Security token events return a JsonWebToken
The JwtBearerEvents, WsFederationEvents, and OpenIdConnectEvents events are authentication events fired respectively by the JwtBearer, WsFederation, and OpenIdConnect authentication handlers. For example, the OnTokenValidated event is fired when a security token is validated. These events are fired with a context (for example, TokenValidatedContext) that exposes a TokenValidatedContext.SecurityToken property of abstract type SecurityToken. The default real implementation of TokenValidatedContext.SecurityToken changed from JwtSecurityToken to JsonWebToken.
ASP.NET Core 8.0 Preview 7
Previously, the affected SecurityToken
properties were implemented by JwtSecurityToken, which derives from SecurityToken. JwtSecurityToken is the previous generation of JSON Web Token (JWT) implementation. The JwtSecurityToken tokens were produced by SecurityTokenValidators.
In addition, the JwtSecurityTokenHandler.DefaultInboundClaimTypeMap field provided the default claim type mapping for inbound claims.
Starting in ASP.NET Core 8.0, the Microsoft.IdentityModel.JsonWebTokens class, which also derives from SecurityToken, implements the SecurityToken
properties, by default. Microsoft.IdentityModel.JsonWebTokens tokens are produced by more optimized TokenHandler handlers.
In addition, the JsonWebTokenHandler.DefaultInboundClaimTypeMap field provides the default claim type mapping for inbound claims.
This change is a behavioral change.
This change was made because JsonWebToken (and its associated JsonWebTokenHandler) bring the following benefits:
- 30% performance improvement.
- Improved reliability by using a "last known good" metadata (such as
OpenIdConnectMetadata
). - Async processing.
For most users, this change shouldn't be a problem as the type of the properties (SecurityToken) hasn't changed, and you weren't supposed to look at the real type.
However, if you were down-casting one of the affected SecurityToken
properties to JwtSecurityToken
(for example, to get the claims), you have two options:
Down-cast the property to
JsonWebToken
:service.Configure<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options => { options.Events.OnTokenValidated = (context) => { // Replace your cast to JwtSecurityToken. JsonWebToken token = context.SecurityToken as JsonWebToken; // Do something ... }; });
Set one of the
UseSecurityTokenValidators
Boolean properties on the corresponding options (JwtBearerOptions, WsFederationOptions, or OpenIdConnectOptions) totrue
. By setting the property totrue
, the authentication handlers will keep usingJwtTokenValidators
and will keep producingJwtSecurityToken
tokens.service.Configure<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options => { options.UseSecurityTokenValidators = true; options.Events.OnTokenValidated = (context) => { // As you were doing before JwtSecurityToken token = context.SecurityToken as JwtSecurityToken; // Do something ... }; });
- Microsoft.AspNetCore.Authentication.WsFederation.SecurityTokenValidatedContext.SecurityToken
- Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext.SecurityToken
- Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext.SecurityToken
- AuthorizationCodeReceivedContext.SecurityToken
Feedback pentru .NET
.NET este un proiect open source. Selectați un link pentru a oferi feedback: