IdentityServer4 Reference Token 撤销Token Google和GitHub登录
1.Reference Token
1.1JWT VS Reference Token
JWT
(1)JWT信息没有自包含,验证时无需和IDP通信
(2)JWT没有提供直接的生命周期控制
Reference Token
(1)Reference Token就是一个身份标识,连接到在IDP存储的Token
(2)Reference Token:Token Instrospection endpoint
(3)Reference Token直接的生命周期控制,但是与IDP的通信很频繁
1.2Idp认证服务配置
修改Token类型
1.3Api服务资源配置
2.撤销Tokens
(1)直接从存储里删除Token
(2)客户端通过Token撤销端点来撤销Tokens
(3)只对Reference Token有效
public async Task Logout() { var client = new HttpClient(); var disco = await client.GetDiscoveryDocumentAsync("http://localhost:5000/"); if (disco.IsError) { throw new Exception(disco.Error); } var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken); if (!string.IsNullOrWhiteSpace(accessToken)) { var revokeAccessTokenResponse = await client.RevokeTokenAsync(new TokenRevocationRequest { Address = disco.RevocationEndpoint, ClientId = "hybrid client", ClientSecret = "hybrid secret", Token = accessToken }); if (revokeAccessTokenResponse.IsError) { throw new Exception("Access Token Revocation Failed: " + revokeAccessTokenResponse.Error); } } var refreshToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.RefreshToken); if (!string.IsNullOrWhiteSpace(refreshToken)) { var revokeRefreshTokenResponse = await client.RevokeTokenAsync(new TokenRevocationRequest { Address = disco.RevocationEndpoint, ClientId = "hybrid client", ClientSecret = "hybrid secret", Token = refreshToken }); if (revokeRefreshTokenResponse.IsError) { throw new Exception("Refresh Token Revocation Failed: " + revokeRefreshTokenResponse.Error); } } //await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); //await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme); }
3.Google和github登录
3.1Google配置
(1)打开开发者控制台
https://console.developers.google.com
新建项目
(2)Idp认证服务配置
Nuget添加 Microsoft.AspNetCore.Authentication.Google
3.2github登录
(1)github配置
(2)Idp认证服务配置
NuGet添加 AspNet.Security.OAuth.GitHub
浙公网安备 33010602011771号