身份服务器4获取当前用户的access_token
[英]identityserver 4 get current user's access_token
问题描述
I am having trouble getting my current user's access_token. 
我在获取当前用户的access_token时遇到问题。 Here is my setup: 这是我的设置:
- QuickstartIdentityServer (QIS) in aspnet core, identity and EF storage ASPNET核心中的QuickstartIdentityServer(QIS),身份和EF存储
- API (API) in NodeJs. NodeJ中的API(API)。 Validates jwt tokens in header against QIS. 针对QIS验证标头中的jwt令牌。
- SPA angular app that works great with QIS and API and is out of the scope of this question 与QIS和API配合使用的SPA角度应用程序,不在此问题范围内
In a section of the QuickstartIdentityServer (QIS) site (user details page), I would like to call an API endpoint using an access_token to authenticate the request. 在QuickstartIdentityServer(QIS)站点的一部分(用户详细信息页面)中,我想使用access_token调用API端点以认证请求。 I am struggling to retrieve the current user's access_token from my QIS site. 我正在努力从我的QIS站点中检索当前用户的access_token。 Whenever I call HttpContext.GetTokenAsync("access_token") I get a null value. 每当我调用HttpContext.GetTokenAsync("access_token")我都会得到一个空值。 I have seen this section of IdSrv4 documentation: https://identityserver4.readthedocs.io/en/release/quickstarts/5_hybrid_and_api_access.html?highlight=gettokenasync but it seems to apply to an MVC client and not my own identity server. 我已经看到了IdSrv4文档的这一部分: https ://identityserver4.readthedocs.io/en/release/quickstarts/5_hybrid_and_api_access.html?highlight = gettokenasync,但这似乎适用于MVC客户端,而不适用于我自己的身份服务器。
Anyone could shed some light on how to get my user's access_token ? 任何人都可以阐明如何获取用户的access_token?
Thanks 谢谢
EDIT 编辑
Here is a starting point to try to explain better my issue: https://github.com/IdentityServer/IdentityServer4.Samples/tree/release/Quickstarts/6_AspNetIdentity/src/IdentityServerWithAspNetIdentity 这是尝试更好地解释我的问题的起点: https : //github.com/IdentityServer/IdentityServer4.Samples/tree/release/Quickstarts/6_AspNetIdentity/src/IdentityServerWithAspNetIdentity
Starting from this QIS project, I would like to get the logged in user's access token. 从这个QIS项目开始,我想获取登录用户的访问令牌。 So for instance, if I edit HomeController to add this call: 因此,例如,如果我编辑HomeController以添加此调用:
public async Task<IActionResult> Index()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");
return View(accessToken);
}
I would then be able to call my NodeJS API with this token in the Auth Header. 然后,我将可以在Auth Header中使用此令牌调用NodeJS API。
Hope this explains better my issue. 希望这能更好地解释我的问题。
1 个解决方案
解决方案1
0 已采纳 2018-06-13 15:01:37
So I managed to authenticate myself w/ my API using a dedicated Client using client credentials grant and the following call to get an access_token: 因此,我通过使用专用客户端(使用客户端凭据授予和以下调用来获取access_token)来使用自己的API来对自己的API进行身份验证:
var disco = await DiscoveryClient.GetAsync("http://localhost:5000");
var tokenClient = new TokenClient(disco.TokenEndpoint, clientId, clientSecret);
var tokenResponse = await tokenClient.RequestClientCredentialsAsync(scope);
Then I can add to my request header to API the access_token returned in tokenResponse : 然后,我可以将我在tokenResponse返回的access_token添加到API的请求标头中:
using(var client = new HttpClient()) {
client.SetBearerToken(tokenResponse.AccessToken);
...
// execute request
}
The downside is that I can't "impersonate" the current currently logged on IS on API side. 缺点是我无法“模拟”当前在API端登录的IS。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.