I’m trying to validate auth0 JWT in my .net framework web api
and have no luck by now
my JWT is created by auth0 since I’m using facebook/linkedin/etc verification
and posting that token in authorization header under 'bearer’
in all of my requests to api
in my api i have this class:
public class ScopeAuthorizeAttribute : AuthorizeAttribute
{
private readonly string scope;
public ScopeAuthorizeAttribute(string scope)
{
this.scope = scope;
}
public override void OnAuthorization(HttpActionContext actionContext)
{
base.OnAuthorization(actionContext);
// Get the Auth0 domain, in order to validate the issuer
var domain = $"https://{ConfigurationManager.AppSettings["Auth0Domain"]}/";
// Get the claim principal
ClaimsPrincipal principal = actionContext.ControllerContext.RequestContext.Principal as ClaimsPrincipal;
// Get the scope clain. Ensure that the issuer is for the correcr Auth0 domain
var scopeClaim = principal?.Claims.FirstOrDefault(c => c.Type == "scope" || c.Issuer == domain);
if (scopeClaim != null)
{
// Split scopes
var scopes = scopeClaim.Value.Split(' ');
// Succeed if the scope array contains the required scope
if (scopes.Any(s => s == scope))
return;
}
HandleUnauthorizedRequest(actionContext);
}
}
but i’m getting null in this line:
ClaimsPrincipal principal = actionContext.ControllerContext.RequestContext.Principal as
ClaimsPrincipal;
what am i doing wrong?