From 2b13be3c4b677ee8bd21c85327cf5530f37ba7ca Mon Sep 17 00:00:00 2001 From: maliming Date: Tue, 17 May 2022 16:44:10 +0800 Subject: [PATCH] Support Blazor-wasm and Angular. --- .../angular/src/environments/environment.ts | 3 +- .../MyProjectNameBlazorModule.cs | 19 +++- .../OpenIddictDataSeedContributor.cs | 91 +++++++++---------- .../MyProjectNameHttpApiHostModule.cs | 2 +- .../MyProjectNameHttpApiHostModule.cs | 19 ++-- .../MyProjectNameIdentityServerModule.cs | 8 +- 6 files changed, 72 insertions(+), 70 deletions(-) diff --git a/templates/app/angular/src/environments/environment.ts b/templates/app/angular/src/environments/environment.ts index 96f84eea43..fcc4e89a07 100644 --- a/templates/app/angular/src/environments/environment.ts +++ b/templates/app/angular/src/environments/environment.ts @@ -10,9 +10,10 @@ export const environment = { logoUrl: '', }, oAuthConfig: { - issuer: 'https://localhost:44305', + issuer: 'https://localhost:44305/', redirectUri: baseUrl, clientId: 'MyProjectName_App', + dummyClientSecret: '1q2w3e*', responseType: 'code', scope: 'offline_access MyProjectName', requireHttps: true, diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor/MyProjectNameBlazorModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor/MyProjectNameBlazorModule.cs index a8030ab41c..86935abcf1 100644 --- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor/MyProjectNameBlazorModule.cs +++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor/MyProjectNameBlazorModule.cs @@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Components.WebAssembly.Hosting; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using MyCompanyName.MyProjectName.Blazor.Menus; +using OpenIddict.Abstractions; using Volo.Abp.AspNetCore.Components.Web.BasicTheme.Themes.Basic; using Volo.Abp.AspNetCore.Components.Web.Theming.Routing; using Volo.Abp.Autofac.WebAssembly; @@ -73,17 +74,25 @@ public class MyProjectNameBlazorModule : AbpModule builder.Services.AddOidcAuthentication(options => { builder.Configuration.Bind("AuthServer", options.ProviderOptions); - - options.UserOptions.NameClaim = JwtClaimTypes.Name; - options.UserOptions.RoleClaim = JwtClaimTypes.Role; - + options.UserOptions.NameClaim = OpenIddictConstants.Claims.Name; + options.UserOptions.RoleClaim = OpenIddictConstants.Claims.Role; + options.ProviderOptions.DefaultScopes.Add("MyProjectName"); options.ProviderOptions.DefaultScopes.Add("roles"); options.ProviderOptions.DefaultScopes.Add("email"); options.ProviderOptions.DefaultScopes.Add("phone"); }); - AbpClaimTypes.UserName = JwtClaimTypes.Name; + AbpClaimTypes.UserId = OpenIddictConstants.Claims.Subject; + AbpClaimTypes.Role = OpenIddictConstants.Claims.Role; + AbpClaimTypes.UserName = OpenIddictConstants.Claims.Name; + AbpClaimTypes.Name = OpenIddictConstants.Claims.GivenName; + AbpClaimTypes.SurName = OpenIddictConstants.Claims.FamilyName; + AbpClaimTypes.PhoneNumber = OpenIddictConstants.Claims.PhoneNumber; + AbpClaimTypes.PhoneNumberVerified = OpenIddictConstants.Claims.PhoneNumberVerified; + AbpClaimTypes.Email = OpenIddictConstants.Claims.Email; + AbpClaimTypes.EmailVerified = OpenIddictConstants.Claims.EmailVerified; + } private static void ConfigureUI(WebAssemblyHostBuilder builder) diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/OpenIddict/OpenIddictDataSeedContributor.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/OpenIddict/OpenIddictDataSeedContributor.cs index 986a4a5e1e..621d45a77d 100644 --- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/OpenIddict/OpenIddictDataSeedContributor.cs +++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/OpenIddict/OpenIddictDataSeedContributor.cs @@ -27,10 +27,10 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep private readonly IStringLocalizer L; public OpenIddictDataSeedContributor( - IConfiguration configuration, - IOpenIddictApplicationManager applicationManager, - IOpenIddictScopeManager scopeManager, - IPermissionDataSeeder permissionDataSeeder, + IConfiguration configuration, + IOpenIddictApplicationManager applicationManager, + IOpenIddictScopeManager scopeManager, + IPermissionDataSeeder permissionDataSeeder, IStringLocalizer l) { _configuration = configuration; @@ -62,19 +62,19 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep }); } } - + private async Task CreateApplicationsAsync() { var commonScopes = new List { - OpenIddictConstants.Permissions.Scopes.Address, - OpenIddictConstants.Permissions.Scopes.Email, - OpenIddictConstants.Permissions.Scopes.Phone, - OpenIddictConstants.Permissions.Scopes.Profile, + OpenIddictConstants.Permissions.Scopes.Address, + OpenIddictConstants.Permissions.Scopes.Email, + OpenIddictConstants.Permissions.Scopes.Phone, + OpenIddictConstants.Permissions.Scopes.Profile, OpenIddictConstants.Permissions.Scopes.Roles, "MyProjectName" }; - + var configurationSection = _configuration.GetSection("OpenIddict:Applications"); //Web Client @@ -93,7 +93,7 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep secret: null, grantTypes: new List //Hybrid