Hi,
I have this scenario where our API would serve multiple clients using their company federated identities.
That is, suppose User 1 works for Company A, User 2 for Company B, ..., User N with Company ?. Multiple users would be in each clients of course, but we have multiple potential clients for our API.
Assuming all of them use oAuth tokens, for simplicity, I would need to configure multiple authentication middlewares (I'm using 1.1), say the JWTBearerAuthentication, for each one of the clients.
Something I would use a configuration file setting with a loop at startup for easy setup.
And once the token is validated, I would need a separate handler to extract the data I need from the claims (sure to be different from client to client), in order to map the user to my database user, potentially creating it from the claims data.
Should I use MapWhen to configure each provider based on an element of the token, like the issuer?
Or use something else?
The idea is that I would not want to validate the token with each of the providers in the pipeline (it could get ugly).
Also I would like to use a single URL. I could enforce the use a header however.
I will continue investigating on my end, and post my eventual solution here of course, but if somebody has some insights to give me, I would greatly appreciate it...