public static IEnumerable<IdentityResource> GetIdentityResources() { return new IdentityResource[] { new IdentityResources.OpenId(), new IdentityResources.Profile(), new IdentityResource("sid","sid",new string[]{ "sid" }), new IdentityResource("role","role",new string[]{ "role" }), new IdentityResource("CommonAPI","CommonAPI",new string[]{ "CommonAPI" }) }; }
下面是客戶端:
Client oneResult = new Client { ClientId = client.ClientId, ClientName = client.ClientName, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, ClientSecrets = { new Secret("123".Sha256()) }, AllowOfflineAccess = true, RequireConsent = false, RequireClientSecret = false, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.OfflineAccess, "role", "CommonAPI" }, AuthorizationCodeLifetime = 36000, IdentityTokenLifetime = 36000, UserSsoLifetime = 36000 }; lstResult.Add(oneResult);
客戶端里如果有CommonAPI,但是上面的dentityResources里沒有的話,就會報{"error":"invalid_scope"}