search

IdentityServer / IdentityServer4.AccessTokenValidation

IdentityServer Access Token Validation for ASP.NET Core
Apache License 2.0
544 stars 214 forks source link

IdentityServer4.AccessTokenValidation doesn't support Asp.Net Core 2.0? #71

Closed mokeyish closed 7 years ago

leastprivilege commented 7 years ago

or the other way round rather.

cormacrelf commented 7 years ago

ASP.NET Core 2.0 has landed, as of about an hour ago. Does this call for a bump to 2.0 (alongside IdentityModel.AspNetCore.OAuth2Introspection & others) and keep a 1.x branch around for maintenance?

Would you like any help or are you ticking along just fine?

Some handy references:

ASP.NET Auth 2.0 overview

Microsoft.AspNetCore.Authentication.JwtBearer 2.0 (this is good as an implementation reference, most importantly the new configuration scheme through services and the IAuthenticationHandler implementation.)

Migrating to auth 2.0 for end users

kspearrin commented 7 years ago

Yup, getting errors when trying to app.UseIdentityServerAuthentication(...

mokeyish commented 7 years ago

Thank you,I have found solution for this problem。

kspearrin commented 7 years ago

@mokeyish what is the solution?

mokeyish commented 7 years ago

@kspearrin services.AddJwtBearerAuthentication(options => { options.Authority = http://xxx; options.RequireHttpsMetadata = false; options.Audience = "api1"; }); app.UseAuthentication();

kspearrin commented 7 years ago

So we no longer use this library?

cormacrelf commented 7 years ago

Well, Jetbearer is only half the functionality. It can't dereference access tokens that aren't plain JWTs.

On 16 Aug 2017, at 10:47 am, Kyle Spearrin notifications@github.com wrote:

So we no longer use this library?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

mokeyish commented 7 years ago

@kspearrin Yes,we no longer use this library,Asp.Net Core 2.0 has already wrapped up authentication functionality.Asp.Net core 2.0 recognize different authentication by token_type.

urbanhusky commented 7 years ago

This sounds like this issue is still valid when using reference tokens?

cormacrelf commented 7 years ago

You could move it to OAuth2Introspection?

On 16 Aug 2017, at 11:48 pm, urbanhusky notifications@github.com wrote:

This sounds like this issue is still valid when using reference tokens?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.