这里根据《ASP.NET Core分布式项目-1.IdentityServer4登录中心》的代码来继续更新oauth密码模式,这里的密码模式比上次的客户端模式更安全
在WebApiIdentityServer服务端的config里添加用户
public class config
{
//IdentityServer配置——用户
//IdentityServer用户-这里通过提供一个简单的C#类完成,
//当然你可以从任何数据存储加载用户。
//我们提供了ASP.NET Identity 和MembershipReboot支持检索用户信息。
public static IEnumerable<ApiResource> GetResources()
{
return new List<ApiResource> { new ApiResource("api","MQapi")};
}
//IdentityServer需要一些关于客户端信息,这可以简单地提供使用客户端对象
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client()
{
ClientId="ClientId",
AllowedGrantTypes=GrantTypes.ClientCredentials,//客户端模式
ClientSecrets={ new Secret("secrt".Sha256())},
AllowedScopes={ "api"}
},
new Client()
{
ClientId="pwdClient",
AllowedGrantTypes=GrantTypes.ResourceOwnerPassword,//密码模式
ClientSecrets={ new Secret("secrt".Sha256())},
RequireClientSecret=false,
AllowedScopes={ "api"}
}
};
}
//模拟用户
public static List<TestUser> GetTsetUsers()
{
return new List<TestUser>{
new TestUser{
SubjectId="1",
Username="MQ",
Password="123456"
}
};
}
}
然后再去配置Startup
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
//添加依赖注入配置
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(config.GetResources())
.AddInMemoryClients(config.GetClients())
.AddTestUsers(config.GetTsetUsers());
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
//app.UseMvc();
}
}
运行WebApiIdentityServer 和 ClientCredentialApi测试下 dotnet watch run
打开 paotman
拿到token后 去访问ClientCredentialApi
修改token看看
