Skip to content

Instantly share code, notes, and snippets.

View terryaney's full-sized avatar

Terry Aney terryaney

5 followers · 2 following
  • Benefit Technology Resources
View GitHub Profile
@terryaney
terryaney / UpdatableJwtBearerOptions.md
Created April 30, 2024 15:10
Multiple Jwt Signing Keys when using FastEndpoints

I had two specific desires of my Jwt secrets used for signing. They are provided via a secrets.json file created/managed on deployed servers and integrated into the IConfiguration workflow.

  1. I wanted Jwt secrets updatable in the configuration file and have updates applied to my Jwt verification process without the need to restart the application(s).
  2. I wanted the ability to have some FastEndpoints endpoints to support a secondary/alternate Jwt secret for signing verification.

The basic flow is the following.

  1. Add Jwt support via FastEndpoints Services.AddAuthenticationJwtBearer extenion method (if not using FastEndpoints, look at this helper method to see what manually needs to be done, but mostly it is just call to AddAuthentication and AddJwtBearer (with appropriate settings)).
  2. Add a IConfigureOptions singleton to the service collection and provide a IssuerSigningKeyResolver delegate. (Note: this needed to be an IConfigureOptions instead of s