Allows IdentityServer4 to fetch Clients, API Resources, etc. using Kubernetes Custom Resources rather than a database.
Add the Contrib.IdentityServer4.KubernetesStore NuGet package to your existing IdentityServer4 project. You can then activate it in your Startup.cs:
services.AddKubeClient(Configuration.GetSection("Kubernetes"))
.AddIdentityServer(...)
.AddKubernetesConfigurationStore();This will default to connecting to the Kubernetes API using the Pod's service account. See the documentation of the KubeClient library for more options.
Register the Custom Resource Definitions in your Kubernetes cluster:
kubectl apply -f https://raw.githubusercontent.com/AXOOM/Contrib.IdentityServer4.KubernetesStore/develop/crd.yaml
You can then create Identity Server objects with Kubernetes resources.
apiVersion: contrib.identityserver.io/v1
kind: OauthClient
metadata:
namespace: mynamespace
name: myvendor-myapp
spec:
#clientId: mynamespace-myvendor-myapp # Automatically generated from meta.namespace+name
clientName: My App
accessTokenType: reference
allowAccessTokensViaBrowser: true
requireConsent: false
allowedGrantTypes:
- implicit
allowedScopes:
- openid
- profile
- email
- tenant
- myvendor-myapp.api
redirectUris:
- https://www.example.com/
allowedCorsOrigins:
- https://www.example.com/
frontChannelLogoutUri: https://www.example.com/apiVersion: contrib.identityserver.io/v1
kind: ApiResource
metadata:
namespace: mynamespace
name: myvendor-myapp
spec:
#name: mynamespace-myvendor-myapp # Automatically generated from meta.namespace+name
apiSecrets:
- value: somesecret
scopes:
- name: myvendor-myapp.api
userClaims:
- accessRun build.ps1 to compile the source code and create NuGet packages.
This script takes a version number as an input argument. The source code itself contains no version numbers. Instead version numbers should be determined at build time using GitVersion.