OpenIdConnectResponseTypes具有codeidtoken,idtoken,并且它不包含代码作为响应类型。 OWIN中的UseOpenIdConnectAuthentication是否支持授权代码授权?默认情况下,它将响应类型设置为Code IDToken。有人可以使用OWIN共享授权代码授权的样本吗?
答案 0 :(得分:1)
来自Katana的源代码(下面的代码可以在OpenIDConnectAuthenticationHandler.AuthenticateCoreAsync方法中找到):
// code is only accepted with id_token, in this version, hence check for code is inside this if
// OpenIdConnect protocol allows a Code to be received without the id_token
if (string.IsNullOrWhiteSpace(openIdConnectMessage.IdToken))
{
_logger.WriteWarning("The id_token is missing.");
return null;
}
上面的代码显示Microsoft.Owin.Security.OpenIdConnect库不支持授权代码授权。虽然不直接支持,但您也可以使用混合流,但是由您来实现令牌请求部分,请参考下面的代码,它使用代码来交换受天蓝广告保护的资源的访问令牌: / p>
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = async (context) =>
{
var code = context.Code;
// Create a Client Credential Using an Application Key
ClientCredential credential = new ClientCredential(clientId, appKey);
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(
"http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectID));
AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
}
}
}