protected virtual Task AddParametersToRequestAsync(IdentityClientConfiguration configuration, ProtocolRequest request)
{
foreach (var pair in configuration.Where(p => p.Key.StartsWith("[o]", StringComparison.OrdinalIgnoreCase)))
{
request.Parameters.Add(pair);
}
return(Task.CompletedTask);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
var server = LinkedServerConfiguration.Load(Configuration);
var idClient = IdentityClientConfiguration.Load(Configuration);
ConfigureIdentityServices(server, idClient, services);
ConfigureClientServices(server, services);
services.AddScoped <IIdentityDataGetter, IdentityDataGetter>();
ConfigureFinalServices(Configuration, services);
}
public async Task DeviceLoginAsync()
{
var configuration = new IdentityClientConfiguration(
CliUrls.AccountAbpIo,
"role email abpio abpio_www abpio_commercial openid offline_access",
"abp-cli",
"1q2w3e*",
OidcConstants.GrantTypes.DeviceCode
);
var accessToken = await AuthenticationService.GetAccessTokenAsync(configuration);
File.WriteAllText(CliPaths.AccessToken, accessToken, Encoding.UTF8);
}
protected virtual async Task <DiscoveryDocumentResponse> GetDiscoveryResponse(IdentityClientConfiguration configuration)
{
using (var httpClient = HttpClientFactory.CreateClient(HttpClientName))
{
var request = new DiscoveryDocumentRequest
{
Address = configuration.Authority,
Policy =
{
RequireHttps = configuration.RequireHttps
}
};
IdentityModelHttpRequestMessageOptions.ConfigureHttpRequestMessage?.Invoke(request);
return(await httpClient.GetDiscoveryDocumentAsync(request));
}
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
Utils.Linked = LinkedServerConfiguration.Load(Configuration);
Utils.IdentityClient = IdentityClientConfiguration.Load(Configuration);
services.AddHttpClient();
services.AddMvc().AddNewtonsoftJson();
services.AddResponseCompression(opts =>
{
opts.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(
new[] { "application/octet-stream" });
});
}
public async Task <IActionResult> GetAccessToken(UserLoginInfo login)
{
await ReplaceEmailToUsernameOfInputIfNeeds(login);
var config = new IdentityClientConfiguration
{
Authority = _configuration["AuthServer:Authority"],
ClientId = _configuration["AuthServer:ClientId"],
ClientSecret = _configuration["AuthServer:ClientSecret"],
GrantType = OidcConstants.GrantTypes.Password,
UserName = login.UserNameOrEmailAddress,
UserPassword = login.Password,
Scope = "offline_access IdentityService BackendAdminAppGateway AuditLogging BaseManagement OrganizationService"
};
string token = await _authenticator.GetAccessTokenAsync(config);
return(Json(new { code = 1, data = token }));
}
public async Task LoginAsync(string userName, string password, string organizationName = null)
{
var configuration = new IdentityClientConfiguration(
CliUrls.AccountAbpIo,
"role email abpio abpio_www abpio_commercial offline_access",
"abp-cli",
"1q2w3e*",
OidcConstants.GrantTypes.Password,
userName,
password
);
if (!organizationName.IsNullOrWhiteSpace())
{
configuration["[o]abp-organization-name"] = organizationName;
}
var accessToken = await AuthenticationService.GetAccessTokenAsync(configuration);
File.WriteAllText(CliPaths.AccessToken, accessToken, Encoding.UTF8);
}
public static void ConfigureApp(IConfiguration configuration, IApplicationBuilder app, IHostingEnvironment env)
{
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
if (env?.IsDevelopment() == true)
{
app.UseDeveloperExceptionPage();
}
else
{
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseOpenApi();
var idClient = IdentityClientConfiguration.Load(configuration);
app.UseSwaggerUi3(config =>
{
config.OAuth2Client = new NSwag.AspNetCore.OAuth2ClientSettings
{
ClientId = idClient?.ClientId ?? "",
ClientSecret = idClient?.ClientSecret ?? "",
};
});
app.UseReDoc();
app.UseCors();
app.UseMvc();
}
protected virtual Task <ClientCredentialsTokenRequest> CreateClientCredentialsTokenRequestAsync(string tokenEndpoint, IdentityClientConfiguration configuration)
