public static async Task<bool> SaveOAuthUserTokenAsync(OAuthAccessTokenResult result) { double now = CommonHelper.GetUnixTimeNow(); UserInfoRedis u = new UserInfoRedis(); u.Openid = result.openid; u.Unionid = result.unionid; u.AccessToken = result.access_token; u.ExpireIn = (now + result.expires_in).ToString(); u.RefreshToken = result.refresh_token; return await RedisManager.SaveObjectAsync(u); }
/// <summary> /// OAuthScope.snsapi_userinfo方式回调 /// </summary> /// <param name="code"></param> /// <param name="state"></param> /// <param name="returnUrl">用户最初尝试进入的页面</param> /// <returns></returns> public ActionResult UserInfoCallback(string code, string state, string returnUrl) { if (string.IsNullOrEmpty(code)) { return(Content("您拒绝了授权!")); } if (state != HttpContext.Session.GetString("State")) { //这里的state其实是会暴露给客户端的,验证能力很弱,这里只是演示一下, //建议用完之后就清空,将其一次性使用 //实际上可以存任何想传递的数据,比如用户ID,并且需要结合例如下面的Session["OAuthAccessToken"]进行验证 return(Content("验证失败!请从正规途径进入!")); } OAuthAccessTokenResult result = null; //通过,用code换取access_token try { result = OAuthApi.GetAccessToken(appId, appSecret, code); } catch (Exception ex) { return(Content(ex.Message)); } if (result.errcode != ReturnCode.请求成功) { return(Content("错误:" + result.errmsg)); } //下面2个数据也可以自己封装成一个类,储存在数据库中(建议结合缓存) //如果可以确保安全,可以将access_token存入用户的cookie中,每一个人的access_token是不一样的 HttpContext.Session.SetString("OAuthAccessTokenStartTime", SystemTime.Now.ToString()); HttpContext.Session.SetString("OAuthAccessToken", result.ToJson()); //因为第一步选择的是OAuthScope.snsapi_userinfo,这里可以进一步获取用户详细信息 try { if (!string.IsNullOrEmpty(returnUrl)) { return(Redirect(returnUrl)); } OAuthUserInfo userInfo = OAuthApi.GetUserInfo(result.access_token, result.openid); return(View(userInfo)); } catch (ErrorJsonResultException ex) { return(Content(ex.Message)); } }