MasterMito/work-club-manager
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix(auth): add JWT audience claim and disable issuer validation

Browse Source 
- Added Keycloak audience protocol mapper to workclub-app client
  - Maps 'workclub-api' to aud claim in access tokens
- Disabled issuer validation in API for local dev
  - External clients use localhost:8080, internal use keycloak:8080
  - Prevents validation mismatch in Docker network environment

This resolves 401 Unauthorized errors on all authenticated endpoints.

Ref: .sisyphus/evidence/final-f3-manual-qa.md lines 418-444
This commit is contained in:
WorkClub Automation
2026-03-05 14:12:53 +01:00
parent 8643c3dfa7
commit b813043195
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/WorkClub.Api/Program.cs
View File

@@ -47,7 +47,7 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = true,
ValidateIssuer = false, // Disabled for local dev - external clients use localhost:8080, internal use keycloak:8080
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true