Security.Identity
Security.Identity copied to clipboard
NetDevPack
How does a library work without SecretKey?
I tried to create an authentication api without the secret key using the standard documentation on github.
My appsetting.json in Identity Provider Api
"AppJwtSettings": {
"Issuer": "MyInssuerValue",
"Audience": "MyAudience"
// SecretKey is missing
}
My Statup.cs in Identity Provider Api
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddMemoryCache(); // Add this line
services.AddIdentityEntityFrameworkContextConfiguration(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"),
b => b.MigrationsAssembly(GetType().Namespace)));
services.AddIdentityConfiguration();
services.AddJwtConfiguration(Configuration)
.AddNetDevPackIdentity<IdentityUser>();
services.AddSwaggerConfiguration();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseSwaggerConfiguration();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthConfiguration();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
// [...]
In the other api that is authenticated by the identity provider I made the following settings:
My appsetting.json in Web Api
"AppJwtSettings": {
"Issuer": "MyInssuerValue",
"Audience": "MyAudience"
// SecretKey is missing
}
My Program.cs in Web Api
var builder = WebApplication.CreateBuilder(args);
builder.Services?.AddJwtConfiguration(builder.Configuration);
// more code
var app = builder.Build();
// middlewares
app.UseAuthConfiguration();
//more middlewares
app.Run();
And for every request the answer is the same:
content-length: 0
date: Thu,28 Jul 2022 18:22:22 GMT
server: Kestrel
www-authenticate: Bearer error="invalid_token",error_description="The signature key was not found"
But, if include SecretKey parameter works fine!
