关于Identity Server 4网上的文章很多,这里就不再抄袭了,重点部分是以下是配置部分的代码,配置了一个资源者模式的Client。
一开始一直获取不了refresh token, 有两个需要注意的地方,一个是设置服务端里的Client里设置AllowOfflineAccess = true ,另外就是在请求中,需要设置scope里包含 offline_access,图片中以Postman为例子
public class InMemoryConfiguration
{
public static IEnumerable<ApiResource> ApiResources()
{
return new[]
{
new ApiResource("socialnetwork","社交网络")
};
}
public static IEnumerable<Client> Clients()
{
return new[]
{
new Client
{
ClientId="socialnetwork",
ClientSecrets = new [] { new Secret("secret".Sha256()) },
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = { "socialnetwork",IdentityServerConstants.StandardScopes.OfflineAccess },
AllowOfflineAccess = true //Enables refresh token.
},
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"socialnetwork"
},
AllowOfflineAccess = true
}
};
}
public static IEnumerable<TestUser> Users()
{
return new[]
{
new TestUser
{
SubjectId = "64F21B59-BC9C-40CA-BF9F-70E987383999",
Username = "33366855@qq.com",
Password = "1qaz2wsx"
}
};
}
public static IEnumerable<IdentityResource> IdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
};
}
}
根据Refresh Token获取新的Token
使用Token访问API
