Samhammer.Authentication.Api
6.1.2
See the version list below for details.
dotnet add package Samhammer.Authentication.Api --version 6.1.2
NuGet\Install-Package Samhammer.Authentication.Api -Version 6.1.2
<PackageReference Include="Samhammer.Authentication.Api" Version="6.1.2" />
paket add Samhammer.Authentication.Api --version 6.1.2
#r "nuget: Samhammer.Authentication.Api, 6.1.2"
// Install Samhammer.Authentication.Api as a Cake Addin #addin nuget:?package=Samhammer.Authentication.Api&version=6.1.2 // Install Samhammer.Authentication.Api as a Cake Tool #tool nuget:?package=Samhammer.Authentication.Api&version=6.1.2
Samhammer.Authentication.Api
This provides a way to secure your api with keycloak jwt bearer authentication.
How to add this to your project:
- reference this nuget package: https://www.nuget.org/packages/Samhammer.Authentication.Api/
How to use:
Keycloak JWT Authentication
Add it to your api.
public void ConfigureServices(IServiceCollection services)
{
services.AddJwtAuthentication()
.AddKeycloak(Configuration);
}
public void Configure(IApplicationBuilder app)
{
app.UseAuthentication();
app.UseAuthorization();
}
Api calls requires auhorization header with an JWT token from keycloak.
POST https://myapi/action HTTP/1.1
Auhorization: Bearer JwtTokenContent
If you pass "IConfiguration" instead of "Action<ApiAuthOptions>" to "AddKeycloak" add the following to appsettings.json:
"ApiAuthOptions": {
"Issuer": "<<KeycloakTokenIssuerUrl>>",
"ClientId": "<<ClientIdRepresentingYourApp>>",
"NameClaim": "<<NameOfClaimWhichShouldBeSetToNameClaim>>"
}
NameClaim is optional and default value is "preferred_username"
Guest Authentication
Add it to your api.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(GuestAuthenticationDefaults.AuthenticationScheme)
.AddGuest(Configuration);
}
Api calls requires header guestid with an "Version 4 UUID".
POST https://myapi/action HTTP/1.1
guestid: 1c11792b-538f-4908-992d-6570bb268e60
If you pass "IConfiguration" instead of "Action<GuestAuthOptions>" to "AddGuest" you can can override the default settings in appsettings.json:
"GuestAuthOptions": {
"Enabled": true,
"Name": "guest-[GuestID]",
"Role": "SomeGuestRole",
"Validator": "[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}"
}
Mixed Authentication
You can also setup both authentication types. In the example below jwt keycloak will be the default.
public void ConfigureServices(IServiceCollection services)
{
services.AddJwtAuthentication()
.AddKeycloak(Configuration)
.AddGuest(Configuration);
}
You can setup your supported authentication types on each controller action per attribute.
[HttpPost]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme + ", " + GuestAuthenticationDefaults.AuthenticationScheme)]
public async Task<IActionResult> ActionForBoth()
{}
[HttpPost]
[Authorize(GuestAuthenticationDefaults.AuthenticationScheme)]
public async Task<IActionResult> ActionForGuests()
{}
Samhammer.Authentication.Client
The library provides extension methods for authentication client. This library is using Duende.AccessTokenManagement under the hood.
Currently, we have the ClientCredentialsConfigureExtensions class which provides an extension method for ClientCredentialsClient to add a client with options monitor support. Ensure to call extension method AddClientCredentialsTokenManagement of Duende before!
How to use in Program.cs
builder.Services.AddDistributedMemoryCache();
builder.Services.AddClientCredentialsTokenManagement();
builder.Services.AddClientCredentialsOptions<ApiAuthOptions>("defaultAuth", (client, authOptions) =>
{
client.TokenEndpoint = authOptions.AccessTokenUrl;
client.ClientId = authOptions.ClientId;
client.ClientSecret = authOptions.ClientSecret;
});
builder.Services
.AddHttpClient<TInterface, TService>())
.AddClientCredentialsTokenHandler("defaultAuth");
Contribute
How to publish a nuget package
- Create a tag and let the github action do the publishing for you
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 6.0.1)
- Newtonsoft.Json (>= 13.0.1)
- Samhammer.Authentication.Abstractions (>= 6.1.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.