IdentityConfig Edited

IdentityServerService.Infrastructure/Persistence/IdentityConfig.cs

@@ -1,7 +1,10 @@
 using IdentityServer4.Models;
+using Newtonsoft.Json;
 using System;
 using System.Collections.Generic;
 using System.Text;
+using static IdentityModel.OidcConstants;
+using GrantTypes = IdentityServer4.Models.GrantTypes;
 
 namespace IdentityServerService.Infrastructure.Persistence
 {
@@ -14,32 +17,23 @@ public class IdentityConfig
                 new IdentityResources.Profile(),
                 new IdentityResource
                 {
-                    Name = "openid",
-                    DisplayName = "Open ID",
-                    Required = true,
-                    UserClaims = new List<string> { "sub" }
-                },
-                new IdentityResource
-                {
-                    Name = "profile",
-                    DisplayName = "User Profile",
-                    Emphasize = true,
-                    UserClaims = new List<string> { "name", "family_name", "given_name", "middle_name", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at", "role" }
+                    Name = "role",
+                    UserClaims = new List<string> { "role" }
                 }
            };
 
         public static IEnumerable<ApiScope> ApiScopes =>
-            new[] { new ApiScope("API.read"), new ApiScope("API.write"), };
+            new[] { new ApiScope("API.read"), new ApiScope("API.write"), new ApiScope("offline_access") };
         public static IEnumerable<ApiResource> ApiResources =>
             new[]
             {
                 new ApiResource("API")
                 {
                     Name = "portal-resource",
                     DisplayName = "Portal API Resource",
-                    Scopes = new List<string> { "API.read", "API.write" },
+                    Scopes = new List<string> { "API.read", "API.write", "offline_access" },
                     ApiSecrets = new List<Secret> { new Secret("ScopeSecret".Sha256()) },
-                    UserClaims = new List<string> { "id", "name", "email", "role" }
+                    UserClaims = new List<string> { "id", "name", "email", "role" },
                 }
             };
 
@@ -50,14 +44,16 @@ public class IdentityConfig
                 {
                     ClientId = "portal.client",
                     ClientName = "Portal Client Credentials Client",
-                    AllowedGrantTypes = GrantTypes.ClientCredentials,
+                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                     ClientSecrets = { new Secret("ClientSecret1".Sha256()) },
-                    AllowedScopes = { "API.read", "API.write", "offline_access" },
+                    AllowedScopes = { "API.read", "API.write", StandardScopes.OpenId },
                     AllowOfflineAccess = true,
                     AccessTokenLifetime = 3600,
                     RefreshTokenUsage = TokenUsage.OneTimeOnly,
                     RequireConsent= false,
-                    RequireClientSecret = true
+                    RequireClientSecret = true,
+                    AlwaysIncludeUserClaimsInIdToken = true,
+                    Enabled = true
                 }
             };
     }

IdentityServerService.Infrastructure/obj/Debug/netcoreapp3.1/IdentityServerService.Infrastructure.csproj.CoreCompileInputs.cache

@@ -1 +1 @@
-8a43b4927565bc8a90a208d1adf4e8c32cea33c585558434d70f94f219013726
+430461a127170bc3dd96ff3d4592705329b43bd02aae2712963410ae6ec686d8

IdentityServerService.Server/bin/Debug/netcoreapp3.1/appsettings.Development.json

@@ -6,53 +6,6 @@
       "Microsoft.Hosting.Lifetime": "Information"
     }
   },
-  "IdentityServer": {
-    "IdentityResources": [
-      {
-        "Name": "openid",
-        "DisplayName": "Open ID",
-        "Required": true,
-        "UserClaims": [ "sub" ]
-      },
-      {
-        "Name": "profile",
-        "DisplayName": "User profile",
-        "Emphasize": true,
-        "UserClaims": [ "name", "family_name", "given_name", "middle_name", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at", "role" ]
-      }
-    ],
-    "ApiResources": [
-      {
-        "Name": "portal-resource",
-        "DisplayName": "API Resource",
-        "UserClaims": [ "id", "name", "email", "role" ],
-        "Scopes": [
-          {
-            "Name": "rest.auth",
-            "DisplayName": "API Resource",
-            "Required": true,
-            "Emphasize": false,
-            "ShowInDiscoveryDocument": true
-          }
-        ]
-      }
-    ],
-    "Clients": [
-      {
-        "ClientId": "portal-api",
-        "AlwaysIncludeUserClaimsInIdToken": true,
-        "AllowOfflineAccess": true, //support refresh tokens
-        "AccessTokenLifetime": 3600,
-        "RequireConsent": false,
-        "ClientSecrets": [ { "Value": "lxl76J788Cvf1ds8CQJuFYGwTi7e3BXGCRK2JIUekmk=" } ], //youtubeeducation
-        "AllowedGrantTypes": [ "password", "code" ],
-        "AllowedScopes": [ "rest.auth" ],
-        "RefreshTokenUsage": "OneTimeOnly",
-        "RequireClientSecret": true,
-        "Enabled": true
-      }
-    ]
-  },
   "ConnectionStrings": {
     "IdentitySSConnection": "Server=localhost;Database=IdentitySSDb;Integrated Security=true;TrustServerCertificate=true;"
   }

IdentityServerService.Server/bin/Debug/netcoreapp3.1/appsettings.json

@@ -9,52 +9,5 @@
   "AllowedHosts": "*",
   "ConnectionStrings": {
     "IdentitySSConnection": "Server=localhost;Database=IdentitySSDb;Integrated Security=true;TrustServerCertificate=true;"
-  },
-  "IdentityServer": {
-    "IdentityResources": [
-      {
-        "Name": "openid",
-        "DisplayName": "Open ID",
-        "Required": true,
-        "UserClaims": [ "sub" ]
-      },
-      {
-        "Name": "profile",
-        "DisplayName": "User profile",
-        "Emphasize": true,
-        "UserClaims": [ "name", "family_name", "given_name", "middle_name", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at", "role" ]
-      }
-    ],
-    "ApiResources": [
-      {
-        "Name": "portal-resource",
-        "DisplayName": "API Resource",
-        "UserClaims": [ "id", "name", "email", "role" ],
-        "Scopes": [
-          {
-            "Name": "rest.auth",
-            "DisplayName": "API Resource",
-            "Required": true,
-            "Emphasize": false,
-            "ShowInDiscoveryDocument": true
-          }
-        ]
-      }
-    ],
-    "Clients": [
-      {
-        "ClientId": "portal-api",
-        "AlwaysIncludeUserClaimsInIdToken": true,
-        "AllowOfflineAccess": true, //support refresh tokens
-        "AccessTokenLifetime": 3600,
-        "RequireConsent": false,
-        "ClientSecrets": [ { "Value": "lxl76J788Cvf1ds8CQJuFYGwTi7e3BXGCRK2JIUekmk=" } ],
-        "AllowedGrantTypes": [ "password", "code" ],
-        "AllowedScopes": [ "rest.auth" ],
-        "RefreshTokenUsage": "OneTimeOnly",
-        "RequireClientSecret": true,
-        "Enabled": true
-      }
-    ]
   }
 }