Ignore JWT Bearer token signature (i.e. don't validate token)

Question

I have an API that sits behind an API Gateway. The API Gateway validates the bearer token before passing the request along to the API.

My API the uses the the asp.net co

Answer 1

You may setup token validation using JwtBearerOptions.TokenValidationParameters. You could check all available parameters from the class definition.

Contains a set of parameters that are used by a Microsoft.IdentityModel.Tokens.SecurityTokenHandler when validating a Microsoft.IdentityModel.Tokens.SecurityToken.

Set All ValidateXXX and RequireXXX bool properties to false if you want to disable validation at all:

.AddJwtBearer("", configureOptions =>
{
   options.TokenValidationParameters.ValidateActor = false;
   options.TokenValidationParameters.ValidateAudience = false;
   options.TokenValidationParameters.ValidateIssuerSigningKey = false;
   ...
}

---

As an another option you can override the default token signature validation by setting own implementation to JwtBearerOptions.SignatureValidator:

// Gets or sets a delegate that will be used to validate the signature of the token.
//
// Remarks:
//  If set, this delegate will be called to signature of the token, instead of normal
//  processing.
public SignatureValidator SignatureValidator { get; set; }

where SignatureValidator delegate is defined as:

public delegate SecurityToken SignatureValidator(string token, TokenValidationParameters validationParameters);