sunil
Reputation: 5158
What JWT validation do I need to do on an Identity Server Client?
I configured my identity server client like this in Startup.cs
app.UseJwtBearerAuthentication(options =>
{
options.Authority = Configuration["Urls:IdentityServer"];
options.RequireHttpsMetadata = false;
options.Audience = Configuration["Urls:IdentityServer"] + "/resources";
options.AutomaticAuthenticate = true;
}
will this take of all the recommended JWT validations(signature, nonce etc) or do I have to write any validations of my own?
Upvotes: 0
Views: 287
Answers (1)
Brock Allen
Reputation: 7435
You should require HTTPS on the metadata in production.
In addition to the JWT middleware, you will need to do scope validation.
Upvotes: 1
Related Questions
- Identity Server - Identity/Resource scope - How can client get resource claims about the user
- Identity Server 3 Access Token Validation Library Cannot Validates Tokens Generated from Identity Server 4
- AccessToken is null for identity server client
- asp.net web form client with identity server 4
- Identity Server 4 issued JWT Validation failure
- Can Identity Server Itself be a client to call a secured api
- Single identity with partitioned client and scope configuration
- ASP Identity Roles not appearing in Client using IdentityServer v3