[英]Look up the user with bearer token with Openiddict Core
I am currently using Openiddict, Identity and Entity Framework to manage my users and assign Bearer
tokens to users to protect my API.我目前正在使用 Openiddict、身份和实体框架来管理我的用户并向用户分配不
Bearer
令牌以保护我的 API。
My infrastructure is currently using ASP.NET Core Web API in the back end and a separate React application in the front end.我的基础架构目前在后端使用 ASP.NET Core Web API,在前端使用单独的 React 应用程序。 The React application makes HTTP calls to my API to retrieve it's data.
React 应用程序对我的 API 进行 HTTP 调用以检索它的数据。 There is no server side HTML rendering at all in the back end.
后端根本没有服务器端 HTML 渲染。
Everything works as I need it to for the most part.在大多数情况下,一切都按我的需要工作。 I can register users and retrieve tokens from the API.
我可以注册用户并从 API 中检索令牌。 These tokens are included in my HTTP call in the
Authorization
header.这些令牌包含在我的 HTTP 调用中的
Authorization
标头中。 My AuthorizationController
uses this: https://github.com/openiddict/openiddict-samples/blob/dev/samples/PasswordFlow/AuthorizationServer/Controllers/AuthorizationController.cs with a few minor tweaks.我的
AuthorizationController
使用这个: https : //github.com/openiddict/openiddict-samples/blob/dev/samples/PasswordFlow/AuthorizationServer/Controllers/AuthorizationController.cs有一些小的调整。 My Startup.cs
also uses almost exactly this https://github.com/openiddict/openiddict-samples/blob/dev/samples/PasswordFlow/AuthorizationServer/Startup.cs我的
Startup.cs
也几乎完全使用这个https://github.com/openiddict/openiddict-samples/blob/dev/samples/PasswordFlow/AuthorizationServer/Startup.cs
In some instances, I need to make API calls to the endpoints that are specific to the user.在某些情况下,我需要对特定于用户的端点进行 API 调用。 For instance, if I need to know if a user has voted on a comment or not.
例如,如果我需要知道用户是否对评论进行了投票。 Instead of passing along the users
ID
in a query string to get the user details, I would like to use the Bearer
token I received that they use to make the API call for that endpoint.我不想在查询字符串中传递用户
ID
来获取用户详细信息,而是想使用我收到的不Bearer
令牌,他们用来为该端点进行 API 调用。 I am not sure how to do this though.我不知道如何做到这一点。
In some research I have done it looks like some samples use ASP.NET Core MVC as opposed to the API to retrieve the user with the User
variable as seen here https://github.com/openiddict/openiddict-samples/blob/dev/samples/PasswordFlow/AuthorizationServer/Controllers/ResourceController.cs#L20-L31 however this seems not to apply to my infrastructure.在我所做的一些研究中,看起来有些示例使用 ASP.NET Core MVC 而不是 API 来检索用户与
User
变量,如下所示https://github.com/openiddict/openiddict-samples/blob/dev /samples/PasswordFlow/AuthorizationServer/Controllers/ResourceController.cs#L20-L31但这似乎不适用于我的基础设施。
My question is how do I look up a user based on the Bearer
token passed to the API to look up a users details from my database?我的问题是如何根据传递给 API 的
Bearer
令牌查找用户以从我的数据库中查找用户详细信息? I am assuming that all of the tokens passed out by the API are assigned to that specific user, right?我假设 API 传递的所有令牌都分配给了该特定用户,对吗? If that's the case it should be easy to look them up based on the
Bearer
token.如果是这种情况,应该很容易根据
Bearer
令牌查找它们。
The question is: How with Openiddict can you look up a user based on the token that was assigned to them for API calls?
问题是:如何使用 Openiddict 根据分配给用户的 API 调用令牌来查找用户? I need to get the user details before anything else can be done with the application first.
我需要先获取用户详细信息,然后才能对应用程序执行任何其他操作。 Is there something baked internally or do I have to write my own support for this?
是否有内部烘焙的东西,还是我必须为此编写自己的支持?
When you create an AuthenticationTicket
in your authorization controller (which is later used by OpenIddict to generate an access token), you have to add a sub
claim that corresponds to the subject/entity represented by the access token.当您在授权控制器中创建
AuthenticationTicket
时(OpenIddict 稍后使用它来生成访问令牌),您必须添加与访问令牌表示的主题/实体相对应的sub
声明。
Assuming you use the user identifier as the sub
claim, you can easily extract it from your API endpoints using User.FindFirst(OpenIdConnectConstants.Claims.Subject)?.Value
and use it to make your DB lookup.假设您使用用户标识符作为
sub
声明,您可以使用User.FindFirst(OpenIdConnectConstants.Claims.Subject)?.Value
从您的 API 端点轻松提取它并使用它来进行数据库查找。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.