Skip to content

Commit b6117d9

Browse files
committed
Make token exchange audience configurable
1 parent 8cf7247 commit b6117d9

2 files changed

Lines changed: 11 additions & 2 deletions

File tree

src/AasSecurity/SecurityService.cs

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -482,6 +482,14 @@ private string HandleBearerToken(string? bearerToken, ref string user, ref bool
482482
if (!string.IsNullOrEmpty(tokenExchange1) && !string.IsNullOrEmpty(tokenExchange2)
483483
&& iss == tokenExchange1)
484484
{
485+
var audience = "fa3st";
486+
var audienceEnvVar = System.Environment.GetEnvironmentVariable("TOKENEXCHANGE_AUDIENCE");
487+
488+
if (!string.IsNullOrEmpty(audienceEnvVar))
489+
{
490+
audience = audienceEnvVar;
491+
}
492+
485493
Console.WriteLine($"TOKENEXCHANGE1 = {tokenExchange1}");
486494
Console.WriteLine($"TOKENEXCHANGE2 = {tokenExchange2}");
487495
var handlerExchange = new HttpClientHandler { DefaultProxyCredentials = CredentialCache.DefaultCredentials };
@@ -494,7 +502,7 @@ private string HandleBearerToken(string? bearerToken, ref string user, ref bool
494502
{ "subject_token_type", "urn:ietf:params:oauth:token-type:jwt" },
495503
{ "requested_token_type", "urn:ietf:params:oauth:token-type:access_token" },
496504
{ "subject_token", bearerToken },
497-
{ "audience", "fa3st" }
505+
{ "audience", audience }
498506
};
499507
var request = new HttpRequestMessage(HttpMethod.Post, $"{tokenExchange2}/token")
500508
{

src/AasxServerBlazor/Properties/launchSettings.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,8 @@
2020
"EVENT2": "http://localhost:5002/submodels/aHR0cHM6Ly9pNGQuZGUvVC8zMjA5NTEwL3N1Ym1vZGVsL05hbWVwbGF0ZS9yZWNlaXZlcg/events/EventElement1",
2121
"AASX_MQTT": "1",
2222
"TOKENEXCHANGE1": "https://iam-security-training.com/consumer/sts",
23-
"TOKENEXCHANGE2": "https://iam-security-training.com/provider/sts"
23+
"TOKENEXCHANGE2": "https://iam-security-training.com/provider/sts",
24+
"TOKENEXCHANGE_AUDIENCE": "fa3st"
2425
},
2526
"applicationUrl": "http://localhost:5001",
2627
"jsWebView2Debugging": true

0 commit comments

Comments
 (0)