[英]How to get Identity Server 4's access_token in ASP Net 4.7 MVC Application
我在ASP Net 4.7.2客户端应用程序中获取Identity Server 4的access_token来调用API时遇到一些问题。
在ASP .Net Core客户端中,我可以这样获得access_token:
public async Task<IActionResult> CallApi()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");
var client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var content = await client.GetStringAsync("http://localhost:5001/identity");
ViewBag.Json = JArray.Parse(content).ToString();
return View("Json");
}
只是简单的:
var accessToken = await HttpContext.GetTokenAsync("access_token");
但是,如何在ASP Net 4.x客户端中获取access_token?
我的启动代码如下所示:
public class Startup
{
public void Configuration(IAppBuilder app)
{
var authority = JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
CookieName = "CustomIdentityCookie"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
//AuthenticationType = "oidc",
Authority = "http://localhost:5000",
RedirectUri = "http://localhost:57319/signin-oidc",
PostLogoutRedirectUri = "http://localhost:57319/signout-callback-oidc",
ClientId = "mvc472",
ClientSecret = "secret",
ResponseType = "code id_token",
Scope = "api01 openid profile offline_access",
// for debug
RequireHttpsMetadata = false,
UseTokenLifetime = false,
SignInAsAuthenticationType = "Cookies"
});
}
}
我有解决办法。 希望任何人都可以告诉我该解决方案是否可以。 我使用了来自IdentityServer3的变通办法,如下所示: IdentityServer 3 Mvc Client我编辑了描述的方法并更新到Identity Server 4。
除注销外,它都有效:从Identity Server注销后,我没有重定向到MVC App。 我收到404错误,找不到/ signout-callback-oidc路由。
这里是新的Startup类:
public class Startup
{
public void Configuration(IAppBuilder app)
{
//var authority = JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
Authority = "http://localhost:5000",
RedirectUri = "http://localhost:57319/signin-oidc",
PostLogoutRedirectUri = "http://localhost:57319/signout-callback-oidc",
ClientId = "mvc472",
ClientSecret = "secret",
ResponseType = "code id_token",
Scope = "api01 openid profile offline_access",
// for debug
RequireHttpsMetadata = false,
UseTokenLifetime = false,
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
var client = new HttpClient();
DiscoveryResponse disco = await client.GetDiscoveryDocumentAsync("http://localhost:5000");
var tokenResponse = await client.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = disco.TokenEndpoint,
RedirectUri = "http://localhost:57319/signin-oidc",
ClientId = "mvc472",
ClientSecret = "secret",
Code = n.Code
});
var userInfoResponse = await client.GetUserInfoAsync(new UserInfoRequest
{
Address = disco.UserInfoEndpoint,
Token = tokenResponse.AccessToken
});
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
id.AddClaims(userInfoResponse.Claims);
id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString()));
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
id.AddClaim(new Claim("id_token", tokenResponse.IdentityToken));
id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value));
n.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType, "name", "role"),
n.AuthenticationTicket.Properties
);
},
// noch nicht getestet
RedirectToIdentityProvider = n =>
{
// if signing out, add the id_token_hint
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
return Task.FromResult(0);
}
}
});
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.