namespace MyOffice.Web.Identity.Configure; using IdentityModel; using IdentityServer4; using IdentityServer4.Models; public class IdentityServerConfig { public static class ClaimConstants { public const string Subject = "subject"; public const string Permission = "permission"; } public static class ScopeConstants { public const string Roles = "roles"; } public const string ApiName = "api"; public const string ApiFriendlyName = "MyOffice.Web API"; public const string AppClientID = "angulartemplate_spa"; public static IEnumerable GetIdentityResources() { return new List { new IdentityResources.OpenId(), new IdentityResources.Profile(), new IdentityResources.Phone(), new IdentityResources.Email(), new(ScopeConstants.Roles, new List { JwtClaimTypes.Role }) }; } public static IEnumerable GetApiScopes() { return new List { new(ApiName, ApiFriendlyName) { UserClaims = { JwtClaimTypes.Name, JwtClaimTypes.Email, JwtClaimTypes.PhoneNumber, JwtClaimTypes.Role, ClaimConstants.Permission } } }; } public static IEnumerable GetApiResources() { return new List { new(ApiName) { Scopes = { ApiName } } }; } public static IEnumerable GetClients() { return new List { new() { ClientId = AppClientID, ClientSecrets = new List { new Secret("secret".Sha256()) }, AllowedGrantTypes = new[] { GrantType.AuthorizationCode, GrantType.ClientCredentials, GrantType.DeviceFlow, GrantType.ResourceOwnerPassword, "external" }, AllowAccessTokensViaBrowser = true, RequireClientSecret = false, RedirectUris = new[] { "http://localhost:4200/silent-refresh.html", }, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Phone, IdentityServerConstants.StandardScopes.Email, ScopeConstants.Roles, ApiName }, AllowOfflineAccess = true, RefreshTokenExpiration = TokenExpiration.Sliding, RefreshTokenUsage = TokenUsage.OneTimeOnly } }; } }