identityserver4 自定义验证

继上一篇的密码授权模式，这篇会继续实现自定义授权模式
这里呢以微信小程序登录为例
首先打开授权中心在Validator添加WXAppletsGrantValidator.cs
实现IExtensionGrantValidator

      //wxappletsgrant自定义的授权类型
  public string GrantType => "wxappletsgrant";


        public async Task ValidateAsync(ExtensionGrantValidationContext context)
        {
            try
            {
                #region 参数获取 直接把授权后的openId 拿过来授权是不安全的，这里仅仅是一个Demo
                //var openId = context.Request.Raw[ParamConstants.OpenId];
                //var unionId = context.Request.Raw[ParamConstants.UnionId];
                //var userName = context.Request.Raw[ParamConstants.UserName];
                #endregion
                var openId = "xxxxxxssss";
                var unionId = "hgghgghg";
                #region 通过openId和unionId 参数来进行数据库的相关验证
                var claimList = await ValidateUserAsync(openId, unionId);
                #endregion

                #region 授权通过
                //授权通过返回
                context.Result = new GrantValidationResult
                (
                    subject: "111",
                    authenticationMethod: "custom",
                    claims: claimList.ToArray()
                );
                #endregion
            }
            catch (Exception ex)
            {
                context.Result = new GrantValidationResult()
                {
                    IsError = true,
                    Error = ex.Message
                };
            }
        }

        #region Private Method
        /// <summary>
        /// 验证用户
        /// </summary>
        /// <param name="loginName"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        private Task<List<Claim>> ValidateUserAsync(string openId, string unionId)
        {
            //这里可以通过openId 和unionId 来查询用户信息，我这里为了方便测试还是直接写测试的openId 相关信息用户
            var user = "";
            if (user == null)
            {
                //注册用户
                
            }

            return Task.FromResult(new List<Claim>()
            {
                new Claim(ClaimTypes.Name, $"hyq"),
                new Claim(ClaimTypes.Country,"CHN"),
                new Claim(ClaimTypes.Email,"hyq@hyq.com"),
            });
        }
        #endregion

添加GrantTypeConstants类并编辑

   public static ICollection<string> ResourceWXappletsGrant => new string[1]
       {
            "wxappletsgrant",
       };

修改Config.cs 添加Client

  new Client
                {
                    ClientId = "wxappletsgrant_Client",
                    ClientName = "Client WxAppletsGrant_Client",
                    ClientSecrets = { new Secret("wxappletsgrantclient".Sha256()) },
                    AllowedGrantTypes = GrantTypeConstants.ResourceWXappletsGrant,//自定义登录
                    AllowedScopes = {
                        "invoice_read",
                        IdentityServerConstants.StandardScopes.OfflineAccess//如果要获取refresh_tokens ,必须在scopes中加上OfflineAccess
                    },
                    AllowOfflineAccess = true,// 是否需要同意授权 （默认是false）
                    RefreshTokenUsage = TokenUsage.ReUse,
                    AccessTokenLifetime = 60*5,
                    RefreshTokenExpiration = TokenExpiration.Absolute,
                    AbsoluteRefreshTokenLifetime = 300,
                }

注册服务
在startup.cs中ConfigureServices方法添加如下代码：

  builder.AddExtensionGrantValidator<WXAppletsGrantValidator>();

启动调试