[英]OpenID Connect Implicit Flow - Resource Server
I've begun an implementation using the OpenID Connect Implicit Flow - I've retrieved my access token and ID token in my browser based javascript app, and now I need to protect the resource on my ASP.NET Core Web API so it can only be accessed via a valid access token from a user with a specific claim. 我已经开始使用OpenID Connect隐式流程进行实施-我已经在基于浏览器的javascript应用程序中检索了访问令牌和ID令牌,现在我需要保护ASP.NET Core Web API上的资源,以便仅可以通过具有特定声明的用户通过有效的访问令牌进行访问。
What middleware do I use to validate the token(s) and determine the user and their claims so I can then allow or deny them access to the resource they are requesting? 我使用哪种中间件来验证令牌并确定用户及其声明,以便随后允许或拒绝他们访问其请求的资源?
I've looked at OpenIdConnectAuthentication
middleware, however the only implementation examples I've seen use a SignInScheme of "Cookies", not the Bearer token that my js app is providing. 我看过OpenIdConnectAuthentication
中间件,但是我看到的唯一实现示例使用的是“ Cookies”的SignInScheme,而不是我的js应用程序提供的Bearer令牌。
Thanks 谢谢
What middleware do I use to validate the token(s) and determine the user and their claims so I can then allow or deny them access to the resource they are requesting? 我使用哪种中间件来验证令牌并确定用户及其声明,以便随后允许或拒绝他们访问其请求的资源?
If your authorization server issues JWT tokens, you can use the JWT bearer middleware developed by the ASP.NET team: https://github.com/aspnet/Security/tree/dev/src/Microsoft.AspNetCore.Authentication.JwtBearer . 如果授权服务器发布JWT令牌,则可以使用由ASP.NET团队开发的JWT承载中间件: https : //github.com/aspnet/Security/tree/dev/src/Microsoft.AspNetCore.Authentication.JwtBearer 。
app.UseJwtBearerAuthentication(new JwtBearerOptions {
Authority = Configuration["jwt:authority"],
Audience = Configuration["jwt:audience"]
});
You can find a sample here: https://github.com/aspnet/Security/tree/dev/samples/JwtBearerSample . 您可以在此处找到示例: https : //github.com/aspnet/Security/tree/dev/samples/JwtBearerSample 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.