{"id":19991970,"url":"https://github.com/IdentityServer/IdentityServer4.AccessTokenValidation","last_synced_at":"2025-05-04T11:30:30.759Z","repository":{"id":53698778,"uuid":"46870391","full_name":"IdentityServer/IdentityServer4.AccessTokenValidation","owner":"IdentityServer","description":"IdentityServer Access Token Validation for ASP.NET Core","archived":true,"fork":false,"pushed_at":"2020-07-14T09:26:04.000Z","size":136587,"stargazers_count":544,"open_issues_count":0,"forks_count":214,"subscribers_count":47,"default_branch":"main","last_synced_at":"2024-11-05T11:09:35.236Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/IdentityServer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-11-25T15:34:44.000Z","updated_at":"2024-10-20T19:07:00.000Z","dependencies_parsed_at":"2022-09-17T14:41:20.379Z","dependency_job_id":null,"html_url":"https://github.com/IdentityServer/IdentityServer4.AccessTokenValidation","commit_stats":null,"previous_names":[],"tags_count":36,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdentityServer%2FIdentityServer4.AccessTokenValidation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdentityServer%2FIdentityServer4.AccessTokenValidation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdentityServer%2FIdentityServer4.AccessTokenValidation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdentityServer%2FIdentityServer4.AccessTokenValidation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/IdentityServer","download_url":"https://codeload.github.com/IdentityServer/IdentityServer4.AccessTokenValidation/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224392302,"owners_count":17303661,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T04:51:59.514Z","updated_at":"2024-11-13T04:54:33.093Z","avatar_url":"https://github.com/IdentityServer.png","language":"C#","readme":"# IdentityServer4.AccessTokenValidation\n\n## Important\nThis library is deprecated and not being maintained anymore.\n\nRead this blog post about the reasoning and recommedations for a superior and more flexible approach:\n\nhttps://leastprivilege.com/2020/07/06/flexible-access-token-validation-in-asp-net-core/\n\n\n## Description\nAuthentication handler for ASP.NET Core 2 that allows accepting both JWTs and reference tokens in the same API.\n\nTechnically this handler is a decorator over both the Microsoft [JWT handler](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.JwtBearer/) as well as our OAuth 2 [introspection handler](https://www.nuget.org/packages/IdentityModel.AspNetCore.OAuth2Introspection/). If you only need to support one token type only, we recommend using the underlying handlers directly.\n\n## JWT Usage\nSimply specify authority and API name (aka audience):\n\n```csharp\nservices.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)\n    .AddIdentityServerAuthentication(options =\u003e\n    {\n        options.Authority = \"https://demo.identityserver.io\";\n        options.ApiName = \"api1\";\n    });\n```\n\n## Enable reference tokens\nAdditionally specify the API secret for the introspection endpoint:\n\n```csharp\nservices.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)\n    .AddIdentityServerAuthentication(options =\u003e\n    {\n        options.Authority = \"https://demo.identityserver.io\";\n        options.ApiName = \"api1\";\n        options.ApiSecret = \"secret\";\n    });\n```\n\n## Specifying the underlying handler options directly\nIn case you need access to a setting that the combined options don't expose, you can fallback to configuring the underlying handler directly.\n\n```csharp\nservices.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)\n    .AddIdentityServerAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme,\n        jwtOptions =\u003e\n        {\n            // jwt bearer options\n        },\n        referenceOptions =\u003e\n        {\n            // oauth2 introspection options\n        });\n```\n\n## Scope validation\nIn addition to API name checking, you can do more fine-grained scope checks. This package includes some convenience helpers to do that.\n\n### Create a global authorization policy\n\n```csharp\nservices\n    .AddMvcCore(options =\u003e\n    {\n        // require scope1 or scope2\n        var policy = ScopePolicy.Create(\"scope1\", \"scope2\");\n        options.Filters.Add(new AuthorizeFilter(policy));\n    })\n    .AddJsonFormatters()\n    .AddAuthorization();\n```\n\n### Composing a scope policy\n\n```csharp\nservices.AddAuthorization(options =\u003e\n{\n    options.AddPolicy(\"myPolicy\", builder =\u003e\n    {\n        // require scope1\n        builder.RequireScope(\"scope1\");\n        // and require scope2 or scope3\n        builder.RequireScope(\"scope2\", \"scope3\");\n    });\n});\n```\n","funding_links":[],"categories":["C\\#"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FIdentityServer%2FIdentityServer4.AccessTokenValidation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FIdentityServer%2FIdentityServer4.AccessTokenValidation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FIdentityServer%2FIdentityServer4.AccessTokenValidation/lists"}