irc-netcore-api/IRaCIS.Core.Application/Service/MinimalApiService/OAuthService.cs

using IdentityModel.Client;
using IRaCIS.Core.Application.Service.OAuth;
using Microsoft.AspNetCore.Builder;
using RestSharp;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;

namespace IRaCIS.Core.Application.Service
{
    public class OAuthService : ServiceBase
    {


        /// <summary>
        /// 测试客户端凭证代码
        /// </summary>
        /// <returns></returns>
        public async Task<IResponseOutput> TestClientCredentialsAsync()
        {

            #region 使用IdentityModel.OidcClient 测试

            // discover endpoints from metadata
            var client = new HttpClient();

            var disco = await client.GetDiscoveryDocumentAsync("https://logto.test.extimaging.com/oidc");
            if (disco.IsError)
            {
                Console.WriteLine(disco.Error);
            }

            // request token
            var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
            {
                Address = disco.TokenEndpoint,
                ClientId = "v2mr2ndxwkxz0xpsuc1th",
                ClientSecret = "yq9jUxl70QoOmwHxJ37h1rDoyJ5iz92Q",
                Resource = new List<string>() { "https://default.logto.app/api" },
                Scope = "all"
            });

            if (tokenResponse.IsError)
            {
                Console.WriteLine(tokenResponse.Error);
                Console.WriteLine(tokenResponse.ErrorDescription);
            }
            else
            {
                Console.WriteLine(tokenResponse.AccessToken);
                Console.WriteLine("\n\n");

                // call api
                var apiClient = new HttpClient();
                apiClient.SetBearerToken(tokenResponse.AccessToken);

                var response = await apiClient.GetAsync("https://logto.test.extimaging.com/api/applications");
                if (!response.IsSuccessStatusCode)
                {
                    Console.WriteLine(response.StatusCode);
                }
                else
                {
                    var doc = JsonDocument.Parse(await response.Content.ReadAsStringAsync()).RootElement;
                    Console.WriteLine(JsonSerializer.Serialize(doc, new JsonSerializerOptions { WriteIndented = true }));
                }
            }


            #endregion

            return ResponseOutput.Ok();


        }

        public async Task<IResponseOutput> TestClientCredentialsOriginAsync()
        {
            #region 客户端方式获取logto 里面的信息
            {

                var baseUrl = "https://logto.test.extimaging.com";
                var appId = "v2mr2ndxwkxz0xpsuc1th";
                var appSecret = "yq9jUxl70QoOmwHxJ37h1rDoyJ5iz92Q";
                var apiAddress = "https://default.logto.app/api"; //这里是个坑
                var scope = "all";

                var opts = new RestClientOptions(baseUrl);
                using var client = new RestClient(opts);

                //https://bump.sh/logto/doc/logto-management-api/authentication
                var request = new RestRequest("oidc/token", Method.Post);
                request
                    .AddHeader("Content-Type", "application/x-www-form-urlencoded")
                    .AddParameter("grant_type", "client_credentials")
                    .AddParameter("client_id", appId)
                    .AddParameter("client_secret", appSecret)
                    .AddParameter("resource", apiAddress) //注意这里默认值地址和api 地址有区别
                    .AddParameter("scope", scope);


                var response = await client.ExecuteAsync<LogtoTokenResponse>(request);

                if (response.StatusCode == HttpStatusCode.OK)
                {
                    var tokenResponse = response.Data;

                    Console.WriteLine(tokenResponse.ToJsonStr());

                    #region 获取应用信息

                    var applicationRequest = new RestRequest($"/api/applications", Method.Get)
                        .AddHeader("Authorization", $"Bearer {tokenResponse.AccessToken}");

                    var applicationResponse = await client.ExecuteAsync(applicationRequest);
                    #endregion

                    #region 获取用户信息
                    //curl \
                    // -X GET https://[tenant_id].logto.app/api/users/{userId} \
                    // -H "Authorization: Bearer $ACCESS_TOKEN"

                    var userId = "4fqx4cb3438k";
                    var userInfoRequest = new RestRequest($"api/users/{userId}", Method.Get)
                        .AddHeader("Authorization", $"Bearer {tokenResponse.AccessToken}");


                    var userResponse = await client.ExecuteAsync<LogtoUser>(userInfoRequest);

                    Console.WriteLine(userResponse.Content);

                    #endregion
                }


            }
            #endregion

            return ResponseOutput.Ok();
        }
    }
}