From b2beaa2b0cf3e3ead74a2dffda34e5bedce47aaf Mon Sep 17 00:00:00 2001 From: maliming <6908465+maliming@users.noreply.github.com> Date: Tue, 7 Jul 2020 11:34:07 +0800 Subject: [PATCH] Update IdentityServerDataSeedContributor. --- .../IdentityServerDataSeedContributor.cs | 2 +- .../IdentityServerDataSeedContributor.cs | 54 +++++++++++++------ 2 files changed, 40 insertions(+), 16 deletions(-) diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/IdentityServer/IdentityServerDataSeedContributor.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/IdentityServer/IdentityServerDataSeedContributor.cs index 5190687342..0662482b65 100644 --- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/IdentityServer/IdentityServerDataSeedContributor.cs +++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/IdentityServer/IdentityServerDataSeedContributor.cs @@ -182,7 +182,7 @@ namespace MyCompanyName.MyProjectName.IdentityServer AccessTokenLifetime = 31536000, //365 days AuthorizationCodeLifetime = 300, IdentityTokenLifetime = 300, - RequireConsent = true, + RequireConsent = false, RequirePkce = false, FrontChannelLogoutUri = frontChannelLogoutUri }, diff --git a/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.IdentityServer/IdentityServer/IdentityServerDataSeedContributor.cs b/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.IdentityServer/IdentityServer/IdentityServerDataSeedContributor.cs index 5c4da23953..7937265409 100644 --- a/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.IdentityServer/IdentityServer/IdentityServerDataSeedContributor.cs +++ b/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.IdentityServer/IdentityServer/IdentityServerDataSeedContributor.cs @@ -1,7 +1,8 @@ -using Microsoft.Extensions.Configuration; -using System; +using System; using System.Collections.Generic; using System.Threading.Tasks; +using IdentityServer4.Models; +using Microsoft.Extensions.Configuration; using Volo.Abp.Authorization.Permissions; using Volo.Abp.Data; using Volo.Abp.DependencyInjection; @@ -11,12 +12,16 @@ using Volo.Abp.IdentityServer.Clients; using Volo.Abp.IdentityServer.IdentityResources; using Volo.Abp.PermissionManagement; using Volo.Abp.Uow; +using ApiResource = Volo.Abp.IdentityServer.ApiScopes.ApiResource; +using ApiScope = Volo.Abp.IdentityServer.ApiScopes.ApiScope; +using Client = Volo.Abp.IdentityServer.Clients.Client; namespace MyCompanyName.MyProjectName.IdentityServer { public class IdentityServerDataSeedContributor : IDataSeedContributor, ITransientDependency { private readonly IApiResourceRepository _apiResourceRepository; + private readonly IApiScopeRepository _apiScopeRepository; private readonly IClientRepository _clientRepository; private readonly IIdentityResourceDataSeeder _identityResourceDataSeeder; private readonly IGuidGenerator _guidGenerator; @@ -26,6 +31,7 @@ namespace MyCompanyName.MyProjectName.IdentityServer public IdentityServerDataSeedContributor( IClientRepository clientRepository, IApiResourceRepository apiResourceRepository, + IApiScopeRepository apiScopeRepository, IIdentityResourceDataSeeder identityResourceDataSeeder, IGuidGenerator guidGenerator, IPermissionDataSeeder permissionDataSeeder, @@ -33,6 +39,7 @@ namespace MyCompanyName.MyProjectName.IdentityServer { _clientRepository = clientRepository; _apiResourceRepository = apiResourceRepository; + _apiScopeRepository = apiScopeRepository; _identityResourceDataSeeder = identityResourceDataSeeder; _guidGenerator = guidGenerator; _permissionDataSeeder = permissionDataSeeder; @@ -44,6 +51,7 @@ namespace MyCompanyName.MyProjectName.IdentityServer { await _identityResourceDataSeeder.CreateStandardResourcesAsync(); await CreateApiResourcesAsync(); + await CreateApiScopeAsync(); await CreateClientsAsync(); } @@ -88,10 +96,17 @@ namespace MyCompanyName.MyProjectName.IdentityServer return await _apiResourceRepository.UpdateAsync(apiResource); } - private async Task CreateClientsAsync() + private async Task CreateApiScopeAsync() { - const string commonSecret = "E5Xd4yMqjP5kjWFKrYgySBju6JVfCzMyFp7n2QmMrME="; + var apiScope = await _apiScopeRepository.GetByNameAsync("MyProjectName"); + if (apiScope == null) + { + await _apiScopeRepository.InsertAsync(new ApiScope(_guidGenerator.Create(), "MyProjectName", "MyProjectName API"), autoSave: true); + } + } + private async Task CreateClientsAsync() + { var commonScopes = new[] { "email", @@ -100,6 +115,7 @@ namespace MyCompanyName.MyProjectName.IdentityServer "role", "phone", "address", + "MyProjectName" }; @@ -110,25 +126,30 @@ namespace MyCompanyName.MyProjectName.IdentityServer if (!webClientId.IsNullOrWhiteSpace()) { var webClientRootUrl = configurationSection["MyProjectName_Web:RootUrl"].EnsureEndsWith('/'); + + /* MyProjectName_Web client is only needed if you created a tiered + * solution. Otherwise, you can delete this client. */ + await CreateClientAsync( - webClientId, - commonScopes, - new[] { "hybrid" }, - commonSecret, + name: webClientId, + scopes: commonScopes, + grantTypes: new[] {"hybrid"}, + secret: (configurationSection["MyProjectName_Web:ClientSecret"] ?? "1q2w3e*").Sha256(), redirectUri: $"{webClientRootUrl}signin-oidc", - postLogoutRedirectUri: $"{webClientRootUrl}signout-callback-oidc" + postLogoutRedirectUri: $"{webClientRootUrl}signout-callback-oidc", + frontChannelLogoutUri: $"{webClientRootUrl}Account/FrontChannelLogout" ); } //Console Test Client - var consoleClientId = configurationSection["MyProjectName_ConsoleTestApp:ClientId"]; + var consoleClientId = configurationSection["MyProjectName_App:ClientId"]; if (!consoleClientId.IsNullOrWhiteSpace()) { await CreateClientAsync( - consoleClientId, - commonScopes, - new[] { "password", "client_credentials" }, - commonSecret + name: consoleClientId, + scopes: commonScopes, + grantTypes: new[] {"password", "client_credentials"}, + secret: (configurationSection["MyProjectName_App:ClientSecret"] ?? "1q2w3e*").Sha256() ); } } @@ -140,6 +161,7 @@ namespace MyCompanyName.MyProjectName.IdentityServer string secret, string redirectUri = null, string postLogoutRedirectUri = null, + string frontChannelLogoutUri = null, IEnumerable permissions = null) { var client = await _clientRepository.FindByCliendIdAsync(name); @@ -160,7 +182,9 @@ namespace MyCompanyName.MyProjectName.IdentityServer AccessTokenLifetime = 31536000, //365 days AuthorizationCodeLifetime = 300, IdentityTokenLifetime = 300, - RequireConsent = false + RequireConsent = false, + RequirePkce = false, + FrontChannelLogoutUri = frontChannelLogoutUri }, autoSave: true );