the signature is checked before the audience. are you sure your client passed a valid token?
Azure AD: custom AudienceValidator function not firing
I'm testing locally. When the Audience in the bearer token is created like this:
string[] scopes = { "https://graph.microsoft.com/.default" };
the user gets 401 unauthorized and my AudienceValidator function never fires. It fires when the Audience is this:
string[] scopes = { someClientID + "/.default" };
The end result is that it usually fires when the Audience is correct. In reality I need it to fire all the time, especially when the Audience is incorrect.
I've spent many hours on this. I've tried every combination of the below values known to me. Removing the last two lines doesn't help. Switching from "true" to "false" doesn't help.
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(opt =>
{
opt.Authority = authority;
opt.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false,
AudienceValidator = funcValidateAudience,//NOT FIRING.
ValidateAudience = true,
ValidAudiences = validAudiences,
};
});
1 additional answer
Sort by: Most helpful
-
JAL 591 Reputation points
2023-09-24T21:32:08.2466667+00:00 I meant to include this line of code in my post:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
This is a .Net Core 5.0 web api.