Identityserver4: Sample for single RESTful application?
Hey,
can we get an sample application where the IDS4 can be used in environments just in only one API server and one client?
For example:
- API (RESTful) server which is protected by IDS4 without any views and other not useful stuff in RESTful app
- Some clients which connects and makes authorization with RESTful API.
I actually have no clue how to do this :(
I tried to do something like this:
ConfigureServices:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear ();
services.AddAuthentication (IdentityServerAuthenticationDefaults.AuthenticationScheme);
services.AddIdentityServer (options => {
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddDeveloperSigningCredential ()
.AddInMemoryPersistedGrants ()
.AddInMemoryIdentityResources (IdentityConfig.GetIdentityResources ())
.AddInMemoryClients (IdentityConfig.GetClients ())
.AddTestUsers (IdentityConfig.GetUsers ());
services.AddMvcCore ();
Configure:
app.UseIdentityServer ();
app.UseAuthentication ();
app.UseMvc ();
but I am getting this error (its about this issue? https://github.com/IdentityServer/IdentityServer4/issues/2295):
Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.7\System.Text.Encoding.Extensions.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Loaded 'C:\Program Files\dotnet\store\x64\netcoreapp2.0\microsoft.entityframeworkcore.sqlserver\2.0.3\lib\netstandard2.0\Microsoft.EntityFrameworkCore.SqlServer.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Loaded 'C:\Program Files\dotnet\store\x64\netcoreapp2.0\microsoft.aspnetcore.diagnostics\2.0.3\lib\netstandard2.0\Microsoft.AspNetCore.Diagnostics.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Loaded 'C:\Program Files\dotnet\store\x64\netcoreapp2.0\microsoft.aspnetcore.diagnostics.entityframeworkcore\2.0.3\lib\netstandard2.0\Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
info: IdentityServer4.Startup[0]
You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.
IdentityServer4.Startup:Information: You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.
dbug: IdentityServer4.Startup[0]
Using Identity.Application as default scheme for authentication
IdentityServer4.Startup:Debug: Using Identity.Application as default scheme for authentication
dbug: IdentityServer4.Startup[0]
Using Identity.External as default scheme for sign-in
IdentityServer4.Startup:Debug: Using Identity.External as default scheme for sign-in
dbug: IdentityServer4.Startup[0]
Using Identity.External as default scheme for sign-out
IdentityServer4.Startup:Debug: Using Identity.External as default scheme for sign-out
dbug: IdentityServer4.Startup[0]
Using Identity.Application as default scheme for challenge
IdentityServer4.Startup:Debug: Using Identity.Application as default scheme for challenge
dbug: IdentityServer4.Startup[0]
Using Identity.Application as default scheme for forbid
IdentityServer4.Startup:Debug: Using Identity.Application as default scheme for forbid
Loaded 'C:\Program Files\dotnet\store\x64\netcoreapp2.0\microsoft.extensions.hosting.abstractions\2.0.3\lib\netstandard2.0\Microsoft.Extensions.Hosting.Abstractions.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.7\System.Threading.Timer.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.7\System.Threading.Thread.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Hosting environment: Development
Content root path: XXXX
Now listening on: http://localhost:5000
Application started. Press Ctrl+C to shut down.
Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.7\System.Numerics.Vectors.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Loaded 'C:\Program Files\dotnet\store\x64\netcoreapp2.0\system.runtime.compilerservices.unsafe\4.4.0\lib\netstandard2.0\System.Runtime.CompilerServices.Unsafe.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 POST http://localhost:5000/connect/token application/x-www-form-urlencoded 65
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 POST http://localhost:5000/connect/token application/x-www-form-urlencoded 65
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /connect/token matched to endpoint type Token
IdentityServer4.Hosting.EndpointRouter:Debug: Request path /connect/token matched to endpoint type Token
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
IdentityServer4.Hosting.EndpointRouter:Debug: Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
IdentityServer4.Hosting.IdentityServerMiddleware:Information: Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
dbug: IdentityServer4.Endpoints.TokenEndpoint[0]
Start token request.
IdentityServer4.Endpoints.TokenEndpoint:Debug: Start token request.
dbug: IdentityServer4.Validation.ClientSecretValidator[0]
Start client validation
IdentityServer4.Validation.ClientSecretValidator:Debug: Start client validation
dbug: IdentityServer4.Validation.BasicAuthenticationSecretParser[0]
Start parsing Basic Authentication secret
IdentityServer4.Validation.BasicAuthenticationSecretParser:Debug: Start parsing Basic Authentication secret
dbug: IdentityServer4.Validation.SecretParser[0]
Parser found secret: BasicAuthenticationSecretParser
IdentityServer4.Validation.SecretParser:Debug: Parser found secret: BasicAuthenticationSecretParser
dbug: IdentityServer4.Validation.SecretParser[0]
Secret id found: ro.client
IdentityServer4.Validation.SecretParser:Debug: Secret id found: ro.client
dbug: IdentityServer4.Stores.ValidatingClientStore[0]
client configuration validation for client ro.client succeeded.