{
var request = new ClientCredentialsTokenRequest
{
Address = tokenEndpoint,
Scope = configuration.Scope,
ClientId = configuration.ClientId,
ClientSecret = configuration.ClientSecret
};
IdentityModelHttpRequestMessageOptions.ConfigureHttpRequestMessage?.Invoke(request);
AddParametersToRequestAsync(configuration, request);
return(Task.FromResult(request));
}
public static void ConfigureIdentityServices(LinkedServerConfiguration server, IdentityClientConfiguration idClient, IServiceCollection services)
{
services.AddAuthorization();
Helpers.UserHelper.RegisterUrl = $"{server.Identity}/Identity/Account/Register";
Helpers.UserHelper.IdentityManageUrl = $"{server.Identity}/Identity/Account/Manage";
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies", options =>
{
options.Events = new Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents
{
// Auto refresh token when auth cookies
OnValidatePrincipal = async context =>
{
if (context.Properties?.Items[".Token.expires_at"] == null)
{
return;
}
var now = DateTimeOffset.UtcNow;
var tokenExpireTime = DateTime.Parse(context.Properties.Items[".Token.expires_at"]).ToUniversalTime();
var timeElapsed = now.Subtract(context.Properties.IssuedUtc.Value);
var timeRemaining = tokenExpireTime.Subtract(now.DateTime);
if (timeElapsed > timeRemaining)
{
// var oldAccessToken = context.Properties.Items[".Token.access_token"];
var oldRefreshToken = context.Properties.Items[".Token.refresh_token"];
var oldIdToken = context.Properties.Items[".Token.id_token"];
using (HttpClient httpclient = new HttpClient {
BaseAddress = new Uri(server.Identity)
})
{
var tokenClient = new SDK.Identity.TokenClient(httpclient);
var tokens = await tokenClient.RefreshToken(idClient.ClientId, idClient.ClientSecret, oldRefreshToken, oldIdToken);
if (tokens == null)
{
context.RejectPrincipal();
}
else
{
context.Properties.StoreTokens(tokens);
context.ShouldRenew = true;
}
}
}
},
};
})
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = server.Identity;
options.RequireHttpsMetadata = false;
// options.UseTokenLifetime = true;
options.ClientId = idClient.ClientId;
options.ClientSecret = idClient.ClientSecret;
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api");
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("offline_access");
});
}
protected virtual string CalculateTokenCacheKey(IdentityClientConfiguration configuration)
{
return(IdentityModelTokenCacheItem.CalculateCacheKey(configuration));
}
protected virtual string CalculateDiscoveryDocumentCacheKey(IdentityClientConfiguration configuration)
{
return(IdentityModelDiscoveryDocumentCacheItem.CalculateCacheKey(configuration));
}
public static string CalculateCacheKey(IdentityClientConfiguration configuration)
{
return(string.Join(",", configuration.Select(x => x.Key + ":" + x.Value)).ToMd5());
}
protected virtual async Task <TokenResponse> RequestDeviceAuthorizationAsync(HttpClient httpClient, IdentityClientConfiguration configuration)
{
var discoveryResponse = await GetDiscoveryResponse(configuration);
var request = new DeviceAuthorizationRequest()
{
Address = discoveryResponse.DeviceAuthorizationEndpoint,
Scope = configuration.Scope,
ClientId = configuration.ClientId,
ClientSecret = configuration.ClientSecret,
};
IdentityModelHttpRequestMessageOptions.ConfigureHttpRequestMessage?.Invoke(request);
await AddParametersToRequestAsync(configuration, request);
var response = await httpClient.RequestDeviceAuthorizationAsync(request);
if (response.IsError)
{
throw new AbpException(response.ErrorDescription);
}
Logger.LogInformation($"First copy your one-time code: {response.UserCode}");
Logger.LogInformation($"Open {response.VerificationUri} in your browser...");
for (var i = 0; i < ((response.ExpiresIn ?? 300) / response.Interval + 1); i++)
{
await Task.Delay(response.Interval * 1000);
