Questions about Ocelot’s Claims Transformation
If you don’t understand the original article about Claims Transformation, you can refer to the translation of this article: https://www.cnblogs.com/irocker/p/Ocelot-claimstransformation.html
Here I mainly record a pitfall I encountered.
The structure of my project is as shown in the picture above. The front end calls the gateway, and the gateway calls the login interface of the admin service to obtain the token, and then calls the demo service. How does the demo obtain the user ID after login?
Look at the Claims Transformation chapter on the official website, there are three ways:
1. AddClaimsToRequest
2. AddHeadersToRequest
3. AddQueriesToRequest
Methods 2 and 3 are relatively simple, as long as they are configured in the ocelot configuration. The first method is a bit tricky and needs to be handled in the code. At first I thought it would just be configured in ocelot.json.
Let’s talk about the first method.
The first step: Look at the official website and say that you need to add the configuration selected in the figure below to the ocelot.json configuration. In fact, it is not needed because it parses the token to obtain the sid in the second step. , and then assign it to claim. Does anyone know if you can get the sid from the claim in the demo service by directly configuring ocelot.json? Please enlighten me.
The picture below shows the Claim part when creating a token:
Step 2: Add the following code to the main method in the demo service:
builder.Services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(x => { x.RequireHttpsMetadata = false; x.SaveToken = true; x.TokenValidationParameters = CreateTokenValidationParameters(); });
private static TokenValidationParameters CreateTokenValidationParameters() //we ignore token validation because gateway validates it { //Reference article: https://github.com/ThreeMammals/Ocelot/issues/396#issuecomment-579719589 var result = new TokenValidationParameters { ValidateIssuer = false, ValidateAudience = false, ValidateIssuerSigningKey = false, SignatureValidator = delegate ( string token, TokenValidationParameters parameters) { var jwt = new JwtSecurityToken(token); return jwt; }, RequireExpirationTime = true, ValidateLifetime = true, ClockSkew = TimeSpan.Zero, RequireSignedTokens = false }; returnresult; }
Step 3: Now you can get the user ID through claim in the demo service
The first method ends here. Let’s talk about the second method:
Step one: Add the following configuration to ocelot.json:
Then we can see the value of sid in the action of the controller in the demo service. The code for the second and third steps in the first method is not required.
Is the second method particularly simple? It is recommended to use this method, but it is not recommended to expose this service on the public Internet. The third way is not verbose.
This article comes from Blog Park, author: Chai Meng, please indicate the original link when reprinting: https://www.cnblogs.com/koeltp/p/17254764.html