new resource based configuration changes (#509)

* first cut at config rework * cleanup * rework standard scopes * remove all claims for user * remove Enabled from Scope * add matching ctor * rc4 * add more convenience ctors * param name changes * remove api for adding resources * update quickstarts for rc4 config changes
IdentityServer · Nov 29, 2016 · f24cb9e · f24cb9e
1 parent 2e83a69
commit f24cb9e
Show file tree

Hide file tree

Showing 100 changed files with 1,657 additions and 1,340 deletions.
diff --git a/docs/quickstarts/0_overview.rst b/docs/quickstarts/0_overview.rst
@@ -35,7 +35,7 @@ Then select the "Empty Web" option.
 
 Next, add the IdentityServer4 nuget package by adding the following line to your project.json under the ´dependencies´ property::
 
-    "IdentityServer4": "1.0.0-rc3"
+    "IdentityServer4": "1.0.0-rc4"
     
 Alternatively you can use Package Manager Console to add the dependency by running the following command:
 

diff --git a/docs/quickstarts/1_client_credentials.rst b/docs/quickstarts/1_client_credentials.rst
@@ -7,24 +7,20 @@ This quickstart presents the most basic scenario for protecting APIs using Ident
 In this scenario we will define an API and a client that wants to access it.
 The client will request an access token at IdentityServer and use it to gain access to the API.
 
-Defining the scope
-^^^^^^^^^^^^^^^^^^
+Defining the API
+^^^^^^^^^^^^^^^^
 Scopes define the resources in your system that you want to protect, e.g. APIs.
 
 Since we are using the in-memory configuration for this walkthrough - all you need to do 
-to add an API, is to create an object of type ``Scope`` and set the appropriate properties.
+to add an API, is to create an object of type ``ApiResource`` and set the appropriate properties.
 
 Add a file (e.g. ``config.cs``) into your project and add the following code::
 
-    public static IEnumerable<Scope> GetScopes()
+    public static IEnumerable<ApiResource> GetApiResources()
     {
-        return new List<Scope>
+        return new List<ApiResource>
         {
-            new Scope
-            {
-                Name = "api1",
-                Description = "My API"
-            }
+            new ApiResource("api1", "My API")
         };
     }
 
@@ -68,10 +64,10 @@ under the covers these add the relevant stores and data into the DI system::
 
     public void ConfigureServices(IServiceCollection services)
     {
-        // configure identity server with in-memory stores, keys, clients and scopes
+        // configure identity server with in-memory stores, keys, clients and resources
         services.AddIdentityServer()
             .AddTemporarySigningCredential()
-            .AddInMemoryScopes(Config.GetScopes())
+            .AddInMemoryApiResources(Config.GetApiResources())
             .AddInMemoryClients(Config.GetClients());
     }
 
@@ -119,7 +115,7 @@ The job of that middleware is:
 
 Add the following package to your project.json::
 
-    "IdentityServer4.AccessTokenValidation": "1.0.1-rc3"
+    "IdentityServer4.AccessTokenValidation": "1.0.1-rc4"
 
 You also need to add the middleware to your pipeline. 
 It must be added **before** MVC, e.g.::
@@ -132,7 +128,7 @@ It must be added **before** MVC, e.g.::
         app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
         {
             Authority = "http://localhost:5000",
-            ScopeName = "api1",
+            AllowedScopes = { "api1" },
 
             RequireHttpsMetadata = false
         });
@@ -199,9 +195,11 @@ This is done using the ``SetBearerToken`` extension method::
     {
         Console.WriteLine(response.StatusCode);
     }
-
-    var content = response.Content.ReadAsStringAsync().Result;
-    Console.WriteLine(JArray.Parse(content));
+    else
+    {
+        var content = response.Content.ReadAsStringAsync().Result;
+        Console.WriteLine(JArray.Parse(content));
+    }
 
 The output should look like this:
 

diff --git a/docs/quickstarts/2_resource_owner_passwords.rst b/docs/quickstarts/2_resource_owner_passwords.rst
@@ -14,7 +14,7 @@ quickstart IdentityServer, and that's why we show it.
 
 Adding users
 ^^^^^^^^^^^^
-Just like there are in-memory stores for scopes and clients, there is also one for users.
+Just like there are in-memory stores for resources (aka scopes) and clients, there is also one for users.
 
