OAuth 2-授予类型客户端凭据,将相同的访问令牌保留到1天

时间:2018-10-13 15:03:33

标签: c# asp.net-web-api oauth oauth-2.0

我正在使用OAuth2,在WEB API C#中授予类型“客户端凭据”。

在这里,我想为所有请求保留相同的access_token ,它将在1天后更改

AccessTokenExpireTimeSpan = TimeSpan.FromDays(1)

我已经实现了逻辑,但是对于每个请求,我都会获得新的access_token。

    public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        string clientId;
        string clientSecret;
        context.TryGetFormCredentials(out clientId, out clientSecret);

        if (clientId == "1234" && clientSecret == "12345")
        {
            context.Validated(clientId);
        }

        return base.ValidateClientAuthentication(context);
    }


    public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
    {
        var client = new ClientService { clientId = "1234", clientSecret = "12345", ClientName = "test" };

        var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);

        var props = new AuthenticationProperties(new Dictionary<string, string>
                {
                    {
                        "ExtraInfo", "This is extra info"
                    }
                });

        var ticket = new AuthenticationTicket(oAuthIdentity, props);
        context.Validated(ticket);

        return base.GrantClientCredentials(context);
    }

    public override Task TokenEndpoint(OAuthTokenEndpointContext context)
    {
        foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
        {
            context.AdditionalResponseParameters.Add(property.Key, property.Value);
        }

        return Task.FromResult<object>(null);
    }

响应1:

{
"access_token": "6k91AY7FHxGDZYh5ShDkPj04pzYWacQdE58ZB2CVcxsPMK85txtbLhdanSAprkAHmwQeVYQEe-ifBiy5T0S-Y9BcX1oZqyx_2wqYHYB3xJDcCLl2KHSLxOqLGURBP6NmwhlpPiHrLsRMaNvvOTqGAWt0bdAMrmHfsNKoACH6k6e5ovPEo1zrZDhgiv74JBh0tXgw74zdH3SriQucvZEgwtw3vhb19X3sitA9IFzu5Q8",
"token_type": "bearer",
"expires_in": 86399,
"ExtraInfo": "This is extra info",
".issued": "Sat, 13 Oct 2018 14:55:33 GMT",
".expires": "Sun, 14 Oct 2018 14:55:33 GMT"                                 
}

响应2:

{
"access_token": "nSvKMwTs_VyoOIzRZ4FfGBzMYN_eq1utt0RE-Md9aYvFjV9-x95_3E9CRpW8_Mr-sJ-Cidiq03fJ0JV7ZHI3arwMJ0WGmpG3gSyxZE_vaYSkG-sUrOLZ2dx9vh1n1P-9rq4BJUWUKLICDtkd8P7CEun9EwX0g2r0ZkhGrvmifOLOiPbUdBob85H7dtHndm2GKHj3LSw_ePO6WQcCwDDWYJsEmaAXLo8et2IfzoOjp3o",
"token_type": "bearer",
"expires_in": 86399,
"ExtraInfo": "This is extra info",
".issued": "Sat, 13 Oct 2018 15:00:20 GMT",
".expires": "Sun, 14 Oct 2018 15:00:20 GMT"                                 
}

在两个响应中,access_token不同,但我想在此处使用相同的访问令牌。

有什么办法可以针对所有请求实现相同的access_token

注意-我正在使用邮递员测试回复

0 个答案:

没有答案
相关问题
最新问题