using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
namespace OASystem.API.OAMethodLib.Auth
{
/// <summary>
/// jwt
/// </summary>
public static class JWTBearer
{
public static readonly SymmetricSecurityKey SecurityKey = new SymmetricSecurityKey(Guid.NewGuid().ToByteArray());
public static readonly JwtSecurityTokenHandler JwtTokenHandler = new JwtSecurityTokenHandler();
public static string GenerateToken(HttpContext httpContext)
{
// 请求时传入的用户参数为NameIdentifier claim的值
var claims = new[] {
new Claim(ClaimTypes.NameIdentifier, httpContext.Request.Query["user"])
};
// 签名凭据
var credentials = new SigningCredentials(SecurityKey, SecurityAlgorithms.HmacSha256);
// 生成JWT Token
var token = new JwtSecurityToken("FMGJ-OA", "OA-Users", claims, expires: DateTime.UtcNow.AddSeconds(60), signingCredentials: credentials);
return JwtTokenHandler.WriteToken(token);
}
public static void AddMyJWTBearerAuth(this IServiceCollection services)
{
// 添加自定义授权
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters =
new TokenValidationParameters
{
LifetimeValidator = (before, expires, token, parameters) => expires > DateTime.UtcNow,
ValidateAudience = false,
ValidateIssuer = false,
ValidateActor = false,
ValidateLifetime = true,
IssuerSigningKey = JWTBearer.SecurityKey
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
// 当我们收到消息时,去获取请求中的access_token字段
var accessToken = context.Request.Query["access_token"];
// 如果没有就去头上找,找到了就放入我们context.token中
if (!string.IsNullOrEmpty(accessToken))
{
context.Token = accessToken;
}
return Task.CompletedTask;
}
};
});
}
}
}