I am using ocelot api gateway to authenticate the request and pass the claims to the underlying micro services. So far i am able to get the access_token as well as the id_token. Is there a way i can introspect the id_token so that the claims from both of the token can be sent to the microservices? Here is my code:
using Ocelot.DependencyInjection;
using Ocelot.Middleware;
using OpenIddict.Validation;
using OpenIddict.Validation.AspNetCore;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Configuration.AddJsonFile("ocelot.json", optional: false, reloadOnChange: true);
builder.Services.AddAuthentication(o =>
{
o.DefaultScheme = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme;
});
builder.Services.AddOpenIddict()
.AddValidation(options =>
{
// Note: the validation handler uses OpenID Connect discovery
// to retrieve the address of the introspection endpoint.
options.SetIssuer("https://localhost:7013/");
options.AddAudiences("ApiGateway");
options.SetClientId("ApiGateway");
options.SetClientSecret("apigateway-secret");
options.UseIntrospection();
options.UseSystemNetHttp();
options.UseAspNetCore();
});
var configuration = new OcelotPipelineConfiguration
{
PreAuthorizationMiddleware = async (ctx, next) =>
{
await next.Invoke();
}
};
builder.Services.AddOcelot(builder.Configuration);
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.UseOcelot(configuration).Wait();
app.Run();
