asp.net-mvc – jwt令牌多租户

我的问题是该应用程序将是多个我,所以我将有许多子域客户端
(Client1.myapp.com,client2.myapp.com,client3.myapp.com)

服务器端我管理蜜蜂的应用程序将接受一个参数,该参数将成为租户的名称.
一些例子：

apimyapp.com/client1/api/generateToken

apimyapp.com/client2/api/generateToken

apimyapp.com/client3/api/generateToken

现在,如果我从client1创建令牌,并且我调用了apimyapp.com/client2/api/users(在client1生成的令牌中插入标头,但是调用client2)

我验证令牌.

相反,我希望令牌仅对生成它的租户有效.

在我的startup.cs中：

app.UseJwtBearerAuthentication(new JwtBearerOptions()
        {
            AutomaticAuthenticate = true,AutomaticChallenge = true,TokenValidationParameters = new TokenValidationParameters()
            {
                ValidIssuer = _config["Tokens:Issuer"],ValidAudience = _config["Tokens:Audience"],ValidateIssuerSigningKey = true,IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Tokens:Key"])),ValidateLifetime = true
            }
        });

并在我的控制器中生成令牌：

var userClaims =  _userManagerRepository.GetClaims(user);

    var claims = new[]
    {
        new Claim(JwtRegisteredClaimNames.Sub,user.UserName),new Claim(JwtRegisteredClaimNames.Jti,Guid.NewGuid().ToString()),new Claim(JwtRegisteredClaimNames.GivenName,new Claim(JwtRegisteredClaimNames.FamilyName,new Claim(JwtRegisteredClaimNames.Email,user.Email)
    }.Union(userClaims);

    var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Tokens:Key"]));
    var creds = new SigningCredentials(key,SecurityAlgorithms.HmacSha256);

    var token = new JwtSecurityToken(
        issuer: _config["Tokens:Issuer"],audience: _config["Tokens:Audience"],claims: claims,expires: DateTime.UtcNow.AddMinutes(90),signingCredentials: creds
    );