diff --git a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs index abc92fbb..9cccb83d 100644 --- a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs +++ b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs @@ -147,60 +147,41 @@ namespace Ocelot.DependencyInjection if (identityServerConfiguration != null) { - services.TryAddSingleton(identityServerConfiguration); - services.TryAddSingleton(); - var identityServerBuilder = services - .AddIdentityServer(options => { - options.IssuerUri = "Ocelot"; - }) - .AddInMemoryApiResources(new List - { - new ApiResource - { - Name = identityServerConfiguration.ApiName, - Description = identityServerConfiguration.Description, - Enabled = identityServerConfiguration.Enabled, - DisplayName = identityServerConfiguration.ApiName, - Scopes = identityServerConfiguration.AllowedScopes.Select(x => new Scope(x)).ToList(), - ApiSecrets = new List - { - new Secret - { - Value = identityServerConfiguration.ApiSecret.Sha256() - } - } - } - }) - .AddInMemoryClients(new List - { - new Client - { - ClientId = identityServerConfiguration.ApiName, - AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, - ClientSecrets = new List {new Secret(identityServerConfiguration.ApiSecret.Sha256())}, - AllowedScopes = identityServerConfiguration.AllowedScopes, - AccessTokenType = identityServerConfiguration.AccessTokenType, - Enabled = identityServerConfiguration.Enabled, - RequireClientSecret = identityServerConfiguration.RequireClientSecret - } - }).AddResourceOwnerValidator(); + services.AddIdentityServer(identityServerConfiguration); + } + return services; + } - var whb = services.First(x => x.ServiceType == typeof(IWebHostBuilder)); - var urlFinder = new BaseUrlFinder((IWebHostBuilder)whb.ImplementationInstance); - var baseSchemeUrlAndPort = urlFinder.Find(); - JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); + private static void AddIdentityServer(this IServiceCollection services, IIdentityServerConfiguration identityServerConfiguration) + { + services.TryAddSingleton(identityServerConfiguration); + services.TryAddSingleton(); + var identityServerBuilder = services + .AddIdentityServer() + // .AddIdentityServer(options => { + // options.IssuerUri = "Ocelot"; + // }) + .AddInMemoryApiResources(Resources(identityServerConfiguration)) + .AddInMemoryClients(Client(identityServerConfiguration)) + .AddResourceOwnerValidator(); + + var whb = services.First(x => x.ServiceType == typeof(IWebHostBuilder)); + var urlFinder = new BaseUrlFinder((IWebHostBuilder)whb.ImplementationInstance); + var baseSchemeUrlAndPort = urlFinder.Find(); + JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); + + services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) + .AddIdentityServerAuthentication(o => + { + //todo - this needs to come from the config so have to get it in here... + o.Authority = baseSchemeUrlAndPort + "/administration"; + o.ApiName = identityServerConfiguration.ApiName; + o.RequireHttpsMetadata = identityServerConfiguration.RequireHttps; + o.SupportedTokens = SupportedTokens.Both; + o.ApiSecret = identityServerConfiguration.ApiSecret; + }); - services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) - .AddIdentityServerAuthentication(o => - { - o.Authority = baseSchemeUrlAndPort + "admin"; - o.ApiName = identityServerConfiguration.ApiName; - o.RequireHttpsMetadata = identityServerConfiguration.RequireHttps; - //o.AllowedScopes = identityServerConfiguration.AllowedScopes; - o.SupportedTokens = SupportedTokens.Both; - o.ApiSecret = identityServerConfiguration.ApiSecret; - }); if (string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificateLocation) || string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificatePassword)) { identityServerBuilder.AddDeveloperSigningCredential(); @@ -210,9 +191,64 @@ namespace Ocelot.DependencyInjection var cert = new X509Certificate2(identityServerConfiguration.CredentialsSigningCertificateLocation, identityServerConfiguration.CredentialsSigningCertificatePassword); identityServerBuilder.AddSigningCredential(cert); } - } + } - return services; + private static List Resources(IIdentityServerConfiguration identityServerConfiguration) + { + return new List + { + new ApiResource("admin", "My API") + }; + // return new List + // { + // new ApiResource + // { + // Name = identityServerConfiguration.ApiName, + // Description = identityServerConfiguration.Description, + // Enabled = identityServerConfiguration.Enabled, + // DisplayName = identityServerConfiguration.ApiName, + // Scopes = identityServerConfiguration.AllowedScopes.Select(x => new Scope(x)).ToList(), + // ApiSecrets = new List + // { + // new Secret + // { + // Value = identityServerConfiguration.ApiSecret.Sha256() + // } + // } + // } + // }; + } + + private static List Client(IIdentityServerConfiguration identityServerConfiguration) + { + return new List + { + // resource owner password grant client + new Client + { + ClientId = "admin", + AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, + + ClientSecrets = + { + new Secret("secret".Sha256()) + }, + AllowedScopes = { "admin" } + } + }; + // return new List + // { + // new Client + // { + // ClientId = identityServerConfiguration.ApiName, + // AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, + // ClientSecrets = new List {new Secret(identityServerConfiguration.ApiSecret.Sha256())}, + // AllowedScopes = identityServerConfiguration.AllowedScopes, + // AccessTokenType = identityServerConfiguration.AccessTokenType, + // Enabled = identityServerConfiguration.Enabled, + // RequireClientSecret = identityServerConfiguration.RequireClientSecret + // } + // }; } } } diff --git a/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs b/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs index 108b452b..57c9d3f4 100644 --- a/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs +++ b/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs @@ -181,12 +181,12 @@ namespace Ocelot.Middleware if(!string.IsNullOrEmpty(configuration.AdministrationPath) && identityServerConfiguration != null) { - builder.Map(configuration.AdministrationPath, app => { - app.UseMvc(); + Console.WriteLine("SETTING UP ADMIN AREA"); app.UseIdentityServer(); app.UseAuthentication(); + app.UseMvc(); }); } } diff --git a/test/Ocelot.ManualTest/Startup.cs b/test/Ocelot.ManualTest/Startup.cs index 89724a9d..e48f3cb7 100644 --- a/test/Ocelot.ManualTest/Startup.cs +++ b/test/Ocelot.ManualTest/Startup.cs @@ -34,7 +34,7 @@ namespace Ocelot.ManualTest { x.WithMicrosoftLogging(log => { - log.AddConsole(LogLevel.Debug); + //log.AddConsole(LogLevel.Debug); }) .WithDictionaryHandle(); }; diff --git a/test/Ocelot.ManualTest/configuration.json b/test/Ocelot.ManualTest/configuration.json index 6d2ee544..83dc9f66 100644 --- a/test/Ocelot.ManualTest/configuration.json +++ b/test/Ocelot.ManualTest/configuration.json @@ -312,6 +312,6 @@ "GlobalConfiguration": { "RequestIdKey": "OcRequestId", - "AdministrationPath": "/admin" + "AdministrationPath": "/administration" } } \ No newline at end of file