Created
March 23, 2021 03:01
-
-
Save RickyLin/b95162681ae29829600505724c140a34 to your computer and use it in GitHub Desktop.
The token validation in project using Identity Server 3 is not compatible with token created in Identity Server 4. So I have to tweak the token process in Project using Identity Server 4 for client and scopes that will access the project using Identity Server 3.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
add those 2 services in Startup class of Identity Server 4 project. | |
services.AddTransient<ITokenService, TokenService>() | |
.AddTransient<ITokenCreationService, TokenCreationService>(); | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using IdentityServer4.Configuration; | |
using IdentityServer4.Models; | |
using IdentityServer4.Services; | |
using Microsoft.AspNetCore.Authentication; | |
using Microsoft.Extensions.Logging; | |
using System; | |
using System.IdentityModel.Tokens.Jwt; | |
using System.Linq; | |
using System.Threading.Tasks; | |
namespace MyDemo.Services | |
{ | |
public class TokenCreationService : DefaultTokenCreationService | |
{ | |
public TokenCreationService(ISystemClock clock, IKeyMaterialService keys, IdentityServerOptions options, ILogger<DefaultTokenCreationService> logger) | |
: base(clock, keys, options, logger) | |
{ | |
} | |
protected async override Task<JwtHeader> CreateHeaderAsync(Token token) | |
{ | |
JwtHeader header = await base.CreateHeaderAsync(token); | |
if (token.Type == "access_token" && token.ClientId == "demo" && token.Scopes != null | |
&& token.Scopes.Any(s => s.Equals("mc", StringComparison.OrdinalIgnoreCase))) | |
{ | |
header["typ"] = "JWT"; | |
} | |
return header; | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using IdentityServer4.Configuration; | |
using IdentityServer4.Models; | |
using IdentityServer4.Services; | |
using IdentityServer4.Stores; | |
using Microsoft.AspNetCore.Authentication; | |
using Microsoft.AspNetCore.Http; | |
using Microsoft.Extensions.Logging; | |
using System; | |
using System.Linq; | |
using System.Threading.Tasks; | |
namespace MyDemo.Services | |
{ | |
public class TokenService : DefaultTokenService | |
{ | |
public TokenService(IClaimsService claimsProvider, IReferenceTokenStore referenceTokenStore, ITokenCreationService creationService, IHttpContextAccessor contextAccessor, ISystemClock clock | |
, IKeyMaterialService keyMaterialService, IdentityServerOptions options, ILogger<DefaultTokenService> logger) | |
: base(claimsProvider, referenceTokenStore, creationService, contextAccessor, clock, keyMaterialService, options, logger) | |
{ | |
} | |
public async override Task<Token> CreateAccessTokenAsync(TokenCreationRequest request) | |
{ | |
Token token = await base.CreateAccessTokenAsync(request); | |
if (token.ClientId == "demo" && token.Scopes != null && token.Scopes.Any(s => s.Equals("mc", StringComparison.OrdinalIgnoreCase))) | |
{ | |
token.Audiences.Add($"{EnsureTrailingSlash(token.Issuer)}resources"); | |
} | |
return token; | |
} | |
private string EnsureTrailingSlash(string url) | |
{ | |
if (url != null && !url.EndsWith("/")) | |
{ | |
return url + "/"; | |
} | |
return url; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment