Identity server 4 integration of ABP

Source module: Volo Abp. IdentityServer
 
Initialize IdentityServer4
In the separate deployment mode of ABP, there is a class library dedicated to identity server 4 as an authentication and authorization server. First, set IdentityServer as the startup project and modify Appsettings JSON, and then run update database in the Nuget manager console to complete the data migration. There is a data seed generator class IdentityServerDataSeedContributor that deals specifically with initializing IdentityServer.
 
1. Dependence
The default identity server 4 mainly depends on Volo Abp. Account. Web. Identity server is a Nuget package to support login and logout based on identity server 4. From the source code, we can see that this package depends on AbpAccountWebModule and AbpIdentityServerDomainModule. The former handles the login interface and the latter handles IdentityServer4 (in fact, a layer of integration processing is done based on the native IdentityServer4). IdentityServerSupportedLoginModel and IdentityServerSupportedLogoutModel are the only two classes used to handle login and logout, which involves a lot of IdentityServer4 related processing. You can have a good look.
 
Initialize Api server and Web interface server
These two things are HttpApi.Host project and Web.Host project, mainly to modify Appsettings Just use the ConnectionStrings node in JSON. In particular, redis needs to be deployed, and api projects should rely on it. In a web project, OpenId Connect authentication needs to be configured
private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
        {
            context.Services.AddAuthentication(options =>
                {
                    options.DefaultScheme = "Cookies";
                    options.DefaultChallengeScheme = "oidc";
                })
                .AddCookie("Cookies", options =>
                {
                    options.ExpireTimeSpan = TimeSpan.FromDays(365);
                })
                .AddOpenIdConnect("oidc", options =>
                {
                    options.Authority = configuration["AuthServer:Authority"];
                    options.RequireHttpsMetadata = false;
                    options.ResponseType = OpenIdConnectResponseType.CodeIdToken;

                    options.ClientId = configuration["AuthServer:ClientId"];
                    options.ClientSecret = configuration["AuthServer:ClientSecret"];

                    options.SaveTokens = true;
                    options.GetClaimsFromUserInfoEndpoint = true;

                    options.Scope.Add("role");
                    options.Scope.Add("email");
                    options.Scope.Add("phone");
                    options.Scope.Add("ABPModuleSample_WithUI");

                    options.ClaimActions.MapJsonKey(AbpClaimTypes.UserName, "name");
                    options.ClaimActions.DeleteClaim("name");
                });
        }
Although there is also a controller, it is not used. It is mainly a web application, that is, the index in the Pages directory Cshtml page, call the ChallengeAsync method, and directly redirect to the middleware specifying the AuthenticationScheme.
 
summary
.Web. The host # project uses OpenId Connect authentication from Identity server obtains the identity and access token of the current user Then call with an access token HttpApi. Host. The HTTP API server uses bear token to verify the access token, obtain the current user declaration and authorize the user
 
reference resources:
[build ABP micro service from 0 to 1] - build authorization service
[set up ABP micro service from 0 to 1] - set up ABP user management service

Tags: IdentityServer4 abp

Posted by clandestine555 on Fri, 13 May 2022 13:37:57 +0300