public static void ConfigureDocumentServices(LinkedServerConfiguration server, IServiceCollection services)
{
services.AddOpenApiDocument(config =>
{
config.AddSecurity("bearer", Enumerable.Empty <string>(), new OpenApiSecurityScheme
{
Type = OpenApiSecuritySchemeType.OAuth2,
Description = "MindNote Identity",
Flows = new OpenApiOAuthFlows()
{
Password = new OpenApiOAuthFlow()
{
Scopes = new Dictionary <string, string>
{
{ "api", "MindNote API" },
},
AuthorizationUrl = $"{server.Identity}/connect/authorize",
TokenUrl = $"{server.Identity}/connect/token",
},
}
});
config.OperationProcessors.Add(
new AspNetCoreOperationSecurityScopeProcessor("bearer"));
config.PostProcess = document =>
{
document.Info.Version = "v1";
document.Info.Title = "MindNote API";
document.Info.Description = "API for MindNote";
document.Info.TermsOfService = "None";
document.Info.Contact = new NSwag.OpenApiContact
{
Name = "StardustDL",
Email = string.Empty,
Url = ""
};
/*document.Info.License = new NSwag.SwaggerLicense
* {
* Name = "Use under LICX",
* Url = "https://example.com/license"
* };*/
};
});
}
public static void ConfigureIdentityServices(LinkedServerConfiguration server, IConfiguration configuration, IServiceCollection services)
{
services.AddDefaultIdentity <IdentityUser>()
.AddDefaultUI(UIFramework.Bootstrap4)
.AddEntityFrameworkStores <ApplicationDbContext>();
var idServer = services.AddIdentityServer(options =>
{
options.PublicOrigin = server.Identity;
options.UserInteraction = new IdentityServer4.Configuration.UserInteractionOptions
{
LoginUrl = "/Identity/Account/Login",
LogoutUrl = "/Identity/Account/Logout",
ErrorUrl = "/Identity/Account/Error",
};
})
.AddDeveloperSigningCredential();
{
var idSection = configuration.GetSection("identityServer");
{
var obj = idSection.GetSection("IdentityResources").Get <IdentityResource[]>();
idServer.AddInMemoryIdentityResources(obj ?? SampleConfig.GetIdentityResources());
}
{
var obj = idSection.GetSection("ApiResources").Get <ApiResource[]>();
idServer.AddInMemoryApiResources(obj ?? SampleConfig.GetApiResources());
}
{
var obj = idSection.GetSection("Clients").Get <Client[]>();
idServer.AddInMemoryClients(obj ?? SampleConfig.GetClients(server.Host, server.Client));
}
}
idServer.AddAspNetIdentity <IdentityUser>();
}
public static void ConfigureIdentityServices(LinkedServerConfiguration server, IdentityClientConfiguration idClient, IServiceCollection services)
{
services.AddAuthorization();
Helpers.UserHelper.RegisterUrl = $"{server.Identity}/Identity/Account/Register";
Helpers.UserHelper.IdentityManageUrl = $"{server.Identity}/Identity/Account/Manage";
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies", options =>
{
options.Events = new Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents
{
// Auto refresh token when auth cookies
OnValidatePrincipal = async context =>
{
if (context.Properties?.Items[".Token.expires_at"] == null)
{
return;
}
var now = DateTimeOffset.UtcNow;
var tokenExpireTime = DateTime.Parse(context.Properties.Items[".Token.expires_at"]).ToUniversalTime();
var timeElapsed = now.Subtract(context.Properties.IssuedUtc.Value);
var timeRemaining = tokenExpireTime.Subtract(now.DateTime);
if (timeElapsed > timeRemaining)
{
// var oldAccessToken = context.Properties.Items[".Token.access_token"];
var oldRefreshToken = context.Properties.Items[".Token.refresh_token"];
var oldIdToken = context.Properties.Items[".Token.id_token"];
using (HttpClient httpclient = new HttpClient {
BaseAddress = new Uri(server.Identity)
})
{
var tokenClient = new SDK.Identity.TokenClient(httpclient);
var tokens = await tokenClient.RefreshToken(idClient.ClientId, idClient.ClientSecret, oldRefreshToken, oldIdToken);
if (tokens == null)
{
context.RejectPrincipal();
}
else
{
context.Properties.StoreTokens(tokens);
context.ShouldRenew = true;
}
}
}
},
};
})
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = server.Identity;
options.RequireHttpsMetadata = false;
// options.UseTokenLifetime = true;
options.ClientId = idClient.ClientId;
options.ClientSecret = idClient.ClientSecret;
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api");
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("offline_access");
});
}
