zoukankan      html  css  js  c++  java
  • IdentityServer4.AccessTokenValidation

    IdentityServer4.AccessTokenValidation

    Authentication handler for ASP.NET Core 2 that allows accepting both JWTs and reference tokens in the same API.

    Technically this handler is a decorator over both the Microsoft JWT handler as well as our OAuth 2 introspection handler. If you only need to support one token type only, we recommend using the underlying handlers directly.

    Issues

    For issues, use the consolidated IdentityServer4 issue tracker.

    JWT Usage

    Simply specify authority and API name (aka audience):

    services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
        .AddIdentityServerAuthentication(options =>
        {
            options.Authority = "https://demo.identityserver.io";
            options.ApiName = "api1";
        });

    Enable reference tokens

    Additionally specify the API secret for the introspection endpoint:

    services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
        .AddIdentityServerAuthentication(options =>
        {
            options.Authority = "https://demo.identityserver.io";
            options.ApiName = "api1";
            options.ApiSecret = "secret";
        });

    Specifying the underlying handler options directly

    In case you need access to a setting that the combined options don't expose, you can fallback to configuring the underlying handler directly.

    services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
        .AddIdentityServerAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme,
            jwtOptions =>
            {
                // jwt bearer options
            },
            referenceOptions =>
            {
                // oauth2 introspection options
            });

    Scope validation

    In addition to API name checking, you can do more fine-grained scope checks. This package includes some convenience helpers to do that.

    Create a global authorization policy

    services
        .AddMvcCore(options =>
        {
            // require scope1 or scope2
            var policy = ScopePolicy.Create("scope1", "scope2");
            options.Filters.Add(new AuthorizeFilter(policy));
        })
        .AddJsonFormatters()
        .AddAuthorization();

    Composing a scope policy

    services.AddAuthorization(options =>
    {
        options.AddPolicy("myPolicy", builder =>
        {
            // require scope1
            builder.RequireScope("scope1");
            // and require scope2 or scope3
            builder.RequireScope("scope2", "scope3");
        });
    });
  • 相关阅读:
    WAP协议研究笔记—彩信的传输
    应用程序重起自身等几则技巧
    谁妨碍了我们快乐
    国庆长假总结
    关于输入法的两个问题
    反刍
    为什么,一个思维方式的问题,一个习惯的问题,已经意识到了这一点,
    电影池子,
    幻想下,
    意识流,
  • 原文地址:https://www.cnblogs.com/wintersoft/p/9367254.html
Copyright © 2011-2022 走看看