The Wayback Machine - https://web.archive.org/web/20220129015701/https://github.com/dotnet/aspnetcore/issues/39857
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Developers can easily work with JWT bearer authentication for API apps during development #39857

Open
DamianEdwards opened this issue Jan 29, 2022 · 0 comments
Open

Developers can easily work with JWT bearer authentication for API apps during development #39857

DamianEdwards opened this issue Jan 29, 2022 · 0 comments
Labels
area-commandlinetools area-security Epic Needs: Design

Comments

@DamianEdwards
Copy link
Contributor

@DamianEdwards DamianEdwards commented Jan 29, 2022
edited

WIP

Basic idea is to do for JWT bearer authentication what we did for HTTPS in development, i.e. make it extremely easy to configure apps to use JWT bearer authentication in development, without the need for a discrete token issuing server.

  • Enable the management of a cert for signing and verification of dev-time JWTs via dotnet dev-certs jwt. Like the HTTPS cert this would be initialized during SDK setup/first-run
  • Enable the management of JWTs for a given project via a new CLI tool dotnet dev-jwts which is similar to the existing dotnet user-secrets tool but for issuing and managing JWTs
  • Ensure the default AuthenticationBuilder.AddJwtBearer() overloads configure the application to accept dev JWTs as valid when in the development environment
  • Leverage improvements from #39855 and #39840

Example Minimal APIs using dev JWTs

> dotnet new webapi -minimal -o MyApi
> cd MyApi
MyApi> dotnet dev-jwts list
Could not find the global property 'UserSecretsId' in MSBuild project 'MyApi/MyApi.csproj'. Ensure this property is set in the project or use the 'dotnet user-secrets init' command to initialize this project.
MyApi> dotnet user-secrets init
Set UserSecretsId to '4105052b-5b99-4fff-8fc1-9d6c59887d0a' for MSBuild project 'MyApi/MyApi.csproj'.
MyApi> dotnet dev-jwts list
No tokens configured for this application.
MyApi> dotnet dev-jwts create
Token created for user "damian":
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4iLCJpYXQiOjE1MTYyMzkwMjJ9.
MyApi> dotnet dev-jwts create --name privileged --claim scope="myapi:protected-access")"
Token created for user "privileged":
jHy8bGciOiJIUzIR5cCI61NiIsInIkpXVCIxMjM0NTweiuI6IkpvakwIiwiJ9.eyJzdWIiOibmFtZSG4iLCJpYMTYyMzkwMjJ9XQiOjE1.
MyApi> dotnet dev-jwts list
User        Issued               Expires    
------      -------------------  -------------------
damian      2022-01-28 17:37:34  2022-07-28 17:37:34
privileged  2022-01-28 17:37:48  2022-07-28 17:37:48
var builder = WebApplication.CreateBuilder(args);

builder.Authentication.AddJwtBearer();

var app = builder.Build();

app.MapGet("/hello", () => "Hello!");

app.MapGet("/hello-protected", () => "Hello, you are authorized to see this!")
    .RequireAuthorization(p => p.RequireClaim("scope", "myapi:protected-access"));

app.Run();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-commandlinetools area-security Epic Needs: Design
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
@DamianEdwards