IdentityServer 4在登录/刷新令牌时获取时间戳 [英] IdentityServer 4 get timestamp while login/refresh token

问题描述

我们正在使用身份服务器4 保护api /资源。要求之一是跟踪用户活动，这意味着用户最后一次使用api（未登录但已使用）。由于我们拥有30多种api，我们认为，一旦令牌针对身份服务器。

We are using identity server 4 to protect the api/resources. One of the requirements is to trace the user activity which means, the last time the user consumed the api (not logged in but consumed). As we have 30+ apis, we thought it would be easrier to intercept this validation process/event to register in the database the last activity date once the token gets validated against the identity server.

我的问题是，每次用户想要访问api时，此验证是否真的在身份服务器级别上进行？

My question here, does this validation really happens on identity server level each and every time the user wants to access an api?

是否有获取此验证时间戳的方法以将其保存在数据库中？

Is there anyway to get this validation timestamp to save it somewhere in a database?

谢谢

推荐答案

我自己能够解决此问题。我对ID-Server事件进行了更深入的研究，找到了一种集中处理事件的好方法。因此，此实现仅在ID-Server项目中。

I was able to solve this problem myself. I digged more into ID-Server events and found a good way in handling the events in a centralized way. So this implementation is only in the ID-Server project.

身份服务器4公开了一些可用于跟踪用户活动的事件（例如：令牌成功发行） ，令牌发布失败，登录失败等...）

Identity server 4 exposes some kind of events that can be used to trace user activity (for exmaple: token issued successfuly, token issued failed, Login failed etc...)

有关事件的更多信息，因此此链接

For more info about event, so this link

在身份服务器项目中，我添加了 IEventSink 接口。此接口对事件的持久性进行建模，并提供一种方法： PersistAsync 。

In the identity server project I added an implementation of the IEventSink interface. This interface models the persistence of the events and provides one method: PersistAsync.

这是cs类：

public class IdentityServerEventSink : IEventSink
{
        private readonly IHttpContextAccessor _httpContextAccessor;
        private readonly UserManager<IdentityUser> _userManager;

        public IdentityServerEventSink(IHttpContextAccessor httpContextAccessor,
                                       UserManager<IdentityUser> userManager)
        {
            _httpContextAccessor = httpContextAccessor;
            _userManager = userManager;
        }

        public async Task PersistAsync(Event @event)
        {
            if (@event.Id.Equals(EventIds.ClientAuthenticationFailure) || @event.Id.Equals(EventIds.TokenIssuedSuccess) || @event.Id.Equals(EventIds.TokenIssuedFailure))
            {
                Identity user = null;

                try
                {
                    user = await _userManager.GetUserAsync(_httpContextAccessor.HttpContext.User);

                    if (user != null)
                    {
                       // do stuff
                    }
                }
                catch (Exception ex)
                {
                  // handle exception
                }
            }
        }
}

通过DI我注入了 IHttpContextAccessor ，因此您需要在服务配置中添加以下行：

Over DI i'm injecting the IHttpContextAccessor, so you need to add this line in the services configuration:

services.TryAddSingleton<IHttpContextAccessor, HttpContextAccessor>();

此行将IEventSink实现包含在conatiner中：

And this line to include the IEventSink implementation in the conatiner:

services.AddTransient<IEventSink, IdentityServerEventSink>();

希望这会有所帮助！

这篇关于IdentityServer 4在登录/刷新令牌时获取时间戳的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！