Skip to content

Commit 17e01d0

Browse files
jmprieurjmprieur
authored
Update README.md
1 parent 801f2ed commit 17e01d0

File tree

1 file changed

+37
-0
lines changed

1 file changed

+37
-0
lines changed

Microsoft.Identity.Web/README.md

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -338,6 +338,43 @@ In order to troubleshoot your web API you can set the `subscribeToJwtBearerMiddl
338338

339339
In both cases, you can set a breakpoint in the methods of the `OpenIdConnectMiddlewareDiagnostics` and `JwtBearerMiddlewareDiagnostics` classes respectively to observe values under the debugger.
340340

341+
## Doing more
342+
343+
If you want to customize the `OpenIdConnectOption` or `JwtBearerOption` but still want to benefit from the implementation provided by Microsoft.Identity.Web, you can easily do it from your `Startup.cs` file:
344+
345+
Lets take for example the method `AddProtectedWebApi`. If you check the code inside it, you have this event setup:
346+
347+
```
348+
options.Events.OnTokenValidated = async context =>
349+
{
350+
// This check is required to ensure that the Web API only accepts tokens from tenants where it has been consented and provisioned.
351+
if (!context.Principal.Claims.Any(x => x.Type == ClaimConstants.Scope)
352+
&& !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Scp)
353+
&& !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Roles))
354+
{
355+
throw new UnauthorizedAccessException("Neither scope or roles claim was found in the bearer token.");
356+
}
357+
358+
await Task.FromResult(0);
359+
};
360+
```
361+
362+
Lets say you want to augment the current `ClaimsPrincipal` by adding claims to it, and you have to do it on `OnTokenValidated `, however you don't want to lose this `UnauthorizedAccessException` check existing in the event. To do so, on your `Startup.cs` you would have:
363+
364+
```
365+
services.AddProtectedWebApi(Configuration);
366+
services.Configure<JwtBearerOptions>(AzureADDefaults.JwtBearerAuthenticationScheme, options =>
367+
{
368+
var existingOnTokenValidatedHandler = options.Events.OnTokenValidated ;
369+
options.Events.OnTokenValidated = async context =>
370+
{
371+
await existingOnTokenValidatedHandler(context);
372+
// your code to add extra claims that will be executed after the current event implementation.
373+
}
374+
}
375+
376+
```
377+
341378
## Learn more how the library works
342379

343380
You can learn more about the tokens by looking at the following articles in MSAL.NET's conceptual documentation:

0 commit comments

Comments
 (0)