'ASP.NET Core and NextAuthJS
I have 3 individual applications:
- IdentityServer4
- JS client using Next and NextAuth.js for authentication.
- ASP.NET Core Rest API
The identity server runs in a different domain than the others:
https://login.example.com
On the other hand the client and the API run in the same domain
- https://app.example.com => Next
- https://app.example.com/api-rest => ASP.NET Core
Since they share the same domain, I would like asp to directly use the cookie that NextAuth uses.
The Rest API is expecting the access token in the header (Authorization: Bearer <token>). To be able to add that ASP.NET Core reads apart from the authentication header (since it is used by other apps...) add that cookie authentication can also come.
Simply what I do is read the cookie with:
context.Request.Cookies["next-auth.session-token"]
and decrypt it.
But that's where I have a problem. The JWT that sends next is not the accessToken, it is a JSON that contains the Access token:
{
"accessToken": "a.b.c",
"refreshToken": "asasa",
"user": {
"id": "d3223",
"name": "Test"
},
"iat": 1652801889,
"exp": 1655393889,
"jti": "27c172ff-f579-4271-a3ca-c77393630f1b"
}
But the questions arise:
- How do I make ASP.NET Core take the Access Token that is inside the JWT itself, that is, I would have to do something like double decoding?
- Is there another way to share the Access token more transparently while maintaining encryption?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|