在标题中传递openid-connect oauth2 bearer token
[英]pass openid-connect oauth2 bearer token in header
问题描述
Background 
背景
I've implemented the Thinktecture.IdentityServer.V3 (the openID Connect one). 我已经实现了Thinktecture.IdentityServer.V3(openID Connect one)。 I've got the OAuth2 bearer token returned to my javascript client (implicit flow) in the form: 我已经将OAuth2持有者令牌返回到我的javascript客户端(隐式流),格式如下:
{
"id_token": "eyJ0eXAiOiJKV1QiLCJh...", // JWT
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni..", // JWT
"token_type": "Bearer",
"expires_in": "3600",
"scope": "openid profile read write email",
"state": "1299139105028949"
}
but in all the examples they only pass the access_token to the resource provider when calling the service. 但是在所有示例中,它们仅在调用服务时将access_token传递给资源提供者。
$.ajax({
url: 'http://localhost:2727/Account/123/Get',
headers: {
Authorization: "Bearer " + $scope.response.access_token
}
})
Assumption 假设
If i've got this right, I Authenticate with the access token. 如果我有这个权利,我使用访问令牌进行身份验证。 Then I Authorize based on claims in the id_token (I don't want to make a separate DB call - I want it fully self-contained). 然后我根据id_token中的声明进行授权(我不想进行单独的数据库调用 - 我希望它完全自包含)。
Question 题
How would I pass this information to my webapi2 endpoint via ajax (assume i've set up CORS etc) and what middleware would I have to hook up to validate it? 我如何通过ajax将此信息传递给我的webapi2端点(假设我已经设置了CORS等)以及我需要连接哪些中间件来验证它? (i'm guessing one of the Token Validators and a claimsManager but there's So many I can't decide which one is the right one to use). (我猜测其中一个令牌验证器和一个claimManager但是有很多我无法确定哪一个是正确的使用者)。
Help very much appreciated 非常感谢帮助
2 个解决方案
解决方案1
3 已采纳 2014-10-08 16:50:16
The id_token is for the client - it has to be validated by the client (or by the identity token validation endpoint in idsrv if the client does not have the necessary crypto libraries). id_token用于客户端 - 它必须由客户端验证(或者如果客户端没有必要的加密库,则由idsrv中的身份令牌验证端点验证)。 Afterwards you use the access token to access the resource. 之后,您使用访问令牌来访问资源。
解决方案2
1 2014-10-08 14:49:10
It seems you use AngularJS, so you can use $http service to set token in header 您似乎使用AngularJS,因此您可以使用$http服务在标头中设置令牌
For example: 例如:
$http.post("/login", credentials).then(function(response) {
$httpProvider.defaults.headers.common["Authorization"] = "Bearer " + $scope.response.access_token;
});
You have to do this once per session. 每次会话都必须这样做一次。
UPDATE UPDATE
With jQuery somthing like this 使用jQuery这样的东西
//This repesent the token you got after login
var authToken = {
"id_token": "eyJ0eXAiOiJKV1QiLCJh...", // JWT
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni..", // JWT
"token_type": "Bearer",
"expires_in": "3600",
"scope": "openid profile read write email",
"state": "1299139105028949"
}
$.ajax({
url: "http://localhost:2727/Account/123/Get",
type: "get",
dataType: "json",
beforeSend: function (request)
{
request.setRequestHeader("Authorization", authToken.token_type + " " + authToken.access_token);
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.