1、新建空的Identity项目
2、访问localhost:5001/.well-known/openid-configuration
3、访问localhost:5001/connect/token
4、需要用postman 访问localhost:5001/connect/token,要添加参数,不然会报错,错误信息: "error": "invalid_request"或者"error": "invalid_scope"
注意:要在 x-www-form-urlencoded 中添加参数,在form-data 添加参数还是会报错
5、需要修改config文件
public static class Config
{
public static IEnumerable<IdentityResource> IdentityResources =>
new IdentityResource[]
{
new IdentityResources.OpenId()
};
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("scope1"),
new ApiScope("scope2"),
};
public static IEnumerable<Client> Clients =>
new Client[]
{
new Client
{
ClientId="myclient",
ClientSecrets=new []{new Secret("secret".Sha256()) },
AllowedGrantTypes=GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AllowedScopes=new [] { "scope1" }
}
};
public static List<TestUser> TestUsers =>
new List<TestUser>
{
new TestUser
{
Username="pc",
Password="123",
SubjectId="1"
}
};
}
6、需要修改Startup类的ConfigureServices方法
public void ConfigureServices(IServiceCollection services)
{
// uncomment, if you want to add an MVC-based UI
//services.AddControllersWithViews();
var builder = services.AddIdentityServer()
.AddTestUsers(Config.TestUsers)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddInMemoryClients(Config.Clients);
// not recommended for production - you need to store your key material somewhere secure
builder.AddDeveloperSigningCredential();
services.AddAuthentication();
}
7、另一种方式,不添加scopes
Config类修改
public static class Config
{
public static IEnumerable<IdentityResource> IdentityResources =>
new IdentityResource[]
{
new IdentityResources.OpenId()
};
public static IEnumerable<Client> Clients =>
new Client[]
{
new Client
{
ClientId="myclient",
ClientSecrets=new []{new Secret("secret".Sha256()) },
AllowedGrantTypes=GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AllowedScopes=new [] { "openid" }
}
};
public static List<TestUser> TestUsers =>
new List<TestUser>
{
new TestUser
{
Username="pc",
Password="123",
SubjectId="1"
}
};
}
Startup类修改
public void ConfigureServices(IServiceCollection services)
{
// uncomment, if you want to add an MVC-based UI
//services.AddControllersWithViews();
var builder = services.AddIdentityServer()
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryClients(Config.Clients)
.AddTestUsers(Config.TestUsers);
// not recommended for production - you need to store your key material somewhere secure
builder.AddDeveloperSigningCredential();
services.AddAuthentication();
}
备注:不添加ApiScopes 时,使用 IdentityResource 的openid