Merge branch 'master' of https://github.com/ditdevtools/AuthorizationServerDemos

CSharp/OidcSamples/OidcSamples.AuthorizationServer/Config.cs

@@ -22,6 +22,7 @@ namespace OidcSamples.AuthorizationServer
             };
 
         private const string TrafficPoliceApi = "traffic-police-api";
+        private const string RealEstateApi = "real-estate-api";
 
         public static IEnumerable<ApiScope> ApiScopes =>
             new ApiScope[]
@@ -29,6 +30,10 @@ namespace OidcSamples.AuthorizationServer
                 new ApiScope(
                     TrafficPoliceApi,
                     "Traffic Police API scope"),
+
+                new ApiScope(
+                    RealEstateApi,
+                    "Real Estate API scope"),
             };
 
         public static IEnumerable<ApiResource> ApiResources =>
@@ -39,6 +44,13 @@ namespace OidcSamples.AuthorizationServer
                      // list of audiences when this scope is requested
                     Scopes = new List<string>{ TrafficPoliceApi },
                 },
+
+                new ApiResource(RealEstateApi, "Real Estate API")
+                {
+                     // This will make sure that `real-estate-api` will be in the 
+                     // list of audiences when this scope is requested
+                    Scopes = new List<string>{ RealEstateApi },
+                },
             };
 
         public static IEnumerable<Client> Clients =>
@@ -65,7 +77,7 @@ namespace OidcSamples.AuthorizationServer
                         IdentityServerConstants.StandardScopes.Profile,
                         IdentityServerConstants.StandardScopes.Email,
                         IdentityServerConstants.StandardScopes.Address,
-                        "traffic-police-api",
+                        TrafficPoliceApi,
                     },
                     RequirePkce = true,
                     PostLogoutRedirectUris =
@@ -76,6 +88,37 @@ namespace OidcSamples.AuthorizationServer
                     RequireConsent = false,
                 },
                 new Client
+                {
+                    // IdentityTokenLifetime = 
+                    // AuthorizationCodeLifetime = 
+                    AccessTokenLifetime = 60 * 60 * 8,
+                    AllowOfflineAccess = true,
+                    UpdateAccessTokenClaimsOnRefresh = true,
+                    ClientName = "Real Estate React App",
+                    ClientId = "real-estate-react-app",
+                    AllowedGrantTypes = GrantTypes.Code,
+                    RequireClientSecret = false,
+                    RedirectUris =
+                    {
+                        "http://localhost:4000/signin-oidc"
+                    },
+                    AllowedScopes =
+                    {
+                        IdentityServerConstants.StandardScopes.OpenId,
+                        IdentityServerConstants.StandardScopes.Profile,
+                        IdentityServerConstants.StandardScopes.Email,
+                        IdentityServerConstants.StandardScopes.Address,
+                        RealEstateApi,
+                    },
+                    RequirePkce = true,
+                    PostLogoutRedirectUris =
+                    {
+                       "http://localhost:4000/signout-callback-oidc"
+                    },
+
+                    RequireConsent = false,
+                },
+                new Client
                 {
                     AccessTokenLifetime = 60 * 60 * 8,
                     AllowOfflineAccess = true,

Node/real-estate/index.js

@@ -2,11 +2,28 @@ const express = require('express')
 const cors = require('cors')
 const bodyParser = require('body-parser')
 const db = require('./queries')
+const jwt = require('express-jwt');
+const jwksRsa = require('jwks-rsa');
 
 const app = express()
 app.use(cors())
 const port = 8000
 
+app.use(jwt({
+  // Dynamically provide a signing key based on the kid in the header and the signing keys provided by the JWKS endpoint.
+  secret: jwksRsa.expressJwtSecret({
+    cache: true,
+    rateLimit: true,
+    jwksRequestsPerMinute: 5,
+    jwksUri: `http://localhost:10000/.well-known/openid-configuration/jwks`
+  }),
+
+  // Validate the audience and the issuer.
+  audience: 'real-estate-api',
+  issuer: 'http://localhost:10000',
+  algorithms: [ 'RS256' ]
+}));
+
 app.use(bodyParser.json());
 app.use(
   bodyParser.urlencoded({

Node/real-estate/package.json

@@ -12,6 +12,8 @@
   "dependencies": {
     "cors": "^2.8.5",
     "express": "^4.17.1",
+    "express-jwt": "^6.0.0",
+    "jwks-rsa": "^1.12.2",
     "pg": "^8.5.1"
   }
 }

React/real-estate/.env

@@ -0,0 +1 @@
+PORT=4000

React/real-estate/src/pages/components/VehiclesMain.js

@@ -28,6 +28,7 @@ const VehiclesMain = () => {
   async function getVehicles() {
     console.log(user);
     const vehicles = await apiService.getVehiclesFromApi(user.access_token);
+    console.log(vehicles);
     setVehicleData(vehicles);
   }
 

React/real-estate/src/services/userService.js

@@ -3,11 +3,11 @@ import { storeUserError, storeUser } from "../actions/authActions";
 
 const config = {
   authority: "http://localhost:10000",
-  client_id: "traffic-police-react-app",
-  redirect_uri: "http://localhost:3000/signin-oidc",
+  client_id: "real-estate-react-app",
+  redirect_uri: "http://localhost:4000/signin-oidc",
   response_type: "code",
-  scope: "openid profile traffic-police-api",
-  post_logout_redirect_uri: "http://localhost:3000/signout-oidc",
+  scope: "openid profile real-estate-api",
+  post_logout_redirect_uri: "http://localhost:4000/signout-oidc",
 };
 
 const userManager = new UserManager(config);