xabaril / jwtsimpleserver Goto Github PK
View Code? Open in Web Editor NEWA lightweight, dynamic jwt server for ASP.NET Core
License: Apache License 2.0
A lightweight, dynamic jwt server for ASP.NET Core
License: Apache License 2.0
Adding a JWK for signing would be very useful.
I was not able to find how to use the provided JWK class referenced in the project instead of a signingKey for signing the JWT and there is a use case I am very interested in where the received token is signed using a JWK instead of a signingKey.
thank u.
how can
async ValidateClientAuthenticationAsync ??
`public async Task ValidateClientAuthenticationAsync(JwtSimpleServerContext context)
{
var user = await _userManager.FindByNameAsync(context.UserName);
if (user == null)
{
context.Reject("Invalid user authentication");
}
var signInResult = await _signInManager.CheckPasswordSignInAsync(user, context.Password, false);
if (signInResult.Succeeded)
{
var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Name, "demo"));
context.Success(claims);
} else {
context.Reject("Invalid user authentication");
}
return Task.CompletedTask;
}`
Hi, when we are doing the request of token from our frontend is possible to fetch the data but the response throws the error No 'Access-Control-Allow-Origin'.
Error:
Access to XMLHttpRequest at 'http://localhost:53348/Token' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
If in the WriteResponseAsync we set the header with => context.Response.Headers["Access-Control-Allow-Origin"] = "*"; we can fetch the data correctly.
private Task WriteResponseAsync(
int statusCode,
HttpContext context,
string content = "",
string contentType = "application/json")
{
context.Response.Headers["Content-Type"] = contentType;
context.Response.StatusCode = statusCode;
return context.Response.WriteAsync(content);
}
Thanks!
Reported possible bug with CORS middleware and server
I'm refreshing every 30 sec:
const config = { headers: {'Content-Type': 'application/x-www-form-urlencoded' }}
axios.post('/token', qs.stringify({ refresh_token: refreshToken, grant_type: 'refresh_token' }), config)
For each request, the returned access_token increases in size. After ~1-2hrs it's about 20k.
Edit: decoded the token and DateCreated is added each time:
...
"DateCreated": [
"08.10.2019 07.09.49",
"08.10.2019 07.10.18",
"08.10.2019 07.10.48",
"08.10.2019 07.11.18",
"08.10.2019 07.11.48",
"08.10.2019 07.12.18",
"08.10.2019 07.12.48",
...
https://github.com/Xabaril/JWTSimpleServer/blob/master/src/JWTSimpleServer/JwtTokenEncoder.cs#L30
i want change this in option. please.
public Func Expires = () => DateTime.UtcNow.AddMinutes(15);
We should not expose refresh token to the UI. Right?
How would you handle it in right way?
https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/
Document public classes and methods.
Support for .net core 2.2?
Hi,
Are there any plans to upgrade this to .NET Core 3.1? Please guide.
Thanks.
Improve sample playground appearance without adding additional frameworks.
The IAuthenticationProvider
should be flexible for those scenarios where the user may not login using the username but an email and password.
I know that with the current implementation I can just make the clients send the email in the "username" and it will work but it is not nice for the clients to do that.
Response for preflight has invalid HTTP status code 401.
Within my implementation of IAuthenticationProvider. I'm using Microsoft.AspNetCore.Identity to validate user and password.
And from what I know SignInManager and UserManager are registered as scope. But I agree that IAuthenticationProvider should be registered as Singleton as we don't need more than 1 instance of it.
So should I do: AddScoped<IAuthenticationProvider, CustomAuthenticationProvider>()
or what I think is a better solution, I will inject into CustomAuthenticationProvider, IServiceScopeFactory and do:
using (var scope = serviceScopeFactory.CreateScope()) { var signInManager = scope.ServiceProvider.GetService<SignInManager<ApplicationUser>>(); var userManager = scope.ServiceProvider.GetService<UserManager<ApplicationUser>>(); var findUser = await userManager.FindByNameAsync(user); var result = await signInManager.CheckPasswordSignInAsync(findUser, password, false); return result.Succeeded; }
Many thanks
How would you implement the control of user roles?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.