使用具有对称签名密钥的Microsoft Jwt处理程序，使用Oauth 2资源所有者流

Question

我正在尝试使用OAuth 2资源所有者流来针对我的Web Api服务授权移动客户端。我正在使用Thinktecture IdentityServer发出带有对称签名密钥的jwt令牌。

在客户端，我使用Thinktecture IdentityModel来帮助设置令牌验证。我的WebApiConfig看起来像这样：

        var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();

        var mapping = new AuthenticationOptionMapping
        {
            // where to look for credentials
            Options = AuthenticationOptions.ForAuthorizationHeader("bearer"),

            // how to validate them
            TokenHandler = new SecurityTokenHandlerCollection { jwtSecurityTokenHandler },

            // which hint to give back if not successful
            Scheme = AuthenticationScheme.SchemeOnly("bearer")
        };
        var authConfig = new AuthenticationConfiguration(){RequireSsl = false};
        authConfig.AddMapping(mapping);
        config.MessageHandlers.Add(new AuthenticationHandler(authConfig));

在我的IdentityModel.config中，我有以下内容：

<system.identityModel>
<identityConfiguration>
<claimsAuthorizationManager type="PresentationHost.Claims.MobileClaimsAuthorizationManager, PresentationHost"/>
<audienceUris>
  <add value="http://localhost:22674/" />
</audienceUris>

<securityTokenHandlers>
  <add type="System.IdentityModel.Tokens.JwtSecurityTokenHandler, System.IdentityModel.Tokens.Jwt" />
</securityTokenHandlers>

<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
  <authority name="http://identityserver.v2.thinktecture.com/trust/auth">
    <keys>
      <add symmetricKey="tVNRmpweBgz3xeWvSXrSwLIE3DrxJ3aawgNxZKC1Od0"/>
    </keys>
    <validIssuers>
      <add name="http://identityserver.v2.thinktecture.com/trust/auth" />
    </validIssuers>
  </authority>
</issuerNameRegistry>

<issuerTokenResolver type="System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver, System.IdentityModel.Tokens.Jwt"/>
  <securityKey symmetricKey="tVNRmpweBgz3xeWvSXrSwLIE3DrxJ3aawgNxZKC1Od0" name="http://identityserver.v2.thinktecture.com/trust/auth" />


<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />

主要来自http://leastprivilege.com/2013/07/16/identityserver-using-ws-federation-with-jwt-tokens-and-symmetric-signatures/上的这个链接，我通过此Stack Overflow帖子找到了这个链接：How to configure MIcrosoft JWT with symmetric key?

我试图使用该帖子中找到的派生类，但是当我尝试运行此行时：

var resolver = (NamedKeyIssuerTokenResolver)this.Configuration.IssuerTokenResolver;

我收到InvalidCastException，因为IssuerTokenResolver的类型为X509CertificateStoreResolver，而不是NamedKeyIssuerTokenResolver类型。

看来我仍然遗漏了我的配置或代码中的内容，无法配置正确的TokenResolver。有没有人有任何想法？