Last active
October 22, 2018 08:59
Star
You must be signed in to star a gist
Aurelia + IdentityServer4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<template> | |
<div class="container"> | |
<ul repeat.for="nav of router.navigation | openIdConnectNavigationFilter:user"> | |
<li class="${nav.isActive ? 'active' : ''}"> | |
<a href.bind="nav.href"> | |
${nav.title} | |
</a> | |
</li> | |
</ul> | |
<hr /> | |
<router-view></router-view> | |
</div> | |
</template> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { RouterConfiguration, Router } from 'aurelia-router'; | |
import "toastr/build/toastr.css"; | |
import "font-awesome/css/font-awesome.css"; | |
import { autoinject } from 'aurelia-dependency-injection'; | |
import { PLATFORM } from 'aurelia-pal'; | |
import { User } from "oidc-client"; | |
import { OpenIdConnect, OpenIdConnectRoles } from "aurelia-open-id-connect"; | |
@autoinject() | |
export class App { | |
public router: Router; | |
public user: User; | |
constructor(private openIdConnect: OpenIdConnect) { | |
this.openIdConnect.observeUser((user: User) => this.user = user); | |
} | |
private configureRouter(config: RouterConfiguration, router: Router): void { | |
// switch from hash (#) to slash (/) navigation | |
config.options.pushState = true; | |
config.title = 'Title'; | |
config.map([ | |
{ | |
route: '/home', name: 'home', | |
moduleId: PLATFORM.moduleName('./routes/home/home'), | |
nav: true, title: 'Home', | |
settings: { | |
roles: [OpenIdConnectRoles.Authenticated] | |
} | |
}, | |
{ | |
route: ['', '/index'], name: 'index', | |
moduleId: PLATFORM.moduleName('./routes/home/index'), | |
nav: true, title: 'Index', settings: { roles: [OpenIdConnectRoles.Everyone] } | |
}, | |
{ | |
route: '/login', name: 'login', | |
moduleId: PLATFORM.moduleName('./routes/auth/login'), | |
nav: true, title: 'Login', settings: { roles: [ OpenIdConnectRoles.Anonymous ] } | |
} | |
]); | |
this.openIdConnect.configure(config); | |
this.router = router; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { autoinject } from "aurelia-framework"; | |
import { OpenIdConnect } from "aurelia-open-id-connect"; | |
import { HttpClient } from "aurelia-http-client"; | |
@autoinject() | |
export class Home { | |
private access_token; | |
private frameworks: Array<any>; | |
constructor(private openIdConnect: OpenIdConnect, private httpClient: HttpClient) { } | |
private async activate() { | |
this.access_token = (await this.openIdConnect.getUser()).access_token; | |
this.httpClient.configure(config => { | |
config.withBaseUrl("https://localhost:44346/") | |
.withHeader('Accept', 'application/json') | |
// adds the access token, so that we can call secure apis | |
.withHeader('Authorization', `Bearer ${this.access_token}`); | |
}); | |
return this.httpClient.get('api/secure') | |
.then(response => { | |
this.frameworks = response.content; | |
}); | |
} | |
private logout() { | |
this.openIdConnect.logout(); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public static class IdentityServerConfiguration | |
{ | |
public static IEnumerable<IdentityResource> IdentityResources => | |
new List<IdentityResource> { | |
new IdentityResources.OpenId() , | |
new IdentityResources.Profile() | |
}; | |
public static IEnumerable<ApiResource> ApiResources => | |
new[] { | |
new ApiResource( "aurelia_web_api" , "Aurelia WebApi") { | |
ApiSecrets = { new Secret( "apisecret".Sha256() ) } | |
} | |
}; | |
public static List<TestUser> Users => new List<TestUser>() { | |
new TestUser() { | |
SubjectId = "1D9F016D-58A9-4256-85A1-188ACE29DB44", | |
Username = "shahab" , | |
Password = "password" } | |
}; | |
// those who want to get access to protected resources, such as api or identity resources | |
public static IEnumerable<Client> Clients => new List<Client>(){ | |
new Client() { | |
ClientId = "aurelia_web_api_client_spa", | |
ClientName = "Aurelia SPA Application", | |
AllowedGrantTypes = GrantTypes.Implicit, | |
AllowAccessTokensViaBrowser = true , | |
RedirectUris = { "https://localhost:44347/signin-oidc" } , | |
PostLogoutRedirectUris = { "https://localhost:44347/signout-oidc" }, | |
AllowedCorsOrigins = { "https://localhost:44347" } , | |
AllowedScopes = new List<string>() { | |
IdentityServerConstants.StandardScopes.OpenId, | |
IdentityServerConstants.StandardScopes.Profile , | |
"aurelia_web_api" | |
} | |
} | |
}; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { OpenIdConnectConfiguration } from "aurelia-open-id-connect"; | |
import { UserManagerSettings, WebStorageStateStore } from "oidc-client"; | |
const appHost = "https://localhost:44347"; // you aurelia application url | |
export default { | |
loginRedirectRoute: "/login", // if the user is not authenticated the aurelia router will route you here | |
logoutRedirectRoute: "/index", // after a successful logout the aurelia router will land you here | |
unauthorizedRedirectRoute: "/login", // if the user is unauthorized you must see this page | |
userManagerSettings: { | |
authority: "https://localhost:44345/", // your identity server provider uri | |
automaticSilentRenew: true, | |
// IdentityServer4 supports OpenID Connect Session Management | |
// https://openid.net/specs/openid-connect-session-1_0.html | |
monitorSession: true, | |
checkSessionInterval: 2000, | |
// The client or application ID that the authority issues. | |
// this uniquely identidies your app on the server | |
client_id: "aurelia_web_api_client_spa", | |
filterProtocolClaims: true, | |
loadUserInfo: false, | |
// these two properties should match the exact properties on your client definition at server | |
post_logout_redirect_uri: `${appHost}/signout-oidc`, | |
redirect_uri: `${appHost}/signin-oidc`, | |
// what do you expect the server to return to you, | |
// "id_token" for identity resources and "token" for api resources | |
response_type: "id_token token", | |
// this should be a subset of your AllowedScopes defined on the server, you should at least provide openid | |
scope: "openid aurelia_web_api", | |
// number of millisecods to wait for the authorization | |
// server to response to silent renew request | |
silentRequestTimeout: 10000, | |
silent_redirect_uri: `${appHost}/signin-oidc`, | |
userStore: new WebStorageStateStore({ | |
prefix: "oidc", | |
store: window.localStorage, | |
}), | |
} as UserManagerSettings, | |
} as OpenIdConnectConfiguration; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class Startup | |
{ | |
public void ConfigureServices(IServiceCollection services) | |
{ | |
services.AddMvc(); | |
services.AddIdentityServer() | |
.AddDeveloperSigningCredential() | |
.AddTestUsers(IdentityServerConfiguration.Users) | |
.AddInMemoryClients(IdentityServerConfiguration.Clients) | |
.AddInMemoryApiResources(IdentityServerConfiguration.ApiResources) | |
.AddInMemoryIdentityResources(IdentityServerConfiguration.IdentityResources); | |
} | |
public void Configure(IApplicationBuilder app, IHostingEnvironment env) | |
{ | |
app.UseIdentityServer(); | |
app.UseStaticFiles(); | |
app.UseMvcWithDefaultRoute(); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment