public ConfigurationOptions(IOptions <IdentityServerConfig> identityServerConfigs)
{
this._identityServerConfigs = identityServerConfigs.Value;
}
public static IEnumerable <ApiResource> GetApiResources(IConfigurationOptions configOptions)
{
IdentityServerConfig configs = configOptions.getIdentityServerConfig();
return(new[]
{
new ApiResource
{
Name = "jp_api",
DisplayName = "JP API",
Description = "OAuth2 Server Management Api",
ApiSecrets = { new Secret(configs.Resources.Where(x => x.Key == "jp_api").FirstOrDefault().ApiSecret.Sha256()) },
UserClaims =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"is4-rights",
"username",
"role"
},
Scopes =
{
new Scope()
{
Name = "jp_api.user",
DisplayName = "User Management - Full access",
Description = "Full access to User Management",
Required = true
},
new Scope()
{
Name = "jp_api.is4",
DisplayName = "OAuth2 Server",
Description = "Manage mode to IS4",
Required = true
}
}
},
new ApiResource
{
Name = "logs_api",
DisplayName = "Logging API",
Description = "Logging Service Api",
ApiSecrets = { new Secret(configs.Resources.Where(x => x.Key == "logs_api").FirstOrDefault().ApiSecret.Sha256()) },
UserClaims =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"admin-rights",
"username",
"role"
},
Scopes =
{
new Scope()
{
Name = "logs_api.read",
DisplayName = "Logging service - read access",
Description = "Is only able to check logs",
Required = true
},
new Scope()
{
Name = "logs_api.edit",
DisplayName = "Logging service - full access",
Description = "Manage mode for logging service",
Required = true
}
}
},
new ApiResource
{
Name = "ocelot_api",
DisplayName = "Ocelot Admin API",
Description = "Ocelot Admin Api",
ApiSecrets = { new Secret(configs.Resources.Where(x => x.Key == "ocelot_api").FirstOrDefault().ApiSecret.Sha256()) },
UserClaims =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"admin-rights",
"username",
"role"
},
Scopes =
{
new Scope()
{
Name = "ocelot_api.read",
DisplayName = "ocelot - read access",
Description = "Is only able to check routes",
Required = true
},
new Scope()
{
Name = "ocelot_api.edit",
DisplayName = "ocelot - full access",
Description = "Manage mode for ocelot service",
Required = true
}
}
},
new ApiResource
{
Name = "institution_api",
DisplayName = "Institutions Admin API",
Description = "Institutions Admin Api",
ApiSecrets = { new Secret(configs.Resources.Where(x => x.Key == "institution_api").FirstOrDefault().ApiSecret.Sha256()) },
UserClaims =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"admin-rights",
"username",
"role"
},
Scopes =
{
new Scope()
{
Name = "institution_api.read",
DisplayName = "Institutions - read access",
Description = "Is only able to read institutions data",
Required = true
},
new Scope()
{
Name = "institution_api.edit",
DisplayName = "Institutions - full access",
Description = "Manage mode for institutions data",
Required = true
}
}
}
});
}