1

我想通过刷新令牌更改声明的值。我的刷新令牌提供程序是这样的:

public class MyRefreshTokenProvider : AuthenticationTokenProvider
{
  public override void Create(AuthenticationTokenCreateContext context)
  {
     ...
     var claim = context.Ticket.Identity.FindFirst(ClaimTypes.UserData);
     if (claim != null)
     {
         context.Ticket.Identity.RemoveClaim(claim);
         context.Ticket.Identity.AddClaim(new Claim(ClaimTypes.UserData, "New Value"));
     }

     context.SetToken(context.SerializeTicket());
  }

  public override void Receive(AuthenticationTokenReceiveContext context)
  {
     context.DeserializeTicket(context.Token);
  }
}

在启动类中:

app.UseOAuthBearerTokens(new OAuthAuthorizationServerOptions
  {
     ...
     RefreshTokenProvider = new MyRefreshTokenProvider()
  });

刷新令牌请求完成且没有错误。但是当我使用新的访问令牌时,声明值仍然是旧的。

我的做法对吗?或者如何更改承载身份验证中的声明值?

4

1 回答 1

1

最后我找到了解决方案。我必须扩展AccessTokenProvider OAuthAuthorizationServerOptions而不是RefreshTokenProvider

app.UseOAuthBearerTokens(new OAuthAuthorizationServerOptions
{
   ...
   AccessTokenProvider = new MyAccessTokenProvider(),
   RefreshTokenProvider = new MyRefreshTokenProvider()
});

public class MyAccessTokenProvider : AuthenticationTokenProvider
{
  public override void Create(AuthenticationTokenCreateContext context)
  {
     ...
     var claim = context.Ticket.Identity.FindFirst(ClaimTypes.UserData);
     if (claim != null)
     {
         context.Ticket.Identity.RemoveClaim(claim);
         context.Ticket.Identity.AddClaim(new Claim(ClaimTypes.UserData, "New Value"));
     }

     context.SetToken(context.SerializeTicket());
  }

  public override void Receive(AuthenticationTokenReceiveContext context)
  {
     context.DeserializeTicket(context.Token);
  }
}

public class MyRefreshTokenProvider : AuthenticationTokenProvider
{
  public override void Create(AuthenticationTokenCreateContext context)
  {
     context.SetToken(context.SerializeTicket());
  }

  public override void Receive(AuthenticationTokenReceiveContext context)
  {
     context.DeserializeTicket(context.Token);
  }
}

根据OAuthAuthorizationServerHandler类中Microsoft.Owin.Security.OAuthAccessTokenProvider唯一可以更新刷新令牌。为了更改声明,AccessTokenProvider应扩展:

    private async Task InvokeTokenEndpointAsync()
    {
        ...
        var accessTokenContext = new AuthenticationTokenCreateContext(
            Context,
            Options.AccessTokenFormat,
            ticket);

        await Options.AccessTokenProvider.CreateAsync(accessTokenContext);

        string accessToken = accessTokenContext.Token;
        if (string.IsNullOrEmpty(accessToken))
        {
            accessToken = accessTokenContext.SerializeTicket();
        }
        DateTimeOffset? accessTokenExpiresUtc = ticket.Properties.ExpiresUtc;

        var refreshTokenCreateContext = new AuthenticationTokenCreateContext(
            Context,
            Options.RefreshTokenFormat,
            accessTokenContext.Ticket);
        await Options.RefreshTokenProvider.CreateAsync(refreshTokenCreateContext);
        string refreshToken = refreshTokenCreateContext.Token;

        var memory = new MemoryStream();
        byte[] body;
        using (var writer = new JsonTextWriter(new StreamWriter(memory)))
        {
            writer.WriteStartObject();
            writer.WritePropertyName(Constants.Parameters.AccessToken);
            writer.WriteValue(accessToken);
            writer.WritePropertyName(Constants.Parameters.TokenType);
            writer.WriteValue(Constants.TokenTypes.Bearer);
            if (accessTokenExpiresUtc.HasValue)
            {
                TimeSpan? expiresTimeSpan = accessTokenExpiresUtc - currentUtc;
                var expiresIn = (long)expiresTimeSpan.Value.TotalSeconds;
                if (expiresIn > 0)
                {
                    writer.WritePropertyName(Constants.Parameters.ExpiresIn);
                    writer.WriteValue(expiresIn);
                }
            }
            if (!String.IsNullOrEmpty(refreshToken))
            {
                writer.WritePropertyName(Constants.Parameters.RefreshToken);
                writer.WriteValue(refreshToken);
            }
         ...
于 2017-04-22T10:56:52.093 回答