|
|
|
@ -1,7 +1,8 @@ |
|
|
|
using Microsoft.Extensions.Configuration; |
|
|
|
using System; |
|
|
|
using System; |
|
|
|
using System.Collections.Generic; |
|
|
|
using System.Threading.Tasks; |
|
|
|
using IdentityServer4.Models; |
|
|
|
using Microsoft.Extensions.Configuration; |
|
|
|
using Volo.Abp.Authorization.Permissions; |
|
|
|
using Volo.Abp.Data; |
|
|
|
using Volo.Abp.DependencyInjection; |
|
|
|
@ -11,12 +12,16 @@ using Volo.Abp.IdentityServer.Clients; |
|
|
|
using Volo.Abp.IdentityServer.IdentityResources; |
|
|
|
using Volo.Abp.PermissionManagement; |
|
|
|
using Volo.Abp.Uow; |
|
|
|
using ApiResource = Volo.Abp.IdentityServer.ApiScopes.ApiResource; |
|
|
|
using ApiScope = Volo.Abp.IdentityServer.ApiScopes.ApiScope; |
|
|
|
using Client = Volo.Abp.IdentityServer.Clients.Client; |
|
|
|
|
|
|
|
namespace MyCompanyName.MyProjectName.IdentityServer |
|
|
|
{ |
|
|
|
public class IdentityServerDataSeedContributor : IDataSeedContributor, ITransientDependency |
|
|
|
{ |
|
|
|
private readonly IApiResourceRepository _apiResourceRepository; |
|
|
|
private readonly IApiScopeRepository _apiScopeRepository; |
|
|
|
private readonly IClientRepository _clientRepository; |
|
|
|
private readonly IIdentityResourceDataSeeder _identityResourceDataSeeder; |
|
|
|
private readonly IGuidGenerator _guidGenerator; |
|
|
|
@ -26,6 +31,7 @@ namespace MyCompanyName.MyProjectName.IdentityServer |
|
|
|
public IdentityServerDataSeedContributor( |
|
|
|
IClientRepository clientRepository, |
|
|
|
IApiResourceRepository apiResourceRepository, |
|
|
|
IApiScopeRepository apiScopeRepository, |
|
|
|
IIdentityResourceDataSeeder identityResourceDataSeeder, |
|
|
|
IGuidGenerator guidGenerator, |
|
|
|
IPermissionDataSeeder permissionDataSeeder, |
|
|
|
@ -33,6 +39,7 @@ namespace MyCompanyName.MyProjectName.IdentityServer |
|
|
|
{ |
|
|
|
_clientRepository = clientRepository; |
|
|
|
_apiResourceRepository = apiResourceRepository; |
|
|
|
_apiScopeRepository = apiScopeRepository; |
|
|
|
_identityResourceDataSeeder = identityResourceDataSeeder; |
|
|
|
_guidGenerator = guidGenerator; |
|
|
|
_permissionDataSeeder = permissionDataSeeder; |
|
|
|
@ -44,6 +51,7 @@ namespace MyCompanyName.MyProjectName.IdentityServer |
|
|
|
{ |
|
|
|
await _identityResourceDataSeeder.CreateStandardResourcesAsync(); |
|
|
|
await CreateApiResourcesAsync(); |
|
|
|
await CreateApiScopeAsync(); |
|
|
|
await CreateClientsAsync(); |
|
|
|
} |
|
|
|
|
|
|
|
@ -88,10 +96,17 @@ namespace MyCompanyName.MyProjectName.IdentityServer |
|
|
|
return await _apiResourceRepository.UpdateAsync(apiResource); |
|
|
|
} |
|
|
|
|
|
|
|
private async Task CreateClientsAsync() |
|
|
|
private async Task CreateApiScopeAsync() |
|
|
|
{ |
|
|
|
const string commonSecret = "E5Xd4yMqjP5kjWFKrYgySBju6JVfCzMyFp7n2QmMrME="; |
|
|
|
var apiScope = await _apiScopeRepository.GetByNameAsync("MyProjectName"); |
|
|
|
if (apiScope == null) |
|
|
|
{ |
|
|
|
