ASP.NET Core Identity Server 4 Authorization Code PKCE JS
▌Introduction
For how PKCE Authorization Code Flow works, you can have a look on my previous article: [ASP.NET Core] Identity Server 4 – PKCE Authorization Code Flow.
The flow is as
following, we will focus on how to create a JavaScript client that can
authenticate user by Identity Server 4 and access the backend’s resource with a
given Access Token.
Notice that I
put the JavaScript client at the Backend Server to make the sample code simple
(As the following figure).
In the real
world, we have to separate the Javascript client (Client) and the Backend
Server (Resource server), see reference: [ASP.NET
Core] Identity Server 4 – Concepts.
Here is the
final result’s demo.
▋Related articles
01.
[OpenLDAP] Create an OpenLDAP
container
02. [ASP.NET Core] Identity Server 4
– Concepts
03.
[ASP.NET Core] Identity Server 4
– LDAP authentication
04.
[ASP.NET Core] Identity Server 4
– Secure Web API
05.
[ASP.NET Core] Identity Server 4
– Custom Event Sink
06.
[ASP.NET Core] Identity Server 4
– Refresh Token
07.
[ASP.NET Core] Identity Server 4
– Role based authorization
08.
[ASP.NET Core] Identity Server 4
– Policy based authorization
09.
[ASP.NET Core] Identity Server 4
- Dockerize
10.
[ASP.NET Core] Identity Server 4
– Client Credential
11. [ASP.NET Core] Identity Server 4
– Policy based authorization with custom Authorization Handler
12.
[ASP.NET Core] Identity Server 4
– Signing credential
13.
[ASP.NET Core] Identity Server 4
– Authenticate by multiple LDAP
14.
[ASP.NET Core] Identity Server 4
– Cache and refresh Discovery document
15.
[ASP.NET Core] Identity Server 4 – PKCE Authorization Code Flow
16.
[ASP.NET Core] Identity Server 4 – PKCE Authorization Code Flow (Javascript client)
▌Environment
▋Docker 18.05.0-ce
▋.NET Core SDK 3.1.201
▋IdentityServer4 3.1.2
▋oidc-client.js 1.11.5
▌Implement
The source code
is on my Github.
▋PKCE Client configuration on Auth Server
Go to Idsrv4 project
(Auth Server), and open InMemoryInitConfig.cs to set the below
configuration on a new client:
▋InMemoryInitConfig.cs
Notice that there
are some key settings:
Configuration |
Description |
Value |
AllowedGrantTypes |
Grant
type |
GrantTypes.Code |
RequirePkce |
Specifies
whether a proof key is required for authorization code based token requests
(defaults to false). |
true |
RequireClientSecret |
If
set to false, no client secret is needed to request tokens at the token
endpoint. |
false |
RedirectUris |
The
allowed Uri(s) to return Authorization Code or Tokens. |
|
PostLogoutRedirectUris |
Specifies
allowed URIs to redirect to after logout |
|
AllowedCorsOrigins |
Gets
or sets the allowed CORS origins for JavaScript clients. |
|
We have to implement
the AccountController in Identity Server, the code is as same as
[ASP.NET Core] Identity Server 4
– PKCE Authorization Code Flow
Or you can see the
full code on Github.
▋Client side
Since we put the
JavaScript client on Backend project, which is based on ASP.NET Core.
We have to do some initialization
works to enable related JS files.
First, install oidc-client.js with NPM.
Copy node_modules/oidc-client/dist/oidc-client.js
(or oidc-client.min.js)
to wwwroot/js/.
And create the
following js files:
File name |
Directory |
Description |
app.js |
wwwroot/js |
The
main javascript to run thru the authentication flow |
app-config.js |
wwwroot/js |
The js file structure is as following for reference.
Before we implement
the client logic, we have to enable static file serving.
▋Startup.cs: Configure
▋Views/LoginByJs.cshtml
Let’s create a View
as the main page, which will import the js files we had just created.
The page will be
like following, there are three buttons that we will implement their callbacks.
· Sign In
· Sign Out
· Test secured API
(Before logged in)
(Logged in)
▋app-config.js
We will set the
client and identity server’s host URLs that will be used for redirect URLs
after logged in or out in app.js.
▋app.js
Set the OIDC
configuration and logging,
Implement the
callbacks of 【Sign In】, 【Sign Out】 and 【Test secured API】.
The full code of app.js
is here.
▋Source Code
Github: KarateJB/AspNetCore.IdentityServer4.Sample
▌Reference
▋IdentityServer4: Adding a JavaScript client
沒有留言:
張貼留言