Remove ClientId from Web Api Configuration. #53
Conversation
laura-rodriguez
requested review from
robertjd,
leebrandt,
nbarbettini and
a team
There was a problem hiding this comment.
Other review tasks required:
- Double check that this satisfies all the access token validation requirements from /~https://github.com/okta/oss-technical-designs/blob/master/technical_designs/jwt-validation-libraries.md#access-token-verification
- Review from the .NET Review group
| namespace Okta.AspNet.Abstractions | ||
| { | ||
| public class OktaWebApiOptions : OktaWebOptions | ||
| { | ||
| public static readonly string DefaultAudience = "api://default"; | ||
|
|
||
| public string Audience { get; set; } = DefaultAudience; | ||
|
|
||
| [Obsolete("ClientId is deprecated")] |
There was a problem hiding this comment.
Let's use this message:
ClientId is no longer required, and has no effect. This property will be removed in the next major release.
There was a problem hiding this comment.
@nbarbettini , Can you please provide a timeline, when this feature will be made available? We have a need where a Web API has to authorize multiple ClientIds
There was a problem hiding this comment.
Hi @anandseeman,
I am working on a few changes now. Then, it needs to be reviewed by peers.
I assume it should be published by EOW or early next week.
|
|
||
| namespace Okta.AspNet.Abstractions | ||
| { | ||
| public sealed class StrictSecurityTokenValidator : ISecurityTokenValidator |
There was a problem hiding this comment.
Since we are removing this public class, bump the major version of Okta.AspNet.Abstractions. IMO, the major version of Okta.AspNet and Okta.AspNetCore do not need to be bumped yet.
Resolves #46