Is there an existing issue for this?
Is your feature request related to a problem? Please describe the problem.
When configuring default bearer authentication options from configuration, only one valid issuer is supported.
|
var configSection = _authenticationConfigurationProvider.GetAuthenticationSchemeConfiguration(name); |
|
|
|
if (configSection is null || !configSection.GetChildren().Any()) |
|
{ |
|
return; |
|
} |
|
|
|
var issuer = configSection["ClaimsIssuer"]; |
|
var audiences = configSection.GetSection("Audiences").GetChildren().Select(aud => aud.Value).ToArray(); |
|
options.TokenValidationParameters = new() |
|
{ |
|
ValidateIssuer = issuer is not null, |
|
ValidIssuers = new[] { issuer }, |
|
ValidateAudience = audiences.Length > 0, |
|
ValidAudiences = audiences, |
|
ValidateIssuerSigningKey = true, |
|
IssuerSigningKey = GetIssuerSigningKey(_configuration, issuer), |
|
}; |
Describe the solution you'd like
The configuration schema should support the configuration of multiple valid issuers, like it does for audiences.
|
var audiences = configSection.GetSection("Audiences").GetChildren().Select(aud => aud.Value).ToArray(); |
Additional context
See #41956 (comment).
/cc @DamianEdwards
Is there an existing issue for this?
Is your feature request related to a problem? Please describe the problem.
When configuring default bearer authentication options from configuration, only one valid issuer is supported.
aspnetcore/src/Security/Authentication/JwtBearer/src/JwtBearerConfigureOptions.cs
Lines 38 to 55 in d7d7deb
Describe the solution you'd like
The configuration schema should support the configuration of multiple valid issuers, like it does for audiences.
aspnetcore/src/Security/Authentication/JwtBearer/src/JwtBearerConfigureOptions.cs
Line 46 in d7d7deb
Additional context
See #41956 (comment).
/cc @DamianEdwards