everlight.eap/backend/UFP/DllUfpBll/Services/OAuthHelper.cs

using AuthorizeCenter.Services;
using Cksoft.Unity;
using DllUfpEntity.Dto;
using IdentityModel.Client;
using Newtonsoft.Json;
using NLog;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;

namespace DllUfpUtil
{
    public class OAuthHelper
    {
        public async static Task<UserInfo> GetUserInfo(string token)
        {
            var logger = LogManager.LoadConfiguration("NLog.config").GetCurrentClassLogger();
            var handler = new HttpClientHandler();
            handler.ClientCertificateOptions = ClientCertificateOption.Manual;
            handler.ServerCertificateCustomValidationCallback =
                (httpRequestMessage, cert, certChain, policyErrors) =>
                {
                    return true;
                };
            var client = new HttpClient(handler);
            var discoRequest = new DiscoveryDocumentRequest()
            {
                Policy = new DiscoveryPolicy
                {
                    RequireHttps = false,
                },
                Address = AppConfigurtaionServices.Configuration["Id4:Authority"]
            };
            var disco = await client.GetDiscoveryDocumentAsync(discoRequest);
            if (disco == null)
            {
                logger.Error("读取Id4配置失败");
                return null;
            }
            if (disco.IsError)
            {
                logger.Error("获取配置失败" + disco.Error.ToString());
                return null;
            }
            using (HttpClient apiClient = new HttpClient(handler))
            {
                apiClient.SetBearerToken(token);

                var userinfo = await apiClient.GetUserInfoAsync(new UserInfoRequest
                {
                    Address = disco.UserInfoEndpoint,
                    Token = token
                });
                if (userinfo.IsError)
                {
                    logger.Error("获取用户信息失败" + userinfo.Error.ToString());
                    return null;
                }
                var claims = userinfo.Claims;
                logger.Error("CLAIMS");
                logger.Error(JsonConvert.SerializeObject(claims));
                return new UserInfo
                {
                    IsSA = Convert.ToInt32(claims.FirstOrDefault(c => c.Type == "isSA")?.Value ?? "-1"),
                    UserAccount = claims.FirstOrDefault(c => c.Type == "account")?.Value,
                    UserName = claims.FirstOrDefault(c => c.Type == "realName")?.Value,
                    UserId = claims.FirstOrDefault(c => c.Type == "sub")?.Value
                };
            }
        }

        public async static Task<bool> RevokeToken(string accesstoken)
        {
            var client = new HttpClient();
            var logger = LogManager.LoadConfiguration("NLog.config").GetCurrentClassLogger();
            logger.Error("开始销毁TOKEN：" + accesstoken);
            var disco = await client.GetDiscoveryDocumentAsync(AppConfigurtaionServices.Configuration["Id4:Authority"]);
            if (disco.IsError)
            {
                logger.Error("获取配置失败" + disco.Error.ToString());
                return false;
            }

            var apiclient = new HttpClient();
            var result = await apiclient.RevokeTokenAsync(new TokenRevocationRequest
            {
                Address = disco.RevocationEndpoint,
                ClientId = "EAPAPI",
                ClientSecret = "secret",
                Token = accesstoken
            });

            if (result.IsError)
            {
                logger.Error("销毁Token失败" + result.Error.ToString());
                return false;
            }
            else
            {
                logger.Error("销毁Token成功" + result.HttpResponse.Content);
                return true;
            }
        }
    }
}