refactor Aktualisierte AuthPublicKey-Konfiguration, die getrennt von AuthClaimPrams konfiguriert werden kann, um sie als JWT-Barriere-Konfiguration zu verwenden

WorkFlow.API/Program.cs

@@ -47,9 +47,10 @@ try
     else
         throw new("The API Key Authorization configuration is not available in the app settings, even though the app is not in development or DiP mode and API Key Authorization is not disabled.");
 
+    // Created separately from AuthClientParams (added via options) for use in Jwt Bearer configuration
     var authPublicKey = config.GetSection("AuthPublicKey").Get<ClientPublicKey>() ?? throw new InvalidOperationException("The AuthPublicKey configuration is missing or invalid.");
 
-    builder.Services.AddAuthHubClient(config.GetSection("AuthClientParams"));
+    builder.Services.AddAuthHubClient(config.GetSection("AuthClientParams"), opt => opt.PublicKeys.Add(authPublicKey));
 
     builder.Services.AddControllers();
 
@@ -62,7 +63,11 @@ try
                 IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) =>
                 {
                     return [authPublicKey.SecurityKey];
-                }
+                },
+                ValidateIssuer = true,
+                ValidIssuer = authPublicKey.Issuer,
+                ValidateAudience = true,
+                ValidAudience = authPublicKey.Audience
             };
         });
 

WorkFlow.API/appsettings.json

@@ -79,11 +79,10 @@
   },
   "AuthClientParams": {
     "Url": "https://localhost:7192",
-    "PublicKeys": [
-      {
-        "Issuer": "auth.digitaldata.works",
-        "Audience": "work-flow.digitaldata.works"
-      }
-    ]
+    "PublicKeys": []
+  },
+  "AuthPublicKey": {
+    "Issuer": "auth.digitaldata.works",
+    "Audience": "work-flow.digitaldata.works"
   }
 }