服务器重启后的 IdentityServer4 访问令牌
IdentityServer4 access token after server reboot
我已经实施了一个 Web API 将 IdentityServer4 身份验证作为 Web 服务的一部分。
如果我重新启动,则在重新启动之前颁发的服务器访问令牌将不再有效。
我正在使用 AddConfigurationStore 和 AddOperationalStore 保存 IdentityServer 数据。
我认为应该保留访问令牌是否不正确?
IdentityServer4 使用非对称密钥对来签署和验证 JWT。除了 AddOperationalStore 调用之外,您还应该坚持这一对。如documentation所述:
AddSigningCredential
Adds a signing key service that provides the
specified key material to the various token creation/validation
services. You can pass in either an X509Certificate2, a
SigningCredential or a reference to a certificate from the certificate
store.
AddDeveloperSigningCredential
Same purpose as the temporary signing
credential. But this version persists the key to the file system so it
stays stable between server restarts. This addresses issues when the
client/api metadata caches get out of sync during development.
更多信息:Cryptography, Keys and HTTPS。
AddSigningCredential 示例:GitHub.
P.S。我想 AddOperationalStore 只存储刷新令牌,这是设计使然。
我已经实施了一个 Web API 将 IdentityServer4 身份验证作为 Web 服务的一部分。
如果我重新启动,则在重新启动之前颁发的服务器访问令牌将不再有效。 我正在使用 AddConfigurationStore 和 AddOperationalStore 保存 IdentityServer 数据。
我认为应该保留访问令牌是否不正确?
IdentityServer4 使用非对称密钥对来签署和验证 JWT。除了 AddOperationalStore 调用之外,您还应该坚持这一对。如documentation所述:
AddSigningCredential
Adds a signing key service that provides the specified key material to the various token creation/validation services. You can pass in either an
X509Certificate2, aSigningCredentialor a reference to a certificate from the certificate store.AddDeveloperSigningCredential
Same purpose as the temporary signing credential. But this version persists the key to the file system so it stays stable between server restarts. This addresses issues when the client/api metadata caches get out of sync during development.
更多信息:Cryptography, Keys and HTTPS。
AddSigningCredential 示例:GitHub.
P.S。我想 AddOperationalStore 只存储刷新令牌,这是设计使然。