Moved `OpenIddict.Server.AspNetCore` to `Volo.Abp.OpenIddict.AspNetCore`.

4 years ago · 95f8066fb8
19 changed files with 178 additions and 135 deletions
--- a/docs/en/Modules/OpenIddict.md
+++ b/docs/en/Modules/OpenIddict.md
@ -81,7 +81,7 @@ PreConfigure<OpenIddictServerBuilder>(builder =>
 });
 ```

-#### AbpOpenIddictOptions
+#### AbpOpenIddictAspNetCoreOptions

 `UpdateAbpClaimTypes(default: true)`:  Updates AbpClaimTypes to be compatible with identity server claims.
 `AddDevelopmentEncryptionAndSigningCertificate(default: true)`:  Registers (and generates if necessary) a user-specific development encryption/development signing certificate.
--- a/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Pages/Index.cshtml
+++ b/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Pages/Index.cshtml
@ -1,14 +1,13 @@
@page
@using Microsoft.AspNetCore.Authentication
+@using System.Net.Http.Headers
+@using System.Text.Json
@model IndexModel
@{
    ViewData["Title"] = "Home page";
 }

 <div class="text-center">
-    <h1 class="display-4">Welcome</h1>
-    <p>Learn about <a href="https://docs.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
-
    <a class="btn btn-primary" href="/Login">Login</a>
    <a class="btn btn-warning" href="/Logout">Loout</a>

@ -25,5 +24,22 @@
            <br/>
            @await HttpContext.GetTokenAsync("access_token")
        </p>
+
+        var client = new HttpClient();
+        var request = new HttpRequestMessage(HttpMethod.Get, "https://localhost:44303/api/claims");
+        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", await HttpContext.GetTokenAsync("access_token"));
+
+        var response = await client.SendAsync(request);
+        response.EnsureSuccessStatusCode();
+
+        <code style="display: block; white-space: pre-wrap; text-align: left">
+            @{
+                var apiResponse = JsonSerializer.Serialize(JsonDocument.Parse(await response.Content.ReadAsStringAsync()), new JsonSerializerOptions
+                {
+                    WriteIndented = true
+                });
+            }
+            @apiResponse;
+        </code>
    }
 </div>
--- a/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Program.cs
+++ b/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Program.cs
@ -35,6 +35,8 @@ builder.Services.AddAuthentication(options =>

        options.Scope.Add("email");
        options.Scope.Add("roles");
+        options.Scope.Add("phone");
+        options.Scope.Add("AbpAPI");
    });

 var app = builder.Build();
--- a/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddict.Demo.Server.csproj
+++ b/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddict.Demo.Server.csproj
@ -67,7 +67,7 @@
    <ItemGroup>
        <PackageReference Include="OpenIddict.Validation.AspNetCore" Version="3.1.1" />
        <PackageReference Include="OpenIddict.Validation.ServerIntegration" Version="3.1.1" />
-
+        <PackageReference Include="DistributedLock.Redis" Version="1.0.1" />
        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.3" />
        <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.0">
            <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
--- a/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddictServerModule.cs
+++ b/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddictServerModule.cs
@ -1,9 +1,12 @@
 using System.Text;
 using JetBrains.Annotations;
+using Medallion.Threading;
+using Medallion.Threading.Redis;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.IdentityModel.Tokens;
 using OpenIddict.Demo.Server.EntityFrameworkCore;
 using OpenIddict.Validation.AspNetCore;
+using StackExchange.Redis;
 using Volo.Abp;
 using Volo.Abp.Account;
 using Volo.Abp.Account.Web;
@ -109,16 +112,13 @@ public class OpenIddictServerModule : AbpModule

    public override void ConfigureServices(ServiceConfigurationContext context)
    {
-        // This is work for the OpenIddictServerBuilder.AddValidation()
-        context.Services.ConfigureApplicationCookie(options =>
+        context.Services.AddSingleton<IDistributedLockProvider>(sp =>
        {
-            options.ForwardDefaultSelector = ctx => ctx.Request.Path.StartsWithSegments("/api")
