问题描述

我目前正在创建一个基于微服务架构的新应用程序，并由Identity Server 4提供身份验证.

I am currently creating a new application based on a Microservices architecture, with authentication provided by Identity Server 4.

经过大量研究并建立了概念证明，我使用Identity Server设置来保护API和本机应用程序使用令牌成功访问这些服务的安全性.

Following lots of research and also setting up proof of concepts, I have Identity Server setup to secure the API's and a native application successfully accessing these services using tokens.

最初，向客户端颁发了用于访问API的访问令牌，但是我现在将其切换为使用参考令牌.现在，解决问题了！

Initially the client was issued an access token which was used to access the API's, I have however now switched this out to use reference tokens. Now, onto the issue!

我在这里采用的方法是采用微服务网关，该网关接收参考令牌，然后将其转换为JWT，以包含在对下游微服务的任何请求中.在网关内，如何交换" JWT的入站参考令牌? Identity Server中是否可以提供帮助?还是我需要使用自省端点，发送参考令牌并检索声明以在网关服务内构造JWT，以便将Authorization标头传递给所有下游服务?

The approach I would like to take here is to adopt a Microservices gateway, which receives a reference token and then turns this into a JWT for inclusion in any requests to the downstream microservices. Within the Gateway, how can I "exchange" the inbound reference token for a JWT? Is there something within Identity Server that can assist here? Or do I need to use the introspection endpoint, sending in the reference token and retrieving the claims to construct a JWT within the gateway service for passing in the Authorization header to all downstream services?

如果我可以提供更多信息来帮助您了解体系结构的目标，请告诉我.

If there is any further information that I can provide to help with understanding the goal of the architecture, please just let me know.

推荐答案

这是扩展授权的一个很好的用例.参见文档:

This is a good use case for an extension grant. See the docs:

https://identityserver4.readthedocs.io/en/release/topics/extension_grants.html

这篇关于JWT的交换参考令牌-下游微服务授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！