IdentityServer4.AccessTokenValidation
IdentityServer4.AccessTokenValidation
Authentication handler for ASP.NET Core 2 that allows accepting both JWTs and reference tokens in the same API.
Technically this handler is a decorator over both the Microsoft JWT handler as well as our OAuth 2 introspection handler. If you only need to support one token type only, we recommend using the underlying handlers directly.
Issues
For issues, use the consolidated IdentityServer4 issue tracker.
JWT Usage
Simply specify authority and API name (aka audience):
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = "https://demo.identityserver.io";
options.ApiName = "api1";
});
Enable reference tokens
Additionally specify the API secret for the introspection endpoint:
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = "https://demo.identityserver.io";
options.ApiName = "api1";
options.ApiSecret = "secret";
});
Specifying the underlying handler options directly
In case you need access to a setting that the combined options don't expose, you can fallback to configuring the underlying handler directly.
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme,
jwtOptions =>
{
// jwt bearer options
},
referenceOptions =>
{
// oauth2 introspection options
});
Scope validation
In addition to API name checking, you can do more fine-grained scope checks. This package includes some convenience helpers to do that.
Create a global authorization policy
services
.AddMvcCore(options =>
{
// require scope1 or scope2
var policy = ScopePolicy.Create("scope1", "scope2");
options.Filters.Add(new AuthorizeFilter(policy));
})
.AddJsonFormatters()
.AddAuthorization();
Composing a scope policy
services.AddAuthorization(options =>
{
options.AddPolicy("myPolicy", builder =>
{
// require scope1
builder.RequireScope("scope1");
// and require scope2 or scope3
builder.RequireScope("scope2", "scope3");
});
});
最新文章
- Node.js:path、url、querystring模块
- 大话设计模式C++版——抽象工厂模式
- centos python web 站点搭建
- PHP自毁程序
- centos最小安装,之后想安装x-windows,安装图形界面 startx
- Ajax编程中,经常要能动态的改变界面元素的样式
- ruby condition
- [设计模式]NetworkManagementService中的观察者模式
- Citrix服务器虚拟化之三十 XenApp 6.5发布流式应用程序
- Android NetWorkUtil
- 模块化的JavaScript
- 基于visual Studio2013解决面试题之1105字符串压缩
- android图片加水印,文字
- 聚类-K均值
- 菜鸟初学redis(二)
- display:table-cell几种应用
- 20165221 JAVA第四周学习心得
- Fatal error: Uncaught Error: Call to undefined function mysqli_connect()
- Java之Logger日志(Java8特性)
- Linux学习笔记11—VSFTP的搭建