5

I have 4 auth servers which validates tokens for incoming request on my app.

I have below configurations in ConfigureServices of Startup.cs

services.AddAuthentication()
    .AddJwtBearer("authServer1", options =>
     {
         options.Authority = "https://authserver1.com/AuthServices/Auth";
         options.Audience = "web.api";
     })
    .AddJwtBearer("authServer2", options =>
    {
        options.Authority = "https://authserver2.com/AuthServices/Auth";
        options.Audience = "web.api";
    })
    .AddJwtBearer("authServer3", options =>
    {
        options.Authority = "https://authserver3.com/AuthServices/Auth";
        options.Audience = "web.api";
    })
    .AddJwtBearer("authServer4", options =>
    {
        options.Authority = "https://authserver4.com/AuthServices/Auth";
        options.Audience = "web.api";
    });

services.AddAuthorization(options =>
    {
        options.DefaultPolicy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .AddAuthenticationSchemes("authServer1", "authServer2", "authServer3", "authServer4")
            .Build();
    });

When I call the API, it works fine.

The problem is suppose any of the auth server goes down and I try to call the API then application gives error saying that particular auth server is not found or any error specific to the situation.

1) How can I skip errors which can occur when any of the auth server goes down?

2) How does the policy work when selecting the respective auth server for validating the incoming request? Does it work like switch case (jumps directly to the respective auth server) or if-else ladder (checks each auth server for request validation until it find the actual one)

Improve this question
2
  • 1
    Good question, upvoted. I wonder if there's some kind of aggregation middleware by which you could specify a collection of servers. Commented May 15, 2020 at 13:31
  • 1
    Upvoted, too. I'm afraid it will have to be a custom extension method added to the Jwt Bearer logic somehow. Wouldn't look forward to coding that. Commented May 15, 2020 at 13:36

1 Answer 1

Reset to default
1

I have achieved what I had asked for in the question.

1) How can I skip errors which can occur when any of the auth server goes down?

I configured OnAuthenticationFailed for suppressing errors which were failing the request

.AddJwtBearer("authServer1", options =>
{
    options.Authority = "https://authServer1.com/AuthServices/Auth";
    options.Audience = "web.api";
    options.Events = new JwtBearerEvents()
    {
        OnAuthenticationFailed = (context) =>
        {
            context.NoResult();
            return Task.CompletedTask;
        },
    };
});

2) How does the policy work when selecting the respective auth server for validating the incoming request? Does it work like switch case (jumps directly to the respective auth server) or if-else ladder (checks each auth server for request validation until it find the actual one)

This seems working like if-else ladder. I logged some info inside OnAuthenticationFailed and what I found was even though only 1 auth server should process the request but all the other auth server were also trying to process it and getting failed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.