CODEWITHSUNDEEP
c#amazon-web-servicesapiasp.net-coreamazon-cognito
codinggenericfreak
codinggenericfreak

Reputation: 33

How to use multiple Aws Cognito Userpools in AddAuthentication() in a ASP.NET CORE 2.1 API

the problem I have currently is that I have a ASP.NET CORE API where we use Aws Cognito users to authorize access to the API and that is working great. Now we need to authorize with a second user pool, so two different user pools can access the API. I have some trouble to how to add multiple audieces/authorities in AddAuthentication/AddJwtBearer, it seems like the methods can not take two schemas with the same name of, "Bearer", anybody knows how this could be done?

I have already tried to add multiple AddJwtBearer, which crashes the API. Tried different things but most solutions uses multiple audiences but never talks about multiple authorities in the same time, if that makes sense.

Currently like this

 services.AddAuthentication("Bearer")
                   .AddJwtBearer(options =>
                   {
                       options.Audience = "AUDIENCE";
                       options.Authority = "AUTHORITY";
                   });

I want something like this

 services.AddAuthentication("Bearer")
                   .AddJwtBearer(options =>
                   {
                       options.Audience = "AUDIENCE";
                       options.Authority = "AUTHORITY";
                   })
                  .AddJwtBearer(options =>
                   {
                       options.Audience = "AUDIENCE2";
                       options.Authority = "AUTHORITY2";
                   });

The goal is that I want users of both user pools to be able to authorize to the API, thank you in advance for the help!

Upvotes: 2

Views: 1063

Answers (1)

Kasey Speakman
Kasey Speakman

Reputation: 4631

You have to add multiple bearers like you were doing, but with different names.

services
    .AddAuthentication()
    .AddJwtBearer("Bearer1", options =>
    {
        options.Audience = "AUDIENCE";
        options.Authority = "AUTHORITY";
    })
    .AddJwtBearer("Bearer2", options =>
    {
        options.Audience = "AUDIENCE2";
        options.Authority = "AUTHORITY2";
    });

Then instead of UseAuthentication() later, you have to add your own custom middleware.

app.Use(async (context, next) =>
{
    var result = await context.AuthenticateAsync("Bearer1");
    if (!result.Succeeded)
    {
        result = await context.AuthenticateAsync("Bearer2");
    }

    context.User = result.Principal;

    await next();
});

I haven't tried this myself, just piecing it together from the comments, so let me know if it works for you.

Upvotes: 4

Related Questions