我正忙于在oauth WEB API上实现ASP.NET授权服务器。
我已设置API以支持授权服务器:
Startup.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(IdentityDbContext.Create);
app.CreatePerOwinContext<UserManager>(UserManager.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure the application for OAuth based flow
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
ApplicationCanDisplayErrors = true,
TokenEndpointPath = new PathString("/Token"),
Provider = new SimpleAuthorizationServerProvider(),
RefreshTokenProvider = new SimpleRefreshTokenProvider(),
AccessTokenExpireTimeSpan = TimeSpan.FromHours(24),
AuthorizationCodeProvider = new SimpleAuthorizationCodeProvider()
};
app.UseOAuthBearerTokens(OAuthOptions);
app.UseOAuthAuthorizationServer(OAuthOptions);
}
然后我实现了SimpleAuthorizationCodeProvider():
public class SimpleAuthorizationCodeProvider : IAuthenticationTokenProvider
{
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
context.Ticket.Properties.Dictionary.TryGetValue("as:client_id", out string clientId);
//Build holder object
var holder = new AuthorizationCodeHolder(0, clientId, context.SerializeTicket());
var protectedTicket = AesSymmetricalEncryption.EncryptData(Key, JsonConvert.SerializeObject(holder));
//Set the Token for the request
context.SetToken(protectedTicket);
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
//Decrypt token
var token = AesSymmetricalEncryption.DecyptData(Key, context.Token);
//Convert back to object
var ticket = JsonConvert.DeserializeObject<AuthorizationCodeHolder>(token);
//
context.DeserializeTicket(ticket.Ticket);
}
但是,现在我的问题是,我不知道如何生成此授权码?
我在单独的MVC网站上有一个部分,用户可以在其中登录。完成此操作后,我需要返回一个带有参数code={auth code}的响应。我该如何生成此授权码?
我需要登录到api,然后调用特定端点吗?还是可以只在MVC网站中使用owin身份验证来生成它?
我已经测试过该api,并且可以使用身份验证代码登录,但我只是不知道如何生成有效的api?