IdentityServer4（二）

1、新建空的Identity项目

2、访问localhost:5001/.well-known/openid-configuration

 3、访问localhost:5001/connect/token

 4、需要用postman 访问localhost:5001/connect/token，要添加参数，不然会报错，错误信息： "error": "invalid_request"或者"error": "invalid_scope"

注意：要在 x-www-form-urlencoded 中添加参数，在form-data 添加参数还是会报错

 

5、需要修改config文件

public static class Config
    {
        public static IEnumerable<IdentityResource> IdentityResources =>
            new IdentityResource[]
            {
                new IdentityResources.OpenId()
            };
        public static IEnumerable<ApiScope> ApiScopes =>
        new ApiScope[]
        {
                new ApiScope("scope1"),
                new ApiScope("scope2"),
        };

        public static IEnumerable<Client> Clients =>
            new Client[]
            {
                new Client
                { 
                    ClientId="myclient",
                    ClientSecrets=new []{new Secret("secret".Sha256()) },
                    AllowedGrantTypes=GrantTypes.ResourceOwnerPasswordAndClientCredentials,
                    AllowedScopes=new [] { "scope1" }
                }
            };

        public static List<TestUser> TestUsers =>
            new List<TestUser>
            {
                new TestUser
                {
                    Username="pc",
                    Password="123",
                    SubjectId="1"
                }
            };

    }

6、需要修改Startup类的ConfigureServices方法

  public void ConfigureServices(IServiceCollection services)
        {
            // uncomment, if you want to add an MVC-based UI
            //services.AddControllersWithViews();

            var builder = services.AddIdentityServer()
                .AddTestUsers(Config.TestUsers)
                .AddInMemoryApiScopes(Config.ApiScopes)
                .AddInMemoryClients(Config.Clients);

            // not recommended for production - you need to store your key material somewhere secure
            builder.AddDeveloperSigningCredential();

            services.AddAuthentication();
        }

7、另一种方式，不添加scopes

Config类修改

public static class Config
    {
        public static IEnumerable<IdentityResource> IdentityResources =>
            new IdentityResource[]
            {
                new IdentityResources.OpenId()
            };
        public static IEnumerable<Client> Clients =>
            new Client[]
            {
                new Client
                {
                    ClientId="myclient",
                    ClientSecrets=new []{new Secret("secret".Sha256()) },
                    AllowedGrantTypes=GrantTypes.ResourceOwnerPasswordAndClientCredentials,
                    AllowedScopes=new [] { "openid" }
                }
            };

        public static List<TestUser> TestUsers =>
            new List<TestUser>
            {
                new TestUser
                {
                    Username="pc",
                    Password="123",
                    SubjectId="1"
                }
            };
    }

Startup类修改

    public void ConfigureServices(IServiceCollection services)
        {
            // uncomment, if you want to add an MVC-based UI
            //services.AddControllersWithViews();

            var builder = services.AddIdentityServer()
                .AddInMemoryIdentityResources(Config.IdentityResources)
                .AddInMemoryClients(Config.Clients)
                .AddTestUsers(Config.TestUsers);

            // not recommended for production - you need to store your key material somewhere secure
            builder.AddDeveloperSigningCredential();
            services.AddAuthentication();
        }

备注：不添加ApiScopes  时，使用 IdentityResource 的openid