从领英（LinkedIn）检索访问令牌后，无法设置JWT令牌

Question

我正在尝试配置 SwaggerUI 以使用LinkedIn Auth2登录，并根据我从LinkedIn检索到的信息来设置JWT令牌。但是，我遇到了两个问题：

1. 当我单击Swagger UI进行授权并且成功在linkedin页面中登录后，我将重定向到另一个localhost选项卡，而不是我从其启动的那个选项卡，并且看不到“注销”。
2. 一旦我设置了JWT令牌，并且调用了其他任何端点，我就会得到401“未经授权”。

我可能使这一过程复杂化了，但这是我的方法。

在 ConfigureServices 的 Startup.cs 中，我有：

services.AddAuthentication(option =>
          {
              option.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
              option.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
              option.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
          })
          .AddJwtBearer(option =>
          {
              Configuration.Bind($"{nameof(AppSettings.Security)}:{nameof(AppSettings.Security.Jwt)}", option);
              option.SaveToken = true;
              option.TokenValidationParameters = new TokenValidationParameters
              {
                  ValidateIssuerSigningKey = true,
                  IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(appSettings.Security.Jwt.ClientId)),
                  ValidateIssuer = true,
                  RequireExpirationTime = false,
                  ValidateLifetime = true
              };
              option.Events = new JwtBearerEvents();
              //only way I figured out how to get the access code that linked in is returning. Open to suggestion for a simpler way
              option.Events.OnMessageReceived += context =>
              {
                  if (context.Request.QueryString.HasValue)
                  {
                      var code = context.Request.QueryString.Value.ToString();

                      var before = code.IndexOf("?code=") + "?code=".Length;
                      int after = code.LastIndexOf("&state");
                      string accessCode = code[before..after];

                      //Getting the token using the accessCode
                      var client = new RestClient(appSettings.Security.Jwt.TokenUrl);
                      var request = new RestRequest(Method.POST);
                      request.AddParameter("application/x-www-form-urlencoded", $"grant_type=authorization_code&code={accessCode}&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fswagger%2Findex.html&client_id=myid&client_secret=mysecret", ParameterType.RequestBody);

                      IRestResponse response = client.Execute(request);
                      var tokenKey = string.Empty;
                      var obj = new Token();
                      if (response.StatusCode == System.Net.HttpStatusCode.OK)
                      {
                          tokenKey = response.Content;
                          _token = JsonConvert.DeserializeObject<Token>(tokenKey);


                          //Getting user data from LinkedIn
                          client = new RestClient(appSettings.Security.Jwt.UserDataUrl);
                          request = new RestRequest(Method.GET);
                          request.AddHeader("Content-type", "application/json");
                          request.AddHeader("Authorization", $"Bearer {_token.Access_Token}");
                          IRestResponse response2 = client.Execute(request);

                          if (response2.StatusCode == System.Net.HttpStatusCode.OK)
                          {
                              //Getting email address from LinkedIn
                              client = new RestClient(appSettings.Security.Jwt.UserEmailApiUrl);
                              request = new RestRequest(Method.GET);
                              request.AddHeader("Content-type", "application/json");
                              request.AddHeader("Authorization", $"Bearer {_token.Access_Token}");
                              IRestResponse response3 = client.Execute(request);
                              var data = response2.Content;

                              var tokenHandler = new JwtSecurityTokenHandler();
                              var key = Encoding.ASCII.GetBytes(appSettings.Security.Jwt.ClientSecret);
                              var tokenDescriptor = new SecurityTokenDescriptor
                              {
                                  //For testing only, will use the actual data
                                  Subject = new ClaimsIdentity(new[] { new Claim("Email", "test@test.com" ) }),
                                  Expires = DateTime.UtcNow.AddMinutes(7),
                                  SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
                              };
                              var t = tokenHandler.CreateToken(tokenDescriptor);
                              tokenHandler.WriteToken(t);
                          }

                      }
                  }
                  return Task.CompletedTask;
              };
          });

        services.AddTransient<IConfigureOptions<SwaggerGenOptions>, ConfigureSwaggerGenOptions>();
        services.AddSwaggerGen();

注意*：我的重定向网址是：http：// localhost：5000 / swagger / oauth2-redirect.html

ConfigureSwaggerGenOptions.cs

public void Configure(SwaggerGenOptions options)
{
options.OperationFilter<AuthorizeOperationFilter>();
options.SwaggerDoc("v1", new OpenApiInfo
{
    Title = "My Api",
    Version = "v1"
});

options.AddSecurityDefinition("OAuth2", new OpenApiSecurityScheme
{
    Type = SecuritySchemeType.OAuth2,
    Flows = new OpenApiOAuthFlows
    {
        AuthorizationCode = new OpenApiOAuthFlow
        {
            AuthorizationUrl = new Uri(_settings.Security.Jwt.AuthUrl),
            Scopes = new Dictionary<string, string>
            {
               { "r_liteprofile", ""  },
               { "r_emailaddress", "" }
            },
        }
    }
});

options.AddSecurityRequirement(new OpenApiSecurityRequirement
{
    {
        new OpenApiSecurityScheme
        {
            Reference = new OpenApiReference
            {
                Type = ReferenceType.SecurityScheme,
                Id = "Bearer"
            },
            Scheme = "OAuth2",
            Name = "Bearer",
            In = ParameterLocation.Header
        },
        new List<string>()
    }
});
}

AuthorizeOperationFilter.cs

 public void Apply(OpenApiOperation operation, OperationFilterContext context)
    {
        var authAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
                        .Union(context.MethodInfo.GetCustomAttributes(true))
                        .OfType<AuthorizeAttribute>();

        if (authAttributes.Any())
        {
            operation.Responses.Add(StatusCodes.Status401Unauthorized.ToString(), new OpenApiResponse { Description = nameof(HttpStatusCode.Unauthorized) });
            operation.Responses.Add(StatusCodes.Status403Forbidden.ToString(), new OpenApiResponse { Description = nameof(HttpStatusCode.Forbidden) });
        }

        if (authAttributes.Any())
        {
            operation.Security = new List<OpenApiSecurityRequirement>();

            var oauth2SecurityScheme = new OpenApiSecurityScheme()
            {
                Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "OAuth2" },
            };


            operation.Security.Add(new OpenApiSecurityRequirement()
            {
                [oauth2SecurityScheme] = new[] { "OAuth2" }
            });
        }

    }

最后，在 Startup.cs

中使用 Configure 方法

app.UseAuthentication();
        app.UseAuthorization();

        app
            .UseSwagger()
            .UseSwaggerUI(option =>
            {
                option.SwaggerEndpoint($"/swagger/v1/swagger.json", "v1");
                option.OAuthClientId(appSettings.Security.Jwt.ClientId);
                option.OAuth2RedirectUrl(appSettings.Security.Jwt.ReturnUrl);
                option.OAuthAppName("LinkedIn");
                option.OAuthUsePkce();
            });