IdentityServer4中ResourceOwnerPassword模式获取accecc_token,并使用refresh_token刷新accecc_token
2024-08-23 20:00:01
一、IS4服务端配置
1、配置Client
new Client
{
ClientId = "xamarin",
ClientSecrets = { new Secret("secret".Sha256()) },
AccessTokenLifetime = ,//设置AccessToken过期时间
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
RefreshTokenExpiration = TokenExpiration.Absolute,
AbsoluteRefreshTokenLifetime = ,
AllowOfflineAccess = true,//如果要获取refresh_tokens ,必须把AllowOfflineAccess设置为true
AllowedScopes = new List<string>
{
"api",
StandardScopes.OfflineAccess, //如果要获取refresh_tokens ,必须在scopes中加上OfflineAccess
StandardScopes.OpenId,//如果要获取id_token,必须在scopes中加上OpenId和Profile,id_token需要通过refresh_tokens获取AccessToken的时候才能拿到(还未找到原因)
StandardScopes.Profile//如果要获取id_token,必须在scopes中加上OpenId和Profile
}
}
2、实现IResourceOwnerPasswordValidator接口,自定义用户登录
public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
//根据context.UserName和context.Password与数据库的数据做校验,判断是否合法
if (context.UserName == "test" && context.Password == "test")
{
context.Result = new GrantValidationResult(
subject: context.UserName,
authenticationMethod: OidcConstants.AuthenticationMethods.Password);
}
else
{
//验证失败
context.Result = new GrantValidationResult(
TokenRequestErrors.InvalidGrant,
"invalid custom credential"
);
}
return Task.FromResult();
}
}
3、在Startup中加入如下配置
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryClients(Config.GetClients())
.AddProfileService<ProfileService>()
.AddResourceOwnerValidator<ResourceOwnerPasswordValidatorService>();//注入自定义用户登录验证
二、客户端获取access_token+refresh_token
如果是后台代码需要获取access_token+refresh_token,则可以参考官方Samples,https://github.com/IdentityServer/IdentityServer4.Samples/tree/release/Clients/src/ConsoleResourceOwnerFlowRefreshToken
如果是前端需要获取access_token+refresh_token,则可以通过 http://localhost:5000/connect/token 接口获取
1、获取access_token+refresh_token
获取access_token+refresh_token的参数配置如下,Content-Type的值是 application/x-www-form-urlencoded
2、通过第一步获取到的refresh_token去刷新access_token
注意:
- grant_type改为refresh_token,表明刷新token
- username与password不需要带了
- 添加参数refresh_token,值为获取accecc_token时的refresh_token值
原文地址:https://www.wandouip.com/t5i43236/
最新文章
- 使用hovertree菜单作为后台导航
- 黑科技项目:英雄无敌III Mod <<Fallen Angel>>介绍
- Atitit 作用域的理解attilax总结
- liunx之:wps for liunx的安装经验
- word检视意见导出(VBA)
- centos 6.5安装vncserver 并开启远程桌面
- phpMyAdmin 中数据库替换问题
- Spring与Jdbc Demo
- ieee80211_rx
- java实现多叉树查找
- Django 创建admin账户
- Java之冒泡排序(升序)
- sqlserver 多行转一行
- python 正则表达式re模块
- 特征选择:Filter/Wrapper/Embedded
- VMware workstation 14 Pro下载、安装及激活码
- 第2章 Selenium2-java 测试环境搭建
- 解决php编译报错configure: error: mcrypt.h not found. Please reinstall libmcrypt.
- PXE配置手记(Linux)
- Head First Python学习笔记3——持久存储