 .. note:: Check the ASP.NET Identity based quickstarts for more information on how to properly store and manage user accounts.
 
@@ -47,7 +47,7 @@ Then register the in-memory users with IdentityServer::
         // configure identity server with in-memory stores, keys, clients and scopes
         services.AddIdentityServer()
             .AddTemporarySigningCredential()
-            .AddInMemoryScopes(Config.GetScopes())
+            .AddInMemoryApiResources(Config.GetApiResources())
             .AddInMemoryClients(Config.GetClients())
             .AddInMemoryUsers(Config.GetUsers());
     }

diff --git a/docs/quickstarts/3_interactive_login.rst b/docs/quickstarts/3_interactive_login.rst
@@ -83,33 +83,43 @@ Also modify the view of that action to display the claims of the user, e.g.::
 If you now navigate to that controller using the browser, a redirect attempt will be made
 to IdentityServer - this will result in an error because the MVC client is not registered yet.
 
-Adding support for OpenID Connect Scopes
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Adding support for OpenID Connect Identity Scopes
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Similar to OAuth 2.0, OpenID Connect also uses the scopes concept.
 Again, scopes represent something you want to protect and that clients want to access.
 In contrast to OAuth, scopes in OIDC don't represent APIs, but identity data like user id, 
 name or email address.
 
 Add support for the standard ``openid`` (subject id) and ``profile`` (first name, last name etc..) scopes
-by adding these scopes to your scopes configuration::
+by adding a new helper (in ``config.cs``) to create a collection of ``IdentityResource`` objects::
 
-    public static IEnumerable<Scope> GetScopes()
+    public static IEnumerable<IdentityResource> GetIdentityResources()
     {
-        return new List<Scope>
+        return new List<IdentityResource>
         {
-            StandardScopes.OpenId,
-            StandardScopes.Profile,
-
-            new Scope
-            {
-                Name = "api1",
-                Description = "My API"
-            }
+            new IdentityResources.OpenId(),
+            new IdentityResources.Profile(),
         };
     }
 
 .. note:: All standard scopes and their corresponding claims can be found in the OpenID Connect `specification <https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims>`_
 
+You will then need to add these identity resources to your IdentityServer configuration in ``Startup.cs``. 
+Use the ``AddInMemoryIdentityResources`` extension method where you call ``AddIdentityServer()``::
+
+    public void ConfigureServices(IServiceCollection services)
+    {
+        services.AddMvc();
+
+        // configure identity server with in-memory stores, keys, clients and scopes
+        services.AddIdentityServer()
+            .AddTemporarySigningCredential()
+            .AddInMemoryIdentityResources(Config.GetIdentityResources())
+            .AddInMemoryApiResources(Config.GetApiResources())
+            .AddInMemoryClients(Config.GetClients())
+            .AddInMemoryUsers(Config.GetUsers());
+    }
+
 Adding a client for OpenID Connect implicit flow
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 The last step is to add a new client to IdentityServer.
@@ -140,8 +150,8 @@ Add the following to your clients configuration::
 
                 AllowedScopes = new List<string>
                 {
-                    StandardScopes.OpenId.Name,
-                    StandardScopes.Profile.Name
+                    IdentityServerConstants.StandardScopes.OpenId,
+                    IdentityServerConstants.StandardScopes.Profile
                 }
             }
         };

diff --git a/docs/quickstarts/5_hybrid_and_api_access.rst b/docs/quickstarts/5_hybrid_and_api_access.rst
@@ -44,16 +44,14 @@ this allows requesting refresh tokens for long lived API access::
 
         AllowedScopes = 
         {
-            StandardScopes.OpenId.Name,
-            StandardScopes.Profile.Name,
-            StandardScopes.OfflineAccess.Name,
+            IdentityServerConstants.StandardScopes.OpenId,
+            IdentityServerConstants.StandardScopes.Profile,
             "api1"
-        }
+        },
+        AllowOfflineAccess = true
     }
 };
 
-.. note:: Don't forget to register ``StandardScopes.OfflineAccess`` in your scopes configuration.
-
 Modifying the MVC client
 ^^^^^^^^^^^^^^^^^^^^^^^^
 The modifications at the MVC client are also minimal - the ASP.NET Core OpenID Connect 

diff --git a/docs/quickstarts/6_aspnet_identity.rst b/docs/quickstarts/6_aspnet_identity.rst
@@ -45,7 +45,7 @@ Add IdentityServer packages
 
