I've been struggling with this for a few days... There seems to be a number of similar questions on here but I can't find one which covers this exact scenario.
I have a node service which is creating a jsonwebtoken NPM package (RS256). Any other node service is able to validate the token as supplied by the UI and read the claims _ can also validate on jwt.io.
However I need to add a .net core api to the solution and I can't simply can't get it work - I feel like I have tried a million different combinations of setting up the api middleware, but there is clearly something I am missing and I can't find any documentation for the right way of doing this - obviously I also want to read the claims, but right now, before I pull my hair out, I just want to validate the token and hit a controller.
Configure JWT bearer authentication (as well as the token validation options) on DI using AddJwtBearer extension method from Microsoft.AspNetCore.Authentication.JwtBearer NuGet package:
// The below code used to be in Startup.ConfigureServices method
// before the minimal API with all stuff in Program.cs file has been introduced
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
ValidateIssuer = true,
... = ,
};
options.Authority = <settings-your-authority>;
options. ect..
});
...
// Use configured JWT auth (used to be in Startup.Configure method)
var app = builder.Build();
...
app.UseAuthentication();
...
app.Run();
And see here how to Verify JWT with RS256 (asymmetric) in C#