meds-processor, part/4, snippet #14

Startu.cs, ConfigureServices()

services.AddScoped<IJwtAuthService, JwtAuthService>();

var tokenOptsConfig = Configuration.GetSection(nameof(AuthTokenOptions).Replace("Options", ""));
var tokenOpts = tokenOptsConfig.Get<AuthTokenOptions>();
services.Configure<AuthTokenOptions>(tokenOptsConfig);

services.AddAuthentication(opts =>
{
  opts.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
  opts.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(opts =>
{
  opts.RequireHttpsMetadata = true;
  opts.SaveToken = true;
  opts.ClaimsIssuer = tokenOpts.Issuer;
  opts.TokenValidationParameters = new TokenValidationParameters
  {
    RequireSignedTokens = true,
    RequireExpirationTime = true,
    IssuerSigningKey = tokenOpts.Key,
    ValidIssuer = tokenOpts.Issuer,
    ValidAudience = tokenOpts.Audience,
    ValidateIssuer = true,
    ValidateAudience = false,
    ValidateLifetime = true,
    ValidateIssuerSigningKey = true
  };

  opts.Events = new JwtBearerEvents
  {
    OnAuthenticationFailed = context =>
    {
      if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
      {
        context.Response.Headers.Add("Token-Expired", "true");
      }
      return Task.CompletedTask;
    }
  };
});