12-oauth密码模式identity server4实现

1-服务端代码， 配置类，可加 RequireClientSecret=false, 这样调用端就不需要传入client_secret参数

using System.Collections;
using System.Collections.Generic;
using IdentityServer4.Models;
using IdentityServer4.Test;

namespace IdentityServerCenter{
    public class Config{
        public static IEnumerable<ApiResource> GetResources(){
            return new List<ApiResource>(){
                new ApiResource("api","My Api")
            };
        }

        public static IEnumerable<Client> GetClients(){
            return new List<Client>(){
                new Client(){
                    ClientId="client",
                    AllowedGrantTypes=GrantTypes.ClientCredentials,

                    ClientSecrets = {
                        new Secret("secret".Sha256())
                    },
                    AllowedScopes = {"api"}                   
                },
                new Client(){
                    ClientId="pwdClient",
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,

                    ClientSecrets= {
                        new Secret("secret".Sha256())
                    },
                    AllowedScopes={"api"}

                }
            };
        }

        public static List<TestUser> GetTestUsers(){
            return new List<TestUser>(){
                new TestUser(){
                     SubjectId="1",
                     Username="qinzb",
                     Password="123456"
                }
            };
        }
    }
}

2-在Start.up.cs增加  .AddTestUsers(Config.GetTestUsers()) ;用于测试用户

  public void ConfigureServices(IServiceCollection services)
        {
            services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryApiResources(Config.GetResources())
            .AddInMemoryClients(Config.GetClients())
            .AddTestUsers(Config.GetTestUsers()) ;
                  
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
        }

3-客户端代码， 与 ClientCredential模式客户端调用不一样的是 

var tokenResponse = tokenClient.RequestResourceOwnerPasswordAsync("qinzb","123456","api").Result; //就这个地方和调用ClientCredential模式不一样

using System;
using IdentityModel;
using IdentityModel.Client;
using System.Net.Http;
namespace pwdClient
{
    class Program
    {
        static void Main(string[] args)
        {
            var discoveryClient = DiscoveryClient.GetAsync("http://localhost:5000").Result;
            if(discoveryClient.IsError){
                Console.WriteLine("discoveryClient: "+discoveryClient.Error);
                return;
            }

            TokenClient tokenClient = new TokenClient(discoveryClient.TokenEndpoint,"pwdClient","secret");
            var tokenResponse =  tokenClient.RequestResourceOwnerPasswordAsync("qinzb","123456","api").Result; //就这个地方和调用ClientCredential模式不一样
            if(tokenResponse.IsError){
                Console.WriteLine(tokenResponse.Error);
            }         
            Console.WriteLine(tokenResponse.Json);

            HttpClient httpClient = new HttpClient();
            httpClient.SetBearerToken(tokenResponse.AccessToken);

            var response = httpClient.GetAsync("http://localhost:5001/api/values").Result;
            string result = response.Content.ReadAsStringAsync().Result;
            Console.WriteLine(result);
        }
    }
}