IdentityServer4.Stores.ValidatingClientStore:Debug: client configuration validation for client ro.client succeeded.
dbug: IdentityServer4.Validation.SecretValidator[0]
Secret validator success: HashedSharedSecretValidator
IdentityServer4.Validation.SecretValidator:Debug: Secret validator success: HashedSharedSecretValidator
dbug: IdentityServer4.Validation.ClientSecretValidator[0]
Client validation success
IdentityServer4.Validation.ClientSecretValidator:Debug: Client validation success
Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.7\System.Diagnostics.Process.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
info: IdentityServer4.Events.DefaultEventService[0]
{
"Name": "Client Authentication Success",
"Category": "Authentication",
"EventType": "Success",
"Id": 1010,
"ClientId": "ro.client",
"AuthenticationMethod": "SharedSecret",
"ActivityId": "0HLE03A02CFBA:00000001",
"TimeStamp": "2018-05-22T19:30:39Z",
"ProcessId": 12572,
"LocalIpAddress": "::1:5000",
"RemoteIpAddress": "::1"
}
IdentityServer4.Events.DefaultEventService:Information: {
"Name": "Client Authentication Success",
"Category": "Authentication",
"EventType": "Success",
"Id": 1010,
"ClientId": "ro.client",
"AuthenticationMethod": "SharedSecret",
"ActivityId": "0HLE03A02CFBA:00000001",
"TimeStamp": "2018-05-22T19:30:39Z",
"ProcessId": 12572,
"LocalIpAddress": "::1:5000",
"RemoteIpAddress": "::1"
}
dbug: IdentityServer4.Validation.TokenRequestValidator[0]
Start token request validation
IdentityServer4.Validation.TokenRequestValidator:Debug: Start token request validation
dbug: IdentityServer4.Validation.TokenRequestValidator[0]
Start resource owner password token request validation
IdentityServer4.Validation.TokenRequestValidator:Debug: Start resource owner password token request validation
fail: IdentityServer4.Validation.ScopeValidator[0]
Requested scope not allowed: openid
IdentityServer4.Validation.ScopeValidator:Error: Requested scope not allowed: openid
fail: IdentityServer4.Validation.TokenRequestValidator[0]
{
"ClientId": "ro.client",
"GrantType": "password",
"Raw": {
"grant_type": "password",
"username": "alice",
"password": "***REDACTED***",
"scope": "openid"
}
}
IdentityServer4.Validation.TokenRequestValidator:Error: {
"ClientId": "ro.client",
"GrantType": "password",
"Raw": {
"grant_type": "password",
"username": "alice",
"password": "***REDACTED***",
"scope": "openid"
}
}
info: IdentityServer4.Events.DefaultEventService[0]
{
"Name": "Token Issued Failure",
"Category": "Token",
"EventType": "Failure",
"Id": 2001,
"ClientId": "ro.client",
"Endpoint": "Token",
"GrantType": "password",
"Error": "invalid_scope",
"ActivityId": "0HLE03A02CFBA:00000001",
"TimeStamp": "2018-05-22T19:30:39Z",
"ProcessId": 12572,
"LocalIpAddress": "::1:5000",
"RemoteIpAddress": "::1"
}
IdentityServer4.Events.DefaultEventService:Information: {
"Name": "Token Issued Failure",
"Category": "Token",
"EventType": "Failure",
"Id": 2001,
"ClientId": "ro.client",
"Endpoint": "Token",
"GrantType": "password",
"Error": "invalid_scope",
"ActivityId": "0HLE03A02CFBA:00000001",
"TimeStamp": "2018-05-22T19:30:39Z",
"ProcessId": 12572,
"LocalIpAddress": "::1:5000",
"RemoteIpAddress": "::1"
}
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 301.826ms 400 application/json; charset=UTF-8
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 301.826ms 400 application/json; charset=UTF-8
Regards,
TheAifam5.
question
TheAifam5
All 5 comments
API (RESTful) server which is protected by IDS4 without any views and other not useful stuff in RESTful app
Well you are going to need the login views unless you intend to only use the following two grant types
- Client credentials
- Resource owner password
One could also argue when talking about an Identity servers and web security that there isnt much that qualifies as "other not useful stuff"
I am not sure i completely understand what you are trying to do here. You want an example of using an API within the same project as the identity server?
LindaLawton
on 23 May 2018
@LindaLawton Thank you for your response!
Exactly that's what I want to do in my school project (Resource owner password). Would be nice to have such an example for this kind of application where IDS4 and API are together and IDS4 protects the API.
As you see in the first post - I actually figured out how to make it but I am not sure if that's correct setup and also like in the logs - I have an error where the user without requested scopes (or just only "openid" scope) is unable to authorize, but is able to authenticate.
Regards,
TheAifam5
TheAifam5
on 23 May 2018
I have a mini api in my IDS project its used by our third parties developers to create new clients directly on the identity server. Unless your API is actually writing to or reading from the same database that the Identity server itself is in I would say its better to put your api in a separate project.
This might help I cant remember exactly what was needed to get this working i just remember it being a pain:
_logger.LogInformation("Adding Authentication.");
services.AddAuthentication(IdentityServerConstants.DefaultCookieAuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
// base-address of your identityserver
options.Authority = "http://localhost:5000";
// name of the API resource
options.ApiName = "testapi";
options.RequireHttpsMetadata = false;
});
And for your methods use this
[Authorize(AuthenticationSchemes = "Bearer")]
Then when you call it just send the access token as a bearer token and you should have access.
_I will look into creating a sample project for this. I have answered a few questions on Stack Overflow along the same lines. So your not the only one needing an API within the IDS itself._
There is a sample for resource owner password as part of the quickstarts
LindaLawton
on 23 May 2018
❤1
All set on this issue -- can we close?
brockallen
on 31 May 2018
👍2
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars1.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 13 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
brockallen
路
3Comments
chrisrestall
路
3Comments
ekarlso
路
3Comments
agilenut
路
3Comments
mackie1001
路
3Comments
Most helpful comment
All set on this issue -- can we close?