OAuth2认证和授权：AuthorizationCode认证

前面的OAuth2认证，里面的授权服务器都是用的identityserver4搭建的

ids4没有之前一般都是Owin搭建授权服务器，博客园有很多

ids4出来后，一般都是用ids4来做认证和授权了，

所以这里简单说下AuthorizationCode认证，但授权服务器依然是ids4

下篇接受ids4的认证和授权

ConfigureServices配置:

#region OAuth认证

            services.AddAuthentication(options =>

            {

                //options.DefaultAuthenticateScheme=OAuthDefaults.DisplayName

                //options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;

                options.DefaultAuthenticateScheme = "Cookies";

                options.DefaultSignInScheme = "Cookies";

                //options.DefaultSignOutScheme = "Cookies";

                options.DefaultChallengeScheme = "OAuth";

            })

            .AddCookie()

            .AddOAuth("OAuth", options =>

            {

                options.ClientId = "OAuth.Client";

                options.ClientSecret = "secret";

                options.AuthorizationEndpoint = "http://localhost:5003/connect/authorize";

                options.TokenEndpoint = "http://localhost:5003/connect/token";

                options.CallbackPath = new PathString("/OAuth");

                options.SaveTokens = true;

                options.Scope.Add("OAuth1");

                options.Scope.Add("OAuth2");

                options.Scope.Add("OAuth3");

                //options.Scope.Add("offline_access");

                options.Events = new OAuthEvents()

                {

                    //OnRedirectToAuthorizationEndpoint = t =>

                    //{

                    //    t.Response.Redirect("http://localhost:5001/Account/userinfo");

                    //    return Task.FromResult(0);

                    //},

                    //远程异常触发

                    OnRemoteFailure = OAuthFailureHandler =>

                    {

                        //var msg = OAuthFailureHandler.Failure.Message;

                        var authProperties = options.StateDataFormat.Unprotect(OAuthFailureHandler.Request.Query["state"]);

                        var redirectUrl = authProperties.RedirectUri;

                        if (redirectUrl.Contains("/"))

                        {

                            redirectUrl = string.Format($"{redirectUrl.Substring(0, redirectUrl.LastIndexOf("/") + 1)}#");

// redirectUrl.Substring(0, redirectUrl.IndexOf("/") + 1);

                        }

                        //"http://localhost:5001/#"

                        OAuthFailureHandler.Response.Redirect(redirectUrl);

                        OAuthFailureHandler.HandleResponse();

                        return Task.FromResult();

                    }

                };

            });

            #endregion

中间件:
app.UseAuthentication();

授权服务器的ApiResource配置

var oauth = new ApiResource

            {

                Name = "OAuth.ApiName", //这是资源名称

                Description = "",

                DisplayName = "",

                Scopes = {

                    new Scope{

                        Name="OAuth1", //这里是指定客户端能使用的范围名称 , 是唯一的

                        Description="描述",

                        DisplayName="获得你的个人信息，好友关系",

                        Emphasize=true,

                        Required=true,

                        //ShowInDiscoveryDocument=true,

                    },

                    new Scope{

                        Name="OAuth2",

                        Description="描述",

                        DisplayName="分享内容到你的博客",

                        Emphasize=true,

                        Required=true,

                    },

                    new Scope{

                        Name="OAuth3",

                        Description="描述",

                        DisplayName="获得你的评论",

                    }

                }

            };