Is there an existing issue for this?
Is your feature request related to a problem? Please describe the problem.
When configuring default bearer authentication options from configuration, only one valid issuer is supported.
var configSection = _authenticationConfigurationProvider . GetAuthenticationSchemeConfiguration ( name ) ;
if ( configSection is null || ! configSection . GetChildren ( ) . Any ( ) )
{
return ;
}
var issuer = configSection [ "ClaimsIssuer" ] ;
var audiences = configSection . GetSection ( "Audiences" ) . GetChildren ( ) . Select ( aud => aud . Value ) . ToArray ( ) ;
options . TokenValidationParameters = new ( )
{
ValidateIssuer = issuer is not null ,
ValidIssuers = new [ ] { issuer } ,
ValidateAudience = audiences . Length > 0 ,
ValidAudiences = audiences ,
ValidateIssuerSigningKey = true ,
IssuerSigningKey = GetIssuerSigningKey ( _configuration , issuer ) ,
} ;
Describe the solution you'd like
The configuration schema should support the configuration of multiple valid issuers, like it does for audiences.
var audiences = configSection . GetSection ( "Audiences" ) . GetChildren ( ) . Select ( aud => aud . Value ) . ToArray ( ) ;
Additional context
See #41956 (comment) .
/cc @DamianEdwards
👍 React with 👍 1DamianEdwards
