public async Task <IActionResult> Consent(Idr4ConsentViewModel model) { ConsentResponse consentResponse = null; if (model == null) { ModelState.AddModelError("", "数据发送异常"); } //有没有选择授权 if (model.ScopesConsented == null || model.ScopesConsented.Count() == 0) { ModelState.AddModelError("", "请至少选择一个权限"); } //同意授权 if (model.Button == "yes") { //选择了授权Scope if (model.ScopesConsented != null && model.ScopesConsented.Any()) { var scopes = model.ScopesConsented; if (ConsentOptions.EnableOfflineAccess == false) { scopes = scopes.Where(x => x != IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess); } consentResponse = new ConsentResponse { RememberConsent = model.RememberConsent, ScopesConsented = scopes }; } } //不同意授权 else if (model.Button == "no") { consentResponse = ConsentResponse.Denied; } else { var vm1 = await CreateIdr4ConsentViewModelAsync(model.ReturnUrl); return(View(vm1)); } //无论同意还是不同意都是需要跳转 if (consentResponse != null) { var request = await _identityServerInteractionService.GetAuthorizationContextAsync(model.ReturnUrl); if (request == null) { ModelState.AddModelError("", "客户端登录验证不匹配"); } //if (consentResponse == ConsentResponse.Denied) //{ // string url = new Uri(request.RedirectUri).Authority; // return Redirect(url); //} //沟通Idr4服务端实现授权 await _identityServerInteractionService.GrantConsentAsync(request, consentResponse); return(Redirect(model.ReturnUrl)); } var vm = await CreateIdr4ConsentViewModelAsync(model.ReturnUrl); if (vm != null) { return(View(vm)); } return(View()); }
private async Task <Idr4ConsentViewModel> CreateIdr4ConsentViewModelAsync(string ReturnUrl) { var request = await _identityServerInteractionService.GetAuthorizationContextAsync(ReturnUrl); if (request != null) { //通过客户端id获取客户端信息 var clientModel = await _clientStore.FindEnabledClientByIdAsync(request.ClientId); if (clientModel != null) { //获取资源Scope信息 这里包括了两种 一种是IdentityResource 和ApiResource var resources = await _resourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested); //获取所有的权限 // var resources = await _resourceStore.FindEnabledResourcesByScopeAsync(clientModel.AllowedScopes); if (resources != null && (resources.ApiResources.Any() || resources.IdentityResources.Any())) { //构造界面需要的模型 var vm = new Idr4ConsentViewModel(); //界面初始化时候 vm.RememberConsent = true; //默认true vm.ScopesConsented = Enumerable.Empty <string>(); vm.ReturnUrl = ReturnUrl; //构建关于Client的信息 vm.ClientName = clientModel.ClientName; vm.ClientUrl = clientModel.ClientUri; vm.ClientLogoUrl = clientModel.LogoUri; vm.AllowRememberConsent = clientModel.AllowRememberConsent; vm.IdentityScopes = resources.IdentityResources.Select(x => new Idr4ScopeViewModel { Name = x.Name, DisplayName = x.DisplayName, Description = x.Description, Emphasize = x.Emphasize, Required = x.Required, Checked = vm.ScopesConsented.Contains(x.Name) || x.Required }).ToArray(); vm.ResouceScopes = resources.ApiResources.SelectMany(x => x.Scopes).Select(k => new Idr4ScopeViewModel { Name = k.Name, DisplayName = k.DisplayName, Description = k.Description, Emphasize = k.Emphasize, Required = k.Required, Checked = vm.ScopesConsented.Contains(k.Name) || k.Required }).ToArray(); //离线 if (ConsentOptions.EnableOfflineAccess && resources.OfflineAccess) { vm.ResouceScopes = vm.ResouceScopes.Union(new Idr4ScopeViewModel[] { new Idr4ScopeViewModel { Name = IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess, DisplayName = ConsentOptions.OfflineAccessDisplayName, Description = ConsentOptions.OfflineAccessDescription, Emphasize = true, Checked = vm.ScopesConsented.Contains(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess) } }); } return(vm); } else { //客户端Scope不存在 可以在界面提示并记录日志 return(null); } } else { //客户端不存在 可以在界面提示并记录日志 return(null); } } return(null); }