中间件将token保存在哪里?

Where does middleware save token?

我有一个用 vb.net 编写的启动中间件。它成功地让用户登录并为他们创建声明。我可以使用以下代码从应用程序的单独页面访问声明。

Dim claimsID As ClaimsIdentity = HttpContext.Current.User.Identity

我想不通的是如何访问用户令牌,以便我可以将其用于图形 api 调用。

这是startup.vb

Imports Owin
Imports Microsoft.Owin
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.Cookies
Imports Microsoft.Owin.Security.OpenIdConnect
Imports Microsoft.Owin.Security.Notifications
Imports Microsoft.IdentityModel.Protocols.OpenIdConnect
Imports Microsoft.IdentityModel.Tokens
Imports Microsoft.Identity.Client
Imports System.Threading.Tasks

<Assembly: OwinStartup(GetType(WEBCOMLogin.Startup))>
Namespace WEBCOMLogin
    Public Class Startup

        Private clientId As String = System.Configuration.ConfigurationManager.AppSettings("ClientId")
        Private redirectUri As String = System.Configuration.ConfigurationManager.AppSettings("RedirectUri")
        Shared tenant As String = System.Configuration.ConfigurationManager.AppSettings("Tenant")
        Private authority As String = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings("Authority"), tenant)

        Public Sub Configuration(ByVal app As IAppBuilder)
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
            app.UseCookieAuthentication(New CookieAuthenticationOptions())
            app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions With {
                .clientId = clientId,
                .authority = authority,
                .redirectUri = redirectUri,
                .PostLogoutRedirectUri = redirectUri,
                .Scope = OpenIdConnectScope.OpenIdProfile,
                .ResponseType = OpenIdConnectResponseType.IdToken,
                .ResponseMode = OpenIdConnectResponseMode.FormPost,
                .SaveTokens = True,
                .RedeemCode = True,
                .tokenvalidationparameters = New tokenvalidationparameters With {
                    .ValidateIssuer = False
                },
                .Notifications = New OpenIdConnectAuthenticationNotifications With {
                    .AuthenticationFailed = AddressOf OnAuthenticationFailedAsync,
                    .AuthorizationCodeReceived = AddressOf OnAuthorizationCodeReceivedAsync
                }
            })
        End Sub

        Private Shared Function OnAuthenticationFailedAsync(ByVal notification As AuthenticationFailedNotification(Of OpenIdConnectMessage, OpenIdConnectAuthenticationOptions)) As Task
            notification.HandleResponse()
            Dim redirect As String = "owinerror.aspx?errormessage=" & notification.Exception.Message

            notification.Response.Redirect(redirect)
            Return Task.FromResult(0)
        End Function

        Private Async Function OnAuthorizationCodeReceivedAsync(ByVal notification As AuthorizationCodeReceivedNotification) As Task

            Dim idClient = ConfidentialClientApplicationBuilder.Create(clientId).WithTenantId(tenant).Build()

            Dim scopes As String = OpenIdConnectScope.OpenIdProfile
            Dim result = Await idClient.AcquireTokenByAuthorizationCode(scopes, notification.Code).ExecuteAsync()

            Dim userToken As String = result.AccessToken

        End Function

    End Class
End Namespace

默认情况下,当您设置 SaveTokens = True 时,OpenIDConnect 会将令牌 (id/access/refresh) 传递给 cookie 处理程序,cookie 处理程序默认会将它们存储在会话 cookie 中。

要稍后访问令牌,您可以在控制器中使用以下方式访问它们:

string accessToken = await HttpContext.GetTokenAsync("access_token");

string idToken = await HttpContext.GetTokenAsync("id_token");

string refreshToken = await HttpContext.GetTokenAsync("refresh_token");

string tokenType = await HttpContext.GetTokenAsync("token_type");         

string accessTokenExpire = await HttpContext.GetTokenAsync("expires_at");