如何更改刷新令牌中的声明值和承载验证

Question

我想通过刷新令牌更改声明的值。我刷新令牌提供者是这样的：

public class MyRefreshTokenProvider : AuthenticationTokenProvider 
{ 
    public override void Create(AuthenticationTokenCreateContext context) 
    { 
    ... 
    var claim = context.Ticket.Identity.FindFirst(ClaimTypes.UserData); 
    if (claim != null) 
    { 
     context.Ticket.Identity.RemoveClaim(claim); 
     context.Ticket.Identity.AddClaim(new Claim(ClaimTypes.UserData, "New Value")); 
    } 

    context.SetToken(context.SerializeTicket()); 
    } 

    public override void Receive(AuthenticationTokenReceiveContext context) 
    { 
    context.DeserializeTicket(context.Token); 
    } 
} 

而且在启动类：

app.UseOAuthBearerTokens(new OAuthAuthorizationServerOptions 
    { 
    ... 
    RefreshTokenProvider = new MyRefreshTokenProvider() 
    }); 

刷新令牌请求，没有错误完成。但是，当我使用新的访问令牌时，声明价值仍然是旧的。

我的方法正确吗？或者，如何更改承载身份验证中的声明值？

Answer 1

最后我找到了解决方案。我不得不延长AccessTokenProviderOAuthAuthorizationServerOptions代替RefreshTokenProvider：

app.UseOAuthBearerTokens(new OAuthAuthorizationServerOptions 
{ 
    ... 
    AccessTokenProvider = new MyAccessTokenProvider(), 
    RefreshTokenProvider = new MyRefreshTokenProvider() 
}); 

public class MyAccessTokenProvider : AuthenticationTokenProvider 
{ 
    public override void Create(AuthenticationTokenCreateContext context) 
    { 
    ... 
    var claim = context.Ticket.Identity.FindFirst(ClaimTypes.UserData); 
    if (claim != null) 
    { 
     context.Ticket.Identity.RemoveClaim(claim); 
     context.Ticket.Identity.AddClaim(new Claim(ClaimTypes.UserData, "New Value")); 
    } 

    context.SetToken(context.SerializeTicket()); 
    } 

    public override void Receive(AuthenticationTokenReceiveContext context) 
    { 
    context.DeserializeTicket(context.Token); 
    } 
} 

public class MyRefreshTokenProvider : AuthenticationTokenProvider 
{ 
    public override void Create(AuthenticationTokenCreateContext context) 
    { 
    context.SetToken(context.SerializeTicket()); 
    } 

    public override void Receive(AuthenticationTokenReceiveContext context) 
    { 
    context.DeserializeTicket(context.Token); 
    } 
} 

根据在Microsoft.Owin.Security.OAuth的OAuthAuthorizationServerHandler类AccessTokenProvider只能更新清爽令牌。要更改索赔，应扩展AccessTokenProvider：

private async Task InvokeTokenEndpointAsync() 
    { 
     ... 
     var accessTokenContext = new AuthenticationTokenCreateContext(
      Context, 
      Options.AccessTokenFormat, 
      ticket); 

     await Options.AccessTokenProvider.CreateAsync(accessTokenContext); 

     string accessToken = accessTokenContext.Token; 
     if (string.IsNullOrEmpty(accessToken)) 
     { 
      accessToken = accessTokenContext.SerializeTicket(); 
     } 
     DateTimeOffset? accessTokenExpiresUtc = ticket.Properties.ExpiresUtc; 

     var refreshTokenCreateContext = new AuthenticationTokenCreateContext(
      Context, 
      Options.RefreshTokenFormat, 
      accessTokenContext.Ticket); 
     await Options.RefreshTokenProvider.CreateAsync(refreshTokenCreateContext); 
     string refreshToken = refreshTokenCreateContext.Token; 

     var memory = new MemoryStream(); 
     byte[] body; 
     using (var writer = new JsonTextWriter(new StreamWriter(memory))) 
     { 
      writer.WriteStartObject(); 
      writer.WritePropertyName(Constants.Parameters.AccessToken); 
      writer.WriteValue(accessToken); 
      writer.WritePropertyName(Constants.Parameters.TokenType); 
      writer.WriteValue(Constants.TokenTypes.Bearer); 
      if (accessTokenExpiresUtc.HasValue) 
      { 
       TimeSpan? expiresTimeSpan = accessTokenExpiresUtc - currentUtc; 
       var expiresIn = (long)expiresTimeSpan.Value.TotalSeconds; 
       if (expiresIn > 0) 
       { 
        writer.WritePropertyName(Constants.Parameters.ExpiresIn); 
        writer.WriteValue(expiresIn); 
       } 
      } 
      if (!String.IsNullOrEmpty(refreshToken)) 
      { 
       writer.WritePropertyName(Constants.Parameters.RefreshToken); 
       writer.WriteValue(refreshToken); 
      } 
     ...