using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using Microsoft.EntityFrameworkCore; using OpenIddict.Demo.Server.EntityFrameworkCore; using OpenIddict.Demo.Server.ExtensionGrants; using Volo.Abp; using Volo.Abp.Account; using Volo.Abp.Account.Web; using Volo.Abp.AspNetCore.MultiTenancy; using Volo.Abp.AspNetCore.Mvc; using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic; using Volo.Abp.Autofac; using Volo.Abp.Data; using Volo.Abp.EntityFrameworkCore; using Volo.Abp.EntityFrameworkCore.SqlServer; using Volo.Abp.FeatureManagement; using Volo.Abp.FeatureManagement.EntityFrameworkCore; using Volo.Abp.Identity; using Volo.Abp.Identity.EntityFrameworkCore; using Volo.Abp.Identity.Web; using Volo.Abp.Modularity; using Volo.Abp.MultiTenancy; using Volo.Abp.OpenIddict; using Volo.Abp.OpenIddict.EntityFrameworkCore; using Volo.Abp.OpenIddict.ExtensionGrantTypes; using Volo.Abp.OpenIddict.WildcardDomains; using Volo.Abp.PermissionManagement; using Volo.Abp.PermissionManagement.EntityFrameworkCore; using Volo.Abp.PermissionManagement.HttpApi; using Volo.Abp.PermissionManagement.Identity; using Volo.Abp.SettingManagement; using Volo.Abp.SettingManagement.EntityFrameworkCore; using Volo.Abp.SettingManagement.Web; using Volo.Abp.TenantManagement; using Volo.Abp.TenantManagement.EntityFrameworkCore; using Volo.Abp.TenantManagement.Web; namespace OpenIddict.Demo.Server; [DependsOn( typeof(AbpAspNetCoreMvcModule), typeof(AbpAutofacModule), typeof(AbpEntityFrameworkCoreSqlServerModule), typeof(AbpAspNetCoreMvcUiBasicThemeModule), typeof(AbpAspNetCoreMultiTenancyModule), typeof(AbpOpenIddictAspNetCoreModule), typeof(AbpOpenIddictEntityFrameworkCoreModule), typeof(AbpAccountApplicationModule), typeof(AbpAccountHttpApiModule), typeof(AbpAccountWebOpenIddictModule), typeof(AbpTenantManagementApplicationModule), typeof(AbpTenantManagementHttpApiModule), typeof(AbpTenantManagementEntityFrameworkCoreModule), typeof(AbpTenantManagementWebModule), typeof(AbpPermissionManagementDomainIdentityModule), typeof(AbpIdentityApplicationModule), typeof(AbpIdentityHttpApiModule), typeof(AbpIdentityEntityFrameworkCoreModule), typeof(AbpIdentityWebModule), typeof(AbpPermissionManagementApplicationModule), typeof(AbpPermissionManagementHttpApiModule), typeof(AbpPermissionManagementEntityFrameworkCoreModule), typeof(AbpFeatureManagementApplicationModule), typeof(AbpFeatureManagementEntityFrameworkCoreModule), typeof(AbpFeatureManagementHttpApiModule), typeof(AbpFeatureManagementWebModule), typeof(AbpSettingManagementApplicationModule), typeof(AbpSettingManagementEntityFrameworkCoreModule), typeof(AbpSettingManagementHttpApiModule), typeof(AbpSettingManagementWebModule) )] public class OpenIddictServerModule : AbpModule { public override void PreConfigureServices(ServiceConfigurationContext context) { PreConfigure(options => { //https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html options.AddDevelopmentEncryptionAndSigningCertificate = false; }); PreConfigure(builder => { //https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html using (var algorithm = RSA.Create(keySizeInBits: 2048)) { var subject = new X500DistinguishedName("CN=Fabrikam Encryption Certificate"); var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true)); var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(2)); builder.AddSigningCertificate(certificate); } using (var algorithm = RSA.Create(keySizeInBits: 2048)) { var subject = new X500DistinguishedName("CN=Fabrikam Signing Certificate"); var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment, critical: true)); var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(2)); builder.AddEncryptionCertificate(certificate); } builder.Configure(openIddictServerOptions => { openIddictServerOptions.GrantTypes.Add(MyTokenExtensionGrant.ExtensionGrantName); }); }); PreConfigure(options => { options.EnableWildcardDomainSupport = true; options.WildcardDomainsFormat.Add("https://{0}.abp.io/signin-oidc"); }); PreConfigure(builder => { builder.AddValidation(options => { options.AddAudiences("AbpAPIResource"); options.UseLocalServer(); options.UseAspNetCore(); }); }); } public override void ConfigureServices(ServiceConfigurationContext context) { context.Services.AddAbpDbContext(options => { options.AddDefaultRepositories(includeAllEntities: true); }); Configure(options => { options.UseSqlServer(); }); Configure(options => { options.IsEnabled = true; }); Configure(options => { options.Grants.Add(MyTokenExtensionGrant.ExtensionGrantName, new MyTokenExtensionGrant()); }); } public async override Task OnApplicationInitializationAsync(ApplicationInitializationContext context) { await context.ServiceProvider .GetRequiredService() .SeedAsync(); var tenantManager = context.ServiceProvider.GetRequiredService(); var tenantRepository = context.ServiceProvider.GetRequiredService(); var tenant = await tenantRepository.FindByNameAsync("Default") ?? await tenantRepository.InsertAsync(await tenantManager.CreateAsync("Default")); await context.ServiceProvider.GetRequiredService().SeedAsync(tenant.Id); } }