public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
var userId = _userStore.CheckPassword(context.UserName, context.Password);
if (!string.IsNullOrEmpty(userId))
{
context.Result = new GrantValidationResult(userId, "pwd");
return(Task.CompletedTask);
}
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidClient, "用户名或密码错误");
return(Task.CompletedTask);
}
public async Task <bool> Handle(LoginRequest message, IOutboundPort <LoginResponse> outputPort)
{
var user = await _userStore.GetUserByName(message.Username);
if (user == null ||
!await _userStore.CheckPassword(user, message.Password))
{
return(false);
}
var roles = await _userStore.GetRoles(user);
var roleClaims = new List <Claim>();
roleClaims.AddRange(roles.Select(r => new Claim(ClaimTypes.Role, r)));
var identity = _claimsComposer.ComposeIdentity(user, roleClaims);
var response = new LoginResponse
{
UserName = user.Name,
AccessToken = new AccessToken
{
Token = _minter.Mint(identity, TokenType.UserAccess),
ExpiresIn = _minter.Options.TokenLifespan,
},
RefreshToken = new RefreshToken
{
Token = _minter.Mint(identity, TokenType.Refresh),
ExpiresAt = (DateTime.UtcNow + TimeSpan.FromSeconds(_minter.Options.RefreshTokenLifespan)),
IssuedTo = user.Guid,
IssuedBy = Dns.GetHostName(),
AccessCapacity = RoleValues.User
}
};
// Push the new refresh token to data store
user.RefreshTokens.Add(response.RefreshToken);
await _userStore.UpdateUser(user);
outputPort.Handle(response);
return(true);
}