public static void ConfigureDocumentServices(LinkedServerConfiguration server, IServiceCollection services) { services.AddOpenApiDocument(config => { config.AddSecurity("bearer", Enumerable.Empty <string>(), new OpenApiSecurityScheme { Type = OpenApiSecuritySchemeType.OAuth2, Description = "MindNote Identity", Flows = new OpenApiOAuthFlows() { Password = new OpenApiOAuthFlow() { Scopes = new Dictionary <string, string> { { "api", "MindNote API" }, }, AuthorizationUrl = $"{server.Identity}/connect/authorize", TokenUrl = $"{server.Identity}/connect/token", }, } }); config.OperationProcessors.Add( new AspNetCoreOperationSecurityScopeProcessor("bearer")); config.PostProcess = document => { document.Info.Version = "v1"; document.Info.Title = "MindNote API"; document.Info.Description = "API for MindNote"; document.Info.TermsOfService = "None"; document.Info.Contact = new NSwag.OpenApiContact { Name = "StardustDL", Email = string.Empty, Url = "" }; /*document.Info.License = new NSwag.SwaggerLicense * { * Name = "Use under LICX", * Url = "https://example.com/license" * };*/ }; }); }
public static void ConfigureIdentityServices(LinkedServerConfiguration server, IConfiguration configuration, IServiceCollection services) { services.AddDefaultIdentity <IdentityUser>() .AddDefaultUI(UIFramework.Bootstrap4) .AddEntityFrameworkStores <ApplicationDbContext>(); var idServer = services.AddIdentityServer(options => { options.PublicOrigin = server.Identity; options.UserInteraction = new IdentityServer4.Configuration.UserInteractionOptions { LoginUrl = "/Identity/Account/Login", LogoutUrl = "/Identity/Account/Logout", ErrorUrl = "/Identity/Account/Error", }; }) .AddDeveloperSigningCredential(); { var idSection = configuration.GetSection("identityServer"); { var obj = idSection.GetSection("IdentityResources").Get <IdentityResource[]>(); idServer.AddInMemoryIdentityResources(obj ?? SampleConfig.GetIdentityResources()); } { var obj = idSection.GetSection("ApiResources").Get <ApiResource[]>(); idServer.AddInMemoryApiResources(obj ?? SampleConfig.GetApiResources()); } { var obj = idSection.GetSection("Clients").Get <Client[]>(); idServer.AddInMemoryClients(obj ?? SampleConfig.GetClients(server.Host, server.Client)); } } idServer.AddAspNetIdentity <IdentityUser>(); }
public static void ConfigureIdentityServices(LinkedServerConfiguration server, IdentityClientConfiguration idClient, IServiceCollection services) { services.AddAuthorization(); Helpers.UserHelper.RegisterUrl = $"{server.Identity}/Identity/Account/Register"; Helpers.UserHelper.IdentityManageUrl = $"{server.Identity}/Identity/Account/Manage"; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies", options => { options.Events = new Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents { // Auto refresh token when auth cookies OnValidatePrincipal = async context => { if (context.Properties?.Items[".Token.expires_at"] == null) { return; } var now = DateTimeOffset.UtcNow; var tokenExpireTime = DateTime.Parse(context.Properties.Items[".Token.expires_at"]).ToUniversalTime(); var timeElapsed = now.Subtract(context.Properties.IssuedUtc.Value); var timeRemaining = tokenExpireTime.Subtract(now.DateTime); if (timeElapsed > timeRemaining) { // var oldAccessToken = context.Properties.Items[".Token.access_token"]; var oldRefreshToken = context.Properties.Items[".Token.refresh_token"]; var oldIdToken = context.Properties.Items[".Token.id_token"]; using (HttpClient httpclient = new HttpClient { BaseAddress = new Uri(server.Identity) }) { var tokenClient = new SDK.Identity.TokenClient(httpclient); var tokens = await tokenClient.RefreshToken(idClient.ClientId, idClient.ClientSecret, oldRefreshToken, oldIdToken); if (tokens == null) { context.RejectPrincipal(); } else { context.Properties.StoreTokens(tokens); context.ShouldRenew = true; } } } }, }; }) .AddOpenIdConnect("oidc", options => { options.SignInScheme = "Cookies"; options.Authority = server.Identity; options.RequireHttpsMetadata = false; // options.UseTokenLifetime = true; options.ClientId = idClient.ClientId; options.ClientSecret = idClient.ClientSecret; options.ResponseType = "code id_token"; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("api"); options.Scope.Add("openid"); options.Scope.Add("profile"); options.Scope.Add("email"); options.Scope.Add("offline_access"); }); }