lsm/openiddict-documentation
1
0
Fork 0
mirror of https://gitee.com/dcren/openiddict-documentation.git synced 2025-04-05 17:38:03 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add a note recommending using the OpenIddict server ASP.NET Core handler to authenticate userinfo requests

Browse Source
This commit is contained in:
Kévin Chalet 2021-07-28 16:54:19 +02:00
parent dcd042f2f2
commit 99e72d2406
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
guide/migration/20-to-30.md
View File

@ -98,18 +98,19 @@ services.AddOpenIddict()
}); });
``` ```
## Enable request caching ## Use the new request caching APIs, if applicable
If previously application was using request caching functionality, the new way to toggle request caching feature (previously `options.EnableRequestCaching()`) to use `OpenIddictServerAspNetCoreBuilder` class methods (divided into explicit methods): In 3.0, the `OpenIddictServerBuilder.EnableRequestCaching()` API - that enabled request caching for both authorization and logout request -
was replaced by 2 separate methods. If your application depends on request caching, don't forget to enable it when migrating to 3.0:
```csharp ```csharp
services.AddOpenIddict() services.AddOpenIddict()
.AddServer(options => .AddServer(options =>
{ {
options.UseAspNetCore() options.UseAspNetCore()
.EnableAuthorizationRequestCaching() .EnableAuthorizationRequestCaching()
.EnableLogoutRequestCaching(); .EnableLogoutRequestCaching();
}) });
``` ```
## Replace JSON.NET by `System.Text.Json` ## Replace JSON.NET by `System.Text.Json`
@ -135,6 +136,11 @@ In 3.0, the constants used as the ASP.NET Core authentication schemes have chang
| OpenIddictValidationDefaults.AuthenticationScheme | OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme | | OpenIddictValidationDefaults.AuthenticationScheme | OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme |
| OAuthValidationDefaults.AuthenticationScheme | OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme | | OAuthValidationDefaults.AuthenticationScheme | OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme |
> [!NOTE]
> In 3.0, the OpenIddict server ASP.NET Core handler supports authenticating userinfo requests. As such, if you use the pass-through mode
> to handle userinfo requests in your own userinfo MVC action, consider using `OpenIddictServerAspNetCoreDefaults.AuthenticationScheme`
> instead of `OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme` for your userinfo endpoint to avoid duplicate access token validation.
## Update your application to work with the new `scope` format ## Update your application to work with the new `scope` format
In OpenIddict 3.0, the format of the `scope` claim used in JWT tokens has changed from a JSON array to a single space-separated claim to match In OpenIddict 3.0, the format of the `scope` claim used in JWT tokens has changed from a JSON array to a single space-separated claim to match