Fix middleware order - place Authentication before TenantValidation
The JWT middleware needs to fetch signing keys from Keycloak before tenant validation runs. The previous order caused signature validation to fail because the middleware was blocking the JWKS endpoint requests. - Moved Authentication before TenantValidationMiddleware - Removed realm endpoint from exemption list (not needed with correct order) - This allows JWT middleware to fetch signing keys and validate tokens
This commit is contained in:
WorkClub Automation
@@ -147,9 +147,12 @@ app.UseHttpsRedirection();
|
||||
|
||||
app.UseCors("AllowFrontend");
|
||||
|
||||
// IMPORTANT: Order matters!
|
||||
// 1. Authentication must come before tenant validation so JWT middleware can fetch JWKS
|
||||
// 2. Tenant validation should come after auth but before endpoints
|
||||
app.UseAuthentication();
|
||||
app.UseAuthorization();
|
||||
app.UseMiddleware<TenantValidationMiddleware>();
|
||||
app.UseAuthorization();
|
||||
app.UseMiddleware<MemberSyncMiddleware>();
|
||||
|
||||
app.MapHealthChecks("/health/live", new Microsoft.AspNetCore.Diagnostics.HealthChecks.HealthCheckOptions
|
||||
|
||||
Reference in New Issue
Block a user