Add JWT debugging and fix Keycloak networking
- Added JWT authentication event logging to diagnose validation failures - Fixed docker-compose networking for API to reach Keycloak via hostname - Debug endpoint now accessible without auth for troubleshooting - Still investigating why claims are not populated despite token being present
This commit is contained in:
WorkClub Automation
@@ -52,11 +52,33 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
||||
options.MapInboundClaims = false;
|
||||
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
|
||||
{
|
||||
ValidateIssuer = false, // Disabled for local dev - external clients use localhost:8080, internal use keycloak:8080
|
||||
ValidateIssuer = false, // Disabled for local dev - external clients use localhost:8080, internal use keycloak:8080
|
||||
ValidateAudience = true,
|
||||
ValidateLifetime = true,
|
||||
ValidateIssuerSigningKey = true
|
||||
};
|
||||
options.Events = new JwtBearerEvents
|
||||
{
|
||||
OnAuthenticationFailed = context =>
|
||||
{
|
||||
Console.WriteLine($"JWT Authentication Failed: {context.Exception.Message}");
|
||||
if (context.Exception.InnerException != null)
|
||||
{
|
||||
Console.WriteLine($"Inner Exception: {context.Exception.InnerException.Message}");
|
||||
}
|
||||
return Task.CompletedTask;
|
||||
},
|
||||
OnTokenValidated = context =>
|
||||
{
|
||||
Console.WriteLine($"JWT Token Validated for user: {context.Principal?.Identity?.Name ?? "unknown"}");
|
||||
return Task.CompletedTask;
|
||||
},
|
||||
OnChallenge = context =>
|
||||
{
|
||||
Console.WriteLine($"JWT Challenge: {context.Error}");
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
};
|
||||
});
|
||||
|
||||
builder.Services.AddScoped<IClaimsTransformation, ClubRoleClaimsTransformation>();
|
||||
|
||||
Reference in New Issue
Block a user