在身份服务器中注册后登录 [英] Login after signup in identity server4
问题描述
我正尝试在用户注册后立即登录.
I am trying to login user as soon as he/she registers.
下面是场景
1)注册"页面不在身份服务器上.
1)Registration page is not on identity server.
2)将用户详细信息从用户界面发布到ID服务器以进行用户创建.
2)Post user details to Id server from UI for user creation.
3)成功创建用户后,登录用户并重定向.
3)On successful user creation login the user and redirect.
4)尝试在本机应用程序上做到这一点.
4)Trying to do it on native app.
我使用javascript应用程序尝试了此操作,但重定向失败,出现405个选项调用.(试图重定向到/connect/authorize)
I tried it with javascript app but redirection fails with 405 options call. (tried to redirect to /connect/authorize)
在移动应用上,不希望用户在注册UX后再次登录.
on mobile app, don't want user to login again after signup for UX.
有人实施过这种行为
推荐答案
好吧,最后我能够使它与授权代码流一起使用
Okay so finally i was able to get it working with authorization code flow
- 每当用户注册时,就会针对新创建的用户生成并存储otp.
- 在回复中发送此otp.
- 在acr_value中使用此otp,例如acr_values = otp:{{otpvalue}} un:{{username}}
- 客户端然后使用上述acr_values重定向到/connect/authorize
下面是处理otp流的身份服务器代码
below is the identity server code which handles the otp flow
public class SignupFlowResponseGenerator : AuthorizeInteractionResponseGenerator
{
public readonly IHttpContextAccessor _httpContextAccessor;
public SignupFlowResponseGenerator(ISystemClock clock,
ILogger<AuthorizeInteractionResponseGenerator> logger,
IConsentService consent,
IProfileService profile,
IHttpContextAccessor httpContextAccessor)
: base(clock, logger, consent, profile)
{
_httpContextAccessor = httpContextAccessor;
}
public override async Task<InteractionResponse> ProcessInteractionAsync(ValidatedAuthorizeRequest request, ConsentResponse consent = null)
{
var processOtpRequest = true;
var isAuthenticated = _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated;
// if user is already authenticated then no need to process otp request.
if (isAuthenticated)
{
processOtpRequest = false;
}
// here we only process only the request which have otp
var acrValues = request.GetAcrValues().ToList();
if (acrValues == null || acrValues.Count == 0)
{
processOtpRequest = false;
}
var otac = acrValues.FirstOrDefault(x => x.Contains("otp:"));
var un = acrValues.FirstOrDefault(x => x.Contains("un:"));
if (otac == null || un == null)
{
processOtpRequest = false;
}
if (processOtpRequest)
{
var otp = otac.Split(':')[1];
var username = un.Split(':')[1];
// your logic to get and check opt against the user
// if valid then
if (otp == { { otp from db for user} })
{
// mark the otp as expired so that it cannot be used again.
var claimPrincipal = {{build your principal}};
request.Subject = claimPrincipal ;
await _httpContextAccessor.HttpContext.SignInAsync({{your auth scheme}}, claimPrincipal , null);
return new InteractionResponse
{
IsLogin = false, // as login is false it will not redirect to login page but will give the authorization code
IsConsent = false
};
}
}
return await base.ProcessInteractionAsync(request, consent);
}
}
别忘了在启动时添加以下代码
dont forget to add the following code in startup
services.AddIdentityServer().AddAuthorizeInteractionResponseGenerator<SignupFlowResponseGenerator>()
这篇关于在身份服务器中注册后登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
