问题描述
我正在尝试配置 SwaggerUI 以使用LinkedIn Auth2登录,并根据我从LinkedIn检索到的信息来设置JWT令牌。但是,我遇到了两个问题:
- 当我单击Swagger UI进行授权并且成功在linkedin页面中登录后,我将重定向到另一个localhost选项卡,而不是我从其启动的那个选项卡,并且看不到“注销”。
- 一旦我设置了JWT令牌,并且调用了其他任何端点,我就会得到401“未经授权”。
我可能使这一过程复杂化了,但这是我的方法。
在 ConfigureServices 的 Startup.cs 中,我有:
services.AddAuthentication(option =>
{
option.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
option.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
option.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(option =>
{
Configuration.Bind($"{nameof(AppSettings.Security)}:{nameof(AppSettings.Security.Jwt)}",option);
option.Savetoken = true;
option.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(appSettings.Security.Jwt.ClientId)),ValidateIssuer = true,RequireExpirationTime = false,ValidateLifetime = true
};
option.Events = new JwtBearerEvents();
//only way I figured out how to get the access code that linked in is returning. Open to suggestion for a simpler way
option.Events.OnMessageReceived += context =>
{
if (context.Request.QueryString.HasValue)
{
var code = context.Request.QueryString.Value.ToString();
var before = code.IndexOf("?code=") + "?code=".Length;
int after = code.LastIndexOf("&state");
string accessCode = code[before..after];
//Getting the token using the accessCode
var client = new RestClient(appSettings.Security.Jwt.TokenUrl);
var request = new RestRequest(Method.POST);
request.AddParameter("application/x-www-form-urlencoded",$"grant_type=authorization_code&code={accessCode}&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fswagger%2Findex.html&client_id=myid&client_secret=mysecret",ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
var tokenKey = string.Empty;
var obj = new Token();
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
tokenKey = response.Content;
_token = JsonConvert.DeserializeObject<Token>(tokenKey);
//Getting user data from LinkedIn
client = new RestClient(appSettings.Security.Jwt.UserDataUrl);
request = new RestRequest(Method.GET);
request.AddHeader("Content-type","application/json");
request.AddHeader("Authorization",$"Bearer {_token.Access_Token}");
IRestResponse response2 = client.Execute(request);
if (response2.StatusCode == System.Net.HttpStatusCode.OK)
{
//Getting email address from LinkedIn
client = new RestClient(appSettings.Security.Jwt.UserEmailApiUrl);
request = new RestRequest(Method.GET);
request.AddHeader("Content-type","application/json");
request.AddHeader("Authorization",$"Bearer {_token.Access_Token}");
IRestResponse response3 = client.Execute(request);
var data = response2.Content;
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(appSettings.Security.Jwt.ClientSecret);
var tokenDescriptor = new SecurityTokenDescriptor
{
//For testing only,will use the actual data
Subject = new ClaimsIdentity(new[] { new Claim("Email","test@test.com" ) }),Expires = DateTime.UtcNow.AddMinutes(7),SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),SecurityAlgorithms.HmacSha256Signature)
};
var t = tokenHandler.Createtoken(tokenDescriptor);
tokenHandler.Writetoken(t);
}
}
}
return Task.CompletedTask;
};
});
services.AddTransient<IConfigureOptions<SwaggerGenoptions>,ConfigureSwaggerGenoptions>();
services.AddSwaggerGen();
注意*:我的重定向网址是:http:// localhost:5000 / swagger / oauth2-redirect.html
public void Configure(SwaggerGenoptions options)
{
options.OperationFilter<AuthorizeOperationFilter>();
options.SwaggerDoc("v1",new OpenApiInfo
{
Title = "My Api",Version = "v1"
});
options.AddSecurityDeFinition("OAuth2",new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,Flows = new OpenApiOAuthFlows
{
AuthorizationCode = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri(_settings.Security.Jwt.AuthUrl),Scopes = new Dictionary<string,string>
{
{ "r_liteprofile","" },{ "r_emailaddress","" }
},}
}
});
options.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,Id = "Bearer"
},Scheme = "OAuth2",Name = "Bearer",In = ParameterLocation.Header
},new List<string>()
}
});
}
AuthorizeOperationFilter.cs
public void Apply(OpenApiOperation operation,OperationFilterContext context)
{
var authAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
.Union(context.MethodInfo.GetCustomAttributes(true))
.OfType<AuthorizeAttribute>();
if (authAttributes.Any())
{
operation.Responses.Add(StatusCodes.Status401Unauthorized.ToString(),new OpenApiResponse { Description = nameof(HttpStatusCode.Unauthorized) });
operation.Responses.Add(StatusCodes.Status403Forbidden.ToString(),new OpenApiResponse { Description = nameof(HttpStatusCode.Forbidden) });
}
if (authAttributes.Any())
{
operation.Security = new List<OpenApiSecurityRequirement>();
var oauth2SecurityScheme = new OpenApiSecurityScheme()
{
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme,Id = "OAuth2" },};
operation.Security.Add(new OpenApiSecurityRequirement()
{
[oauth2SecurityScheme] = new[] { "OAuth2" }
});
}
}
最后,在 Startup.cs
中使用 Configure 方法app.UseAuthentication();
app.UseAuthorization();
app
.UseSwagger()
.UseSwaggerUI(option =>
{
option.SwaggerEndpoint($"/swagger/v1/swagger.json","v1");
option.OAuthClientId(appSettings.Security.Jwt.ClientId);
option.OAuth2RedirectUrl(appSettings.Security.Jwt.ReturnUrl);
option.OAuthAppName("LinkedIn");
option.OAuthUsePkce();
});
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)