public static void ConfigureJwtService(IServiceCollection services, JwtConfiguration jwtConfiguration) { var publicKey = SecurityKeyHelper.GetRSAKeyFromXml(jwtConfiguration.PublicKeyXmlFilePath); var options = new JwtBearerOptions { TokenValidationParameters = { ValidateIssuerSigningKey = jwtConfiguration.ValidateIssuerSigningKey, IssuerSigningKey = publicKey, ValidateIssuer = jwtConfiguration.ValidateIssuer, ValidIssuer = jwtConfiguration.Issuer, ValidateAudience = jwtConfiguration.ValidateAudience, ValidAudience = jwtConfiguration.Audience, ValidateLifetime = jwtConfiguration.ValidateLifetime, ClockSkew = TimeSpan.FromSeconds(jwtConfiguration.ClockSkew) }, RequireHttpsMetadata = jwtConfiguration.RequireHttpsMetadata }; services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(o => { o.TokenValidationParameters = options.TokenValidationParameters; o.RequireHttpsMetadata = options.RequireHttpsMetadata; o.Events = new JwtBearerEvents { OnTokenValidated = context => { var p = context.Principal; return(Task.FromResult(0)); }, OnAuthenticationFailed = context => { if (context.Exception is SecurityTokenExpiredException) { var c = context; } return(Task.FromResult(0)); } }; }); }