OAuth2 Walkthrough using Identity Server and ASP.NET

Configuring and loading client and scope data with the CLI

Index

Creating an identity server using Aspnet Identity and Entity Framework storage
Extending Identity Server with Identity Manager (pre-release)
Configuring and loading client and scope data with the CLI
Creating an MVC Client using Resource Authorization

Loading the client and scope data

Rather than populating the tables with sql scripts, Thinktecture have provided a command line interface for loading the clients and scopes. In preparation for the upcoming MVC Client, I have altered the json.data document to below. This is the minimum amount of data required to configure the client

{
    "clients": {
        "remove": [ "demo-website" ],
        "add": [
            {
                "Enabled": true,
                "ClientId": "demo-website",
                "ClientName": "Demo Website",
                "ClientUri" :  "https://localhost:44308/",
                "Flow": "Hybrid",
                "RequireConsent": true,
                "RedirectUris": [
                    "https://localhost:44308/"
                ],
                "PostLogoutRedirectUris": [
                    "https://localhost:44308/"
                ],
                "AllowedScopes": [
                    "openid",
                    "roles",
                    "demo-website"
                ],
                "AccessTokenType": "JWT",
                "AccessTokenLifetime": 3600
            }
        ]
    },
    "scopes": {
        "remove": [ "openid", "roles", "demo-website" ],
        "add": [
			{
                "Name": "openid",
                "DisplayName": "User identifier",
                "Required": true,
                "Type": "Identity",
                "Claims": [
                    { "Name": "sub", "AlwaysIncludeInIdToken": true }
                ]
            },
            {
                "Name": "roles",
                "DisplayName": "User roles",
                "Required": true,
                "Type": "Identity",
                "Claims": [
                    { "Name": "role", "AlwaysIncludeInIdToken": true }
                ]
            },
            {
                "Name": "demo-website",
                "DisplayName": "Demo Website",
                "Required": true,
                "Type": "Resource",
                "IncludeAllClaimsForUser": true,
                "Claims": [
                     { "Name": "role", "AlwaysIncludeInIdToken": true }
                ]
            }
        ]
    }
}

With the source document complete, the data can be loaded with the follow command (substituting your own connection string name

IdSvr3EfCli.exe -connection cnn -file data.json

The output should be similar to

IdentityServer3.EntityFramework.Cli

The load can also be verified by inspecting the discovery document on Identity Server

Reference

When editing the json data, the following enums source from the IdentityServer3.Core.Models namespace may be useful

    public enum AccessTokenType {
        Jwt = 0,
        Reference = 1,
    }
    public enum Flows {
        AuthorizationCode = 0,
        Implicit = 1,
        Hybrid = 2,
        ClientCredentials = 3,
        ResourceOwner = 4,
        Custom = 5,
    }
    public enum ScopeType {
        Identity = 0,
        Resource = 1,
    }

Resources

https://github.com/IdentityServer/IdentityServer3.EntityFramework.Cli

Source Code

git clone https://github.com/mindfulsoftware/oauth2Demo.git