我的web api服务器实现了与okta指南相同的代码:
https://developer.okta.com/quickstart/#/widget/dotnet/aspnet4
public void Configuration(IAppBuilder app)
{
// Configure JWT Bearer middleware
// with an OpenID Connect Authority
var authority = "https://{yourOktaDomain}.com/oauth2/default";
var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
authority + "/.well-known/openid-configuration",
new OpenIdConnectConfigurationRetriever(),
new HttpDocumentRetriever());
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = "api://default",
ValidIssuer = authority,
IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) =>
{
var discoveryDocument = Task.Run(() => configurationManager.GetConfigurationAsync()).GetAwaiter().GetResult();
return discoveryDocument.SigningKeys;
}
}
});
}
身份验证有效,但我如何从“个人资料”范围获得经过验证的用户电子邮件和名称?
我看到的是:
谢谢!
答案 0 :(得分:0)
好吧,经过几个小时的浪费,解决方案是这些变化:
ValidAudience = "api://default"
至ValidAudience = "your-application-client-id"
ValidateAudience = true