-                ? OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme
-                : null;
+            var connection = ConnectionMultiplexer.Connect("127.0.0.1");
+            return new RedisDistributedSynchronizationProvider(connection.GetDatabase());
        });

-
-        Configure<AbpOpenIddictOptions>(options =>
+        Configure<AbpOpenIddictAspNetCoreOptions>(options =>
        {
            options.AddDevelopmentEncryptionAndSigningCertificate = false;
        });
--- a/modules/openiddict/app/OpenIddict.Demo.Server/Program.cs
+++ b/modules/openiddict/app/OpenIddict.Demo.Server/Program.cs
@ -1,9 +1,6 @@
-using System.Text;
-using Microsoft.IdentityModel.Tokens;
 using OpenIddict.Demo.Server;
 using Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared;
 using Volo.Abp.Localization;
-using Volo.Abp.OpenIddict.Jwt;

 var builder = WebApplication.CreateBuilder(args);
 builder.Services.AddCors(options =>
@ -44,6 +41,13 @@ builder.Services.Configure<AbpLocalizationOptions>(options =>
 //         options.TokenValidationParameters.TokenDecryptionKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80"));
 //     });

+// builder.Services.ConfigureApplicationCookie(options =>
+// {
+//     options.ForwardDefaultSelector = ctx => ctx.Request.Path.StartsWithSegments("/api")
+//         ? OtherScheme
+//         : null;
+// });
+
 await builder.AddApplicationAsync<OpenIddictServerModule>();

 var app = builder.Build();
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs
@ -1,8 +1,12 @@
 using Microsoft.AspNetCore.Mvc.Razor;
 using Microsoft.Extensions.DependencyInjection;
+using OpenIddict.Abstractions;
+using OpenIddict.Server;
 using Volo.Abp.AspNetCore.MultiTenancy;
 using Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared;
 using Volo.Abp.Modularity;
+using Volo.Abp.OpenIddict.WildcardDomains;
+using Volo.Abp.Security.Claims;

 namespace Volo.Abp.OpenIddict;

@ -13,22 +17,10 @@ namespace Volo.Abp.OpenIddict;
 )]
 public class AbpOpenIddictAspNetCoreModule : AbpModule
 {
-    public override void PreConfigureServices(ServiceConfigurationContext context)
-    {
-        PreConfigure<OpenIddictServerBuilder>(builder =>
-        {
-            builder.UseAspNetCore()
-                .EnableAuthorizationEndpointPassthrough()
-                .EnableTokenEndpointPassthrough()
-                .EnableUserinfoEndpointPassthrough()
-                .EnableLogoutEndpointPassthrough()
-                .EnableVerificationEndpointPassthrough()
-                .EnableStatusCodePagesIntegration();
-        });
-    }
-
    public override void ConfigureServices(ServiceConfigurationContext context)
    {
+        AddOpenIddictServer(context.Services);
+
        Configure<AbpOpenIddictClaimDestinationsOptions>(options =>
        {
            options.ClaimDestinationsProvider.Add<AbpDefaultOpenIddictClaimDestinationsProvider>();
@ -39,4 +31,104 @@ public class AbpOpenIddictAspNetCoreModule : AbpModule
            options.ViewLocationFormats.Add("/Volo/Abp/OpenIddict/Views/{1}/{0}.cshtml");
        });
    }
+
+    private void AddOpenIddictServer(IServiceCollection services)
+    {
+        var builderOptions = services.ExecutePreConfiguredActions<AbpOpenIddictAspNetCoreOptions>();
+
+        if (builderOptions.UpdateAbpClaimTypes)
+        {
+            AbpClaimTypes.UserId = OpenIddictConstants.Claims.Subject;
+            AbpClaimTypes.Role = OpenIddictConstants.Claims.Role;
+            AbpClaimTypes.UserName = OpenIddictConstants.Claims.Name;
+            AbpClaimTypes.Name = OpenIddictConstants.Claims.GivenName;
+            AbpClaimTypes.SurName = OpenIddictConstants.Claims.FamilyName;
+            AbpClaimTypes.PhoneNumber = OpenIddictConstants.Claims.PhoneNumber;
+            AbpClaimTypes.PhoneNumberVerified = OpenIddictConstants.Claims.PhoneNumberVerified;
+            AbpClaimTypes.Email = OpenIddictConstants.Claims.Email;
+            AbpClaimTypes.EmailVerified = OpenIddictConstants.Claims.EmailVerified;
+        }
+
+        var openIddictBuilder = services.AddOpenIddict()
+            .AddServer(builder =>
+            {
+                builder
+                    .SetAuthorizationEndpointUris("/connect/authorize")
