到目前为止,从谷歌搜索,我已经为startup.cs创建了以下代码:
app.UseOAuthBearerAuthentication(options => { options.AutomaticAuthentication = true; options.Audience = "http://localhost:62100/"; options.Authority = "http://localhost:62100/"; });
我的客户方是:
var login = function () { var url = "http://localhost:62100/"; var data = $("#userData").serialize(); data = data + "&grant_type=password"; $.post(url,data) .success(saveAccessToken) .always(showResponse); return false; };
是否需要使用UseOpenIdConnectServer?如果是这样,我如何使用SigningCredentials以便获得令牌(例如MVC5 ApplicationOAuthProvider)?
请注意,我的网站是简单的演示HTTP站点,我不需要任何SSL.
解决方法
Is it required to use UseOpenIdConnectServer?
使用AspNet.Security.OpenIdConnect.Server不是“必需的”.您当然可以自由选择其他服务器(如IdentityServer)或自定义解决方案.
作为aspnet-contrib背后的主要开发者,我不是很客观,所以我一定建议使用app.UseOpenIdConnectServer().
If so,how do I use SigningCredentials so that I get a token (e.g. MVC5 ApplicationOAuthProvider)?
实施密码并使用默认令牌类型时,注册签名密钥/证书不是必需的.
以下是如何开始:
ASP.NET Core 1.x:
Startup.cs
public class Startup { public void ConfigureServices(IServiceCollection services) { services.AddAuthentication(); } public void Configure(IApplicationBuilder app) { // Add a new middleware validating the encrypted // access tokens issued by the OIDC server. app.UseOAuthValidation(); // Add a new middleware issuing tokens. app.UseOpenIdConnectServer(options => { options.TokenEndpointPath = "/connect/token"; // Override OnValidateTokenRequest to skip client authentication. options.Provider.OnValidateTokenRequest = context => { // Reject the token requests that don't use // grant_type=password or grant_type=refresh_token. if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType,description: "Only grant_type=password and refresh_token " + "requests are accepted by this server."); return Task.FromResult(0); } // Since there's only one application and since it's a public client // (i.e a client that cannot keep its credentials private),// call Skip() to inform the server the request should be // accepted without enforcing client authentication. context.Skip(); return Task.FromResult(0); }; // Override OnHandleTokenRequest to support // grant_type=password token requests. options.Provider.OnHandleTokenRequest = context => { // Only handle grant_type=password token requests and let the // OpenID Connect server middleware handle the other grant types. if (context.Request.IsPasswordGrantType()) { // Do your credentials validation here. // Note: you can call Reject() with a message // to indicate that authentication failed. var identity = new ClaimsIdentity(context.Options.AuthenticationScheme); identity.AddClaim(OpenIdConnectConstants.Claims.Subject,"[unique id]"); // By default,claims are not serialized // in the access and identity tokens. // Use the overload taking a "destinations" // parameter to make sure your claims // are correctly inserted in the appropriate tokens. identity.AddClaim("urn:customclaim","value",OpenIdConnectConstants.Destinations.AccessToken,OpenIdConnectConstants.Destinations.IdentityToken); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity),new AuthenticationProperties(),context.Options.AuthenticationScheme); // Call SetScopes with the list of scopes you want to grant // (specify offline_access to issue a refresh token). ticket.SetScopes("profile","offline_access"); context.Validate(ticket); } return Task.FromResult(0); }; }); } }
的.csproj
<ItemGroup> <PackageReference Include="AspNet.Security.OpenIdConnect.Server" Version="1.0.2" /> </ItemGroup>
ASP.NET Core 2.x:
Startup.cs
public class Startup { public void ConfigureServices(IServiceCollection services) { services.AddAuthentication() // Add a new middleware validating the encrypted // access tokens issued by the OIDC server. .AddOAuthValidation() // Add a new middleware issuing tokens. .AddOpenIdConnectServer(options => { options.TokenEndpointPath = "/connect/token"; // Override OnValidateTokenRequest to skip client authentication. options.Provider.OnValidateTokenRequest = context => { // Reject the token requests that don't use // grant_type=password or grant_type=refresh_token. if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType,description: "Only grant_type=password and refresh_token " + "requests are accepted by this server."); return Task.CompletedTask; } // Since there's only one application and since it's a public client // (i.e a client that cannot keep its credentials private),// call Skip() to inform the server the request should be // accepted without enforcing client authentication. context.Skip(); return Task.CompletedTask; }; // Override OnHandleTokenRequest to support // grant_type=password token requests. options.Provider.OnHandleTokenRequest = context => { // Only handle grant_type=password token requests and let the // OpenID Connect server middleware handle the other grant types. if (context.Request.IsPasswordGrantType()) { // Do your credentials validation here. // Note: you can call Reject() with a message // to indicate that authentication failed. var identity = new ClaimsIdentity(context.Scheme.Name); identity.AddClaim(OpenIdConnectConstants.Claims.Subject,"[unique id]"); // By default,claims are not serialized // in the access and identity tokens. // Use the overload taking a "destinations" // parameter to make sure your claims // are correctly inserted in the appropriate tokens. identity.AddClaim("urn:customclaim",OpenIdConnectConstants.Destinations.IdentityToken); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity),context.Scheme.Name); // Call SetScopes with the list of scopes you want to grant // (specify offline_access to issue a refresh token). ticket.SetScopes("profile","offline_access"); context.Validate(ticket); } return Task.CompletedTask; }; }); } }
的.csproj
<ItemGroup> <PackageReference Include="AspNet.Security.OpenIdConnect.Server" Version="2.0.0-*" /> </ItemGroup>
您还可以阅读此博客文章,其中解释了如何实现资源所有者密码授予:http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-implementing-the-resource-owner-password-credentials-grant/
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。