当前位置：首页 > news >正文

一个通用的居于 OAuth2的API集成方案

news 2026/1/13 11:38:01

在现代 web 应用程序中，OAuth 协议是授权和认证的主流选择。为了与多个授权提供商进行无缝对接，我们需要一个易于扩展和维护的 OAuth 解决方案。本文将介绍如何构建一个灵活的、支持多提供商的 OAuth 系统，包括动态 API 调用、路径参数替换、查询参数处理等功能。

目录结构

我们将创建一个简单而清晰的目录结构，以便于管理我们的代码和配置。以下是本解决方案的整体目录结构：

核心模块：OAuth.Core

ProviderConfiguration 数据模型

在 OAuth.Core 模块，我们定义了 ProviderConfiguration 类，该类用于配置各个 OAuth 提供商的基本信息和 API 详情。

using System.Collections.Generic;  namespace OAuth.Core.Models  
{  /// <summary>  /// 单个 OAuth 提供商的配置  /// </summary>  public class ProviderConfiguration  {  public string ProviderName { get; set; }                      // 提供商名称  public string BaseUrl { get; set; }                          // 提供商 API 基础路径  public string AuthorizationUrl { get; set; }                 // 授权 URL  public string TokenUrl { get; set; }                         // 获取 AccessToken URL  public string ClientId { get; set; }                         // 应用的 Client ID  public string ClientSecret { get; set; }                     // 应用的 Client Secret  public string RedirectUri { get; set; }                      // 应用回调的重定向 URL  public List<string> Scopes { get; set; } = new();            // 授权范围  public Dictionary<string, string> CommonHeaders { get; set; } = new(); // 公共 Headers  public Dictionary<string, ApiConfig> Apis { get; set; } = new();      // 配置的 API 集合  }  /// <summary>  /// 单个 API 的动态配置  /// </summary>  public class ApiConfig  {  public string Url { get; set; }                              // 动态路径 URL，例如 /user/{userId}  public string Method { get; set; } = "GET";                  // HTTP 请求方法  public bool RequiresAuthentication { get; set; } = true;     // 是否需要 AccessToken  public Dictionary<string, string> Headers { get; set; } = new();  // API 专属 Header 配置  public string BodyFormat { get; set; } = "application/json"; // Body 格式，默认 JSON  public List<ApiParameterConfig> Parameters { get; set; } = new(); // 参数配置  }  /// <summary>  /// API 参数配置  /// </summary>  public class ApiParameterConfig  {  public string Name { get; set; }                              // 参数名称  public string Location { get; set; }                          // 参数位置（path, query, body, header）  public string DefaultValue { get; set; }                      // 参数默认值（若需要）  }  
}

TokenInfo 管理类

TokenInfo 类用于管理和存储 Access Token 和 Refresh Token 的生命周期信息。

using System;  namespace OAuth.Core.Models  
{  public class TokenInfo  {  public string AccessToken { get; set; }              public string RefreshToken { get; set; }             public DateTime ExpiresAt { get; set; }              public bool IsValid => DateTime.UtcNow < ExpiresAt;  }  
}

结果封装类 Result

通过 Result<T> 类封装 API 调用的结果，以便于处理成功和失败的状态。

namespace OAuth.Core.Models  
{  public class Result<T>  {  public T Data { get; }  public bool IsSuccess { get; }  public string Error { get; }  private Result(T data, bool isSuccess, string error)  {  Data = data;  IsSuccess = isSuccess;  Error = error;  }  public static Result<T> Success(T data) => new(data, true, null);  public static Result<T> Failure(string error) => new(default, false, error);  }  
}

核心逻辑实现：OAuth.Infrastructure

AuthProvider 类

这是实施 OAuth 逻辑的核心类，负责发送请求、处理响应，以及替换路径参数。

using System;  
using System.Collections.Generic;  
using System.Linq;  
using System.Net.Http;  
using System.Net.Http.Headers;  
using System.Text;  
using System.Text.Json;  
using System.Threading.Tasks;  
using OAuth.Core.Models;  namespace OAuth.Infrastructure  
{  public class AuthProvider  {  private readonly HttpClient _httpClient;  private readonly ProviderConfiguration _config;  public AuthProvider(HttpClient httpClient, ProviderConfiguration config)  {  _httpClient = httpClient ?? throw new ArgumentNullException(nameof(httpClient));  _config = config ?? throw new ArgumentNullException(nameof(config));  }  /// <summary>  /// 获取 AccessToken  /// </summary>  public async Task<Result<TokenInfo>> GetAccessTokenAsync(string code)  {  var url = $"{_config.BaseUrl}{_config.TokenUrl}";  var payload = new Dictionary<string, string>  {  { "client_id", _config.ClientId },  { "client_secret", _config.ClientSecret },  { "code", code },  { "grant_type", "authorization_code" },  { "redirect_uri", _config.RedirectUri }  };  var response = await _httpClient.PostAsync(url, new FormUrlEncodedContent(payload));  if (!response.IsSuccessStatusCode)  return Result<TokenInfo>.Failure(await response.Content.ReadAsStringAsync());  var content = await response.Content.ReadAsStringAsync();  var tokenResponse = JsonSerializer.Deserialize<Dictionary<string, object>>(content);  return Result<TokenInfo>.Success(new TokenInfo  {  AccessToken = tokenResponse["access_token"].ToString(),  RefreshToken = tokenResponse.ContainsKey("refresh_token") ? tokenResponse["refresh_token"].ToString() : null,  ExpiresAt = DateTime.UtcNow.AddSeconds(Convert.ToDouble(tokenResponse["expires_in"]))  });  }  /// <summary>  /// 执行 API 调用  /// </summary>  public async Task<Result<T>> CallApiAsync<T>(string apiName, Dictionary<string, object> parameters = null)  {  if (!_config.Apis.TryGetValue(apiName, out var apiConfig))  return Result<T>.Failure($"未找到 API '{apiName}' 的配置");  // 动态替换路径参数  var url = ReplacePathParameters($"{_config.BaseUrl}{apiConfig.Url}", parameters);  // 构建 HTTP 请求  var request = new HttpRequestMessage(new HttpMethod(apiConfig.Method), url);  // 添加 Query 参数  url = AppendQueryParameters(url, apiConfig, parameters);  // 添加 Body (如果是 POST/PUT 请求)  if (apiConfig.Method == "POST" || apiConfig.Method == "PUT")  {  request.Content = CreateBodyContent(apiConfig, parameters);  }  // 设置公共和 API 专属 Header  foreach (var header in _config.CommonHeaders)  request.Headers.TryAddWithoutValidation(header.Key, header.Value);  foreach (var header in apiConfig.Headers)  request.Headers.TryAddWithoutValidation(header.Key, header.Value);  // 添加 Authentication Token  if (apiConfig.RequiresAuthentication)  {  var token = await GetValidAccessTokenAsync();  if (token == null) return Result<T>.Failure("未能获取有效令牌");  request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.AccessToken);  }  // 执行请求  var response = await _httpClient.SendAsync(request);  if (!response.IsSuccessStatusCode)  return Result<T>.Failure(await response.Content.ReadAsStringAsync());  var responseContent = await response.Content.ReadAsStringAsync();  return Result<T>.Success(JsonSerializer.Deserialize<T>(responseContent));  }  /// <summary>  /// 替换路径中的动态参数  /// </summary>  private string ReplacePathParameters(string url, Dictionary<string, object> parameters)  {  if (parameters is null) return url;  foreach (var param in parameters)  {  var placeholder = $"{{{param.Key}}}";  if (url.Contains(placeholder))  {  url = url.Replace(placeholder, param.Value.ToString());  }  }  return url;  }  /// <summary>  /// 追加查询参数  /// </summary>  private string AppendQueryParameters(string url, ApiConfig apiConfig, Dictionary<string, object> parameters)  {  var queryParams = new List<string>();  foreach (var paramConfig in apiConfig.Parameters)  {  if (paramConfig.Location == "query" && parameters.ContainsKey(paramConfig.Name))  {  queryParams.Add($"{paramConfig.Name}={parameters[paramConfig.Name]}");  }  }  if (queryParams.Any())  {  var separator = url.Contains("?") ? "&" : "?";  url += separator + string.Join("&", queryParams);  }  return url;  }  /// <summary>  /// 创建请求体数据（Body）  /// </summary>  private HttpContent CreateBodyContent(ApiConfig apiConfig, Dictionary<string, object> parameters)  {  var bodyParams = parameters?  .Where(p => apiConfig.Parameters.Any(pc => pc.Location == "body" && pc.Name == p.Key))  .ToDictionary(kv => kv.Key, kv => kv.Value);  if (apiConfig.BodyFormat == "application/json")  {  return new StringContent(JsonSerializer.Serialize(bodyParams), Encoding.UTF8, "application/json");  }  else if (apiConfig.BodyFormat == "application/x-www-form-urlencoded")  {  return new FormUrlEncodedContent(bodyParams.ToDictionary(k => k.Key, k => k.Value.ToString()));  }  throw new NotSupportedException("不支持的 Body 格式");  }  /// <summary>  /// 模拟获取有效的 AccessToken  /// </summary>  private async Task<TokenInfo> GetValidAccessTokenAsync()  {  // 这里可以实现从缓存或数据库中获取 token 的逻辑  return await Task.FromResult(new TokenInfo  {  AccessToken = "mocked_access_token",  ExpiresAt = DateTime.UtcNow.AddHours(1)  });  }  }  
}