+                    // /.well-known/oauth-authorization-server
+                    // /.well-known/openid-configuration
+                    //.SetConfigurationEndpointUris()
+                    // /.well-known/jwks
+                    //.SetCryptographyEndpointUris()
+                    .SetDeviceEndpointUris("/connect/device")
+                    .SetIntrospectionEndpointUris("/connect/introspect")
+                    .SetLogoutEndpointUris("/connect/logout")
+                    .SetRevocationEndpointUris("/connect/revocat")
+                    .SetTokenEndpointUris("/connect/token")
+                    .SetUserinfoEndpointUris("/connect/userinfo")
+                    .SetVerificationEndpointUris("/connect/verify");
+
+                builder
+                    .AllowAuthorizationCodeFlow()
+                    .AllowHybridFlow()
+                    .AllowImplicitFlow()
+                    .AllowPasswordFlow()
+                    .AllowClientCredentialsFlow()
+                    .AllowRefreshTokenFlow()
+                    .AllowDeviceCodeFlow()
+                    .AllowNoneFlow();
+
+                builder.RegisterScopes(new[]
+                {
+                    OpenIddictConstants.Scopes.OpenId,
+                    OpenIddictConstants.Scopes.Email,
+                    OpenIddictConstants.Scopes.Profile,
+                    OpenIddictConstants.Scopes.Phone,
+                    OpenIddictConstants.Scopes.Roles,
+                    OpenIddictConstants.Scopes.Address,
+                    OpenIddictConstants.Scopes.OfflineAccess
+                });
+
+                builder.UseAspNetCore()
+                    .EnableAuthorizationEndpointPassthrough()
+                    .EnableTokenEndpointPassthrough()
+                    .EnableUserinfoEndpointPassthrough()
+                    .EnableLogoutEndpointPassthrough()
+                    .EnableVerificationEndpointPassthrough()
+                    .EnableStatusCodePagesIntegration();
+
+                if (builderOptions.AddDevelopmentEncryptionAndSigningCertificate)
+                {
+                    builder
+                        .AddDevelopmentEncryptionCertificate()
+                        .AddDevelopmentSigningCertificate();
+                }
+
+                var wildcardDomainsOptions = services.ExecutePreConfiguredActions<AbpOpenIddictWildcardDomainOptions>();
+                if (wildcardDomainsOptions.EnableWildcardDomainSupport)
+                {
+                    var preActions = services.GetPreConfigureActions<AbpOpenIddictWildcardDomainOptions>();
+
+                    Configure<AbpOpenIddictWildcardDomainOptions>(options =>
+                    {
+                        preActions.Configure(options);
+                    });
+
+                    builder.RemoveEventHandler(OpenIddictServerHandlers.Authentication.ValidateClientRedirectUri.Descriptor);
+                    builder.AddEventHandler(AbpValidateClientRedirectUri.Descriptor);
+
+                    builder.RemoveEventHandler(OpenIddictServerHandlers.Authentication.ValidateRedirectUriParameter.Descriptor);
+                    builder.AddEventHandler(AbpValidateRedirectUriParameter.Descriptor);
+
+                    builder.RemoveEventHandler(OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri.Descriptor);
+                    builder.AddEventHandler(AbpValidateClientPostLogoutRedirectUri.Descriptor);
+
+                    builder.RemoveEventHandler(OpenIddictServerHandlers.Session.ValidatePostLogoutRedirectUriParameter.Descriptor);
+                    builder.AddEventHandler(AbpValidatePostLogoutRedirectUriParameter.Descriptor);
+                }
+
+                services.ExecutePreConfiguredActions(builder);
+            });
+
+        services.ExecutePreConfiguredActions(openIddictBuilder);
+    }
 }
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictOptions.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictOptions.cs
@ -2,7 +2,7 @@

 namespace Volo.Abp.OpenIddict;

-public class AbpOpenIddictOptions
+public class AbpOpenIddictAspNetCoreOptions
 {
    /// <summary>
    /// Updates <see cref="AbpClaimTypes"/> to be compatible with OpenIddict claims.
