Bearer

The bearer HTTP middleware verifies a Bearer Token using OpenID Connect on a Web API, without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code.

Component format

apiVersion: dapr.io/v1alpha1 kind: Component metadata:  name: bearer-token spec:  type: middleware.http.bearer  version: v1  metadata:  - name: audience  value: "<your token audience; i.e. the application's client ID>"  - name: issuer  value: "<your token issuer, e.g. 'https://accounts.google.com'>"   # Optional values  - name: jwksURL  value: "<JWKS URL, e.g. 'https://accounts.google.com/.well-known/openid-configuration'>" 

Spec metadata fields

Common values for issuer include:

• Auth0: https://{domain}, where {domain} is the domain of your Auth0 application
• Microsoft Entra ID: https://login.microsoftonline.com/{tenant}/v2.0, where {tenant} should be replaced with the tenant ID of your application, as a UUID
• Google: https://accounts.google.com
• Salesforce (Force.com): https://login.salesforce.com

Dapr configuration

To be applied, the middleware must be referenced in configuration. See middleware pipelines.

apiVersion: dapr.io/v1alpha1 kind: Configuration metadata:  name: appconfig spec:  httpPipeline:  handlers:  - name: bearer-token  type: middleware.http.bearer 

Related links

• Middleware
• Configuration concept
• Configuration overview