IdentityServer on Mvc : What is Audience refering in AddJwtBearer
I already have the access token working with my application in my api gateway.
var identityUrl = Configuration.GetValue<string>("urls:identity");
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = Configuration.GetValue<string>("IdentityUrlExternal");
options.RequireHttpsMetadata = false;
options.Audience = "api1";
options.Events = new JwtBearerEvents()
What is the audience option in AddJwtBearer referring to. Is that refer to ClientId or the ApiScope. At the moment, I was based on the scope on my mobile application setup to communicate with the api gateway. If I changed to something e.g. a client id sent from mobile (ro.client), I the authorized api function will not be able accessed.
I would like get some clear understand is my setting correct. Thanks
In addition, how do add Authorized Scope in ASP.net mvc core project under the controller.
Answer
The following link will take you to the explanation: http://docs.identityserver.io/en/latest/topics/apis.html
The ApiName property checks if the token has a matching audience (or short aud) claim.
In IdentityServer you can also sub-divide APIs into multiple scopes. If you need that granularity you can use the ASP.NET Core authorization policy system to check for scopes.