await _apiScopeRepository.InsertAsync(new ApiScope(_guidGenerator.Create(), "MyProjectName", "MyProjectName API"), autoSave: true); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
private async Task CreateClientsAsync() |
|
|
|
{ |
|
|
|
var commonScopes = new[] |
|
|
|
{ |
|
|
|
"email", |
|
|
|
@ -100,6 +115,7 @@ namespace MyCompanyName.MyProjectName.IdentityServer |
|
|
|
"role", |
|
|
|
"phone", |
|
|
|
"address", |
|
|
|
|
|
|
|
"MyProjectName" |
|
|
|
}; |
|
|
|
|
|
|
|
@ -110,25 +126,30 @@ namespace MyCompanyName.MyProjectName.IdentityServer |
|
|
|
if (!webClientId.IsNullOrWhiteSpace()) |
|
|
|
{ |
|
|
|
var webClientRootUrl = configurationSection["MyProjectName_Web:RootUrl"].EnsureEndsWith('/'); |
|
|
|
|
|
|
|
/* MyProjectName_Web client is only needed if you created a tiered |
|
|
|
* solution. Otherwise, you can delete this client. */ |
|
|
|
|
|
|
|
await CreateClientAsync( |
|
|
|
webClientId, |
|
|
|
commonScopes, |
|
|
|
new[] { "hybrid" }, |
|
|
|
commonSecret, |
|
|
|
name: webClientId, |
|
|
|
scopes: commonScopes, |
|
|
|
grantTypes: new[] {"hybrid"}, |
|
|
|
secret: (configurationSection["MyProjectName_Web:ClientSecret"] ?? "1q2w3e*").Sha256(), |
|
|
|
redirectUri: $"{webClientRootUrl}signin-oidc", |
|
|
|
postLogoutRedirectUri: $"{webClientRootUrl}signout-callback-oidc" |
|
|
|
postLogoutRedirectUri: $"{webClientRootUrl}signout-callback-oidc", |
|
|
|
frontChannelLogoutUri: $"{webClientRootUrl}Account/FrontChannelLogout" |
|
|
|
); |
|
|
|
} |
|
|
|
|
|
|
|
//Console Test Client
|
|
|
|
var consoleClientId = configurationSection["MyProjectName_ConsoleTestApp:ClientId"]; |
|
|
|
var consoleClientId = configurationSection["MyProjectName_App:ClientId"]; |
|
|
|
if (!consoleClientId.IsNullOrWhiteSpace()) |
|
|
|
{ |
|
|
|
await CreateClientAsync( |
|
|
|
consoleClientId, |
|
|
|
commonScopes, |
|
|
|
new[] { "password", "client_credentials" }, |
|
|
|
commonSecret |
|
|
|
name: consoleClientId, |
|
|
|
scopes: commonScopes, |
|
|
|
grantTypes: new[] {"password", "client_credentials"}, |
|
|
|
secret: (configurationSection["MyProjectName_App:ClientSecret"] ?? "1q2w3e*").Sha256() |
|
|
|
); |
|
|
|
} |
|
|
|
} |
|
|
|
@ -140,6 +161,7 @@ namespace MyCompanyName.MyProjectName.IdentityServer |
|
|
|
string secret, |
|
|
|
string redirectUri = null, |
|
|
|
string postLogoutRedirectUri = null, |
|
|
|
string frontChannelLogoutUri = null, |
|
|
|
IEnumerable<string> permissions = null) |
|
|
|
{ |
|
|
|
var client = await _clientRepository.FindByCliendIdAsync(name); |
|
|
|
@ -160,7 +182,9 @@ namespace MyCompanyName.MyProjectName.IdentityServer |
|
|
|
AccessTokenLifetime = 31536000, //365 days
|
|
|
|
AuthorizationCodeLifetime = 300, |
|
|
|
IdentityTokenLifetime = 300, |
|
|
|
RequireConsent = false |
|
|
|
RequireConsent = false, |
|
|
|
RequirePkce = false, |
|
|
|
FrontChannelLogoutUri = frontChannelLogoutUri |
|
|
|
}, |
|
|
|
autoSave: true |
|
|
|
); |
|
|
|
|
maliming
6 years ago