lsm/openiddict-documentation
1
0
Fork 0
mirror of https://gitee.com/dcren/openiddict-documentation.git synced 2025-09-18 17:48:00 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Replace the Material theme by DiscordFX

Browse Source
This commit is contained in:
Kévin Chalet
2022-01-07 18:10:45 +01:00
parent b3a75b3a63
commit a3fa2d4107
24 changed files with 1310 additions and 376 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
configuration/authorization-storage.md
View File

@@ -37,8 +37,7 @@ switch (await _applicationManager.GetConsentTypeAsync(application))
authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
properties: new AuthenticationProperties(new Dictionary<string, string>
{
[OpenIddictServerAspNetCoreConstants.Properties.Error] =
Errors.ConsentRequired,
[OpenIddictServerAspNetCoreConstants.Properties.Error] = Errors.ConsentRequired,
[OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] =
"The logged in user is not allowed to access this client application."
}));
@@ -47,16 +46,14 @@ switch (await _applicationManager.GetConsentTypeAsync(application))
// return an authorization response without displaying the consent form.
case ConsentTypes.Implicit:
case ConsentTypes.External when authorizations.Any():
case ConsentTypes.Explicit when authorizations.Any() &&
!request.HasPrompt(Prompts.Consent):
case ConsentTypes.Explicit when authorizations.Any() && !request.HasPrompt(Prompts.Consent):
var principal = await _signInManager.CreateUserPrincipalAsync(user);
// Note: in this sample, the granted scopes match the requested scope
// but you may want to allow the user to uncheck specific scopes.
// For that, simply restrict the list of scopes before calling SetScopes.
principal.SetScopes(request.GetScopes());
principal.SetResources(await _scopeManager.ListResourcesAsync(
principal.GetScopes()).ToListAsync());
principal.SetResources(await _scopeManager.ListResourcesAsync(principal.GetScopes()).ToListAsync());
// Automatically create a permanent authorization to avoid requiring explicit consent
// for future authorization or token requests containing the same scopes.
@@ -88,8 +85,7 @@ switch (await _applicationManager.GetConsentTypeAsync(application))
authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
properties: new AuthenticationProperties(new Dictionary<string, string>
{
[OpenIddictServerAspNetCoreConstants.Properties.Error] =
Errors.ConsentRequired,
[OpenIddictServerAspNetCoreConstants.Properties.Error] = Errors.ConsentRequired,
[OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] =
"Interactive user consent is required."
}));

3
configuration/claim-destinations.md
View File

@@ -27,8 +27,7 @@ var principal = await _signInManager.CreateUserPrincipalAsync(user);
// but you may want to allow the user to uncheck specific scopes.
// For that, simply restrict the list of scopes before calling SetScopes().
principal.SetScopes(request.GetScopes());
principal.SetResources(
await _scopeManager.ListResourcesAsync(principal.GetScopes()).ToListAsync());
principal.SetResources(await _scopeManager.ListResourcesAsync(principal.GetScopes()).ToListAsync());
foreach (var claim in principal.Claims)
{

22
configuration/encryption-and-signing-credentials.md
View File

@@ -87,14 +87,10 @@ Certificates can be generated and self-signed locally using the .NET Core `Certi
using var algorithm = RSA.Create(keySizeInBits: 2048);
var subject = new X500DistinguishedName("CN=Fabrikam Encryption Certificate");
var request = new CertificateRequest(subject, algorithm,
HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(new X509KeyUsageExtension(
X509KeyUsageFlags.KeyEncipherment, critical: true));
var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment, critical: true));
var certificate = request.CreateSelfSigned(
DateTimeOffset.UtcNow,
DateTimeOffset.UtcNow.AddYears(2));
var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(2));
var data = certificate.Export(X509ContentType.Pfx, string.Empty);
```
@@ -103,19 +99,15 @@ var data = certificate.Export(X509ContentType.Pfx, string.Empty);
using var algorithm = RSA.Create(keySizeInBits: 2048);
var subject = new X500DistinguishedName("CN=Fabrikam Signing Certificate");
var request = new CertificateRequest(subject, algorithm,
HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(new X509KeyUsageExtension(
X509KeyUsageFlags.DigitalSignature, critical: true));
var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
var certificate = request.CreateSelfSigned(
DateTimeOffset.UtcNow,
DateTimeOffset.UtcNow.AddYears(2));
var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(2));
var data = certificate.Export(X509ContentType.Pfx, string.Empty);
```
The best place to store your certificates will mostly depend on your host:
The best place to store your certificates will depend on your host:
- For IIS applications, storing the certificates in the machine store is the recommended option.
- On Azure, certificates can be uploaded and exposed to Azure App Services applications using the special `WEBSITE_LOAD_CERTIFICATES` flag.
For more information, visit https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code

