lsm/openiddict-documentation
1
0
Fork 0
mirror of https://gitee.com/dcren/openiddict-documentation.git synced 2025-07-15 23:13:34 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add a guide explaining how to set up MongoDB integration

Browse Source
This commit is contained in:
Kévin Chalet 2021-06-29 19:24:05 +02:00
parent ea0364e553
commit 0209f1c833
3 changed files with 134 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
configuration/encryption-and-signing-credentials.md
View File

@ -8,7 +8,7 @@ To protect the tokens it issues, OpenIddict uses 2 types of credentials:
> Tokens generated using the opt-in ASP.NET Core Data Protection integration rely on their own key ring, distinct from the credentials discussed in this documentation.
> For more information about Data Protection, visit [ASP.NET Core Data Protection](https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/introduction).
## Registering credentials in the server options
## Registering credentials in the authorization server options
OpenIddict allows registering one or multiple keys (raw keys or embedded in X.509 certificates).
@ -120,7 +120,7 @@ The best place to store your certificates will mostly depend on your host:
- On Azure, certificates can be uploaded and exposed to Azure App Services applications using the special `WEBSITE_LOAD_CERTIFICATES` flag.
For more information, visit https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code
## Importing credentials in the validation options
## Importing credentials in the API/resource validation options
### Using the `options.UseLocalServer()` integration

129
configuration/mongodb-integration.md Normal file
View File

@ -0,0 +1,129 @@
# MongoDB integration
To configure OpenIddict to use MongoDB as the database for applications, authorizations, scopes and tokens, you'll need to:
- **Reference the `OpenIddict.MongoDb` package**:
```xml
<PackageReference Include="OpenIddict.MongoDb" Version="3.0.5" />
```
- **Configure OpenIddict to use the MongoDB stores**:
```csharp
services.AddOpenIddict()
.AddCore(options =>
{
// Note: to use a remote server, call the MongoClient constructor overload
// that accepts a connection string or an instance of MongoClientSettings.
options.UseMongoDb()
.UseDatabase(new MongoClient().GetDatabase("openiddict"));
})
```
- **Create indexes to improve performance** (recommended): for that, you can use the following script to
initialize the database and create the indexes used by the OpenIddict entities:
```csharp
using System.Threading;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using MongoDB.Driver;
using OpenIddict.MongoDb;
using OpenIddict.MongoDb.Models;
var services = new ServiceCollection();
services.AddOpenIddict()
.AddCore(options => options.UseMongoDb());
services.AddSingleton(new MongoClient(
"mongodb://localhost:27017").GetDatabase("openiddict"));
var provider = services.BuildServiceProvider();
var context = provider.GetRequiredService<IOpenIddictMongoDbContext>();
var options = provider.GetRequiredService<
IOptionsMonitor<OpenIddictMongoDbOptions>>().CurrentValue;
var database = await context.GetDatabaseAsync(CancellationToken.None);
var applications = database.GetCollection<OpenIddictMongoDbApplication>(
options.ApplicationsCollectionName);
await applications.Indexes.CreateManyAsync(new[]
{
new CreateIndexModel<OpenIddictMongoDbApplication>(
Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(
application => application.ClientId),
new CreateIndexOptions
{
Unique = true
}),
new CreateIndexModel<OpenIddictMongoDbApplication>(
Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(
application => application.PostLogoutRedirectUris),
new CreateIndexOptions
{
Background = true
}),
new CreateIndexModel<OpenIddictMongoDbApplication>(
Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(
application => application.RedirectUris),
new CreateIndexOptions
{
Background = true
})
});
var authorizations = database.GetCollection<OpenIddictMongoDbAuthorization>(
options.AuthorizationsCollectionName);
await authorizations.Indexes.CreateOneAsync(
new CreateIndexModel<OpenIddictMongoDbAuthorization>(
Builders<OpenIddictMongoDbAuthorization>.IndexKeys
.Ascending(authorization => authorization.ApplicationId)
.Ascending(authorization => authorization.Scopes)
.Ascending(authorization => authorization.Status)
.Ascending(authorization => authorization.Subject)
.Ascending(authorization => authorization.Type),
new CreateIndexOptions
{
Background = true
}));
var scopes = database.GetCollection<OpenIddictMongoDbScope>(
options.ScopesCollectionName);
await scopes.Indexes.CreateOneAsync(new CreateIndexModel<OpenIddictMongoDbScope>(
Builders<OpenIddictMongoDbScope>.IndexKeys.Ascending(scope => scope.Name),
new CreateIndexOptions
{
Unique = true
}));
var tokens = database.GetCollection<OpenIddictMongoDbToken>(
options.TokensCollectionName);
await tokens.Indexes.CreateManyAsync(new[]
{
new CreateIndexModel<OpenIddictMongoDbToken>(
Builders<OpenIddictMongoDbToken>.IndexKeys.Ascending(
token => token.ReferenceId),
new CreateIndexOptions<OpenIddictMongoDbToken>
{
// Note: partial filter expressions are not supported on Azure Cosmos DB.
// As a workaround, the expression and the unique constraint can be removed.
PartialFilterExpression =
Builders<OpenIddictMongoDbToken>.Filter.Exists(
token => token.ReferenceId),
Unique = true
}),
new CreateIndexModel<OpenIddictMongoDbToken>(
Builders<OpenIddictMongoDbToken>.IndexKeys
.Ascending(token => token.ApplicationId)
.Ascending(token => token.Status)
.Ascending(token => token.Subject)
.Ascending(token => token.Type),
new CreateIndexOptions
{
Background = true
})
});
```

3
configuration/toc.yml
View File

@ -13,6 +13,9 @@
- name: Encryption and signing credentials
href: encryption-and-signing-credentials.md
- name: MongoDB integration
href: mongodb-integration.md
- name: Proof Key for Code Exchange
href: proof-key-for-code-exchange.md