IdentityServer4专题之六:Resource Owner Password Credentials

 IdentityServer4专题之六:Resource Owner Password Credentials

 

IdentityServer4专题之六:Resource Owner Password Credentials

IdentityServer4专题之六:Resource Owner Password Credentials

 

 

实现代码:

(1)IdentityServer4授权服务器代码:

public static class Config

    {  public static IEnumerable<IdentityResource> GetIdentityResources()  //对身份资源的配置

        {

            return new IdentityResource[] 

            {

                new IdentityResources.OpenId(),  //此项必选

                new IdentityResources.Profile(),

                new IdentityResources.Email(),

                new IdentityResources.Phone(),

                new IdentityResources.Address(),

            };

        }

 

        public static IEnumerable<ApiResource> GetApis()  //对API的配置

        {

            return new ApiResource[]

            {

                new ApiResource("api1", "My API #1")

            };

        }

 

        public static IEnumerable<Client> GetClients()  //配置可访问客户

        {

            return new[]

            {

                // client credentials flow client

                new Client

                {

                    ClientId = "console client",

                    ClientName = "Client Credentials Client",

                    AllowedGrantTypes = GrantTypes.ClientCredentials,

                    ClientSecrets = { new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256()) },

                    AllowedScopes = {"api1" }

                },

                new Client

                {

                    ClientId="password client",

                    AllowedGrantTypes=GrantTypes.ResourceOwnerPassword,

                    ClientSecrets={new Secret("password secret".Sha256())},

                    AllowedScopes={"api1",IdentityServerConstants.StandardScopes.OpenId,

                        IdentityServerConstants.StandardScopes.Profile,

                        IdentityServerConstants.StandardScopes.Address,

                        IdentityServerConstants.StandardScopes.Phone,

                        IdentityServerConstants.StandardScopes.Email

                    }

                }             

            };

        }

    }

(2)对API的配置同ClientCredential,完全相同

(3)客户端代码,客户端还是需要NUGET安装IdentityModel库

static async Task Main(string[] args)

        {

            //Discovery endpoint

            Console.WriteLine("Hello World!");

            var client = new HttpClient();

            var disco = await client.GetDiscoveryDocumentAsync("http://localhost:5000");

            if (disco.IsError)

            {

                Console.WriteLine(disco.Error);

                return;

            }

            //request access token

            var tokenResponse = await client.RequestPasswordTokenAsync(new PasswordTokenRequest

            {

                Address=disco.TokenEndpoint,

                ClientId="password client",

                ClientSecret="password secret",

                Scope="api1 openid profile email phone address",

                UserName="bob",   //此处设置的密码应在identityserver4的TestUsers类中有定义

                Password="bob"

 

            });

            if(tokenResponse.IsError)

            {

                Console.WriteLine(tokenResponse.Error);

                return;

            }

            Console.WriteLine(tokenResponse.Json.ToString());

            var clientApi = new HttpClient();

            clientApi.SetBearerToken(tokenResponse.AccessToken);

            var apiResponse =await clientApi.GetAsync("http://localhost:5002/api/values");

            if (!apiResponse.IsSuccessStatusCode)

            {

                Console.WriteLine(apiResponse.StatusCode);

                return;

            }

            var content = await apiResponse.Content.ReadAsStringAsync();

            Console.WriteLine(content);

 

            var clientUserInfo = new HttpClient();

            clientUserInfo.SetBearerToken(tokenResponse.AccessToken);

            var userinfoResponse = await clientUserInfo.GetAsync(disco.UserInfoEndpoint);

            if(!userinfoResponse.IsSuccessStatusCode)

            {

                Console.WriteLine(userinfoResponse.StatusCode);

                return;

            }

            var contentuserinfo = await userinfoResponse.Content.ReadAsStringAsync();

            Console.WriteLine(contentuserinfo);

            Console.WriteLine("llll");

        }

    }

 

上一篇:智能合约审计之后门漏洞概述


下一篇:2-2、Lifcycle核心接口