-
Notifications
You must be signed in to change notification settings - Fork 313
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What difference between AddIdentityServerAuthentication and AddJwtBearer #777
Comments
https://leastprivilege.com/2020/07/06/flexible-access-token-validation-in-asp-net-core/ |
i have read this uri ,but didn't find the reason about this issue, even so, now i know that AddJwtBearer is correct. |
I believe this means that Identity Server and Duende Software are deprecated. It's pretty stupid and lame to request a payment for building a "store" for "Microsoft.IdentityModel.Tokens", called IS4, that doesn't work out of the box for .net 6/7/8. The GetSchemeAndCredential method doesn't exist in the example, @leastprivilege, I don't give a f, about "Introspection", I don't want to mess up with all my Blazor applications and MAUI apps to change the authentication header to "token" instead of "Bearer". The apps where working very well in MAUI for Windows, Blazor Server, Blazor WebAssembly, because I use two authentication mechanisms, to overcome this, since the application needed to keep development, and not stop because of IS4 crippled functionality, until I wanted to use it in MAUI for Android and iOS, where I built the authentication and everything went right, until calling the APIs with JWT. I don't care if anyone of you "wouldn't want to keep maintaining the code" for validating JWT tokens, you can close the repo here in github, and take vacations for ever. If it doesn't work out of the box for JWT Authentication and I have to build it my self. I won't a pay a dime ever, and find something else to work with in the short time. We are developers, yes, but if a paid product should be "fixed" by my self, it's full of crap. |
Not at all - the only thing that has been deprecated was a small authentication handler for APIs that had some features that were missing from the JwtBearer handler in ASP.NET. As the handlers in ASP.NET have improved, that's become unnecessary. But the core of IdentityServer was always a token server - a framework for building spec-compliant OIDC Providers and OAuth Authorization Servers.
IdentityServer is a framework for building OAuth and OIDC token servers. I think it's a pretty great framework - we implement dozens of specifications while allowing a really high degree of customization - but if its not what you're looking for, that's fine. And Duende IdentityServer absolutely does work with .NET 6 or 7. Our upcoming 7.0 release will add support for .NET 8 shortly after .NET 8 ships.
The JwtBearer handler from ASP.NET core is the right handler for you then.
You don't need to change the header to use the JwtBearer handler.
That's fine - we know there are a lot of options for authentication out there. We provide tools for people who want to build token servers with a high degree of customization. |
Which version of Duende IdentityServer are you using?
IdentityServer4
Which version of .NET are you using?
.Net6
Describe the bug
What difference between AddIdentityServerAuthentication and AddJwtBearer ?
scheme name is same,each one is workly
it is very similar,but I do not sure how to choose,
The text was updated successfully, but these errors were encountered: