Check user authentication before providing access token

7 months ago · 8a250d2cc1
1 changed files with 7 additions and 0 deletions
--- a/framework/src/Volo.Abp.Http.Client.IdentityModel.Web/Volo/Abp/Http/Client/IdentityModel/Web/HttpContextAbpAccessTokenProvider.cs
+++ b/framework/src/Volo.Abp.Http.Client.IdentityModel.Web/Volo/Abp/Http/Client/IdentityModel/Web/HttpContextAbpAccessTokenProvider.cs
@ -1,8 +1,10 @@
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
 using Volo.Abp.DependencyInjection;
 using Volo.Abp.Http.Client.Authentication;
+using Volo.Abp.Users;

 namespace Volo.Abp.Http.Client.IdentityModel.Web;

@ -24,6 +26,11 @@ public class HttpContextAbpAccessTokenProvider : IAbpAccessTokenProvider, ITrans
            return null;
        }

+        if (!httpContext.RequestServices.GetRequiredService<ICurrentUser>().IsAuthenticated)
+        {
+            return null;
+        }
+
        return await httpContext.GetTokenAsync("access_token");
    }
 }