IdentityServer4 (3) 授权码模式(Authorization Code)

   new Client{        ClientId="mvc client", //客户端Id        ClientName="测试客户端", //客户端名称 随便写        AllowedGrantTypes=GrantTypes.Code,//验证模式        ClientSecrets=        {            new Secret("mvc secret".Sha256()) //客户端验证密钥        },        // 登陆以后 我们重定向的地址(客户端地址)，        // {客户端地址}/signin-oidc是系统默认的不用改，也可以改，这里就用默认的        RedirectUris = { "http://localhost:5003/signin-oidc" },        //注销重定向的url        PostLogoutRedirectUris = { "http://localhost:5003/signout-callback-oidc" },        //是否允许申请 Refresh Tokens        //参考地址 https://identityserver4.readthedocs.io/en/latest/topics/refresh_tokens.html        AllowOfflineAccess=true,        //将用户claims 写人到IdToken,客户端可以直接访问        AlwaysIncludeUserClaimsInIdToken=true,        //客户端访问权限        AllowedScopes =        {            "api1",            IdentityServerConstants.StandardScopes.OpenId,            IdentityServerConstants.StandardScopes.Email,            IdentityServerConstants.StandardScopes.Address,            IdentityServerConstants.StandardScopes.Phone,            IdentityServerConstants.StandardScopes.Profile,            IdentityServerConstants.StandardScopes.OfflineAccess        }    }

    services.AddIdentityServer(options =>     {         //默认的登陆页面是/account/login         options.UserInteraction.LoginUrl = "/login";         //授权确认页面 默认/consent         //options.UserInteraction.ConsentUrl = "";     })     .AddDeveloperSigningCredential()       .AddInMemoryApiResources(IdpConfig.GetApis())     .AddInMemoryClients(IdpConfig.GetClients())     .AddTestUsers(TestUsers.Users)     .AddInMemoryIdentityResources(IdpConfig.GetApiResources());

   // 要写在 UseMvc()前面    app.UseIdentityServer();     app.UseMvcWithDefaultRoute();

   //关闭了 JWT 身份信息类型映射    //这样就允许 well-known 身份信息（比如，“sub” 和 “idp”）无干扰地流过。    //这个身份信息类型映射的“清理”必须在调用 AddAuthentication()之前完成    //区别可参考下面截图    JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();    //添加认证信息    services.AddAuthentication(options =>    {        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;    })        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>        {            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;            //认证服务器            options.Authority = "http://localhost:5002";            //去掉  https            options.RequireHttpsMetadata = false;            options.ClientId = "mvc client";            options.ClientSecret = "mvc secret";            //把 token 存储到 cookie            options.SaveTokens = true;            options.ResponseType = OpenIdConnectResponseType.Code;            //添加申请 权限 ，这里的 scope 必须在授权服务端定义的客户端 AllowedScopes 里            options.Scope.Clear();            options.Scope.Add("api1");            options.Scope.Add(OidcConstants.StandardScopes.OpenId);            options.Scope.Add(OidcConstants.StandardScopes.Email);            options.Scope.Add(OidcConstants.StandardScopes.Address);            options.Scope.Add(OidcConstants.StandardScopes.Phone);            options.Scope.Add(OidcConstants.StandardScopes.Profile);            options.Scope.Add(OidcConstants.StandardScopes.OfflineAccess);             options.Events = new OpenIdConnectEvents            {                OnAuthenticationFailed = context =>                {                    context.HandleResponse();                    context.Response.WriteAsync("验证失败");                    return Task.CompletedTask;                }            };        });

   //写在 UseMvc() 前面    app.UseAuthentication();    app.UseMvcWithDefaultRoute();

    [Authorize]     public class TestController : Controller     {         /// <summary>         /// 测试从服务端认证         /// </summary>         /// <returns></returns>         public async Task<IActionResult> Private()         {             var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);             var idToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.IdToken);              var refreshToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.RefreshToken);             var code = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.Code);              var model = new HomeViewModel             {                 Infos = new Dictionary<string, string>()                 {                     {"AccessToken", accessToken },                     {"IdToken", idToken },                     {"RefreshToken", refreshToken },                     {"Code", code } //code 是空 因为code 是一次性的                 }             };              return View(model);         }          /// <summary>         /// 测试请求API资源(api1)         /// </summary>         /// <returns></returns>         public async Task<IActionResult> SuiBian()         {             var accesstoken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);             if (string.IsNullOrEmpty(accesstoken))             {                 return Json(new { msg = "accesstoken 获取失败" });             }             var client = new HttpClient();             client.SetBearerToken(accesstoken);             var httpResponse = await client.GetAsync("http://localhost:5001/api/suibian");             var result = await httpResponse.Content.ReadAsStringAsync();             if (!httpResponse.IsSuccessStatusCode)             {                 return Json(new { msg = "请求 api1 失败。", error = result });             }             return Json(new             {                 msg = "成功",                 data = JsonConvert.DeserializeObject(result)             });         }     }

   [HttpGet]    public IActionResult Get()    {        return new JsonResult(from c in User.Claims select new { c.Type, c.Value });    }