[Bug] Custom JwtBearerOptions not applied
See original GitHub issueWhich Version of Microsoft Identity Web are you using ? Note that to get help, you need to run the latest version.
0.14-preview and current souce Where is the issue?
- Web App
- Sign-in users
- Sign-in users and call web APIs
- Web API
- [ x] Protected web APIs (Validating tokens)
- Protected web APIs (Validating scopes)
- Protected web APIs call downstream web APIs
- Token cache serialization
- In Memory caches
- Session caches
- Distributed caches
Other? - please describe;
Is this a new or existing app? New App Repro
services.AddProtectedWebApi(Configuration, subscribeToJwtBearerMiddlewareDiagnosticsEvents: true);
services.Configure<JwtBearerOptions>(AzureADDefaults.JwtBearerAuthenticationScheme, options =>
{
// This is an Microsoft identity platform Web API
options.Authority += "/v2.0";
// The valid audiences are both the Client ID (options.Audience) and api://{ClientID}
options.TokenValidationParameters.ValidAudiences = new string[]
{
options.Audience, $"api://{options.Audience}", $"https://{options.Audience}"
};
// D-d-d-delegate
options.TokenValidationParameters.IssuerValidator = Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer;
});
Expected behavior A clear and concise description of what you expected to happen (or code). The JwtBearerOptions are never applied. So my settings audience is <<Guid>>, but I expect the valid audenices to be [<<Guid>>, api://<<Guid>>,https://<<Guid>>] Actual behavior Instead the only valid audiences is only <<Guid>>
Additional context/ Logs / Screenshots The audience is an easy example. The problem looks like the JwtBearerOptions are not being applied by Identity.Web
Issue Analytics
- State:
- Created 3 years ago
- Comments:24 (5 by maintainers)
Top Results From Across the Web
JwtBearerOptions Configure method not getting executed
I'm using .Net Core 6 and struggle with that same error. The subtility here is that .AddJwtBearer() use a named options delegate.
Read more >Custom Handling of Invalid JWT in Spring Boot
In this particular scenario, it is about handling an exception thrown by Spring Boot when a JWT is no longer valid.
Read more >JWT Validation and Authorization in ASP.NET Core
First, the Authority property should not be set on the JwtBearerOptions . If it's set, the middleware assumes that it can go to...
Read more >A look behind the JWT bearer authentication middleware in ...
In this post we look at the JwtBearerAuthenticationMiddleware as a means to understanding authentication in ASP.NET Core in general.
Read more >Adding custom claims to a user during authentication with ...
How to add custom claims such as roles to a user after they sign in. OpenID Connect and JWT Bearer token authentication used...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
No apologies needed. If anything it’s me ought to be thanking you guys. This particular project has been absolutely criticial in helping me understanding OAUTH flows/tickets/audiences and how all that translates to code. Thanks!
Included in 0.2.0-preview release cc: @CalamityLorenzo