diff --git a/Intersect.Server/Web/Net7/ApiService.AppSettings.cs b/Intersect.Server/Web/Net7/ApiService.AppSettings.cs index 15c52794b3..cd3d79c000 100644 --- a/Intersect.Server/Web/Net7/ApiService.AppSettings.cs +++ b/Intersect.Server/Web/Net7/ApiService.AppSettings.cs @@ -87,9 +87,9 @@ private static void ValidateConfiguration() TokenGenerationOptions.DefaultRefreshTokenLifetime; } - if (apiConfiguration.TokenGenerationOptions.Secret.Length < 256) + if (apiConfiguration.TokenGenerationOptions.SecretData.Length < 64) { - apiConfiguration.TokenGenerationOptions.Secret = default; + apiConfiguration.TokenGenerationOptions.SecretData = default; if (apiConfiguration.TokenGenerationOptions.Secret == default) { throw new UnreachableException("This should be automatically re-generated."); diff --git a/Intersect.Server/Web/Net7/Configuration/TokenGenerationOptions.cs b/Intersect.Server/Web/Net7/Configuration/TokenGenerationOptions.cs index 132e8c9109..5c82f76382 100644 --- a/Intersect.Server/Web/Net7/Configuration/TokenGenerationOptions.cs +++ b/Intersect.Server/Web/Net7/Configuration/TokenGenerationOptions.cs @@ -28,7 +28,7 @@ public class TokenGenerationOptions [Required] public string Secret { - get => Convert.ToHexString(SecretData ??= RandomNumberGenerator.GetBytes(32)); + get => Convert.ToHexString(SecretData ??= RandomNumberGenerator.GetBytes(64)); set => SecretData = string.IsNullOrWhiteSpace(value) ? default : Convert.FromHexString(value); } diff --git a/Intersect.Server/Web/RestApi/Routes/OAuthController.cs b/Intersect.Server/Web/RestApi/Routes/OAuthController.cs index 42731b308c..85c9fdb749 100644 --- a/Intersect.Server/Web/RestApi/Routes/OAuthController.cs +++ b/Intersect.Server/Web/RestApi/Routes/OAuthController.cs @@ -235,6 +235,7 @@ private async Task IssueTokenFor(User user) { claims.Add(new Claim(ClaimTypes.Role, role)); } + var tokenDescriptor = new SecurityTokenDescriptor { Audience = _tokenGenerationOptions.Value.Audience,