On the way home to take care of yourself yo ~
Hello everyone, Mr. Chang has been successfully friends at home, idle nothing to write two papers take a clubbing, in fact, write the contents of all the group Friends of the questions asked, I will provide simple ideas directly in the group, I have trouble write articles to explain it, and also his role in a record, today briefly about how the resource server to debug certification center authorized by Swagger. Because JWT Bearer certification before we are using Well, this unity are replaced Ids4, so this has to be done about the appropriate treatment.
1
Where several projects have been completed migration
In June last year, when, Idp formal open-source project, at that time I simply learned how to use ids4, feeling very simple, then the rhetoric ambition that will migrate all projects in the past, did not expect to combat them, and not so simple, resulting in abeyance now, fortunately before the Spring Festival all set up, the article says that ChristDDD project, the last remaining Nuxt migration projects, so the conclusion, all of the following projects have been completed migrating to Ids4 work:
I believe that if you read the article, should be able to know the meaning of these projects corresponding to their own hands can try this set is my effort, whether it is from vue, or to netcore, either from api or to MVC, whether it is still renderings from the SPA, or to render SSR, and finally come to an end, if your company or business you want to use, or based on my project this set of six rectification, you can find me at sale, like on the old iron:
(Considering privacy, we will not provide insider information)
Now comes the api project, that is, leaving the last question, how the FBI in Swagger because before I always directly open vue project, has opened the BlogCore and Idp project, trouble! Then we will simply talk about how to configure Swagger, access IdentityServer4.
2
Swagger arranged in the access Ids4
Note that this is NetCore3.1 wording:
// Jwt Bearer 认证,必须是 oauth2,这里注释掉
//c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
//{
// Description = "JWT授权(数据将在请求头中进行传输) 直接在下框中输入Bearer {token}(注意两者之间是一个空格)\"",
// Name = "Authorization",//jwt默认的参数名称
// In = ParameterLocation.Header,//jwt默认存放Authorization信息的位置(请求头中)
// Type = SecuritySchemeType.ApiKey
//});
// 接入identityserver4
c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
// 因为是 api 项目,那肯定是前后端分离的,所以用的是Implicit模式
Implicit = new OpenApiOAuthFlow
{
// 这里配置 identityServer 项目的域名
AuthorizationUrl = new Uri($"https:ids.neters.club/connect/authorize"),
// 这里配置是 scope 作用域,
// 只需要填写 api资源 的id即可,
// 不需要把 身份资源 的内容写上,比如openid
Scopes = new Dictionary<string, string> {
{
"blog.core.api","ApiResource id"
}
}
}
}
});
Here after we configured, run the project, you can see the effect:
We can see, using the OAuth2.0 agreement, implicit authorization mode,
client_id, our client id, and ids4 to configure the match, we will discuss below.
地址是ids.neters.club,Scopes 是我们定义的 blog.core.api,
这两个都要和认证服务匹配,具体是哪里呢,就是我们开启认证服务的地方:
我这里把授权地址URL,给写到了配置文件里,因为有时候我们的ids4项目可能会变化,
其实这里我们的apiName也可以配置到appsettings.json文件夹中。
注意,scope不需要填写其他的,不然会报错,只需要把 client_id 写上即可:
接下来,我们就需要配置Ids4项目了。
3
Ids4项目配置回调地址
这里其实就很简单的,如果我们不对回调地址做相应的增加的话,会提示无效的错误:
这里就很简单了:
// blog.admin 前端vue项目
new Client {
ClientId = "blogadminjs",
ClientName = "Blog.Admin JavaScript Client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
// 回调地址uri集合,可以写多个
RedirectUris =
{
"http://vueadmin.neters.club/callback",
"http://apk.neters.club/oauth2-redirect.html",
"http://localhost:8081/oauth2-redirect.html",
},
PostLogoutRedirectUris = { "http://vueadmin.neters.club" },
AllowedCorsOrigins = { "http://vueadmin.neters.club" },
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"roles",
// 上边的这三个 scope ,可以不用配置到swagger中
"blog.core.api"// 这个资源api的name,要一致
}
},
这里我要强调一点,不是说每次我们都要修改这个Config.cs这个类,这是初始化的,我一般都是直接修改的数据表数据就行,常见的三个配置表就是:
到了这里,我们一般就是修改完成了,可以测试一下,来个动图:
是不是很简单!不用再打开前端vue来测试了,是不是很方便。
IdentityServer4 项目还是挺好的,无论是企业里,还是个人使用,都是比较好的方案,除非你所在公司有一套自己的项目。
打完收工,下一篇,我们就简单来说说,如何做单点登录了。
