2

How can I use IdentityServer.accesstokenvalidation package to validate tokens using multiple authorities?

In my front end application I am getting a token using let us say on of the following:

1- subdomain1.identityserver.com

2- subdomain2.identityserver.com

3- subdomain3.identityserver.com

Now if I get a token using subdomain1.identityserver.com then the token will look like:

{
  "nbf": ,
  "exp": ,
  "iss": "subdomain1.identityserver.com",
  "aud": [
    "subdomain1.identityserver.com/resources",
  ],
  "client_id": "Frontend",
  "sub": "",
  "auth_time": 1516002171,
  "idp": "local",
  "scope": [
    "openid",
    "profile",
  ],
  "amr": [
    "external"
  ]
}

In my APIs I am using IdentityServer.accesstokenvalidation to validate these tokens, how can I tell my APIs to use the issuer (iss in token) as authority?

I tried something like:

JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
        app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
        {
            Authority = variable,
            DelayLoadMetadata = true,
        });

Where Authority is a variable, but it looks like the authority would be registered once at startup.

Yahya Hussein
  • 8,767
  • 15
  • 58
  • 114
  • 1
    Wouldn't it be easier to use www.IdentityServer.com for all? Just curious, why do you use the subdomains? –  Jan 15 '18 at 09:20
  • I have a separation logic in my applications, they are separated using subdomain and each subdomain has its own set of users to be authenticated, I know that I can include subdomain in token, but this is not the way I want to do it. – Yahya Hussein Jan 15 '18 at 09:23
  • Did you find any solutions to this yet? – Gzim Helshani Jul 08 '18 at 12:05
  • https://github.com/IdentityServer/IdentityServer4/issues/2256 – Lasal Sethiya Oct 01 '18 at 10:59

0 Answers0