identityserver4 - 如何使用 IdentityServer4 创建 JWT 令牌
问题描述
在我使用 IdentityServer4 的应用程序(.Net 核心应用程序)中,目前创建“参考”令牌进行身份验证。但我需要将令牌类型从“参考”类型更改为“JWT”令牌。我发现了几篇关于此的文章并按照上述方法进行了尝试,但我仍然无法获得“JWT”令牌,而我只能获得“参考”令牌。
我遵循了以下站点中提到的详细信息,但没有运气。
IdentityServer4 使用 asp.net 核心中的密码授权请求 JWT / 访问承载令牌
https://andrewlock.net/a-look-behind-the-jwt-bearer-authentication-middleware-in-asp-net-core/
谁能让我知道我们如何将令牌类型从“参考”更改为“JWT”令牌?是否有任何自定义代码/类要创建来实现这一点?
下面是我的客户端类中使用的代码。
new Client
{
ClientId = "Client1",
ClientName = "Client1",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List<string>
{
IdentityScope.OpenId,
IdentityScope.Profile,
ResourceScope.Customer,
ResourceScope.Info,
ResourceScope.Product,
ResourceScope.Security,
ResourceScope.Sales,
ResourceScope.Media,
ResourceScope.Nfc,
"api1"
},
AllowOfflineAccess = true,
AlwaysSendClientClaims = true,
UpdateAccessTokenClaimsOnRefresh = true,
AlwaysIncludeUserClaimsInIdToken = true,
AllowAccessTokensViaBrowser = true,
// Use reference token so mobile user (resource owner) can revoke token when log out.
// Jwt token is self contained and cannot be revoked
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = CommonSettings.AccessTokenLifetime,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
RefreshTokenExpiration = TokenExpiration.Sliding,
AbsoluteRefreshTokenLifetime = CommonSettings.AbsoluteRefreshTokenLifetime,
SlidingRefreshTokenLifetime = CommonSettings.SlidingRefreshTokenLifetime,
IncludeJwtId = true,
Enabled = true
},
在我的 startup.cs 中,我有以下代码。
public void ConfigureServices(IServiceCollection services)
{
var connStr = ConfigurationManager.ConnectionStrings[CommonSettings.IDSRV_CONNECTION_STRING].ConnectionString;
services.AddMvc();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
// base-address of your identityserver
options.Authority = "http://localhost:1839/";
// name of the API resource
options.Audience = "api1";
options.RequireHttpsMetadata = false;
});
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
}
);
var builder = services.AddIdentityServer(options => setupAction(options))
.AddSigningCredential(loadCert())
.AddInMemoryClients(Helpers.Clients.Get())
.AddInMemoryIdentityResources(Resources.GetIdentityResources())
.AddInMemoryApiResources(Resources.GetApiResources()).AddDeveloperSigningCredential()
.AddConfigStoreCache().AddJwtBearerClientAuthentication()
//Adds a key for validating tokens. They will be used by the internal token validator and will show up in the discovery document.
.AddValidationKey(loadCert());
builder.AddConfigStore(options =>
{
//CurrentEnvironment.IsEnvironment("Testing") ?
// this adds the config data from DB (clients, resources)
options.ConfigureDbContext = dbBuilder => { dbBuilder.UseSqlServer(connStr); };
})
.AddOperationalDataStore(options =>
{
// this adds the operational data from DB (codes, tokens, consents)
options.ConfigureDbContext = dbBuilder => { dbBuilder.UseSqlServer(connStr); };
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = CommonSettings.TokenCleanupInterval;
});
}
请让我知道,要获得 JWT 令牌需要做哪些更改。提前致谢。
解决方案
推荐阅读
- java - 替换字符数组中的字符
- javascript - Chart.js AJAX 未捕获类型错误:无法读取未定义的属性“数据”
- android - 在 Android (OpenSSL) 中使用服务器的私钥签署证书
- java - 由于在空对象引用上调用 setText,应用程序崩溃
- ruby-on-rails - Ruby / Rails - 文件命名约定和处理大写模型名称(即 CSV 与 Csv)
- video - VBScript 复制 720p 60fps MP4 文件
- python - 从 JSON Python 中的字典列表中删除重复输出
- python - 如果未从视图 Django REST 框架进行身份验证,则重定向到登录页面
- javascript - 更改 HTML 中另一个类的元素
- c++ - C++ 类中的 VTK Visualizer 不渲染场景