33
configuration/mongodb-integration.md
View File

@@ -46,47 +46,40 @@ initialize the database and create the indexes used by the OpenIddict entities:
services.AddOpenIddict()
.AddCore(options => options.UseMongoDb());
services.AddSingleton(new MongoClient(
"mongodb://localhost:27017").GetDatabase("openiddict"));
services.AddSingleton(new MongoClient("mongodb://localhost:27017").GetDatabase("openiddict"));
var provider = services.BuildServiceProvider();
var context = provider.GetRequiredService<IOpenIddictMongoDbContext>();
var options = provider.GetRequiredService<
IOptionsMonitor<OpenIddictMongoDbOptions>>().CurrentValue;
var options = provider.GetRequiredService<IOptionsMonitor<OpenIddictMongoDbOptions>>().CurrentValue;
var database = await context.GetDatabaseAsync(CancellationToken.None);
var applications = database.GetCollection<OpenIddictMongoDbApplication>(
options.ApplicationsCollectionName);
var applications = database.GetCollection<OpenIddictMongoDbApplication>(options.ApplicationsCollectionName);
await applications.Indexes.CreateManyAsync(new[]
{
new CreateIndexModel<OpenIddictMongoDbApplication>(
Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(
application => application.ClientId),
Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(application => application.ClientId),
new CreateIndexOptions
{
Unique = true
}),
new CreateIndexModel<OpenIddictMongoDbApplication>(
Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(
application => application.PostLogoutRedirectUris),
Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(application => application.PostLogoutRedirectUris),
new CreateIndexOptions
{
Background = true
}),
new CreateIndexModel<OpenIddictMongoDbApplication>(
Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(
application => application.RedirectUris),
Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(application => application.RedirectUris),
new CreateIndexOptions
{
Background = true
})
});
var authorizations = database.GetCollection<OpenIddictMongoDbAuthorization>(
options.AuthorizationsCollectionName);
var authorizations = database.GetCollection<OpenIddictMongoDbAuthorization>(options.AuthorizationsCollectionName);
await authorizations.Indexes.CreateOneAsync(
new CreateIndexModel<OpenIddictMongoDbAuthorization>(
@@ -101,8 +94,7 @@ initialize the database and create the indexes used by the OpenIddict entities:
Background = true
}));
var scopes = database.GetCollection<OpenIddictMongoDbScope>(
options.ScopesCollectionName);
var scopes = database.GetCollection<OpenIddictMongoDbScope>(options.ScopesCollectionName);
await scopes.Indexes.CreateOneAsync(new CreateIndexModel<OpenIddictMongoDbScope>(
Builders<OpenIddictMongoDbScope>.IndexKeys.Ascending(scope => scope.Name),
@@ -111,21 +103,18 @@ initialize the database and create the indexes used by the OpenIddict entities:
Unique = true
}));
var tokens = database.GetCollection<OpenIddictMongoDbToken>(
options.TokensCollectionName);
var tokens = database.GetCollection<OpenIddictMongoDbToken>(options.TokensCollectionName);
await tokens.Indexes.CreateManyAsync(new[]
{
new CreateIndexModel<OpenIddictMongoDbToken>(
Builders<OpenIddictMongoDbToken>.IndexKeys.Ascending(
token => token.ReferenceId),
Builders<OpenIddictMongoDbToken>.IndexKeys.Ascending(token => token.ReferenceId),
new CreateIndexOptions<OpenIddictMongoDbToken>
{
// Note: partial filter expressions are not supported on Azure Cosmos DB.
// As a workaround, the expression and the unique constraint can be removed.
PartialFilterExpression =
Builders<OpenIddictMongoDbToken>.Filter.Exists(
token => token.ReferenceId),
Builders<OpenIddictMongoDbToken>.Filter.Exists(token => token.ReferenceId),
Unique = true
}),

3
configuration/proof-key-for-code-exchange.md
View File

@@ -63,7 +63,6 @@ While not recommended, support for the `code_challenge_method=plain` method can
services.AddOpenIddict()
.AddServer(options =>
{
options.Configure(options => options.CodeChallengeMethods.Add(
CodeChallengeMethods.Plain));
options.Configure(options => options.CodeChallengeMethods.Add(CodeChallengeMethods.Plain));
});
```