5d097d8582
- 配置AuthService使用OpenIddict reference tokens - 添加fengling-api客户端用于introspection验证 - 配置Console API通过OpenIddict验证reference tokens - 实现Tenant/Users/Roles/OAuthClients CRUD API - 添加GatewayController服务注册API - 重构Repository和Service层支持多租户 BREAKING CHANGE: API认证现在使用OpenIddict reference tokens
98 lines
3.6 KiB
C#
98 lines
3.6 KiB
C#
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using OpenIddict.Abstractions;
|
|
using Quartz;
|
|
|
|
namespace Fengling.AuthService.Configuration;
|
|
|
|
public static class OpenIddictSetup
|
|
{
|
|
public static IServiceCollection AddOpenIddictConfiguration(
|
|
this IServiceCollection services,
|
|
IConfiguration configuration
|
|
)
|
|
{
|
|
|
|
services.Configure<IdentityOptions>(options =>
|
|
{
|
|
options.ClaimsIdentity.UserNameClaimType = OpenIddictConstants.Claims.Name;
|
|
options.ClaimsIdentity.UserIdClaimType = OpenIddictConstants.Claims.Subject;
|
|
options.ClaimsIdentity.RoleClaimType = OpenIddictConstants.Claims.Role;
|
|
options.ClaimsIdentity.EmailClaimType = OpenIddictConstants.Claims.Email;
|
|
options.SignIn.RequireConfirmedAccount = false;
|
|
});
|
|
|
|
services.AddQuartz(options =>
|
|
{
|
|
options.UseSimpleTypeLoader();
|
|
options.UseInMemoryStore();
|
|
});
|
|
var isTesting = configuration.GetValue<bool>("Testing", false);
|
|
|
|
var builder = services.AddOpenIddict();
|
|
|
|
builder.AddCore(options =>
|
|
{
|
|
options.UseEntityFrameworkCore()
|
|
.UseDbContext<Data.ApplicationDbContext>();
|
|
options.UseQuartz();
|
|
});
|
|
|
|
if (!isTesting)
|
|
{
|
|
builder.AddServer(options =>
|
|
{
|
|
options.SetIssuer(configuration["OpenIddict:Issuer"] ?? "http://localhost:5132");
|
|
|
|
options.SetAuthorizationEndpointUris("connect/authorize")
|
|
.SetIntrospectionEndpointUris("connect/introspect")
|
|
.SetEndSessionEndpointUris("connect/endsession")
|
|
.SetTokenEndpointUris("connect/token")
|
|
.SetUserInfoEndpointUris("connect/userinfo")
|
|
.SetEndUserVerificationEndpointUris("connect/verify");
|
|
|
|
options.AllowAuthorizationCodeFlow()
|
|
.AllowHybridFlow()
|
|
.AllowClientCredentialsFlow()
|
|
.AllowRefreshTokenFlow();
|
|
|
|
options.AddDevelopmentEncryptionCertificate()
|
|
.AddDevelopmentSigningCertificate();
|
|
|
|
options.DisableAccessTokenEncryption();
|
|
|
|
options.RegisterScopes(OpenIddictConstants.Scopes.OfflineAccess, OpenIddictConstants.Scopes.Email,
|
|
OpenIddictConstants.Scopes.Profile, OpenIddictConstants.Scopes.OpenId,
|
|
OpenIddictConstants.Permissions.Scopes.Roles,
|
|
"api",
|
|
"auth_server_admin");
|
|
|
|
options
|
|
.UseReferenceAccessTokens()
|
|
.UseReferenceRefreshTokens()
|
|
.UseAspNetCore()
|
|
.DisableTransportSecurityRequirement()
|
|
.EnableAuthorizationEndpointPassthrough()
|
|
.EnableEndSessionEndpointPassthrough()
|
|
.EnableTokenEndpointPassthrough()
|
|
.EnableUserInfoEndpointPassthrough()
|
|
.EnableStatusCodePagesIntegration();
|
|
|
|
options.SetAccessTokenLifetime(TimeSpan.FromHours(24));
|
|
});
|
|
}
|
|
|
|
builder.AddValidation(options =>
|
|
{
|
|
options.UseLocalServer();
|
|
options.UseAspNetCore();
|
|
});
|
|
|
|
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
|
|
return services;
|
|
}
|
|
}
|