zoukankan      html  css  js  c++  java

  • IdentityServer4 实现自定义 GrantType 授权模式

    OAuth 2.0 默认四种授权模式(GrantType):

    • 授权码模式(authorization_code
    • 简化模式(implicit
    • 密码模式(password
    • 客户端模式(client_credentials

    使用 IdentityServer4,我们可以自定义授权模式吗?答案是可以的,比如我们自定义实现一个anonymous授权模式(匿名访问)。

    创建AnonymousGrantValidator(继承IExtensionGrantValidator):

    public class AnonymousGrantValidator : IExtensionGrantValidator
{
    private readonly ITokenValidator _validator;

    public AnonymousGrantValidator(ITokenValidator validator)
    {
        _validator = validator;
    }

    public string GrantType => "anonymous";

    public async Task ValidateAsync(ExtensionGrantValidationContext context)
    {
        //var userToken = context.Request.Raw.Get("token");

        //if (string.IsNullOrEmpty(userToken))
        //{
        //    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
        //    return;
        //}

        //var result = await _validator.ValidateAccessTokenAsync(userToken);
        //if (result.IsError)
        //{
        //    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
        //    return;
        //}

        // get user's identity
        //var sub = result.Claims.FirstOrDefault(c => c.Type == "sub").Value;

        var claims = new List<Claim>() { new Claim("role", GrantType) }; // Claim 用于配置服务站点 [Authorize("anonymous")]
        context.Result = new GrantValidationResult(GrantType, GrantType, claims);
    }
}

    修改Client配置:

    new Client
{
    ClientId = "client1",
    AllowedGrantTypes = GrantTypes.List(GrantTypes.ResourceOwnerPassword.FirstOrDefault(), "anonymous"), //一个 Client 可以配置多个 GrantType
    AllowOfflineAccess = true,
    AccessTokenLifetime = 3600 * 6, //6小时
    SlidingRefreshTokenLifetime = 1296000, //15天
    ClientSecrets =
    {
        new Secret("123".Sha256())
    },
    AllowedScopes = new List<string>
    {
        "api2"
    }
}

    DI 增加注入对象:

    builder.AddExtensionGrantValidator<AnonymousGrantValidator>();

    调用示例代码:

    public async Task<TokenResponse> AnonymousAsync(string userToken)
{
    var payload = new
    {
        token = userToken
    };

    // create token client
    var client = new TokenClient(disco.TokenEndpoint, "client1", "123");

    // send custom grant to token endpoint, return response
    return await client.RequestCustomGrantAsync("anonymous", "api2", payload);
}

    Http 访问示例:

    POST /connect/token

grant_type=anonymous&
scope=api2&
token=...&
client_id=api1.client
client_secret=secret

    参考资料:
  • 相关阅读:
    浏览器输入一个url到整个页面显示出来经历了哪些过程?
    ajax
    为什么JS是单线程?JS中的Event Loop(事件循环)?JS如何实现异步?setimeout?
    jQuery中ready方法的实现
    this+call、apply、bind的区别与使用
    内存泄漏、垃圾回收机制、哪些情况会导致内存泄漏
    浏览器同源策略和跨域方法
    node.js
    JS原型、原型链、构造函数、实例与继承
    JS常用操作节点的方法
  • 原文地址:https://www.cnblogs.com/xishuai/p/identityserver4-implement-custom-granttype.html
Copyright © 2011-2022 走看看