从Google Auth接收JWT令牌,而不是收到索赔
我们正在使用.NET Core 3.1和Google身份验证。这是我们当前拥有的代码:
startup.cs:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddGoogle(googleOptions =>
{
googleOptions.ClientId = "CLIENT_ID"
googleOptions.ClientSecret = "CLIENT_SECRET"
})
.AddCookie(options =>
{
options.LoginPath = "/Account/Login";
options.AccessDeniedPath = "/Error/403";
});
accountController.cs:
public class AccountController : BaseController
{
[AllowAnonymous]
public IActionResult SignInGoogle()
{
return Challenge(new AuthenticationProperties
{
RedirectUri = Url.Action(nameof(SignInReturn))
}, GoogleDefaults.AuthenticationScheme);
}
[AllowAnonymous]
public IActionResult SignInReturn()
{
// Do stuff with the user here. Their information is in the User
// property of the controller.
return Ok();
}
}
当用户访问/account/account/signingoogle时,它们被重定向到Google登录页面。一旦成功登录,它们就会重定向到/account/sign intinreturn。如果我在那里放置断点,我可以看到索赔是在用户属性中设置的。
但是,我们不希望自动设置用户属性。我们也不希望一旦调用signReturn,我们也不希望将用户视为已登录。我们只想接收有关用户的信息(名称,姓氏,电子邮件),然后继续进行我们的自定义索赔处理逻辑。是否可以?
We are using .NET Core 3.1 and Google Authentication. This is the code that we have currently:
Startup.cs:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddGoogle(googleOptions =>
{
googleOptions.ClientId = "CLIENT_ID"
googleOptions.ClientSecret = "CLIENT_SECRET"
})
.AddCookie(options =>
{
options.LoginPath = "/Account/Login";
options.AccessDeniedPath = "/Error/403";
});
AccountController.cs:
public class AccountController : BaseController
{
[AllowAnonymous]
public IActionResult SignInGoogle()
{
return Challenge(new AuthenticationProperties
{
RedirectUri = Url.Action(nameof(SignInReturn))
}, GoogleDefaults.AuthenticationScheme);
}
[AllowAnonymous]
public IActionResult SignInReturn()
{
// Do stuff with the user here. Their information is in the User
// property of the controller.
return Ok();
}
}
When users visit /Account/SignInGoogle, they are redirected to Google sign in page. Once they log in successfully, they are redirected back to /Account/SignInReturn. If I place a breakpoint there, I can see that claims are set inside User property.
However, we don't want the User property to be automatically set. We also don't want that the user is considered as logged-in once SignInReturn is called. We would just like to receive information about the user (name, surname, email) and then proceed with our custom claims handling logic. Is it possible?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Google Auth使用OAuth2协议。 Google身份验证软件包只需将OAuth包装在AuthenticationBuilder设置中即可。通过使用任何OAuth2库,您可以在Aspnetcore AuthenticationBuilder之外进行身份验证并检索JWT。
另请参阅:
Google auth uses the OAuth2 protocol. The Google Authentication package just wraps OAuth in an AuthenticationBuilder setup. By using any OAUth2 library you can authenticate outside of the AspNetCore AuthenticationBuilder and retrieve the JWT.
See also: What is the best OAuth2 C# library?
您可以通过处理
ongreatingticket事件访问令牌:请注意,除非您指定
google> google> acccessType =“ offline”;,否则您将无法获得刷新令牌;仅在您第一次同意时才能获取(如果您需要刷新令牌,则可以触发重新评估)。或者,您可以遵循Microsoft所列出的方法,该方法基本上将令牌保存在cookie中。您可以在文档在这里。
You can access the tokens by handling the
OnCreatingTicketevent:Note that you don't get the refresh token unless you specify
googleOptions.AccessType = "offline";and even then you only get them when you first consent (you can trigger reconsent if you require the refresh token).Or you can follow the approach set out by Microsoft, which basically saves the tokens in a cookie. You can read about that in the documentation here.