我正在将JwtAuthManager移动到JwtAuth以使用对我的DB的Mediator调用。
AllowAnonymous的一切都很好。
任何带有[授权]的东西当然都是坏的:Bearer error="invalid_token",error_description="The signature key was not found"
因为我删除了jwtTokenConfig.Secret
我想把await _mediator.Send(new SecretCommand());添加到Program.cs中,但我不能在那里注入Mediator。
代码:
程序.cs
var jwtTokenConfig = builder.Configuration.GetSection("jwtTokenConfig").Get<JwtTokenConfig>();
builder.Services.AddSingleton(jwtTokenConfig);
builder.Services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(x =>
{
x.RequireHttpsMetadata = true;
x.SaveToken = true;
try
{
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = jwtTokenConfig.Issuer,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtTokenConfig.Secret)),
ValidateAudience = false,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(1)
};
}
catch (global::System.Exception)
{
}
});
builder.Services.AddSingleton<DataAccessLibrary.Executs.Auth.IJwtAuth, DataAccessLibrary.Executs.Auth.JwtAuth>();
builder.Services.AddSingleton<IJwtAuthManager, JwtAuthManager>();
builder.Services.AddHostedService<JwtRefreshTokenCache>();
builder.Services.AddScoped<IUserService, UserService>();
builder.Services.AddSingleton<IUserAuthAcsess, UserAuthAcsess>();
builder.Services.AddSingleton<IJwtAuth, JwtAuth>();
builder.Services.AddMediatR(typeof(MyServer.ServerBace).GetTypeInfo().Assembly);
builder.Services.AddMediatR(typeof(DataAccessEntryPoint).GetTypeInfo().Assembly);
JwtAuth.cs
public interface IJwtAuth
{
Task<Response> RemoveRefreshTokenByUserName(string UserName, string IpAddress);
Task<Response<(ClaimsPrincipal, JwtSecurityToken)>> DecodeJwtToken(string Token);
Task<Response<JwtAuthResult>> GenerateTokens(string UserName, Claim[] claims, DateTime now);
Task<Response<JwtAuthResult>> RefreshToken(string RefreshToken, string accessToken, DateTime now);
Task<Response> RemoveExpiredRefreshTokens(DateTime Now);
byte[] secret();
}
public class JwtAuth : IJwtAuth
{
private readonly JwtTokenConfig _jwtTokenConfig;
private readonly ILogger _logger;
private readonly DataAcsess DBA;
private readonly byte[] _secret;
public JwtAuth(JwtTokenConfig jwtTokenConfig, ILogger<IJwtAuth> logger)
{
DBA = new();
_jwtTokenConfig = jwtTokenConfig;
_logger = logger;
_secret = secret();
}
public byte[] secret()
{
return Encoding.ASCII.GetBytes(( DBA.GetData<string, dynamic>("select Secretkey from Secret where id = @Id", new { Id = "1" }).Result[0]));
}
当然,我已经创建了SecretCommand和SecretHandel。
有什么想法吗?如果我做错了,请告诉我。为了更简单、更安全:(
如果在JWKS端点中找不到令牌中提到的签名密钥(子声明(,则会出现此错误。用于对令牌进行签名的签名密钥必须始终存在,即使在重新部署身份提供程序时也是如此。