1. Create a new ASP.NET WEB API Project
3. Add the following in startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddIdentityServer()
.AddInMemoryClients(new List<Client>())
.AddInMemoryIdentityResources(new List<IdentityResource>())
.AddInMemoryApiResources(new List<ApiResource>())
.AddInMemoryApiScopes(new List<ApiScope>())
.AddTestUsers(new List<TestUser>())
.AddDeveloperSigningCredential();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
app.UseIdentityServer();
}
4. Run the web api.
5. Assuming the development server hosts the wep api on the url https://localhost:44327,
browse to the endpoint https://localhost:44327/.well-known/openid-configuration
You should get the following response:
The same response if seen through POSTMAN (GET request) looks like:{"issuer": "https://localhost:44327","jwks_uri": "https://localhost:44327/.well-known/openid-configuration/jwks","authorization_endpoint": "https://localhost:44327/connect/authorize","token_endpoint": "https://localhost:44327/connect/token","userinfo_endpoint": "https://localhost:44327/connect/userinfo","end_session_endpoint": "https://localhost:44327/connect/endsession","check_session_iframe": "https://localhost:44327/connect/checksession","revocation_endpoint": "https://localhost:44327/connect/revocation","introspection_endpoint": "https://localhost:44327/connect/introspect","device_authorization_endpoint": "https://localhost:44327/connect/deviceauthorization","frontchannel_logout_supported": true,"frontchannel_logout_session_supported": true,"backchannel_logout_supported": true,"backchannel_logout_session_supported": true,"scopes_supported": ["openid","profile","offline_access"],"claims_supported": ["sub","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"grant_types_supported": ["authorization_code","client_credentials","refresh_token","implicit","password","urn:ietf:params:oauth:grant-type:device_code"],"response_types_supported": ["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported": ["form_post","query","fragment"],"token_endpoint_auth_methods_supported": ["client_secret_basic","client_secret_post"],"id_token_signing_alg_values_supported": ["RS256"],"subject_types_supported": ["public"],"code_challenge_methods_supported": ["plain","S256"],"request_parameter_supported": true}You can also try /connect/token endpoint which is actually a POST endpoint with many parameters, but you should get Invalid Request indicating that the server is running.
For rest of the endpoints /connect/authorize, /connect/introspect we need to add client, user , identity and api resources which we will see in the next post.
No comments:
Post a Comment