We are excited to announce that the ASP.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

JwtBearerOptions - token validation offline or online?[Answered] RSS

2 replies

Last post May 05, 2020 03:01 PM by bruce (sqlwork.com)

‹ Previous Thread|Next Thread ›

Shortcuts

Related Links

pacojones

Member

15 Points

33 Posts

JwtBearerOptions - token validation offline or online?

May 04, 2020 09:32 AM|pacojones|LINK

Hi all,

I'm working on ASP.Net Core 3.1 for API development, and I was adding logic to validate Bearer tokens, I'm quite new on this and found out logic like this:

public static void AddAuthentication(this IServiceCollection services, IConfiguration config)
        {
            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)

            .AddJwtBearer(options =>
            {
                options.Authority = "https://loremipsum.com";
                options.RequireHttpsMetadata = true;
                options.Audience = "LoremIpSum";
                options.SaveToken = true;
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateActor = true,
                    ValidateIssuer = true,
                    ValidateAudience = true,
                    ValidateLifetime = true,
                    RequireExpirationTime = true,
                    ValidIssuer = "https://loremipsum.com",
                    NameClaimType = "name"
                };
            })
            .AddCookie(options => options.SlidingExpiration = true);
        }

I was wondering, this allows me to specify some options, but how can I tell to validate tokens offline or online?

Or by default this provides logic only for online validation?

This might be a rookie question and it may be quite simple but I'm not following :(

- Reply
Sherry Chen
Contributor

2070 Points

606 Posts

Re: JwtBearerOptions - token validation offline or online?

May 05, 2020 08:19 AM|Sherry Chen|LINK

Hi pacojones,

I'm not familar with JwtBear Token , for Offline Token Validation , the follwoing microsoft official blog may be helpful:

https://devblogs.microsoft.com/aspnet/bearer-token-authentication-in-asp-net-core/

Best Regards,

Sherry

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
- Reply
bruce (sqlwo...
All-Star

58474 Points

15790 Posts

Re: JwtBearerOptions - token validation offline or online?

May 05, 2020 03:01 PM|bruce (sqlwork.com)|LINK

The typical case is that the asp.net core site is creating the bearer token, so it can validate (knows the signing key). If the bearer token is from another source, then you will need to write custom validation logic.

bruce (sqlwork.com)