mattbajorek/Startup.cs

## Startup.cs
...

public void ConfigureServices(IServiceCollection services)
{
  var Region = Configuration["AWSCognito:Region"];
  var PoolId = Configuration["AWSCognito:PoolId"];
  var AppClientId = Configuration["AWSCognito:AppClientId"];
  services
      .AddAuthentication(options =>
      {
          options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
          options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
      })
      .AddJwtBearer(options =>
      {
          options.SaveToken = true;
          options.TokenValidationParameters = new TokenValidationParameters
          {
              ValidateIssuerSigningKey = true,
              IssuerSigningKeyResolver = (s, securityToken, identifier, parameters) =>
              {
                  // Get JsonWebKeySet from AWS
                  var json = new WebClient().DownloadString(parameters.ValidIssuer + "/.well-known/jwks.json");
                  // Serialize the result
                  return JsonConvert.DeserializeObject<JsonWebKeySet>(json).Keys;
              },
              ValidateIssuer = true,
              ValidIssuer = $"https://cognito-idp.{Region}.amazonaws.com/{PoolId}",
              ValidateLifetime = true,
              LifetimeValidator = (before, expires, token, param) => expires > DateTime.UtcNow,
              ValidateAudience = true,
              ValidAudience = AppClientId,
          };
      });
}

public static void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
  ...

  app.UseAuthentication();

  ...
}

...
	...

	public void ConfigureServices(IServiceCollection services)
	{
	var Region = Configuration["AWSCognito:Region"];
	var PoolId = Configuration["AWSCognito:PoolId"];
	var AppClientId = Configuration["AWSCognito:AppClientId"];
	services
	.AddAuthentication(options =>
	{
	options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
	options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
	})
	.AddJwtBearer(options =>
	{
	options.SaveToken = true;
	options.TokenValidationParameters = new TokenValidationParameters
	{
	ValidateIssuerSigningKey = true,
	IssuerSigningKeyResolver = (s, securityToken, identifier, parameters) =>
	{
	// Get JsonWebKeySet from AWS
	var json = new WebClient().DownloadString(parameters.ValidIssuer + "/.well-known/jwks.json");
	// Serialize the result
	return JsonConvert.DeserializeObject<JsonWebKeySet>(json).Keys;
	},
	ValidateIssuer = true,
	ValidIssuer = $"https://cognito-idp.{Region}.amazonaws.com/{PoolId}",
	ValidateLifetime = true,
	LifetimeValidator = (before, expires, token, param) => expires > DateTime.UtcNow,
	ValidateAudience = true,
	ValidAudience = AppClientId,
	};
	});
	}

	public static void Configure(IApplicationBuilder app, IHostingEnvironment env)
	{
	...

	app.UseAuthentication();

	...
	}

	...