feat: Cấu hình các hằng số client OAuth2 và định tuyến Traefik cho các endpoint OIDC của IdentityServer.

apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift/Core/Constants/Constants.swift

@@ -26,9 +26,17 @@ enum APIConfig {
     /// OAuth2 token endpoint (không có version prefix)
     static let tokenEndpoint = "/connect/token"
 
+    /// OAuth2 client ID for password grant
+    /// OAuth2 client ID cho password grant
+    static let oauthClientId = "password-client"
+
+    /// OAuth2 client secret for password grant
+    /// OAuth2 client secret cho password grant
+    static let oauthClientSecret = "password-client-secret"
+
     /// OAuth2 scope for authentication
     /// OAuth2 scope cho xác thực
-    static let oauthScope = "openid profile email offline_access"
+    static let oauthScope = "openid profile email api offline_access"
 
     /// Request timeout in seconds
     /// Thời gian timeout request (giây)

apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift/Services/AuthManager.swift

@@ -121,6 +121,8 @@ final class AuthManager: ObservableObject {
         // OAuth2 Password Grant
         let formData: [String: String] = [
             "grant_type": "password",
+            "client_id": APIConfig.oauthClientId,
+            "client_secret": APIConfig.oauthClientSecret,
             "username": email,
             "password": password,
             "scope": APIConfig.oauthScope

infra/traefik/dynamic/routes.yml

@@ -22,6 +22,19 @@ http:
       entryPoints:
         - web
 
+    # EN: IdentityServer OAuth2/OIDC Endpoints
+    # VI: IdentityServer OAuth2/OIDC Endpoints
+    iam-oidc-router:
+      rule: "PathPrefix(`/connect`) || PathPrefix(`/.well-known`)"
+      service: iam-service
+      priority: 150
+      middlewares:
+        - auth-ratelimit
+        - cors
+        - secure-headers
+      entryPoints:
+        - web
+
     web-admin-router:
       rule: "Host(`admin.goodgo.vn`) || Host(`admin.localhost`)"
       service: web-admin

note.md

@@ -5,18 +5,23 @@ Mật Khẩu: Velik@2026
 admin@goodgo.com / 123456
 dotnet build -c Debug -f net10.0-ios -t:Run -p:_DeviceName=:v2:udid=D8A27496-0AFB-4314-96EC-E8B685575330
 
-curl -s -X POST "http
-://localhost:5001/connect/token" \
->   -H "Content-Type: application/x-www-fo
-rm-urlencoded" \
->   -d "grant_type=password" \
->   -d "client_id=password-client" \
->   -d "client_secret=password-client-secret" \
->   -d "username=hongochai10@icloud.com" \
+curl -s -X POST "http://localhost:5001/connect/token" \
+   -H "Content-Type: application/x-www-form-urlencoded" \
+   -d "grant_type=password" \
+   -d "client_id=password-client" \
+   -d "client_secret=password-client-secret" \
+   -d "username=hongochai10@icloud.com" \
+   -d "password=Velik@2026" \
+   -d "scope=openid profile email api offline_access" 2>&1 | jq .
 
->   -d "password=Velik@2026" \
->   -d "scope=openid profile email api offline_access" 2>
-&1 | jq .
+curl -s -X POST "http://localhost/connect/token" \
+   -H "Content-Type: application/x-www-form-urlencoded" \
+   -d "grant_type=password" \
+   -d "client_id=password-client" \
+   -d "client_secret=password-client-secret" \
+   -d "username=hongochai10@icloud.com" \
+   -d "password=Velik@2026" \
+   -d "scope=openid profile email api offline_access" 2>&1 | jq .
 
 1. Kiểm tra hỗ trợ cho MSSQL, PSQL, MongoDB