├── logout.html
├── callback.html
├── index.html
└── README.md


/logout.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 | <body>
 3 |   <h1>Logged out</h1>
 4 |   <h2><div id="info">...</div></h2>
 5 | 
 6 |   <script src="https://cdnjs.cloudflare.com/ajax/libs/oidc-client/1.8.2/oidc-client.min.js"></script>
 7 |   <script>
 8 |     const manager = new Oidc.UserManager();
 9 |     manager.signoutPopupCallback();
10 |   </script>
11 | </body>
12 | </html>
13 | 


--------------------------------------------------------------------------------
/callback.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 | <body>
 3 |   <h1>Callback</h1>
 4 |   <h2><div id="info">...</div></h2>
 5 | 
 6 |   <script src="https://cdnjs.cloudflare.com/ajax/libs/oidc-client/1.8.2/oidc-client.min.js"></script>
 7 |   <script>
 8 |     const manager = new Oidc.UserManager({
 9 |       response_mode: 'query'
10 |     });
11 |     manager.signinPopupCallback()
12 |       .then(function(user) {
13 |         // do something with the user?
14 |       }).catch(function(e) {
15 |         console.error(e);
16 |       });
17 |   </script>
18 | </body>
19 | </html>
20 | 


--------------------------------------------------------------------------------
/index.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 | 
 3 | <body>
 4 |   <h1>Hello</h1>
 5 |   <h2>
 6 |     <div id="info">...</div>
 7 |   </h2>
 8 |   <div id="logout" style="margin:20px"></div>
 9 |   <div id="at" style="margin:20px"></div>
10 |   <div id="result" style="margin:20px">foo</div>
11 | 
12 |   <script src="https://cdnjs.cloudflare.com/ajax/libs/oidc-client/1.8.2/oidc-client.min.js"></script>
13 |   <script>
14 |     (async () => {
15 | 
16 |       const config = {
17 |         authority: 'https://demo.identityserver.io/',
18 |         client_id: 'spa',
19 |         redirect_uri: 'http://localhost:8080/callback.html',
20 |         popup_post_logout_redirect_uri: 'http://localhost:8080/logout.html',
21 |         response_type: 'code',
22 |         scope: 'openid profile email api offline_access'
23 |       };
24 | 
25 |       const manager = new Oidc.UserManager(config);
26 |       const user = await manager.getUser();
27 | 
28 |       if (user) {
29 |         await userLoggedIn(user);
30 |       } else {
31 |         const infoElem = document.getElementById('info');
32 |         infoElem.innerText = 'Redirecting in 3s...';
33 | 
34 |         setTimeout(async () => {
35 |           try {
36 |             const usr = await manager.signinPopup();
37 |             await userLoggedIn(usr);
38 |           } catch (error) {
39 |             console.log(error);
40 |           }
41 |         }, 3000);
42 |       }
43 | 
44 |       async function userLoggedIn(user) {
45 |         addLogoutBtn();
46 | 
47 |         const infoElem = document.getElementById('info');
48 |         infoElem.innerText = 'Welcome ' + user.profile.name;
49 |         
50 |         const tokenElem = document.getElementById('at');
51 |         tokenElem.innerText = user.access_token;
52 | 
53 |         // call the API
54 |         const response = await fetch('https://localhost:6001/api/secure', {
55 |           headers: {
56 |             'Authorization': 'Bearer ' + user.access_token
57 |           }
58 |         });
59 | 
60 |         const data = await response.text();
61 |         document.getElementById('result').innerText = data;
62 |       }
63 | 
64 |       function addLogoutBtn() {
65 |         const button = document.createElement('button');
66 |         button.type = 'button';
67 |         button.innerText = 'logout';
68 |         button.style = 'width: 100px; height: 20px';
69 |         button.onclick = logout;
70 | 
71 |         document.getElementById('logout').appendChild(button);
72 |       }
73 | 
74 |       async function logout() {
75 |         try {
76 |           const result = await manager.signoutPopup();
77 |         } finally {
78 |           document.location.reload(true);
79 |         }
80 |       }
81 |     })();
82 |   </script>
83 | </body>
84 | 
85 | </html>
86 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Building OIDC SPA Client
  2 | start by reading:
  3 | https://identityserver4.readthedocs.io/en/latest/
