Skip to content
This repository has been archived by the owner on Jul 14, 2020. It is now read-only.

IdentityServer/IdentityServer4.AccessTokenValidation

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
3 branches 36 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.config
updated build
December 5, 2019 16:02
build
update to new build script (#134)
April 19, 2020 10:54
src
upgrade Bullseye, SimpleExec, and Minver (#133)
April 6, 2020 07:20
test
update packages
October 22, 2019 09:32
.gitignore
new build
April 28, 2019 17:00
IdentityServer4.AccessTokenValidation.sln
update project for next release
August 5, 2018 15:19
LICENSE
update license
March 6, 2018 07:13
README.md
Update README.md
July 14, 2020 11:26
azure-pipelines.yml
update build
December 5, 2019 16:15
build.cmd
update to new build script (#134)
April 19, 2020 10:54
build.ps1
update to new build script (#134)
April 19, 2020 10:54
build.sh
update to new build script (#134)
April 19, 2020 10:54
global.json
updated build
December 5, 2019 16:02
icon.jpg
update to RTM + add icon
September 25, 2019 16:48
key.snk
add strong naming
May 17, 2019 16:10
IdentityServer4.AccessTokenValidation Important Description JWT Usage Enable reference tokens Specifying the underlying handler options directly Scope validation Create a global authorization policy Composing a scope policy

README.md

IdentityServer4.AccessTokenValidation

Important

This library is deprecated and not being maintained anymore.

Read this blog post about the reasoning and recommedations for a superior and more flexible approach:

https://leastprivilege.com/2020/07/06/flexible-access-token-validation-in-asp-net-core/

Description

Authentication handler for ASP.NET Core 2 that allows accepting both JWTs and reference tokens in the same API.

Technically this handler is a decorator over both the Microsoft JWT handler as well as our OAuth 2 introspection handler. If you only need to support one token type only, we recommend using the underlying handlers directly.

JWT Usage

Simply specify authority and API name (aka audience):

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
    .AddIdentityServerAuthentication(options =>
    {
        options.Authority = "https://demo.identityserver.io";
        options.ApiName = "api1";
    });

Enable reference tokens

Additionally specify the API secret for the introspection endpoint:

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
    .AddIdentityServerAuthentication(options =>
    {
        options.Authority = "https://demo.identityserver.io";
        options.ApiName = "api1";
        options.ApiSecret = "secret";
    });

Specifying the underlying handler options directly

In case you need access to a setting that the combined options don't expose, you can fallback to configuring the underlying handler directly.

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
    .AddIdentityServerAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme,
        jwtOptions =>
        {
            // jwt bearer options
        },
        referenceOptions =>
        {
            // oauth2 introspection options
        });

Scope validation

In addition to API name checking, you can do more fine-grained scope checks. This package includes some convenience helpers to do that.

Create a global authorization policy

services
    .AddMvcCore(options =>
    {
        // require scope1 or scope2
        var policy = ScopePolicy.Create("scope1", "scope2");
        options.Filters.Add(new AuthorizeFilter(policy));
    })
    .AddJsonFormatters()
    .AddAuthorization();

Composing a scope policy

services.AddAuthorization(options =>
{
    options.AddPolicy("myPolicy", builder =>
    {
        // require scope1
        builder.RequireScope("scope1");
        // and require scope2 or scope3
        builder.RequireScope("scope2", "scope3");
    });
});

About

IdentityServer Access Token Validation for ASP.NET Core

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy

Stars

535 stars

Watchers

49 watching

Forks

205 forks

Releases

36 tags

Sponsor this project

Packages

No packages published

Used by 9.5k

  • @mKhramov
  • @AinurGalimzyanov
  • @bitwarden
  • @tepduck
  • @GodDamndelion
  • @Vadimvr
  • @sajadam98
  • @digital-stoic
+ 9,443

Contributors 9

Languages