CODEWITHSUNDEEP
asp.netasp.net-coreopenid-connect
Steve
Steve

Reputation: 1694

OpenID Connect Implicit Flow - Resource Server

I've begun an implementation using the OpenID Connect Implicit Flow - I've retrieved my access token and ID token in my browser based javascript app, and now I need to protect the resource on my ASP.NET Core Web API so it can only be accessed via a valid access token from a user with a specific claim.

What middleware do I use to validate the token(s) and determine the user and their claims so I can then allow or deny them access to the resource they are requesting?

I've looked at OpenIdConnectAuthentication middleware, however the only implementation examples I've seen use a SignInScheme of "Cookies", not the Bearer token that my js app is providing.

Thanks

Upvotes: 0

Views: 765

Answers (1)

Kévin Chalet
Kévin Chalet

Reputation: 42020

What middleware do I use to validate the token(s) and determine the user and their claims so I can then allow or deny them access to the resource they are requesting?

If your authorization server issues JWT tokens, you can use the JWT bearer middleware developed by the ASP.NET team: https://github.com/aspnet/Security/tree/dev/src/Microsoft.AspNetCore.Authentication.JwtBearer.

app.UseJwtBearerAuthentication(new JwtBearerOptions {
    Authority = Configuration["jwt:authority"],
    Audience = Configuration["jwt:audience"]
});

You can find a sample here: https://github.com/aspnet/Security/tree/dev/samples/JwtBearerSample.

Upvotes: 2

Related Questions