C# 未调用IdentityServer4自定义令牌请求验证程序
我正在使用ASP.NET标识的项目中使用IdentityServer 4。我的目标是添加分配动态令牌过期的逻辑。以下是IdSrv4文档中关于的主题 我的初始验证器非常基本C# 未调用IdentityServer4自定义令牌请求验证程序,c#,identityserver4,C#,Identityserver4,我正在使用ASP.NET标识的项目中使用IdentityServer 4。我的目标是添加分配动态令牌过期的逻辑。以下是IdSrv4文档中关于的主题 我的初始验证器非常基本 public class TokenLifetimeValidator : ICustomTokenRequestValidator { public Task ValidateAsync(CustomTokenRequestValidationContext context) { throw
public class TokenLifetimeValidator : ICustomTokenRequestValidator
{
public Task ValidateAsync(CustomTokenRequestValidationContext context)
{
throw new NotImplementedException();
}
}
这是IdSrv4配置:
services.AddIdentityServer()
.AddAspNetIdentity<ApplicationUser>()
.AddInMemoryIdentityResources(new IdentityResource[] { new IdentityResources.OpenId(), new IdentityResources.Profile() })
.AddInMemoryApiResources(new ApiResource[] { new ApiResource("api", new[] { JwtClaimTypes.Name, JwtClaimTypes.Role }) })
.AddInMemoryClients(new Client[]
{
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api"
},
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
RedirectUris = Configuration.GetSection("RedirectUris").Get<string[]>(),
PostLogoutRedirectUris = Configuration.GetSection("PostLogoutRedirectUris").Get<string[]>(),
AccessTokenLifetime = 60*60*24, // 24 Hours
IdentityTokenLifetime = 60*60*24 // 24 Hours
}
})
// Not working.
---> //.AddCustomTokenRequestValidator<TokenLifetimeValidator>()
.AddDeveloperSigningCredential();
// Not working.
---> services.AddTransient<ICustomTokenRequestValidator, TokenLifetimeValidator>();
事实证明,为我的流实现的合适接口是
ICustomAuthorizeRequestValidator
- 连接/授权-
ICustomAuthorizerRequestValidator
- connect/token-
ICustomTokenRequestValidator
多亏了维德曼塔斯·布莱塞维修斯和杜夫的指点。你是如何尝试调用它的?通过
connect/authorize
或connect/token
?我正在为此及其userManager.signinDirect
使用oidc-client.js库。我相信它正在调用connect/authorize
。这就是为什么没有调用您的验证器的原因,在connect/authorize
flowforconnect/authorize
使用ICustomAuthorizeRequestValidator
的过程中没有要验证的令牌上下文,您可以直接在之后添加它
——只是一个助手,但会使您的配置更加一致
this.userManager = new UserManager({
authority: environment.issuer,
client_id: 'client',
scope: 'openid profile api',
response_type: 'id_token token',
loadUserInfo: true,
automaticSilentRenew: true,
redirect_uri: environment.app + '/login-callback.html',
silent_redirect_uri: environment.app + '/silent-renew.html',
post_logout_redirect_uri: environment.app
});