JWT承载令牌流 [英] JWT Bearer Token Flow

问题描述

我想要的是ASP.NET Core中的JWT生成和JWT消耗的方法.

What I want is a method of JWT Generation and JWT Consumption in ASP.NET Core.

没有OAuth2流程，我确实有IdentityServerv3与OAuth2一起使用，但是当我拥有双方时，对于单个应用程序访问API来说，这太过分了.

No OAuth2 flow, I do have the IdentityServerv3 working with OAuth2 but it is just overkill for a single app accessing an API when I own both sides.

我遇到的主要困难是找出ASP.NET Core中的Microsoft.Owin.Security.Jwt.此列表中没有任何内容 https://www.myget.org/gallery/aspnetvnext 似乎无关.还是该软件包实际上与ASP.NET Core息息相关?

The main source of difficulty I am having is finding out the equivalent of Microsoft.Owin.Security.Jwt in ASP.NET Core. Nothing in this list https://www.myget.org/gallery/aspnetvnext seems to relate. Or is that package actually to stay relevant in with ASP.NET Core?

推荐答案

如果您正在寻找一种(简单的)方式来生成自己的JWT令牌，则应直接使用JwtSecurityTokenHandler.您可以在提到的MyGet存储库中的System.IdentityModel.Tokens包中找到它(但现在版本有点旧)，或者直接在Azure AD存储库中的System.IdentityModel.Tokens.Jwt包中找到它:

If you're looking for a (simple) way to generate your own JWT tokens, you should directly use the JwtSecurityTokenHandler. You can find it in the System.IdentityModel.Tokens package on the MyGet repository you mentioned (but the version is a bit old now) or directly on the Azure AD repository, in the System.IdentityModel.Tokens.Jwt package: https://www.myget.org/gallery/azureadwebstacknightly

当然，使用推荐的标准协议来发行和检索JWT令牌比推荐的要多，OAuth2和OpenID Connect可能是最佳的选择.

Of course, using a standard protocol to issue and retrieve your JWT tokens is more than recommended and OAuth2 and OpenID Connect are probably the best candidates for that.

请注意， IdentityServer 并不是唯一可在ASP.NET 5上运行的服务器.我个人正在使用Katana 3随附的OAuth2授权服务器中间件的高级分支，该中间件提供了不同的方法: https://github.com/aspnet-contrib/AspNet.Security .OpenIdConnect.Server

Note that IdentityServer is not the only server that works on ASP.NET 5. I'm personally working on an advanced fork of the OAuth2 authorization server middleware that comes with Katana 3 and that offers a different approach: https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server

app.UseOAuthBearerAuthentication(new JwtBearerOptions
{
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    Audience = "http://localhost:54540/",
    Authority = "http://localhost:54540/"
});

app.UseOpenIdConnectServer(options =>
{
    options.Provider = new AuthorizationProvider();
});

要了解有关此项目的更多信息，建议阅读 http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/.

To learn more about this project, I'd recommend reading http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/.

可以在 https://jabbr.net/#/rooms/AspNetCore

Feel free to ping me on https://jabbr.net/#/rooms/AspNetCore if you need more information.

这篇关于JWT承载令牌流的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！