From 0209f1c833a53e23f31e9000c672b44dafa8ae0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Tue, 29 Jun 2021 19:24:05 +0200 Subject: [PATCH] Add a guide explaining how to set up MongoDB integration --- .../encryption-and-signing-credentials.md | 4 +- configuration/mongodb-integration.md | 129 ++++++++++++++++++ configuration/toc.yml | 3 + 3 files changed, 134 insertions(+), 2 deletions(-) create mode 100644 configuration/mongodb-integration.md diff --git a/configuration/encryption-and-signing-credentials.md b/configuration/encryption-and-signing-credentials.md index 3d32a5d..34710ef 100644 --- a/configuration/encryption-and-signing-credentials.md +++ b/configuration/encryption-and-signing-credentials.md @@ -8,7 +8,7 @@ To protect the tokens it issues, OpenIddict uses 2 types of credentials: > Tokens generated using the opt-in ASP.NET Core Data Protection integration rely on their own key ring, distinct from the credentials discussed in this documentation. > For more information about Data Protection, visit [ASP.NET Core Data Protection](https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/introduction). -## Registering credentials in the server options +## Registering credentials in the authorization server options OpenIddict allows registering one or multiple keys (raw keys or embedded in X.509 certificates). @@ -120,7 +120,7 @@ The best place to store your certificates will mostly depend on your host: - On Azure, certificates can be uploaded and exposed to Azure App Services applications using the special `WEBSITE_LOAD_CERTIFICATES` flag. For more information, visit https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code -## Importing credentials in the validation options +## Importing credentials in the API/resource validation options ### Using the `options.UseLocalServer()` integration diff --git a/configuration/mongodb-integration.md b/configuration/mongodb-integration.md new file mode 100644 index 0000000..939f523 --- /dev/null +++ b/configuration/mongodb-integration.md @@ -0,0 +1,129 @@ +# MongoDB integration + +To configure OpenIddict to use MongoDB as the database for applications, authorizations, scopes and tokens, you'll need to: + - **Reference the `OpenIddict.MongoDb` package**: + ```xml + + ``` + + - **Configure OpenIddict to use the MongoDB stores**: + ```csharp + services.AddOpenIddict() + .AddCore(options => + { + // Note: to use a remote server, call the MongoClient constructor overload + // that accepts a connection string or an instance of MongoClientSettings. + options.UseMongoDb() + .UseDatabase(new MongoClient().GetDatabase("openiddict")); + }) + ``` + + - **Create indexes to improve performance** (recommended): for that, you can use the following script to +initialize the database and create the indexes used by the OpenIddict entities: + ```csharp + using System.Threading; + using Microsoft.Extensions.DependencyInjection; + using Microsoft.Extensions.Options; + using MongoDB.Driver; + using OpenIddict.MongoDb; + using OpenIddict.MongoDb.Models; + + var services = new ServiceCollection(); + services.AddOpenIddict() + .AddCore(options => options.UseMongoDb()); + + services.AddSingleton(new MongoClient( + "mongodb://localhost:27017").GetDatabase("openiddict")); + + var provider = services.BuildServiceProvider(); + var context = provider.GetRequiredService(); + var options = provider.GetRequiredService< + IOptionsMonitor>().CurrentValue; + var database = await context.GetDatabaseAsync(CancellationToken.None); + + var applications = database.GetCollection( + options.ApplicationsCollectionName); + + await applications.Indexes.CreateManyAsync(new[] + { + new CreateIndexModel( + Builders.IndexKeys.Ascending( + application => application.ClientId), + new CreateIndexOptions + { + Unique = true + }), + + new CreateIndexModel( + Builders.IndexKeys.Ascending( + application => application.PostLogoutRedirectUris), + new CreateIndexOptions + { + Background = true + }), + + new CreateIndexModel( + Builders.IndexKeys.Ascending( + application => application.RedirectUris), + new CreateIndexOptions + { + Background = true + }) + }); + + var authorizations = database.GetCollection( + options.AuthorizationsCollectionName); + + await authorizations.Indexes.CreateOneAsync( + new CreateIndexModel( + Builders.IndexKeys + .Ascending(authorization => authorization.ApplicationId) + .Ascending(authorization => authorization.Scopes) + .Ascending(authorization => authorization.Status) + .Ascending(authorization => authorization.Subject) + .Ascending(authorization => authorization.Type), + new CreateIndexOptions + { + Background = true + })); + + var scopes = database.GetCollection( + options.ScopesCollectionName); + + await scopes.Indexes.CreateOneAsync(new CreateIndexModel( + Builders.IndexKeys.Ascending(scope => scope.Name), + new CreateIndexOptions + { + Unique = true + })); + + var tokens = database.GetCollection( + options.TokensCollectionName); + + await tokens.Indexes.CreateManyAsync(new[] + { + new CreateIndexModel( + Builders.IndexKeys.Ascending( + token => token.ReferenceId), + new CreateIndexOptions + { + // Note: partial filter expressions are not supported on Azure Cosmos DB. + // As a workaround, the expression and the unique constraint can be removed. + PartialFilterExpression = + Builders.Filter.Exists( + token => token.ReferenceId), + Unique = true + }), + + new CreateIndexModel( + Builders.IndexKeys + .Ascending(token => token.ApplicationId) + .Ascending(token => token.Status) + .Ascending(token => token.Subject) + .Ascending(token => token.Type), + new CreateIndexOptions + { + Background = true + }) + }); + ``` \ No newline at end of file diff --git a/configuration/toc.yml b/configuration/toc.yml index 99e1b95..0e2f771 100644 --- a/configuration/toc.yml +++ b/configuration/toc.yml @@ -13,6 +13,9 @@ - name: Encryption and signing credentials href: encryption-and-signing-credentials.md +- name: MongoDB integration + href: mongodb-integration.md + - name: Proof Key for Code Exchange href: proof-key-for-code-exchange.md