|
|
@@ -28,8 +28,6 @@ namespace Hotline.Api
|
|
|
/// <returns></returns>
|
|
|
public static IServiceCollection RegisterAuthentication(this IServiceCollection services, ConfigurationManager configuration)
|
|
|
{
|
|
|
- //using var serviceProvider = services.BuildServiceProvider();
|
|
|
- //var cacheAudience = serviceProvider.GetService<ITypedCache<AudienceTicket>>();
|
|
|
var jwtOptions = configuration.GetSection("IdentityConfiguration").Get<IdentityConfiguration>().Jwt;
|
|
|
|
|
|
#region remote ids
|
|
|
@@ -74,18 +72,22 @@ namespace Hotline.Api
|
|
|
d.TokenValidationParameters = new()
|
|
|
{
|
|
|
ValidateIssuer = false,
|
|
|
- ValidateAudience = false,
|
|
|
+ ValidateAudience = true,
|
|
|
ValidateLifetime = true,
|
|
|
ValidateIssuerSigningKey = true,
|
|
|
IssuerSigningKey = secKey,
|
|
|
- //AudienceValidator = (audiences, token, parameters) =>
|
|
|
- //{
|
|
|
- // using var serviceProvider = services.BuildServiceProvider();
|
|
|
- // var a = serviceProvider.GetService<IOrderApplication>();
|
|
|
- // var cacheAudience = serviceProvider.GetService<ITypedCache<AudienceTicket>>();
|
|
|
- // var audience = cacheAudience.Get(token.Id);
|
|
|
- // return audiences != null && audiences.Any(a => a == audience?.Ticket);
|
|
|
- //}
|
|
|
+ AudienceValidator = (audiences, token, parameters) =>
|
|
|
+ {
|
|
|
+ if (token is JwtSecurityToken jwtToken)
|
|
|
+ {
|
|
|
+ using var serviceProvider = services.BuildServiceProvider();
|
|
|
+ var cacheAudience = serviceProvider.GetService<ITypedCache<AudienceTicket>>();
|
|
|
+ var audience = cacheAudience.Get(jwtToken.Subject);
|
|
|
+ return audiences != null && audiences.Any(a => a == audience?.Ticket);
|
|
|
+ }
|
|
|
+
|
|
|
+ return false;
|
|
|
+ }
|
|
|
};
|
|
|
|
|
|
//d.Audience = "hotline_api";
|
xf