private static TokenValidationParameters CreateTokenValidationParams(JwtConfig jwtConfig) { var signingKeyAsBytes = Encoding.UTF8.GetBytes(jwtConfig.AccessTokenSecretKey); return(new TokenValidationParameters { ValidIssuer = jwtConfig.Issuer, ValidAudience = jwtConfig.Audience, IssuerSigningKey = new SymmetricSecurityKey(signingKeyAsBytes), ValidAlgorithms = new List <string> { SecurityAlgorithms.HmacSha256 } }); }
public static IServiceCollection AddJwtAuthentication(this IServiceCollection services) { IConfiguration configuration; using (var serviceProvider = services.BuildServiceProvider()) { configuration = serviceProvider.GetRequiredService <IConfiguration>(); } services.Configure <JwtConfig>(configuration.GetSection("JwtConfig")); var jwtConfig = new JwtConfig(); configuration.GetSection("JwtConfig").Bind(jwtConfig); services .AddAuthentication() .AddJwtBearer(options => { var accessTokenSecret = Encoding.UTF8.GetBytes(jwtConfig.AccessTokenSecretKey); options.TokenValidationParameters = new TokenValidationParameters { IssuerSigningKey = new SymmetricSecurityKey(accessTokenSecret), ValidIssuer = jwtConfig.Issuer, ValidAudience = jwtConfig.Audience, ValidAlgorithms = new List <string> { SecurityAlgorithms.HmacSha256 }, ClockSkew = TimeSpan.Zero }; options.SaveToken = true; }); services.AddAuthorization(options => { options.AddPolicy("Admin", builder => { builder.RequireClaim("Role", "ADMIN", "SUPER_ADMIN"); }); options.AddPolicy("SuperAdmin", builder => { builder.RequireClaim("Role", "SUPER_ADMIN"); }); }); services.AddSingleton <IAccessTokenDecoder, AccessTokenDecoder>(); return(services); }