AspNetCore.Authentication.JwtBearer fails with No SecurityTokenValidator available for token with .net core RC2
I\'m trying to get a simple endpoint working that issues and consumes JWT tokens using AspNew.Security.OpenIdConnect.Server to issue the token and validating using Microsoft
-
Starting with beta5 (for ASP.NET Core RC2), the OpenID Connect server middleware no longer uses JWT as the default format for access tokens. Instead, it uses opaque tokens, encrypted by the rock-solid ASP.NET Core Data Protection stack (exactly like authentication cookies).
You have 3 options to fix the error you're seeing:
- Use the new OAuth2 validation middleware developed to support opaque tokens (the recommended option, if your API and your authorization server are part of the same app). For that, keep the
AspNet.Security.OAuth.Validationreference you have inproject.jsonand replaceapp.UseJwtBearerAuthentication(...)by justapp.UseOAuthValidation(). You can also removeMicrosoft.AspNetCore.Authentication.JwtBearerfromproject.json.
- Force the OpenID Connect server middleware to use JWT tokens by calling
options.AccessTokenHandler = new JwtSecurityTokenHandler();in the options. Note that you'll also have to callticket.SetResources(...)to attach the appropriate audience with the JWT tokens (see this other SO post for more information).
- Use the new introspection middleware. This option is more complex and requires implementing the
ValidateIntrospectionRequestevent to validate the client credentials. Only use it if you know what you're doing.
讨论(0) - Use the new OAuth2 validation middleware developed to support opaque tokens (the recommended option, if your API and your authorization server are part of the same app). For that, keep the
加载中...
- 热议问题