I'm trying to add some bearer token verification to my ASP.NET web application. I'm using the built-in JWT authentication code, configured by using the following code ...
services.AddAuthentication(ConfigureAuthentication).AddJwtBearer(ConfigureJwt);
Which runs the following functions ...
private void ConfigureAuthentication(AuthenticationOptions options)
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}
private void ConfigureJwt(JwtBearerOptions options)
{
var directoryId = Configuration["AzureAd:DirectoryId"];
var directoryName = Configuration["AzureAd:DirectoryName"];
var policy = Configuration["AzureAd:SigninPolicyName"];
options.Audience = Configuration["AzureAd:ApplicationId"];
options.Authority = $"https://{directoryName}.b2clogin.com/{directoryName}.onmicrosoft.com/v2.0";
}The `ConfigureJwt` method is the one I'm dealing with. I can't seem to get the underlying JWT code to fetch the `openid-configuration` from the appropriate URL. It's very close, but it's lacking the policy from the URL. Here is what my above code generates
and tries to fetch the `openid-configuration` from ...
https://example-directory.b2clogin.com/example-directory.onmicrosoft.com/v2.0/.well-known/openid-configuration
And here is what it is supposed to fetch the configuration from, as specified from the Azure portal ...
https://example-directory.b2clogin.com/example-directory.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_SignInPolicy
As you can see, my code above is lacking the policy name.
I can't seem to figure out how to specify this anywhere. Does anybody know how to configure `JwtBearerOptions` so that it includes this policy name?