JwtBearerOptions - token validation offline or online?

Question

User-50787436 posted

Hi all,

I'm working on ASP.Net Core 3.1 for API development, and I was adding logic to validate Bearer tokens, I'm quite new on this and found out logic like this:

public static void AddAuthentication(this IServiceCollection services, IConfiguration config)
        {
            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)

            .AddJwtBearer(options =>
            {
                options.Authority = "https://loremipsum.com";
                options.RequireHttpsMetadata = true;
                options.Audience = "LoremIpSum";
                options.SaveToken = true;
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateActor = true,
                    ValidateIssuer = true,
                    ValidateAudience = true,
                    ValidateLifetime = true,
                    RequireExpirationTime = true,
                    ValidIssuer = "https://loremipsum.com",
                    NameClaimType = "name"
                };
            })
            .AddCookie(options => options.SlidingExpiration = true);
        }

I was wondering, this allows me to specify some options, but how can I tell to validate tokens offline or online?

Or by default this provides logic only for online validation?

This might be a rookie question and it may be quite simple but I'm not following :(

Answer 1

User-854763662 posted

Hi pacojones,

I'm not familar with JwtBear Token , for Offline Token Validation , the follwoing microsoft official blog may be helpful:

https://devblogs.microsoft.com/aspnet/bearer-token-authentication-in-asp-net-core/

Best Regards,

Sherry

Answer 2

User-474980206 posted

The typical case is that the asp.net core site is creating the bearer token, so it can validate (knows the signing key). If the bearer token is from another source, then you will need to write custom validation logic.