Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #6902 from aspnetboilerplate/feat/6803
Added OpenIddict integration packages
- Loading branch information
Showing
61 changed files
with
5,441 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
### Introduction | ||
|
||
[OpenIddict](https://github.com/openiddict/openiddict-core) aims at providing a versatile solution to implement OpenID Connect client, server and token validation support in any ASP.NET Core 2.1 (and higher) application. ASP.NET 4.6.1 (and higher) applications are also fully supported thanks to a native Microsoft.Owin 4.2 integration. | ||
|
||
#### Startup Project | ||
|
||
This document assumes that you have already created an ASP.NET Core based | ||
project (including Module Zero) from the [startup templates](/Templates) and | ||
have set it up to work. We created an [ASP.NET Core MVC startup | ||
project](/Pages/Documents/Zero/Startup-Template-Core) for this demonstration. | ||
|
||
### Installation | ||
|
||
There are 3 NuGet packages: | ||
|
||
- [**Abp.ZeroCore.OpenIddict**](https://www.nuget.org/packages/Abp.ZeroCore.OpenIddict) | ||
is the main integration package. | ||
- [**Abp.ZeroCore.OpenIddict.EntityFrameworkCore**](https://www.nuget.org/packages/Abp.ZeroCore.OpenIddict.EntityFrameworkCore) | ||
is the storage provider for EF Core. | ||
- [**Abp.AspNetCore.OpenIddict**](https://www.nuget.org/packages/Abp.AspNetCore.OpenIddict) | ||
is the package for ASP.NET Core. | ||
|
||
Install **Abp.ZeroCore.OpenIddict** package to your Core project and add a module dependency to `AbpZeroCoreOpenIddictModule`. | ||
|
||
Install **Abp.AspNetCore.OpenIddict** package to your Web project and add a module dependency to `AbpZeroCoreOpenIddictEntityFrameworkCoreModule`. | ||
|
||
Install **Abp.ZeroCore.OpenIddict.EntityFrameworkCore** package to your EntityFrameworkCore project and add a module dependency to `AbpAspNetCoreOpenIddictModule`. | ||
|
||
### Configuration | ||
|
||
Configuring and using OpenIddict with Abp.ZeroCore is similar to | ||
independently using OpenIddict. You should read its [own | ||
documentation](https://documentation.openiddict.com/index.html) to better understand how | ||
|
||
#### EntityFrameworkCore Project | ||
|
||
You need to implement `IOpenIddictDbContext` in your DbContext class. This will add Entities required by OpenIddict to your DbContext. | ||
|
||
After this, call `modelBuilder.ConfigureOpenIddict();` in the `OnModelCreating` method of your DbContext. | ||
|
||
Then, create repositories inherited from below classes; | ||
|
||
* `EfCoreOpenIddictApplicationRepository` | ||
* `EfCoreOpenIddictAuthorizationRepository` | ||
* `EfCoreOpenIddictScopeRepository` | ||
* `EfCoreOpenIddictTokenRepository` | ||
|
||
#### Web Project | ||
|
||
In your web project, create Controllers inherited from generic controllers defined in ASP.NET Boilerplate; | ||
|
||
* `AuthorizeController` | ||
* `TokenController` | ||
* `UserInfoController` | ||
|
||
Create a static class to Configure `OpenIddict` in your Web project and call it in Startup.cs; | ||
|
||
```csharp | ||
public static class OpenIddictRegistrar | ||
{ | ||
public static void Register( | ||
IServiceCollection services, | ||
IConfigurationRoot configuration, | ||
Action<OpenIddictCoreOptions> setupOptions) | ||
{ | ||
services.Configure<AbpOpenIddictClaimsPrincipalOptions>(options => | ||
{ | ||
options.ClaimsPrincipalHandlers.Add<AbpDefaultOpenIddictClaimsPrincipalHandler>(); | ||
}); | ||
|
||
services.AddOpenIddict() | ||
|
||
// Register the OpenIddict core components. | ||
.AddCore(builder => | ||
{ | ||
builder | ||
.SetDefaultApplicationEntity<OpenIddictApplicationModel>() | ||
.SetDefaultAuthorizationEntity<OpenIddictAuthorizationModel>() | ||
.SetDefaultScopeEntity<OpenIddictScopeModel>() | ||
.SetDefaultTokenEntity<OpenIddictTokenModel>(); | ||
|
||
builder | ||
.AddApplicationStore<AbpOpenIddictApplicationStore>() | ||
.AddAuthorizationStore<AbpOpenIddictAuthorizationStore>() | ||
.AddScopeStore<AbpOpenIddictScopeStore>() | ||
.AddTokenStore<AbpOpenIddictTokenStore>(); | ||
}) | ||
|
||
// Register the OpenIddict server components. | ||
