search

IdentityServer / IdentityServer2

[deprecated] Thinktecture IdentityServer is a light-weight security token service built with .NET 4.5, MVC 4, Web API and WCF.
Other
410 stars 291 forks source link

How to map Identity Server parameters in JwtBearerAuthenticationOptions ? #825

Closed selganor74 closed 9 years ago

selganor74 commented 9 years ago

I'm trying to validate Jwt tokens released by Identity server on a Web API v2 app.

I'm actually using Katana's "UseJwtBearerAuthentication", but I have trouble in mapping Identity Server parameters in JwtBearerAuthenticationOptions.

I read the article http://leastprivilege.com/2013/09/15/using-authorizationserver-with-web-api-v2katanafirst-look/

where you show the "minimum" to have tokens decoded

app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
    AllowedAudiences = new[] { Constants.Audience },
    IssuerSecurityTokenProviders =
      new[] { new SymmetricKeyIssuerSecurityTokenProvider(
                Constants.AS.IssuerName,
                Constants.AS.SigningKey) }
});

Could you please explain how these parameters maps to IdentityServer configuration parameters ?

Thank you!

brockallen commented 9 years ago

IIRC: The audience is the "realm/scope name" from the RP config. The signing key is the "Symmetric Signing Key" from the RP config. The issuer name is the "Site ID" from IdSvr's global config.

selganor74 commented 9 years ago

YRC: Thank you very much ! It worked perfectly.

Just to give all information: in my test set up the "Symmetric Signing Key" in the RP config is the same entered in Global "Key Configuration".