dark-loop · artmasa · Feb 11, 2024 · Feb 11, 2024
diff --git a/README.md b/README.md
@@ -93,4 +93,7 @@ public class Functions
 ## Change log
 Adding change log starting with version 3.1.3
 
-### 3.1.3
+### 3.1.3
+- #### Remove Functions bult-in JwtBearer configuration by default (Breaking change?)
+  Azure Functions recently [added configuration](https://github.com/Azure/azure-functions-host/pull/9678) for issuer and audience validation for the default authentication flows, not the one supported by this package through `FunctionAuthorizeAttribute`, which interferes with token validation when using our own Bearer scheme token configuration.
+  In prior versions, this package has functionality to clear Functions built-in configuration, but it was not enabled by default when using `AddJwtBearer(Action<JwtBearerOptions> configure, bool removeBuiltInConfig = false)`. Since the use of this package is commonly used for custom JWT token, the default value of `removeBuiltInConfig` is now `true`.
diff --git a/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsAuthenticationBuilder.cs b/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsAuthenticationBuilder.cs
@@ -21,9 +21,10 @@ internal FunctionsAuthenticationBuilder(IServiceCollection services)
         /// and all HTTP functions are applied the Admin level after a token is validated.
         /// </summary>
         /// <param name="removeBuiltInConfig">A value indicating whether remove the built-in configuration for JWT.
-        /// Bearer scheme is still in place, but Admin level is not set incoming requests.</param>
+        /// Bearer scheme is still in place, but Admin level is not set for incoming requests.
+        /// <para>When setting this value to <c>true</c> (default) all existing configuration will be removed.</para></param>
         /// <returns>A instance of the <see cref="FunctionsAuthenticationBuilder"/></returns>
-        public FunctionsAuthenticationBuilder AddJwtBearer(bool removeBuiltInConfig = false)
+        public FunctionsAuthenticationBuilder AddJwtBearer(bool removeBuiltInConfig = true)
         {
             return this.AddJwtBearer(delegate { }, removeBuiltInConfig);
         }
@@ -35,18 +36,25 @@ public FunctionsAuthenticationBuilder AddJwtBearer(bool removeBuiltInConfig = fa
         /// <param name="configureOptions">An action configuring the JWT options for authentication. 
         /// <para>When <see cref="removeBuiltInConfig"/> is set to false, it enhances the built-in configuration for the scheme</para></param>
         /// <param name="removeBuiltInConfig">A value indicating whether remove the built-in configuration for JWT.
-        /// Bearer scheme is still in place, but Admin level is not set incoming requests.</param>
+        /// Bearer scheme is still in place, but Admin level is not set incoming requests.
+        /// <para>When setting this value to <c>true</c> (default) all existing configuration will be removed.</para></param>
         /// <returns>A instance of the <see cref="FunctionsAuthenticationBuilder"/></returns>
-        public FunctionsAuthenticationBuilder AddJwtBearer(Action<JwtBearerOptions> configureOptions, bool removeBuiltInConfig = false)
+        public FunctionsAuthenticationBuilder AddJwtBearer(Action<JwtBearerOptions> configureOptions, bool removeBuiltInConfig = true)
         {
             if(removeBuiltInConfig)
             {
-                var descriptor = Services.FirstOrDefault(s => s.ServiceType == typeof(IConfigureOptions<JwtBearerOptions>));
-                var instance = descriptor?.ImplementationInstance as ConfigureNamedOptions<JwtBearerOptions>;
+                var descriptors = Services
+                    .Where(s => s.ServiceType == typeof(IConfigureOptions<JwtBearerOptions>))
+                    .ToList();
 
-                if (instance?.Name == "Bearer")
+                foreach (var descriptor in descriptors)
                 {
-                    Services.Remove(descriptor);
+                    var instance = descriptor?.ImplementationInstance as ConfigureNamedOptions<JwtBearerOptions>;
+
+                    if (instance?.Name == "Bearer")
+                    {
+                        Services.Remove(descriptor);
+                    }
                 }
             }