使用 GraphQL/HotChocolate 的身份验证登录令牌

时间:2021-06-09 23:34:51

标签: authentication graphql webapi hotchocolate

我正在尝试将 HotChocolate 用于 GraphQL API,以请求用户登录到我的 Blazor Webassembly 和 Xamarin 手机应用程序。我想知道这是否是使用此 API 创建安全登录响应的正确方法。我不确定您是否应该像我一样注入 UserManager。

    public record AuthenticatedToken(string Access_Token, string UserName);

    [UseDbContext(typeof(AppDbContext))]
    public async Task<AuthenticatedToken> GetAuthenticationToken(AuthenticationTokenInput input, [ScopedService] AppDbContext context, [ScopedService] UserManager<IdentityUser> userManager, [Service] ITopicEventSender eventSender, CancellationToken cancellationToken)
    {
        IdentityUser user = await userManager.FindByNameAsync(input.userName);
        bool confirmed = await userManager.CheckPasswordAsync(user, input.password);
        if (!confirmed) return null;
        var roles = from ur in context.UserRoles
                    join r in context.Roles on ur.RoleId equals r.Id
                    where ur.UserId == user.Id
                    select new { ur.UserId, ur.RoleId, r.Name };
        List<Claim> claims = new()
        {
            new Claim(ClaimTypes.Name, user.UserName),
            new Claim(ClaimTypes.NameIdentifier, user.Id),
            new Claim(JwtRegisteredClaimNames.Nbf, new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds().ToString()),
            new Claim(JwtRegisteredClaimNames.Exp, new DateTimeOffset(DateTime.Now.AddHours(1)).ToUnixTimeSeconds().ToString())
        };
        foreach (var role in roles)
        {
            claims.Add(new Claim(ClaimTypes.Role, role.Name));
        }

        //TODO Change the bytes string
        JwtSecurityToken token = new(new JwtHeader(new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("ThisIsATestKeyWillChangeLater")), SecurityAlgorithms.HmacSha256)), new JwtPayload(claims));
        return new AuthenticatedToken(new JwtSecurityTokenHandler().WriteToken(token), user.UserName);
    }

这进入启动configureservices

        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = "JwtBearer";
            options.DefaultChallengeScheme = "JwtBearer";
        }).AddJwtBearer("JwtBearer", JwtBearerOptions =>
        {
            JwtBearerOptions.TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("ThisIsATestKeyWillChangeLater")),
                ValidateIssuer = false,
                ValidateAudience = false,
                ValidateLifetime = true,
                ClockSkew = TimeSpan.FromMinutes(5)
            };
        });

我没有看到很多关于使用这个库进行登录身份验证的文档,我认为这对所有开发者也有帮助。

0 个答案:

没有答案
相关问题
最新问题