使用 Openiddict Core 查找具有不记名令牌的用户
[英]Look up the user with bearer token with Openiddict Core
问题描述
I am currently using Openiddict, Identity and Entity Framework to manage my users and assign Bearer tokens to users to protect my API.
我目前正在使用 Openiddict、身份和实体框架来管理我的用户并向用户分配不Bearer令牌以保护我的 API。
My infrastructure is currently using ASP.NET Core Web API in the back end and a separate React application in the front end.我的基础架构目前在后端使用 ASP.NET Core Web API,在前端使用单独的 React 应用程序。 The React application makes HTTP calls to my API to retrieve it's data. React 应用程序对我的 API 进行 HTTP 调用以检索它的数据。 There is no server side HTML rendering at all in the back end.后端根本没有服务器端 HTML 渲染。
Everything works as I need it to for the most part.在大多数情况下,一切都按我的需要工作。 I can register users and retrieve tokens from the API.我可以注册用户并从 API 中检索令牌。 These tokens are included in my HTTP call in the Authorization header.这些令牌包含在我的 HTTP 调用中的Authorization标头中。 My AuthorizationController uses this: https://github.com/openiddict/openiddict-samples/blob/dev/samples/PasswordFlow/AuthorizationServer/Controllers/AuthorizationController.cs with a few minor tweaks.我的AuthorizationController使用这个: https : //github.com/openiddict/openiddict-samples/blob/dev/samples/PasswordFlow/AuthorizationServer/Controllers/AuthorizationController.cs有一些小的调整。 My Startup.cs also uses almost exactly this https://github.com/openiddict/openiddict-samples/blob/dev/samples/PasswordFlow/AuthorizationServer/Startup.cs我的Startup.cs也几乎完全使用这个https://github.com/openiddict/openiddict-samples/blob/dev/samples/PasswordFlow/AuthorizationServer/Startup.cs
In some instances, I need to make API calls to the endpoints that are specific to the user.在某些情况下,我需要对特定于用户的端点进行 API 调用。 For instance, if I need to know if a user has voted on a comment or not.例如,如果我需要知道用户是否对评论进行了投票。 Instead of passing along the users ID in a query string to get the user details, I would like to use the Bearer token I received that they use to make the API call for that endpoint.我不想在查询字符串中传递用户ID来获取用户详细信息,而是想使用我收到的不Bearer令牌,他们用来为该端点进行 API 调用。 I am not sure how to do this though.我不知道如何做到这一点。
In some research I have done it looks like some samples use ASP.NET Core MVC as opposed to the API to retrieve the user with the User variable as seen here https://github.com/openiddict/openiddict-samples/blob/dev/samples/PasswordFlow/AuthorizationServer/Controllers/ResourceController.cs#L20-L31 however this seems not to apply to my infrastructure.在我所做的一些研究中,看起来有些示例使用 ASP.NET Core MVC 而不是 API 来检索用户与User变量,如下所示https://github.com/openiddict/openiddict-samples/blob/dev /samples/PasswordFlow/AuthorizationServer/Controllers/ResourceController.cs#L20-L31但这似乎不适用于我的基础设施。
My question is how do I look up a user based on the Bearer token passed to the API to look up a users details from my database?我的问题是如何根据传递给 API 的Bearer令牌查找用户以从我的数据库中查找用户详细信息? I am assuming that all of the tokens passed out by the API are assigned to that specific user, right?我假设 API 传递的所有令牌都分配给了该特定用户,对吗? If that's the case it should be easy to look them up based on the Bearer token.如果是这种情况,应该很容易根据Bearer令牌查找它们。
1 个解决方案
解决方案1
1 已采纳 2017-10-12 18:01:44
The question is: How with Openiddict can you look up a user based on the token that was assigned to them for API calls?
When you create an AuthenticationTicket in your authorization controller (which is later used by OpenIddict to generate an access token), you have to add a sub claim that corresponds to the subject/entity represented by the access token.当您在授权控制器中创建AuthenticationTicket时(OpenIddict 稍后使用它来生成访问令牌),您必须添加与访问令牌表示的主题/实体相对应的sub声明。
Assuming you use the user identifier as the sub claim, you can easily extract it from your API endpoints using User.FindFirst(OpenIdConnectConstants.Claims.Subject)?.Value and use it to make your DB lookup.假设您使用用户标识符作为sub声明,您可以使用User.FindFirst(OpenIdConnectConstants.Claims.Subject)?.Value从您的 API 端点轻松提取它并使用它来进行数据库查找。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.