yili-onemap/api/QM.AuthServer/InitConfig.cs

using IdentityServer4;
using IdentityServer4.Models;
using Microsoft.Extensions.Configuration;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace QM.AuthServer
{
    public class InitConfig
    {
        /// <summary>
        /// 定义哪些API将使用此IdentityServer
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<ApiResource> GetApiResources(IConfigurationSection section)
        {
            List<ApiResource> resource = new List<ApiResource>();
            if (section != null)
            {
                List<ApiConfig> configs = new List<ApiConfig>();
                section.Bind("ApiResources", configs);
                foreach (var config in configs)
                {
                    resource.Add(new ApiResource(config.Name, config.DisplayName) { 
                     Scopes = { config.Name }
                    });
                }
            }
            return resource.ToArray();
        }

        /// <summary>
        /// ApiScope
        /// </summary>
        /// <param name="section"></param>
        /// <returns></returns>
        public static IEnumerable<ApiScope> GetApiScopes(IConfigurationSection section)
        {
            List<ApiScope> resource = new List<ApiScope>();
            if (section != null)
            {
                List<ApiConfig> configs = new List<ApiConfig>();
                section.Bind("ApiResources", configs);
                foreach (var config in configs)
                {
                    resource.Add(new ApiScope(config.Name, config.DisplayName));
                }
            }
            return resource.ToArray();
        }


        /// <summary>
        /// 定义受信任的客户端
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<Client> GetClients(IConfigurationSection section)
        {
            List<Client> clients = new List<Client>();
            if (section != null)
            {
                List<ClientConfig> configs = new List<ClientConfig>();
                section.Bind("Clients", configs);
                foreach (var config in configs)
                {
                    Client client = new Client();
                    client.ClientId = config.ClientId;
                    List<Secret> clientSecrets = new List<Secret>();
                    foreach (var secret in config.ClientSecrets)
                    {
                        clientSecrets.Add(new Secret(secret.Sha256()));
                    }
                    client.ClientSecrets = clientSecrets.ToArray();

                    GrantTypes grantTypes = new GrantTypes();
                    var allowedGrantTypes = grantTypes.GetType().GetProperty(config.AllowedGrantTypes);
                    client.AllowedGrantTypes = allowedGrantTypes == null ?
                        GrantTypes.ClientCredentials : (ICollection<string>)allowedGrantTypes.GetValue(grantTypes, null);

                    List<string> aas = new List<string>();
                    aas.AddRange(config.AllowedScopes);
                    aas.Add(IdentityServerConstants.StandardScopes.OpenId);
                    aas.Add(IdentityServerConstants.StandardScopes.Profile);
                    client.AllowedScopes = aas.ToArray();
                    client.AccessTokenLifetime = config.AccessTokenLifetime * 60 * 60; //(秒)
                    //client.AlwaysSendClientClaims = true;
                    clients.Add(client);
                }
            }
            return clients.ToArray();
        }

        /// <summary>
        /// 定义哪些IdentityResources将使用此IdentityServer
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<IdentityResource> GetIdentityResources()
        {
            return new List<IdentityResource>
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
            };
        }
    }

    /// <summary>
    /// API配置（可数据库管理）
    /// </summary>
    public class ApiConfig
    {
        /// <summary>
        /// 名称
        /// </summary>
        public string Name { get; set; }
        /// <summary>
        /// 显示名
        /// </summary>
        public string DisplayName { get; set; }
    }
    /// <summary>
    /// 客户端配置（可数据库管理）
    /// </summary>
    public class ClientConfig
    {
        /// <summary>
        /// 客户端编码
        /// </summary>
        public string ClientId { get; set; }
        /// <summary>
        /// 客户端名称
        /// </summary>
        public string ClientName { get; set; }
        /// <summary>
        /// 过期时间（小时）
        /// </summary>
        public int AccessTokenLifetime { get; set; } = 8;
        
        /// <summary>
        /// 客户密钥
        /// </summary>
        public List<string> ClientSecrets { get; set; }
        /// <summary>
        /// 授权模式
        /// </summary>
        public string AllowedGrantTypes { get; set; }
        /// <summary>
        /// 允许的作用域
        /// </summary>
        public List<string> AllowedScopes { get; set; }
    }
}