实现代码:
(1)IdentityServer4授权服务器代码:
public static class Config
{ public static IEnumerable<IdentityResource> GetIdentityResources() //对身份资源的配置
{
return new IdentityResource[]
{
new IdentityResources.OpenId(), //此项必选
new IdentityResources.Profile(),
new IdentityResources.Email(),
new IdentityResources.Phone(),
new IdentityResources.Address(),
};
}
public static IEnumerable<ApiResource> GetApis() //对API的配置
{
return new ApiResource[]
{
new ApiResource("api1", "My API #1")
};
}
public static IEnumerable<Client> GetClients() //配置可访问客户
{
return new[]
{
// client credentials flow client
new Client
{
ClientId = "console client",
ClientName = "Client Credentials Client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = { new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256()) },
AllowedScopes = {"api1" }
},
new Client
{
ClientId="password client",
AllowedGrantTypes=GrantTypes.ResourceOwnerPassword,
ClientSecrets={new Secret("password secret".Sha256())},
AllowedScopes={"api1",IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Address,
IdentityServerConstants.StandardScopes.Phone,
IdentityServerConstants.StandardScopes.Email
}
}
};
}
}
(2)对API的配置同ClientCredential,完全相同
(3)客户端代码,客户端还是需要NUGET安装IdentityModel库
static async Task Main(string[] args)
{
//Discovery endpoint
Console.WriteLine("Hello World!");
var client = new HttpClient();
var disco = await client.GetDiscoveryDocumentAsync("http://localhost:5000");
if (disco.IsError)
{
Console.WriteLine(disco.Error);
return;
}
//request access token
var tokenResponse = await client.RequestPasswordTokenAsync(new PasswordTokenRequest
{
Address=disco.TokenEndpoint,
ClientId="password client",
ClientSecret="password secret",
Scope="api1 openid profile email phone address",
UserName="bob", //此处设置的密码应在identityserver4的TestUsers类中有定义
Password="bob"
});
if(tokenResponse.IsError)
{
Console.WriteLine(tokenResponse.Error);
return;
}
Console.WriteLine(tokenResponse.Json.ToString());
var clientApi = new HttpClient();
clientApi.SetBearerToken(tokenResponse.AccessToken);
var apiResponse =await clientApi.GetAsync("http://localhost:5002/api/values");
if (!apiResponse.IsSuccessStatusCode)
{
Console.WriteLine(apiResponse.StatusCode);
return;
}
var content = await apiResponse.Content.ReadAsStringAsync();
Console.WriteLine(content);
var clientUserInfo = new HttpClient();
clientUserInfo.SetBearerToken(tokenResponse.AccessToken);
var userinfoResponse = await clientUserInfo.GetAsync(disco.UserInfoEndpoint);
if(!userinfoResponse.IsSuccessStatusCode)
{
Console.WriteLine(userinfoResponse.StatusCode);
return;
}
var contentuserinfo = await userinfoResponse.Content.ReadAsStringAsync();
Console.WriteLine(contentuserinfo);
Console.WriteLine("llll");
}
}
}