客户端指能够从id4获取Token的角色。

客户端的共性:

  • a unique client ID
  • a secret if needed
  • the allowed interactions with the token service (called a grant type)
  • a network location where identity and/or access token gets sent to (called a redirect URI)
  • a list of scopes (aka resources) the client is allowed to access

1. 定义server to server 通信的客户端

public class Clients

{

    public static IEnumerable<Client> Get()

    {

        return new List<Client>

        {

            new Client

            {

                ClientId = "service.client",

                ClientSecrets = { new Secret("secret".Sha256()) },

                AllowedGrantTypes = GrantTypes.ClientCredentials,

                AllowedScopes = { "api1", "api2.read_only" }

            }

        };

    }

}
  • ClientId为唯一名称
  • ClientSecret为密码
  • AllowedGrantTypes:允许的授予方式
  • AllowedScopes:作用域。

2. 定义SPA js 客户端

var jsClient = new Client

{

    ClientId = "js",

    ClientName = "JavaScript Client",

    ClientUri = "http://identityserver.io",

    AllowedGrantTypes = GrantTypes.Implicit,

    AllowAccessTokensViaBrowser = true,

    RedirectUris =           { "http://localhost:7017/index.html" },

    PostLogoutRedirectUris = { "http://localhost:7017/index.html" },

    AllowedCorsOrigins =     { "http://localhost:7017" },

    AllowedScopes =

    {

        IdentityServerConstants.StandardScopes.OpenId,

        IdentityServerConstants.StandardScopes.Profile,

        IdentityServerConstants.StandardScopes.Email,

        "api1", "api2.read_only"

    }

};

3. 定义Server-Side的MVC客户端

var mvcClient = new Client

{

    ClientId = "mvc",

    ClientName = "MVC Client",

    ClientUri = "http://identityserver.io",

    AllowedGrantTypes = GrantTypes.Hybrid,

    AllowOfflineAccess = true,

    ClientSecrets = { new Secret("secret".Sha256()) },

    RedirectUris =           { "http://localhost:21402/signin-oidc" },

    PostLogoutRedirectUris = { "http://localhost:21402/" },

    LogoutUri =                "http://localhost:21402/signout-oidc",

    AllowedScopes =

    {

        IdentityServerConstants.StandardScopes.OpenId,

        IdentityServerConstants.StandardScopes.Profile,

        IdentityServerConstants.StandardScopes.Email,

        "api1", "api2.read_only"

    },

};

最新文章

  1. Mysql命令大全
  2. 为 Web 设计师准备的 20 款 CSS3 工具
  3. WinForm------TreeList加载数据方法
  4. dbutils中实现数据的增删改查的方法,反射常用的方法,绝对路径的写法(杂记)
  5. error :ld returned 1 exit status
  6. redis sort
  7. SpringMVC 自定义参数绑定实现日期类型绑定
  8. DOM笔记(九):引用类型、基本包装类型和单体内置对象
  9. Struts2数据校验方法
  10. 个人对maven pom.xml文件的理解
  11. JS1 js获取dom元素方法
  12. poj 1095 Trees Made to Order
  13. Java日志管理
  14. Html 小插件10 即时新闻
  15. Python学习之collections module-defaultdict()
  16. CodeForces 706C Hard problem
  17. sql标识符和格式
  18. Server对象
  19. Android实现网络多线程断点续传下载
  20. linux进程资源占用高原因分析命令记录

热门文章

  1. IOC 依赖注入 Unity
  2. Markdown github 风格语法
  3. webgl glsl
  4. iOS----MRC(手动内存管理)
  5. bzoj2383[CEOI2011] ballons
  6. 题解 P1765 【手机_NOI导刊2010普及(10)】
  7. Windows用户相关操作
  8. XSS/CSRF跨站攻击和防护方案
  9. Hive(三)hive的高级操作
  10. spark streaming (二)