aspnetcore: AddIdentity extension blocks JwtBearerOptions configure

ASP.NET Core 3.1.0 + IdentityServer4. Application generated from OOB template “Web Application -> Angular” with build-in user authentication option

I want to combine Customize the API authentication handler (link 1) and Identity model customization in ASP.NET Core (link 2)

This is default configuration of the template + changes from link 1:

// startup.cs, only valuable lines  are shown
...
services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
    .AddEntityFrameworkStores<ApplicationDbContext>();
....
services.AddAuthentication().AddIdentityServerJwt();
services.Configure<JwtBearerOptions>(
     IdentityServerJwtConstants.IdentityServerJwtBearerScheme,
     options =>
     {
        // breakpoint on next line, it works
        var onTokenValidated = options.Events.OnTokenValidated;
       ...
     });

This works just perfect.

Now let’s add code from link 2:

// startup.cs, only valuable lines are shown
...
services.AddIdentity<ApplicationUser, ApplicationRole>(options => options.SignIn.RequireConfirmedAccount = true)
                .AddEntityFrameworkStores<ApplicationDbContext>()
                .AddDefaultUI()
                .AddDefaultTokenProviders();
....
services.AddAuthentication().AddIdentityServerJwt();
services.Configure<JwtBearerOptions>(
     IdentityServerJwtConstants.IdentityServerJwtBearerScheme,
     options =>
     {
        // breakpoint on next line, never hits
        var onTokenValidated = options.Events.OnTokenValidated;
       ...
     });

This just doesn’t work. The option lambda never called, breakpoint never hits.

Even more, I tried to implement same with IConfigureNamedOptions<JwtBearerOptions> and services.AddTransient<IConfigureOptions<JwtBearerOptions>, MyJwtBearerConfigurator> - same result, works with AddDefaultIdentity<TUser>, but MyJwtBearerConfigurator never executed with ```AddIdentity<TUser, TRole>``

Any ideas why??

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 25 (15 by maintainers)

Most upvoted comments

Theory:

Working: AddDefaultIdentity sets DefaultScheme. AddIdentityServerJwt sets DefaultScheme and overwrites the value set by AddDefaultIdentity. Authenticate and Challenge use the default scheme because no other values are set.

Not working: AddIndentity sets DefaultAuthenticateScheme and DefaultChallengeScheme rather than DefaultScheme. AddIdentityServerJwt sets DefaultScheme, which doesn’t override DefaultAuthenticateScheme or DefaultChallengeScheme. Authenticate uses DefaultAuthenticateScheme rather than DefaultScheme. Challenge uses DefaultChallengeScheme rather than DefaultScheme.

Workaround: Add this at the end of ConfigureServices

            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = IdentityServerJwtConstants.IdentityServerJwtScheme;
                options.DefaultChallengeScheme = IdentityServerJwtConstants.IdentityServerJwtScheme;
            })
+1
Tratcher on Mar 3, 2020
Read more comments on GitHub
← aspnetcore: AddDataProtection race condition
aspnetcore: After upgrading to .NET Standard 2.1 and Blazor v3.1.0-preview4.19579.2, Blazor WebAssembly projects no longer work. →