0
cmthomps created
I'm trying to determine which keys/secrets in appsettings.config need to change for the purposes of securing our site.
There are a couple places in the default config file where there appear to be keys that should change. Specifically here:
"Clients": [
{
"ClientId": "client",
"AllowedGrantTypes": [ "password" ],
"ClientSecrets": [
{
"Value": "def2edf7-5d42-4edc-a84a-30136c340e13"
}
],
"AllowedScopes": [ "default-api" ]
},
And here:
"JwtBearer": {
"IsEnabled": "true",
"SecurityKey": "AbpZeroTemplate_8CFB2EC534E14D56",
"Issuer": "AbpZeroTemplate",
"Audience": "AbpZeroTemplate"
},
Can these these two secrets be safely changed? Is the JwtBearer section necessary?
Thanks, Craig
1 Answer(s)
-
0
Can these these two secrets be safely changed?
Yes.
Is the JwtBearer section necessary?
It's used for token-based authentication: https://www.aspnetzero.com/Documents/Development-Guide-Core#token-based-authentication
