有没有一种方法可以在不使用端点的情况下从Identity Server中生成访问令牌? [英] Is there a way to generate an access token from within Identity Server without using the endpoints?

问题描述

我正在构建身份服务器部署(在ASP.NET Core MVC应用程序中托管的Identity Server 4).作为新用户注册过程的一部分，我需要身份服务器应用程序针对另一个API发出请求.基本上，我想使用客户端凭证流来发出此请求，但是可以让身份服务器以编程方式在C#中生成令牌，而不是让身份服务器针对自己的终结点发出http请求?

I'm building an identity server deployment (Identity Server 4, hosted in an ASP.NET Core MVC application). As a part of the new user registration process, I need the identity server application to make a request against another API. I'd like to use, basically, the client credential flow to make this request, but instead of having the identity server make an http request against its own endpoint, would it be possible to just programmatically generate the token in C#?

我想做的就是这样:

public class AccountController : Controller
{
    [HttpPost("register")]
    public async Task<IActionResult> Register(UserRegistrationModel model)
    {
        // do stuff like validate model, create user, update database, etc

        // generate access token for other API
        var client = identityServer4DbContext.Clients.FirstOrDefault(c => c.Id = "myself");
        var token = tokenService.CreateAccessToken(client, StandardScopes.All.Concat(scopeForMyOtherApi));
        var httpClient = new HttpClient();
        httpClient.BaseAddress = new Uri("https://myotherapi/");

        var result = await httpClient.GetAsync("resource/info-i-need");

        // do something with result.
    }
}

我看到IdentityServer4中有一个ITokenService，但是它需要一个TokenCreationRequest，其中填充了只有在您有一个HTTP请求(用于令牌)时才得到的东西，所以看来这仅是有用的到IdentityServer4本身.

I saw that there is an ITokenService in IdentityServer4, but it requires a TokenCreationRequest populated with stuff you only get when you have an http request (for a token) to handle, so it seems that it is only useful to IdentityServer4 itself.

我也认识到我可以使用IdentityModel客户端向自己的端点发出请求，但这会涉及到更多我想避免的配置-更不用说看来我不应该这样做不必从身份服务器应用程序本身中执行此操作.

I also recognize that I could use the IdentityModel client to make a request against my own endpoint, but that would involve a bit more configuration that I'd like to avoid - not to mention that it seems like I shouldn't have to do that from within the identity server application itself.

推荐答案

在IdentityServer 3中，可以调用IssueClientToken() OWIN扩展方法. 在IdSrv 4中，使用IdentityServerTools.IssueJwtAsync()和IssueClientJwtAsync().

In IdentityServer 3 it was possible to call IssueClientToken() OWIN extension method. In IdSrv 4, use IdentityServerTools.IssueJwtAsync() and IssueClientJwtAsync().

这篇关于有没有一种方法可以在不使用端点的情况下从Identity Server中生成访问令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！