我正在制作一个具有openiddict访问和刷新令牌的.net核心Web API。 在某些情况下,例如无效的请求数据校验和,我需要从数据库中撤消刷新令牌。
启动:
services.AddDbContext<MyContext>(c =>
{
c.UseSqlServer(Configuration.GetConnectionString("DbConnection"));
c.UseOpenIddict<long>();
c.UseLazyLoadingProxies(false);
}
);
services.AddOpenIddict()
.AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<MyContext>()
.ReplaceDefaultEntities<long>();
})
.AddServer(options =>
{
options.UseMvc();
options.EnableTokenEndpoint("/Token");
options.EnableRevocationEndpoint("/Token/Revoke");
options.AllowPasswordFlow()
.AllowRefreshTokenFlow();
options.AcceptAnonymousClients();
options.DisableHttpsRequirement();
})
.AddValidation();
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;
});
services.AddAuthentication(options =>
{
options.DefaultScheme = OpenIddictValidationDefaults.AuthenticationScheme;
});
var identity = services.AddIdentityCore<User>();
identity.AddTokenProvider("frageApplication", typeof(DataProtectorTokenProvider<User>));