问题描述
我正在尝试将 HotChocolate 用于 GraphQL API,以请求用户登录到我的 Blazor Webassembly 和 Xamarin 手机应用程序。我想知道这是否是使用此 API 创建安全登录响应的正确方法。我不确定您是否应该像我一样注入 UserManager。
public record AuthenticatedToken(string Access_Token,string UserName);
[UseDbContext(typeof(AppDbContext))]
public async Task<AuthenticatedToken> GetAuthenticationToken(AuthenticationTokenInput input,[ScopedService] AppDbContext context,[ScopedService] UserManager<IdentityUser> userManager,[Service] ITopicEventSender eventSender,CancellationToken cancellationToken)
{
IdentityUser user = await userManager.FindByNameAsync(input.userName);
bool confirmed = await userManager.CheckPasswordAsync(user,input.password);
if (!confirmed) return null;
var roles = from ur in context.UserRoles
join r in context.Roles on ur.RoleId equals r.Id
where ur.UserId == user.Id
select new { ur.UserId,ur.RoleId,r.Name };
List<Claim> claims = new()
{
new Claim(ClaimTypes.Name,user.UserName),new Claim(ClaimTypes.NameIdentifier,user.Id),new Claim(JwtRegisteredClaimNames.Nbf,new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds().ToString()),new Claim(JwtRegisteredClaimNames.Exp,new DateTimeOffset(DateTime.Now.AddHours(1)).ToUnixTimeSeconds().ToString())
};
foreach (var role in roles)
{
claims.Add(new Claim(ClaimTypes.Role,role.Name));
}
//Todo Change the bytes string
JwtSecurityToken token = new(new JwtHeader(new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("ThisIsATestKeyWillChangeLater")),SecurityAlgorithms.HmacSha256)),new JwtPayload(claims));
return new AuthenticatedToken(new JwtSecurityTokenHandler().Writetoken(token),user.UserName);
}
这进入启动configureservices
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = "JwtBearer";
options.DefaultChallengeScheme = "JwtBearer";
}).AddJwtBearer("JwtBearer",JwtBearerOptions =>
{
JwtBearerOptions.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuerSigningKey = true,IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("ThisIsATestKeyWillChangeLater")),ValidateIssuer = false,ValidateAudience = false,ValidateLifetime = true,ClockSkew = TimeSpan.FromMinutes(5)
};
});
我没有看到很多关于使用这个库进行登录身份验证的文档,我认为这对所有开发者也有帮助。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)