从 SPA 模板中,我设法使基本的 OAuth 流程正常工作。
OAuthOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
ApplicationCanDisplayErrors = true,
TokenEndpointPath = new Microsoft.Owin.PathString("/Token"),
AuthorizeEndpointPath = new Microsoft.Owin.PathString("/api/Account/ExternalLogin"),
Provider = new CompositeWebroleOauthProvider<User>(PublicClientId, IdentityManagerFactory, CookieOptions)
};
我有一个托管在单独域上的单页应用程序,它将使用来自 Token 端点的不记名令牌与 webapi 交互。
我正在执行 ResourceOwnerCredentials 流程,请求包含以下数据:
data: {
grant_type: "password",
username: username,
password: password
}
这些令牌是短暂的。我现在想扩展我的应用程序,这样我就可以获得一个 repress 令牌或一些我不必一直进行身份验证的东西。我的下一步是什么?
GrantResourceOwnerCredentials 实现:
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (var identityManager = _identityManagerFactory.Create())
{
var user = await identityManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await identityManager.CreateIdentityAsync(user, context.Options.AuthenticationType);
AuthenticationProperties properties = CreatePropertiesAsync(user);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
}
}