public static IEnumerable <Client> GetClients(OpenIdSettings openIdSettings)
{
return(new List <Client>
{
new Client
{
ClientName = "CoreDocker Api",
ClientId = openIdSettings.ClientName,
RequireConsent = false,
AccessTokenType = AccessTokenType.Reference,
AccessTokenLifetime = (int)TimeSpan.FromDays(1).TotalSeconds, // 10 minutes, default 60 minutes
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret(openIdSettings.ClientSecret.Sha256())
},
AllowAccessTokensViaBrowser = true,
RedirectUris = new List <string>
{
openIdSettings.HostUrl
},
PostLogoutRedirectUris = new List <string>
{
openIdSettings.HostUrl.UriCombine("/Unauthorized")
},
AllowedCorsOrigins = openIdSettings.GetOriginList(),
AllowedScopes = new List <string>
{
openIdSettings.ScopeApi
}
}
});
}
public static void UseIndentityService(this IServiceCollection services, IConfiguration conf)
{
services.AddTransient <IPersistedGrantStore, PersistedGrantStore>();
var openIdSettings = new OpenIdSettings(conf);
services.AddIdentityServer()
.AddSigningCredential(Certificate())
.AddInMemoryIdentityResources(OpenIdConfig.GetIdentityResources())
.AddInMemoryApiResources(OpenIdConfig.GetApiResources(openIdSettings))
.AddInMemoryClients(OpenIdConfig.GetClients(openIdSettings))
// options => options.MigrationsAssembly(migrationsAssembly)))
.Services.AddTransient <IResourceOwnerPasswordValidator, UserClaimProvider>();
}
public static IEnumerable <ApiResource> GetApiResources(OpenIdSettings openIdSettings)
{
return(new List <ApiResource>
{
new ApiResource(openIdSettings.ApiResourceName)
{
ApiSecrets =
{
new Secret(openIdSettings.ApiResourceSecret.Sha256())
},
Scopes =
{
new Scope
{
Name = openIdSettings.ScopeApi,
DisplayName = "Standard api access"
}
},
UserClaims = { JwtClaimTypes.Role, JwtClaimTypes.GivenName, IdentityServerConstants.StandardScopes.Email, JwtClaimTypes.Id, JwtClaimTypes.Name }
},
});
}