IdentityServer4.AccessTokenValidation

Authentication handler for ASP.NET Core 2 that allows accepting both JWTs and reference tokens in the same API.

Technically this handler is a decorator over both the Microsoft JWT handler as well as our OAuth 2 introspection handler. If you only need to support one token type only, we recommend using the underlying handlers directly.

Issues

For issues, use the consolidated IdentityServer4 issue tracker.

JWT Usage

Simply specify authority and API name (aka audience):

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)

    .AddIdentityServerAuthentication(options =>

    {

        options.Authority = "https://demo.identityserver.io";

        options.ApiName = "api1";

    });

Enable reference tokens

Additionally specify the API secret for the introspection endpoint:

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)

    .AddIdentityServerAuthentication(options =>

    {

        options.Authority = "https://demo.identityserver.io";

        options.ApiName = "api1";

        options.ApiSecret = "secret";

    });

Specifying the underlying handler options directly

In case you need access to a setting that the combined options don't expose, you can fallback to configuring the underlying handler directly.

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)

    .AddIdentityServerAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme,

        jwtOptions =>

        {

            // jwt bearer options

        },

        referenceOptions =>

        {

            // oauth2 introspection options

        });

Scope validation

In addition to API name checking, you can do more fine-grained scope checks. This package includes some convenience helpers to do that.

Create a global authorization policy

services

    .AddMvcCore(options =>

    {

        // require scope1 or scope2

        var policy = ScopePolicy.Create("scope1", "scope2");

        options.Filters.Add(new AuthorizeFilter(policy));

    })

    .AddJsonFormatters()

    .AddAuthorization();

Composing a scope policy

services.AddAuthorization(options =>

{

    options.AddPolicy("myPolicy", builder =>

    {

        // require scope1

        builder.RequireScope("scope1");

        // and require scope2 or scope3

        builder.RequireScope("scope2", "scope3");

    });

});

最新文章

  1. Node.js:path、url、querystring模块
  2. 大话设计模式C++版——抽象工厂模式
  3. centos python web 站点搭建
  4. PHP自毁程序
  5. centos最小安装,之后想安装x-windows,安装图形界面 startx
  6. Ajax编程中,经常要能动态的改变界面元素的样式
  7. ruby condition
  8. [设计模式]NetworkManagementService中的观察者模式
  9. Citrix服务器虚拟化之三十 XenApp 6.5发布流式应用程序
  10. Android NetWorkUtil
  11. 模块化的JavaScript
  12. 基于visual Studio2013解决面试题之1105字符串压缩
  13. android图片加水印,文字
  14. 聚类-K均值
  15. 菜鸟初学redis(二)
  16. display:table-cell几种应用
  17. 20165221 JAVA第四周学习心得
  18. Fatal error: Uncaught Error: Call to undefined function mysqli_connect()
  19. Java之Logger日志(Java8特性)
  20. Linux学习笔记11—VSFTP的搭建

热门文章

  1. Metrics介绍和Spring的集成
  2. Json 文件中value的基本类型
  3. chrome调试工具怎么限制网速
  4. 注册InstallShield
  5. Confluence 6 的 WebDAV 客户端整合介绍
  6. IOS 命令行工具开发
  7. sqlalchemy 的设置及使用
  8. Selenium WebDriver中鼠标事件
  9. mysql解决外网不能连接
  10. Maven集成SSM