public AuthorizationController
(
OidcAuthorizationServerOptions options,
OpenIddictApplicationManager <OpenIddictApplication> applicationManager
)
{
_serverOptions = options;
_applicationManager = applicationManager;
}
public static void AddBearers
(
this IServiceCollection services,
IWebHostEnvironment environment,
OidcAuthorizationServerOptions openIdOptions,
AuthenticationOptions authenticationOptions,
string[] schemes
)
{
services
.AddDbContext <DbContext>(options =>
{
// Configure the context to use an in-memory store.
options.UseInMemoryDatabase(nameof(DbContext));
// Register the entity sets needed by OpenIddict.
// Note: use the generic overload if you need
// to replace the default OpenIddict entities.
options.UseOpenIddict();
})
.AddOpenIddict()
.AddCore(options =>
{
// Configure OpenIddict to use the Entity Framework Core stores and entities.
options.UseEntityFrameworkCore().UseDbContext <DbContext>();
})
.AddServer(options =>
{
// Register the ASP.NET Core MVC binder used by OpenIddict.
// Note: if you don't call this method, you won't be able to
// bind OpenIdConnectRequest or OpenIdConnectResponse parameters.
options.UseMvc();
// Enable the authorization/token endpoints (required to use the code flow).
options.EnableTokenEndpoint(@$ "/{authenticationOptions.TokenEndpoint
.Replace(authenticationOptions.Issuer, string.Empty)}");
//.EnableAuthorizationEndpoint("/connect/authorize");
// Allow client applications to use the grant_type=client_credentials flow.
options.AllowClientCredentialsFlow();
// During development, you can disable the HTTPS requirement.
if (environment.IsDevelopment())
{
options.DisableHttpsRequirement();
}
// Accept token requests that don't specify a client_id.
// options.AcceptAnonymousClients();
options.EnableRequestCaching();
// Note: to use JWT access tokens instead of the default
// encrypted format, the following lines are required:
//
options.UseJsonWebTokens();
// Register a new ephemeral key, that is discarded when the application
// shuts down. Tokens signed using this key are automatically invalidated.
// This method should only be used during development.
//options.AddEphemeralSigningKey();
// On production, using a X.509 certificate stored in the machine store is recommended.
options.AddSigningCertificate(LoadCertificate(openIdOptions));
var expiryInSeconds = openIdOptions.AccessTokenExpiration;
options.SetAccessTokenLifetime(TimeSpan.FromSeconds(Convert.ToDouble(expiryInSeconds)));
// Note: if you don't want to use permissions, you can disable
// permission enforcement by uncommenting the following lines:
//
// options.IgnoreEndpointPermissions()
// .IgnoreGrantTypePermissions()
// .IgnoreScopePermissions();
});
