它总是令人困惑,并且没有提及使用哪个更好,我个人更喜欢 JsonWebTokenHandler 因为它是更合适的 ValidateToken 返回类型
命名空间的区别是Microsoft.IdentityModel.JsonWebTokens vs System.IdentityModel.Tokens.Jwt,这也很相似?
任何可用的指导方针?
最佳答案
JsonWebTokenHandler 是新的和改进的版本。
见:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/945
布伦特施马尔茨写道:
JwtSecurityTokenHandler was modeled after the existing System.IdentityModel.SecurityTokenHandler. There were some compromises that we had to make, such as using System.Security.ClaimsIdentity as the type to build the JWS or JWE when using SecurityTokenDescriptor. ValidateToken had an out parameter of type SecurityToken, which doesn't for async. A ClaimsPrincipal was returned, sometimes using claim type mapping to build the claims. This model new model, is much lighter weight and works with native Json.Net objects. We plan on layering on top, so that you can get back to the existing types, but we will allow users to control what is returned using injection and delegates.
We saw performance improvements of up to 100% in some scenarios.
关于.net - 为什么我们有两个 JWT token 类 JwtSecurityTokenHandler 和 JsonWebTokenHandler?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60455167/