upgrade to Identity Server 4 rtm

Author: andrelmp

src/Services/Identity/Identity.API/Configuration/Config.cs

@@ -1,31 +1,30 @@
 using IdentityServer4.Models;
 using Microsoft.Extensions.Options;
 using System.Collections.Generic;
+using IdentityServer4;
 
 namespace Identity.API.Configuration
 {
     public class Config
     {
-        // scopes define the resources in your system
-        public static IEnumerable<Scope> GetScopes()
+        // ApiResources define the apis in your system
+        public static IEnumerable<ApiResource> GetApis()
         {
-            return new List<Scope>
+            return new List<ApiResource>
             {
-                //Authentication OpenId uses this scopes;
-                StandardScopes.OpenId,
-                StandardScopes.Profile,
+                new ApiResource("orders", "Orders Service"),
+                new ApiResource("basket", "Basket Service")
+            };
+        }
 
-                //Each api we want to securice;
-                new Scope
-                {
-                    Name = "orders",
-                    Description = "Orders Service"
-                },
-                new Scope
-                {
-                    Name = "basket",
-                    Description = "Basket Service"
-                }
+        // Identity resources are data like user ID, name, or email address of a user
+        // see: http://docs.identityserver.io/en/release/configuration/resources.html
+        public static IEnumerable<IdentityResource> GetResources()
+        {
+            return new List<IdentityResource>
+            {
+                new IdentityResources.OpenId(),
+                new IdentityResources.Profile()
             };
         }
 
@@ -47,8 +46,8 @@ public static IEnumerable<Client> GetClients(Dictionary<string,string> clientsUr
                     AllowedCorsOrigins =     { $"{clientsUrl["Spa"]}" },
                     AllowedScopes =
                     {
-                        StandardScopes.OpenId.Name,
-                        StandardScopes.Profile.Name,
+                        IdentityServerConstants.StandardScopes.OpenId,
+                        IdentityServerConstants.StandardScopes.Profile,
                         "orders",
                         "basket"
                     }
@@ -65,8 +64,8 @@ public static IEnumerable<Client> GetClients(Dictionary<string,string> clientsUr
                     AllowedCorsOrigins =     { "http://eshopxamarin" },
                     AllowedScopes =
                     {
-                        StandardScopes.OpenId.Name,
-                        StandardScopes.Profile.Name,
+                        IdentityServerConstants.StandardScopes.OpenId,
+                        IdentityServerConstants.StandardScopes.Profile,
                         "orders",
                         "basket"
                     }
@@ -82,6 +81,7 @@ public static IEnumerable<Client> GetClients(Dictionary<string,string> clientsUr
                     ClientUri = $"{clientsUrl["Mvc"]}",                             // public uri of the client
                     AllowedGrantTypes = GrantTypes.Hybrid,
                     RequireConsent = false,
+                    AllowOfflineAccess = true,
                     RedirectUris = new List<string>
                     {
                         $"{clientsUrl["Mvc"]}/signin-oidc",
@@ -96,9 +96,9 @@ public static IEnumerable<Client> GetClients(Dictionary<string,string> clientsUr
                     },
                     AllowedScopes = new List<string>
                     {
-                        StandardScopes.OpenId.Name,
-                        StandardScopes.Profile.Name,
-                        StandardScopes.OfflineAccess.Name,
+                        IdentityServerConstants.StandardScopes.OpenId,
+                        IdentityServerConstants.StandardScopes.Profile,
+                        IdentityServerConstants.StandardScopes.OfflineAccess,
                         "orders",
                         "basket",
                     },

src/Services/Identity/Identity.API/Controllers/AccountController.cs

@@ -5,7 +5,6 @@
 using IdentityModel;
 using IdentityServer4.Quickstart.UI.Models;
 using IdentityServer4.Services;
-using IdentityServer4.Services.InMemory;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Mvc;
 using System;

src/Services/Identity/Identity.API/Controllers/ConsentController.cs

@@ -22,20 +22,20 @@ public class ConsentController : Controller
     {
         private readonly ILogger<ConsentController> _logger;
         private readonly IClientStore _clientStore;
-        private readonly IScopeStore _scopeStore;
+        private readonly IResourceStore _resourceStore;
         private readonly IIdentityServerInteractionService _interaction;
 
 
         public ConsentController(
             ILogger<ConsentController> logger,
             IIdentityServerInteractionService interaction,
             IClientStore clientStore,
-            IScopeStore scopeStore)
+            IResourceStore resourceStore)
         {
             _logger = logger;
             _interaction = interaction;
             _clientStore = clientStore;
-            _scopeStore = scopeStore;
+            _resourceStore = resourceStore;
         }
 
