diff --git a/src/Ocelot/Configuration/Provider/HardCodedIdentityServerConfigurationProvider.cs b/src/Ocelot/Configuration/Provider/HardCodedIdentityServerConfigurationProvider.cs new file mode 100644 index 00000000..09780bc6 --- /dev/null +++ b/src/Ocelot/Configuration/Provider/HardCodedIdentityServerConfigurationProvider.cs @@ -0,0 +1,86 @@ +using System; +using System.Collections.Generic; +using IdentityServer4.AccessTokenValidation; +using IdentityServer4.Models; +using IdentityServer4.Test; + +namespace Ocelot.Configuration.Provider +{ + public class HardCodedIdentityServerConfigurationProvider : IIdentityServerConfigurationProvider + { + public IdentityServerConfiguration Get() + { + var url = ""; + return new IdentityServerConfiguration( + url, + "admin", + false, + SupportedTokens.Both, + "secret", + new List {"admin", "openid", "offline_access"}, + "Ocelot Administration", + true, + GrantTypes.ResourceOwnerPassword, + AccessTokenType.Jwt, + false, + new List { + new TestUser + { + Username = "admin", + Password = "admin", + SubjectId = "admin", + } + } + ); + } + } + + public interface IIdentityServerConfigurationProvider + { + IdentityServerConfiguration Get(); + } + + public class IdentityServerConfiguration + { + public IdentityServerConfiguration( + string identityServerUrl, + string apiName, + bool requireHttps, + SupportedTokens supportedTokens, + string apiSecret, + List allowedScopes, + string description, + bool enabled, + IEnumerable grantType, + AccessTokenType accessTokenType, + bool requireClientSecret, + List users) + { + IdentityServerUrl = identityServerUrl; + ApiName = apiName; + RequireHttps = requireHttps; + SupportedTokens = supportedTokens; + ApiSecret = apiSecret; + AllowedScopes = allowedScopes; + Description = description; + Enabled = enabled; + AllowedGrantTypes = grantType; + AccessTokenType = accessTokenType; + RequireClientSecret = requireClientSecret; + Users = users; + } + + public string IdentityServerUrl { get; private set; } + public string ApiName { get; private set; } + public bool RequireHttps { get; private set; } + public List AllowedScopes { get; private set; } + public SupportedTokens SupportedTokens { get; private set; } + public string ApiSecret { get; private set; } + public string Description {get;private set;} + public bool Enabled {get;private set;} + public IEnumerable AllowedGrantTypes {get;private set;} + public AccessTokenType AccessTokenType {get;private set;} + public bool RequireClientSecret = false; + public List Users {get;private set;} + } +} \ No newline at end of file diff --git a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs index fdc78bd1..0529c938 100644 --- a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs +++ b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs @@ -1,5 +1,6 @@ using System; using System.Collections.Generic; +using System.Linq; using System.Net.Http; using CacheManager.Core; using IdentityServer4.Models; @@ -60,27 +61,25 @@ namespace Ocelot.DependencyInjection public static IServiceCollection AddOcelot(this IServiceCollection services) { + var authProvider = new HardCodedIdentityServerConfigurationProvider(); + var identityServerConfig = authProvider.Get(); + services.AddIdentityServer() .AddTemporarySigningCredential() .AddInMemoryApiResources(new List { new ApiResource { - Name = "admin", - Description = "Ocelot Administration", - Enabled = true, - DisplayName = "admin", - Scopes = new List() - { - new Scope("admin"), - new Scope("openid"), - new Scope("offline_access") - }, + Name = identityServerConfig.ApiName, + Description = identityServerConfig.Description, + Enabled = identityServerConfig.Enabled, + DisplayName = identityServerConfig.ApiName, + Scopes = identityServerConfig.AllowedScopes.Select(x => new Scope(x)).ToList(), ApiSecrets = new List { new Secret { - Value = "secret".Sha256() + Value = identityServerConfig.ApiSecret.Sha256() } } } @@ -89,24 +88,17 @@ namespace Ocelot.DependencyInjection { new Client { - ClientId = "admin", + ClientId = identityServerConfig.ApiName, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, - ClientSecrets = new List {new Secret("secret".Sha256())}, - AllowedScopes = new List {"admin", "openid", "offline_access"}, - AccessTokenType = AccessTokenType.Jwt, - Enabled = true, - RequireClientSecret = false + ClientSecrets = new List {new Secret(identityServerConfig.ApiSecret.Sha256())}, + AllowedScopes = identityServerConfig.AllowedScopes, + AccessTokenType = identityServerConfig.AccessTokenType, + Enabled = identityServerConfig.Enabled, + RequireClientSecret = identityServerConfig.RequireClientSecret } }) - .AddTestUsers(new List - { - new TestUser - { - Username = "admin", - Password = "admin", - SubjectId = "admin", - } - }); + .AddTestUsers(identityServerConfig.Users); + services.AddMvcCore() .AddAuthorization() .AddJsonFormatters(); diff --git a/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs b/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs index 9aa7442f..57ed9bf3 100644 --- a/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs +++ b/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs @@ -157,6 +157,9 @@ namespace Ocelot.Middleware { var configuration = await CreateConfiguration(builder); + var authProvider = new HardCodedIdentityServerConfigurationProvider(); + var identityServerConfig = authProvider.Get(); + if(!string.IsNullOrEmpty(configuration.AdministrationPath)) { builder.Map(configuration.AdministrationPath, app => @@ -166,11 +169,11 @@ namespace Ocelot.Middleware app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions { Authority = identityServerUrl, - ApiName = "admin", - RequireHttpsMetadata = false, - AllowedScopes = new List(), + ApiName = identityServerConfig.ApiName, + RequireHttpsMetadata = identityServerConfig.RequireHttps, + AllowedScopes = identityServerConfig.AllowedScopes, SupportedTokens = SupportedTokens.Both, - ApiSecret = "secret" + ApiSecret = identityServerConfig.ApiSecret }); app.UseIdentityServer();