/// <summary> /// 验证客户端身份 /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; if (context.TryGetBasicCredentials(out clientId, out clientSecret) == false) { context.TryGetFormCredentials(out clientId, out clientSecret); } var loginWay = context.Parameters.Get("loginway"); if (string.IsNullOrEmpty(loginWay)) { context.SetError("invalid_loginway", "未收到LoginWay."); return; } if (context.ClientId == null) { context.SetError("invalid_clientId", "未收到ClientId."); return; } var client = await _clientPolicyServices.FindClientAsync(context.ClientId); if (client == null) { context.SetError("invalid_clientId", string.Format("客户端'{0}'未在系统中注册.", context.ClientId)); return; } if (client.ClientSecret != TokenHelper.BuildHashToken(clientSecret)) { context.SetError("invalid_client", "客户端密钥无效"); return; } if (!client.IsActive) { context.SetError("invalid_clientId", "客户端未被激活."); return; } context.OwinContext.Set <AppClientRecord>("jytOAuth2:client", client); context.OwinContext.Set <string>("AppLoginModel", loginWay); context.Validated(); }
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var client = context.OwinContext.Get <AppClientRecord>("jytOAuth2:client"); context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { client.AllowedOrigin }); var hashedTokenId = TokenHelper.BuildHashToken(context.Token); var refreshToken = await _refreshTokenService.GetAsync(hashedTokenId); if (refreshToken != null) { context.DeserializeTicket(refreshToken.ProtectedTicket); await _refreshTokenService.RemoveAsync(context.Token);//及时移除旧的令牌 } }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { var refreshTokenId = Guid.NewGuid().ToString("n"); var client = context.OwinContext.Get <AppClientRecord>("jytOAuth2:client"); if (client == null) { return; } var refreshToken = new RefreshTokenRecord() { TokenId = TokenHelper.BuildHashToken(refreshTokenId), ClientId = client.ClientId, Subject = context.Ticket.Identity.Name, IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(client.RefreshTokenLifecycle))//刷新令牌过期时间 }; context.Ticket.Properties.IssuedUtc = refreshToken.IssuedUtc; context.Ticket.Properties.ExpiresUtc = refreshToken.ExpiresUtc; //这里不能随便移动,否则可能导致无法刷新令牌 refreshToken.ProtectedTicket = context.SerializeTicket(); //保存刷新令牌 var saveResult = (int)await _refreshTokenService.SaveAsync(refreshToken); var isOK = saveResult > 0 ? true : false; if (isOK) { context.SetToken(refreshTokenId); } }