Authenticating default token type in separate project from where "/connect/token" endpoint is
See original GitHub issueHello, I’ve been struggling with this for quite a few long days now so I figure that it’s time to reach out for help as I am working against a deadline and don’t have anyone inside my company to go to. It’s an issue that I just can’t seem to wrap my head around after doing a lot of research but may be obvious to someone who has done it before and will be easy to explain.
The solution I am working with has two main projects, I’ll refer to them as Portal and API which run on ‘localhost:5000’ and ‘localhost:5001’ respectively. We have openiddict middleware set up for Portal, which utilizes the “/connect/token” endpoint. When a user visits the site, they click login and if they have valid credentials they are signed in and issued an access token which is saved in the front end. The middleware is set up in Portal’s ‘Startup.cs’ as follows:
// Register the OpenIddict services.
services.AddOpenIddict(options =>
{
options.AddEntityFrameworkCoreStores<ApplicationDbContext>();
options.AddMvcBinders();
options.EnableTokenEndpoint("/connect/token");
options.AllowPasswordFlow();
options.AllowRefreshTokenFlow();
options.DisableHttpsRequirement();
//options.AddSigningKey(new SymmetricSecurityKey(System.Text.Encoding.ASCII.GetBytes(Configuration["STSKey"])));
});
After successful login, the user is redirected to the home page which makes several calls to controllers within API, a separate project. I would like to add the [Authorize] header to these controllers so that they are secured but I can’t figure out what middleware to add in the API ‘Startup.cs’ so that it authenticates incoming bearer tokens, which were generated from Portal, against the same middleware set up in Portal. From my research I am fairly certain that something along the lines of
services.AddAuthentication().AddSpecificTokenValidation();
in the ConfigureServices() method then in the Configure() method:
app.UseAuthentication();
but I am not sure where to go from there.
I am somewhat familiar with the concept of Authority and Audience and feel like those need to come in to play but I am unsure where those are being set in the token generation process or if they even need to be set at all. Also, what “type” of token validation should be used for the default tokens generated using openiddict? Any help would be greatly appreciated!
Issue Analytics
- State:
- Created 5 years ago
- Comments:5 (1 by maintainers)
Top GitHub Comments
In the ConfigureServices method you need to ‘add authentication’ and in Configure method you need to ‘use authentication’. These are methods that can be called on your services and app objects. You will also need to specify what type of authentication scheme to use in the .addAuthentication() method. If you look at the stack overflow link that is posted, you will notice that the asker already has this setup in his Startup.cs file. If you are wanting to use the default scheme then you should be able to use the same lines of code. @TheElectricCo
Thanks, it works 😃 Sorry for the late comment!