如何处理 Stormpath ID 站点 JWT 响应

How to handle Stormpath ID Site JWT response

我正在尝试创建具有 Stormpath ID 站点授权的 ASP.NET 应用程序。我创建请求和响应操作并成功获得帐户。

但是接下来呢?如何告诉应用程序用户已通过身份验证?

public async Task<RedirectResult> Callback(string jwtResponse)
{
    var client = Request.GetStormpathClient();
    var app = await client.GetApplicationAsync(appUrl);
    var requestDescriptor = HttpRequests.NewRequestDescriptor()
    .WithMethod("GET")
    .WithUri("http://localhost:50084/Auth/Callback?jwtResponse=" + jwtResponse)
    .Build();
    var idSiteListener = app.NewIdSiteAsyncCallbackHandler(requestDescriptor);
    var accountResult = await idSiteListener.GetAccountResultAsync();
    var account = accountResult.GetAccountAsync().Result; //Account
    //What I must do here to tell application that user is authenticated
    return Redirect("/");
}

您可以将 JWT 换成 Stormpath 访问令牌,而不是从 ID 站点响应中获取帐户:

public async Task<RedirectResult> Callback(string jwtResponse)
{
    var client = Request.GetStormpathClient();
    var app = await client.GetApplicationAsync(appUrl);

    var exchangeRequest = new StormpathTokenGrantRequest
    {
        Token = jwtResponse
    });

    var grantResponse = await application.ExecuteOauthRequestAsync(exchangeRequest);

    // Return grantResponse.AccessTokenString in a secure HTTPOnly cookie, or as a JSON response
}

如果您使用 Stormpath ASP.NET plugin, you can enable ID Site,这将自动为您处理。

免责声明:我是包的作者。