 Add the ``IdentityServer4.AspNetIdentity`` package to `project.json`::
 
-    "IdentityServer4.AspNetIdentity": "1.0.0-rc3"
+    "IdentityServer4.AspNetIdentity": "1.0.0-rc4"
 
 
 Scopes and Clients Configuration
@@ -73,13 +73,13 @@ We've not yet copied over the consent code from the prior IdentityServer project
         RedirectUris           = { "http://localhost:5002/signin-oidc" },
         PostLogoutRedirectUris = { "http://localhost:5002" },
 
-        AllowedScopes = 
+        AllowedScopes =
         {
-            StandardScopes.OpenId.Name,
-            StandardScopes.Profile.Name,
-            StandardScopes.OfflineAccess.Name,
+            IdentityServerConstants.StandardScopes.OpenId,
+            IdentityServerConstants.StandardScopes.Profile,
             "api1"
-        }
+        },
+        AllowOfflineAccess = true
     }
 
 Configure IdentityServer
@@ -112,7 +112,8 @@ The ``AddAspNetIdentity`` extension method requires a generic parameter which is
         // Adds IdentityServer
         services.AddIdentityServer()
             .AddTemporarySigningCredential()
-            .AddInMemoryScopes(Config.GetScopes())
+            .AddInMemoryIdentityResources(Config.GetIdentityResources())
+            .AddInMemoryApiResources(Config.GetApiResources())
             .AddInMemoryClients(Config.GetClients())
             .AddAspNetIdentity<ApplicationUser>();
     }

diff --git a/docs/quickstarts/7_javascript_client.rst b/docs/quickstarts/7_javascript_client.rst
@@ -70,7 +70,7 @@ Add a new NPM package file to your project and name it `package.json`:
 In `package.json` add a ``devDependency`` to ``oidc-client``::
 
   "devDependencies": {
-    "oidc-client": "1.1.0"
+    "oidc-client": "1.2.2"
   }
 
 Once you have saved this file, Visual Studio should automatically restore these packages into a folder called `node_modules`:
@@ -243,8 +243,8 @@ It should have the configuration listed below::
 
         AllowedScopes = 
         {
-            StandardScopes.OpenId.Name,
-            StandardScopes.Profile.Name,
+            IdentityServerConstants.StandardScopes.OpenId,
+            IdentityServerConstants.StandardScopes.Profile,
             "api1"
         }
     }
@@ -296,7 +296,7 @@ Finally, add the CORS middleware to the pipeline in ``Configure``::
         app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
         {
             Authority = "http://localhost:5000",
-            ScopeName = "api1",
+            AllowedScopes = { "api1" },
 
             RequireHttpsMetadata = false
         });

diff --git a/docs/quickstarts/8_entity_framework.rst b/docs/quickstarts/8_entity_framework.rst
@@ -15,7 +15,7 @@ These stores are modeled with interfaces, and we provide an EF implementation of
 
 Get started by adding a reference to the `IdentityServer4.EntityFramework` Nuget package in `project.json` in the IdentityServer project:: 
 
-    "IdentityServer4.EntityFramework": "1.0.0-rc3"
+    "IdentityServer4.EntityFramework": "1.0.0-rc4"
 
 Adding SqlServer
 ^^^^^^^^^^^^^^^^
@@ -118,11 +118,20 @@ In `Startup.cs` add this method to help initialize the database::
                 context.SaveChanges();
             }
 
-            if (!context.Scopes.Any())
+            if (!context.IdentityResources.Any())
             {
-                foreach (var scope in Config.GetScopes())
+                foreach (var resource in Config.GetIdentityResources())
                 {
-                    context.Scopes.Add(scope.ToEntity());
+                    context.IdentityResources.Add(resource.ToEntity());
+                }
+                context.SaveChanges();
+            }
+
+            if (!context.ApiResources.Any())
+            {
+                foreach (var resource in Config.GetApiResources())
+                {
+                    context.ApiResources.Add(resource.ToEntity());
                 }
                 context.SaveChanges();
             }