我正在尝试将 HotChocolate 用于 GraphQL API,以请求用户登录到我的 Blazor Webassembly 和 Xamarin 手机应用程序。我想知道这是否是使用此 API 创建安全登录响应的正确方法。我不确定您是否应该像我一样注入 UserManager。
public record AuthenticatedToken(string Access_Token, string UserName);
[UseDbContext(typeof(AppDbContext))]
public async Task<AuthenticatedToken> GetAuthenticationToken(AuthenticationTokenInput input, [ScopedService] AppDbContext context, [ScopedService] UserManager<IdentityUser> userManager, [Service] ITopicEventSender eventSender, CancellationToken cancellationToken)
{
IdentityUser user = await userManager.FindByNameAsync(input.userName);
bool confirmed = await userManager.CheckPasswordAsync(user, input.password);
if (!confirmed) return null;
var roles = from ur in context.UserRoles
join r in context.Roles on ur.RoleId equals r.Id
where ur.UserId == user.Id
select new { ur.UserId, ur.RoleId, r.Name };
List<Claim> claims = new()
{
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.NameIdentifier, user.Id),
new Claim(JwtRegisteredClaimNames.Nbf, new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds().ToString()),
new Claim(JwtRegisteredClaimNames.Exp, new DateTimeOffset(DateTime.Now.AddHours(1)).ToUnixTimeSeconds().ToString())
};
foreach (var role in roles)
{
claims.Add(new Claim(ClaimTypes.Role, role.Name));
}
//TODO Change the bytes string
JwtSecurityToken token = new(new JwtHeader(new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("ThisIsATestKeyWillChangeLater")), SecurityAlgorithms.HmacSha256)), new JwtPayload(claims));
return new AuthenticatedToken(new JwtSecurityTokenHandler().WriteToken(token), user.UserName);
}
这进入启动configureservices
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = "JwtBearer";
options.DefaultChallengeScheme = "JwtBearer";
}).AddJwtBearer("JwtBearer", JwtBearerOptions =>
{
JwtBearerOptions.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("ThisIsATestKeyWillChangeLater")),
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(5)
};
});
我没有看到很多关于使用这个库进行登录身份验证的文档,我认为这对所有开发者也有帮助。