zoukankan      html  css  js  c++  java
  • IdentityServer4 实现自定义 GrantType 授权模式

    OAuth 2.0 默认四种授权模式(GrantType):

    • 授权码模式(authorization_code
    • 简化模式(implicit
    • 密码模式(password
    • 客户端模式(client_credentials

    使用 IdentityServer4,我们可以自定义授权模式吗?答案是可以的,比如我们自定义实现一个anonymous授权模式(匿名访问)。

    创建AnonymousGrantValidator(继承IExtensionGrantValidator):

    public class AnonymousGrantValidator : IExtensionGrantValidator
    {
        private readonly ITokenValidator _validator;
    
        public AnonymousGrantValidator(ITokenValidator validator)
        {
            _validator = validator;
        }
    
        public string GrantType => "anonymous";
    
        public async Task ValidateAsync(ExtensionGrantValidationContext context)
        {
            //var userToken = context.Request.Raw.Get("token");
    
            //if (string.IsNullOrEmpty(userToken))
            //{
            //    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
            //    return;
            //}
    
            //var result = await _validator.ValidateAccessTokenAsync(userToken);
            //if (result.IsError)
            //{
            //    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
            //    return;
            //}
    
            // get user's identity
            //var sub = result.Claims.FirstOrDefault(c => c.Type == "sub").Value;
    
            var claims = new List<Claim>() { new Claim("role", GrantType) }; // Claim 用于配置服务站点 [Authorize("anonymous")]
            context.Result = new GrantValidationResult(GrantType, GrantType, claims);
        }
    }
    

    修改Client配置:

    new Client
    {
        ClientId = "client1",
        AllowedGrantTypes = GrantTypes.List(GrantTypes.ResourceOwnerPassword.FirstOrDefault(), "anonymous"), //一个 Client 可以配置多个 GrantType
        AllowOfflineAccess = true,
        AccessTokenLifetime = 3600 * 6, //6小时
        SlidingRefreshTokenLifetime = 1296000, //15天
        ClientSecrets =
        {
            new Secret("123".Sha256())
        },
        AllowedScopes = new List<string>
        {
            "api2"
        }
    }
    

    DI 增加注入对象:

    builder.AddExtensionGrantValidator<AnonymousGrantValidator>();
    

    调用示例代码:

    public async Task<TokenResponse> AnonymousAsync(string userToken)
    {
        var payload = new
        {
            token = userToken
        };
    
        // create token client
        var client = new TokenClient(disco.TokenEndpoint, "client1", "123");
    
        // send custom grant to token endpoint, return response
        return await client.RequestCustomGrantAsync("anonymous", "api2", payload);
    }
    

    Http 访问示例:

    POST /connect/token
    
    grant_type=anonymous&
    scope=api2&
    token=...&
    client_id=api1.client
    client_secret=secret
    

    参考资料:

  • 相关阅读:
    双色球相关
    儿童教学相关网站
    [转]javascript实现限制上传文件的大​​小
    使用存储过程 修改符合条件的数据表的相关字段 的数据类型
    [转]bat批处理实现TXT文本合并
    [转]在SQL中用正则表达式替换html标签
    [转]T4模版引擎之生成数据库实体类
    [转]C#中图片.BYTE[]和base64string的转换
    [书目20131114]微软技术丛书•快速软件开发(珍藏版) Rapid Development Taming Wild Software Schedules By Steve McConnell
    人体穴位
  • 原文地址:https://www.cnblogs.com/xishuai/p/identityserver4-implement-custom-granttype.html
Copyright © 2011-2022 走看看