ASP.NET Core distributed project combat (Business, architecture design, oAuth2, IdentityServer4) - Study Notes

Task 4: Chapter Planning and directory

Agile product development process
Prototype Preview and Business
Overall architecture design
API interface design / swagger
Identity Server 4 Login build
Account API implementation
Configuration Center

Task 5: Business

Project Background: Based on the financial industry connections of the project

user:

1, account number:

Basic Maintenance
log in

2, manage their own projects

create
Share (visible purview)
Sticky
View Project Progress

3, the introduction of someone else's project

See your friends' items
View second degree contacts projects
View the system recommended items
View other people's projects
Others involved in the project

4, the message:

Chat messages
system information

5 Friends:

Add Friend (import address book, phone number search for friends)

Task 6: Architecture Design

Task 7: oAuth2 Introduction

OAuth is an open network standards for authorization (authorization) of

Four kinds of License:

Authorization Code mode
Simplified mode
Password mode
Client Mode

Understand OAuth 2.0:

https://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html

Task 8: IdentityServer4 Log Center

New Project

dotnet new webapi --name IdentityServerCenter

Add Nuget package: IdentityServer4

How to install VS Code nuget:

https://blog.csdn.net/qq_36051316/article/details/84106418

Why the installation failed and solutions:

vscode solve the problem nuget plug-in can not be used:

https://www.cnblogs.com/lori/p/11651079.html

Visual Studio solution NuGet connection is not the official source of the package:

https://blog.csdn.net/weixin_34161083/article/details/85764761

Configuration Startup Configuration

Add Reference

using IdentityServer4;

Registration Service

services.AddIdentityServer()
        .AddDeveloperSigningCredential();

Use the service

app.UseIdentityServer();

Configure the start port in Program.cs

webBuilder.UseUrls("http://localhost:5000");

Add configuration class Config.cs, initialization IdentityServer4

using System.Collections;
using System.Collections.Generic;
using IdentityServer4.Models;

namespace IdentityServerCenter
{
    public class Config
    {
        public static IEnumerable<ApiResource> GetResource()
        {
            return new List<ApiResource>
            {
                new ApiResource("api", "My Api")
            };
        }

        public static IEnumerable<Client> GetClients()
        {
            return new List<Client>
            {
                new Client()
                {
                    ClientId = "client",
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    ClientSecrets = 
                    {
                        new Secret("secret".Sha256())
                    },
                    AllowedScopes = {"api"},
                }
            };
        }
    }
}

Configuration changes IdentityServer4

services.AddIdentityServer()
        .AddDeveloperSigningCredential()
        .AddInMemoryApiResources(Config.GetResource())
        .AddInMemoryClients(Config.GetClients());

starting program

dotnet run

address

http://localhost:5000/.well-known/openid-configuration

The results are as follows (JSON format)

{
    "issuer": "http://localhost:5000",
    "jwks_uri": "http://localhost:5000/.well-known/openid-configuration/jwks",
    "authorization_endpoint": "http://localhost:5000/connect/authorize",
    "token_endpoint": "http://localhost:5000/connect/token",
    "userinfo_endpoint": "http://localhost:5000/connect/userinfo",
    "end_session_endpoint": "http://localhost:5000/connect/endsession",
    "check_session_iframe": "http://localhost:5000/connect/checksession",
    "revocation_endpoint": "http://localhost:5000/connect/revocation",
    "introspection_endpoint": "http://localhost:5000/connect/introspect",
    "device_authorization_endpoint": "http://localhost:5000/connect/deviceauthorization",
    "frontchannel_logout_supported": true,
    "frontchannel_logout_session_supported": true,
    "backchannel_logout_supported": true,
    "backchannel_logout_session_supported": true,
    "scopes_supported": [
        "api",
        "offline_access"
    ],
    "claims_supported": [],
    "grant_types_supported": [
        "authorization_code",
        "client_credentials",
        "refresh_token",
        "implicit",
        "urn:ietf:params:oauth:grant-type:device_code"
    ],
    "response_types_supported": [
        "code",
        "token",
        "id_token",
        "id_token token",
        "code id_token",
        "code token",
        "code id_token token"
    ],
    "response_modes_supported": [
        "form_post",
        "query",
        "fragment"
    ],
    "token_endpoint_auth_methods_supported": [
        "client_secret_basic",
        "client_secret_post"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "subject_types_supported": [
        "public"
    ],
    "code_challenge_methods_supported": [
        "plain",
        "S256"
    ],
    "request_parameter_supported": true
}

We can see four kinds of License:

"grant_types_supported": [
        "authorization_code",
        "client_credentials",
        "refresh_token",
        "implicit",
        "urn:ietf:params:oauth:grant-type:device_code"
    ],

Course Link

http://video.jessetalk.cn/course/explore

This work is Creative Commons Attribution - NonCommercial - ShareAlike 4.0 International License Agreement for licensing.

Welcome to reprint, use, repost, but be sure to keep the article signed by Zheng Ziming (containing links: http://www.cnblogs.com/MingsonZheng/ ), shall not be used for commercial purposes, be sure to publish the same work based on the paper license modification .

If you have any questions, please contact me ([email protected]).