1、新建空的Identity项目
2、访问localhost:5001/.well-known/openid-configuration
3、访问localhost:5001/connect/token
4、需要用postman 访问localhost:5001/connect/token,要添加参数,不然会报错,错误信息: "error": "invalid_request"或者"error": "invalid_scope"
注意:要在 x-www-form-urlencoded 中添加参数,在form-data 添加参数还是会报错
5、需要修改config文件
public static class Config { public static IEnumerable<IdentityResource> IdentityResources => new IdentityResource[] { new IdentityResources.OpenId() }; public static IEnumerable<ApiScope> ApiScopes => new ApiScope[] { new ApiScope("scope1"), new ApiScope("scope2"), }; public static IEnumerable<Client> Clients => new Client[] { new Client { ClientId="myclient", ClientSecrets=new []{new Secret("secret".Sha256()) }, AllowedGrantTypes=GrantTypes.ResourceOwnerPasswordAndClientCredentials, AllowedScopes=new [] { "scope1" } } }; public static List<TestUser> TestUsers => new List<TestUser> { new TestUser { Username="pc", Password="123", SubjectId="1" } }; }
6、需要修改Startup类的ConfigureServices方法
public void ConfigureServices(IServiceCollection services) { // uncomment, if you want to add an MVC-based UI //services.AddControllersWithViews(); var builder = services.AddIdentityServer() .AddTestUsers(Config.TestUsers) .AddInMemoryApiScopes(Config.ApiScopes) .AddInMemoryClients(Config.Clients); // not recommended for production - you need to store your key material somewhere secure builder.AddDeveloperSigningCredential(); services.AddAuthentication(); }
7、另一种方式,不添加scopes
Config类修改
public static class Config { public static IEnumerable<IdentityResource> IdentityResources => new IdentityResource[] { new IdentityResources.OpenId() }; public static IEnumerable<Client> Clients => new Client[] { new Client { ClientId="myclient", ClientSecrets=new []{new Secret("secret".Sha256()) }, AllowedGrantTypes=GrantTypes.ResourceOwnerPasswordAndClientCredentials, AllowedScopes=new [] { "openid" } } }; public static List<TestUser> TestUsers => new List<TestUser> { new TestUser { Username="pc", Password="123", SubjectId="1" } }; }
Startup类修改
public void ConfigureServices(IServiceCollection services) { // uncomment, if you want to add an MVC-based UI //services.AddControllersWithViews(); var builder = services.AddIdentityServer() .AddInMemoryIdentityResources(Config.IdentityResources) .AddInMemoryClients(Config.Clients) .AddTestUsers(Config.TestUsers); // not recommended for production - you need to store your key material somewhere secure builder.AddDeveloperSigningCredential(); services.AddAuthentication(); }
备注:不添加ApiScopes 时,使用 IdentityResource 的openid