flow { - OpenIddictConstants.GrantTypes.AuthorizationCode, + OpenIddictConstants.GrantTypes.AuthorizationCode, OpenIddictConstants.GrantTypes.Implicit }, scopes: commonScopes, @@ -101,7 +101,7 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep postLogoutRedirectUri: $"{webClientRootUrl}signout-callback-oidc" ); } - + //Console Test / Angular Client var consoleAndAngularClientId = configurationSection["MyProjectName_App:ClientId"]; if (!consoleAndAngularClientId.IsNullOrWhiteSpace()) @@ -113,20 +113,19 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep consentType: OpenIddictConstants.ConsentTypes.Implicit, displayName: "Console Test / Angular Application", secret: configurationSection["MyProjectName_App:ClientSecret"] ?? "1q2w3e*", - grantTypes: new List + grantTypes: new List { - OpenIddictConstants.GrantTypes.AuthorizationCode, - OpenIddictConstants.GrantTypes.Password, - OpenIddictConstants.GrantTypes.ClientCredentials, - "LinkLogin", - "Impersonation" + OpenIddictConstants.GrantTypes.AuthorizationCode, + OpenIddictConstants.GrantTypes.Password, + OpenIddictConstants.GrantTypes.ClientCredentials, + OpenIddictConstants.GrantTypes.RefreshToken }, scopes: commonScopes, redirectUri: webClientRootUrl, postLogoutRedirectUri: webClientRootUrl ); } - + // Blazor Client var blazorClientId = configurationSection["MyProjectName_Blazor:ClientId"]; if (!blazorClientId.IsNullOrWhiteSpace()) @@ -139,7 +138,7 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep consentType: OpenIddictConstants.ConsentTypes.Implicit, displayName: "Blazor Application", secret: null, - grantTypes: new List + grantTypes: new List { OpenIddictConstants.GrantTypes.AuthorizationCode, }, @@ -161,7 +160,7 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep consentType: OpenIddictConstants.ConsentTypes.Implicit, displayName: "Blazor Application", secret: configurationSection["MyProjectName_Swagger:ClientSecret"], - grantTypes: new List + grantTypes: new List { OpenIddictConstants.GrantTypes.AuthorizationCode, }, @@ -170,7 +169,7 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep ); } } - + private async Task CreateApplicationAsync( [NotNull] string name, [NotNull] string type, @@ -187,7 +186,7 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep { throw new BusinessException(L["NoClientSecretCanBeSetForPublicApplications"]); } - + if (string.IsNullOrEmpty(secret) && string.Equals(type, OpenIddictConstants.ClientTypes.Confidential, StringComparison.OrdinalIgnoreCase)) { throw new BusinessException(L["TheClientSecretIsRequiredForConfidentialApplications"]); @@ -198,7 +197,7 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep return; //throw new BusinessException(L["TheClientIdentifierIsAlreadyTakenByAnotherApplication"]); } - + var client = await _applicationManager.FindByClientIdAsync(name); if (client == null) { @@ -213,7 +212,7 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep Check.NotNullOrEmpty(grantTypes, nameof(grantTypes)); Check.NotNullOrEmpty(scopes, nameof(scopes)); - + if (new [] { OpenIddictConstants.GrantTypes.AuthorizationCode, OpenIddictConstants.GrantTypes.Implicit }.All(grantTypes.Contains)) { application.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken); @@ -229,7 +228,7 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep { application.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout); } - + foreach (var grantType in grantTypes) { if (grantType == OpenIddictConstants.GrantTypes.AuthorizationCode) @@ -242,36 +241,36 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep { application.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } - - if (grantType == OpenIddictConstants.GrantTypes.AuthorizationCode || - grantType == OpenIddictConstants.GrantTypes.ClientCredentials || - grantType == OpenIddictConstants.GrantTypes.Password || + + if (grantType == OpenIddictConstants.GrantTypes.AuthorizationCode || + grantType == OpenIddictConstants.GrantTypes.ClientCredentials || + grantType == OpenIddictConstants.GrantTypes.Password || grantType == OpenIddictConstants.GrantTypes.RefreshToken || grantType == OpenIddictConstants.GrantTypes.DeviceCode) { application.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } - + if (grantType == OpenIddictConstants.GrantTypes.ClientCredentials) { application.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } - + if (grantType == OpenIddictConstants.GrantTypes.Implicit) { application.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } - + if (grantType == OpenIddictConstants.GrantTypes.Password) { application.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } - + if (grantType == OpenIddictConstants.GrantTypes.RefreshToken) { application.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } - + if (grantType == OpenIddictConstants.GrantTypes.Implicit) { application.