Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Introducing the OpenIddict validation handler

See original GitHub issue

Starting with RC3 and thanks to a great contribution from @kinosang, OpenIddict now has its dedicated validation handler, based on the aspnet-contrib handler (AspNet.Security.OAuth.Validation).

This handler supports both the default token format (opaque) and reference tokens. Like the aspnet-contrib handler, you can use it as a standalone handler (i.e without having to register the OpenIddict core or server services):

// Register the OpenIddict validation handler.
services.AddOpenIddict()
    .AddValidation();

Resource servers that use reference tokens will have to configure the core services and register the appropriate stores to be able to use it:

// Register the OpenIddict services.
services.AddOpenIddict()

    // Register the OpenIddict core services.
    .AddCore(options =>
    {
        // Register the Entity Framework entities and stores.
        options.UseEntityFrameworkCore()
               .UseDbContext<ApplicationDbContext>();
    })

    // Register the OpenIddict validation handler.
    .AddValidation(options => options.UseReferenceTokens());

The aspnet-contrib handler will continue to be fully supported and will still be usable with OpenIddict so existing and new applications can keep using services.AddAuthentication().AddOAuthValidation() instead of services.AddOpenIddict().AddValidation() for opaque token validation.

Note: OpenIddictValidationHandler lives in the OpenIddict.Validation package, which is referenced by the OpenIddict metapackage. You don’t have to add a new PackageReference to be able to use it.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:1
  • Comments:20 (6 by maintainers)

github_iconTop GitHub Comments

3reactions
adadurovcommented, Oct 6, 2018

@pholly I tried doing what you suggested but for some reason it didn’t work. What I ended up doing is this:

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = "Bearer";
    options.DefaultChallengeScheme = "Bearer";
});

Also, an important thing to remember is that it only works if I add this AFTER the services.AddOpenIddict() call, it doesn’t do anything if I place it before. The good thing is this removes the necessity for a custom authentication scheme provider.

@codeaid, @PinpointTownes – you guys saved me. Thank you so much!

I was migrating my project to Openiddict-RC3 + reference tokens and the final touch (that I spent almost two days struggling with) was that ‘Default authentication scheme’ thing that I should have put after adding ASP.NET Core Identity & OpenIddict services to my Startup.cs.

@PinpointTownes , do you think it is worth mentioning in some OpenIddict WIKI page, so that those who combine AspNet.Identity and OpenIddict and are new to the ASP.Net Core world could get it solved quickly?

1reaction
kevinchaletcommented, Sep 15, 2018

Note: the conditions I describe in my post are absolutely not specific to our validation handlers. All the authentication handlers in ASP.NET Core 2.0 work the same way.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Implementing advanced scenarios using the new OpenIddict ...
Introducing event handlers. The events model is structured around IOpenIddictServerEventHandler<TEvent> and IOpenIddictValidationEventHandler< ...
Read more >
What's OpenIddict?
As with OAuthAuthorizationServerMiddleware , OpenIddict allows handling authorization, logout and token requests in custom controller actions or any other ...
Read more >
How to use OpenIddict validation handler for exchanging ...
I have an OpenIddict auth server on ASP.NET Core (working just fine), I have an SPA with an ASP.NET Core WebAPI resource server...
Read more >
Setting up an Authorization Server with OpenIddict - Part II
In ASP.NET Core, authentication is handled by the IAuthenticationService . The authentication service uses authentication handlers to complete ...
Read more >
Live Coding OAuth using OpenIddict and .NET - YouTube
Comments17 · Simplifying Microservice Security with YARP · Live Coding OpenId Connect using OpenIddict & . · ASP.NET Core Authentication Schemas (.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

signin with ticket containing scopes do not return scope in response

Next page

UX improvements in OpenIddict RC3