private void ConfigureAuthentication(IServiceCollection services)
{
var config = new KeycloakConfiguration();
Configuration.GetSection(nameof(KeycloakConfiguration)).Bind(config);
config.Validate();
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(opt =>
{
opt.RequireHttpsMetadata = false;
opt.Authority = config.Authority;
opt.TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = true,
RequireExpirationTime = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuer = true,
ValidAudience = config.RequiredAudience
};
});
}
