search

IdentityServer / IdentityServer3.AccessTokenValidation

OWIN Middleware to validate access tokens from IdentityServer3
Apache License 2.0
90 stars 149 forks source link

Q: Custom token (post) validation #64

Closed Peperud closed 8 years ago

Peperud commented 8 years ago

What I'm trying to do is get is something like the the Azure AD common endpoint arrangement.

  1. A single instance IdSrv3 supporting multitenancy by resolving databases/stores per request.
  2. Multitenant API, secured with bearer tokens would then point to the common endpoint. Additionally though the app must make sure that the token issuer is the one matching the current tenant (perhaps other things like audience too).

Is there anything (similar to the notifications in oidc middleware ?), which can be used to inspect and reject the token?

jtourlamain commented 8 years ago

Hi Peperud did you already found a solution? I'm trying to accomplish the same thing. Can you combine the UseWindowsAzureActiveDirectoryBearerAuthentication and the UseIdentityServerBearerTokenAuthentication?

brockallen commented 8 years ago

If the token service uses the same URL for all tenants, then there's nothing special that needs to be done in the access token validation.

What is your definition of "multi-tenant"? Is this a logical concept, or is there something about the request (URL, hostname, etc) that makes it multi-tenant?