Foreword
OAuth 2.0 authorization default four kinds of modes (GrantType)
- Authorization code pattern (authorization_code)
- Simplified mode (Implicit)
- Password mode (resource owner password credentials)
- Client mode (client_credentials)
This chapter describes the client mode (Client Credentials)
, he is mainly composed of a client and an authentication server consists of two parts.
The authentication server returns the token to the client after determining that the client information is correct, the client with access to the resource request token . (in this mode, the user can register directly to the client, the client then requests the name of its own authentication server)
Set up an authentication server
Api create a project, the port is set to 5000
Package
PM> Install-package IdentityServer4 -version 2.5.3
Creating a class Config (configuration to be protected and have access to the resources of client-server API)
/// <summary>
/// Identity配置
/// </summary>
public class Config
{
/// <summary>
/// 定义要保护的资源
/// </summary>
/// <returns></returns>
public static IEnumerable<ApiResource> GetApiResources() {
return new List<ApiResource>
{
new ApiResource("api1", "My API")
};
}
/// <summary>
/// 定义授权客户端
/// </summary>
/// <returns></returns>
public static IEnumerable<Client> GetClients() {
return new List<Client>
{
new Client()
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials, //设置模式,客户端模式
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "api1" }
}
};
}
}Configuration Startup
Injection method IdentityServer4 service in ConfigureServices
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
services.AddIdentityServer()//IdentityServer4服务
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(Config.GetApiResources()) //配置资源
.AddInMemoryClients(Config.GetClients());//把配置文件的Client配置资源放到内存
}Add IdentityServer4 service middleware in the Configure method
app.UseIdentityServer();
Build Client
Create a client project, the port is set to 5001
Package
PM> Install-package IdentityServer4.AccessTokenValidation -version 2.7.0
Configuration Startup
Adding authentication server address in ConfigureServices
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";//授权服务器地址
options.RequireHttpsMetadata = false;//不需要https
options.ApiName = "api1";
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}Add IdentityServer4 service middleware in the Configure method
app.UseIdentityServer();
test
The above values in the client terminal controller increases [the Authorize]
Direct access to the resource server http: // localhost: 5001 / api / values
Restricted access the code 401
Start authorization server
http://localhost:5000/.well-known/openid-configuration
Endpoints can be found by /.well-known/openid-configuration
Get token
After the start we get token by token_endpoint
client_id clientid us to configure the authorization server,
client_secret for the configuration of the Secret,
grant_type authorized mode here in client mode (client_credentials),
the request to return the voucher information,
we go access_token to access server resources through
the use of this type of authorization It will be the token.
code 200
Overview
Address Example: https://github.com/fhcodegit/IdentityServer4.Samples
IdentityServer4 description: https://www.cnblogs.com/yyfh/p/11590383.html