« AWS SDK for .NET » : différence entre les versions
De Banane Atomic
Aller à la navigationAller à la recherche
Aucun résumé des modifications |
|||
| Ligne 24 : | Ligne 24 : | ||
options.TokenValidationParameters.AudienceValidator = (audiences, securityToken, validationParameters) => | options.TokenValidationParameters.AudienceValidator = (audiences, securityToken, validationParameters) => | ||
{ | { | ||
// | // Cognito tokens doesn't have "aud" claim. Instead the audience is set in "client_id" | ||
var jsonWebToken = (Microsoft.IdentityModel.JsonWebTokens.JsonWebToken)securityToken; | var jsonWebToken = (Microsoft.IdentityModel.JsonWebTokens.JsonWebToken)securityToken; | ||
if (!jsonWebToken.Claims.Any(f => f.Type == "aud")) | if (!jsonWebToken.Claims.Any(f => f.Type == "aud")) | ||
Version du 23 février 2024 à 14:11
Secrets Manager
| Program.cs |
builder.Configuration.Sources.Add(new AmazonSecretsManagerConfigurationSource("secretName"));
|
Cognito
| Program.cs |
builder.Services.AddCognitoIdentity();
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = builder.Configuration["AWSCognito:Authority"];
options.Audience = builder.Configuration["AWSCognito:UserPoolClientId"];
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidateAudience = true
};
options.TokenValidationParameters.AudienceValidator = (audiences, securityToken, validationParameters) =>
{
// Cognito tokens doesn't have "aud" claim. Instead the audience is set in "client_id"
var jsonWebToken = (Microsoft.IdentityModel.JsonWebTokens.JsonWebToken)securityToken;
if (!jsonWebToken.Claims.Any(f => f.Type == "aud"))
return false;
return validationParameters.ValidAudience.Contains(jsonWebToken.Claims.First(f => f.Type == "aud").Value);
};
});
|
