如何使用IdentityServer4创建JWT令牌
在使用IdentityServer4的我的应用程序(.Net核心应用程序)中,目前创建用于身份验证的“引用”令牌。但是我需要将令牌类型从“Reference”类型更改为“JWT”令牌。我找到了几篇关于这方面的文章,并如前所述进行了尝试,但我仍然无法获得“JWT”令牌,而我只获得了“Reference”令牌 我遵循了下面网站中提到的细节,但没有运气 有人能告诉我如何将令牌类型从“Reference”更改为“JWT”令牌吗?是否要创建任何自定义代码/类来实现这一点 下面是我的客户机类中使用的代码如何使用IdentityServer4创建JWT令牌,identityserver4,Identityserver4,在使用IdentityServer4的我的应用程序(.Net核心应用程序)中,目前创建用于身份验证的“引用”令牌。但是我需要将令牌类型从“Reference”类型更改为“JWT”令牌。我找到了几篇关于这方面的文章,并如前所述进行了尝试,但我仍然无法获得“JWT”令牌,而我只获得了“Reference”令牌 我遵循了下面网站中提到的细节,但没有运气 有人能告诉我如何将令牌类型从“Reference”更改为“JWT”令牌吗?是否要创建任何自定义代码/类来实现这一点 下面是我的客户机类中使用的代
new Client
{
ClientId = "Client1",
ClientName = "Client1",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = new List<string>
{
IdentityScope.OpenId,
IdentityScope.Profile,
ResourceScope.Customer,
ResourceScope.Info,
ResourceScope.Product,
ResourceScope.Security,
ResourceScope.Sales,
ResourceScope.Media,
ResourceScope.Nfc,
"api1"
},
AllowOfflineAccess = true,
AlwaysSendClientClaims = true,
UpdateAccessTokenClaimsOnRefresh = true,
AlwaysIncludeUserClaimsInIdToken = true,
AllowAccessTokensViaBrowser = true,
// Use reference token so mobile user (resource owner) can revoke token when log out.
// Jwt token is self contained and cannot be revoked
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = CommonSettings.AccessTokenLifetime,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
RefreshTokenExpiration = TokenExpiration.Sliding,
AbsoluteRefreshTokenLifetime = CommonSettings.AbsoluteRefreshTokenLifetime,
SlidingRefreshTokenLifetime = CommonSettings.SlidingRefreshTokenLifetime,
IncludeJwtId = true,
Enabled = true
},
请让我知道,要获得JWT代币需要做哪些更改。提前感谢。您使用了内存客户端和数据库存储。因为您在内存中添加了数据库存储,所以应该更改db记录。。当我尝试时,我在内存中添加了这些语句。但早些时候,当我使用DB时,它也不起作用。因此,对于DB store,JWT令牌将不起作用?语句
AccessTokenType=AccessTokenType.JWT
应该起作用。您确定正在从显示的客户端读取配置吗?@Ruard-是的,我在调用“connect/token”时使用的是同一个客户端
public void ConfigureServices(IServiceCollection services)
{
var connStr = ConfigurationManager.ConnectionStrings[CommonSettings.IDSRV_CONNECTION_STRING].ConnectionString;
services.AddMvc();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
// base-address of your identityserver
options.Authority = "http://localhost:1839/";
// name of the API resource
options.Audience = "api1";
options.RequireHttpsMetadata = false;
});
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
}
);
var builder = services.AddIdentityServer(options => setupAction(options))
.AddSigningCredential(loadCert())
.AddInMemoryClients(Helpers.Clients.Get())
.AddInMemoryIdentityResources(Resources.GetIdentityResources())
.AddInMemoryApiResources(Resources.GetApiResources()).AddDeveloperSigningCredential()
.AddConfigStoreCache().AddJwtBearerClientAuthentication()
//Adds a key for validating tokens. They will be used by the internal token validator and will show up in the discovery document.
.AddValidationKey(loadCert());
builder.AddConfigStore(options =>
{
//CurrentEnvironment.IsEnvironment("Testing") ?
// this adds the config data from DB (clients, resources)
options.ConfigureDbContext = dbBuilder => { dbBuilder.UseSqlServer(connStr); };
})
.AddOperationalDataStore(options =>
{
// this adds the operational data from DB (codes, tokens, consents)
options.ConfigureDbContext = dbBuilder => { dbBuilder.UseSqlServer(connStr); };
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = CommonSettings.TokenCleanupInterval;
});
}