最简单的IdentityServer实现——IdentityServer

1.新建项目

新建ASP .Net Core项目IdentityServer.EasyDemo.IdentityServer，选择.net core 2.0

 

1

 

2

引用IdentityServer4

 

3

2.定义Api资源

添加一个Config.cs文件,在其中定义Api资源
Api资源指上述的Api，可以有多个，在这里设置了，并且Api的配置与之匹配，IdentityServer才能识别那个Api
eg.IdentityServer项目的Api资源池里面有一个名叫"api1"的Api资源，Api项目中设置ApiName为"api1"，则双方匹配

public static IEnumerable<ApiResource> GetApiResources()
{
    return new List<ApiResource>
    {
        //参数是资源名称,资源显示名称
        new ApiResource("api1", "My API")
    };
}

3.定义客户端Client

继续在Config.cs中添加Client
Client指的是各个调用服务的客户端，可以有多个
用户要设置ClientId，这是它的唯一标志，在Client列表里面，ClientId不能重复，ClientSecrets是用来验证用户的密码，AllowedScopes记录了它的权限范围
注意：可以多个客户端共用一个ClientId，则对于IdentityServer来说，这些客户端都是一个"Client"。这个在你的客户端都具有相同的权限范围，或者说要求完全一样的时候，可以简化为这样。

public static IEnumerable<Client> GetClients()
{
    return new List<Client>
    {
        new Client
        {
            ClientId = "client",

            AllowedGrantTypes = GrantTypes.ClientCredentials,

            // 用于验证的secret
            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },

            // 允许的范围
            AllowedScopes = { "api1" }
        }
    };
}

4.配置IdentityServer

在services里面添加IdentityServer，并且将Api资源和Client集合放入内存，交给IdentityServer

public void ConfigureServices(IServiceCollection services)
{
    //配置IdentityServer,包括把Api资源,Client集合,密钥保存在内存
    services.AddIdentityServer()
        //设置临时签名凭据
        .AddDeveloperSigningCredential()
        //从Config类里面读取刚刚定义的Api资源
        .AddInMemoryApiResources(Config.GetApiResources())
        //从Config类里面读取刚刚定义的Client集合
        .AddInMemoryClients(Config.GetClients());
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseIdentityServer();
}

5.在属性中将IdentityServer项目的端口号设置为5000

 

1

6.查看IdentityServer的相关信息

通过这个网址查看:http://localhost:5000/.well-known/openid-configuration

 

2

{
  "issuer": "http://localhost:5000",
  "jwks_uri": "http://localhost:5000/.well-known/openid-configuration/jwks",
  "authorization_endpoint": "http://localhost:5000/connect/authorize",
  "token_endpoint": "http://localhost:5000/connect/token",
  "userinfo_endpoint": "http://localhost:5000/connect/userinfo",
  "end_session_endpoint": "http://localhost:5000/connect/endsession",
  "check_session_iframe": "http://localhost:5000/connect/checksession",
  "revocation_endpoint": "http://localhost:5000/connect/revocation",
  "introspection_endpoint": "http://localhost:5000/connect/introspect",
  "frontchannel_logout_supported": true,
  "frontchannel_logout_session_supported": true,
  "backchannel_logout_supported": true,
  "backchannel_logout_session_supported": true,
  "scopes_supported": [
    "api1",
    "offline_access"
  ],
  "claims_supported": [],
  "grant_types_supported": [
    "authorization_code",
    "client_credentials",
    "refresh_token",
    "implicit"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "form_post",
    "query",
    "fragment"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ]
}