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpOpenIddictWildcardDomainBase.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpOpenIddictWildcardDomainBase.cs
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpOpenIddictWildcardDomainOptions.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpOpenIddictWildcardDomainOptions.cs
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientPostLogoutRedirectUri.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientPostLogoutRedirectUri.cs
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientRedirectUri.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientRedirectUri.cs
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidatePostLogoutRedirectUriParameter.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidatePostLogoutRedirectUriParameter.cs
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateRedirectUriParameter.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateRedirectUriParameter.cs
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo.Abp.OpenIddict.Domain.Shared.csproj
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo.Abp.OpenIddict.Domain.Shared.csproj
@ -11,10 +11,10 @@

  <ItemGroup>
    <ProjectReference Include="..\..\..\..\framework\src\Volo.Abp.Validation\Volo.Abp.Validation.csproj" />
-    <ProjectReference Include="..\..\..\..\framework\src\Volo.Abp.UI\Volo.Abp.UI.csproj" />
  </ItemGroup>

  <ItemGroup>
+    <PackageReference Include="OpenIddict.Abstractions" Version="3.1.1" />
    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="6.0.0" />
  </ItemGroup>

--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/AbpOpenIddictDomainSharedModule.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/AbpOpenIddictDomainSharedModule.cs
@ -1,5 +1,4 @@
-using Localization.Resources.AbpUi;
-using Volo.Abp.Modularity;
+using Volo.Abp.Modularity;
 using Volo.Abp.Localization;
 using Volo.Abp.OpenIddict.Localization;
 using Volo.Abp.Localization.ExceptionHandling;
@ -25,7 +24,7 @@ public class AbpOpenIddictDomainSharedModule : AbpModule
        {
            options.Resources
                .Add<AbpOpenIddictResource>("en")
-                .AddBaseTypes(typeof(AbpValidationResource), typeof(AbpUiResource))
+                .AddBaseTypes(typeof(AbpValidationResource))
                .AddVirtualJson("Volo/Abp/OpenIddict/Localization/OpenIddict");
        });

--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo.Abp.OpenIddict.Domain.csproj
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo.Abp.OpenIddict.Domain.csproj
@ -11,13 +11,13 @@
  <ItemGroup>
    <ProjectReference Include="..\..\..\..\framework\src\Volo.Abp.Ddd.Domain\Volo.Abp.Ddd.Domain.csproj" />
    <ProjectReference Include="..\..\..\..\framework\src\Volo.Abp.Caching\Volo.Abp.Caching.csproj" />
+    <ProjectReference Include="..\..\..\..\framework\src\Volo.Abp.DistributedLocking\Volo.Abp.DistributedLocking.csproj" />
    <ProjectReference Include="..\..\..\..\modules\identity\src\Volo.Abp.Identity.Domain\Volo.Abp.Identity.Domain.csproj" />
    <ProjectReference Include="..\Volo.Abp.OpenIddict.Domain.Shared\Volo.Abp.OpenIddict.Domain.Shared.csproj" />
  </ItemGroup>

  <ItemGroup>
    <PackageReference Include="OpenIddict.Core" Version="3.1.1" />
-    <PackageReference Include="OpenIddict.Server" Version="3.1.1" />
  </ItemGroup>

 </Project>
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/AbpOpenIddictDomainModule.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/AbpOpenIddictDomainModule.cs
@ -1,12 +1,9 @@
-using System.Linq;
-using System.Threading.Tasks;
+using System.Threading.Tasks;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
-using OpenIddict.Abstractions;
-using OpenIddict.Server;
 using Volo.Abp.BackgroundWorkers;
 using Volo.Abp.Caching;
+using Volo.Abp.DistributedLocking;
 using Volo.Abp.Domain;
 using Volo.Abp.Guids;
 using Volo.Abp.Identity;
@ -17,8 +14,6 @@ using Volo.Abp.OpenIddict.Applications;
