using DS.Module.Core;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
using System.Text;
namespace DS.Module.Jwt;
///
/// Jwt 服务
///
public static class JwtInstall
{
///
/// 将模块服务添加到依赖注入服务容器中
///
/// 依赖注入服务容器
///
public static IServiceCollection AddJwtInstall(this IServiceCollection services)
{
// 添加验证服务
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o =>
{
o.TokenValidationParameters = new TokenValidationParameters
{
// 是否开启签名认证
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(AppSetting.Configuration["JwtSettings:SecretKey"])),
// 发行人验证,这里要和token类中Claim类型的发行人保持一致
ValidateIssuer = true,
ValidIssuer = AppSetting.Configuration["JwtSettings:Issuer"],//发行人
// 接收人验证
ValidateAudience = true,
ValidAudience = AppSetting.Configuration["JwtSettings:Audience"],//订阅人
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
};
o.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return Task.CompletedTask;
}
};
});
return services;
}
}