Open kevinchalet opened 4 years ago
@PinpointTownes we agree and want to do this work in our 6.x so we can easily have asp.net 3.x take a dependency.
@kevinchalet CreateToken(SecurityTokenDescriptor ...) is defined to return by SecurityTokenHandler to return SecurityToken. I agree this method would be helpful to return a string. Perhaps a different name.
@kevinchalet sorry we missed this one for Wilson7. Will keep it on the radar for Wilson8 (no ETA)
Type TokenType { get; } - Should this be on JsonWebToken?
bool CanReadToken(string token) - OK string CreateToken(SecurityTokenDescriptor tokenDescriptor) - OK
TokenValidationResult ValidateToken(string token, TokenValidationParameters validationParameters) - we already have ValidateTokenAsync, so I don't think we need this.
Type TokenType { get; } - Should this be on JsonWebToken?
The most logical approach is to have a virtual
(or abstract
, but it would be breaking) property in the base class and override it in each implementation so that the correct type is returned.
bool CanReadToken(string token) - OK string CreateToken(SecurityTokenDescriptor tokenDescriptor) - OK
Since there are now async overloads for the validation part, should these new methods be async/return ValueTask<T>
? Could be overkill for the first one, but quite useful for the second one if you ever add things like async encryption or signature providers.
TokenHandler
seems pretty useless as a base class, as it doesn't expose any useful method for token generation or validation.Please consider adding abstract or virtual properties/methods for at least the following APIs:
Type TokenType { get; }
bool CanReadToken(string token)
string CreateToken(SecurityTokenDescriptor tokenDescriptor)
TokenValidationResult ValidateToken(string token, TokenValidationParameters validationParameters)