 using Volo.Abp.OpenIddict.Authorizations;
 using Volo.Abp.OpenIddict.Scopes;
 using Volo.Abp.OpenIddict.Tokens;
-using Volo.Abp.OpenIddict.WildcardDomains;
-using Volo.Abp.Security.Claims;
 using Volo.Abp.Threading;

 namespace Volo.Abp.OpenIddict;
@ -27,16 +22,17 @@ namespace Volo.Abp.OpenIddict;
    typeof(AbpDddDomainModule),
    typeof(AbpIdentityDomainModule),
    typeof(AbpOpenIddictDomainSharedModule),
+    typeof(AbpDistributedLockingModule),
    typeof(AbpCachingModule),
    typeof(AbpGuidsModule)
 )]
 public class AbpOpenIddictDomainModule : AbpModule
 {
-    private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();
+    private readonly static OneTimeRunner OneTimeRunner = new OneTimeRunner();

    public override void ConfigureServices(ServiceConfigurationContext context)
    {
-        AddOpenIddict(context.Services);
+        AddOpenIddictCore(context.Services);
    }

    public override void OnApplicationInitialization(ApplicationInitializationContext context)
@ -55,23 +51,8 @@ public class AbpOpenIddictDomainModule : AbpModule
        }
    }

-    private void AddOpenIddict(IServiceCollection services)
+    private void AddOpenIddictCore(IServiceCollection services)
    {
-        var builderOptions = services.ExecutePreConfiguredActions<AbpOpenIddictOptions>();
-
-        if (builderOptions.UpdateAbpClaimTypes)
-        {
-            AbpClaimTypes.UserId = OpenIddictConstants.Claims.Subject;
-            AbpClaimTypes.Role = OpenIddictConstants.Claims.Role;
-            AbpClaimTypes.UserName = OpenIddictConstants.Claims.Name;
-            AbpClaimTypes.Name = OpenIddictConstants.Claims.GivenName;
-            AbpClaimTypes.SurName = OpenIddictConstants.Claims.FamilyName;
-            AbpClaimTypes.PhoneNumber = OpenIddictConstants.Claims.PhoneNumber;
-            AbpClaimTypes.PhoneNumberVerified = OpenIddictConstants.Claims.PhoneNumberVerified;
-            AbpClaimTypes.Email = OpenIddictConstants.Claims.Email;
-            AbpClaimTypes.EmailVerified = OpenIddictConstants.Claims.EmailVerified;
-        }
-
        var openIddictBuilder = services.AddOpenIddict()
            .AddCore(builder =>
            {
@ -87,76 +68,6 @@ public class AbpOpenIddictDomainModule : AbpModule
                    .AddScopeStore<AbpOpenIddictScopeStore>()
                    .AddTokenStore<AbpOpenIddictTokenStore>();

-                services.ExecutePreConfiguredActions(builder);
-            })
-            .AddServer(builder =>
-            {
-                builder
-                    .SetAuthorizationEndpointUris("/connect/authorize")
-                    // /.well-known/oauth-authorization-server
-                    // /.well-known/openid-configuration
-                    //.SetConfigurationEndpointUris()
-                    // /.well-known/jwks
-                    //.SetCryptographyEndpointUris()
-                    .SetDeviceEndpointUris("/connect/device")
-                    .SetIntrospectionEndpointUris("/connect/introspect")
-                    .SetLogoutEndpointUris("/connect/logout")
-                    .SetRevocationEndpointUris("/connect/revocat")
-                    .SetTokenEndpointUris("/connect/token")
-                    .SetUserinfoEndpointUris("/connect/userinfo")
-                    .SetVerificationEndpointUris("/connect/verify");
-
-                builder
-                    .AllowAuthorizationCodeFlow()
-                    .AllowHybridFlow()
-                    .AllowImplicitFlow()
-                    .AllowPasswordFlow()
-                    .AllowClientCredentialsFlow()
-                    .AllowRefreshTokenFlow()
-                    .AllowDeviceCodeFlow()
-                    .AllowNoneFlow();
-
-                builder.RegisterScopes(new[]
-                {
-                    OpenIddictConstants.Scopes.OpenId,
-                    OpenIddictConstants.Scopes.Email,
-                    OpenIddictConstants.Scopes.Profile,
-                    OpenIddictConstants.Scopes.Phone,
