OAuth 2.0 默认四种授权模式(GrantType):
授权码模式(
authorization_code
)简化模式(
implicit
)密码模式(
password
)客户端模式(
client_credentials
)
使用 IdentityServer4,我们可以自定义授权模式吗?答案是可以的,比如我们自定义实现一个anonymous
授权模式(匿名访问)。
创建AnonymousGrantValidator
(继承IExtensionGrantValidator
):
public class AnonymousGrantValidator : IExtensionGrantValidator{
private readonly ITokenValidator _validator;
public AnonymousGrantValidator(ITokenValidator validator) {
_validator = validator;
}
public string GrantType => "anonymous";
public async Task ValidateAsync(ExtensionGrantValidationContext context) { //var userToken = context.Request.Raw.Get("token");
//if (string.IsNullOrEmpty(userToken))
//{
// context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
// return;
//}
//var result = await _validator.ValidateAccessTokenAsync(userToken);
//if (result.IsError)
//{
// context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
// return;
//}
// get user's identity
//var sub = result.Claims.FirstOrDefault(c => c.Type == "sub").Value;
var claims = new List<Claim>() { new Claim("role", GrantType) }; // Claim 用于配置服务站点 [Authorize("anonymous")]
context.Result = new GrantValidationResult(GrantType, GrantType, claims);
}
}
修改Client
配置:
new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.List(GrantTypes.ResourceOwnerPassword.FirstOrDefault(), "anonymous"), //一个 Client 可以配置多个 GrantType
AllowOfflineAccess = true,
AccessTokenLifetime = 3600 * 6, //6小时
SlidingRefreshTokenLifetime = 1296000, //15天
ClientSecrets =
{ new Secret("123".Sha256())
},
AllowedScopes = new List<string>
{ "api2"
}
}
DI 增加注入对象:
builder.AddExtensionGrantValidator<AnonymousGrantValidator>();
调用示例代码:
public async Task<TokenResponse> AnonymousAsync(string userToken){ var payload = new
{
token = userToken
}; // create token client
var client = new TokenClient(disco.TokenEndpoint, "client1", "123"); // send custom grant to token endpoint, return response
return await client.RequestCustomGrantAsync("anonymous", "api2", payload);
}
Http 访问示例:
POST /connect/token
grant_type=anonymous&
scope=api2&
token=...&
client_id=api1.client
client_secret=secret
参考资料:
Extension Grants
相关文章:
原文地址:http://www.cnblogs.com/xishuai/p/identityserver4-implement-custom-granttype.html
.NET社区新闻,深度好文,微信中搜索dotNET跨平台或扫描二维码关注