VOOZH about

URL: https://www.nuget.org/packages/OAuth2NetCore.Host/

⇱ NuGet Gallery | OAuth2NetCore.Host 3.0.0



OAuth2NetCore.Host 3.0.0 

dotnet add package OAuth2NetCore.Host --version 3.0.0
 
 
NuGet\Install-Package OAuth2NetCore.Host -Version 3.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="OAuth2NetCore.Host" Version="3.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="OAuth2NetCore.Host" Version="3.0.0" />
 


 Directory.Packages.props
 

 

 
<PackageReference Include="OAuth2NetCore.Host" />
 


 Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add OAuth2NetCore.Host --version 3.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support. 
#r "nuget: OAuth2NetCore.Host, 3.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package OAuth2NetCore.Host@3.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=OAuth2NetCore.Host&version=3.0.0
 


 Install as a Cake Addin
 

 

 
#tool nuget:?package=OAuth2NetCore.Host&version=3.0.0
 


 Install as a Cake Tool
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

OAuth2NetCore.Host

OAuth2NetCore 的 ASP.NET Core 集成包:提供 DI 扩展方法、OAuth 客户端 / 资源服务器 / 授权服务器三种角色的便捷接入。net10.0 目标。

提供的扩展方法

Authorization Server

services.AddOAuth2AuthServer(options => {
 // 配置 SecurityKeyProvider / ClientStore / TokenClaimBuilder 等
});

注册 IAuthServer,并通过 endpoint mapping 暴露 token / authorize / endsession 路由。

Resource Server

services.AddOAuth2Resource(o => {
 o.IssuerSigningKey = new RsaSecurityKey(cert.GetRSAPublicKey());
 o.ValidIssuer = "https://your-auth.example";
 o.ValidAudience = "https://your-api.example";
 // o.ValidAlgorithms = new[] { SecurityAlgorithms.RsaSsaPssSha256 }; // 默认 PS256
});

封装 AddJwtBearer默认锁定 [PS256] 算法白名单,启用 ValidateIssuer/Audience/Lifetime/IssuerSigningKeyRequireSignedTokens,避免 alg=none / HS+RSA 公钥滥用。

OAuth Client

services.AddOAuth2Client(o => {
 o.StateStoreFactory = _ => new RedisStateStore(redisConnStr);
 o.CookieSameSite = SameSiteMode.None;
}, clientOptions);

app.UseEndpoints(endpoints => {
 endpoints.MapGet(clientOptions.SignOutPath, clientServer.SignOutRequestHandler);
 endpoints.MapGet(clientOptions.SignOutCallbackPath, clientServer.SignOutCallbackRequestHandler);
});

注册 Cookie + OAuth 认证方案、自动 refresh token、token 加密存于 Cookie,并提供 IClientServer 处理 sign-in/sign-out 流程。

共享类型

  • OAuth2Handler — 内置 OAuth handler,扩展 Microsoft 的 OAuthHandler<OAuthOptions> 接入自定义 token store。
  • HttpContextTokenStoreITokenStore 实现,将 token DTO 加密后写入浏览器 Cookie。
  • LocalRedirectGuard — internal 工具,限制 sign-in/sign-out 的 returnUrl 为本地路径,防御开放重定向。

v2.0 安全加固要点

  • ResourceOptions.ValidAlgorithms 默认 [PS256]——签名算法不是 PS256 的资源服务器必须显式声明。
  • LocalRedirectGuard 默认拒绝跨站 returnUrl——任何 ///\http(s):// 都会回退到 /
  • Cookie 名修正为 auth.token(v1.x 为 atuh.cookie2,拼写错误);升级会导致一次性重登。
  • OAuth handler 内部不再在 AddOAuth2Client 配置阶段调 BuildServiceProvider;服务从 HttpContext.RequestServices 即时解析。

完整漏洞清单与升级指南:

仓库

https://github.com/Lukiya/oauth2net

协议

GPL-3.0-or-later

Product Versions Compatible and additional computed target framework versions.
.NET net10.0 net10.0 is compatible.  net10.0-android net10.0-android was computed.  net10.0-browser net10.0-browser was computed.  net10.0-ios net10.0-ios was computed.  net10.0-maccatalyst net10.0-maccatalyst was computed.  net10.0-macos net10.0-macos was computed.  net10.0-tvos net10.0-tvos was computed.  net10.0-windows net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on OAuth2NetCore.Host:

Package Downloads
SyncSoft.ECP.Hosting

An app framework for SyncSoft Inc.
SyncSoft.App.ECPHost

An app framework for SyncSoft Inc.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
3.0.0 63 6/12/2026
2.0.1 122 6/1/2026
2.0.0 132 5/19/2026
1.3.1 317 1/6/2025
1.3.0 745 2/15/2023
1.2.2 511 2/16/2023
1.2.1 2,197 9/9/2021
1.0.1 550 9/12/2021
Loading failed