Reading through the ASP.NET backend setup for FusionAuth, in terms of configuration settings, this is all that's required:
"Authentication": {
"Schemes": {
"Bearer": {
"Authority": "http://localhost:9011",
"ValidAudiences": [
"e9fdb985-9173-4e01-9d73-ac2d60d1dc8e"
]
}
}
}
Because there's no client secret, I'm wondering how the token is validated without the api server needing to communicate with the FusionAuth authorization server? Should the ValidAudience uuid be considered sensitive data?
Thanks!