Reputation: 1073
Previously, I was able to use JwtBearerAuthenticationOptions
to add my custom token handler with my custom validation. Now with Core UseJwtBearerAuthentication
I need to use JwtBearerOptions
which doesn't seem to have an option to override JwtSecurityTokenHandler
. I basically want to override the following method in JwtSecurityTokenHandler
:
protected virtual JwtSecurityToken ValidateSignature(string token, TokenValidationParameters validationParameters)
Previously:
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
TokenHandler = new MyTokenHandler()
// other properties here
});
Currently with ASP.NET Core:
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
// other properties here
});
Upvotes: 10
Views: 11603
Reputation: 5413
If you want to actually create your own JwtSecurityTokenHandler
and override the ValidateSignature
method, you can use the SecurityTokenValidators
property:
var options new JwtBearerOptions();
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new MyTokenHandler());
app.UseJwtBearerAuthentication(options);
Technically the call to Clear()
isn't necessary - as long as one of the token handlers can parse the token the call to authenticate will succeed. However removing the JwtSecurityTokenHandler
seems to make sense if it won't ever succeed in your case.
Upvotes: 18
Reputation: 24133
JwtBearerOptions
has a parameter named TokenValidationParameters
, so you can use this parameter:
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
//...
};
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
//...
TokenValidationParameters = tokenValidationParameters
});
Upvotes: 0