如何处理 Stormpath ID 站点 JWT 响应
How to handle Stormpath ID Site JWT response
我正在尝试创建具有 Stormpath ID 站点授权的 ASP.NET 应用程序。我创建请求和响应操作并成功获得帐户。
但是接下来呢?如何告诉应用程序用户已通过身份验证?
public async Task<RedirectResult> Callback(string jwtResponse)
{
var client = Request.GetStormpathClient();
var app = await client.GetApplicationAsync(appUrl);
var requestDescriptor = HttpRequests.NewRequestDescriptor()
.WithMethod("GET")
.WithUri("http://localhost:50084/Auth/Callback?jwtResponse=" + jwtResponse)
.Build();
var idSiteListener = app.NewIdSiteAsyncCallbackHandler(requestDescriptor);
var accountResult = await idSiteListener.GetAccountResultAsync();
var account = accountResult.GetAccountAsync().Result; //Account
//What I must do here to tell application that user is authenticated
return Redirect("/");
}
您可以将 JWT 换成 Stormpath 访问令牌,而不是从 ID 站点响应中获取帐户:
public async Task<RedirectResult> Callback(string jwtResponse)
{
var client = Request.GetStormpathClient();
var app = await client.GetApplicationAsync(appUrl);
var exchangeRequest = new StormpathTokenGrantRequest
{
Token = jwtResponse
});
var grantResponse = await application.ExecuteOauthRequestAsync(exchangeRequest);
// Return grantResponse.AccessTokenString in a secure HTTPOnly cookie, or as a JSON response
}
如果您使用 Stormpath ASP.NET plugin, you can enable ID Site,这将自动为您处理。
免责声明:我是包的作者。
我正在尝试创建具有 Stormpath ID 站点授权的 ASP.NET 应用程序。我创建请求和响应操作并成功获得帐户。
但是接下来呢?如何告诉应用程序用户已通过身份验证?
public async Task<RedirectResult> Callback(string jwtResponse)
{
var client = Request.GetStormpathClient();
var app = await client.GetApplicationAsync(appUrl);
var requestDescriptor = HttpRequests.NewRequestDescriptor()
.WithMethod("GET")
.WithUri("http://localhost:50084/Auth/Callback?jwtResponse=" + jwtResponse)
.Build();
var idSiteListener = app.NewIdSiteAsyncCallbackHandler(requestDescriptor);
var accountResult = await idSiteListener.GetAccountResultAsync();
var account = accountResult.GetAccountAsync().Result; //Account
//What I must do here to tell application that user is authenticated
return Redirect("/");
}
您可以将 JWT 换成 Stormpath 访问令牌,而不是从 ID 站点响应中获取帐户:
public async Task<RedirectResult> Callback(string jwtResponse)
{
var client = Request.GetStormpathClient();
var app = await client.GetApplicationAsync(appUrl);
var exchangeRequest = new StormpathTokenGrantRequest
{
Token = jwtResponse
});
var grantResponse = await application.ExecuteOauthRequestAsync(exchangeRequest);
// Return grantResponse.AccessTokenString in a secure HTTPOnly cookie, or as a JSON response
}
如果您使用 Stormpath ASP.NET plugin, you can enable ID Site,这将自动为您处理。
免责声明:我是包的作者。