lsm/openiddict-documentation
1
0
Fork 0
mirror of https://gitee.com/dcren/openiddict-documentation.git synced 2026-03-23 09:43:26 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update the documentation pages

Browse Source
This commit is contained in:
OpenIddict Bot
2022-01-11 16:30:01 +00:00
parent a9643a903c
commit d5d078a8e5
20 changed files with 522 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
configuration/encryption-and-signing-credentials.html
View File

@@ -98,8 +98,8 @@
<li><strong>Signing credentials are used to protect against tampering</strong>. They can be either asymmetric (e.g a RSA or ECDSA key) or symmetric.</li>
<li><strong>Encryption credentials are used to ensure the content of tokens cannot be read by malicious parties</strong>. They can be either asymmetric (e.g a RSA key) or symmetric.</li>
</ul>
<div class="NOTE"><h5>Note</h5><p>Tokens generated using the opt-in ASP.NET Core Data Protection integration rely on their own key ring, distinct from the credentials discussed in this documentation.
For more information about Data Protection, visit <a href="https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/introduction">ASP.NET Core Data Protection</a>.</p>
<div class="NOTE"><h5>Note</h5><p>Tokens generated using the opt-in ASP.NET Core Data Protection integration rely on their own key ring, distinct from the credentials discussed in this documentation.</p>
<p>For more information about Data Protection, visit <a href="https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/introduction">ASP.NET Core Data Protection</a>.</p>
</div>
<h2 id="registering-credentials-in-the-authorization-server-options">Registering credentials in the authorization server options</h2>
<p>OpenIddict allows registering one or multiple keys (raw keys or embedded in X.509 certificates).</p>
@@ -120,8 +120,8 @@ are not used by OpenIddict and certificates with the furthest expiration date ar
.AddEphemeralSigningKey();
});
</code></pre><div class="NOTE"><h5>Note</h5><p><code>options.AddEphemeralEncryptionKey()</code> generates an asymmetric RSA key which is not directly used as-is to encrypt the tokens but is used to encrypt an
intermediate <em>per-token</em> symmetric key with which the token content is first encrypted using <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-5.2.6">AES</a>.
For more information about this mechanism, read <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-4.3">Key Encryption with RSAES OAEP</a>.</p>
intermediate <em>per-token</em> symmetric key with which the token content is first encrypted using <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-5.2.6">AES</a>.</p>
<p>For more information about this mechanism, read <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-4.3">Key Encryption with RSAES OAEP</a>.</p>
</div>
<h3 id="registering-a-development-certificate">Registering a development certificate</h3>
<p>For development purposes, a certificate can be generated and stored by OpenIddict in the certificates store of the user account running the OpenIddict server feature.
@@ -176,7 +176,7 @@ var data = certificate.Export(X509ContentType.Pfx, string.Empty);
<ul>
<li>For IIS applications, storing the certificates in the machine store is the recommended option.</li>
<li>On Azure, certificates can be uploaded and exposed to Azure App Services applications using the special <code>WEBSITE_LOAD_CERTIFICATES</code> flag.
For more information, visit <a href="https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code">https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code</a></li>
For more information, visit <a href="https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code">Use a TLS/SSL certificate in your code in Azure App Service</a>.</li>
</ul>
<h2 id="importing-credentials-in-the-apiresource-validation-options">Importing credentials in the API/resource validation options</h2>
<h3 id="using-the-optionsuselocalserver-integration">Using the <code>options.UseLocalServer()</code> integration</h3>

6
configuration/index.html
View File

@@ -6,9 +6,9 @@
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Configuration and settings </title>
<title>Configuration </title>
<meta name="viewport" content="width=device-width">
<meta name="title" content="Configuration and settings ">
<meta name="title" content="Configuration ">
<meta name="generator" content="docfx 2.56.7.0">
<link rel="shortcut icon" href="../images/favicon.ico">
@@ -91,7 +91,7 @@
</div>
<article class="content wrap" id="_content" data-uid="">
<h1 id="configuration-and-settings">Configuration and settings</h1>
<h1 id="configuration">Configuration</h1>
<p>OpenIddict 3.0 comes with sensible defaults, but depending on the scenarios, the default settings can be amended to change how OpenIddict reacts to requests.</p>
</article>

