/// <summary> /// 客户端授权时的验证,授权类型为client_credentials /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task GrantClientCredentials(OAuthGrantClientCredentialsContext context) { var userService = context.HttpContext.ApplicationServices.GetService <UserService>(); var roleService = context.HttpContext.ApplicationServices.GetService <RoleService>(); var optionsMgr = context.HttpContext.ApplicationServices.GetService <IOptions <IdentityOptions> >(); User user = await userService.FindByUserToken(context.ClientId); if (user == null) { context.SetError("invalid_grant", Resources.Error_NotFounUserName); return; } UserClaimsPrincipalFactory <User, Role> claimsFactory = new UserClaimsPrincipalFactory <User, Role>(userService, roleService, optionsMgr); var principal = await claimsFactory.CreateAsync(user); AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(principal, properties, OAuthDefaults.AuthenticationType); context.Validated(ticket); }
/// <summary> /// Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials". This occurs when a registered client /// application wishes to acquire an "access_token" to interact with protected resources on it's own behalf, rather than on behalf of an authenticated user. /// If the web application supports the client credentials it may assume the context.ClientId has been validated by the ValidateClientAuthentication call. /// To issue an access token the context.Validated must be called with a new ticket containing the claims about the client application which should be associated /// with the access token. The application should take appropriate measures to ensure that the endpoint isn抰 abused by malicious callers. /// The default behavior is to reject this grant type. /// See also http://tools.ietf.org/html/rfc6749#section-4.4.2 /// </summary> /// <param name="context">The context of the event carries information in and results out.</param> /// <returns>Task to enable asynchronous execution</returns> public virtual Task GrantClientCredentials(OAuthGrantClientCredentialsContext context) { return(OnGrantClientCredentials.Invoke(context)); }