This package allows to extract token from authenticated requests and delegate it to an appropriated ISecurityTokenValidator and generate and AuthenticationTicket.
This tries to support almost RFC 6750 and some licenses based on GitHub behavior. But does not support Form-Encoded Body Parameter (http://tools.ietf.org/html/rfc6750#section-2.2).
There are three methods of sending tokens:
-
Authorization Request Header Field.
For example:
GET /resource HTTP/1.1 Host: server.example.com Authorization: Bearer mF_9.B5f-4.1JqMIt accepts
Bearerschema name, but alsoOAuth2andToken. -
URI Query Parameter
For example
https://server.example.com/resource?access_token=mF_9.B5f-4.1JqM&p=q:GET /resource?access_token=mF_9.B5f-4.1JqM HTTP/1.1 Host: server.example.com -
Basic Authentication with any username and token
See GitHub Basic Authentication Via OAuth Tokens
For example:
$ curl -u user:317F632427BCDA059B19EF241705BD2F https://server.example.com/resourceOr
GET /resource Host: server.example.com Authorization: basic dXNlcjozMTdGNjMyNDI3QkNEQTA1OUIxOUVGMjQxNzA1QkQyRg==
When a protected resource is requested but request does not include authentication credentials or does not contain an access token that enables access it includes the HTTP "WWW-Authenticate" response header field.
For example:
-
Request:
GET /resource Host: server.example.com -
Response
Status Code: 401 Unauthorized Content-Length: 436 Content-Type: application/json; charset=utf-8 Date: Fri, 11 Sep 2015 16:41:50 GMT WWW-Authenticate: Bearer
It is necessary to register all valid ISecurityTokenValidator classes and configure the Authentication service using the AddSimpleTokenAuthentication extension method.
Example:
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddTransient<ISecurityTokenValidator, MyCustomTokenValidator>();
services.AddAuthentication()
.AddSimpleTokenAuthentication();
}
public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory) {
app.UseAuthentication();
app.UseMvc();
}
}It is necessary to register all valid ISecurityTokenValidator classes and add the middleware to ApplicationBuilder using UseSimpleTokenAuthentication.
Example:
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddTransient<ISecurityTokenValidator, MyCustomTokenValidator>();
}
public void Configure(IApplicationBuilder app)
{
app.UseSimpleTokenAuthentication(o =>
{
o.AutomaticAuthentication = true;
});
app.UseMvc();
}
}Internally, when the token is not valid or there are not any registered any capable ISecurityTokenValidator, an AuthenticationException is thrown.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent