2017-04-22 58 views
1

我想通過刷新令牌更改聲明的值。我刷新令牌提供者是這樣的:如何更改刷新令牌中的聲明值和承載驗證

public class MyRefreshTokenProvider : AuthenticationTokenProvider 
{ 
    public override void Create(AuthenticationTokenCreateContext context) 
    { 
    ... 
    var claim = context.Ticket.Identity.FindFirst(ClaimTypes.UserData); 
    if (claim != null) 
    { 
     context.Ticket.Identity.RemoveClaim(claim); 
     context.Ticket.Identity.AddClaim(new Claim(ClaimTypes.UserData, "New Value")); 
    } 

    context.SetToken(context.SerializeTicket()); 
    } 

    public override void Receive(AuthenticationTokenReceiveContext context) 
    { 
    context.DeserializeTicket(context.Token); 
    } 
} 

而且在啓動類:

app.UseOAuthBearerTokens(new OAuthAuthorizationServerOptions 
    { 
    ... 
    RefreshTokenProvider = new MyRefreshTokenProvider() 
    }); 

刷新令牌請求,沒有錯誤完成。但是,當我使用新的訪問令牌時,聲明價值仍然是舊的。

我的方法正確嗎?或者,如何更改承載身份驗證中的聲明值?

回答

0

最後我找到了解決方案。我不得不延長AccessTokenProviderOAuthAuthorizationServerOptions代替RefreshTokenProvider

app.UseOAuthBearerTokens(new OAuthAuthorizationServerOptions 
{ 
    ... 
    AccessTokenProvider = new MyAccessTokenProvider(), 
    RefreshTokenProvider = new MyRefreshTokenProvider() 
}); 

public class MyAccessTokenProvider : AuthenticationTokenProvider 
{ 
    public override void Create(AuthenticationTokenCreateContext context) 
    { 
    ... 
    var claim = context.Ticket.Identity.FindFirst(ClaimTypes.UserData); 
    if (claim != null) 
    { 
     context.Ticket.Identity.RemoveClaim(claim); 
     context.Ticket.Identity.AddClaim(new Claim(ClaimTypes.UserData, "New Value")); 
    } 

    context.SetToken(context.SerializeTicket()); 
    } 

    public override void Receive(AuthenticationTokenReceiveContext context) 
    { 
    context.DeserializeTicket(context.Token); 
    } 
} 

public class MyRefreshTokenProvider : AuthenticationTokenProvider 
{ 
    public override void Create(AuthenticationTokenCreateContext context) 
    { 
    context.SetToken(context.SerializeTicket()); 
    } 

    public override void Receive(AuthenticationTokenReceiveContext context) 
    { 
    context.DeserializeTicket(context.Token); 
    } 
} 

根據在Microsoft.Owin.Security.OAuthOAuthAuthorizationServerHandlerAccessTokenProvider只能更新清爽令牌。要更改索賠,應擴展AccessTokenProvider

private async Task InvokeTokenEndpointAsync() 
    { 
     ... 
     var accessTokenContext = new AuthenticationTokenCreateContext(
      Context, 
      Options.AccessTokenFormat, 
      ticket); 

     await Options.AccessTokenProvider.CreateAsync(accessTokenContext); 

     string accessToken = accessTokenContext.Token; 
     if (string.IsNullOrEmpty(accessToken)) 
     { 
      accessToken = accessTokenContext.SerializeTicket(); 
     } 
     DateTimeOffset? accessTokenExpiresUtc = ticket.Properties.ExpiresUtc; 

     var refreshTokenCreateContext = new AuthenticationTokenCreateContext(
      Context, 
      Options.RefreshTokenFormat, 
      accessTokenContext.Ticket); 
     await Options.RefreshTokenProvider.CreateAsync(refreshTokenCreateContext); 
     string refreshToken = refreshTokenCreateContext.Token; 

     var memory = new MemoryStream(); 
     byte[] body; 
     using (var writer = new JsonTextWriter(new StreamWriter(memory))) 
     { 
      writer.WriteStartObject(); 
      writer.WritePropertyName(Constants.Parameters.AccessToken); 
      writer.WriteValue(accessToken); 
      writer.WritePropertyName(Constants.Parameters.TokenType); 
      writer.WriteValue(Constants.TokenTypes.Bearer); 
      if (accessTokenExpiresUtc.HasValue) 
      { 
       TimeSpan? expiresTimeSpan = accessTokenExpiresUtc - currentUtc; 
       var expiresIn = (long)expiresTimeSpan.Value.TotalSeconds; 
       if (expiresIn > 0) 
       { 
        writer.WritePropertyName(Constants.Parameters.ExpiresIn); 
        writer.WriteValue(expiresIn); 
       } 
      } 
      if (!String.IsNullOrEmpty(refreshToken)) 
      { 
       writer.WritePropertyName(Constants.Parameters.RefreshToken); 
       writer.WriteValue(refreshToken); 
      } 
     ...