.net core 中 identity server 4 之Topic --定义Client

客户端指能够从id4获取Token的角色。

客户端的共性:

  • a unique client ID
  • a secret if needed
  • the allowed interactions with the token service (called a grant type)
  • a network location where identity and/or access token gets sent to (called a redirect URI)
  • a list of scopes (aka resources) the client is allowed to access

1. 定义server to server 通信的客户端

public class Clients
{
public static IEnumerable<Client> Get()
{
return new List<Client>
{
new Client
{
ClientId = "service.client",
ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "api1", "api2.read_only" }
}
};
}
}
  • ClientId为唯一名称
  • ClientSecret为密码
  • AllowedGrantTypes:允许的授予方式
  • AllowedScopes:作用域。

2. 定义SPA js 客户端

var jsClient = new Client
{
ClientId = "js",
ClientName = "JavaScript Client",
ClientUri = "http://identityserver.io", AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true, RedirectUris = { "http://localhost:7017/index.html" },
PostLogoutRedirectUris = { "http://localhost:7017/index.html" },
AllowedCorsOrigins = { "http://localhost:7017" }, AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email, "api1", "api2.read_only"
}
};

3. 定义Server-Side的MVC客户端

var mvcClient = new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
ClientUri = "http://identityserver.io", AllowedGrantTypes = GrantTypes.Hybrid,
AllowOfflineAccess = true,
ClientSecrets = { new Secret("secret".Sha256()) }, RedirectUris = { "http://localhost:21402/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:21402/" },
LogoutUri = "http://localhost:21402/signout-oidc", AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email, "api1", "api2.read_only"
},
};
上一篇:socket,模拟服务器、客户端通信


下一篇:AdaBoost