当我向api提出Unauthorized
请求时,我试图返回自定义错误响应消息。我尝试了几种事件处理程序来更改响应,但是在我看来,它们似乎都不起作用。
什么是适当的openiddict
事件处理程序,用于在未经授权的情况下更改响应?
到目前为止我尝试过的。
public class CustomAuthorizationHandler : IOpenIddictServerEventHandler<OpenIddictServerEvents.ApplyTokenResponse>
{
public Task HandleAsync(OpenIddictServerEvents.ApplyTokenResponse notification, CancellationToken cancellationToken)
{
}
}
public class CustomAuthorizationResponseHandler : IOpenIddictServerEventHandler<OpenIddictServerEvents.ApplyAuthorizationResponse>
{
public Task HandleAsync(OpenIddictServerEvents.ApplyAuthorizationResponse notification, CancellationToken cancellationToken)
{
}
}
public class CustomValidateAuthorizationRequestHandler : IOpenIddictServerEventHandler<OpenIddictServerEvents.HandleAuthorizationRequest>
{
public Task HandleAsync(OpenIddictServerEvents.HandleAuthorizationRequest notification, CancellationToken cancellationToken)
{
}
}
在Startup.cs中添加服务器
services.AddOpenIddict().AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<AWSContext>()
.ReplaceDefaultEntities<Guid>();
}).AddServer(options =>
{
options.UseMvc();
options.EnableAuthorizationEndpoint("/connect/authorize")
.EnableTokenEndpoint("/connect/token")
.EnableLogoutEndpoint("/connect/logout")
.EnableIntrospectionEndpoint("/connect/introspect")
.EnableUserinfoEndpoint("/api/userinfo");
options.AllowClientCredentialsFlow();
options.RegisterScopes(OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
options.AddEphemeralSigningKey();
options.AllowImplicitFlow();
options.DisableHttpsRequirement();
options.AddEventHandler<OpenIddictServerEvents.ApplyTokenResponse, CustomAuthorizationHandler>();
options.AddEventHandler<OpenIddictServerEvents.ApplyAuthorizationResponse, CustomAuthorizationResponseHandler>();
options.AddEventHandler<OpenIddictServerEvents.HandleAuthorizationRequest, CustomValidateAuthorizationRequestHandler>();
//options.AddDevelopmentSigningCertificate();
options.UseJsonWebTokens();
});//.AddValidation();
Controller
[HttpGet("~/home/message")]
[Authorize(AuthenticationSchemes = OpenIddictValidationDefaults.AuthenticationScheme)]
public async Task<IActionResult> GetMessage()
{
var subject = User.FindFirst(OpenIdConnectConstants.Claims.Subject)?.Value;
if (string.IsNullOrEmpty(subject))
{
return BadRequest();
}
var application = await _applicationManager.FindByClientIdAsync(subject, HttpContext.RequestAborted);
if (application == null)
{
return BadRequest();
}
return Content($"{application.DisplayName} has been successfully authenticated.");
}
邮递员收到401错误:
仅是代码示例,如果使用AddJwtBearer
自定义错误作为响应:
services.AddAuthentication("myschema")
.AddJwtBearer("myschema", options =>
{
options.Authority = "http://localhost:54540/";
options.Audience = "resource_server";
options.RequireHttpsMetadata = false;
options.Events = new JwtBearerEvents();
options.Events.OnChallenge = context =>
{
// Skip the default logic.
context.HandleResponse();
if (string.IsNullOrEmpty(context.HttpContext.Request.Headers["Authorization"]))
{
var payload = new JObject
{
["error"] = "No token",
["error_description"] = "No token",
};
return context.Response.WriteAsync(payload.ToString());
}
else
{
var payload = new JObject
{
["error"] = context.Error,
["error_description"] = context.ErrorDescription,
["error_uri"] = context.ErrorUri
};
return context.Response.WriteAsync(payload.ToString());
}
};
});
并采取行动:
[Authorize(AuthenticationSchemes = "myschema")]
[HttpGet("message")]
public async Task<IActionResult> GetMessage()
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return BadRequest();
}
return Content($"{user.UserName} has been successfully authenticated.");
}