Question

我正在尝试在mongodb上实现PersistedGrantStore。我见过类似的问题和答案但到目前为止没有运气（How can I implement PersistedGrantStore on my mongodb database）。

我已经创建了一个来自IPersistedGrantStore的类，我已经使用AddTransient将它注入DI，但仍然没有在我的类中进行调用。以下是startup.cs

的ConfigureServices（IServiceCollection services）函数中的代码部分

services.AddAuthentication(o =>
        {
            o.DefaultScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
            o.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
        }).AddIdentityServerAuthentication(options =>
        {
            options.SaveToken = true;
            options.Authority = authorityServerURL;// "https://demo.identityserver.io";                    
                                                   //options.ApiName = "BWalle_API";
                                                   //options.ApiSecret = "Odsdffegfgdfgdfglq_";
            options.RequireHttpsMetadata = false;
            options.EnableCaching = false;                
            options.SupportedTokens = SupportedTokens.Jwt;
        });

var builder = services.AddIdentityServer(options =>
        {              
            options.Endpoints.EnableUserInfoEndpoint = true;
            options.Events = new EventsOptions()
            {
                RaiseErrorEvents = true,
                RaiseFailureEvents = true,
                RaiseInformationEvents = true,
                RaiseSuccessEvents = true
            };
        })
            .AddTestUsers(Config.GetUsers())
            .AddSigningCredential(new Microsoft.IdentityModel.Tokens.SigningCredentials(GetSecurityKey(), SecurityAlgorithms.RsaSha512Signature))                 
            .AddResourceStore<ResourceStore>()
            .AddClientStore<ClientStore>()                
            .AddProfileService<MongoDbProfileService>()
            .AddResourceOwnerValidator<MongoDbResourceOwnerPasswordValidator>()
            .AddJwtBearerClientAuthentication();

builder.Services.AddTransient<IPersistedGrantStore, PersistedGrantStore>();

这是ClientStore类：

public class ClientStore : IClientStore
{
    Task<Client> IClientStore.FindClientByIdAsync(string clientId)
    {
        Client client = new Client
        {
            ClientId = "BWalle_API",
            ClientName = "BWalle API Client",
            //AllowAccessTokensViaBrowser = true,
            //AlwaysSendClientClaims = true,                
            AllowedGrantTypes = new List<string>() {
                        GrantType.ResourceOwnerPassword,
                        GrantType.Hybrid,
                        GrantType.ClientCredentials                            
                    },
            ClientSecrets = new List<Secret>
                    {
                        new Secret("Odsdffegfgdfgdfglq_".Sha512())
                    },

            AllowedScopes = new List<string>
                    {
                        IdentityServer4.IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServer4.IdentityServerConstants.StandardScopes.Profile,
                        IdentityServer4.IdentityServerConstants.StandardScopes.Email,
                        IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess,
                        IdentityServer4.IdentityServerConstants.StandardScopes.Phone,
                        "BWalle_API"
                    },
            Enabled = true,
            //AllowedCorsOrigins = new List<string>
            //{
            //    "http://localhost:4200"
            //},                
            AllowOfflineAccess = true,
            AllowRememberConsent = false,                
            AccessTokenType = AccessTokenType.Jwt,
            IdentityTokenLifetime = 3600 * 24, // Lifetime to identity token in seconds (defaults to 300 seconds / 5 minutes)
            AccessTokenLifetime = 3600 * 24, //3600, // Lifetime of access token in seconds (defaults to 3600 seconds / 1 hour)
            AuthorizationCodeLifetime = 3600 * 24, // Lifetime of authorization code in seconds (defaults to 300 seconds / 5 minutes)
            RefreshTokenUsage = TokenUsage.ReUse,
            RefreshTokenExpiration = TokenExpiration.Sliding,
            UpdateAccessTokenClaimsOnRefresh = true,
            IncludeJwtId = true
        };

        return Task.FromResult<Client>(client);
    }
}

这是PersistedGrantStore类：

public class PersistedGrantStore : IPersistedGrantStore
{
    private readonly IAppRepository appRepository;

    public PersistedGrantStore(IAppRepository DBAppRepository)
    {
        this.appRepository = DBAppRepository;
    }


    public Task<IEnumerable<PersistedGrant>> GetAllAsync(string subjectId)
    {
        throw new NotImplementedException();
    }

    public Task<PersistedGrant> GetAsync(string key)
    {
        throw new NotImplementedException();            

    }

    public Task RemoveAllAsync(string subjectId, string clientId)
    {
        throw new NotImplementedException();            
    }

    public Task RemoveAllAsync(string subjectId, string clientId, string type)
    {
        throw new NotImplementedException();            
    }

    public Task RemoveAsync(string key)
    {
        throw new NotImplementedException();            
    }

    public Task StoreAsync(PersistedGrant grant)
    {
        throw new NotImplementedException();            
    }
}

我正在使用那些nuget包：

Identityserver4 \ 2.1.3，

Identityserver4.AccessTokenValidation \ 2.5.0

Contrib.Microsoft.aspnetcore.identity.mongodb \ 2.0.5

我成功地使用mongodb来存储用户和客户端，现在我正在尝试存储授权而不是在内存授予存储中使用，但是在PersistedGrantStore类中没有调用。

我使用ResourceOwner作为GrantType（JWT - Bearer Model）。

我看不出我错过了什么，任何帮助都会有所帮助!!!

Answer 1

解决!!!!缺少的是在从客户端向服务器发送到端点'/ connect / token'的连接请求时向'scope_access'添加范围。

使用正文中的数据发布'/ connect / token'的示例：

client_id = BWalle_API＆amp; client_secret = mysecretAPlq_＆amp; grant_type = password＆amp; scope = BWalle_API offline_access＆amp; username = undefined＆amp; password = undefined＆amp; rememberme =＆amp; VerCode = 1820-0327-2104-0012

如何在mongodb数据库上实现PersistedGrantStore？

1 个答案: