OpenIddict 在响应前得到 token_id
OpenIddict get token_id before response
[AllowAnonymous]
[HttpPost("~/api/auth/login")]
[Produces("application/json")]
public async Task<IActionResult> Login(OpenIdConnectRequest request)
{
...
var ticket = await CreateTicketAsync(request, user);
_logger.LogInformation($"User logged in (id: {user.Id})");
// Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
}
OpenIddict 在调用 SignIn 方法后创建令牌,对吗?如何在发送响应之前访问已创建的 refresh_token token_id?
我想将 token_id 与自定义 device_id 相关联并保存到数据库。然后我将允许用户使用指定的设备撤销refresh_token。
以下是如何使用最新的 RC2 包(您可以在 MyGet 提要上找到)。
1) 创建从内置实体派生的自定义实体:
public class MyApplication : OpenIddictApplication<string, MyAuthorization, MyToken>
{
public MyApplication() => Id = Guid.NewGuid().ToString();
}
public class MyAuthorization : OpenIddictAuthorization<string, MyApplication, MyToken>
{
public MyAuthorization() => Id = Guid.NewGuid().ToString();
}
public class MyScope : OpenIddictScope<string>
{
public MyScope() => Id = Guid.NewGuid().ToString();
}
public class MyToken : OpenIddictToken<string, MyApplication, MyAuthorization>
{
public MyToken() => Id = Guid.NewGuid().ToString();
public string DeviceId { get; set; }
}
2) 更新您的授权控制器以将设备标识符存储为身份验证 属性:
// ...
var ticket = new AuthenticationTicket(principal, properties,
OpenIdConnectServerDefaults.AuthenticationScheme);
ticket.SetProperty("device_id", "[the device identifier]");
// ...
3) 创建自定义令牌管理器并覆盖 PopulateAsync 方法以将设备标识符附加到存储在数据库中的令牌条目:
public class MyManager : OpenIddictTokenManager<MyToken>
{
public MyManager(
IOpenIddictTokenStore<MyToken> store,
ILogger<OpenIddictTokenManager<MyToken>> logger)
: base(store, logger)
{
}
protected override Task PopulateAsync(MyToken token, OpenIddictTokenDescriptor descriptor, CancellationToken cancellationToken)
{
if (descriptor.Properties.TryGetValue("device_id", out var identifier))
{
token.DeviceId = identifier;
}
return base.PopulateAsync(token, descriptor, cancellationToken);
}
}
4) 更新您的 Startup class 以使用新实体和自定义管理器:
services.AddDbContext<ApplicationDbContext>(options =>
{
// ...
options.UseOpenIddict<MyApplication, MyAuthorization, MyScope, MyToken, string>();
});
services.AddOpenIddict<MyApplication, MyAuthorization, MyScope, MyToken>(options =>
{
// ...
options.AddTokenManager<MyManager>();
});
[AllowAnonymous]
[HttpPost("~/api/auth/login")]
[Produces("application/json")]
public async Task<IActionResult> Login(OpenIdConnectRequest request)
{
...
var ticket = await CreateTicketAsync(request, user);
_logger.LogInformation($"User logged in (id: {user.Id})");
// Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
}
OpenIddict 在调用 SignIn 方法后创建令牌,对吗?如何在发送响应之前访问已创建的 refresh_token token_id?
我想将 token_id 与自定义 device_id 相关联并保存到数据库。然后我将允许用户使用指定的设备撤销refresh_token。
以下是如何使用最新的 RC2 包(您可以在 MyGet 提要上找到)。
1) 创建从内置实体派生的自定义实体:
public class MyApplication : OpenIddictApplication<string, MyAuthorization, MyToken>
{
public MyApplication() => Id = Guid.NewGuid().ToString();
}
public class MyAuthorization : OpenIddictAuthorization<string, MyApplication, MyToken>
{
public MyAuthorization() => Id = Guid.NewGuid().ToString();
}
public class MyScope : OpenIddictScope<string>
{
public MyScope() => Id = Guid.NewGuid().ToString();
}
public class MyToken : OpenIddictToken<string, MyApplication, MyAuthorization>
{
public MyToken() => Id = Guid.NewGuid().ToString();
public string DeviceId { get; set; }
}
2) 更新您的授权控制器以将设备标识符存储为身份验证 属性:
// ...
var ticket = new AuthenticationTicket(principal, properties,
OpenIdConnectServerDefaults.AuthenticationScheme);
ticket.SetProperty("device_id", "[the device identifier]");
// ...
3) 创建自定义令牌管理器并覆盖 PopulateAsync 方法以将设备标识符附加到存储在数据库中的令牌条目:
public class MyManager : OpenIddictTokenManager<MyToken>
{
public MyManager(
IOpenIddictTokenStore<MyToken> store,
ILogger<OpenIddictTokenManager<MyToken>> logger)
: base(store, logger)
{
}
protected override Task PopulateAsync(MyToken token, OpenIddictTokenDescriptor descriptor, CancellationToken cancellationToken)
{
if (descriptor.Properties.TryGetValue("device_id", out var identifier))
{
token.DeviceId = identifier;
}
return base.PopulateAsync(token, descriptor, cancellationToken);
}
}
4) 更新您的 Startup class 以使用新实体和自定义管理器:
services.AddDbContext<ApplicationDbContext>(options =>
{
// ...
options.UseOpenIddict<MyApplication, MyAuthorization, MyScope, MyToken, string>();
});
services.AddOpenIddict<MyApplication, MyAuthorization, MyScope, MyToken>(options =>
{
// ...
options.AddTokenManager<MyManager>();
});