OAuthBearerAuthenticationOptions AllowedAudiences?

Jul 7, 2015 at 9:21 PM
Is there any easy way to configure OAuthBearerAuthentication to validate against a list of allowed audiences?

I see JWT and OpenIdConnect options have a method, but I don't see anything simple for OAuthBearer. For example:
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
            AllowedAudiences =
I tried going down the path of a custom AccessTokenFormat, but failed miserably.
Jul 8, 2015 at 4:12 AM
Checking the audience requires being able to parse the token and find the intended audience. You can do this with OIDC and JWT because you know the token format (JWT). You can't do this with just Bearer because you don't know the format of the token.

What kind of tokens are you using?
Jul 8, 2015 at 1:12 PM
Makes sense...we are using JWT tokens.
Jul 8, 2015 at 2:09 PM
Specifically, we are using a JWT issued from Azure AD.

This morning I found UseWindowsAzureActiveDirectoryBearerAuthentication (which I hadn't noticed before). This helps me solve the issue I was encountering by specifying ValidAudiences in the TokenValidationParameters.

Thanks for your help!