ValidAudiences - Accepting multiple audiences #1565
Unanswered
mikedunham
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am working on updating our API (core 3.1) auth to use the latest Microsoft Identity nuget for use with MSAL for an Angular UI application. We have Azure Functions that will call into our API's using a Managed Service Identity and have setup several new app registrations for each API to use with MSAL in Angular. The same API's we call from an Azure function will also be called from the Angular UI. The problem I am running into is that I need to accept up to four different audiences in order not to break auth for everything.
Audiences needed:
I am attempting to set the audiences in a list as follows:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(options => { }, options =>
{
options.Authority = Configuration["Authentication:Jwt:Authority"];
options.Instance = Configuration.GetSection("AzureAd")["Instance"];
options.ClientId = Configuration.GetSection("AzureAd")["ClientId"];
options.Domain = Configuration.GetSection("AzureAd")["Domain"];
options.TenantId = Configuration.GetSection("AzureAd")["TenantId"];
options.TokenValidationParameters.ValidateAudience = true;
When calling the API using a token created by another app registration (other api client id), I get the following error:
Bearer error="invalid_token", error_description="The audience 'other api client id' is invalid"
Am I misunderstanding the use of the ValidAudience IEnumerable? How can I achieve this?
Beta Was this translation helpful? Give feedback.
All reactions