{"id":18881,"date":"2020-11-07T20:14:06","date_gmt":"2020-11-07T20:14:06","guid":{"rendered":"https:\/\/www.gencayyildiz.com\/blog\/?p=18881"},"modified":"2020-11-07T20:14:06","modified_gmt":"2020-11-07T20:14:06","slug":"identityserver4-yazi-serisi-13-merkezi-uyelik-sistemi-access-token-ile-apilerle-haberlesme","status":"publish","type":"post","link":"https:\/\/www.gencayyildiz.com\/blog\/identityserver4-yazi-serisi-13-merkezi-uyelik-sistemi-access-token-ile-apilerle-haberlesme\/","title":{"rendered":"IdentityServer4 Yaz\u0131 Serisi #13 \u2013 Merkezi \u00dcyelik Sistemi \u2013 Access Token \u0130le API’lerle Haberle\u015fme"},"content":{"rendered":"
<\/div>\n

Merhaba,<\/p>\n

Bir \u00f6nceki Merkezi \u00dcyelik Sistemi \u2013 Claim ve Authentication Propertyleri Okuma<\/a> ba\u015fl\u0131kl\u0131 makalemizde IdentityServer4 mimarisinden claim bilgileri ile birlikte access token, refresh token gibi de\u011ferlerin nas\u0131l al\u0131nd\u0131\u011f\u0131n\u0131 incelemi\u015ftik. Bu i\u00e7eri\u011fimizde ise client taraf\u0131ndan elde edilen access token ile IdentityServer4 taraf\u0131ndan korunan API’lara nas\u0131l eri\u015filebildi\u011fini inceleyece\u011fiz.<\/p>\n

Client’a Scope(Eri\u015fim Yetkisi) Verme?<\/h3>\n

Client, her ne kadar access token bilgisini elinde bar\u0131nd\u0131r\u0131yor olsada eri\u015fmek istedi\u011fi API’\u0131n ‘Scope’lar\u0131n\u0131 da bar\u0131nd\u0131rmas\u0131 gerekmektedir. Misal; ‘GarantiAPI’ isimli API’a eri\u015fmek istedi\u011fimizi varsayal\u0131m.
\n\"IdentityServer4<\/a>G\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere ilgili API’\u0131 IdentityServer’da temsil eden ‘ApiResource’ nesnesindeki ‘Scopes’ koleksiyonunda API’\u0131n eri\u015fim yetkileri tan\u0131mlanm\u0131\u015ft\u0131r. Dolay\u0131s\u0131yla bu yetkilerin ‘Config.cs’de geli\u015ftirilen client’ta(OnlineBankamatik) da tan\u0131mlanmas\u0131 gerekmektedir.
 
 
\n\u015e\u00f6yle ki;
\n\"IdentityServer4<\/a>
\nBu i\u015flemden sonra client taraf\u0131ndan istenilen scope’lar(yetkiler) birde ilgili client uygulamas\u0131n\u0131n ‘Startup.cs’ dosyas\u0131nda da bildirilmelidir.
\n\"IdentityServer4<\/a>
\nClient uygulamas\u0131nda bu i\u015flemi yapmam\u0131z\u0131n sebebi, IdentityServer’da(Auth Server) kendisine dair olu\u015fturulmu\u015f client’ta bu scope de\u011ferleri tan\u0131mlanm\u0131\u015f olup olmamas\u0131n\u0131 check etmesidir. Aksi taktirde, IdentityServer taraf\u0131nda tan\u0131ml\u0131 olan client’a verilmeyen bir scope de\u011feri, client taraf\u0131ndan talep edilirse hata meydana gelecektir.<\/p>\n

Yap\u0131lan bu konfig\u00fcrasyonlardan sonra art\u0131k uygulamay\u0131 test edebiliriz.<\/p>\n

Test Edelim<\/h3>\n

Test i\u00e7in \u00f6ncelikle client taraf\u0131ndan giri\u015f yap\u0131lmal\u0131 ve ard\u0131ndan bu ayarlarda(yani belirtilen scope de\u011ferlerinde) yetkileri bar\u0131nd\u0131ran access token elde edilmelidir.
\n\"IdentityServer4<\/a>Evet, access token’\u0131 elde etti\u011fimize g\u00f6re art\u0131k testimize ba\u015flayabiliriz.<\/p>\n

Postman \u0130le Test<\/h5>\n

\"IdentityServer4<\/a>
\nAccess token ile Postman \u00fczerinden yap\u0131lan istek neticesinde g\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere ba\u015far\u0131yla authorized olunmakta ve haberle\u015fme sa\u011flanmaktad\u0131r. <\/p>\n

Client Uygulamas\u0131 \u0130le Test<\/h5>\n

Client uygulamas\u0131 \u00fczerinden access token’\u0131 kullanarak API ile haberle\u015fmek istiyorsan\u0131z e\u011fer a\u015fa\u011f\u0131daki gibi bir \u00e7al\u0131\u015fma sergileyebilirsiniz;<\/p>\n

\r\n        [Authorize]\r\n        public async Task<IActionResult> OdemeYap()\r\n        {\r\n            var authenticationProperties = (await HttpContext.AuthenticateAsync()).Properties.Items;\r\n            string accessToken = authenticationProperties.FirstOrDefault(x => x.Key == ".Token.access_token").Value;\r\n\r\n            HttpClient httpClient = new HttpClient();\r\n            httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");\r\n            HttpResponseMessage responseMessage = await httpClient.GetAsync("https:\/\/localhost:2000\/api\/garantibank\/bakiye\/3");\r\n            string bakiye = await responseMessage.Content.ReadAsStringAsync();\r\n\r\n            ViewBag.Bakiye = bakiye;\r\n            return View();\r\n        }\r\n<\/pre>\n
\"IdentityServer4<\/a><\/p>\n
G\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere her iki testimizde ba\u015far\u0131yla sonu\u00e7lanm\u0131\u015ft\u0131r.<\/p>\n
\u0130lgilenenlerin faydalanmas\u0131 dile\u011fiyle…
\nSonraki yaz\u0131lar\u0131mda g\u00f6r\u00fc\u015fmek \u00fczere…
\n\u0130yi \u00e7al\u0131\u015fmalar…<\/p>\n
Not : \u00d6rnek \u00e7al\u0131\u015fma dosyas\u0131n\u0131 indirmek i\u00e7in buraya<\/a> t\u0131klay\u0131n\u0131z.<\/p>\n","protected":false},"excerpt":{"rendered":"
Merhaba, Bir \u00f6nceki Merkezi \u00dcyelik Sistemi \u2013 Claim ve Authentication Propertyleri Okuma ba\u015fl\u0131kl\u0131 makalemizde IdentityServer4 mimarisinden claim bilgileri ile birlikte access token, refresh token gibi de\u011ferlerin nas\u0131l al\u0131nd\u0131\u011f\u0131n\u0131 incelemi\u015ftik. Bu i\u00e7eri\u011fimizde ise client taraf\u0131ndan...<\/p>\n","protected":false},"author":1,"featured_media":18168,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3826],"tags":[3827,3895,3902,3888],"class_list":["post-18881","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-identityserver4","tag-identityserver4","tag-identityserver4-access-token","tag-identityserver4-api-ile-haberlesme","tag-identityserver4-merkezi-uyelik-sistemi"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/18881","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/comments?post=18881"}],"version-history":[{"count":22,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/18881\/revisions"}],"predecessor-version":[{"id":18914,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/18881\/revisions\/18914"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/media\/18168"}],"wp:attachment":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/media?parent=18881"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/categories?post=18881"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/tags?post=18881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}