Menu
I already have the access token working with my application in my api gateway.
var identityUrl = Configuration.GetValue<string>("urls:identity");
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = Configuration.GetValue<string>("IdentityUrlExternal");
options.RequireHttpsMetadata = false;
options.Audience = "api1";
options.Events = new JwtBearerEvents()
What is the audience option in AddJwtBearer referring to. Is that refer to ClientId or the ApiScope. At the moment, I was based on the scope on my mobile application setup to communicate with the api gateway. If I changed to something e.g. a client id sent from mobile (ro.client), I the authorized api function will not be able accessed.
I would like get some clear understand is my setting correct. Thanks
In addition, how do add Authorized Scope in ASP.net mvc core project under the controller.
535
In our case, the authorization server is going to be an ASP.NET Core app that uses IdentityServer4 – an OpenID Connect and OAuth 2.0 framework for ASP.NET Core 2. OAuth 2.0 is industry-standard protocol for authorization and OpenID Connect is an authentication layer on top of it.
The client can then request the resource using the scope parameter (other parameters omitted): IdentityServer will then use the scope names to create a list of requested claim types, and present that to your implementation of the profile service. Designing your API surface can be a complicated task.
To do that, open Startup.cs and inside ConfigureServices add the following: This adds IdentityServer as a service to our ASP.NET Core app. Next, inside Configure, we add the following: app.UseIdentityServer () adds the IdentityServer middleware to our app’s request pipeline. the order in which that particular middleware component gets invoked.
Protecting an ASP.NET Core-based API is only a matter of adding the JWT bearer authentication handler: If you are not using the audience claim, you can turn off the audience check via options.TokenValidationParameters.ValidateAudience = false;.
The following link will take you to the explanation: http://docs.identityserver.io/en/latest/topics/apis.html
The ApiName property checks if the token has a matching audience (or short aud) claim.
In IdentityServer you can also sub-divide APIs into multiple scopes. If you need that granularity you can use the ASP.NET Core authorization policy system to check for scopes.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
