Coming soon: Your brand new Help Center & Community! Get a sneak-peek here

How to validate the JWT in tenant notifications using .net core 3.1 or later

Hi!

I'm trying to create a webservice to get notifications about tenant status.

It's all well described in the docs (Parse notifications | SuperOffice Docs) but the example for parsing the notification and validating the JWT is based on net472 and SuperIdTokenHandler.

Is there examples of how to validate the JWT when using .net core 3.1 or later?

Best regards

Gunnar Stensby

RE: How to validate the JWT in tenant notifications using .net core 3.1 or later

Hi Gunnar,

Yes. Token validation is discussed under the developer/api section of the site . We have the SuperOffice.WebApi nuget package (.NET Standard 2.0) that has built-in support for validating tokens.

Hope this helps!

Af: Tony Yates 16. aug 2021

RE: How to validate the JWT in tenant notifications using .net core 3.1 or later

Thank's for the prompt reply!

I'll use the suggested SuperOffice.WebApi nuget package.

So if I understand this correctly I'll have to know for which app of ours that the tenant status is reported?
This because of the dependency of the client_id (Application ID)?
If this is the case then we'll get a notification per app if a tenants' status i changed?

Is there an easy way of testing the tenant status notification with a proper JWT?

Thanks!

Af: Gunnar Stensby 16. aug 2021

RE: How to validate the JWT in tenant notifications using .net core 3.1 or later

Hi Gunnar,

Yes, you understand it correctly.

If you have two applications authorized by a tenant, and both applications are configured to receive notifications, you will receive one notification for each authorized application per tenant.

There is no easy way to test this, no. I recommend you send an email to appdev@superoffice.com and schedule a remote meeting when one of us are able to trigger a change event, and you can then verify you are able to receive and validate it. Otherwise you have to wait for one of these events to occur in the SOD environment (which happens each release, sometimes sooner). 

Best regards.

Af: Tony Yates 16. aug 2021

RE: How to validate the JWT in tenant notifications using .net core 3.1 or later

Since we have several apps - do we need to register tenant notifications for each app or is it enough with one of them?
Or are the notifications dependent on which tenants that have installed the app(s)?

Af: Gunnar Stensby 16. aug 2021

RE: How to validate the JWT in tenant notifications using .net core 3.1 or later

Hi Gunnar,

Good questions. The determining factor is which tenant has authorized the application. When the application was first set up, SuperOffice presented the Authorization dialog which an Admin had to approve to give your application access to the tenants resources ( web services). 

So, when SuperOffice performs some maintenace or upgrade on a customer tenant, it generally searches for all authorized applications that tenant has approved, and then for each approved application that has a notification URL, a notification is sent with the appropriate information for the task being performed.

Alternatively, your applications can proactively check the tenant status and ensure availability that way.

Hope this helps!

Af: Tony Yates 16. aug 2021

RE: How to validate the JWT in tenant notifications using .net core 3.1 or later

Thanks for the clarification!

Best regards

Af: Gunnar Stensby 16. aug 2021