021935566ab2b58e539a1b9602ee5341) for tiered and separate auth server project. +## Module packages +### Open source side +* Volo.Abp.OpenIddict.Domain (`AbpOpenIddictDomainModule`) +* Volo.Abp.OpenIddict.Domain.Shared (`AbpOpenIddictDomainSharedModule`) +* Volo.Abp.OpenIddict.EntityFrameworkCore (`AbpOpenIddictEntityFrameworkCoreModule`) +* Volo.Abp.OpenIddict.AspNetCore (`AbpOpenIddictAspNetCoreModule`) +* Volo.Abp.OpenIddict.MongoDB (`AbpOpenIddictMongoDbModule`) +* Volo.Abp.Account.Web.OpenIddict (`AbpAccountWebOpenIddictModule`) +* Volo.Abp.PermissionManagement.Domain.OpenIddict (`AbpPermissionManagementDomainOpenIddictModule`) + +### Commercial side +* Volo.Abp.OpenIddict.Pro.Application.Contracts (`AbpOpenIddictProApplicationContractsModule`) +* Volo.Abp.OpenIddict.Pro.Application (`AbpOpenIddictProApplicationModule`) +* Volo.Abp.OpenIddict.Pro.HttpApi.Client (`AbpOpenIddictProHttpApiClientModule`) +* Volo.Abp.OpenIddict.Pro.HttpApi (`AbpOpenIddictProHttpApiModule`) +* Volo.Abp.OpenIddict.Pro.Blazor(`AbpOpenIddictProBlazorModule`) +* Volo.Abp.OpenIddict.Pro.Blazor.Server (`AbpOpenIddictProBlazorServerModule`) +* Volo.Abp.OpenIddict.Pro.Blazor.WebAssembly (`AbpOpenIddictProBlazorWebAssemblyModule`) +* Volo.Abp.OpenIddict.Pro.Web (`AbpOpenIddictProWebModule`) + +## Source code of samples and module + +[Open source tiered & separate auth server application migrate Identity Server to OpenIddct](https://github.com/abpframework/abp-samples/tree/master/Ids2OpenId) + +[Commercial tiered & separate auth server application migrate Identity Server to OpenIddct](https://abp.io/Account/Login?returnUrl=/api/download/samples/Ids2OpenId) [OpenIddict module document](https://docs.abp.io/en/abp/6.0/Modules/OpenIddict) -[OpenIddict module source code](https://github.com/abpframework/abp/tree/rel-6.0/modules/openiddict) \ No newline at end of file +[OpenIddict module source code](https://github.com/abpframework/abp/tree/rel-6.0/modules/openiddict) From 15d39edfa7aa5bb51c14bb6be13235988891c9c7 Mon Sep 17 00:00:00 2001 From: liangshiwei Date: Wed, 27 Jul 2022 17:01:35 +0800 Subject: [PATCH 4/5] Update IdentityServer_To_OpenIddict.md --- docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md b/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md index 3453674738..b4d03a7b34 100644 --- a/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md +++ b/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md @@ -1,8 +1,12 @@ # Migration Identity Server to OpenIddict Guides +The guide explains how to migration Identity Server to OpenIddict Guides. + +> From ABP Version `6.0`, the startup template uses openiddict as the auth server by default, If you're using a version `6.x` startup template, then you don't need to migrate. + ## Steps -* Create a new version of the project, with the same name as your existing project. +* Update all `Volo's` packages to `6.x`. * Replace all `Volo's` `IdentityServer.*` packages with corresponding `OpenIddict.*` packages. eg `Volo.Abp.IdentityServer.Domain` to `Volo.Abp.OpenIddict.Domain`, `Volo.Abp.Account.Web.IdentityServer` to `Volo.Abp.Account.Web.OpenIddict`. * Replace all `IdentityServer` modules with corresponding `OpenIddict` modules. eg `AbpIdentityServerDomainModule` to `AbpOpenIddictDomainModule`, `AbpAccountWebIdentityServerModule` to `AbpAccountWebOpenIddictModule`. * Rename the `ConfigureIdentityServer` to `ConfigureOpenIddict` in your `ProjectNameDbContext` class. @@ -29,8 +33,8 @@ private void ConfigureAuthentication(ServiceConfigurationContext context) context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); } ``` -* Update all `Volo's` packages to `6.x`. * Remove the `IdentityServerDataSeedContributor` from the `Domain` project. +* Create a new version of the project, with the same name as your existing project. * Copy the `ProjectName.Domain\OpenIddict\OpenIddictDataSeedContributor.cs` of new project into your project and update `appsettings.json` base on `ProjectName.DbMigrator\appsettings.json`, Be careful to change the port number. * Copy the `Index.cshtml.cs` and `Index.cs` of new project to your project if you're using `IClientRepository` in `IndexModel`. * Update the scope name from `role` to `roles` in `AddAbpOpenIdConnect` method. From 99f201b3e84679db07d710f988b52a7bc2141d64 Mon Sep 17 00:00:00 2001 From: maliming Date: Wed, 27 Jul 2022 17:11:22 +0800 Subject: [PATCH 5/5] Update IdentityServer_To_OpenIddict.md --- docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md b/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md index b4d03a7b34..f6b70286f4 100644 --- a/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md +++ b/docs/en/Migration-Guides/IdentityServer_To_OpenIddict.md @@ -1,8 +1,10 @@ # Migration Identity Server to OpenIddict Guides -The guide explains how to migration Identity Server to OpenIddict Guides. +The startup template will use `OpenIddict` as the auth server by default since version 6.x. -> From ABP Version `6.0`, the startup template uses openiddict as the auth server by default, If you're using a version `6.x` startup template, then you don't need to migrate. +We are not removing IDS packages and will continue to release new versions of IDS related Nuget/NPM packages. That means you won't have an issue while upgrading to v6.0 (when it is released). We will continue to fix bugs in our packages for a while. ABP 7.0 will be based on .NET 7. If IDS continue to work with .NET 7, we will continue to ship nuget packages for our IDS integration. + +BTW, IDS itself is canceling support for the open source IDS in the end of this year. They are moved to Duende IDS you know. We won't migrate to Duende IDS. ## Steps