Skip to content

Instantly share code, notes, and snippets.

@shahabganji
Last active October 22, 2018 08:59
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save shahabganji/7edac38775812f3627e226904831b2e3 to your computer and use it in GitHub Desktop.
Aurelia + IdentityServer4
<template>
<div class="container">
<ul repeat.for="nav of router.navigation | openIdConnectNavigationFilter:user">
<li class="${nav.isActive ? 'active' : ''}">
<a href.bind="nav.href">
${nav.title}
</a>
</li>
</ul>
<hr />
<router-view></router-view>
</div>
</template>
import { RouterConfiguration, Router } from 'aurelia-router';
import "toastr/build/toastr.css";
import "font-awesome/css/font-awesome.css";
import { autoinject } from 'aurelia-dependency-injection';
import { PLATFORM } from 'aurelia-pal';
import { User } from "oidc-client";
import { OpenIdConnect, OpenIdConnectRoles } from "aurelia-open-id-connect";
@autoinject()
export class App {
public router: Router;
public user: User;
constructor(private openIdConnect: OpenIdConnect) {
this.openIdConnect.observeUser((user: User) => this.user = user);
}
private configureRouter(config: RouterConfiguration, router: Router): void {
// switch from hash (#) to slash (/) navigation
config.options.pushState = true;
config.title = 'Title';
config.map([
{
route: '/home', name: 'home',
moduleId: PLATFORM.moduleName('./routes/home/home'),
nav: true, title: 'Home',
settings: {
roles: [OpenIdConnectRoles.Authenticated]
}
},
{
route: ['', '/index'], name: 'index',
moduleId: PLATFORM.moduleName('./routes/home/index'),
nav: true, title: 'Index', settings: { roles: [OpenIdConnectRoles.Everyone] }
},
{
route: '/login', name: 'login',
moduleId: PLATFORM.moduleName('./routes/auth/login'),
nav: true, title: 'Login', settings: { roles: [ OpenIdConnectRoles.Anonymous ] }
}
]);
this.openIdConnect.configure(config);
this.router = router;
}
}
import { autoinject } from "aurelia-framework";
import { OpenIdConnect } from "aurelia-open-id-connect";
import { HttpClient } from "aurelia-http-client";
@autoinject()
export class Home {
private access_token;
private frameworks: Array<any>;
constructor(private openIdConnect: OpenIdConnect, private httpClient: HttpClient) { }
private async activate() {
this.access_token = (await this.openIdConnect.getUser()).access_token;
this.httpClient.configure(config => {
config.withBaseUrl("https://localhost:44346/")
.withHeader('Accept', 'application/json')
// adds the access token, so that we can call secure apis
.withHeader('Authorization', `Bearer ${this.access_token}`);
});
return this.httpClient.get('api/secure')
.then(response => {
this.frameworks = response.content;
});
}
private logout() {
this.openIdConnect.logout();
}
}
public static class IdentityServerConfiguration
{
public static IEnumerable<IdentityResource> IdentityResources =>
new List<IdentityResource> {
new IdentityResources.OpenId() ,
new IdentityResources.Profile()
};
public static IEnumerable<ApiResource> ApiResources =>
new[] {
new ApiResource( "aurelia_web_api" , "Aurelia WebApi") {
ApiSecrets = { new Secret( "apisecret".Sha256() ) }
}
};
public static List<TestUser> Users => new List<TestUser>() {
new TestUser() {
SubjectId = "1D9F016D-58A9-4256-85A1-188ACE29DB44",
Username = "shahab" ,
Password = "password" }
};
// those who want to get access to protected resources, such as api or identity resources
public static IEnumerable<Client> Clients => new List<Client>(){
new Client() {
ClientId = "aurelia_web_api_client_spa",
ClientName = "Aurelia SPA Application",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true ,
RedirectUris = { "https://localhost:44347/signin-oidc" } ,
PostLogoutRedirectUris = { "https://localhost:44347/signout-oidc" },
AllowedCorsOrigins = { "https://localhost:44347" } ,
AllowedScopes = new List<string>() {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile ,
"aurelia_web_api"
}
}
};
}
import { OpenIdConnectConfiguration } from "aurelia-open-id-connect";
import { UserManagerSettings, WebStorageStateStore } from "oidc-client";
const appHost = "https://localhost:44347"; // you aurelia application url
export default {
loginRedirectRoute: "/login", // if the user is not authenticated the aurelia router will route you here
logoutRedirectRoute: "/index", // after a successful logout the aurelia router will land you here
unauthorizedRedirectRoute: "/login", // if the user is unauthorized you must see this page
userManagerSettings: {
authority: "https://localhost:44345/", // your identity server provider uri
automaticSilentRenew: true,
// IdentityServer4 supports OpenID Connect Session Management
// https://openid.net/specs/openid-connect-session-1_0.html
monitorSession: true,
checkSessionInterval: 2000,
// The client or application ID that the authority issues.
// this uniquely identidies your app on the server
client_id: "aurelia_web_api_client_spa",
filterProtocolClaims: true,
loadUserInfo: false,
// these two properties should match the exact properties on your client definition at server
post_logout_redirect_uri: `${appHost}/signout-oidc`,
redirect_uri: `${appHost}/signin-oidc`,
// what do you expect the server to return to you,
// "id_token" for identity resources and "token" for api resources
response_type: "id_token token",
// this should be a subset of your AllowedScopes defined on the server, you should at least provide openid
scope: "openid aurelia_web_api",
// number of millisecods to wait for the authorization
// server to response to silent renew request
silentRequestTimeout: 10000,
silent_redirect_uri: `${appHost}/signin-oidc`,
userStore: new WebStorageStateStore({
prefix: "oidc",
store: window.localStorage,
}),
} as UserManagerSettings,
} as OpenIdConnectConfiguration;
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddTestUsers(IdentityServerConfiguration.Users)
.AddInMemoryClients(IdentityServerConfiguration.Clients)
.AddInMemoryApiResources(IdentityServerConfiguration.ApiResources)
.AddInMemoryIdentityResources(IdentityServerConfiguration.IdentityResources);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseIdentityServer();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment