How can I use IdentityModel.OidcClient in a c# webapi to verify and validate token generated from active directory service supporting openid connect?

Question

I have a webapi in c# and a frontend angular application. The angular application is making calls to active directory services such as azure ad, to get the access token. While on subsequent webapi calls the web api application needs to validate the access token.

My webapi was using Microsoft.Owin.Security jwt token validation up until now. I want to replace Microsoft.Owin.Security with IdentityModel.OidcClient ( since this is certified c# openid connect library). Please help me out on how to use the OidcClient framework to validate the token.

this question is _too broad_ for stackoverflow. this site is for more _specific_ problems. i recommend researching tutorials, which are quite numerous, trying an implementation yourself, and asking a new question when you are experiencing _specific_ problems while doing so. but as your question is now, it cannot be answered in the scope of stackoverflow. i also recommend reading [how to ask a good question](https://stackoverflow.com/help/how-to-ask) — Franz Gleichmann, May 18 '21 at 06:55

score 1 · Accepted Answer · answered May 18 '21 at 09:12

1

To validate tokens you should not use IdentityModel.OidcClient, instead you should use the Microsoft.AspNetCore.Authentication.JwtBearer Nuget Package to properly validate JWT tokens in an API.

answered May 18 '21 at 09:12

Tore Nestenius

16,431
5
30
40

Thanks for your reply @Tore, just that if I use different active directory , that supports openid protocol for authentication , will Microsoft.AspNetCore.Authentication.JwtBearer be used for all active directory other than azure active directory? – debanka May 18 '21 at 11:31
Add JWTBearer is only used for API's that receives access tokens. The API and client must both be registered in AzureAD. – Tore Nestenius May 18 '21 at 11:40
Yes @Tore If I use any other directory services such as Ping Identity or Okta then can Microsoft.AspNetCore.Authentication.JwtBearer be used to validate the access token? sorry if I am asking the same question again.. – debanka May 18 '21 at 12:59
JwtBearer can be used with any OpenID connect compliant provider. – Tore Nestenius May 18 '21 at 13:03
Does this answer your question? Feel free to accept it if that is the case – Tore Nestenius May 18 '21 at 13:03

How can I use IdentityModel.OidcClient in a c# webapi to verify and validate token generated from active directory service supporting openid connect?

1 Answers1