Configurable host for demo deployment on larcanum.net

CredentialManager.cs

@@ -175,8 +175,8 @@ public class CredentialManager
     
         var token = JwtBuilder.Create()
             .WithAlgorithm(new RS256Algorithm(_rsa, _rsa))
-            .Issuer("http://localhost:5172")
-            .Audience("http://localhost:5172")
+            .Issuer(_jwtConfig.Host)
+            .Audience(_jwtConfig.Host)
             .IssuedAt(DateTime.UtcNow)
             .ExpirationTime(DateTime.UtcNow.AddHours(1))
             .Subject(optionsWithName.Name)

JwtConfig.cs

@@ -5,4 +5,5 @@ namespace Passwordless;
 public class JwtConfig()
 {
     public JsonWebKey? Key { get; set; }
+    public string Host { get; set; } = String.Empty;
 }

Program.cs

@@ -7,6 +7,8 @@ using Passwordless;
 
 // TODO: RoslynPad code for key generation
 var jwk = JsonWebKey.Create(File.ReadAllText("./demo-jwk.json"));
+//var host = "http://localhost:5172";
+var host = "https://demo.larcanum.net";
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -16,9 +18,10 @@ builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();
 builder.Services.AddFido2(options =>
 {
-    options.ServerDomain = "localhost";
+    // server domain MUST match the actual domain name that the client uses to make the request from
+    options.ServerDomain = host.Substring(host.LastIndexOf("/", StringComparison.Ordinal) + 1);
     options.ServerName = "FIDO2 Test";
-    options.Origins = ["http://localhost:5172"];
+    options.Origins = [host];
     options.TimestampDriftTolerance = 300000;
 });
 builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
@@ -38,12 +41,12 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             }
         };
         options.RequireHttpsMetadata = false; // dev only!!!
-        options.Authority = "http://localhost:5172";
+        options.Authority = host;
         options.TokenValidationParameters = new TokenValidationParameters
         {
             IssuerSigningKey = jwk,
-            ValidIssuer = "http://localhost:5172",
-            ValidAudience = "http://localhost:5172",
+            ValidIssuer = host,
+            ValidAudience = host,
             NameClaimType = ClaimTypes.NameIdentifier, // important to get the "sub" claim mapped to User.Identity.Name
             RoleClaimType = ClaimTypes.Role,
         };
@@ -56,7 +59,11 @@ builder.Services.AddAuthorization(authorizationOptions =>
         .RequireRole("grunt"));
 });
 builder.Services.AddMemoryCache();
-builder.Services.Configure<JwtConfig>(config => config.Key = jwk);
+builder.Services.Configure<JwtConfig>(config =>
+{
+    config.Key = jwk;
+    config.Host = host;
+});
 builder.Services.AddTransient<OptionsCache>();
 builder.Services.AddTransient<CredentialManager>();
 

Properties/launchSettings.json

@@ -11,6 +11,16 @@
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
     },
+    "demo.larcanum.net": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": false,
+      "launchUrl": "swagger",
+      "applicationUrl": "http://0.0.0.0:8765",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
     "https": {
       "commandName": "Project",
       "dotnetRunMessages": true,

data/pixlar.json

@@ -0,0 +1,16 @@
+{
+  "PublicKey": "pQECAyYgASFYIGmLJhEMdFurBdbLK0IFtFnNTOdPT-KUfo2DSEUS4tlqIlggLz9Ms0MUmS7nttR3nkyjY_cPqy5rIbmLeEl1kfpUKdU",
+  "User": {
+    "name": "pixlar",
+    "id": "UGl4TEFS",
+    "displayName": "PixLAR"
+  },
+  "CredType": "none",
+  "Aaguid": "00000000-0000-0000-0000-000000000000",
+  "AttestationCertificate": null,
+  "AttestationCertificateChain": [],
+  "CredentialId": "AUaVZoW6gV0Z3T3fX9yR2EO49nSwgXphbs67Aqcq/8ttQ6/byO1tW6F9qq6YG08mnluYtsYV9gjI5n0lbKLHeG0=",
+  "Counter": 1,
+  "status": null,
+  "errorMessage": null
+}