Reputation: 4523
Where is ApiResources configuration in Identity Server 4 in ASP.NET 3.1?
Following the ASP.NET Core 2.2 tutorial to scaffold Identity Server 4 In-Memory project template, ApiResources configuration is at appsettings.json.
"ApiResources": [
{
"Name": "movie.api",
"DisplayName": "Movie API Services",
"Scopes": [
{
"Name": "movie.api",
"DisplayName": "Movie API Services"
}
]
}
],
But, in ASP.NET Core 3.1, appsettings.json is not longer there but replaced with Config.cs. But, I could not locate ApiResources there. How do I create ApiResources in Config.cs.
This is my existing Config.cs
public static class Config { public static IEnumerable IdentityResources => new IdentityResource[] { new IdentityResources.OpenId(), new IdentityResources.Profile(), };
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("scope1"),
new ApiScope("scope2"),
};
public static IEnumerable<Client> Clients =>
new Client[]
{
// m2m client credentials flow client
new Client
{
ClientId = "m2m.client",
ClientName = "Client Credentials Client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = { new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256()) },
AllowedScopes = { "scope1" }
},
// interactive client using code flow + pkce
new Client
{
ClientId = "interactive",
ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = { "https://localhost:44300/signin-oidc" },
FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },
AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile", "scope2" }
},
// Client - Configure Identity Service
// Step 2: Register client
new Client
{
ClientId = "movie.web", // match with what defined in startup.cs
//ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
AllowedGrantTypes = GrantTypes.Implicit,
RedirectUris = { "http://localhost:5000/signin-oidc" },
//FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
//PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },
//AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile" },
AllowAccessTokensViaBrowser = true
},
};
}
Upvotes: 0
Views: 890
Answers (1)
Reputation: 2394
In a simplest way to make it work you can add it to Config.cs like this:
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("movie.api")
};
public static IEnumerable<ApiResource> ApiResources =>
new ApiResource[]
{
new ApiResource("movie.api", "The Movie API")
{
Scopes = { "movie.api" }
}
};
And add it to IdentityServer on Startup.cs like this:
var builder = services.AddIdentityServer(options =>
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddInMemoryApiResources(Config.ApiResources)
.AddInMemoryClients(Config.Clients)
.AddTestUsers(TestUsers.Users);
But in version 4 of IdentityServer4, scopes have their own definition and can optionally be referenced by resources. This means you dont have to have ApiResource if you dont need to.
Read more here
Upvotes: 1
Related Questions
- Where is AddConfigurationStore and AddOperationalStore in IdentityServer4 v2.3.2
- Change default endpoint in IdentityServer 4
- How do you properly grant access to an ApiResource for a given client in Identity Server 4.0.3?
- Adding an API to IdentityServer4
- Getting Identity Resources - Identity Server 4
- Identity server 4 and api application
- Identity Server 4 internal API
- IdentityServer 4- ASP.net webapi (non core) - Missing ApiResource
- IdentityServer4 - ApiResource and Client, how are they tied together
- IdentityServer4 and Web API .NET 4.6.2