Previously, I was able to use JwtBearerAuthenticationOptions
to add my custom token handler with my custom validation. Now with Core UseJwtBearerAuthentication
I need to use JwtBearerOptions
which doesn't seem to have an option to override JwtSecurityTokenHandler
. I basically want to override the following method in JwtSecurityTokenHandler
:
protected virtual JwtSecurityToken ValidateSignature(string token, TokenValidationParameters validationParameters)
Previously:
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
TokenHandler = new MyTokenHandler()
// other properties here
});
Currently with ASP.NET Core:
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
// other properties here
});
Best Answer
If you want to actually create your own
JwtSecurityTokenHandler
and override theValidateSignature
method, you can use theSecurityTokenValidators
property:Technically the call to
Clear()
isn't necessary - as long as one of the token handlers can parse the token the call to authenticate will succeed. However removing theJwtSecurityTokenHandler
seems to make sense if it won't ever succeed in your case.