.AddServer(options => | ||
{ | ||
// Enable the token endpoint. | ||
options.SetAuthorizationEndpointUris("connect/authorize", "connect/authorize/callback") | ||
.SetTokenEndpointUris("connect/token") | ||
.SetUserinfoEndpointUris("connect/userinfo"); | ||
|
||
// Enable the client credentials flow. | ||
options.AllowClientCredentialsFlow(); | ||
options.AllowPasswordFlow(); | ||
options.AllowAuthorizationCodeFlow(); | ||
|
||
// Register the signing and encryption credentials. | ||
options.AddDevelopmentEncryptionCertificate() | ||
.AddDevelopmentSigningCertificate(); | ||
|
||
// Register the ASP.NET Core host and configure the ASP.NET Core options. | ||
options.UseAspNetCore() | ||
.EnableAuthorizationEndpointPassthrough() | ||
.EnableTokenEndpointPassthrough() | ||
.EnableUserinfoEndpointPassthrough() | ||
.EnableLogoutEndpointPassthrough() | ||
.EnableVerificationEndpointPassthrough() | ||
.EnableStatusCodePagesIntegration(); | ||
|
||
options.DisableAccessTokenEncryption(); | ||
}) | ||
|
||
// Register the OpenIddict validation components. | ||
.AddValidation(options => | ||
{ | ||
// Import the configuration from the local OpenIddict server instance. | ||
options.UseLocalServer(); | ||
|
||
// Register the ASP.NET Core host. | ||
options.UseAspNetCore(); | ||
}); | ||
} | ||
} | ||
``` | ||
|
||
You also need to fill data into OpenIddict tables by following its own [documentation](https://documentation.openiddict.com/) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
src/Abp.AspNetCore.OpenIddict/Abp.AspNetCore.OpenIddict.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
<Project Sdk="Microsoft.NET.Sdk"> | ||
|
||
<Import Project="..\..\common.props" /> | ||
<Import Project="..\..\configureawait.props" /> | ||
<PropertyGroup> | ||
<TargetFramework>net8.0</TargetFramework> | ||
<GenerateDocumentationFile>true</GenerateDocumentationFile> | ||
<AssemblyName>Abp.AspNetCore.OpenIddict</AssemblyName> | ||
<PackageId>Abp.AspNetCore.OpenIddict</PackageId> | ||
<PackageTags>asp.net;asp.net mvc;boilerplate;application framework;web framework;framework;domain driven design;asp.net core;openiddict</PackageTags> | ||
<GenerateAssemblyTitleAttribute>false</GenerateAssemblyTitleAttribute> | ||
<GenerateAssemblyDescriptionAttribute>false</GenerateAssemblyDescriptionAttribute> | ||
<GenerateAssemblyConfigurationAttribute>false</GenerateAssemblyConfigurationAttribute> | ||
<GenerateAssemblyCompanyAttribute>false</GenerateAssemblyCompanyAttribute> | ||
<GenerateAssemblyProductAttribute>false</GenerateAssemblyProductAttribute> | ||
<GenerateAssemblyCopyrightAttribute>false</GenerateAssemblyCopyrightAttribute> | ||
<GeneratePackageOnBuild>False</GeneratePackageOnBuild> | ||
<RootNamespace>Abp</RootNamespace> | ||
<Description>Abp.AspNetCore.OpenIddict</Description> | ||
<IsPackable>true</IsPackable> | ||
<OutputType>Library</OutputType> | ||
</PropertyGroup> | ||
<ItemGroup> | ||
<ProjectReference Include="..\Abp.ZeroCore\Abp.ZeroCore.csproj" /> | ||
<ProjectReference Include="..\Abp.ZeroCore.OpenIddict\Abp.ZeroCore.OpenIddict.csproj" /> | ||
<ProjectReference Include="..\Abp.AspNetCore\Abp.AspNetCore.csproj" /> | ||
</ItemGroup> | ||
<ItemGroup> | ||
<PackageReference Include="OpenIddict.AspNetCore" Version="5.1.0" /> | ||
</ItemGroup> | ||
</Project> |
15 changes: 15 additions & 0 deletions
15
src/Abp.AspNetCore.OpenIddict/AspNetCore/OpenIddict/AbpAspNetCoreOpenIddictModule.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
using System.Reflection; | ||
using Abp.Modules; | ||
using Abp.OpenIddict; | ||
|
||
namespace Abp.AspNetCore.OpenIddict | ||
{ | ||
[DependsOn(typeof(AbpAspNetCoreModule), typeof(AbpZeroCoreOpenIddictModule))] | ||
public class AbpAspNetCoreOpenIddictModule : AbpModule | ||
{ | ||
public override void Initialize() | ||
{ | ||
IocManager.RegisterAssemblyByConvention(Assembly.GetExecutingAssembly()); | ||
} | ||
} | ||
} |
32 changes: 32 additions & 0 deletions
32
src/Abp.AspNetCore.OpenIddict/AspNetCore/OpenIddict/AbpAsyncEnumerableExtensions.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
using System; | ||
using System.Collections.Generic; | ||
