如何在 Web Api 2 中实现 Oauth Refresh Token

【问题标题】:How to implement Oauth Refresh Token in Web Api 2如何在 Web Api 2 中实现 Oauth Refresh Token
【发布时间】:2020-03-16 08:25:27
【问题描述】:

Startup.Auth 代码:

            PublicClientId = "self";
            OAuthOptions = new OAuthAuthorizationServerOptions
            {
                TokenEndpointPath = new PathString("/Token"),
                Provider = new FirebirdAuthorizationServerProvider(PublicClientId),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                AllowInsecureHttp = true
            };

我正在使用 FirebirdProvider、上下文并在道具中添加访问令牌,这是我的函数的定义:

  public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
......
                        context.Request.Context.Authentication.SignIn(new AuthenticationProperties { IsPersistent = true }, identity);
                        var ticket = new AuthenticationTicket(identity, props);
                        context.Validated(ticket);
}

这是我获取令牌的电话:

  public async Task<User> GetUserToken(string username, string password)
        {
            try
            {
                User user = new User();
                if (username == null || password == null || !CrossConnectivity.Current.IsConnected)
                    return null;
                client.DefaultRequestHeaders.Accept.Clear();
                client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
                HttpContent requestContent = new StringContent("grant_type=password&username=" + username + "&password=" + password + "&login_type=" + "sys_dash_users", Encoding.UTF8, "application/x-www-form-urlencoded");
                HttpResponseMessage responseMessage = await client.PostAsync("Token", requestContent);
                if (responseMessage.IsSuccessStatusCode)
                {
                    string jsonMessage;
                    using (Stream responseStream = await responseMessage.Content.ReadAsStreamAsync())
                    {
                        jsonMessage = new StreamReader(responseStream).ReadToEnd();
                    }
                    user = (User)JsonConvert.DeserializeObject(jsonMessage, typeof(User));
                    return user;
                }
                else
                {
                    return null;
                }
            }
            catch(Exception ex)
            {
                Debug.WriteLine(ex);
                string error = ex.Message;
                return null;
            }
        }

我不知道如何制作刷新令牌,也找不到很好的教程。如何做到这一点

【问题讨论】:

    标签: asp.net oauth-2.0 asp.net-web-api2


    【解决方案1】:

    我回答了我自己的问题。如果有人需要这是我的代码:

    添加了 SimpleRefreshTokenProvider:

        public class SimpleRefreshTokenProvider : IAuthenticationTokenProvider
    {
        private static ConcurrentDictionary<string, AuthenticationTicket> _refreshTokens = new ConcurrentDictionary<string, AuthenticationTicket>();

        public async Task CreateAsync(AuthenticationTokenCreateContext context)
        {
            var guid = Guid.NewGuid().ToString();

            // maybe only create a handle the first time, then re-use for same client
            // copy properties and set the desired lifetime of refresh token
            var refreshTokenProperties = new AuthenticationProperties(context.Ticket.Properties.Dictionary)
            {
                IssuedUtc = context.Ticket.Properties.IssuedUtc,
                ExpiresUtc = DateTime.UtcNow.AddYears(1)
            };
            var refreshTokenTicket = new AuthenticationTicket(context.Ticket.Identity, refreshTokenProperties);

            //_refreshTokens.TryAdd(guid, context.Ticket);
            _refreshTokens.TryAdd(guid, refreshTokenTicket);

            // consider storing only the hash of the handle
            context.SetToken(guid);
        }

        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            AuthenticationTicket ticket;
            if (_refreshTokens.TryRemove(context.Token, out ticket))
            {
                context.SetTicket(ticket);
            }
        }

        public void Create(AuthenticationTokenCreateContext context)
        {
            throw new NotImplementedException();
        }

        public void Receive(AuthenticationTokenReceiveContext context)
        {
            throw new NotImplementedException();
        }
    }

    在 Startup.Authc.cs 中

      OAuthOptions = new OAuthAuthorizationServerOptions
            {
                TokenEndpointPath = new PathString("/Token"),
                Provider = new FirebirdAuthorizationServerProvider(PublicClientId),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                AllowInsecureHttp = true,
                RefreshTokenProvider = new SimpleRefreshTokenProvider(),


            };

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2020-10-24
      • 2014-09-15
      • 2020-05-27
      • 2014-07-21
      • 2019-06-16
      • 2014-12-03
      • 1970-01-01
      • 2016-02-23
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode