IdentityServer 4 get timestamp while login/refresh token

问题

We are using identity server 4 to protect the api/resources. One of the requirements is to trace the user activity which means, the last time the user consumed the api (not logged in but consumed). As we have 30+ apis, we thought it would be easrier to intercept this validation process/event to register in the database the last activity date once the token gets validated against the identity server.

My question here, does this validation really happens on identity server level each and every time the user wants to access an api?

Is there anyway to get this validation timestamp to save it somewhere in a database?

thanks

回答1:

I was able to solve this problem myself. I digged more into ID-Server events and found a good way in handling the events in a centralized way. So this implementation is only in the ID-Server project.

Identity server 4 exposes some kind of events that can be used to trace user activity (for exmaple: token issued successfuly, token issued failed, Login failed etc...)

For more info about event, so this link

In the identity server project I added an implementation of the IEventSink interface. This interface models the persistence of the events and provides one method: PersistAsync.

Here is the cs class:

public class IdentityServerEventSink : IEventSink
{
        private readonly IHttpContextAccessor _httpContextAccessor;
        private readonly UserManager<IdentityUser> _userManager;

        public IdentityServerEventSink(IHttpContextAccessor httpContextAccessor,
                                       UserManager<IdentityUser> userManager)
        {
            _httpContextAccessor = httpContextAccessor;
            _userManager = userManager;
        }

        public async Task PersistAsync(Event @event)
        {
            if (@event.Id.Equals(EventIds.ClientAuthenticationFailure) || @event.Id.Equals(EventIds.TokenIssuedSuccess) || @event.Id.Equals(EventIds.TokenIssuedFailure))
            {
                Identity user = null;

                try
                {
                    user = await _userManager.GetUserAsync(_httpContextAccessor.HttpContext.User);

                    if (user != null)
                    {
                       // do stuff
                    }
                }
                catch (Exception ex)
                {
                  // handle exception
                }
            }
        }
}

Over DI i'm injecting the IHttpContextAccessor, so you need to add this line in the services configuration:

services.TryAddSingleton<IHttpContextAccessor, HttpContextAccessor>();

And this line to include the IEventSink implementation in the conatiner:

services.AddTransient<IEventSink, IdentityServerEventSink>();

hope this helps!

来源：https://stackoverflow.com/questions/58426747/identityserver-4-get-timestamp-while-login-refresh-token