admin 管理员组文章数量: 1086019
Background
I've implemented the Thinktecture.IdentityServer.V3 (the openID Connect one). I've got the OAuth2 bearer token returned to my javascript client (implicit flow) in the form:
{
"id_token": "eyJ0eXAiOiJKV1QiLCJh...", // JWT
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni..", // JWT
"token_type": "Bearer",
"expires_in": "3600",
"scope": "openid profile read write email",
"state": "1299139105028949"
}
but in all the examples they only pass the access_token to the resource provider when calling the service.
$.ajax({
url: 'http://localhost:2727/Account/123/Get',
headers: {
Authorization: "Bearer " + $scope.response.access_token
}
})
Assumption
If i've got this right, I Authenticate with the access token. Then I Authorize based on claims in the id_token (I don't want to make a separate DB call - I want it fully self-contained).
Question
How would I pass this information to my webapi2 endpoint via ajax (assume i've set up CORS etc) and what middleware would I have to hook up to validate it? (i'm guessing one of the Token Validators and a claimsManager but there's So many I can't decide which one is the right one to use).
Help very much appreciated
Background
I've implemented the Thinktecture.IdentityServer.V3 (the openID Connect one). I've got the OAuth2 bearer token returned to my javascript client (implicit flow) in the form:
{
"id_token": "eyJ0eXAiOiJKV1QiLCJh...", // JWT
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni..", // JWT
"token_type": "Bearer",
"expires_in": "3600",
"scope": "openid profile read write email",
"state": "1299139105028949"
}
but in all the examples they only pass the access_token to the resource provider when calling the service.
$.ajax({
url: 'http://localhost:2727/Account/123/Get',
headers: {
Authorization: "Bearer " + $scope.response.access_token
}
})
Assumption
If i've got this right, I Authenticate with the access token. Then I Authorize based on claims in the id_token (I don't want to make a separate DB call - I want it fully self-contained).
Question
How would I pass this information to my webapi2 endpoint via ajax (assume i've set up CORS etc) and what middleware would I have to hook up to validate it? (i'm guessing one of the Token Validators and a claimsManager but there's So many I can't decide which one is the right one to use).
Help very much appreciated
Share Improve this question asked Oct 8, 2014 at 14:40 Peter LeaPeter Lea 1,7513 gold badges15 silver badges26 bronze badges2 Answers
Reset to default 4The id_token is for the client - it has to be validated by the client (or by the identity token validation endpoint in idsrv if the client does not have the necessary crypto libraries). Afterwards you use the access token to access the resource.
It seems you use AngularJS, so you can use $http service to set token in header
For example:
$http.post("/login", credentials).then(function(response) {
$httpProvider.defaults.headers.mon["Authorization"] = "Bearer " + $scope.response.access_token;
});
You have to do this once per session.
UPDATE
With jQuery somthing like this
//This repesent the token you got after login
var authToken = {
"id_token": "eyJ0eXAiOiJKV1QiLCJh...", // JWT
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni..", // JWT
"token_type": "Bearer",
"expires_in": "3600",
"scope": "openid profile read write email",
"state": "1299139105028949"
}
$.ajax({
url: "http://localhost:2727/Account/123/Get",
type: "get",
dataType: "json",
beforeSend: function (request)
{
request.setRequestHeader("Authorization", authToken.token_type + " " + authToken.access_token);
}
});
本文标签: javascriptpass openidconnect oauth2 bearer token in headerStack Overflow
版权声明:本文标题:javascript - pass openid-connect oauth2 bearer token in header - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.roclinux.cn/p/1743985098a2513716.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论