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken); @@ -285,13 +284,13 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep var buildInScopes = new [] { - OpenIddictConstants.Permissions.Scopes.Address, - OpenIddictConstants.Permissions.Scopes.Email, - OpenIddictConstants.Permissions.Scopes.Phone, - OpenIddictConstants.Permissions.Scopes.Profile, + OpenIddictConstants.Permissions.Scopes.Address, + OpenIddictConstants.Permissions.Scopes.Email, + OpenIddictConstants.Permissions.Scopes.Phone, + OpenIddictConstants.Permissions.Scopes.Profile, OpenIddictConstants.Permissions.Scopes.Roles }; - + foreach (var scope in scopes) { if (buildInScopes.Contains(scope)) @@ -303,7 +302,7 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep application.Permissions.Add(OpenIddictConstants.Permissions.Prefixes.Scope + scope); } } - + if (redirectUri != null) { if (!redirectUri.IsNullOrEmpty()) @@ -312,14 +311,14 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep { throw new BusinessException(L["InvalidRedirectUri", redirectUri]); } - + if (application.RedirectUris.All(x => x != uri)) { application.RedirectUris.Add(uri); } } } - + if (postLogoutRedirectUri != null) { if (!postLogoutRedirectUri.IsNullOrEmpty()) @@ -328,14 +327,14 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep { throw new BusinessException(L["InvalidPostLogoutRedirectUri", postLogoutRedirectUri]); } - + if (application.PostLogoutRedirectUris.All(x => x != uri)) { application.PostLogoutRedirectUris.Add(uri); } } } - + if (permissions != null) { await _permissionDataSeeder.SeedAsync( @@ -350,4 +349,4 @@ public class OpenIddictDataSeedContributor : IDataSeedContributor, ITransientDep } } -} \ No newline at end of file +} diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.Host/MyProjectNameHttpApiHostModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.Host/MyProjectNameHttpApiHostModule.cs index b2b07c3c78..b08c7c714e 100644 --- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.Host/MyProjectNameHttpApiHostModule.cs +++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.Host/MyProjectNameHttpApiHostModule.cs @@ -103,7 +103,7 @@ public class MyProjectNameHttpApiHostModule : AbpModule options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); options.Audience = "MyProjectName"; - + options.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_C40DBB176E78")); options.TokenValidationParameters.TokenDecryptionKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80")); }); diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs index 35e4551c5a..8197e947ba 100644 --- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs +++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs @@ -59,12 +59,6 @@ public class MyProjectNameHttpApiHostModule : AbpModule builder.AddEncryptionKey(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80"))); }); - PreConfigure(options => - { - options.EnableWildcardDomainSupport = true; - options.WildcardDomainsFormat.Add("https://{0}.abp.io/signin-oidc"); - }); - PreConfigure(builder => { builder.AddValidation(options => @@ -75,12 +69,17 @@ public class MyProjectNameHttpApiHostModule : AbpModule }); }); } - + public override void ConfigureServices(ServiceConfigurationContext context) { var configuration = context.Services.GetConfiguration(); var hostingEnvironment = context.Services.GetHostingEnvironment(); + Configure(options => + { + options.AddDevelopmentEncryptionAndSigningCertificate = false; + }); + ConfigureBundles(); ConfigureUrls(configuration); ConfigureConventionalControllers(); @@ -161,10 +160,10 @@ public class MyProjectNameHttpApiHostModule : AbpModule options.Audience = "MyProjectName"; options.BackchannelHttpHandler = new HttpClientHandler { - ServerCertificateCustomValidationCallback = - HttpClientHandler.DangerousAcceptAnyServerCertificateValidator + ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator }; - + options.MapInboundClaims = false; + options.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_C40DBB176E78")); options.TokenValidationParameters.TokenDecryptionKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80")); }); diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.IdentityServer/MyProjectNameIdentityServerModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.IdentityServer/MyProjectNameIdentityServerModule.cs index 1c912fafa2..9f4867d024 100644 --- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.IdentityServer/MyProjectNameIdentityServerModule.cs +++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.IdentityServer/MyProjectNameIdentityServerModule.cs @@ -60,12 +60,6 @@ public class MyProjectNameIdentityServerModule : AbpModule builder.AddEncryptionKey(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80"))); }); - PreConfigure(options => - { - options.EnableWildcardDomainSupport = true; - options.WildcardDomainsFormat.Add("https://{0}.abp.io/signin-oidc"); - }); - PreConfigure(builder => { builder.AddValidation(options => @@ -81,7 +75,7 @@ public class MyProjectNameIdentityServerModule : AbpModule { var hostingEnvironment = context.Services.GetHostingEnvironment(); var configuration = context.Services.GetConfiguration(); - + Configure(options => { options.AddDevelopmentEncryptionAndSigningCertificate = false;