Azure AD B2C JWT Authentication

[abazanov]

Has anyone got a good example of how to get Carter to accept a JWT from Azure AD B2C?

This is what I have so far and it is failing.

app.UseCarter(GetOptions(new[] { Configuration["oa:basepath"] }));

private CarterOptions GetOptions(ICollection<string> addresses)
        {
            var options = new OpenApiOptions(
                "Test API",
                addresses,
                new Dictionary<string, OpenApiSecurity>
                {
                    {
                        "BearerAuth",
                        new OpenApiSecurity
                        {
                            Type = OpenApiSecurityType.http,
                            Scheme = "bearer",
                            BearerFormat = "JWT",
                            Name = "Authorization",
                            In = OpenApiIn.header
                        }
                    }
                }, new[] { "BearerAuth" });

            return new CarterOptions(null, null, options);
        }

[jchannon]

That code has nothing to do with authentication it's just setting up metadata for the openapi generated docs.

You'll need something like services.AddAuthentication.AddAzureFoo() for it to work with JWT

[abazanov]

Oh, OK. Thanks @jchannon

[abazanov]

@jchannon please delete this issue then, if you can. It is just clutter.

[jchannon]

just close it and it'll be fine :)

On Tue, 2 Jul 2019 at 14:54, Andrei Bazanov notifications@github.com wrote:

@jchannon https://github.com/jchannon please delete this issue then, if you can. It is just clutter.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/CarterCommunity/Carter/issues/197?email_source=notifications&email_token=AAAZVJWSOBHOUWNZMWYR6ELP5NMZTA5CNFSM4H43ZTYKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBLE3Y#issuecomment-507687535, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAZVJU3VW3ATFVOZC2JVXDP5NMZTANCNFSM4H43ZTYA .

[abazanov]

Ok, I will come straight... It was a silly question, so I want it gone :)

[jchannon]

issues can't be deleted, welcome to github :)

On Tue, 2 Jul 2019 at 14:58, Andrei Bazanov notifications@github.com wrote:

Ok, I will come straight... It was a silly question, so I want it gone :)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/CarterCommunity/Carter/issues/197?email_source=notifications&email_token=AAAZVJQQWU64FVISQUSLA2DP5NNG5A5CNFSM4H43ZTYKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBLQ6I#issuecomment-507689081, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAZVJS5GGK6IHSFMGRLUQDP5NNG5ANCNFSM4H43ZTYA .

[abazanov]

Nowhere to hide 🤦‍♂

[abazanov]

For those who might come here in the future, here is how I got it working...

services.AddAuthentication(options =>
            {
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(jwtOptions =>
            {
                jwtOptions.Authority = "https://[tenant url]/tfp/[tenant guid]/[policy]/v2.0/";
                jwtOptions.Audience = ["ClientId"]; // Application Id
                jwtOptions.Events = new JwtBearerEvents
                {
                    OnAuthenticationFailed = AuthenticationFailed,
                    OnTokenValidated = TokenValidated
                };
            });

Also

app.UseAuthentication();

I also opted for second option in this drop-down, which made a difference.

It took me less than a day to sort out. I hope it takes you less :)