Hi, I have been putting the OpenIddict entities in their own "OpenIddict" schema in my database. It has worked fine until the latest version.
Right now, it is creating the tables in the "OpenIddict" schema like I want it to, but it is also creating the default schema (public as I'm using PGSQL) as well.
Any suggestions? I'm sure I'm just missing something in my Startup.cs.
Thanks!


In my Startup.cs
public void ConfigureServices(IServiceCollection services)
{
....
services.AddEntityFrameworkNpgsql().AddDbContextPool<AppDbContext>(options =>
{
options.UseNpgsql(Configuration["pgsql:housestay"], b => b.MigrationsAssembly("HouseStayEF"));
options.UseOpenIddict();
});
....
services.AddOpenIddict()
.AddCore(options =>
{
options.UseEntityFrameworkCore().UseDbContext<AppDbContext>();
})
.AddServer(options =>
{
options.UseMvc();
options.EnableTokenEndpoint("/auth/token");
options.AllowPasswordFlow();
//options.AllowCustomFlow(GrantTypes.Facebook);
//options.AllowCustomFlow(GrantTypes.Google);
options.AllowRefreshTokenFlow();
//options.AcceptAnonymousClients();
options.RegisterScopes(
OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles
);
options.SetAccessTokenLifetime(TimeSpan.FromHours(1));
options.SetRefreshTokenLifetime(TimeSpan.FromDays(180));
if (!_isProduction)
{
options.DisableHttpsRequirement();
}
});
....
}
In my AppDbContext.OnModelCreating:
protected override void OnModelCreating(ModelBuilder builder)
{
base.OnModelCreating(builder);
.....
builder.Entity<OpenIddictApplication>(e => { e.ToTable("Applications", "OpenIddict"); });
builder.Entity<OpenIddictAuthorization>(e => { e.ToTable("Authorizations", "OpenIddict"); });
builder.Entity<OpenIddictScope>(e => { e.ToTable("Scopes", "OpenIddict"); });
builder.Entity<OpenIddictToken>(e => { e.ToTable("Tokens", "OpenIddict"); });
.....
}
Hey Ryan,
Any chance you could share the usings you have in AppDbContext? I want to make sure you're using the good models there.
Hi @PinpointTownes ! It is using using the models from OpenIddict.Models.
using OpenIddict.Models;
This package was deprecated in RC3. You can read the announcement here: https://github.com/openiddict/openiddict-core/issues/608
Sorry, I missed that announcement. I removed the deprecated package and updated my DbContext OnModelCreating to use the models from OpenIddict.EntityFrameworkCore.Models instead.
Works as expected now. Thanks for your help. OpenIddict has been very useful!
ICYMI, I wrote a blog post about RC3 that recaps the changes introduced in this version: https://kevinchalet.com/2018/06/20/openiddict-rc3-is-out/
I'll take a look. Thanks!
Quick question, how do I allow only clients granted a custom scope to access a specific API controller or method ?
Grant the client a scp:[custom scope] permission. E.g scp:marketing_api.
Note: you can use the OpenIddictConstants.Permissions.Prefixes.Scope constant.
Cool, and is there an attribute I can decorate my controller or method with so that only that scope can use it?
Sorry I'm still learning all the aspects of oauth, even after developing with it for 2 years 馃榾
You can use the ASP.NET Core authorization policy builder: policy.RequireClaim(OAuthValidationConstants.Claims.Scope, "marketing_api").
Thanks, I'll do that.
Most helpful comment
You can use the ASP.NET Core authorization policy builder:
policy.RequireClaim(OAuthValidationConstants.Claims.Scope, "marketing_api").