CODEWITHSUNDEEP
restasp.net-corejwt
TheDoomDestroyer
TheDoomDestroyer

Reputation: 3005

Is it possible to have multiple audiences with clientIds and secrets?

With Microsoft.Owin.Security.Jwt, you could do something like this:

public static void ConfigureOAuth(IAppBuilder app)
{
    OAuthConfiguration oAuthConfiguration = OAuthConfiguration.GetConfig("oauth");

    List<string> audiences = new List<string>();
    List<byte[]> secrets = new List<byte[]>();

    foreach (var oAuthAudienceElement in /*configuration*/)
    {
        audiences.Add(/*configuration thingy*/);
        secrets.Add(TextEncodings.Base64Url.Decode(/*configuration thingy*/));
    }

    // Api controllers with an [Authorize] attribute will be validated with JWT
    app.UseJwtBearerAuthentication(
        new JwtBearerAuthenticationOptions
        {
            AuthenticationMode = AuthenticationMode.Active,
            AllowedAudiences = new List<string>(audiences),
            IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
            {
                new SymmetricKeyIssuerSecurityTokenProvider(oAuthConfiguration.Issuer.Domain, secrets)
            }
        });
}

But I am unable to find an equivalent of that in ASP.NET Core 2.X. Is that not supported or am I missing something? I mean, services.AddJwtBearer doesn't provide much:

services.AddAuthentication("oauth")
    .AddOAuth("oauth", options =>
    {
        // something?
    })
    .AddJwtBearer("oauth", options =>
    {

        options.TokenValidationParameters = new TokenValidationParameters
        {
            // These don't exist as in the Microsoft.Owin.Security.Jwt example above...
            // AuthenticationMode = AuthenticationMode.Active,
            // AllowedAudiences = new List<string>(audiences),
            // IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
            // {
            //     new SymmetricKeyIssuerSecurityTokenProvider(oAuthConfiguration.Issuer.Domain, secrets)
            // }
        };
    });

Upvotes: 0

Views: 1689

Answers (1)

scharnyw
scharnyw

Reputation: 2666

You should be using AddJwtBearer() and not AddOAuth().

In TokenValidationParameters, audiences, issuers and signing keys can all accept an IEnumerable as input, so you can specify multiple values (note that all property names are in plural form): 

options.TokenValidationParameters = new TokenValidationParameters
{
    ValidAudiences = new [] {"audience1", "audience2" },
    ValidIssuers = new[] { "issuer1", "issuer2" },
    IssuerSigningKeys = secrets.Select(secret => new SymmetricSecurityKey(secret))
};

Upvotes: 1

Related Questions