Ignore JWT Bearer token signature (i.e. don't validate token)

后端未结

关注

 3  1942

鱼传尺愫 2021-02-05 17:20

I have an API that sits behind an API Gateway. The API Gateway validates the bearer token before passing the request along to the API.

My API the uses the the asp.net co

3条回答

-上瘾入骨i (楼主)

2021-02-05 17:36

I was able to clean up the code a bit, showing that we can just change the flag and with a bit more consistency when setting the flags.

services.AddAuthentication(o =>
{
    o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
    .AddJwtBearer(o =>
    {
        o.RequireHttpsMetadata = false;
        o.SaveToken = true;
        o.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = false,
            ValidateAudience = false,
            ValidateIssuerSigningKey = false,
            ValidateLifetime = false,
            RequireExpirationTime = false,
            RequireSignedTokens = false
        };
    });

0 讨论(0)

查看其它3个回答