public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
config.EnableSystemDiagnosticsTracing();
var clientID = WebConfigurationManager.AppSettings["okta:ClientId"];
var tenantUrl = WebConfigurationManager.AppSettings["okta:TenantUrl"];
var tvps = new TokenValidationParameters
{
ValidAudience = tenantUrl,
ValidateAudience = true,
ValidIssuer = tenantUrl,
ValidateIssuer = true,
};
var additionalTokenValidationParamters = new Dictionary <string, string>()
{
// Validate Client ID claim
["cid"] = clientID
};
var securityTokenProvider = new OpenIdConnectCachingSecurityTokenProvider(tenantUrl + "/.well-known/openid-configuration");
var jwtFormat = new CustomValidatingJwtFormat(tvps, additionalTokenValidationParamters, securityTokenProvider);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = jwtFormat
});
}
public CustomValidatingJwtFormat(
TokenValidationParameters tvps,
IReadOnlyDictionary <string, string> additionalTokenValidationParamters,
OpenIdConnectCachingSecurityTokenProvider securityTokenProvider)
: base(tvps, securityTokenProvider)
{
if (_additionalTokenValidationParamters == null)
{
_additionalTokenValidationParamters = new Dictionary <string, string>();
}
_tvps = tvps;
_additionalTokenValidationParamters = additionalTokenValidationParamters;
_securityTokenProvider = securityTokenProvider;
}
