gpt4 book ai didi

c# - 动态附加 OWIN JWT 资源服务器应用程序客户端(受众)

转载 作者:可可西里 更新时间:2023-11-01 08:12:11 36 4
gpt4 key购买 nike

我有一个使用 OWIN JWT 进行身份验证的 C# API。

我的 startup.cs(我的资源服务器)通过代码配置 OAuth:

public void ConfigureOAuth(IAppBuilder app)
{
var issuer = "<the_same_issuer_as_AuthenticationServer.Api>";

// Api controllers with an [Authorize] attribute will be validated with JWT
var audiences = DatabaseAccessLayer.GetAllowedAudiences(); // Gets a list of audience Ids, secrets, and names (although names are unused)

// List the
List<string> audienceId = new List<string>();
List<IIssuerSecurityTokenProvider> providers = new List<IIssuerSecurityTokenProvider>();
foreach (var aud in audiences) {
audienceId.Add(aud.ClientId);
providers.Add(new SymmetricKeyIssuerSecurityTokenProvider(issuer, TextEncodings.Base64Url.Decode(aud.ClientSecret)));
}

app.UseJwtBearerAuthentication(
new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AllowedAudiences = audienceId.ToArray(),
IssuerSecurityTokenProviders = providers.ToArray(),
Provider = new OAuthBearerAuthenticationProvider
{
OnValidateIdentity = context =>
{
context.Ticket.Identity.AddClaim(new System.Security.Claims.Claim("newCustomClaim", "newValue"));
return Task.FromResult<object>(null);
}
}
});
}

允许根据多个 ClientID 再次检查经过身份验证的承载 token 。 效果很好。但是,我的 Web 应用程序允许用户创建新的应用程序受众(、新的 ClientIDClientSecretClientName 组合),但发生这种情况后,我不知道如何让资源服务器的 JwtBearerAuthenticationOptions 识别新创建的受众。

我可以在新观众之后重新启动服务器,以便 ConfigureOAuth() 重新运行,但从长远来看,这不是一个好方法。

有没有人知道如何添加受众(,一个新的 **ClientIDClientSecretClientName 组合)到 startup.cs 和 ConfigureOAuth()?**

之外的 OWIN 应用程序 JwtBearerAuthenticationOptions

我一直在寻找:https://docs.auth0.com/aspnetwebapi-owin-tutorialhttp://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/寻求帮助,但两个代码示例都显示了上述相同的问题。

最佳答案

以下在使用 X509CertificateSecurityTokenProvider 时有效。它已被修改为使用 SymmetricKeyIssuerSecurityTokenProvider,但尚未经过测试。

public void ConfigureOAuth(IAppBuilder app)
{
var issuer = "<the_same_issuer_as_AuthenticationServer.Api>";

// Api controllers with an [Authorize] attribute will be validated with JWT
Func<IEnumerable<Audience>> allowedAudiences = () => DatabaseAccessLayer.GetAllowedAudiences();

var bearerOptions = new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtFormat(new TokenValidationParameters
{
AudienceValidator = (audiences, securityToken, validationParameters) =>
{
return allowedAudiences().Select(x => x.ClientId).Intersect(audiences).Count() > 0;
},
ValidIssuers = new ValidIssuers { Audiences = allowedAudiences },
IssuerSigningTokens = new SecurityTokensTokens(issuer) { Audiences = allowedAudiences }
})
};
app.UseOAuthBearerAuthentication(bearerOptions);
}

public abstract class AbstractAudiences<T> : IEnumerable<T>
{
public Func<IEnumerable<Audience>> Audiences { get; set; }

public abstract IEnumerator<T> GetEnumerator();

System.Collections.IEnumerator System.Collections.IEnumerable.GetEnumerator()
{
throw new NotImplementedException();
}
}

public class SecurityTokensTokens : AbstractAudiences<SecurityToken>
{
private string issuer;

public SecurityTokensTokens(string issuer)
{
this.issuer = issuer;
}

public override IEnumerator<SecurityToken> GetEnumerator()
{
foreach (var aud in Audiences())
{
foreach (var securityToken in new SymmetricKeyIssuerSecurityTokenProvider(issuer, TextEncodings.Base64Url.Decode(aud.ClientSecret)).SecurityTokens)
{
yield return securityToken;
};
}
}
}

public class ValidIssuers : AbstractAudiences<string>
{
public override IEnumerator<string> GetEnumerator()
{
foreach (var aud in Audiences())
{
yield return aud.ClientSecret;
}
}
}

关于c# - 动态附加 OWIN JWT 资源服务器应用程序客户端(受众),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27237596/

36 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com