jwt changes

2022-03-29 08:38:46 -04:00
parent b7a1d2df75
commit b7675a21eb
3 changed files with 35 additions and 5 deletions
--- a/Oqtane.Server/Infrastructure/Middleware/JwtMiddleware.cs
+++ b/Oqtane.Server/Infrastructure/Middleware/JwtMiddleware.cs
@ -25,14 +25,15 @@ namespace Oqtane.Infrastructure
                var alias = context.GetAlias();
                if (alias != null)
                {
-                    var secret = context.GetSiteSettings().GetValue("JwtOptions:Secret", "");
+                    var sitesettings = context.GetSiteSettings();
+                    var secret = sitesettings.GetValue("JwtOptions:Secret", "");
                    if (!string.IsNullOrEmpty(secret))
                    {
                        var logger = context.RequestServices.GetService(typeof(ILogManager)) as ILogManager;
                        var jwtManager = context.RequestServices.GetService(typeof(IJwtManager)) as IJwtManager;

                        var token = context.Request.Headers["Authorization"].First().Split(" ").Last();
-                        var user = jwtManager.ValidateToken(token, secret, "", "");
+                        var user = jwtManager.ValidateToken(token, secret, sitesettings.GetValue("JwtOptions:Issuer", ""), sitesettings.GetValue("JwtOptions:Audience", ""));
                        if (user != null)
                        {
                            // populate principal (reload user roles to ensure most accurate permission assigments)