❔ Having a hard time understanding how external auth providers work
I am trying to use Clerk, an auth solution that is similar to Auth0, and I want to add it to my aspnet core api. Idk where I should start tho.
I believe I need this somehow?
https://winning-thrush-77.clerk.accounts.dev/.well-known/jwks.json
35 Replies
This is the Dev Url they sent me for me to get the info regarding the key
Or I don't need this at all?
anything in particular you can't wrap your head around, or the entire concept?
I kind of understood the concept, I am trying to implement it using an auth provider (clerk) and aspnet core
But I just can't seem to get it right
I have this in my AppSettings, and I assumed that this would be enough, but looks like it isn't.
I also have this on my Program.cs
It validates the issuer, audience, lifetime but I still get an error
www-authenticate: Bearer error="invalid_token",error_description="The signature key was not found"
I did not include any key, am I required to?yeah, that's how digital signatures work
you verify the signature by running the same encryption on it that was used by the original signer
and check if the signatures match
to do that, you need whatever key the algorithm requires
either that, or you need to send the token to the issuer to hace THEM verify it
Clerk is gonna either have that, or an asymmetric encryption key that you can hard-code in config, or call out to Clerk to retrieve it on startup or something
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
I managed to do it I think, by simply setting the Authority
I guess that once you set the Authority, ASP.NET looks for this endpoint and loads everything
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
I'm pretty sure it works since it stopped giving me the error claiming that I had an invalid signature
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
adding the
opt.Authority = configuration["JwtSettings:Authority"];Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Yeah I know
But yep only that
Now I'm struggling because Clerk doesn't use the
aud claim and I don't want to hardcode itUnknown User•2y ago
Message Not Public
Sign In & Join Server To View
What do you mean?
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
I didn't understand what you meant by the last phrase and you expect me to understand 3 letters and 4 
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
good morning
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
I solved it by hardcoding the aud as a resource I think
But I was hoping I could just take advantage of the
azp claim
Clerk doesn't give me a way unfortunatelyUnknown User•2y ago
Message Not Public
Sign In & Join Server To View
I'm not sure what a resource is so I might have said it wrong
azp means authorized party
It is basically the origin of the token
Where it was generated at
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
it can be that
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
I know that
and azp would actually fit me well
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Since the token will always have and azp containing where it was generated
if I have:
myapp.com
anotherapp.com and they both go to -> id.app.com, and id generates the token
The token's azp would be the origin, either myapp.com and anotherapp.com
it kind of fits me well as for the audience, since what validates the audience is my backendUnknown User•2y ago
Message Not Public
Sign In & Join Server To View
idp = id provider?
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.