We have a website and an open api, both of which are defined as clients in Identity Server:
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "API_RO",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "WEB_API" },
IncludeJwtId = true,
AlwaysIncludeUserClaimsInIdToken = true,
AlwaysSendClientClaims = true
},
new Client
{
ClientId = "PUBLIC_SPA_APPLICATION",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"WEB_API",
},
IncludeJwtId = true,
AlwaysIncludeUserClaimsInIdToken = true,
}
}
And in the web service we authenticate against the token that is sent
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IServiceDiscovery serviceDiscovery)
{
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = $"{serviceInformation.Prefix}{serviceInformation.IpAddress}:{serviceInformation.Port}",
RequireHttpsMetadata = false,
ApiName = "PUBLIC_SPA_APPLICATION",
SaveToken = false
});
}
The problem that I have is that the ApiName parameter allows you to install only one client. I need to find a way to work for both clients that came through the website and those that appeared through the API.
I am currently getting the following error:
The media has not been authenticated. Error message: IDX10214: Audience verification failed. Audiences: "PUBLIC_SPA_APPLICATION". Did not match: validationParameters.ValidAudience: 'API_RO' or validationParameters.ValidAudiences: 'null'.