zoukankan      html  css  js  c++  java
  • .net core 中 identity server 4 之Topic --定义Client

    客户端指能够从id4获取Token的角色。

    客户端的共性:

    • a unique client ID
    • a secret if needed
    • the allowed interactions with the token service (called a grant type)
    • a network location where identity and/or access token gets sent to (called a redirect URI)
    • a list of scopes (aka resources) the client is allowed to access

    1. 定义server to server 通信的客户端

    public class Clients
    {
        public static IEnumerable<Client> Get()
        {
            return new List<Client>
            {
                new Client
                {
                    ClientId = "service.client",
                    ClientSecrets = { new Secret("secret".Sha256()) },
    
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    AllowedScopes = { "api1", "api2.read_only" }
                }
            };
        }
    }
    
    • ClientId为唯一名称
    • ClientSecret为密码
    • AllowedGrantTypes:允许的授予方式
    • AllowedScopes:作用域。

    2. 定义SPA js 客户端

    var jsClient = new Client
    {
        ClientId = "js",
        ClientName = "JavaScript Client",
        ClientUri = "http://identityserver.io",
    
        AllowedGrantTypes = GrantTypes.Implicit,
        AllowAccessTokensViaBrowser = true,
    
        RedirectUris =           { "http://localhost:7017/index.html" },
        PostLogoutRedirectUris = { "http://localhost:7017/index.html" },
        AllowedCorsOrigins =     { "http://localhost:7017" },
    
        AllowedScopes =
        {
            IdentityServerConstants.StandardScopes.OpenId,
            IdentityServerConstants.StandardScopes.Profile,
            IdentityServerConstants.StandardScopes.Email,
    
            "api1", "api2.read_only"
        }
    };
    

    3. 定义Server-Side的MVC客户端

    var mvcClient = new Client
    {
        ClientId = "mvc",
        ClientName = "MVC Client",
        ClientUri = "http://identityserver.io",
    
        AllowedGrantTypes = GrantTypes.Hybrid,
        AllowOfflineAccess = true,
        ClientSecrets = { new Secret("secret".Sha256()) },
    
        RedirectUris =           { "http://localhost:21402/signin-oidc" },
        PostLogoutRedirectUris = { "http://localhost:21402/" },
        LogoutUri =                "http://localhost:21402/signout-oidc",
    
        AllowedScopes =
        {
            IdentityServerConstants.StandardScopes.OpenId,
            IdentityServerConstants.StandardScopes.Profile,
            IdentityServerConstants.StandardScopes.Email,
    
            "api1", "api2.read_only"
        },
    };
    
  • 相关阅读:
    开启sentry权限控制hue
    hive_server2的权限控制
    自带的simple认证
    tableau备份
    tableau分布式添加节点
    升级tableau版本
    tableau日常管理
    mavn Nexus Repository Manager漏洞
    第3章:打造命令行工具
    基于从库+binlog方式恢复数据
  • 原文地址:https://www.cnblogs.com/pengzhen/p/7086831.html
Copyright © 2011-2022 走看看