238
configuration/mongodb-integration.html
View File

@@ -1,238 +0,0 @@
<!DOCTYPE html>
<!--[if IE]><![endif]-->
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>MongoDB integration </title>
<meta name="viewport" content="width=device-width">
<meta name="title" content="MongoDB integration ">
<meta name="generator" content="docfx 2.56.7.0">
<link rel="shortcut icon" href="../images/favicon.ico">
<link href="https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap" rel="stylesheet">
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.1/styles/night-owl.min.css">
<link rel="stylesheet" href="../styles/colors.css">
<link rel="stylesheet" href="../styles/discord.css">
<link rel="stylesheet" href="../styles/main.css">
<meta property="docfx:navrel" content="../toc.html">
<meta property="docfx:tocrel" content="toc.html">
</head>
<body>
<div class="top-navbar">
<a href="javascript:void(0);" class="burger-icon" onclick="toggleMenu()">
<svg name="Hamburger" style="vertical-align: middle;" width="24" height="24" viewbox="0 0 24 24"><path fill="currentColor" fill-rule="evenodd" clip-rule="evenodd" d="M20 6H4V9H20V6ZM4 10.999H20V13.999H4V10.999ZM4 15.999H20V18.999H4V15.999Z"></path></svg>
</a>
<a class="brand" href="../index.html">
<img src="../images/logo.png" alt="OpenIddict" class="logomark">
<span class="brand-title">OpenIddict</span>
</a>
</div>
<div class="body-content">
<div id="blackout" class="blackout" onclick="toggleMenu()"></div>
<nav id="sidebar" role="navigation">
<div class="sidebar">
<div>
<a class="brand" href="../index.html">
<img src="../images/logo.png" alt="OpenIddict" class="logomark">
<span class="brand-title">OpenIddict</span>
</a>
<div id="navbar">
</div>
</div>
<div class="sidebar-item-separator"></div>
<div id="sidetoggle">
<div id="sidetoc"></div>
</div>
</div>
<div class="footer">
<span>Generated by <strong>DocFX</strong></span>
</div>
</nav>
<main class="main-panel">
<div role="main" class="hide-when-search">
<div class="subnav navbar navbar-default">
<div class="container hide-when-search" id="breadcrumb">
<ul class="breadcrumb">
<li></li>
</ul>
</div>
</div>
<article class="content wrap" id="_content" data-uid="">
<h1 id="mongodb-integration">MongoDB integration</h1>
<p>To configure OpenIddict to use MongoDB as the database for applications, authorizations, scopes and tokens, you&#39;ll need to:</p>
<ul>
<li><p><strong>Reference the <code>OpenIddict.MongoDb</code> package</strong>:</p>
<pre><code class="lang-xml">&lt;PackageReference Include=&quot;OpenIddict.MongoDb&quot; Version=&quot;3.1.1&quot; /&gt;
</code></pre></li>
<li><p><strong>Configure OpenIddict to use the MongoDB stores</strong>:</p>
<pre><code class="lang-csharp">services.AddOpenIddict()
.AddCore(options =&gt;
{
// Note: to use a remote server, call the MongoClient constructor overload
// that accepts a connection string or an instance of MongoClientSettings.
options.UseMongoDb()
.UseDatabase(new MongoClient().GetDatabase(&quot;openiddict&quot;));
});
</code></pre><p>Alternatively, you can register the <code>IMongoDatabase</code> instance as a service:</p>
<pre><code class="lang-csharp">services.AddOpenIddict()
.AddCore(options =&gt;
{
options.UseMongoDb();
});
// Note: to use a remote server, call the MongoClient constructor overload
// that accepts a connection string or an instance of MongoClientSettings.
services.AddSingleton(new MongoClient().GetDatabase(&quot;shared-database-instance&quot;));
</code></pre></li>
<li><p><strong>Create indexes to improve performance</strong> (recommended): for that, you can use the following script to
initialize the database and create the indexes used by the OpenIddict entities:</p>
<pre><code class="lang-csharp">using System.Threading;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using MongoDB.Driver;
using OpenIddict.MongoDb;
using OpenIddict.MongoDb.Models;
var services = new ServiceCollection();
services.AddOpenIddict()
.AddCore(options =&gt; options.UseMongoDb());
services.AddSingleton(new MongoClient(&quot;mongodb://localhost:27017&quot;).GetDatabase(&quot;openiddict&quot;));
var provider = services.BuildServiceProvider();