         /// <summary>
@@ -120,10 +120,10 @@ async Task<ConsentViewModel> BuildViewModelAsync(string returnUrl, ConsentInputM
                 var client = await _clientStore.FindEnabledClientByIdAsync(request.ClientId);
                 if (client != null)
                 {
-                    var scopes = await _scopeStore.FindEnabledScopesAsync(request.ScopesRequested);
-                    if (scopes != null && scopes.Any())
+                    var resources = await _resourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested);
+                    if (resources != null && (resources.IdentityResources.Any() || resources.ApiResources.Any()))
                     {
-                        return new ConsentViewModel(model, returnUrl, request, client, scopes);
+                        return new ConsentViewModel(model, returnUrl, request, client, resources);
                     }
                     else
                     {

src/Services/Identity/Identity.API/Identity.API.csproj

@@ -41,8 +41,8 @@
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="1.1.0-msbuild3-final">
       <PrivateAssets>All</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="IdentityServer4.AspNetIdentity" Version="1.0.0-rc3" />
-    <PackageReference Include="IdentityServer4.EntityFramework" Version="1.0.0-rc3" />
+    <PackageReference Include="IdentityServer4.AspNetIdentity" Version="1.0.0" />
+    <PackageReference Include="IdentityServer4.EntityFramework" Version="1.0.0" />
   </ItemGroup>
 
   <Target Name="PrepublishScript" BeforeTargets="PrepareForPublish">

src/Services/Identity/Identity.API/Models/AccountViewModels/ConsentViewModel.cs

@@ -10,7 +10,7 @@ namespace Identity.API.Models.AccountViewModels
 {
     public class ConsentViewModel : ConsentInputModel
     {
-        public ConsentViewModel(ConsentInputModel model, string returnUrl, AuthorizationRequest request, Client client, IEnumerable<Scope> scopes)
+        public ConsentViewModel(ConsentInputModel model, string returnUrl, AuthorizationRequest request, Client client, Resources resources)
         {
             RememberConsent = model?.RememberConsent ?? true;
             ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty<string>();
@@ -22,8 +22,8 @@ public ConsentViewModel(ConsentInputModel model, string returnUrl, Authorization
             ClientLogoUrl = client.LogoUri;
             AllowRememberConsent = client.AllowRememberConsent;
 
-            IdentityScopes = scopes.Where(x => x.Type == ScopeType.Identity).Select(x => new ScopeViewModel(x, ScopesConsented.Contains(x.Name) || model == null)).ToArray();
-            ResourceScopes = scopes.Where(x => x.Type == ScopeType.Resource).Select(x => new ScopeViewModel(x, ScopesConsented.Contains(x.Name) || model == null)).ToArray();
+            IdentityScopes = resources.IdentityResources.Select(x => new ScopeViewModel(x, ScopesConsented.Contains(x.Name) || model == null)).ToArray();
+            ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes).Select(x => new ScopeViewModel(x, ScopesConsented.Contains(x.Name) || model == null)).ToArray();
         }
 
         public string ClientName { get; set; }
@@ -47,6 +47,16 @@ public ScopeViewModel(Scope scope, bool check)
             Checked = check || scope.Required;
         }
 
+        public ScopeViewModel(IdentityResource identity, bool check)
+        {
+            Name = identity.Name;
+            DisplayName = identity.DisplayName;
+            Description = identity.Description;
+            Emphasize = identity.Emphasize;
+            Required = identity.Required;
+            Checked = check || identity.Required;
+        }
+
         public string Name { get; set; }
         public string DisplayName { get; set; }
         public string Description { get; set; }

src/Services/Identity/Identity.API/Startup.cs

@@ -77,7 +77,8 @@ public void ConfigureServices(IServiceCollection services)
             // Adds IdentityServer
             services.AddIdentityServer(x => x.IssuerUri = "null")
                 .AddSigningCredential(Certificate.Get())
-                .AddInMemoryScopes(Config.GetScopes())
+                .AddInMemoryApiResources(Config.GetApis())
+                .AddInMemoryIdentityResources(Config.GetResources())
                 .AddInMemoryClients(Config.GetClients(clientUrls))
                 .AddAspNetIdentity<ApplicationUser>()
                 .Services.AddTransient<IProfileService, ProfileService>(); 

src/Web/WebMVC/Startup.cs

@@ -112,15 +112,10 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF
                 ResponseType = "code id_token", 
                 SaveTokens = true,
                 GetClaimsFromUserInfoEndpoint = true,
-                RequireHttpsMetadata = false, 
+                RequireHttpsMetadata = false,
+                Scope = { "openid", "profile", "orders", "basket" }
             };
 
-            oidcOptions.Scope.Clear();
-            oidcOptions.Scope.Add("openid");
-            oidcOptions.Scope.Add("profile");
-            oidcOptions.Scope.Add("orders");
-            oidcOptions.Scope.Add("basket");
-
             //Wait untill identity service is ready on compose. 
             app.UseOpenIdConnectAuthentication(oidcOptions);