Last post Dec 18, 2017 07:19 AM by Edward Z
Dec 16, 2017 04:06 AM|Jean-Sebastien Petit|LINK
I have this scenario where our API would serve multiple clients using their company federated identities.
That is, suppose User 1 works for Company A, User 2 for Company B, ..., User N with Company ?. Multiple users would be in each clients of course, but we have multiple potential clients for our API.
Assuming all of them use oAuth tokens, for simplicity, I would need to configure multiple authentication middlewares (I'm using 1.1), say the JWTBearerAuthentication, for each one of the clients.
Something I would use a configuration file setting with a loop at startup for easy setup.
And once the token is validated, I would need a separate handler to extract the data I need from the claims (sure to be different from client to client), in order to map the user to my database user, potentially creating it from the claims data.
Should I use MapWhen to configure each provider based on an element of the token, like the issuer?
Or use something else?
The idea is that I would not want to validate the token with each of the providers in the pipeline (it could get ugly).
Also I would like to use a single URL. I could enforce the use a header however.
I will continue investigating on my end, and post my eventual solution here of course, but if somebody has some insights to give me, I would greatly appreciate it...
Dec 18, 2017 07:19 AM|Edward Z|LINK
>> Assuming all of them use oAuth tokens, for simplicity, I would need to configure multiple authentication middlewares (I'm using 1.1), say the JWTBearerAuthentication, for each one of the clients.
OAuth and Jwt Authenticaiton are different. For OAuth, the validate process relays on the OAuth Token Provider. Eg, for Google Authentication, your app will redirect to Google site for authentication. But for Jwt, it is authenticated by
yourself. You checked the user credential at your app.
For your issue, who will take duty to validate the credential?
Do you need multiple authentication like enable both Google authentication and Facebook authentication, or you define multiple jwt token endpoints for different companies?