question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Azure AD B2C JWT Authentication

See original GitHub issue

Has anyone got a good example of how to get Carter to accept a JWT from Azure AD B2C?

This is what I have so far and it is failing.

app.UseCarter(GetOptions(new[] { Configuration["oa:basepath"] }));

private CarterOptions GetOptions(ICollection<string> addresses)
        {
            var options = new OpenApiOptions(
                "Test API",
                addresses,
                new Dictionary<string, OpenApiSecurity>
                {
                    {
                        "BearerAuth",
                        new OpenApiSecurity
                        {
                            Type = OpenApiSecurityType.http,
                            Scheme = "bearer",
                            BearerFormat = "JWT",
                            Name = "Authorization",
                            In = OpenApiIn.header
                        }
                    }
                }, new[] { "BearerAuth" });

            return new CarterOptions(null, null, options);
        }

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:8 (8 by maintainers)

github_iconTop GitHub Comments

1reaction
jchannoncommented, Jul 2, 2019

That code has nothing to do with authentication it’s just setting up metadata for the openapi generated docs.

You’ll need something like services.AddAuthentication.AddAzureFoo() for it to work with JWT

0reactions
abazanovcommented, Jul 2, 2019

For those who might come here in the future, here is how I got it working…

services.AddAuthentication(options =>
            {
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(jwtOptions =>
            {
                jwtOptions.Authority = "https://[tenant url]/tfp/[tenant guid]/[policy]/v2.0/";
                jwtOptions.Audience = ["ClientId"]; // Application Id
                jwtOptions.Events = new JwtBearerEvents
                {
                    OnAuthenticationFailed = AuthenticationFailed,
                    OnTokenValidated = TokenValidated
                };
            });

Also

app.UseAuthentication();

I also opted for second option in this drop-down, which made a difference.

image

It took me less than a day to sort out. I hope it takes you less 😃

Read more comments on GitHub >

github_iconTop Results From Across the Web

Overview of tokens - Azure Active Directory B2C
A JWT contains three segments, a header, a body, and a signature. The signature segment can be used to validate the authenticity of...
Read more >
Securing Your Web API with Azure AD B2C JWT Validation ...
Hi Everyone, In this video, we will see How to configure the Azure AD B2C JWT Validation Policy in API management to protect...
Read more >
Azure Active Directory B2C Token Generation With No ...
Learn how to configure Azure Active Directory B2C, so you can request an Authentication Token without any user interaction.
Read more >
Getting an access token in Azure AD B2C
Now when I log in, I get two tokens; an access token and an ID token. The access token looks like this: Image...
Read more >
Azure AD B2C Preview: Token Reference
A JWT is a compact, URL-safe means of transferring information between two parties. The information contained in JWTs are known as "claims", or...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found