public AuthorizationController ( OidcAuthorizationServerOptions options, OpenIddictApplicationManager <OpenIddictApplication> applicationManager ) { _serverOptions = options; _applicationManager = applicationManager; }
public static void AddBearers ( this IServiceCollection services, IWebHostEnvironment environment, OidcAuthorizationServerOptions openIdOptions, AuthenticationOptions authenticationOptions, string[] schemes ) { services .AddDbContext <DbContext>(options => { // Configure the context to use an in-memory store. options.UseInMemoryDatabase(nameof(DbContext)); // Register the entity sets needed by OpenIddict. // Note: use the generic overload if you need // to replace the default OpenIddict entities. options.UseOpenIddict(); }) .AddOpenIddict() .AddCore(options => { // Configure OpenIddict to use the Entity Framework Core stores and entities. options.UseEntityFrameworkCore().UseDbContext <DbContext>(); }) .AddServer(options => { // Register the ASP.NET Core MVC binder used by OpenIddict. // Note: if you don't call this method, you won't be able to // bind OpenIdConnectRequest or OpenIdConnectResponse parameters. options.UseMvc(); // Enable the authorization/token endpoints (required to use the code flow). options.EnableTokenEndpoint(@$ "/{authenticationOptions.TokenEndpoint .Replace(authenticationOptions.Issuer, string.Empty)}"); //.EnableAuthorizationEndpoint("/connect/authorize"); // Allow client applications to use the grant_type=client_credentials flow. options.AllowClientCredentialsFlow(); // During development, you can disable the HTTPS requirement. if (environment.IsDevelopment()) { options.DisableHttpsRequirement(); } // Accept token requests that don't specify a client_id. // options.AcceptAnonymousClients(); options.EnableRequestCaching(); // Note: to use JWT access tokens instead of the default // encrypted format, the following lines are required: // options.UseJsonWebTokens(); // Register a new ephemeral key, that is discarded when the application // shuts down. Tokens signed using this key are automatically invalidated. // This method should only be used during development. //options.AddEphemeralSigningKey(); // On production, using a X.509 certificate stored in the machine store is recommended. options.AddSigningCertificate(LoadCertificate(openIdOptions)); var expiryInSeconds = openIdOptions.AccessTokenExpiration; options.SetAccessTokenLifetime(TimeSpan.FromSeconds(Convert.ToDouble(expiryInSeconds))); // Note: if you don't want to use permissions, you can disable // permission enforcement by uncommenting the following lines: // // options.IgnoreEndpointPermissions() // .IgnoreGrantTypePermissions() // .IgnoreScopePermissions(); });