identityserver4 自定义验证
作者:互联网
继上一篇的密码授权模式,这篇会继续实现自定义授权模式
这里呢以微信小程序登录为例
首先打开授权中心在Validator添加WXAppletsGrantValidator.cs
实现IExtensionGrantValidator
//wxappletsgrant自定义的授权类型
public string GrantType => "wxappletsgrant";
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
try
{
#region 参数获取 直接把授权后的openId 拿过来授权是不安全的,这里仅仅是一个Demo
//var openId = context.Request.Raw[ParamConstants.OpenId];
//var unionId = context.Request.Raw[ParamConstants.UnionId];
//var userName = context.Request.Raw[ParamConstants.UserName];
#endregion
var openId = "xxxxxxssss";
var unionId = "hgghgghg";
#region 通过openId和unionId 参数来进行数据库的相关验证
var claimList = await ValidateUserAsync(openId, unionId);
#endregion
#region 授权通过
//授权通过返回
context.Result = new GrantValidationResult
(
subject: "111",
authenticationMethod: "custom",
claims: claimList.ToArray()
);
#endregion
}
catch (Exception ex)
{
context.Result = new GrantValidationResult()
{
IsError = true,
Error = ex.Message
};
}
}
#region Private Method
/// <summary>
/// 验证用户
/// </summary>
/// <param name="loginName"></param>
/// <param name="password"></param>
/// <returns></returns>
private Task<List<Claim>> ValidateUserAsync(string openId, string unionId)
{
//这里可以通过openId 和unionId 来查询用户信息,我这里为了方便测试还是直接写测试的openId 相关信息用户
var user = "";
if (user == null)
{
//注册用户
}
return Task.FromResult(new List<Claim>()
{
new Claim(ClaimTypes.Name, $"hyq"),
new Claim(ClaimTypes.Country,"CHN"),
new Claim(ClaimTypes.Email,"hyq@hyq.com"),
});
}
#endregion
添加GrantTypeConstants类并编辑
public static ICollection<string> ResourceWXappletsGrant => new string[1]
{
"wxappletsgrant",
};
修改Config.cs 添加Client
new Client
{
ClientId = "wxappletsgrant_Client",
ClientName = "Client WxAppletsGrant_Client",
ClientSecrets = { new Secret("wxappletsgrantclient".Sha256()) },
AllowedGrantTypes = GrantTypeConstants.ResourceWXappletsGrant,//自定义登录
AllowedScopes = {
"invoice_read",
IdentityServerConstants.StandardScopes.OfflineAccess//如果要获取refresh_tokens ,必须在scopes中加上OfflineAccess
},
AllowOfflineAccess = true,// 是否需要同意授权 (默认是false)
RefreshTokenUsage = TokenUsage.ReUse,
AccessTokenLifetime = 60*5,
RefreshTokenExpiration = TokenExpiration.Absolute,
AbsoluteRefreshTokenLifetime = 300,
}
注册服务
在startup.cs中ConfigureServices方法添加如下代码:
builder.AddExtensionGrantValidator<WXAppletsGrantValidator>();
启动调试
标签:openId,自定义,验证,unionId,context,授权,var,new,identityserver4 来源: https://www.cnblogs.com/hyqq/p/14338383.html