Samhammer.Authentication.Api 8.0.0

dotnet add package Samhammer.Authentication.Api --version 8.0.0                
NuGet\Install-Package Samhammer.Authentication.Api -Version 8.0.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Samhammer.Authentication.Api" Version="8.0.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Samhammer.Authentication.Api --version 8.0.0                
#r "nuget: Samhammer.Authentication.Api, 8.0.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Samhammer.Authentication.Api as a Cake Addin
#addin nuget:?package=Samhammer.Authentication.Api&version=8.0.0

// Install Samhammer.Authentication.Api as a Cake Tool
#tool nuget:?package=Samhammer.Authentication.Api&version=8.0.0                

Samhammer.Authentication.Api

This provides a way to secure your api with keycloak jwt bearer authentication.

How to add this to your project:
How to use:

Keycloak JWT Authentication

Add it to your api.

public void ConfigureServices(IServiceCollection services)
{
    services.AddJwtAuthentication()
        .AddKeycloak(Configuration);
}

public void Configure(IApplicationBuilder app)
{
    app.UseAuthentication();
    app.UseAuthorization();
}

Api calls requires auhorization header with an JWT token from keycloak.

POST https://myapi/action HTTP/1.1
Auhorization: Bearer JwtTokenContent

If you pass "IConfiguration" instead of "Action<ApiAuthOptions>" to "AddKeycloak" add the following to appsettings.json:

"ApiAuthOptions": {
    "Issuer": "<<KeycloakTokenIssuerUrl>>",
    "ClientId": "<<ClientIdRepresentingYourApp>>",
    "NameClaim": "<<NameOfClaimWhichShouldBeSetToNameClaim>>"
}

NameClaim is optional and default value is "preferred_username"

Guest Authentication

Add it to your api.

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(GuestAuthenticationDefaults.AuthenticationScheme)
        .AddGuest(Configuration);
}

Api calls requires header guestid with an "Version 4 UUID".

POST https://myapi/action HTTP/1.1
guestid: 1c11792b-538f-4908-992d-6570bb268e60

If you pass "IConfiguration" instead of "Action<GuestAuthOptions>" to "AddGuest" you can can override the default settings in appsettings.json:

"GuestAuthOptions": {
    "Enabled": true,
    "Name": "guest-[GuestID]",    
    "Role": "SomeGuestRole",
    "Validator": "[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}"
}

Mixed Authentication

You can also setup both authentication types. In the example below jwt keycloak will be the default.

public void ConfigureServices(IServiceCollection services)
{
    services.AddJwtAuthentication()
        .AddKeycloak(Configuration)
        .AddGuest(Configuration);
}

You can setup your supported authentication types on each controller action per attribute.

[HttpPost]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme + ", " + GuestAuthenticationDefaults.AuthenticationScheme)]
public async Task<IActionResult> ActionForBoth()
{}

[HttpPost]
[Authorize(GuestAuthenticationDefaults.AuthenticationScheme)]
public async Task<IActionResult> ActionForGuests()
{}

Samhammer.Authentication.Client

The library provides extension methods for authentication client. This library is using Duende.AccessTokenManagement under the hood.

See https://github.com/DuendeSoftware/Duende.AccessTokenManagement/wiki/Customizing-Client-Credentials-Token-Management

Currently, we have the ClientCredentialsConfigureExtensions class which provides an extension method for ClientCredentialsClient to add a client with options monitor support. Ensure to call extension method AddClientCredentialsTokenManagement of Duende before!

How to use in Program.cs

builder.Services.AddDistributedMemoryCache();
builder.Services.AddClientCredentialsTokenManagement();

builder.Services.AddClientCredentialsOptions<ApiAuthOptions>("defaultAuth", (client, authOptions) =>
{
    client.TokenEndpoint = authOptions.AccessTokenUrl;
    client.ClientId = authOptions.ClientId;
    client.ClientSecret = authOptions.ClientSecret;
});

builder.Services
    .AddHttpClient<TInterface, TService>())
    .AddClientCredentialsTokenHandler("defaultAuth");

Contribute

How to publish a nuget package
  • Create a tag and let the github action do the publishing for you
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
8.0.0 4,042 3/8/2024
6.1.2 4,970 4/14/2023
6.1.1 2,242 4/10/2023
6.1.0 198 4/10/2023
6.0.2 248 3/30/2023
6.0.1 5,678 5/16/2022
6.0.0 4,734 1/20/2022
1.2.2 480 1/12/2022
1.2.1 4,214 10/27/2020
1.2.0 423 10/26/2020
1.1.0 4,988 6/8/2020
1.0.0 1,477 4/22/2020