使用Openiddict替换.NET 7中的IdentityServer

huangapple go评论122阅读模式
英文:

Replace IdentityServer with Openiddict in .NET 7

问题

I'm migrating my project from using IdentityServer v6 to Openiddict and having a hard time finding Openiddict stuff similar to IdentityServer.

Currently in Identity server, we have Client to represent OpenID Connect or OAuth2 client:

 new Client
                {
                    ClientId = "client_example",
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    ClientSecrets = clientSecret,
                    AllowedScopes = new List<string> { "scope_1", "scope_2", },
                    AllowOfflineAccess = true,
                    RefreshTokenUsage = TokenUsage.ReUse,
                    AccessTokenLifetime = accessTokenLifetime,
                    AbsoluteRefreshTokenLifetime = 0,
                    c= TokenExpiration.Sliding,
                    SlidingRefreshTokenLifetime = refreshTokenLifetime
                }

According to Openiddict document, I created a Seeder to seed my Clients:

await manager.CreateAsync(new OpenIddictApplicationDescriptor
            {
                ClientId = "client_example",
                ClientSecret = clientSecret,
                ConsentType = ConsentTypes.Explicit,
                DisplayName = "Client Example Test",
                RedirectUris =
                {
                    new Uri("https://localhost:7002/swagger/oauth2-redirect.html")
                },
                PostLogoutRedirectUris =
                {
                    new Uri("https://localhost:7002/resources")
                },
                Permissions =
                {
                    Permissions.Endpoints.Authorization,
                    Permissions.Endpoints.Logout,
                    Permissions.Endpoints.Token,
                    Permissions.GrantTypes.AuthorizationCode,
                    Permissions.ResponseTypes.Code,
                   $"{Permissions.Prefixes.Scope}scope1",
                   $"{Permissions.Prefixes.Scope}scope2"
                },    
            })

How can i change the AccessTokenLifetime ,AccessTokenLifetime and others related stuffs for each client like what i have with Identity Server.

英文:

I'm migrating my project from using IdentityServer v6 to Openiddict and having a hard time finding Openiddict stuff similar to IdentityServer.

Currently in Identity server, we have Client to represent OpenID Connect or OAuth2 client:

 new Client
                {
                    ClientId = &quot;client_example&quot;,
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    ClientSecrets = clientSecret,
                    AllowedScopes = new List&lt;string&gt; { &quot;scope_1&quot;, &quot;scope_2&quot;, },
                    AllowOfflineAccess = true,
                    RefreshTokenUsage = TokenUsage.ReUse,
                    AccessTokenLifetime = accessTokenLifetime,
                    AbsoluteRefreshTokenLifetime = 0,
                    c= TokenExpiration.Sliding,
                    SlidingRefreshTokenLifetime = refreshTokenLifetime
                }

According to Openiddict document, I created a Seeder to seed my Clients:

await manager.CreateAsync(new OpenIddictApplicationDescriptor
            {
                ClientId = &quot;client_example&quot;,
                ClientSecret = clientSecret,
                ConsentType = ConsentTypes.Explicit,
                DisplayName = &quot;Client Example Test&quot;,
                RedirectUris =
                {
                    new Uri(&quot;https://localhost:7002/swagger/oauth2-redirect.html&quot;)
                },
                PostLogoutRedirectUris =
                {
                    new Uri(&quot;https://localhost:7002/resources&quot;)
                },
                Permissions =
                {
                    Permissions.Endpoints.Authorization,
                    Permissions.Endpoints.Logout,
                    Permissions.Endpoints.Token,
                    Permissions.GrantTypes.AuthorizationCode,
                    Permissions.ResponseTypes.Code,
                   $&quot;{Permissions.Prefixes.Scope}scope1&quot;,
                   $&quot;{Permissions.Prefixes.Scope}scope2&quot;
                },    
            })

How can i change the AccessTokenLifetime ,AccessTokenLifetime and others related stuffs for each client like what i have with Identity Server.

答案1

得分: 2

根据What are the default Lifetime values for openiddict tokens上的回答,令牌设置存储在OpenIddictServerOptions中。您可以使用OpenIddictServerBuilder.Configure(Action<OpenIddictServerOptions>)方法或各种Set...LifeTime方法在AddServer内修改默认设置。

例如:

.AddServer(options =>
{
    // 设置生存期选项
    options.SetAccessTokenLifetime(TimeSpan.FromMinutes(30))
           .SetAuthorizationCodeLifetime(TimeSpan.FromMinutes(10));

    // 启用令牌端点。
    options.SetTokenEndpointUris("connect/token");
    // ...
})

Set方法可以链式调用,因为它们返回options对象。

对于其他对象也使用相同的模式。如果搜索源代码库中的LifeTime,您将找到OpenIddictClientBuilder.SetStateTokenLifetime,像public static ClaimsPrincipal SetAccessTokenLifetime(this ClaimsPrincipal principal, TimeSpan? lifetime)这样的细粒度方法等。

英文:

As the answer to What are the default Lifetime values for openiddict tokens shows, token settings are stored in OpenIddictServerOptions. You can modify the default settings using the OpenIddictServerBuilder.Configure(Action<OpenIddictServerOptions>) method or the various Set...LifeTime methods inside AddServer.

For example :

    .AddServer(options =&gt;
    {
        //Set Lifetime options
        options.SetAccessTokenLifetime(TimeSpan.FromMinutes(30))
               .SetAuthorizationCodeLifetime(TimeSpan.FromMinutes(10));

        // Enable the token endpoint.
        options.SetTokenEndpointUris(&quot;connect/token&quot;);
        ...
    })

The Set methods can be chained because they return the options object.

The same pattern is used for other objects too. If you search the source repository for LifeTime you'll find OpenIddictClientBuilder.SetStateTokenLifetime, fine-grained methods like public static ClaimsPrincipal SetAccessTokenLifetime(this ClaimsPrincipal principal, TimeSpan? lifetime) and more

huangapple
  • 本文由 发表于 2023年8月10日 17:46:25
  • 转载请务必保留本文链接:https://go.coder-hub.com/76874549.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定