1-服务端代码, 配置类,可加 RequireClientSecret=false, 这样调用端就不需要传入client_secret参数
using System.Collections; using System.Collections.Generic; using IdentityServer4.Models; using IdentityServer4.Test; namespace IdentityServerCenter{ public class Config{ public static IEnumerable<ApiResource> GetResources(){ return new List<ApiResource>(){ new ApiResource("api","My Api") }; } public static IEnumerable<Client> GetClients(){ return new List<Client>(){ new Client(){ ClientId="client", AllowedGrantTypes=GrantTypes.ClientCredentials, ClientSecrets = { new Secret("secret".Sha256()) }, AllowedScopes = {"api"} }, new Client(){ ClientId="pwdClient", AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, ClientSecrets= { new Secret("secret".Sha256()) }, AllowedScopes={"api"} } }; } public static List<TestUser> GetTestUsers(){ return new List<TestUser>(){ new TestUser(){ SubjectId="1", Username="qinzb", Password="123456" } }; } } }
2-在Start.up.cs增加 .AddTestUsers(Config.GetTestUsers()) ;用于测试用户
public void ConfigureServices(IServiceCollection services) { services.AddIdentityServer() .AddDeveloperSigningCredential() .AddInMemoryApiResources(Config.GetResources()) .AddInMemoryClients(Config.GetClients()) .AddTestUsers(Config.GetTestUsers()) ; services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); }
3-客户端代码, 与 ClientCredential模式客户端调用不一样的是
var tokenResponse = tokenClient.RequestResourceOwnerPasswordAsync("qinzb","123456","api").Result; //就这个地方和调用ClientCredential模式不一样
using System; using IdentityModel; using IdentityModel.Client; using System.Net.Http; namespace pwdClient { class Program { static void Main(string[] args) { var discoveryClient = DiscoveryClient.GetAsync("http://localhost:5000").Result; if(discoveryClient.IsError){ Console.WriteLine("discoveryClient: "+discoveryClient.Error); return; } TokenClient tokenClient = new TokenClient(discoveryClient.TokenEndpoint,"pwdClient","secret"); var tokenResponse = tokenClient.RequestResourceOwnerPasswordAsync("qinzb","123456","api").Result; //就这个地方和调用ClientCredential模式不一样 if(tokenResponse.IsError){ Console.WriteLine(tokenResponse.Error); } Console.WriteLine(tokenResponse.Json); HttpClient httpClient = new HttpClient(); httpClient.SetBearerToken(tokenResponse.AccessToken); var response = httpClient.GetAsync("http://localhost:5001/api/values").Result; string result = response.Content.ReadAsStringAsync().Result; Console.WriteLine(result); } } }