I already have the access token working with my application in my api gateway.
var identityUrl = Configuration.GetValue<string>("urls:identity");
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = Configuration.GetValue<string>("IdentityUrlExternal");
options.RequireHttpsMetadata = false;
options.Audience = "api1";
options.Events = new JwtBearerEvents()
What is the audience option in AddJwtBearer
referring to? Is that refer to ClientId
or the ApiScope
? At the moment, I was based on the scope of my mobile application setup to communicate with the API gateway. If I changed to something e.g. a client id sent from mobile (ro.client
), the authorized API function will not be able access it.
I would like to get a clear understand is my setting correct.
In addition, how do add Authorized Scope in the ASP.net MVC core project under the controller?
An audience is a unique identifier for an issued token. The audience value could be either the client id for an id token or an API for an access token.
In your project, you can communicate with api1 by adding it to the scope of your application.