OpenID Connect轻量级库 [英] OpenID Connect lightweight library
问题描述
我正在寻找将实现这些例程的OpenID Connect(OIDC)依赖方轻量级库.
I'm looking for OpenID Connect (OIDC) Relying Party lightweight library that will have these routines implemented.
- 撰写身份验证请求"
- 验证"id_token"签名 (包括从元数据端点下载证书)
- 解析"id_token" JWT
- Compose "Authentication Request"
- Validate "id_token" signature (including downloading certificate from metadata endpoint)
- Parse "id_token" JWT
唯一受支持的OIDC流称为"隐式流",其中服务器直接从授权端点(
The only OIDC flow to be supported is so called "implicit flow" where server answers with "id_token" (and "access_token" if requested) right from authorization endpoint (spec link).
在NuGet存储库中搜索似乎是唯一合适的选择-OWIN中间件,即使我可以确认它可以工作,最好有轻量级的选择.
Searching over NuGet repository seems to yield the only suitable option - OWIN middleware, and even though I can confirm it works, it would be better to have lightweight alternative.
推荐答案
只分享对我有用的内容.
Just sharing what worked for me.
要实现第一个目标,就完成了名为Thinktecture.IdentityModel.Client
的NuGet程序包(链接 )可以使用(IdentityServer创建者提供的软件包本身就是不可思议的).下面是一个显示基本用法的示例.
To get 1st goal accomplished NuGet package called Thinktecture.IdentityModel.Client
(link) can be used (package from IdentityServer creators that is incredible itself). An example that shows basic usage is below.
var client = new OAuth2Client(new Uri(AuthorizeEndpointUrl));
string url = client.CreateAuthorizeUrl(
clientId: ClientId,
redirectUri: RedirectUri,
responseType: "id_token",
responseMode: "form_post",
nonce: Guid.NewGuid().ToString(),
additionalValues: additionalValues);
关于从OIDC身份提供者收到的JWT的解析和验证,System.IdentityModel.Tokens.Jwt
(
As to parsing and validation of the JWT received from OIDC Identity Provider the System.IdentityModel.Tokens.Jwt
(link) Microsoft's NuGet package is a way to go. The code snippet is bellow as well.
var parameters = new TokenValidationParameters()
{
IssuerSigningTokens = GetSigningTokens(MetadataEndpointUrl),
ValidAudience = ValidAudience,
ValidIssuer = ValidIssuer,
};
var tokenHandler = new JwtSecurityTokenHandler();
SecurityToken validated;
tokenHandler.ValidateToken(jwt, parameters, out validated);
return validated as JwtSecurityToken;
这一切都很轻巧,可以使您的应用程序免受不必要的依赖.
This all lightweight and keeps your application clean from unnecessary dependencies.
这篇关于OpenID Connect轻量级库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!