1. Create a class which generates dummy user and client information. For now you can keep this class in startup.cs itself.
public class IS4Data
{
public static IEnumerable<IdentityResource> GetIdentityResources() =>
new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
public static List<TestUser> GetUsers() =>
new List<TestUser>
{
new TestUser
{
SubjectId = "a9ea0f25-b964-409f-bcce-c923266249b4",
Username = "AAAA",
Password = "AAAAAAAA",
Claims = new List<Claim>
{
new Claim("FirstName", "AAAA"),
new Claim("LastName", "Aaaa")
}
},
new TestUser
{
SubjectId = "ec792526-8645-4677-8acb-6c0e73a0217c",
Username = "BBBB",
Password = "BBBBBBBB",
Claims = new List<Claim>
{
new Claim("FirstName", "BBBB"),
new Claim("LastName", "Bbbb")
}
}
};
public static IEnumerable<Client> GetClients() =>
new List<Client>
{
new Client
{
ClientId = "ABC Company Inc.",
ClientSecrets = new [] { new Secret("samplesecret".Sha512()) },
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId }
}
};
Notice that we are just generating users, clients and identity resources.
2. Replace the is4 code in ConfigureServices with the following :
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddIdentityServer()
.AddInMemoryClients(IS4Data.GetClients())
.AddInMemoryIdentityResources(IS4Data.GetIdentityResources())
//.AddInMemoryApiResources(new List<ApiResource>())
//.AddInMemoryApiScopes(new List<ApiScope>())
.AddTestUsers(IS4Data.GetUsers())
.AddDeveloperSigningCredential();
}
Notice how we are adding InMemoryClients, IdentityResources and TestUsers using our IS4Data class.
3. Now run the project.
4. From POSTMAN, send a post request with 5 parameters: client_id, client_secrets, grant_type, username and password.
5. You should get a token in response.
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1NTVDOURCOEVDNEFDQjg2MTI3MEEyNjlGQT
A4MjcyIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2MjgwNzM2MzEsImV4cCI6MTYyODA
3NzIzMSwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzMjciLCJjbGllbnRfaWQiOiJBQ
kMgQ29tcGFueSBJbmMuIiwic3ViIjoiYTllYTBmMjUtYjk2NC00MDlmLWJjY2UtYzkyMz
I2NjI0OWI0IiwiYXV0aF90aW1lIjoxNjI4MDczNjMxLCJpZHAiOiJsb2NhbCIsImp0aSI6IkU
yRDM5QTkxODBCRjM3MTE4NTdBOEY5OTVFRjE0Q0FBIiwiaWF0IjoxNjI4MDczNjMx
LCJzY29wZSI6WyJvcGVuaWQiXSwiYW1yIjpbInB3ZCJdfQ.FR6VyBTyEeHKL2jkln6txbGJ
2LSTbrGJXQvL4iMynjz6JqcOA6WYnOEFpCqSRQFxXSS12g5Y1mXqIylFmyYxfZ4FT8N9
Rpif23LmpS5jMBIQY_p1StQRhyDtU0nIHvIFQmQWBVAhZI8dieQmgzS6LUBWB_tXOejO
yfZA2OGgQgw_0MFUxjLI67FnOFEOxhO9DtLCo61_op9nROQ9AWQRnAek7GUCwb6jIboi
ODU9GTpHPGSHDcM9Gn_QmpAhc7yf3Ox1RyhFzwbewvBSixpUHoajrWo_NVdL9PBF5rT
8ey3lkG3UOK4O3zIfH40O6zPj_DXiXlJGcgsWYHtZN9Q1Fg",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "openid"
}
The token is a JWT token. We can check using jwt.io
6. You can also call the userinfo endpoint. This should be a POST request with the above access-token
as a parameter.
Below is the complete code of startup.cs:
using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Test;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
namespace WebApplication2
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services
//to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddIdentityServer()
.AddInMemoryClients(IS4Data.GetClients())
.AddInMemoryIdentityResources(IS4Data.GetIdentityResources())
//.AddInMemoryApiResources(new List<ApiResource>())
//.AddInMemoryApiScopes(new List<ApiScope>())
.AddTestUsers(IS4Data.GetUsers())
.AddDeveloperSigningCredential();
}
// This method gets called by the runtime. Use this method to configure
//the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
app.UseIdentityServer();
}
} //public class Startup
public class IS4Data
{
public static IEnumerable<IdentityResource> GetIdentityResources() =>
new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
public static List<TestUser> GetUsers() =>
new List<TestUser>
{
new TestUser
{
SubjectId = "a9ea0f25-b964-409f-bcce-c923266249b4",
Username = "AAAA",
Password = "AAAAAAAA",
Claims = new List<Claim>
{
new Claim("FirstName", "AAAA"),
new Claim("LastName", "Aaaa")
}
},
new TestUser
{
SubjectId = "ec792526-8645-4677-8acb-6c0e73a0217c",
Username = "BBBB",
Password = "BBBBBBBB",
Claims = new List<Claim>
{
new Claim("FirstName", "BBBB"),
new Claim("LastName", "Bbbb")
}
}
};
public static IEnumerable<Client> GetClients() =>
new List<Client>
{
new Client
{
ClientId = "ABC Company Inc.",
ClientSecrets = new [] { new Secret("samplesecret".Sha512()) },
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId }
}
};
} //IS4Data
} //namespace
No comments:
Post a Comment