如何验证 id_token
How to validate the id_token
基于这篇文章:https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect,我用 OpenId 连接协议做了一个示例。
下面的 link 表示仅接收 id_token 不足以验证用户;您必须根据应用的要求验证签名并验证 id_token 中的声明。
任何人都可以帮助我指导一些代码示例如何验证签名并验证 id_token 中的声明。
OpenId Connect 中间件负责为您验证 id_token。请参阅示例的 "about the code" 部分。我在这里粘贴相关部分:
This sample shows how to use the OpenID Connect ASP.Net OWIN
middleware to sign-in users from a single Azure AD tenant. The
middleware is initialized in the Startup.Auth.cs file, by passing it
the Client ID of the application and the URL of the Azure AD tenant
where the application is registered. The middleware then takes care
of:
*Downloading the Azure AD metadata, finding the signing keys, and
finding the issuer name for the tenant.
*Processing OpenID Connect sign-in responses by validating the
signature and issuer in an incoming JWT, extracting the user's claims,
and putting them on ClaimsPrincipal.Current.
*Integrating with the session cookie ASP.Net OWIN middleware to
establish a session for the user.
基于这篇文章:https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect,我用 OpenId 连接协议做了一个示例。
下面的 link 表示仅接收 id_token 不足以验证用户;您必须根据应用的要求验证签名并验证 id_token 中的声明。
任何人都可以帮助我指导一些代码示例如何验证签名并验证 id_token 中的声明。
OpenId Connect 中间件负责为您验证 id_token。请参阅示例的 "about the code" 部分。我在这里粘贴相关部分:
This sample shows how to use the OpenID Connect ASP.Net OWIN middleware to sign-in users from a single Azure AD tenant. The middleware is initialized in the Startup.Auth.cs file, by passing it the Client ID of the application and the URL of the Azure AD tenant where the application is registered. The middleware then takes care of:
*Downloading the Azure AD metadata, finding the signing keys, and finding the issuer name for the tenant.
*Processing OpenID Connect sign-in responses by validating the signature and issuer in an incoming JWT, extracting the user's claims, and putting them on ClaimsPrincipal.Current.
*Integrating with the session cookie ASP.Net OWIN middleware to establish a session for the user.