我正在创建包含API和OAuth授权代码流用户授权的Web应用程序。所以我有[HttpGet("/connect/auth")]
public IActionResult Authorize(CancellationToken cancellationToken)
{
var request = HttpContext.GetOpenIdConnectRequest();
var application = _applicationRepository.Table
.FirstOrDefault(x => x.ClientId == request.ClientId);
if (application == null)
{
ModelState.AddModelError(string.Empty, "Application not recognized");
return BadRequest(ModelState);
}
var parameters = request.GetParameters()
.ToDictionary(parameter => parameter.Key, parameter => parameter.Value.ToString());
return View(new AuthorizeModel
{
ApplicationName = application.DisplayName,
Parameters = parameters,
Scope = request.Scope
});
}
[HttpPost("/connect/auth/accept")]
[ValidateAntiForgeryToken]
public IActionResult AuthorizeAccept(CancellationToken cancellationToken)
{
var request = HttpContext.GetOpenIdConnectRequest();
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, User.FindFirstValue(ClaimTypes.NameIdentifier)));
var application = _applicationRepository.Table
.FirstOrDefault(x => x.ClientId == request.ClientId);
if (application == null)
{
ModelState.AddModelError(string.Empty, "Application not recognized");
return BadRequest(ModelState);
}
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
ticket.SetScopes(
/* openid: */ OpenIdConnectConstants.Scopes.OpenId,
/* email: */ OpenIdConnectConstants.Scopes.Email,
/* profile: */ OpenIdConnectConstants.Scopes.Profile);
ticket.SetResources("resource_server");
return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
}
Startup我的// services
services.AddIdentity<ApplicationUser, IdentityRole>(setup =>
{
setup.Password.RequireDigit = false;
setup.Password.RequireLowercase = false;
setup.Password.RequireNonAlphanumeric = false;
setup.Password.RequireUppercase = false;
setup.Password.RequiredLength = 6;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddOpenIddict<ApplicationDbContext>()
.AddMvcBinders()
.EnableAuthorizationEndpoint("/connect/auth")
.EnableTokenEndpoint("/connect/token")
.AllowAuthorizationCodeFlow()
.DisableHttpsRequirement()
.UseJsonWebTokens()
.AddEphemeralSigningKey();
services.AddMvc();
// app configuration
app.UseIdentity();
app.UseOAuthValidation();
app.ApplicationServices.GetRequiredService<IOptions<OpenIddictOptions>>().Value.Provider = new AuthorizationProvider();
app.UseOpenIddict();
// Used to make OpenId connect request available for auth accept route
public class AuthorizationProvider : OpenIddictProvider<OpenIddictApplication, OpenIddictAuthorization, OpenIddictScope, OpenIddictToken>
{
public override Task MatchEndpoint(MatchEndpointContext context)
{
if (context.Options.AuthorizationEndpointPath.HasValue && context.Request.Path.StartsWithSegments(context.Options.AuthorizationEndpointPath))
context.MatchAuthorizationEndpoint();
return Task.FromResult(0);
}
}
班级配置
[Authorize]所以我可以登录并获取访问令牌,但是当我使用令牌对具有ApplicationId属性的控制器进行API调用时,它不会将我识别为授权用户。我还注意到AuthorizationId表中记录的OpenIddictTokens和<?xml version="1.0" encoding="utf-8"?>
<android.support.design.widget.CoordinatorLayout
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:app="http://schemas.android.com/apk/res-auto"
xmlns:tools="http://schemas.android.com/tools"
android:layout_width="match_parent"
android:layout_height="match_parent"
tools:context=".ui.Activities.MainActivity"
android:fitsSystemWindows="true"
>
<android.support.design.widget.AppBarLayout
android:layout_width="match_parent"
android:layout_height="@dimen/abc_action_bar_default_height_material"
android:theme="@style/ThemeOverlay.AppCompat.Dark.ActionBar"
style="@style/CustomAppBarLayout"
>
<include
android:id="@+id/toolbar"
layout="@layout/tool_bar"
/>
</android.support.design.widget.AppBarLayout>
<android.support.v4.widget.DrawerLayout
android:id="@+id/drawer"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:fitsSystemWindows="true"
tools:context="com.indetouch.music.player.ui.Activities.MainActivity">
<LinearLayout
android:fitsSystemWindows="true"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:orientation="vertical"
android:background="@android:color/transparent">
<!-- multiple frame layout [...] -->
</LinearLayout>
<android.support.design.widget.NavigationView
android:id="@+id/navigation_view"
android:layout_width="wrap_content"
android:layout_height="match_parent"
android:layout_gravity="start"
app:menu="@menu/drawer"
android:background="@color/main_black"/>
</android.support.v4.widget.DrawerLayout>
</android.support.design.widget.CoordinatorLayout>
值为空。
怎么了?
答案 0 :(得分:1)
您不能将JWT访问令牌与验证中间件(app.UseOAuthValidation())一起使用,因为它仅适用于默认格式。
删除.UseJsonWebTokens()以使用默认访问令牌格式或使用JWT承载中间件(app.UseJwtBearerAuthentication(...)),它应该可以正常工作。