• This repository has been archived on 14/Jul/2020
  • Stars
    star
    542
  • Rank 81,982 (Top 2 %)
  • Language
    C#
  • License
    Apache License 2.0
  • Created about 9 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

IdentityServer Access Token Validation for ASP.NET Core

IdentityServer4.AccessTokenValidation

Important

This library is deprecated and not being maintained anymore.

Read this blog post about the reasoning and recommedations for a superior and more flexible approach:

https://leastprivilege.com/2020/07/06/flexible-access-token-validation-in-asp-net-core/

Description

Authentication handler for ASP.NET Core 2 that allows accepting both JWTs and reference tokens in the same API.

Technically this handler is a decorator over both the Microsoft JWT handler as well as our OAuth 2 introspection handler. If you only need to support one token type only, we recommend using the underlying handlers directly.

JWT Usage

Simply specify authority and API name (aka audience):

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
    .AddIdentityServerAuthentication(options =>
    {
        options.Authority = "https://demo.identityserver.io";
        options.ApiName = "api1";
    });

Enable reference tokens

Additionally specify the API secret for the introspection endpoint:

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
    .AddIdentityServerAuthentication(options =>
    {
        options.Authority = "https://demo.identityserver.io";
        options.ApiName = "api1";
        options.ApiSecret = "secret";
    });

Specifying the underlying handler options directly

In case you need access to a setting that the combined options don't expose, you can fallback to configuring the underlying handler directly.

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
    .AddIdentityServerAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme,
        jwtOptions =>
        {
            // jwt bearer options
        },
        referenceOptions =>
        {
            // oauth2 introspection options
        });

Scope validation

In addition to API name checking, you can do more fine-grained scope checks. This package includes some convenience helpers to do that.

Create a global authorization policy

services
    .AddMvcCore(options =>
    {
        // require scope1 or scope2
        var policy = ScopePolicy.Create("scope1", "scope2");
        options.Filters.Add(new AuthorizeFilter(policy));
    })
    .AddJsonFormatters()
    .AddAuthorization();

Composing a scope policy

services.AddAuthorization(options =>
{
    options.AddPolicy("myPolicy", builder =>
    {
        // require scope1
        builder.RequireScope("scope1");
        // and require scope2 or scope3
        builder.RequireScope("scope2", "scope3");
    });
});

More Repositories

1

IdentityServer4

OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
C#
9,227
star
2

IdentityServer3

OpenID Connect Provider and OAuth 2.0 Authorization Server Framework for ASP.NET 4.x/Katana
C#
2,014
star
3

IdentityServer4.Quickstart.UI

Starter UI for in-memory IdentityServer4
SCSS
923
star
4

IdentityServer4.Templates

dotnet new templates for IdentityServer4
SCSS
693
star
5

IdentityServer3.Samples

Samples for IdentityServer v3
JavaScript
610
star
6

IdentityServer2

[deprecated] Thinktecture IdentityServer is a light-weight security token service built with .NET 4.5, MVC 4, Web API and WCF.
C#
410
star
7

IdentityServer4.Demo

Demo instance of IdentityServer4
SCSS
290
star
8

IdentityServer4.EntityFramework

EntityFramework persistence layer for IdentityServer4
C#
242
star
9

IdentityServer4.AspNetIdentity

ASP.NET Core Identity integration for IdentityServer4
C#
178
star
10

IdentityServer3.AccessTokenValidation

OWIN Middleware to validate access tokens from IdentityServer3
C#
91
star
11

IdentityServer3.Admin

Sample Admin UI for IdentityServer3
CSS
75
star
12

IdentityServer3.EntityFramework

EntityFramework persistence layer for IdentityServer3
C#
69
star
13

IdentityServer4.WsFederation

Sample for implementing WS-Federation IdP support for IdentityServer4
C#
67
star
14

IdentityServer3.AspNetIdentity

ASP.NET Identity support for Thinktecture IdentityServer3
C#
65
star
15

Documentation

Documentation for IdentityServer3
CSS
43
star
16

CrossVersionIntegrationTests

Test harness to ensure IdentityServer 3/4 compatibility
C#
40
star
17

IdentityServer4.EntityFramework.Storage

EntityFramework persistence for IdentityServer4
C#
38
star
18

WindowsAuthentication

Windows Token to JWT Token Service for active and passive Flows
C#
36
star
19

IdentityServer4.Quickstart.UI.AspNetIdentity

Quickstart UI for ASP.NET Identity
C#
33
star
20

IdentityServer1

[deprecated] Lightweight, easy to use security token service based on .NET
C#
32
star
21

IdentityServer3.MembershipReboot

MembershipReboot support for Thinktecture IdentityServer3
C#
28
star
22

IdentityServer3.WsFederation

WS-Federation Plugin for IdentityServer v3
C#
25
star
23

IdentityServer4.Storage

Interfaces and models for implementing storage
C#
19
star
24

IdentityServer3.Admin.EntityFramework

C#
12
star
25

IdentityServer3.Demo

IdentityServer Demo Instance
C#
10
star
26

IdentityServer3.Extensions.Mvc

C#
8
star
27

IdentityServer3.EntityFramework.Cli

Command line interface used to configure IdentityServer database with clients and scopes
C#
8
star
28

identityserver.io

IdentityServer web site
HTML
7
star
29

IdentityServer3.WsFederation.EntityFramework

Entity Framework Persistence Layer for the WS-Federation Plugin
C#
4
star
30

Artwork

Icons, logos etc. for IdentityServer
3
star
31

ConformanceTesting

Test Instance for OIDC Conformance Testing
C#
3
star
32

.github

Default Community Health Files
2
star
33

identityserver.github.io

Organization Page
CSS
2
star