Updates for Duende.AspNetCore.Authentication.JwtBearer

DuendeSoftware · Oct 25, 2024 · 9849e86 · 9849e86
1 parent 25e39e3
commit 9849e86
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 6 deletions.
diff --git a/IdentityServer/v7/docs/content/apis/aspnetcore/confirmation.md b/IdentityServer/v7/docs/content/apis/aspnetcore/confirmation.md
@@ -107,8 +107,7 @@ If you are using [DPoP]({{< ref "/tokens/pop/dpop" >}}) for proof-of-possession,
 In addition to the normal validation mechanics of the access token itself, DPoP requires additional validation of the DPoP proof token sent in the "DPoP" HTTP request header.
 DPoP proof token processing involves requiring the DPoP scheme on the authorization header where the access token is sent, JWT validation of the proof token, "cnf" claim validation, HTTP method and URL validation, replay detection (which requires some storage for the replay information), nonce generation and validation, additional clock skew logic, and emitting the correct response headers in the case of the various validation errors.
 
-Given that there are no off-the-shelf libraries that implement this, we have developed a full-featured sample implementation.
-With this sample the configuration necessary in your startup can be as simple as this:
+You can use the *Duende.AspNetCore.Authentication.JwtBearer* NuGet package to implement this validation. With this package, the configuration necessary in your startup can be as simple as this:
 
 ```cs
 // adds the normal JWT bearer validation
@@ -126,6 +125,12 @@ builder.Services.AddAuthentication("token")
 builder.Services.ConfigureDPoPTokensForScheme("token");
 ```
 
-You can find this sample [here]({{< ref "/samples/misc#DPoP" >}}). To use the
-*ConfigureDPoPTokensForScheme* shown above, copy the *~/Api/DPoP code from the
-sample into you APIs.
+You will also typically need a distributed cache, used to perform replay detection of DPoP
+proofs. Duende.AspNetCore.Authentication.JwtBearer relies on `IDistributedCache` for this,
+so you can supply the cache implementation of your choice. See the 
+[Microsoft documentation](https://learn.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-8.0)
+for more details on on setting up distributed caches, along with many examples, including Redis, CosmosDB, and
+Sql Server.
+
+A full sample using the default in memory caching is available
+[here](https://github.com/DuendeSoftware/Samples/tree/main/IdentityServer/v7/DPoP).
diff --git a/IdentityServer/v7/docs/content/samples/misc.md b/IdentityServer/v7/docs/content/samples/misc.md
@@ -18,7 +18,7 @@ This approach requires DNS entries for *mtls.localhost* and *api.localhost* to r
 ### DPoP
 This sample shows how to access APIs using DPoP for [proof of possession]({{<ref "/tokens/pop/dpop">}}).
 It contains two different clients; one that uses client credentials and DPoP tokens, and another that is an interactive ASP.NET Core app using code flow to obtain the DPoP bound tokens. Both clients demonstrate the use of the *Duende.AccessTokenManagement* library with DPoP.
-The sample also contains an API with the necessary helper code to accept and validate DPoP bound access tokens. 
+The sample also contains an API using the *Duende.AspNetCore.Authentication.JwtBearer* library to accept and validate DPoP bound access tokens. 
 
 [link to source code]({{< param samples_base >}}/DPoP)