invio / invio.extensions.authentication.jwtbearer Goto Github PK
View Code? Open in Web Editor NEWExtensions to the Microsoft.AspNetCore.Authentication.JwtBearer namespace
License: MIT License
Extensions to the Microsoft.AspNetCore.Authentication.JwtBearer namespace
License: MIT License
Background
Right now I have one "Options" class, the JwtBearerQueryStringOptions
. This is great for configuring the extension, but when it is provided to the behavior, it gives a little bit too much power.
Specifically, it lets the behavior see its own specification on the options object, which is something that should be abstracted away. It also is mutable, so the behavior can adjust the configuration while it is running. Neither of these should be allowed.
Task
Make a new JwtBearerQueryStringBehaviorOptions
class that is (1) immutable, and (2) provides a subset of settings from JwtBearerQueryStringOptions
that are appropriate for a IJwtBearerQueryStringBehavior
to know about. It should get hydrated within the JwtBearerQueryStringMiddleware
here
Background
As an alternative to "redacting" tokens from query strings, we can also remove them entirely. This will hide from the logs that a token was included at all, which may be more helpful than saying that it was included but we are redacting it from view.
Task
RemoveJwtBearerQueryStringBehavior
implementation of IJwtBearerQueryStringBehavior
that removes the token from the query string if it is found.QueryStringBehaviors
to have a new immutable Remove
property that returns this behavior.I'm trying to use your library.
I think I followed the instructions properly.
My problem is that my HTTP GET seems to be rejected by the authentication mechanism before the token on the URL gets processed.
I took option 2 from your SO answer to confirm that the OnMessageReceived code is never called.
Does that behavior rings a bell on what could be wrong ?
Background
As an alternative to "redacting" tokens from query strings, we can also move tokens to the Authorization
HTTP header. This enables code downstream to assume the token is always present in the authorization header.
An interesting use case this enables is putting the middleware in front of any authentication code rather than mutating the authentication code to allow for query strings.
Task
MoveToHeaderJwtBearerQueryStringBehavior
implementation of IJwtBearerQueryStringBehavior
that removes the token from the query string and puts it into the Authorization
header using the Bearer
authentication scheme.QueryStringBehaviors
to have a new immutable MoveToHeader
property that returns this behavior.README
to reference the fact that this behavior can be put in front of the authentication middleware.A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.