/// <summary> /// 验证Client Credentials[client_id与client_secret] /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { //http://localhost:48339/token //grant_type=client_credentials&client_id=irving&client_secret=123456&scope=user order /* * grant_type 授与方式(固定为 “client_credentials”) * client_id 分配的调用oauth的应用端ID * client_secret 分配的调用oaut的应用端Secret * scope 授权权限。以空格分隔的权限列表,若不传递此参数,代表请求用户的默认权限 */ //validate client credentials should be stored securely (salted, hashed, iterated) string clientId; string clientSecret; //context.TryGetBasicCredentials(out clientId, out clientSecret); context.TryGetFormCredentials(out clientId, out clientSecret); //验证用户名密码 var clientValid = await _clientAuthorizationService.ValidateClientAuthorizationSecretAsync(clientId, clientSecret); if (!clientValid) { //Flurl 404 问题 //context.Response.StatusCode = Convert.ToInt32(HttpStatusCode.OK); //context.Rejected(); context.SetError(AbpConstants.InvalidClient, AbpConstants.InvalidClientErrorDescription); return; } //need to make the client_id available for later security checks context.OwinContext.Set <string>("as:client_id", clientId); context.Validated(clientId); }
/// <summary> /// 验证客户端 [Authorization Basic Base64(clientId:clientSecret)|Authorization: Basic 5zsd8ewF0MqapsWmDwFmQmeF0Mf2gJkW] /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { //validate client credentials should be stored securely (salted, hashed, iterated) string clientId; string clientSecret; context.TryGetBasicCredentials(out clientId, out clientSecret); var clientValid = await _clientAuthorizationService.ValidateClientAuthorizationSecretAsync(clientId, clientSecret); if (!clientValid) { //context.Rejected(); context.SetError(AbpConstants.InvalidClient, AbpConstants.InvalidClientErrorDescription); return; } //need to make the client_id available for later security checks context.OwinContext.Set <string>("as:client_id", clientId); context.OwinContext.Set <string>("as:refresh_token_time", "36000"); context.Validated(clientId); }