/// <summary>
/// 验证客户端身份
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
if (context.TryGetBasicCredentials(out clientId, out clientSecret) == false)
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
var loginWay = context.Parameters.Get("loginway");
if (string.IsNullOrEmpty(loginWay))
{
context.SetError("invalid_loginway", "未收到LoginWay.");
return;
}
if (context.ClientId == null)
{
context.SetError("invalid_clientId", "未收到ClientId.");
return;
}
var client = await _clientPolicyServices.FindClientAsync(context.ClientId);
if (client == null)
{
context.SetError("invalid_clientId", string.Format("客户端'{0}'未在系统中注册.", context.ClientId));
return;
}
if (client.ClientSecret != TokenHelper.BuildHashToken(clientSecret))
{
context.SetError("invalid_client", "客户端密钥无效");
return;
}
if (!client.IsActive)
{
context.SetError("invalid_clientId", "客户端未被激活.");
return;
}
context.OwinContext.Set <AppClientRecord>("jytOAuth2:client", client);
context.OwinContext.Set <string>("AppLoginModel", loginWay);
context.Validated();
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var client = context.OwinContext.Get <AppClientRecord>("jytOAuth2:client");
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { client.AllowedOrigin });
var hashedTokenId = TokenHelper.BuildHashToken(context.Token);
var refreshToken = await _refreshTokenService.GetAsync(hashedTokenId);
if (refreshToken != null)
{
context.DeserializeTicket(refreshToken.ProtectedTicket);
await _refreshTokenService.RemoveAsync(context.Token);//及时移除旧的令牌
}
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var refreshTokenId = Guid.NewGuid().ToString("n");
var client = context.OwinContext.Get <AppClientRecord>("jytOAuth2:client");
if (client == null)
{
return;
}
var refreshToken = new RefreshTokenRecord()
{
TokenId = TokenHelper.BuildHashToken(refreshTokenId),
ClientId = client.ClientId,
Subject = context.Ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(client.RefreshTokenLifecycle))//刷新令牌过期时间
};
context.Ticket.Properties.IssuedUtc = refreshToken.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = refreshToken.ExpiresUtc;
//这里不能随便移动,否则可能导致无法刷新令牌
refreshToken.ProtectedTicket = context.SerializeTicket();
//保存刷新令牌
var saveResult = (int)await _refreshTokenService.SaveAsync(refreshToken);
var isOK = saveResult > 0 ? true : false;
if (isOK)
{
context.SetToken(refreshTokenId);
}
}
