MVCが出来たのでWEBAPIを実装する事で、
https://qiita.com/namikitakeo/items/0de598b8e43eb5b1ff94
Client Credentials Grantと、
https://qiita.com/namikitakeo/items/0c283b2e5da55670c542
Resource Owner Password Credentials Grantを再現しようと思います。
https://qiita.com/namikitakeo/items/ea23adbc0b5c941ff0ed
Tokenコントローラーを作成します。
http://localhost:5000/op/token
Controllers/TokenController.cs
usingSystem;usingSystem.IO;usingSystem.Collections.Generic;usingSystem.Linq;usingSystem.Threading.Tasks;usingMicrosoft.AspNetCore.Http;usingMicrosoft.AspNetCore.Mvc;usingMicrosoft.EntityFrameworkCore;usingmyop.Models;namespacemyop.Controllers{publicclassAccessToken{publicstringaccess_token{get;set;}publicintexpires_in{get;set;}publicstringtoken_type{get;set;}publicstringscope{get;set;}}[Route("op/[controller]")][ApiController]publicclassTokenController:ControllerBase{privatereadonlymyopContext_context;stringCLIENT_ID;stringCLIENT_SECRET;stringGRANT_TYPE;stringSCOPE;stringUSERNAME;stringPASSWORD;publicTokenController(myopContextcontext){_context=context;}// POST: op/token[HttpPost]publicasyncTask<ActionResult<AccessToken>>doPost(){stringbody=awaitnewStreamReader(HttpContext.Request.Body).ReadToEndAsync();string[]p=body.Split('&');for(inti=0;i<p.Length;i++){string[]values=p[i].Split('=');switch(values[0]){case"client_id":CLIENT_ID=values[1];break;case"client_secret":CLIENT_SECRET=values[1];break;case"grant_type":GRANT_TYPE=values[1];break;case"scope":SCOPE=values[1];break;case"username":USERNAME=values[1];break;case"password":PASSWORD=values[1];break;}}varclient=await_context.Clients.FindAsync(CLIENT_ID);if(client==null){returnnull;}if(client.GrantType!=GRANT_TYPE){returnnull;}stringt="openid";if(SCOPE!=null){string[]s=SCOPE.Split(' ');for(intj=0;j<s.Length;j++){if(s[j]!="openid"&&client.AllowedScope.Contains(s[j]))t=t+" "+s[j];}}SCOPE=t;if(client.AccessType=="confidential"){if(client.ClientSecret!=CLIENT_SECRET)returnnull;if(client.GrantType=="client_credentials")USERNAME="admin";}elseif(client.AccessType=="public"){if(client.GrantType!="password")returnnull;if(CLIENT_SECRET!=null)returnnull;}else{returnnull;}if(client.GrantType=="password"){varuser=await_context.Users.FindAsync(USERNAME);if(user==null)returnnull;if(user.Password!=PASSWORD)returnnull;}vartoken=await_context.Tokens.FindAsync(USERNAME);if(token!=null){_context.Tokens.Remove(token);await_context.SaveChangesAsync();}stringrandom=Guid.NewGuid().ToString("N").ToUpper();token=newToken{Id=USERNAME,AccessToken=random,ExpiresIn=60,TokenType="bearer",Scope=SCOPE,Iat=DateTime.Now};_context.Add(token);await_context.SaveChangesAsync();AccessTokenaccess_token=newAccessToken{access_token=random,expires_in=60,token_type="bearer",scope=SCOPE};returnaccess_token;}}}Client Credentials Grant動いているっぽい。
% curl -d "client_id=client2&client_secret=client2&grant_type=client_credentials&scope=openid address" http://localhost:5000/op/token
{"access_token":"57E63D3C3E7040F98D9FA4A8CE55EB2D","expires_in":60,"token_type":"bearer","scope":"openid address"}
Resource Owner Password Credentials Grant動いているっぽい。
% curl -d "client_id=client1&client_secret=client1&grant_type=password&username=user01&password=Password#1&scope=openid address" http://localhost:5000/op/token
{"access_token":"408AF2B56C064A228D6C341F01BC77EF","expires_in":60,"token_type":"bearer","scope":"openid address"}