IdentityServer4、Duende.IdentityServer在appsettings.json配置client
.net 开发认证授权项目经常用到IdentityServer4,或者升级后的Duende.IdentityServer这两个大同小异。
在clent配置放文件中可以参考下面的方式:
- 添加组件依赖
builder.Services.AddIdentityServer().AddInMemoryClients(builder.Configuration.GetSection("IdentityServer:Clients")) .AddInMemoryIdentityResources(new IdentityResource[] { new IdentityResources.OpenId(), new IdentityResources.Profile(), new IdentityResources.Email(), new IdentityResources.Phone(), }) .AddAspNetIdentity<User>();
- 在appsettings.json添加client配置
"IdentityServer": { "Clients": [ { "ClientId": "client", "ClientSecrets": [ { "Value": "K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=" } ], "AllowedScopes": [ "openid", "profile", "email", "phone" ], "AllowedGrantTypes": [ "authorization_code" ], "RequirePkce": false, "RedirectUris": [ "https://www.thunderclient.com/oauth/callback" ] } ] }
其中需要注意ClientSecrets是需要是原始Secret通过SHA256编码的Base64格式,
例如,原始Secret是“secret”,那么配置文件ClientSecrets需要填写“K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=”。
IdentityServer4.Models.HashExtensions 中使用Identity Server4的算法如下
public string Sha256(string input)
{
using (var sha = SHA256.Create())
{
var bytes = Encoding.UTF8.GetBytes(input);
var hash = sha.ComputeHash(bytes);
return Convert.ToBase64String(hash);
}
}
评论