lsm/openiddict-documentation
1
0
Fork 0
mirror of https://gitee.com/dcren/openiddict-documentation.git synced 2025-07-16 07:59:46 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update the documentation pages

Browse Source
This commit is contained in:
OpenIddict Bot 2021-01-25 20:36:38 +00:00
parent 6bcdf334fb
commit 678929bcaa
2 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
configuration/authorization-storage.html
View File

@ -168,20 +168,18 @@ but no explicit permanent authorization was attached by the developer to the <co
<p>Such authorizations are typically created in the authorization code flow to link all the tokens associated with the original authorization code,
so that they can be automatically revoked if the authorization code was redeemed multiple times (which may indicate a token leakage).
In the same vein, ad-hoc authorizations are also created when a refresh token is returned during a resource owner password credentials grant request.</p>
<blockquote><p>[!INFO]
When using the <a href="https://www.nuget.org/packages/OpenIddict.Quartz/">OpenIddict.Quartz</a> integration, ad-hoc authorizations are automatically
<div class="NOTE"><h5>Note</h5><p>When using the <a href="https://www.nuget.org/packages/OpenIddict.Quartz/">OpenIddict.Quartz</a> integration, ad-hoc authorizations are automatically
removed from the database after a short period of time (14 days by default). Unlike ad-hoc authorizations, permanent authorizations
never removed from the database.</p>
</blockquote>
</div>
<h2 id="enabling-authorization-entry-validation-at-the-api-level">Enabling authorization entry validation at the API level</h2>
<p><strong>For performance reasons, OpenIddict 3.0 doesn&#39;t check, by default, the status of an authorization entry when receiving an API request</strong>: access tokens are considered
valid even if the attached authorization was revoked. For scenarios that require immediate authorization revocation, the OpenIddict validation handler can be configured
to enforce authorization entry validation for each API request:</p>
<blockquote><p>[!INFO]
Enabling authorization entry validation requires that the OpenIddict validation handler have a direct access to the server database where authorizations are stored, which makes it
<div class="NOTE"><h5>Note</h5><p>Enabling authorization entry validation requires that the OpenIddict validation handler have a direct access to the server database where authorizations are stored, which makes it
better suited for APIs located in the same application as the authorization server. For external applications, consider using introspection instead of local validation.</p>
<p>In both cases, additional latency caused by the additional DB request and the HTTP call for introspection is expected.</p>
</blockquote>
</div>
<pre><code class="lang-csharp">services.AddOpenIddict()
.AddValidation(options =&gt;
{

2
manifest.json
View File

@ -9861,7 +9861,7 @@
"output": {
".html": {
"relative_path": "configuration/authorization-storage.html",
"hash": "Hd7zZtB6quLlA6PuvtaxWA=="
"hash": "MSOP1zqo1i7Vi5mvLaISog=="
}
},
"is_incremental": false,