  4 | 
  5 | They also have few videos:
  6 | https://identityserver4.readthedocs.io/en/latest/misc/videos.html
  7 | 
  8 | Try going through quick starts and playing with the code.
  9 | 
 10 | Once you have good understanding of OIDC (Open ID Connect) try your knowledge on one of the playgrounds (grown-up kind)
 11 | https://www.oauth.com/playground/
 12 | (0Auth and Octa have pretty good docs on the subject as well)
 13 | 
 14 | # Workshop
 15 | 
 16 | ## Build the API
 17 | ```bash
 18 | mkdir api && cd api
 19 | dotnet new webapi
 20 | dotnet new sln -n api
 21 | dotnet sln add api.csproj
 22 | ```
 23 | *Optional steps*
 24 | ```
 25 | curl https://raw.githubusercontent.com/github/gitignore/master/VisualStudio.gitignore -o .gitignore
 26 | git init
 27 | git add .
 28 | git commit –am “init commit”
 29 | ```
 30 | 
 31 | ## Change the port
 32 | In *launchSettings.json*:
 33 | ```json
 34 | "api": {
 35 |   "commandName": "Project",
 36 |   "launchBrowser": true,
 37 |   "launchUrl": "api/values",
 38 |   "applicationUrl": "https://localhost:6001;http://localhost:6000",
 39 | ```
 40 | 
 41 | ## Secure the API
 42 | In *Startup.cs*: 
 43 | ```csharp
 44 | services
 45 |   .AddMvcCore()
 46 |   .AddJsonFormatters()
 47 |   .AddAuthorization()
 48 |   .SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
 49 | 
 50 |  services.AddAuthentication("Bearer")
 51 |   .AddJwtBearer("Bearer", options =>
 52 |   {
 53 |       options.Authority = "https://demo.identityserver.io";
 54 |       options.Audience = "api";
 55 |   });
 56 |   ```
 57 | In *Configure(...)*:
 58 | ```csharp
 59 | app.UseAuthentication();
 60 | app.UseMvc();
 61 | ```
 62 | 
 63 | ## Create controler to secure
 64 | ```csharp
 65 | using System;
 66 | using System.Collections.Generic;
 67 | using System.Linq;
 68 | using System.Threading.Tasks;
 69 | using Microsoft.AspNetCore.Authorization;
 70 | using Microsoft.AspNetCore.Mvc;
 71 | 
 72 | namespace api.Controllers
 73 | {
 74 |     [Route("api/[controller]")]
 75 |     [ApiController]
 76 |     public class SecureController : Controller
 77 |     {
 78 |         [HttpGet]
 79 |         public IActionResult Info()
 80 |         {
 81 |             return new JsonResult(
 82 |                 from c in User?.Claims
 83 |                 select new { c.Type, c.Value });
 84 |         }
 85 |     }
 86 | }
 87 | ```
 88 | 
 89 | ## Test 1 - run and call the API
 90 | ```bash
 91 | dotnet watch run
 92 | curl https://localhost:6001/api/secure -k -v
 93 | ```
 94 | 
 95 | ## Secure the API
 96 | ```csharp
 97 |     [Authorize]
 98 |     [HttpGet]
 99 |     public IActionResult Info()
100 | ```
101 | 
102 | ## Try again calling the API
103 | ```bash
104 | curl https://localhost:6001/api/secure -k -v
105 | ```
106 | 
107 | ## Trying to get in - get the token
108 | Read https://identityserver4.readthedocs.io/en/latest/endpoints/token.html ​
109 | get the token from https://demo.identityserver.io
110 | 
111 | ## Get the token
112 | ```bash
113 | curl -v -X POST https://demo.identityserver.io/connect/token -d "client_id=client&client_secret=secret&grant_type=client_credentials&scope=api" | json_pp
114 | ```
115 | ## Call the API
116 | ```bash
117 | curl https://localhost:6001/api/secure -v -k --header "Authorization: Bearer xxx" | json_pp
118 | ```
119 | where *xxx* is the **access_token**
120 | 
121 | ## Inspect the token
122 | http://jwt.io
123 | 
124 | ## Create the SPA
125 | Using samples from this repo
126 | 
127 | ## Run the SPA
128 | ```bash
129 | npx http-server
130 | ```
131 | Docker way (there's always a docker way :) ):
132 | ```bash
133 | docker run --rm --name static-nginx -p 8080:80 -v $PWD/static:/usr/share/nginx/html:ro nginx​
134 | ```
135 | 
136 | ## Fix CORS in the API
137 | In *ConfigureServices(..)*:
138 | 
139 | ```csharp
140 |  services.AddCors(c => c.AddDefaultPolicy(builder =>
141 |     {
142 |         builder
143 |             .AllowAnyOrigin()
144 |             .AllowAnyHeader()
145 |             .AllowAnyMethod();
146 |     }));
147 | ```
148 | In *Configure(..)*:
149 | ```csharp
150 | app.UseCors();
151 | app.UseMvc();
152 | ```
153 | 


--------------------------------------------------------------------------------