-                    OpenIddictConstants.Scopes.Roles,
-                    OpenIddictConstants.Scopes.Address,
-                    OpenIddictConstants.Scopes.OfflineAccess
-                });
-
-                if (builderOptions.AddDevelopmentEncryptionAndSigningCertificate)
-                {
-                    builder
-                        .AddDevelopmentEncryptionCertificate()
-                        .AddDevelopmentSigningCertificate();
-                }
-
-                var wildcardDomainsOptions = services.ExecutePreConfiguredActions<AbpOpenIddictWildcardDomainOptions>();
-                if (wildcardDomainsOptions.EnableWildcardDomainSupport)
-                {
-                    var preActions = services.GetPreConfigureActions<AbpOpenIddictWildcardDomainOptions>();
-
-                    Configure<AbpOpenIddictWildcardDomainOptions>(options =>
-                    {
-                        preActions.Configure(options);
-                    });
-
-                    builder.RemoveEventHandler(OpenIddictServerHandlers.Authentication.ValidateClientRedirectUri.Descriptor);
-                    builder.AddEventHandler(AbpValidateClientRedirectUri.Descriptor);
-
-                    builder.RemoveEventHandler(OpenIddictServerHandlers.Authentication.ValidateRedirectUriParameter.Descriptor);
-                    builder.AddEventHandler(AbpValidateRedirectUriParameter.Descriptor);
-
-                    builder.RemoveEventHandler(OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri.Descriptor);
-                    builder.AddEventHandler(AbpValidateClientPostLogoutRedirectUri.Descriptor);
-
-                    builder.RemoveEventHandler(OpenIddictServerHandlers.Session.ValidatePostLogoutRedirectUriParameter.Descriptor);
-                    builder.AddEventHandler(AbpValidatePostLogoutRedirectUriParameter.Descriptor);
-                }
-
                services.ExecutePreConfiguredActions(builder);
            });

--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Tokens/TokenCleanupBackgroundWorker.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Tokens/TokenCleanupBackgroundWorker.cs
@ -1,27 +1,46 @@
 using System.Threading.Tasks;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Volo.Abp.BackgroundWorkers;
+using Volo.Abp.DistributedLocking;
 using Volo.Abp.Threading;

 namespace Volo.Abp.OpenIddict.Tokens;

 public class TokenCleanupBackgroundWorker : AsyncPeriodicBackgroundWorkerBase
 {
+    protected IAbpDistributedLock DistributedLock { get; }
+
    public TokenCleanupBackgroundWorker(
        AbpAsyncTimer timer,
        IServiceScopeFactory serviceScopeFactory,
-        IOptionsMonitor<TokenCleanupOptions> cleanupOptions)
+        IOptionsMonitor<TokenCleanupOptions> cleanupOptions,
+        IAbpDistributedLock distributedLock)
        : base(timer, serviceScopeFactory)
    {
+        DistributedLock = distributedLock;
        timer.Period = cleanupOptions.CurrentValue.CleanupPeriod;
    }

    protected async override Task DoWorkAsync(PeriodicBackgroundWorkerContext workerContext)
    {
-        await workerContext
-            .ServiceProvider
-            .GetRequiredService<TokenCleanupService>()
-            .CleanAsync();
+        await using (var handle = await DistributedLock.TryAcquireAsync(nameof(TokenCleanupBackgroundWorker)))
+        {
+            Logger.LogInformation($"Lock is acquired for {nameof(TokenCleanupBackgroundWorker)}");
+
+            if (handle != null)
+            {
+                await workerContext
+                    .ServiceProvider
+                    .GetRequiredService<TokenCleanupService>()
+                    .CleanAsync();
+
+                Logger.LogInformation($"Lock is released for {nameof(TokenCleanupBackgroundWorker)}");
+                return;
+            }
+
+            Logger.LogInformation($"Handle is null because of the locking for : {nameof(TokenCleanupBackgroundWorker)}");
+        }
    }
 }