Adding data in Client Secret JWT

Anônima
2024-01-02T15:52:13+00:00

Hi!
I'm integrating Microsoft ID authentication into my API (api0) and plan to access it using two different APIs (api1 and api2). For this, I'm utilizing a unique Client Secret for each API. However, I'm encountering a challenge: there isn't a field in the generated JWT token (created with the Client Secret) that indicates which API is making the request to api0. I would like to add a custom field to the JWT token to identify the originating API. Those are the default fields in the JWT:

{
"aud": "",
"iss": "",
"iat": 1,
"nbf": 1,
"exp": 1,
"aio": "",
"azp": "",
"azpacr": "",
"oid": "",
"rh": "",
"sub": "",
"tid": "",
"uti": "",
"ver": "2.0"
}

Windows para empresas | Cliente Windows para profissionais de TI | Serviços de diretório | Logon e perfis de usuário

Pergunta bloqueada. Essa pergunta foi migrada da Comunidade de Suporte da Microsoft. É possível votar se é útil, mas não é possível adicionar comentários ou respostas ou seguir a pergunta.

0 comentários Sem comentários

Resposta aceita pelo autor da pergunta

Anônima
2024-01-03T15:51:55+00:00

To add a custom field to the JWT token to identify the originating API, you can use the "claims" parameter when creating the token. You can add a custom claim with the name of your choice and set its value to the API identifier. Here's an example of how to add a custom claim:

```

var tokenHandler = new JwtSecurityTokenHandler();

var key = Encoding.ASCII.GetBytes("your_client_secret_here");

var tokenDescriptor = new SecurityTokenDescriptor

{

*Subject = new ClaimsIdentity(new Claim[]*

*{*

    *new Claim("custom\_api\_claim", "api1") // replace "api1" with the identifier of your API*

*}),*

*Expires = DateTime.UtcNow.AddMinutes(10),*

*SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)*

};

var token = tokenHandler.CreateToken(tokenDescriptor);

var jwtToken = tokenHandler.WriteToken(token);

```

Regarding the "aud" claim, you can set it to a default value by specifying it in the "TokenValidationParameters" when validating the token. Here's an example:

```

var tokenHandler = new JwtSecurityTokenHandler();

var key = Encoding.ASCII.GetBytes("your_client_secret_here");

var tokenValidationParameters = new TokenValidationParameters

{

*ValidateIssuerSigningKey = true,*

*IssuerSigningKey = new SymmetricSecurityKey(key),*

*ValidateIssuer = true,*

*ValidIssuer = "your\_issuer\_here",*

*ValidateAudience = true,*

*ValidAudience = "default\_audience\_here" // replace with your default audience value*

};

SecurityToken validatedToken;

var claimsPrincipal = tokenHandler.ValidateToken(jwtToken, tokenValidationParameters, out validatedToken);

```

Note that you should replace the placeholders with your actual values.

Esta resposta foi útil?

1 pessoa achou esta resposta útil.
0 comentários Sem comentários

2 respostas adicionais

Classificar por: Mais útil
  1. Anônima
    2024-01-03T08:51:34+00:00

    Hello!

    Unfortunately, it is not possible to add custom fields to the Client Secret JWT token. The fields in the token are predefined and cannot be modified. However, you can use the "aud" field to identify the API that is making the request to api0. The "aud" field specifies the intended audience for the token, which in this case would be api0. You can set the "aud" field to a unique value for each API, and then check the value of the "aud" field in api0 to determine which API is making the request. I hope this helps!

    Thank you so much! How can I set the aud value to a default one?

    Esta resposta foi útil?

    0 comentários Sem comentários
  2. Anônima
    2024-01-02T18:22:54+00:00

    Hello!

    Unfortunately, it is not possible to add custom fields to the Client Secret JWT token. The fields in the token are predefined and cannot be modified. However, you can use the "aud" field to identify the API that is making the request to api0. The "aud" field specifies the intended audience for the token, which in this case would be api0. You can set the "aud" field to a unique value for each API, and then check the value of the "aud" field in api0 to determine which API is making the request. I hope this helps!

    Esta resposta foi útil?

    0 comentários Sem comentários