0

我在服务器端使用 Openiddict 库进行 OAuth2 身份验证。我们使用 Asp.Net Core - 服务器端,Angular 2 - 客户端。处理授权请求后,服务器重定向到以下带有用户确认表单的 URL。请参见下面的示例代码:

 [Authorize]
    [HttpGet]
    [Route(RouteConst.OAuth.AUTHORIZE)]
    [EnableCors(CommonConst.ALLOW_ALL)]
    public async Task<IActionResult> Authorize()
    {
        var request = this.HttpContext.GetOpenIdConnectRequest();
        // Retrieve the application details from the database.
        var application = await this._applicationManager.FindByClientIdAsync(request.ClientId, this.HttpContext.RequestAborted);
        if (application == null)
        {
            return this.BadRequest(new ErrorUI
            {
                Error = OpenIdConnectConstants.Errors.InvalidClient,
                ErrorDescription = "Details concerning the calling client application cannot be found in the database"
            });
        }

        return this.Redirect($"/app/profile?oauth={request.Scope}&application={application.DisplayName}&requestId={request.RequestId}");
    }

重定向后用户可以看到确认表单,然后单击接受(拒绝)按钮。在Openiddict 代码示例中使用了 MvcBinders 和 Razor 视图,但是当我尝试从 Angular 视图创建到服务器的类似 POST 请求时 - OpenIdConnectRequest 为空。

为什么重定向到本地 URL 后 OpenIdConnectRequest 为空?我可以在不使用 MVC 的情况下在 CORS POST 请求中到达 Accept Authorize 端点吗?

启动设置:

 services.AddOpenIddict(options =>
        {
            options.AddEntityFrameworkCoreStores<ApplicationDbContext>();

            options.EnableAuthorizationEndpoint(RouteConst.OAuth.AUTHORIZE)
                .EnableLogoutEndpoint(RouteConst.OAuth.LOGOUT)
                .EnableTokenEndpoint(RouteConst.OAuth.TOKEN)
                .EnableUserinfoEndpoint(RouteConst.USERINFO);

            options.AllowAuthorizationCodeFlow();

            options.EnableRequestCaching();
        });

接受端点:

 [Authorize]
    [HttpPost]
    [Route(RouteConst.OAuth.AUTHORIZE)]
    [FormValueRequired("submit.Accept")]
    public async Task<IActionResult> Accept()
    {
        var request = this.HttpContext.GetOpenIdConnectRequest();
        // Retrieve the profile of the logged in user.
        var user = await this._userManager.GetUserAsync(this.User);
        if (user == null)
        {
            return this.BadRequest(new ErrorUI
            {
                Error = OpenIdConnectConstants.Errors.ServerError,
                ErrorDescription = "An internal error has occurred"
            });
        }

        // Create a new authentication ticket.
        var ticket = await this.CreateTicketAsync(request, user);

        // Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
        return this.SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
    }
4

0 回答 0