令牌端点的客户端库(OAuth 2.0和OpenID Connect)作为HttpClient
一组扩展方法提供。这允许HttpClient
以您喜欢的方式创建和管理生命周期- 例如静态或通过像Microsoft这样的工厂HttpClientFactory
。
4.1 请求令牌
调用主扩展方法RequestTokenAsync
- 它直接支持标准参数,如客户端ID /机密(或断言)和授权类型,但它也允许通过字典设置任意其他参数。所有其他扩展方法最终在内部调用此方法:
var client = new HttpClient();
var response = await client.RequestTokenAsync(new TokenRequest
{
Address = "https://demo.identityserver.io/connect/token",
GrantType = "custom",
ClientId = "client",
ClientSecret = "secret",
Parameters =
{
{ "custom_parameter", "custom value"},
{ "scope", "api1" }
}
});
响应属于TokenResponse
类型并且具有用于标准令牌响应参数等属性access_token
,expires_in
等等。你也可以访问原始响应以及对已解析JSON的文档(通过Raw
和Json
属性)。
在使用响应之前,您应该始终检查IsError
属性以确保请求成功:
if (response.IsError) throw new Exception(response.Error);
var token = response.AccessToken;
var custom = response.Json.TryGetString("custom_parameter");
4.2 使用client_credentials
授权类型请求令牌
该方法具有方便requestclientcredentialstoken
扩展属性的client_credentials
类型:
var response = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = "https://demo.identityserver.io/connect/token",
ClientId = "client",
ClientSecret = "secret",
Scope = "api1"
});
4.3 使用password
授权类型请求令牌
该方法具有方便requestclientcredentialstoken
扩展属性的password
类型:
var response = await client.RequestPasswordTokenAsync(new PasswordTokenRequest
{
Address = "https://demo.identityserver.io/connect/token",
ClientId = "client",
ClientSecret = "secret",
Scope = "api1",
UserName = "bob",
Password = "bob"
});
4.4 使用authorization_code
授权类型请求令牌
该方法具有方便requestclientcredentialstoken
扩展属性的authorization_code
类型和PKCE:
var response = await client.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = IdentityServerPipeline.TokenEndpoint,
ClientId = "client",
ClientSecret = "secret",
Code = code,
RedirectUri = "https://app.com/callback",
// optional PKCE parameter
CodeVerifier = "xyz"
});
4.5 使用refresh_token
授权类型请求令牌
该方法具有方便requestclientcredentialstoken
扩展属性的refresh_token
类型:
var response = await _client.RequestRefreshTokenAsync(new RefreshTokenRequest
{
Address = TokenEndpoint,
ClientId = "client",
ClientSecret = "secret",
RefreshToken = "xyz"
});
4.6 请求设备令牌
该方法具有方便requestclientcredentialstoken
扩展属性的urn:ietf:params:oauth:grant-type:device_code
类型
var response = await client.RequestDeviceTokenAsync(new DeviceTokenRequest
{
Address = disco.TokenEndpoint,
ClientId = "device",
DeviceCode = authorizeResponse.DeviceCode
});