Reputation: 41
ASP.NET Core JWT Authentication Audience Property
I'm fairly new to ASP.NET Core.
I'm using JWT to authenicate a web api.
In most JWT code on online tutorials, we can find Issuer and Audience property metioned as shown below.
var tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = configuration["Jwt:Issuer"],
Audience = configuration["Jwt:Audience"],
...
}
jwt.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
...
};
Can anyone please explain, what is use of both these, is it to validate the JWT Server and JWT Client
And also how to validate these
Upvotes: 4
Views: 8409
Answers (2)
Reputation: 21383
The Issuer and Audience is the standard claim fields for the JWT token:
- Issuer: Identifies principal that issued the JWT.
- Audience: Identifies the recipients that the JWT is intended for. Each principal intended to process the JWT must identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the aud claim when this claim is present, then the JWT must be rejected.
More detail information, you can check the Standard fields.
Then, for the ValidateIssuer and ValidAudience property, if you set the value to ture, the issuer and audience will be validated during token validation.
Here are some relate article about using JWT authentication with Issuer and Audience, you can refer them:
JWT Authentication In ASP.NET Core
Authentication And Authorization In ASP.NET 5 With JWT And Swagger
Upvotes: 2
Reputation: 56
If you register the following service the authentication middleware will then validate on your behalf.
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidIssuer = issuer // your issuer,
ValidAudience = audience // your audience
};
}
Upvotes: 3
Related Questions
- Issuer and Audience in JWT .net core
- JWT authorization with roles in Identity Core
- ASP.NET Core JWTAuthentication and Authorize Role Claims
- .NET Core 2-3 JWT Multiple Audiences
- How to set multiple audiences in Asp.Net Core 2.0 "AddJwtBearer" middleware?
- ASP.NET Core 2 Authorize attribute jwt
- JWT Authentication by role claims in ASP.NET core Identity
- Jwt Role authentication in controller ASP.net core 2.1
- JwtToken AudienceValidator missing audience in IEnumerable<string> audiences
- Access to a resource based on permissions using JWT in .NET Core 2.0