'How to verify jwt access token has required scope

Is there a built in way in .net core 3.1 to Verify that the JWT token present in the request has a Required Scope.

A sample of jwt data I already have from our Identity Server:

{
  "user_id": "12345",
  "scope": "test1"
}

I have already seen the article: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-protected-web-api-verification-scope-app-roles?tabs=aspnetcore

But this is specific for azure-ad and it requires that the Scope claim is named "scp" instead of "scope".

jwtidentityserver4asp.net-core-3.1


Solution 1:[1]

Yes, you configure the authorization handler by defining various policies to control the access to your API based on the data provided in the access token.

See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-6.0 for more details.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Tore Nestenius

Related Questions

How to use JWT with WebSocketChannel in Flutter

Spring Security: How to use a UserDetailsService with JwtAuthenticationProvider?

Verify a JWT token string, containing 'Bearer ' with NodeJS

How do I validate a JWT using JwtSecurityTokenHandler and a JWKS endpoint?

.NET core - Configure JWT Authentication at runtime

Is Basic Authentication a Session based authentication and why Jwt is more recommended?

Symfony 6 - lexik JWT - Authenticator does not support the request

Authorization header in img src link

Strapi JWT token lifetime?

jwt.verify not throwing error for expired tokens

Invalid Token Error: Invalid token specified: Cannot read property 'replace' of undefined?

Mixed named and unnamed function parameters

JWT "invalid_grant" in Signature in Google OAuth2

SignalR hub with Bearer authentication

How to reset Laravel AuthManager/guards in between API calls in tests?