Since Auth0 exposes OIDC discovery documents (https://{YOU}.auth0.com/.well-known/openid-configuration
), we can use the OpenID Connect middleware for Katana v3 (OWIN) to read that information and automatically configure our web app, so you don’t have to provide all the configuration values:
- Install the nuget package
Microsoft.Owin.Security.OpenIdConnect
(v3.x.x) - Go to
App_Start\Startup.Auth.cs
, and replace your implementation with the following:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://{YOU}.auth0.com/",
ClientId = "{YOUR_AUTH0_CLIENT_ID}",
SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
ResponseType = "token",
Notifications = new OpenIdConnectAuthenticationNotifications
{
// OPTIONAL: you can read/modify the claims that are populated based on the JWT
SecurityTokenValidated = context =>
{
// add Auth0 access_token as claim
var accessToken = context.ProtocolMessage.AccessToken;
if (!string.IsNullOrEmpty(accessToken))
{
context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken));
}
return Task.FromResult(0);
}
}
});
Currently, the OpenID Connect middleware is not supporting JWT tokens signed with symmetric keys, so we need to make sure to configure RSA algorithm from Auth0 dashboard:
- Go to https://app.auth0.com/#/applications/{YOUR_AUTH0_CLIENT_ID}/settings
- Click on
Show Advanced Settings
button. - Set
RS256
asJsonWebToken Token Signature Algorithm
and click onSave
.
Now, JWT tokens will be signed with your private signing key and they can be verified using your public signing key.