I am using IdentityServer4 in my project with ASP.NET Identity. My goal is to add logic that will assign dynamic token expiration. I am following this topic from the IdSrv4 documentation about ICustomTokenRequestValidator .
My initial validator is very basic.
public class TokenLifetimeValidator : ICustomTokenRequestValidator
{
public Task ValidateAsync(CustomTokenRequestValidationContext context)
{
throw new NotImplementedException();
}
}
This is the IdSrv4 configuration:
services.AddIdentityServer()
.AddAspNetIdentity<ApplicationUser>()
.AddInMemoryIdentityResources(new IdentityResource[] { new IdentityResources.OpenId(), new IdentityResources.Profile() })
.AddInMemoryApiResources(new ApiResource[] { new ApiResource("api", new[] { JwtClaimTypes.Name, JwtClaimTypes.Role }) })
.AddInMemoryClients(new Client[]
{
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api"
},
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
RedirectUris = Configuration.GetSection("RedirectUris").Get<string[]>(),
PostLogoutRedirectUris = Configuration.GetSection("PostLogoutRedirectUris").Get<string[]>(),
AccessTokenLifetime = 60*60*24, // 24 Hours
IdentityTokenLifetime = 60*60*24 // 24 Hours
}
})
// Not working.
---> //.AddCustomTokenRequestValidator<TokenLifetimeValidator>()
.AddDeveloperSigningCredential();
// Not working.
---> services.AddTransient<ICustomTokenRequestValidator, TokenLifetimeValidator>();
Regardles of how I register the custom validator, it never gets executed. I tested with IdentityServer4 2.0.0, 2.1.0, 2.3.2, 2.4.0.
How can I get the validator to get executed?
Thanks!
Edit: The login is executed by oidc-client.js
and its userManager.signinRedirect
.
this.userManager = new UserManager({
authority: environment.issuer,
client_id: 'client',
scope: 'openid profile api',
response_type: 'id_token token',
loadUserInfo: true,
automaticSilentRenew: true,
redirect_uri: environment.app + '/login-callback.html',
silent_redirect_uri: environment.app + '/silent-renew.html',
post_logout_redirect_uri: environment.app
});
It turned out that the appropriate interface to implement for my flow was ICustomAuthorizeRequestValidator
.
ICustomAuthorizeRequestValidator
ICustomTokenRequestValidator
Thanks to Vidmantas Blazevicius and d_f for the pointers.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.