using System.Text; using DS.Module.Core; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.Extensions.DependencyInjection; using Microsoft.IdentityModel.Tokens; namespace DS.Module.Jwt; /// /// Jwt 服务 /// public static class JwtInstall { /// /// 将模块服务添加到依赖注入服务容器中 /// /// 依赖注入服务容器 /// public static IServiceCollection AddJwtInstall(this IServiceCollection services) { // 添加验证服务 services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(o => { o.TokenValidationParameters = new TokenValidationParameters { // 是否开启签名认证 ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(AppSetting.Configuration["JwtSettings:SecretKey"])), // 发行人验证,这里要和token类中Claim类型的发行人保持一致 ValidateIssuer = true, ValidIssuer = AppSetting.Configuration["JwtSettings:Issuer"],//发行人 // 接收人验证 ValidateAudience = true, ValidAudience = AppSetting.Configuration["JwtSettings:Audience"],//订阅人 ValidateLifetime = true, ClockSkew = TimeSpan.Zero, }; o.Events = new JwtBearerEvents { OnAuthenticationFailed = context => { // 如果过期,则把<是否过期>添加到,返回头信息中 if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) { context.Response.Headers.Add("Token-Expired", "true"); } return Task.CompletedTask; } }; }); return services; } }