using System.Threading.Tasks; | ||
|
||
namespace Abp.AspNetCore.OpenIddict | ||
{ | ||
public static class AbpAsyncEnumerableExtensions | ||
{ | ||
public static Task<List<T>> ToListAsync<T>(this IAsyncEnumerable<T> source) | ||
{ | ||
if (source is null) | ||
{ | ||
throw new ArgumentNullException(nameof(source)); | ||
} | ||
|
||
return ExecuteAsync(); | ||
|
||
async Task<List<T>> ExecuteAsync() | ||
{ | ||
var list = new List<T>(); | ||
|
||
await foreach (var element in source) | ||
{ | ||
list.Add(element); | ||
} | ||
|
||
return list; | ||
} | ||
} | ||
} | ||
|
||
} |
110 changes: 110 additions & 0 deletions
110
...ore.OpenIddict/AspNetCore/OpenIddict/Claims/AbpDefaultOpenIddictClaimsPrincipalHandler.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
using System.Linq; | ||
using System.Security.Claims; | ||
using System.Threading.Tasks; | ||
using Abp.Dependency; | ||
using Abp.Runtime.Security; | ||
using Microsoft.AspNetCore.Identity; | ||
using Microsoft.Extensions.DependencyInjection; | ||
using Microsoft.Extensions.Options; | ||
using Microsoft.IdentityModel.JsonWebTokens; | ||
using OpenIddict.Abstractions; | ||
|
||
namespace Abp.AspNetCore.OpenIddict.Claims | ||
{ | ||
public class AbpDefaultOpenIddictClaimsPrincipalHandler : IAbpOpenIddictClaimsPrincipalHandler, ITransientDependency | ||
{ | ||
public virtual Task HandleAsync(AbpOpenIddictClaimsPrincipalHandlerContext context) | ||
{ | ||
var securityStampClaimType = context | ||
.ScopeServiceProvider | ||
.GetRequiredService<IOptions<IdentityOptions>>().Value | ||
.ClaimsIdentity.SecurityStampClaimType; | ||
|
||
AddSubClaim(context); | ||
|
||
foreach (var claim in context.Principal.Claims) | ||
{ | ||
if (claim.Type == AbpClaimTypes.TenantId) | ||
{ | ||
claim.SetDestinations( | ||
OpenIddictConstants.Destinations.AccessToken, | ||
OpenIddictConstants.Destinations.IdentityToken | ||
); | ||
continue; | ||
} | ||
|
||
switch (claim.Type) | ||
{ | ||
case OpenIddictConstants.Claims.PreferredUsername: | ||
claim.SetDestinations(OpenIddictConstants.Destinations.AccessToken); | ||
if (context.Principal.HasScope(OpenIddictConstants.Scopes.Profile)) | ||
{ | ||
claim.SetDestinations( | ||
OpenIddictConstants.Destinations.AccessToken, | ||
OpenIddictConstants.Destinations.IdentityToken | ||
); | ||
} | ||
|
||
break; | ||
|
||
case JwtRegisteredClaimNames.UniqueName: | ||
claim.SetDestinations(OpenIddictConstants.Destinations.AccessToken); | ||
if (context.Principal.HasScope(OpenIddictConstants.Scopes.Profile)) | ||
{ | ||
claim.SetDestinations( | ||
OpenIddictConstants.Destinations.AccessToken, | ||
OpenIddictConstants.Destinations.IdentityToken | ||
); | ||
} | ||
|
||
break; | ||
|
||
case OpenIddictConstants.Claims.Email: | ||
claim.SetDestinations(OpenIddictConstants.Destinations.AccessToken); | ||
if (context.Principal.HasScope(OpenIddictConstants.Scopes.Email)) | ||
{ | ||
claim.SetDestinations( | ||
OpenIddictConstants.Destinations.AccessToken, | ||
OpenIddictConstants.Destinations.IdentityToken | ||
); | ||
} | ||
|
||
break; | ||
|
||
case OpenIddictConstants.Claims.Role: | ||
claim.SetDestinations(OpenIddictConstants.Destinations.AccessToken); | ||
if (context.Principal.HasScope(OpenIddictConstants.Scopes.Roles)) | ||
{ | ||
claim.SetDestinations( | ||
OpenIddictConstants.Destinations.AccessToken, | ||
OpenIddictConstants.Destinations.IdentityToken | ||
); | ||
} | ||
|
||
break; | ||
|
||
default: | ||
// Never include the security stamp in the access and identity tokens, as it's a secret value. | ||
if (claim.Type != securityStampClaimType) | ||
{ | ||
claim.SetDestinations(OpenIddictConstants.Destinations.AccessToken); | ||
} | ||
|
||
break; | ||
} | ||
} | ||
|
||
return Task.CompletedTask; | ||
} | ||
|
||
protected virtual void AddSubClaim(AbpOpenIddictClaimsPrincipalHandlerContext context) | ||
{ | ||
var nameIdClaim = context.Principal.Claims.First(c => c.Type == ClaimTypes.NameIdentifier); | ||
|
||
if (context.Principal.Claims.All(c => c.Type != JwtRegisteredClaimNames.Sub)) | ||
{ | ||
context.Principal.AddClaim(JwtRegisteredClaimNames.Sub, nameIdClaim.Value); | ||
} | ||
} | ||
} | ||
} |
Oops, something went wrong.