AuthProviderFactory 类

AuthProviderFactory 负责创建 AuthProvider 的实例，简化多提供商的管理。

using System;  
using System.Collections.Generic;  
using System.Net.Http;  
using OAuth.Core.Models;  namespace OAuth.Infrastructure  
{  public class AuthProviderFactory  {  private readonly IDictionary<string, ProviderConfiguration> _configurations;  private readonly IHttpClientFactory _httpClientFactory;  public AuthProviderFactory(IDictionary<string, ProviderConfiguration> configurations, IHttpClientFactory httpClientFactory)  {  _configurations = configurations ?? throw new ArgumentNullException(nameof(configurations));  _httpClientFactory = httpClientFactory ?? throw new ArgumentNullException(nameof(httpClientFactory));  }  public AuthProvider Create(string providerName)  {  if (!_configurations.TryGetValue(providerName, out var config))  throw new KeyNotFoundException($"未找到提供商：{providerName}");  return new AuthProvider(_httpClientFactory.CreateClient(), config);  }  }  
}

Web API 层：OAuth.WebApi

API 控制器

在 OAuth.WebApi 模块中，我们实现了 OAuthController，提供 API 的行为。

using Microsoft.AspNetCore.Mvc;  
using OAuth.Infrastructure;  namespace OAuth.WebApi.Controllers  
{  [Route("api/oauth")]  [ApiController]  public class OAuthController : ControllerBase  {  private readonly AuthProviderFactory _factory;  public OAuthController(AuthProviderFactory factory)  {  _factory = factory;  }  [HttpGet("{provider}/{api}")]  public async Task<IActionResult> ExecuteApi(string provider, string api, [FromQuery] Dictionary<string, object> parameters)  {  var providerInstance = _factory.Create(provider);  var result = await providerInstance.CallApiAsync<object>(api, parameters);  if (!result.IsSuccess)  return BadRequest(result.Error);  return Ok(result.Data);  }  }  
}

配置文件示例

appsettings.json 文件配置所有可使用的 OAuth 提供商的信息。

{  "OAuthProviders": {  "WeCom": {  "ProviderName": "WeCom",  "BaseUrl": "https://qyapi.weixin.qq.com",  "AuthorizationUrl": "/cgi-bin/authorize",  "TokenUrl": "/cgi-bin/gettoken",  "ClientId": "your-client-id",  "ClientSecret": "your-client-secret",  "RedirectUri": "https://your.app/wecom/callback",  "CommonHeaders": {  "User-Agent": "OAuthSolution Client/1.0"  },  "Apis": {  "GetUserInfo": {  "Url": "/cgi-bin/user/get/{userid}",  "Method": "GET",  "RequiresAuthentication": true,  "Parameters": [  { "Name": "userid", "Location": "path" }  ]  }  }  }  }  
}

应用程序启动和配置

最后，在 Program.cs 中，设置 ASP.NET Core 中的依赖注入以支持我们的架构。

using Microsoft.AspNetCore.Builder;  
using Microsoft.Extensions.Configuration;  
using Microsoft.Extensions.DependencyInjection;  
using OAuth.Core.Models;  
using OAuth.Infrastructure;  var builder = WebApplication.CreateBuilder(args);  
var configuration = builder.Configuration;  
var oauthProviders = configuration.GetSection("OAuthProviders").Get<Dictionary<string, ProviderConfiguration>>();  builder.Services.AddHttpClient();  
builder.Services.AddSingleton(oauthProviders);  
builder.Services.AddSingleton<AuthProviderFactory>();  
builder.Services.AddControllers();  var app = builder.Build();  
app.MapControllers();  
app.Run();

结论

通过上述方式，我们构建了一个可扩展的 OAuth2 API集成方案。这种设计不仅支持多种 OAuth 提供商的接入，还允许动态配置 API 的调用方式，使得代码简洁明了、易于维护。未来如需引入新的提供商或 API，只需在配置文件中新增相应信息即可，无需对现有逻辑进行修改。

若您遇到不同 OAuth 提供商的实际需求、疑问或问题，请随时在评论区留言，我们将一起探讨解决方案！ 🌟