From c7d8b67ccbff2fb1f0eef885568c0ae51c708859 Mon Sep 17 00:00:00 2001
From: Developer 02 <developer02@didaloghe.onmicrosoft.com>
Date: Mon, 10 Mar 2025 13:53:15 +0100
Subject: [PATCH] refactor Aktualisierte AuthPublicKey-Konfiguration, die
 getrennt von AuthClaimPrams konfiguriert werden kann, um sie als
 JWT-Barriere-Konfiguration zu verwenden

---
 WorkFlow.API/Program.cs       |  9 +++++++--
 WorkFlow.API/appsettings.json | 11 +++++------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/WorkFlow.API/Program.cs b/WorkFlow.API/Program.cs
index 129fa1b..886a2e4 100644
--- a/WorkFlow.API/Program.cs
+++ b/WorkFlow.API/Program.cs
@@ -47,9 +47,10 @@ try
     else
         throw new("The API Key Authorization configuration is not available in the app settings, even though the app is not in development or DiP mode and API Key Authorization is not disabled.");
 
+    // Created separately from AuthClientParams (added via options) for use in Jwt Bearer configuration
     var authPublicKey = config.GetSection("AuthPublicKey").Get<ClientPublicKey>() ?? throw new InvalidOperationException("The AuthPublicKey configuration is missing or invalid.");
 
-    builder.Services.AddAuthHubClient(config.GetSection("AuthClientParams"));
+    builder.Services.AddAuthHubClient(config.GetSection("AuthClientParams"), opt => opt.PublicKeys.Add(authPublicKey));
 
     builder.Services.AddControllers();
 
@@ -62,7 +63,11 @@ try
                 IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) =>
                 {
                     return [authPublicKey.SecurityKey];
-                }
+                },
+                ValidateIssuer = true,
+                ValidIssuer = authPublicKey.Issuer,
+                ValidateAudience = true,
+                ValidAudience = authPublicKey.Audience
             };
         });
 
diff --git a/WorkFlow.API/appsettings.json b/WorkFlow.API/appsettings.json
index 5a9244a..98a631e 100644
--- a/WorkFlow.API/appsettings.json
+++ b/WorkFlow.API/appsettings.json
@@ -79,11 +79,10 @@
   },
   "AuthClientParams": {
     "Url": "https://localhost:7192",
-    "PublicKeys": [
-      {
-        "Issuer": "auth.digitaldata.works",
-        "Audience": "work-flow.digitaldata.works"
-      }
-    ]
+    "PublicKeys": []
+  },
+  "AuthPublicKey": {
+    "Issuer": "auth.digitaldata.works",
+    "Audience": "work-flow.digitaldata.works"
   }
 }
\ No newline at end of file