var tokenResponse = await httpClient.RequestDeviceTokenAsync(new DeviceTokenRequest
{
Address = discoveryResponse.TokenEndpoint,
ClientId = configuration.ClientId,
ClientSecret = configuration.ClientSecret,
DeviceCode = response.DeviceCode
});
if (tokenResponse.IsError)
{
switch (tokenResponse.Error)
{
case "slow_down":
case "authorization_pending":
break;
case "expired_token":
throw new AbpException("This 'device_code' has expired. (expired_token)");
case "access_denied":
throw new AbpException("User denies the request(access_denied)");
}
}
if (!tokenResponse.IsError)
{
return(tokenResponse);
}
}
throw new AbpException("Timeout!");
}
protected virtual async Task <ClientCredentialsTokenRequest> CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration)
{
var discoveryResponse = await GetDiscoveryResponse(configuration);
var request = new ClientCredentialsTokenRequest
{
Address = discoveryResponse.TokenEndpoint,
Scope = configuration.Scope,
ClientId = configuration.ClientId,
ClientSecret = configuration.ClientSecret
};
IdentityModelHttpRequestMessageOptions.ConfigureHttpRequestMessage?.Invoke(request);
await AddParametersToRequestAsync(configuration, request);
return(request);
}
protected virtual async Task <IdentityModelDiscoveryDocumentCacheItem> GetDiscoveryResponse(IdentityClientConfiguration configuration)
{
var tokenEndpointUrlCacheKey = CalculateDiscoveryDocumentCacheKey(configuration);
var discoveryDocumentCacheItem = await DiscoveryDocumentCache.GetAsync(tokenEndpointUrlCacheKey);
if (discoveryDocumentCacheItem == null)
{
DiscoveryDocumentResponse discoveryResponse;
using (var httpClient = HttpClientFactory.CreateClient(HttpClientName))
{
var request = new DiscoveryDocumentRequest
{
Address = configuration.Authority,
Policy =
{
RequireHttps = configuration.RequireHttps
}
};
IdentityModelHttpRequestMessageOptions.ConfigureHttpRequestMessage?.Invoke(request);
discoveryResponse = await httpClient.GetDiscoveryDocumentAsync(request);
}
if (discoveryResponse.IsError)
{
throw new AbpException($"Could not retrieve the OpenId Connect discovery document! " +
$"ErrorType: {discoveryResponse.ErrorType}. Error: {discoveryResponse.Error}");
}
discoveryDocumentCacheItem = new IdentityModelDiscoveryDocumentCacheItem(discoveryResponse.TokenEndpoint, discoveryResponse.DeviceAuthorizationEndpoint);
await DiscoveryDocumentCache.SetAsync(tokenEndpointUrlCacheKey, discoveryDocumentCacheItem,
new DistributedCacheEntryOptions
{
AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(configuration.CacheAbsoluteExpiration)
});
}
return(discoveryDocumentCacheItem);
}
public static string CalculateCacheKey(IdentityClientConfiguration configuration)
{
return(configuration.Authority.ToLower().ToMd5());
}
protected virtual async Task <IdentityModelAuthenticationCacheItem> GetCacheItemAsync(IdentityClientConfiguration configuration)
{
var cacheKey = IdentityModelAuthenticationCacheItem.CalculateCacheKey(configuration.GrantType, configuration.ClientId, configuration.UserName);
Logger.LogDebug($"IdentityModelCachedAuthenticationService.GetCacheItemAsync: {cacheKey}");
var cacheItem = await Cache.GetAsync(cacheKey);
if (cacheItem != null)
{
Logger.LogDebug($"Found in the cache: {cacheKey}");
return(cacheItem);
}
Logger.LogDebug($"Not found in the cache: {cacheKey}");
var tokenResponse = await GetAccessTokenResponseAsync(configuration);
cacheItem = new IdentityModelAuthenticationCacheItem(tokenResponse.AccessToken);
var cacheEntryOptions = new DistributedCacheEntryOptions
{
// 缓存前两分钟过期
AbsoluteExpiration = DateTimeOffset.Now.AddSeconds(tokenResponse.ExpiresIn - 120)
};
Logger.LogDebug($"Setting the cache item: {cacheKey}");
await Cache.SetAsync(cacheKey, cacheItem, cacheEntryOptions);
Logger.LogDebug($"Finished setting the cache item: {cacheKey}");
return(cacheItem);
}
public static void Configure(IdentityClientConfiguration config)
{
Configure(config.ApplicationId, config.Address);
}
