小贝子编程

未调用标识服务器 4 自定义令牌请求验证程序



我在项目中使用 IdentityServer4 ASP.NET Identity。我的目标是添加将分配动态令牌过期的逻辑。我正在关注有关ICustomTokenRequestValidator的IdSrv4文档中的这个主题。

我的初始验证器是非常基本的。

public class TokenLifetimeValidator : ICustomTokenRequestValidator
{
    public Task ValidateAsync(CustomTokenRequestValidationContext context)
    {
        throw new NotImplementedException();
    }
}

这是 IdSrv4 配置:

services.AddIdentityServer()
    .AddAspNetIdentity<ApplicationUser>()
    .AddInMemoryIdentityResources(new IdentityResource[] { new IdentityResources.OpenId(), new IdentityResources.Profile() })
    .AddInMemoryApiResources(new ApiResource[] { new ApiResource("api", new[] { JwtClaimTypes.Name, JwtClaimTypes.Role }) })
    .AddInMemoryClients(new Client[]
    {
        new Client
        {
            ClientId = "client",
            AllowedGrantTypes = GrantTypes.Implicit,
            AllowedScopes =
            {
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile,
                "api"
            },
            AllowAccessTokensViaBrowser = true,
            RequireConsent = false,
            RedirectUris = Configuration.GetSection("RedirectUris").Get<string[]>(),
            PostLogoutRedirectUris = Configuration.GetSection("PostLogoutRedirectUris").Get<string[]>(),
            AccessTokenLifetime = 60*60*24, // 24 Hours
            IdentityTokenLifetime = 60*60*24 // 24 Hours
        }
    })
    // Not working.
    ---> //.AddCustomTokenRequestValidator<TokenLifetimeValidator>()
    .AddDeveloperSigningCredential();
// Not working.
---> services.AddTransient<ICustomTokenRequestValidator, TokenLifetimeValidator>();

关于我如何注册自定义验证器,它永远不会被执行。我用IdentityServer4 2.0.0,2.1.0,2.3.2,2.4.0进行了测试。

如何让验证器被执行?

谢谢!

编辑:登录由oidc-client.js及其userManager.signinRedirect执行。

this.userManager = new UserManager({
  authority: environment.issuer,
  client_id: 'client',
  scope: 'openid profile api',
  response_type: 'id_token token',
  loadUserInfo: true,
  automaticSilentRenew: true,
  redirect_uri: environment.app + '/login-callback.html',
  silent_redirect_uri: environment.app + '/silent-renew.html',
  post_logout_redirect_uri: environment.app
});

事实证明,为我的流实现的适当接口是ICustomAuthorizeRequestValidator

  • 连接/授权 - ICustomAuthorizeRequestValidator
  • 连接/令牌 - ICustomTokenRequestValidator

感谢Vidmantas Blazeviciusd_f的指点。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium