Fixed auth token validation as per auth0-samples/auth0-aspnetcore-mvc…

…-samples#1
SSWConsulting · Sep 17, 2016 · 13a6228 · 13a6228
1 parent e67d877
commit 13a6228
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/src/SSW.MusicStore.API/Startup.cs b/src/SSW.MusicStore.API/Startup.cs
@@ -12,6 +12,7 @@
 using Mindscape.Raygun4Net;
 
 using Autofac;
+using Microsoft.IdentityModel.Tokens;
 using SerilogWeb.Classic.Enrichers;
 using SSW.MusicStore.API.Filters;
 using SSW.MusicStore.API.Infrastructure.DI;
@@ -103,7 +104,7 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF
                     .Enrich.WithProperty("ApplicationName", "Music Store")
                     .Enrich.With(new HttpRequestIdEnricher());
             Log.Logger = config.CreateLogger();
-            
+
             loggerFactory.AddSerilog();
             loggerFactory.AddDebug();
 
@@ -135,6 +136,9 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF
 
             app.UseStaticFiles();
 
+            var keyAsBase64 = Configuration["Auth0:ClientSecret"].Replace('_', '/').Replace('-', '+');
+            var keyAsBytes = Convert.FromBase64String(keyAsBase64);
+
             var jwtOptions = new JwtBearerOptions
             {
                 Audience = Configuration["Auth0:ClientId"],
@@ -146,6 +150,10 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF
                         Log.Logger.Error("Authentication failed.", context.Exception);
                         return Task.FromResult(0);
                     }
+                },
+                TokenValidationParameters =
+                {
+                    IssuerSigningKey = new SymmetricSecurityKey(keyAsBytes)
                 }
             };
             app.UseJwtBearerAuthentication(jwtOptions);

diff --git a/src/SSW.MusicStore.API/appsettings.json b/src/SSW.MusicStore.API/appsettings.json
@@ -16,7 +16,8 @@
   "Auth0": {
     // Overwrite in privatesettings.json
     "ClientId": "",
-    "Domain": ""
+    "Domain": "",
+    "ClientSecret": ""
   },
   "Stripe": {
     // Overwrite in privatesettings.json

diff --git a/src/SSW.MusicStore.API/project.json b/src/SSW.MusicStore.API/project.json
@@ -43,7 +43,8 @@
     "Serilog.Sinks.Literate": "2.0.0",
     "Microsoft.EntityFrameworkCore.Tools": "1.0.0-preview2-final",
     "Microsoft.Extensions.Configuration.Binder": "1.0.0",
-    "Mindscape.Raygun4Net.AspNetCore": "5.3.1"
+    "Mindscape.Raygun4Net.AspNetCore": "5.3.1",
+    "Microsoft.Owin.Security.Jwt": "3.0.1"
   },
 
   "frameworks": {