var context = provider.GetRequiredService&lt;IOpenIddictMongoDbContext&gt;();
var options = provider.GetRequiredService&lt;IOptionsMonitor&lt;OpenIddictMongoDbOptions&gt;&gt;().CurrentValue;
var database = await context.GetDatabaseAsync(CancellationToken.None);
var applications = database.GetCollection&lt;OpenIddictMongoDbApplication&gt;(options.ApplicationsCollectionName);
await applications.Indexes.CreateManyAsync(new[]
{
new CreateIndexModel&lt;OpenIddictMongoDbApplication&gt;(
Builders&lt;OpenIddictMongoDbApplication&gt;.IndexKeys.Ascending(application =&gt; application.ClientId),
new CreateIndexOptions
{
Unique = true
}),
new CreateIndexModel&lt;OpenIddictMongoDbApplication&gt;(
Builders&lt;OpenIddictMongoDbApplication&gt;.IndexKeys.Ascending(application =&gt; application.PostLogoutRedirectUris),
new CreateIndexOptions
{
Background = true
}),
new CreateIndexModel&lt;OpenIddictMongoDbApplication&gt;(
Builders&lt;OpenIddictMongoDbApplication&gt;.IndexKeys.Ascending(application =&gt; application.RedirectUris),
new CreateIndexOptions
{
Background = true
})
});
var authorizations = database.GetCollection&lt;OpenIddictMongoDbAuthorization&gt;(options.AuthorizationsCollectionName);
await authorizations.Indexes.CreateOneAsync(
new CreateIndexModel&lt;OpenIddictMongoDbAuthorization&gt;(
Builders&lt;OpenIddictMongoDbAuthorization&gt;.IndexKeys
.Ascending(authorization =&gt; authorization.ApplicationId)
.Ascending(authorization =&gt; authorization.Scopes)
.Ascending(authorization =&gt; authorization.Status)
.Ascending(authorization =&gt; authorization.Subject)
.Ascending(authorization =&gt; authorization.Type),
new CreateIndexOptions
{
Background = true
}));
var scopes = database.GetCollection&lt;OpenIddictMongoDbScope&gt;(options.ScopesCollectionName);
await scopes.Indexes.CreateOneAsync(new CreateIndexModel&lt;OpenIddictMongoDbScope&gt;(
Builders&lt;OpenIddictMongoDbScope&gt;.IndexKeys.Ascending(scope =&gt; scope.Name),
new CreateIndexOptions
{
Unique = true
}));
var tokens = database.GetCollection&lt;OpenIddictMongoDbToken&gt;(options.TokensCollectionName);
await tokens.Indexes.CreateManyAsync(new[]
{
new CreateIndexModel&lt;OpenIddictMongoDbToken&gt;(
Builders&lt;OpenIddictMongoDbToken&gt;.IndexKeys.Ascending(token =&gt; token.ReferenceId),
new CreateIndexOptions&lt;OpenIddictMongoDbToken&gt;
{
// Note: partial filter expressions are not supported on Azure Cosmos DB.
// As a workaround, the expression and the unique constraint can be removed.
PartialFilterExpression =
Builders&lt;OpenIddictMongoDbToken&gt;.Filter.Exists(token =&gt; token.ReferenceId),
Unique = true
}),
new CreateIndexModel&lt;OpenIddictMongoDbToken&gt;(
Builders&lt;OpenIddictMongoDbToken&gt;.IndexKeys
.Ascending(token =&gt; token.ApplicationId)
.Ascending(token =&gt; token.Status)
.Ascending(token =&gt; token.Subject)
.Ascending(token =&gt; token.Type),
new CreateIndexOptions
{
Background = true
})
});
</code></pre></li>
</ul>
</article>
</div>
</main>
</div>
<script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js" integrity="sha384-OgVRvuATP1z7JjHLkuOU7Xw704+h835Lr+6QL9UvYjZE3Ipu6Tp75j7Bh/kR0JKI" crossorigin="anonymous"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.1/highlight.min.js"></script>
<script type="text/javascript" src="../styles/jquery.twbsPagination.js"></script>
<script type="text/javascript" src="../styles/url.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/anchor-js/anchor.min.js"></script>
<script type="text/javascript" src="../styles/docfx.js"></script>
<script type="text/javascript" src="../styles/main.js"></script>
</body>
</html>

4
configuration/toc.html
View File

@@ -24,10 +24,6 @@
<li>
<a href="encryption-and-signing-credentials.html" class="sidebar-item" name="" title="Encryption and signing credentials">Encryption and signing credentials</a>
</li>
<li>
<a href="mongodb-integration.html" class="sidebar-item" name="" title="MongoDB integration">MongoDB integration</a>
</li>
<li>
<a href="proof-key-for-code-exchange.html" class="sidebar-item" name="" title="Proof Key for Code Exchange">Proof Key for Code Exchange</a>