Article From:https://www.cnblogs.com/changfutao/p/9122384.html
OAuth2 The client’s authorization mode is divided into 4 types:
  1.     Authorization code mode (authorization code)
  2.     Simplified mode (implicit)
  3.     Resource owner password credentials
  4.     Client mode (client credentials)
Next we will summarize how to use IdentityServer to implement client mode.
The client mode is the simplest mode in it
The client mode refers to the client authenticating the service provider in its own name rather than in the name of the user.
The above figure shows the flow of the client request
When the request is sent to the authorized server, the HTTP request sent by the client contains the following parameters:
  • granttype :Represents the authorization type. The value here is fixed to “clientcredentials”.
  • scope:Represent the scope of the permissions, optional
The authorized server must authenticate the client identity in some way.
The authorization server sends the access token to the client
Start using code to implement IdentityServer ClientCredentials
First, use VS to create a net core webapi project, nuget IdentityServer package.
Create a Config.cs class
public class Config
    {
        public static IEnumerable<ApiResource> GetResources()
        {
            return new List<ApiResource>
            {
                new ApiResource("api1","my api")
            };
        }
        
        public static IEnumerable<Client> GetClients()
        {
            return new List<Client>
            {
                new Client
                {
                     AllowedGrantTypes=GrantTypes.ClientCredentials, //Client modeThe scope of the / / client's right to accessAllowedScopes={"API1"},ClientId= "MVC",/ / password for authenticationClientSecrets={new SEcret ("secret".Sha256 ())},}};}}
Injecting IdentityServer into the ConfigureServices method of Startup class and adding IdentityServer middleware to Configure
     public void ConfigureServices(IServiceCollection services)
        {
            // Use memory storage, key, client and resource to configure the identity server.Services.AddIdentityServer ().AddDevelopErSigningCredential ().AddInMemoryApiResources (Config.GetResources ()).AddInMemoryClients (Config.GetClients ());Services.AddMvc ();}Public void Configure (IApplicationBuilder app, IHostingEnvironment Env){If(env.IsDevelopment ()){App.UseDeveloperExceptionPage ();}/ / add IdentityServer MiddlewareApp.UseIdentityServer ();App.UseMvc ();}
After the completion of the compilation and running, input in the browserhttp://localhost:5000/.well-known/openid-configuration
{
    "issuer": "http://localhost:5000",
    "jwks_uri": "http://localhost:5000/.well-known/openid-configuration/jwks",
    "authorization_endpoint": "http://localhost:5000/connect/authorize",
    "token_endpoint": "http://localhost:5000/connect/token",  //Get the address of the token"Userinfo_endpoint": "http://localhost:5000/connect/userinfo"."End_session_endPoint: "http://localhost:5000/connect/endsession","Check_session_iframe": "http://localhost:5000/connect/checksession ","Revocation_endpoint": "http://localhost:5000/connect/revocation"."Introspection_endpoint": "http://localhost:5000/connect/introspect"."Frontchannel_logout_Supported ": true,"Frontchannel_logout_session_supported": true,"Backchannel_logout_suppoRted ": true,"Backchannel_logout_session_supported": true,"Scopes_supported": ["API1","Offline_access"]"Claims_supported": [],"Grant_types_supported":["Authorization_code","Client_credentials","Refresh_token","Implicit"]"Response_types_supported": ["Code","Token","ID_token ","Id_token token","Code id_token","Code token","CodeId_token token "]"Response_modes_supported": ["Form_post","Query","Fragment"]"Token_endpoint_auth_methods_supported": ["Client_secret_Basic ","Client_secret_post"]"Subject_types_supported": ["Public"]"Id_token_signing_alg_values_supported": ["RS256"]"Code_challenge_Methods_supported ": ["Plain","S256"]}

Create a API program again
Nuget IdentityServer4.AccessToken.Validation
It needs to be configured inside the Startup.cs
 public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication("Bearer")
                    .AddIdentityServerAuthentication(options => {
                        options.Authority = "http://localhost:5000"; //Authorized serverOptions.RequireHttpsMetadata = false;OptioNs.ApiName = "API1";});Services.AddMvc ();}PublicVoid Configure (IApplicationBuilder app, IHostingEnvironment Env){If (env.IsDevelopment ()){App.UseDeveloperExceptionPage ();}/ / add MiddlewareApp.UseAuthentication ();App.UseMvc ();}
Add the Authorize tag on the controller to be accessed
Using PostMan
Visit:http://localhost:5000/connect/token
Get AccessToken
Use PostMan to visit http://localhost:5001/api/values.

Appendix list

     

    Link of this Article: 1. client mode

    Leave a Reply

    Your email address will not be published. Required fields are marked *