zoukankan      html  css  js  c++  java
  • IdentityServer4.AccessTokenValidation

    IdentityServer4.AccessTokenValidation

    Authentication handler for ASP.NET Core 2 that allows accepting both JWTs and reference tokens in the same API.

    Technically this handler is a decorator over both the Microsoft JWT handler as well as our OAuth 2 introspection handler. If you only need to support one token type only, we recommend using the underlying handlers directly.

    Issues

    For issues, use the consolidated IdentityServer4 issue tracker.

    JWT Usage

    Simply specify authority and API name (aka audience):

    services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
        .AddIdentityServerAuthentication(options =>
        {
            options.Authority = "https://demo.identityserver.io";
            options.ApiName = "api1";
        });

    Enable reference tokens

    Additionally specify the API secret for the introspection endpoint:

    services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
        .AddIdentityServerAuthentication(options =>
        {
            options.Authority = "https://demo.identityserver.io";
            options.ApiName = "api1";
            options.ApiSecret = "secret";
        });

    Specifying the underlying handler options directly

    In case you need access to a setting that the combined options don't expose, you can fallback to configuring the underlying handler directly.

    services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
        .AddIdentityServerAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme,
            jwtOptions =>
            {
                // jwt bearer options
            },
            referenceOptions =>
            {
                // oauth2 introspection options
            });

    Scope validation

    In addition to API name checking, you can do more fine-grained scope checks. This package includes some convenience helpers to do that.

    Create a global authorization policy

    services
        .AddMvcCore(options =>
        {
            // require scope1 or scope2
            var policy = ScopePolicy.Create("scope1", "scope2");
            options.Filters.Add(new AuthorizeFilter(policy));
        })
        .AddJsonFormatters()
        .AddAuthorization();

    Composing a scope policy

    services.AddAuthorization(options =>
    {
        options.AddPolicy("myPolicy", builder =>
        {
            // require scope1
            builder.RequireScope("scope1");
            // and require scope2 or scope3
            builder.RequireScope("scope2", "scope3");
        });
    });
  • 相关阅读:
    [转] 使用Git进行小项目代码管理
    [转] Linux抓包工具tcpdump详解
    几天都是气温骤降,感冒了还没有收获
    1128进入自学实习培训路
    hdu 4952
    hdu 4937 2014 Multi-University Training Contest 7 1003
    hdu 4941 2014 Multi-University Training Contest 7 1007
    hdu 4939 2014 Multi-University Training Contest 7 1005
    hdu 4932 BestCoder Round #4 1002
    POJ 2362
  • 原文地址:https://www.cnblogs.com/wintersoft/p/9367254.html
Copyright © 2011-2022 走看看