lsm/openiddict-documentation
1
0
Fork 0
mirror of https://gitee.com/dcren/openiddict-documentation.git synced 2025-09-19 18:19:56 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update the documentation pages

Browse Source
This commit is contained in:
OpenIddict Bot
2021-01-25 20:31:56 +00:00
parent 928c228ad8
commit 6bcdf334fb
5 changed files with 208 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
configuration/authorization-storage.html
View File

@@ -173,7 +173,28 @@ When using the <a href="https://www.nuget.org/packages/OpenIddict.Quartz/">OpenI
removed from the database after a short period of time (14 days by default). Unlike ad-hoc authorizations, permanent authorizations
never removed from the database.</p>
</blockquote>
</article>
<h2 id="enabling-authorization-entry-validation-at-the-api-level">Enabling authorization entry validation at the API level</h2>
<p><strong>For performance reasons, OpenIddict 3.0 doesn&#39;t check, by default, the status of an authorization entry when receiving an API request</strong>: access tokens are considered
valid even if the attached authorization was revoked. For scenarios that require immediate authorization revocation, the OpenIddict validation handler can be configured
to enforce authorization entry validation for each API request:</p>
<blockquote><p>[!INFO]
Enabling authorization entry validation requires that the OpenIddict validation handler have a direct access to the server database where authorizations are stored, which makes it
better suited for APIs located in the same application as the authorization server. For external applications, consider using introspection instead of local validation.</p>
<p>In both cases, additional latency caused by the additional DB request and the HTTP call for introspection is expected.</p>
</blockquote>
<pre><code class="lang-csharp">services.AddOpenIddict()
.AddValidation(options =&gt;
{
options.EnableAuthorizationEntryValidation();
});
</code></pre><h2 id="disabling-authorization-storage">Disabling authorization storage</h2>
<p>While STRONGLY discouraged, authorization storage can be disabled in the server options:</p>
<pre><code class="lang-csharp">services.AddOpenIddict()
.AddServer(options =&gt;
{
options.DisableAuthorizationStorage();
});
</code></pre></article>
</div>
<div class="hidden-sm col-md-2" role="complementary">