OAuthAuthorizationProvide与Aspnet.security.openinconnect [英] OAuthAuthorizationProvide vs Aspnet.security.openinconnect
问题描述
我曾尝试使用.net core 2.1实施ASOS,但OAuthAuthorizationProvider中几乎没有可用的东西,但我在ASOS中找不到它们.另外,我认为上下文在ASOS中几乎没有什么不同,因此在ASOS中是否存在以下代码的替代形式:
I have tried implementing ASOS with .net core 2.1 and there were few things which were available in OAuthAuthorizationProvider but I couldn't find them in ASOS. Also I think the context is little different in ASOS, So is there any alternate of the following code in ASOS:
OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
var options = new OAuthAuthorizationServerOptions
{
AuthorizeEndpointPath = new PathString(AuthorizePath),
TokenEndpointPath = new PathString(TokenPath),
ApplicationCanDisplayErrors = true,
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(5),
#if DEBUG
AllowInsecureHttp = true,
#endif
// Authorization server provider which controls the lifecycle of Authorization Server
Provider = new OAuthAuthorizationServerProvider
{
OnValidateClientRedirectUri = ValidateClientRedirectUri,
OnValidateClientAuthentication = ValidateClientAuthentication,
OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
OnGrantClientCredentials = GrantClientCredetails
},
// Authorization code provider which creates and receives authorization code
AuthorizationCodeProvider = new AuthenticationTokenProvider
{
OnCreate = CreateAuthenticationCode,
OnReceive = ReceiveAuthenticationCode,
},
// Refresh token provider which creates and receives referesh token
RefreshTokenProvider = new AuthenticationTokenProvider
{
OnCreate = CreateRefreshToken,
OnReceive = ReceiveRefreshToken,
}
,
};
app.UseOAuthAuthorizationServer(options);
app.UseOAuthBearerAuthentication(OAuthBearerOptions);
更新:
private Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var identity = new ClaimsIdentity(new GenericIdentity(context.UserName, OAuthDefaults.AuthenticationType), context.Scope.Select(x => new Claim("claim", x)));
context.Validated(identity);
return Task.FromResult(0);
}
private Task GrantClientCredetails(OAuthGrantClientCredentialsContext context)
{
var identity = new ClaimsIdentity(new GenericIdentity(context.ClientId, OAuthDefaults.AuthenticationType), context.Scope.Select(x => new Claim("claim", x)));
context.Validated(identity);
return Task.FromResult(0);
}
推荐答案
大多数选项仍然存在,但是事件模型已经过重新设计:
Most of the options are still there but the events model has been reworked:
-
OnValidateClientRedirectUri被一个更通用的OnValidateAuthorizationRequest事件代替.
OnValidateClientRedirectUriwas replaced by a more generalOnValidateAuthorizationRequestevent.
OnValidateClientAuthentication不再存在.现在,在OnValidateTokenRequest事件(或OnValidateIntrospectionRequest/OnValidateRevocationRequest)中执行客户端身份验证,但是您未在代码段中使用自省/吊销终结点.
OnValidateClientAuthentication no longer exists. Client authentication validation is now performed in the OnValidateTokenRequest event (or OnValidateIntrospectionRequest/OnValidateRevocationRequest, but you're not using the introspection/revocation endpoints in your snippet).
用于解密令牌的*Provider属性已由Serialize*和Deserialize*事件替换.不再必须使用它们:在这种情况下,授权代码和刷新令牌在到期之前将被视为有效.
The *Provider properties - used for decrypting/encrypting tokens - have been replaced by Serialize* and Deserialize* events. Using them is no longer mandatory: in this case, authorization codes and refresh tokens will be considered valid until they expire.
如果您想了解有关经过改进的事件模型的更多信息,请不要错过此博客文章系列: https://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction /
If you want to learn more about the revamped events model, don't miss this blog post series: https://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/
这篇关于OAuthAuthorizationProvide与Aspnet.security.openinconnect的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
