From 8a250d2cc13b0ca1eb5ec24b4c1721656bd77e7f Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Fri, 25 Jul 2025 13:57:35 +0800
Subject: [PATCH] Check user authentication before providing access token

---
 .../IdentityModel/Web/HttpContextAbpAccessTokenProvider.cs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/framework/src/Volo.Abp.Http.Client.IdentityModel.Web/Volo/Abp/Http/Client/IdentityModel/Web/HttpContextAbpAccessTokenProvider.cs b/framework/src/Volo.Abp.Http.Client.IdentityModel.Web/Volo/Abp/Http/Client/IdentityModel/Web/HttpContextAbpAccessTokenProvider.cs
index 5044513438..b993b006e3 100644
--- a/framework/src/Volo.Abp.Http.Client.IdentityModel.Web/Volo/Abp/Http/Client/IdentityModel/Web/HttpContextAbpAccessTokenProvider.cs
+++ b/framework/src/Volo.Abp.Http.Client.IdentityModel.Web/Volo/Abp/Http/Client/IdentityModel/Web/HttpContextAbpAccessTokenProvider.cs
@@ -1,8 +1,10 @@
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
 using Volo.Abp.DependencyInjection;
 using Volo.Abp.Http.Client.Authentication;
+using Volo.Abp.Users;
 
 namespace Volo.Abp.Http.Client.IdentityModel.Web;
 
@@ -24,6 +26,11 @@ public class HttpContextAbpAccessTokenProvider : IAbpAccessTokenProvider, ITrans
             return null;
         }
 
+        if (!httpContext.RequestServices.GetRequiredService<ICurrentUser>().IsAuthenticated)
+        {
+            return null;
+        }
+
         return await httpContext.GetTokenAsync("access_token");
     }
 }