如何从 NodeJs 获取 jwt 令牌到 .NET 应用程序？

Question

在 C# .NET Windows 应用程序中，从正在运行的 NodeJS 服务器获取 jwt 令牌的最佳方式是什么？ 在 .NET 中，我使用 HttpClient 连接到 oauth2 服务器（并且成功），但是如何获得非常 jwt 令牌？

在 NodeJS 中：

const express = require('express')
const https = require('https');
const axios = require('axios');
var url = require('url');
const app = express()
const port = 3000
const agent = new https.Agent({ rejectUnauthorized: false });

async function get_token() {
    try {
        let url = "https://oauthservername/token.oauth2";
        let formfields = "client_id=cid&grant_type=password&validator_id=ourAuthNG&client_secret=secretstring&username=billy&password=xxxxxxxxx";
        let response = await axios.post(url, formfields,  { httpsAgent: agent });
        console.log(response.data);
    } catch (error) {
        console.log(error);
    }
}

app.get('/token', (req, res) => {
get_token();
res.send('Eureka!');

})


app.listen(port, () => {
    console.log(`Example app listening at http://localhost:${port}`)
})

这是有效的。我在 Postman 以及我的 .NET HttpClient 调用中得到了“Eureka！”

在我的控制台中，我得到了（x-ing 原始信息...），（console.log(response.data) 的输出；）

{
    access_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
    refresh_token: 'xxxxxxxxxxxxxxxxx',
    token_type: 'Bearer',
    expires_in: 28799
}

所以，在我的 C# 代码中我这样做（也得到“Eureka！”，我在 responseBody 中看到它）：

    private async void cmdConnectServer_Click(object sender, EventArgs e)
    {
        //client is HttpClient
        client.BaseAddress = new Uri("http://localhost:3000/");
        HttpResponseMessage response = await client.GetAsync("http://localhost:3000/token");
        response.EnsureSuccessStatusCode();
        string responseBody = await response.Content.ReadAsStringAsync();
    }

但是如何获得令牌呢？

Answer 1

在 NodeJS 中，您永远不会在 api 响应中发送令牌结果，请像这样修改它：

async function get_token() {
    try {
        let url = "https://oauthservername/token.oauth2";
        let formfields = "client_id=cid&grant_type=password&validator_id=ourAuthNG&client_secret=secretstring&username=billy&password=xxxxxxxxx";
        let response = await axios.post(url, formfields,  { httpsAgent: agent });
        console.log(response.data);
        //Return the oauth2 result
        return response.data;
    } catch (error) {
        console.log(error);
    }
}

app.get('/token', (req, res) => {
    //sending 'Eureka!' is pointless, instead send the token result
    res.send(get_token());
})

在c#中

using System;
using System.Runtime.Serialization;
using System.Text.Json;

... ...

//Class for response deserialization
[Serializable]
public class TokenResult
{
    [DataMember]
    public string access_token { get; set; }

    [DataMember]
    public string refresh_token { get; set; }

    [DataMember]
    public string token_type { get; set; }

    [DataMember]
    public long expires_in { get; set; }
}

private async void cmdConnectServer_Click(object sender, EventArgs e)
{
    //client is HttpClient
    client.BaseAddress = new Uri("http://localhost:3000/");
    HttpResponseMessage response = await client.GetAsync("http://localhost:3000/token");
    response.EnsureSuccessStatusCode();
    string responseBody = await response.Content.ReadAsStringAsync();
    // Deserialize the token response and get access_token property
    string token = JsonSerializer.Deserialize<TokenResult>(responseBody ).access_token;
}

---

或者干脆不使用node js，用c#做所有事情

using System;
using System.Runtime.Serialization;
using System.Text.Json;

... ...

//Class for response deserialization
[Serializable]
public class TokenResult
{
    [DataMember]
    public string access_token { get; set; }

    [DataMember]
    public string refresh_token { get; set; }

    [DataMember]
    public string token_type { get; set; }

    [DataMember]
    public long expires_in { get; set; }
}

public string get_token()
{
    HttpClientHandler OpenBarHandler = new HttpClientHandler { ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator };
    HttpClient _httpClient = new HttpClient(OpenBarHandler);
    _httpClient.BaseAddress = new Uri("https://oauthservername/token.oauth2");

    HttpRequestMessage mess = new HttpRequestMessage();
    mess.Method = HttpMethod.Post;
    mess.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

    Dictionary<string, string> _parameters = new Dictionary<String, String>();
    _parameters.Add("grant_type", "password");
    _parameters.Add("username", "billy");
    _parameters.Add("password", "xxxxxxxxx");
    _parameters.Add("client_id", "cid");
    _parameters.Add("client_secret", "secretstring");
    _parameters.Add("validator_id", "ourAuthNG");

    FormUrlEncodedContent encodedContent = new FormUrlEncodedContent(_parameters);
    encodedContent.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded");
    mess.Content = encodedContent;

    HttpResponseMessage response = _httpClient.SendAsync(mess).Result;

    if (response.IsSuccessStatusCode)
    {
        string strResp = response.Content.ReadAsStringAsync().Result;
        return JsonSerializer.Deserialize<TokenResult>(strResp).access_token;
    }
    else
        throw new Exception("Token retrieval failed");
}