英文:
Replace IdentityServer with Openiddict in .NET 7
问题
I'm migrating my project from using IdentityServer v6 to Openiddict and having a hard time finding Openiddict stuff similar to IdentityServer.
Currently in Identity server, we have Client to represent OpenID Connect or OAuth2 client:
new Client
{
ClientId = "client_example",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets = clientSecret,
AllowedScopes = new List<string> { "scope_1", "scope_2", },
AllowOfflineAccess = true,
RefreshTokenUsage = TokenUsage.ReUse,
AccessTokenLifetime = accessTokenLifetime,
AbsoluteRefreshTokenLifetime = 0,
c= TokenExpiration.Sliding,
SlidingRefreshTokenLifetime = refreshTokenLifetime
}
According to Openiddict document, I created a Seeder to seed my Clients:
await manager.CreateAsync(new OpenIddictApplicationDescriptor
{
ClientId = "client_example",
ClientSecret = clientSecret,
ConsentType = ConsentTypes.Explicit,
DisplayName = "Client Example Test",
RedirectUris =
{
new Uri("https://localhost:7002/swagger/oauth2-redirect.html")
},
PostLogoutRedirectUris =
{
new Uri("https://localhost:7002/resources")
},
Permissions =
{
Permissions.Endpoints.Authorization,
Permissions.Endpoints.Logout,
Permissions.Endpoints.Token,
Permissions.GrantTypes.AuthorizationCode,
Permissions.ResponseTypes.Code,
$"{Permissions.Prefixes.Scope}scope1",
$"{Permissions.Prefixes.Scope}scope2"
},
})
How can i change the AccessTokenLifetime ,AccessTokenLifetime and others related stuffs for each client like what i have with Identity Server.
英文:
I'm migrating my project from using IdentityServer v6 to Openiddict and having a hard time finding Openiddict stuff similar to IdentityServer.
Currently in Identity server, we have Client to represent OpenID Connect or OAuth2 client:
new Client
{
ClientId = "client_example",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets = clientSecret,
AllowedScopes = new List<string> { "scope_1", "scope_2", },
AllowOfflineAccess = true,
RefreshTokenUsage = TokenUsage.ReUse,
AccessTokenLifetime = accessTokenLifetime,
AbsoluteRefreshTokenLifetime = 0,
c= TokenExpiration.Sliding,
SlidingRefreshTokenLifetime = refreshTokenLifetime
}
According to Openiddict document, I created a Seeder to seed my Clients:
await manager.CreateAsync(new OpenIddictApplicationDescriptor
{
ClientId = "client_example",
ClientSecret = clientSecret,
ConsentType = ConsentTypes.Explicit,
DisplayName = "Client Example Test",
RedirectUris =
{
new Uri("https://localhost:7002/swagger/oauth2-redirect.html")
},
PostLogoutRedirectUris =
{
new Uri("https://localhost:7002/resources")
},
Permissions =
{
Permissions.Endpoints.Authorization,
Permissions.Endpoints.Logout,
Permissions.Endpoints.Token,
Permissions.GrantTypes.AuthorizationCode,
Permissions.ResponseTypes.Code,
$"{Permissions.Prefixes.Scope}scope1",
$"{Permissions.Prefixes.Scope}scope2"
},
})
How can i change the AccessTokenLifetime ,AccessTokenLifetime and others related stuffs for each client like what i have with Identity Server.
答案1
得分: 2
根据What are the default Lifetime values for openiddict tokens上的回答,令牌设置存储在OpenIddictServerOptions中。您可以使用OpenIddictServerBuilder.Configure(Action<OpenIddictServerOptions>)方法或各种Set...LifeTime方法在AddServer内修改默认设置。
例如:
.AddServer(options =>
{
// 设置生存期选项
options.SetAccessTokenLifetime(TimeSpan.FromMinutes(30))
.SetAuthorizationCodeLifetime(TimeSpan.FromMinutes(10));
// 启用令牌端点。
options.SetTokenEndpointUris("connect/token");
// ...
})
Set方法可以链式调用,因为它们返回options对象。
对于其他对象也使用相同的模式。如果搜索源代码库中的LifeTime,您将找到OpenIddictClientBuilder.SetStateTokenLifetime,像public static ClaimsPrincipal SetAccessTokenLifetime(this ClaimsPrincipal principal, TimeSpan? lifetime)这样的细粒度方法等。
英文:
As the answer to What are the default Lifetime values for openiddict tokens shows, token settings are stored in OpenIddictServerOptions. You can modify the default settings using the OpenIddictServerBuilder.Configure(Action<OpenIddictServerOptions>) method or the various Set...LifeTime methods inside AddServer.
For example :
.AddServer(options =>
{
//Set Lifetime options
options.SetAccessTokenLifetime(TimeSpan.FromMinutes(30))
.SetAuthorizationCodeLifetime(TimeSpan.FromMinutes(10));
// Enable the token endpoint.
options.SetTokenEndpointUris("connect/token");
...
})
The Set methods can be chained because they return the options object.
The same pattern is used for other objects too. If you search the source repository for LifeTime you'll find OpenIddictClientBuilder.SetStateTokenLifetime, fine-grained methods like public static ClaimsPrincipal SetAccessTokenLifetime(this ClaimsPrincipal principal, TimeSpan? lifetime) and more
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论