[英]Delegation using an extension grant with IdentityModel 1.9.2 and IdentityServer3.AccessTokenValidation in Dot Net Framework 4.8
I am unable to implement the delegate token service in the Dot Net Framework 4.8 application.我无法在 Dot Net Framework 4.8 应用程序中实现委托令牌服务。 Whereas I have another dot net core application where I am able to do it with the IdentityModel 4.4.1 nuget as below,
而我有另一个 dot net core 应用程序,我可以使用 IdentityModel 4.4.1 nuget 来完成它,如下所示,
public async Task<TokenResponse> DelegateAsync(string userToken)
{
var client = _httpClientFactory.CreateClient();
// or
// var client = new HttpClient();
// send custom grant to token endpoint, return response
return await client.RequestTokenAsync(new TokenRequest
{
Address = disco.TokenEndpoint,
GrantType = "delegation",
ClientId = "api1.client",
ClientSecret = "secret",
Parameters =
{
{ "scope", "api2" },
{ "token", userToken}
}
});
}
My Dot Net Framework 4.8 application has a dependency on IdentityModel 1.9.2 which does not provide the extended methods like GetDiscoveryDocumentAsync() RequestTokenAsync() methods used to get the delegate token.我的 Dot Net Framework 4.8 应用程序依赖于 IdentityModel 1.9.2,它不提供扩展方法,如用于获取委托令牌的 GetDiscoveryDocumentAsync() RequestTokenAsync() 方法。 If I try to upgrade the IdentityModel 4.4.0 latest, it is not compatible with IdentityServer3.AccessTokenValidation (My application is using this nuget for the ID4 implementation).
如果我尝试升级最新的 IdentityModel 4.4.0,它与 IdentityServer3.AccessTokenValidation 不兼容(我的应用程序正在使用这个 nuget 来实现 ID4)。 and if we try to upgrade IdentityServer3.AccessTokenValidation to IdentityServer4.AccessTokenValidation, it is not compatible with the Dot Net Framework 4.8.
如果我们尝试将 IdentityServer3.AccessTokenValidation 升级到 IdentityServer4.AccessTokenValidation,它与 Dot Net Framework 4.8 不兼容。
Reference: 33.1 https://docs.identityserver.io/_/downloads/en/latest/pdf/参考:33.1 https://docs.identityserver.io/_/downloads/en/latest/pdf/
How can I achieve the same in the dot net framework app?如何在 dot net framework 应用程序中实现相同的目标?
If you're hell bent on getting the same functionality I think you'll have to do your own discovery client.如果您一心想要获得相同的功能,我认为您将不得不做自己的发现客户端。
Using a normal GET to https://your-identity-server/.well-known/openid-configuration
and extracting the token_endpoint
value to use in your token endpoint.使用普通 GET 到
https://your-identity-server/.well-known/openid-configuration
并提取token_endpoint
值以在您的令牌端点中使用。
If you haven't changed any endpoints it's kinda redundant still and you can simply do:如果您没有更改任何端点,它仍然有点多余,您可以简单地执行以下操作:
var tokenClient = new TokenClient(
$"https://your-identity-server/connect/token",
"clientId",
"clientSecret");
and then do whatever request you need with that, like:然后做任何你需要的请求,比如:
var result = await tokenClient.RequestClientCredentialsAsync();
if (!result.IsError)
{
return result.AccessToken;
} else
{
throw new Exception($"Error while getting access token! -- {result.Error} -- {result.HttpErrorReason}");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.