解密jwt令牌授权承载

时间:2015-12-10 08:50:51

标签: c# authentication oauth-2.0 jwt

假设我在web api响应中向用户响应加密的访问令牌,用户使用它来访问Authorization:Bearer头中的api。让我们假设用户现在有访问令牌" abc"。 JwtAuthorizationBearer现在接受令牌未加密的令牌" def"。但是当用户发布加密的访问令牌时,我希望它接受授权承载验证" abc"背部。怎么可能呢?

我看过一个函数名OnRequestToken但不确定它是否用于这种情况。

app.UseJwtBearerAuthentication(
    new JwtBearerAuthenticationOptions
    {
        AuthenticationMode = AuthenticationMode.Active,
        AllowedAudiences = new[] { audience },
        IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
        {
            new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret)
        },
        Provider = new OAuthBearerAuthenticationProvider
        {
            OnValidateIdentity = context =>
            {
                if (!string.IsNullOrEmpty(token))
                {
                    var notPadded = token.Split('.')[1];
                    var padded = notPadded.PadRight(notPadded.Length + (4 - notPadded.Length % 4) % 4, '=');
                    var urlUnescaped = padded.Replace('-', '+').Replace('_', '/');
                    var claimsPart = Convert.FromBase64String(urlUnescaped);

                    var obj = JObject.Parse(Encoding.UTF8.GetString(claimsPart, 0, claimsPart.Length));

                    // simple, not handling specific types, arrays, etc.
                    foreach (var prop in obj.Properties().AsJEnumerable())
                    {
                        if (!context.Ticket.Identity.HasClaim(prop.Name, prop.Value.Value<string>()))
                        {
                            context.Ticket.Identity.AddClaim(new Claim(prop.Name, prop.Value.Value<string>()));
                        }
                    }
                }

                return Task.FromResult<object>(null);
            }
        }
    });

0 个答案:

没有答案