using System.Security.Cryptography.X509Certificates;
using Long.Core.Extensions;

namespace Auth
{
    public static class IdentityServer4Extension
    {
        public static void AddIdentityServer4Extension(this IServiceCollection services, IConfiguration configuration)
        {
            //获得证书文件
            var certpath = configuration["Kestrel:Certificates:Default:Path"];
            var certpwd = configuration["Kestrel:Certificates:Default:Password"];

            var x509Cert = new X509Certificate2(certpath ?? string.Empty, certpwd);

            var builder = services.AddIdentityServer(option =>
            {
                option.IssuerUri = configuration["JWT:IssuerUri"];
            });

            builder.AddResourceOwnerValidator<DefaultResourceOwnerPasswordValidator>()
                .AddInMemoryApiScopes(IdentityServer4Config.ApiScopes())
                .AddInMemoryApiResources(IdentityServer4Config.ApiResources())
                .AddInMemoryClients(IdentityServer4Config.Clients())
                .AddProfileService<DefaultProfileService>()
                .AddSigningCredential(x509Cert);
        }
    }
}