ASP.NET 3.1 中 Identity Server 4 中的 ApiResources 配置在哪里？

Question

按照 ASP.NET Core 2.2 教程搭建 Identity Server 4 In-Memory 项目模板，ApiResources 配置位于appsettings.json。

  "ApiResources": [
    {
      "Name": "movie.api",
      "DisplayName": "Movie API Services",
      "Scopes": [
        {
          "Name": "movie.api",
          "DisplayName": "Movie API Services"
        }
      ]
    }
  ],

但是，在 ASP.NET Core 3.1 中，appsettings.json 不再存在，而是替换为 Config.cs。但是，我在那里找不到ApiResources。如何在Config.cs 中创建ApiResources。

这是我现有的Config.cs

公共静态类配置 { 公共静态 IEnumerable IdentityResources => 新身份资源[] { 新的 IdentityResources.OpenId(), 新的 IdentityResources.Profile(), };

    public static IEnumerable<ApiScope> ApiScopes =>
        new ApiScope[]
        {
            new ApiScope("scope1"),
            new ApiScope("scope2"),
        };

    public static IEnumerable<Client> Clients =>
        new Client[]
        {
            // m2m client credentials flow client
            new Client
            {
                ClientId = "m2m.client",
                ClientName = "Client Credentials Client",

                AllowedGrantTypes = GrantTypes.ClientCredentials,
                ClientSecrets = { new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256()) },

                AllowedScopes = { "scope1" }
            },

            // interactive client using code flow + pkce
            new Client
            {
                ClientId = "interactive",
                ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
                
                AllowedGrantTypes = GrantTypes.Code,

                RedirectUris = { "https://localhost:44300/signin-oidc" },
                FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
                PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },

                AllowOfflineAccess = true,
                AllowedScopes = { "openid", "profile", "scope2" }
            },

            // Client - Configure Identity Service
            // Step 2: Register client
            new Client
            {
                ClientId = "movie.web", // match with what defined in startup.cs
                //ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },

                AllowedGrantTypes = GrantTypes.Implicit,

                RedirectUris = { "http://localhost:5000/signin-oidc" },
                //FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
                //PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },

                //AllowOfflineAccess = true,
                AllowedScopes = { "openid", "profile" },
                AllowAccessTokensViaBrowser =  true
            },
        };
}

Answer 1

以最简单的方式使其工作，您可以将其添加到Config.cs，如下所示：

 public static IEnumerable<ApiScope> ApiScopes =>
            new ApiScope[]
            { 
                new ApiScope("movie.api")
            };

        public static IEnumerable<ApiResource> ApiResources =>
            new ApiResource[]
            {
                new ApiResource("movie.api", "The Movie API")
                {
                    Scopes = { "movie.api" }
                }
            };

并将其添加到 Startup.cs 上的 IdentityServer，如下所示：

var builder = services.AddIdentityServer(options =>
                .AddInMemoryIdentityResources(Config.IdentityResources)
                .AddInMemoryApiScopes(Config.ApiScopes)
                .AddInMemoryApiResources(Config.ApiResources)
                .AddInMemoryClients(Config.Clients)
                .AddTestUsers(TestUsers.Users);

但在 IdentityServer4 的第 4 版中，作用域有自己的定义，并且可以有选择地被资源引用。这意味着如果您不需要，您不必拥有 ApiResource。

阅读更多here