问题
Actually I am having a small confusion related to architect as I have 2 separated application and 1 Identity Server4 Application, one of AspNet core 2.1 API solution which is running on different domain and server and same with other 2. Now I have below points:
- Have added my Client Application (which is Vue.js SPA) as client in Identity Server4 with Implicit mode as it is Js client
- Do I need to add The API application as a client in IDP Server.
- If yes then How to call any API from VUE.js with Axios as when login from Vue.js application it will get the Token for this client and that will be used to show hide the button or my section of the web page.
- I am bit confused that should I use the Claims which i got for the vue.js client to validate the API also.
- If I register the API a client in Identity Server 4 the How to invoke the api from the vue.js client Application.
回答1:
You should add the API as an ApiResource not as a Client and then register it in the Startup. You can check the quickstart for JS application where everything is configured here : https://github.com/IdentityServer/IdentityServer4.Samples/tree/master/Quickstarts/6_JavaScriptClient .
In the javascript client you need to call the Identity Server and authenticate. There's a library that does this for you: https://github.com/IdentityModel/oidc-client-js . It is also used in the quickstart so you can see how it is done.
On every call to the API the authorization header must be set to "Bearer " with the access token you got from the Identity Server. Also don't forget to setup Jwt Bearer Authentication in the API.
There is example code for everything I said in the Quickstart I mentioned before.
来源:https://stackoverflow.com/questions/55210705/how-to-protect-asp-net-core-2-1-and-vue-js-single-page-application-with-identity