IdentityServer4实战：持久化 Client

前言

在前几篇的学习中，我们定义的四类 Client 都是存储在内存中的，通过 AddInMemoryClients(Startup.GetClients()) 的方式注入到 IDS4的服务中。本篇我们学习如何使用数据库或其他持久化方法存储和读取 Client 。

自定义 ClientStore

在  MicroShell.IdentityServer4.Server 项目新建 CustomerClientStore 类文件，代码如下：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105

/// <summary>     /// 自定义 客户端存储     /// </summary>     public class CustomerClientStore : IClientStore     {           private readonly List<Client> Clients = new List<Client>         {                     new Client                     {                         ClientId = "client1",                           // 没有交互性用户，使用 clientid/secret 实现认证。                         AllowedGrantTypes = GrantTypes.ClientCredentials,                           // 用于认证的密码                         ClientSecrets =                         {                             new Secret("secret".Sha256())                         },                         // 客户端有权访问的范围（Scopes）                         AllowedScopes = { "api1" }                     },                     new Client                     {                         ClientId = "client2",                           //  用户名 密码 模式                         AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,                           // 用于认证的密码                         ClientSecrets =                         {                             new Secret("secret".Sha256())                         },                         // 客户端有权访问的范围（Scopes）                         AllowedScopes = { "api1" }                     },                     new Client                     {                         ClientId = "client3",                           //  授权码 模式                         AllowedGrantTypes = GrantTypes.Code,                           RedirectUris = { "http://localhost:5001/test/index" },                           // 是否需要确认授权，这个配置我们会在后面介绍，这里设置为 false                         RequireConsent = false,                           // 这个参数必须设置 为 false                         RequirePkce = false,                           // 用于认证的密码                         ClientSecrets =                         {                             new Secret("secret".Sha256())                         },                         // 客户端有权访问的范围（Scopes）                         AllowedScopes = {                             "api1",                             IdentityServerConstants.StandardScopes.OpenId,                         IdentityServerConstants.StandardScopes.Profile                         }                     },                     new Client                     {                         ClientId = "client4",                           //  授权码 模式                         AllowedGrantTypes = GrantTypes.Implicit,                           RedirectUris = { "http://localhost:5001/test/index" }, // 认证成功后允许的回调地址                           // 是否需要确认授权，这个配置我们会在后面介绍，这里设置为 false                         RequireConsent = false,                           // 用于认证的密码                         ClientSecrets =                         {                             new Secret("secret".Sha256())                         },                           //AlwaysIncludeUserClaimsInIdToken=true,                           //允许token通过浏览器 （必须 true）                         AllowAccessTokensViaBrowser = true,                           // 客户端有权访问的范围（Scopes）                         AllowedScopes = {                             "api1",                             IdentityServerConstants.StandardScopes.OpenId,                         IdentityServerConstants.StandardScopes.Profile                         }                     }         };           public async Task<Client> FindClientByIdAsync(string clientId)         {               // TODO: 这里可以从数据库或其他持久化设备获取 Client               return Clients.FirstOrDefault(t => t.ClientId == clientId);         }     }

ConfigureServices 注入 CustomerClientStore

1 2 3 4 5 6 7

services.AddIdentityServer()                 .AddDeveloperSigningCredential()                 .AddInMemoryApiScopes(Startup.GetApiScopes())                 .AddClientStore<CustomerClientStore>() // 注入自定义 ClientStore                 .AddTestUsers(IdentityServerHost.Quickstart.UI.TestUsers.Users)                 .AddInMemoryIdentityResources(Startup.GetIdentityResources())                 ;