IdentityServer4实现自定义GrantType授权模式

OAuth 2.0 默认四种授权模式&＃xff08;GrantType&＃xff09;&＃xff1a;

• 授权码模式&＃xff08;authorization_code&＃xff09;

• 简化模式&＃xff08;implicit&＃xff09;

• 密码模式&＃xff08;password&＃xff09;

• 客户端模式&＃xff08;client_credentials&＃xff09;

使用 IdentityServer4&＃xff0c;我们可以自定义授权模式吗&＃xff1f;答案是可以的&＃xff0c;比如我们自定义实现一个anonymous授权模式&＃xff08;匿名访问&＃xff09;。

创建AnonymousGrantValidator&＃xff08;继承IExtensionGrantValidator&＃xff09;&＃xff1a;

public class AnonymousGrantValidator : IExtensionGrantValidator{  

 private readonly ITokenValidator _validator;  
 
  public AnonymousGrantValidator(ITokenValidator validator)    {_validator &＃61; validator;}  
   public string GrantType &＃61;> "anonymous";  

   public async Task ValidateAsync(ExtensionGrantValidationContext context)    {        //var userToken &＃61; context.Request.Raw.Get("token");//if (string.IsNullOrEmpty(userToken))//{//    context.Result &＃61; new GrantValidationResult(TokenRequestErrors.InvalidGrant);//    return;//}//var result &＃61; await _validator.ValidateAccessTokenAsync(userToken);//if (result.IsError)//{//    context.Result &＃61; new GrantValidationResult(TokenRequestErrors.InvalidGrant);//    return;//}// get user&＃39;s identity//var sub &＃61; result.Claims.FirstOrDefault(c &＃61;> c.Type &＃61;&＃61; "sub").Value;var claims &＃61; new List() { new Claim("role", GrantType) }; // Claim 用于配置服务站点 [Authorize("anonymous")]context.Result &＃61; new GrantValidationResult(GrantType, GrantType, claims);}
}

修改Client配置&＃xff1a;

new Client
{ClientId &＃61; "client1",AllowedGrantTypes &＃61; GrantTypes.List(GrantTypes.ResourceOwnerPassword.FirstOrDefault(), "anonymous"), //一个 Client 可以配置多个 GrantTypeAllowOfflineAccess &＃61; true,AccessTokenLifetime &＃61; 3600 * 6, //6小时SlidingRefreshTokenLifetime &＃61; 1296000, //15天ClientSecrets &＃61;{        new Secret("123".Sha256())},AllowedScopes &＃61; new List<string>{        "api2"}
}

DI 增加注入对象&＃xff1a;

builder.AddExtensionGrantValidator();

调用示例代码&＃xff1a;

public async Task AnonymousAsync(string userToken){    var payload &＃61; new{token &＃61; userToken};    // create token clientvar client &＃61; new TokenClient(disco.TokenEndpoint, "client1", "123");    // send custom grant to token endpoint, return responsereturn await client.RequestCustomGrantAsync("anonymous", "api2", payload);
}

Http 访问示例&＃xff1a;

POST /connect/tokengrant_type&＃61;anonymous&
scope&＃61;api2&
token&＃61;...&
client_id&＃61;api1.client
client_secret&＃61;secret

参考资料&＃xff1a;

• Extension Grants

相关文章&＃xff1a;

• IdentityServer4(OAuth2.0服务)折腾笔记

• IdentityServer4 实现 OpenID Connect 和 OAuth 2.0

• IdentityServer4 使用OpenID Connect添加用户身份验证

• IdentityServer4 ASP.NET Core的OpenID Connect OAuth 2.0框架学习保护API

• IdentityServer4 指定角色授权&＃xff08;Authorize(Roles&＃61;"admin"))

• IdentityServer4 SigningCredential&＃xff08;RSA 证书加密&＃xff09;

原文地址&＃xff1a;http://www.cnblogs.com/xishuai/p/identityserver4-implement-custom-granttype.html

.NET社区新闻&＃xff0c;深度好文&＃xff0c;微信中搜索dotNET跨平台或扫描二维码关注