使用 GraphQL/HotChocolate 的身份验证登录令牌

编程问答 2022-04-24

问题描述

我正在尝试将 HotChocolate 用于 GraphQL API,以请求用户登录到我的 Blazor Webassembly 和 Xamarin 手机应用程序。我想知道这是否是使用此 API 创建安全登录响应的正确方法。我不确定您是否应该像我一样注入 UserManager。

    public record AuthenticatedToken(string Access_Token,string UserName);

    [UseDbContext(typeof(AppDbContext))]
    public async Task<AuthenticatedToken> GetAuthenticationToken(AuthenticationTokenInput input,[ScopedService] AppDbContext context,[ScopedService] UserManager<IdentityUser> userManager,[Service] ITopicEventSender eventSender,CancellationToken cancellationToken)
    {
        IdentityUser user = await userManager.FindByNameAsync(input.userName);
        bool confirmed = await userManager.CheckPasswordAsync(user,input.password);
        if (!confirmed) return null;
        var roles = from ur in context.UserRoles
                    join r in context.Roles on ur.RoleId equals r.Id
                    where ur.UserId == user.Id
                    select new { ur.UserId,ur.RoleId,r.Name };
        List<Claim> claims = new()
        {
            new Claim(ClaimTypes.Name,user.UserName),new Claim(ClaimTypes.NameIdentifier,user.Id),new Claim(JwtRegisteredClaimNames.Nbf,new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds().ToString()),new Claim(JwtRegisteredClaimNames.Exp,new DateTimeOffset(DateTime.Now.AddHours(1)).ToUnixTimeSeconds().ToString())
        };
        foreach (var role in roles)
        {
            claims.Add(new Claim(ClaimTypes.Role,role.Name));
        }

        //Todo Change the bytes string
        JwtSecurityToken token = new(new JwtHeader(new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("ThisIsATestKeyWillChangeLater")),SecurityAlgorithms.HmacSha256)),new JwtPayload(claims));
        return new AuthenticatedToken(new JwtSecurityTokenHandler().Writetoken(token),user.UserName);
    }

这进入启动configureservices

        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = "JwtBearer";
            options.DefaultChallengeScheme = "JwtBearer";
        }).AddJwtBearer("JwtBearer",JwtBearerOptions =>
        {
            JwtBearerOptions.TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuerSigningKey = true,IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("ThisIsATestKeyWillChangeLater")),ValidateIssuer = false,ValidateAudience = false,ValidateLifetime = true,ClockSkew = TimeSpan.FromMinutes(5)
            };
        });

我没有看到很多关于使用这个库进行登录身份验证的文档,我认为这对所有开发者也有帮助。

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

authenticationgraphqlgraphqlhotchocolatewebapiwebapiwebapi