{"id":21264361,"url":"https://github.com/rickdgray/jwt-auth-in-.net-7-api-template","last_synced_at":"2025-08-23T19:36:14.842Z","repository":{"id":147928855,"uuid":"618989949","full_name":"rickdgray/JWT-Auth-in-.NET-7-API-Template","owner":"rickdgray","description":"JWT Auth in .NET 7 API Template","archived":false,"fork":false,"pushed_at":"2023-05-03T04:03:02.000Z","size":33,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-21T22:43:27.962Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rickdgray.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-25T23:38:21.000Z","updated_at":"2024-12-05T13:21:05.000Z","dependencies_parsed_at":"2023-11-18T23:15:11.980Z","dependency_job_id":null,"html_url":"https://github.com/rickdgray/JWT-Auth-in-.NET-7-API-Template","commit_stats":null,"previous_names":["rickdgray/jwt-auth-in-.net-7-api-template"],"tags_count":0,"template":true,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rickdgray%2FJWT-Auth-in-.NET-7-API-Template","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rickdgray%2FJWT-Auth-in-.NET-7-API-Template/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rickdgray%2FJWT-Auth-in-.NET-7-API-Template/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rickdgray%2FJWT-Auth-in-.NET-7-API-Template/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rickdgray","download_url":"https://codeload.github.com/rickdgray/JWT-Auth-in-.NET-7-API-Template/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243701309,"owners_count":20333616,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-21T05:01:31.342Z","updated_at":"2025-03-15T07:46:14.574Z","avatar_url":"https://github.com/rickdgray.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# JWT Auth in .NET 7 API Template\n\nThis repo is an example of how to set up a basic API with authorization and authentication using identities.\n\n## Identity Entities\n\nOne of the key mistakes to make early on is to not inheret your application's `DbContext` from `IdentityDbContext`. It is a difficult change to make after your application is already established and when you inevitably need to implement identities, you are forced to either make a difficult database migration or, the more likely route, you simply set up a second `DbContext` specifically for identity. Avoiding this complication is as simple as inhereting from the `IdentityDbContext` from the beginning. There's no reason you cannot extend the user or role models either; you are free to add to them for things like user preferences.\n\n## Disabling Cookie Auth\n\nAnother point of contention you may see around the web is the issue of trying to force webapi to use JWT tokens _exclusively_. It is surprisingly difficult to convince the server to not automatically attach cookies on the responses. You may find some [examples](https://wildermuth.com/2018/04/10/Using-JwtBearer-Authentication-in-an-API-only-ASP-NET-Core-Project/) [here](https://www.c-sharpcorner.com/article/authentication-and-authorization-in-asp-net-5-with-jwt-and-swagger/) [and](https://stackoverflow.com/questions/53970230/dont-use-cookies-in-token-based-authentication-asp-net-core) [there](https://stackoverflow.com/questions/46323844/net-core-2-0-web-api-using-jwt-adding-identity-breaks-the-jwt-authentication) [and](https://www.reddit.com/r/dotnet/comments/8flq9r/net_core_why_does_identity_always_creates_cookies/) [everywhere](https://github.com/aspnet/Identity/issues/1376) that all mention one of three things: either use `.AddIdentity()` and just ignore the cookie, use `.AddIdentity()` and then subsequently delete the cookie on every request 😒, or use `.AddIdentityCore()`. If you are like me, then accepting the existence of the entirely useless cookie is not an option. So then what's the problem with `AddIdentityCore()`? The problem with it is that the [SignInManager](https://github.com/openiddict/openiddict-core/issues/578) is not properly added to the DI container by default and therefore is not available. Not only this, but the standard `PasswordSignInAsync()` method actually _relies_ on the cookie in the requests. So then what's the solution? \n\nCheck out the source code for [`AddIdentity()`](https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Core/src/IdentityServiceCollectionExtensions.cs#L38), [`AddIdentityCore()`](https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Extensions.Core/src/IdentityServiceCollectionExtensions.cs#L33), and the relatively newer methods called [`AddRoles()`](https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Extensions.Core/src/IdentityBuilder.cs#L185) and [`AddSignInManager()`](https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Core/src/IdentityBuilderExtensions.cs#L62). If you compare, you will find that with `AddIdentityCore()`, `AddRoles()` and `AddSignInManager()`, there is complete parity, it is just not documented anywhere.\n\nSo, the solution is to use these three methods to set up all necessary dependencies for handling authentication. As a bonus FYI, if you want to send and confirm verification emails, you will also need to load in the `.AddDefaultTokenProviders()`.\n\n```\nbuilder.Services\n    .AddIdentityCore\u003cAppUser\u003e()\n    .AddRoles\u003cAppRole\u003e()\n    .AddSignInManager\u003cSignInManager\u003cAppUser\u003e\u003e()\n    .AddDefaultTokenProviders()\n    .AddEntityFrameworkStores\u003cAppDbContext\u003e();\n```\n\nOh, but there's one more catch! The `PasswordSignInAsync()` depends on the cookie, remember? The solution is to simply use `CheckPasswordSignInAsync()` instead. It does depend on fetching the user object before calling, but works all the same.\n\nNow, __finally__, we have true JWT only authentication in our API.\n\n## Email Confirmation\n\nTodo\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frickdgray%2Fjwt-auth-in-.net-7-api-template","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frickdgray%2Fjwt-auth-in-.net-7-api-template","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frickdgray%2Fjwt-auth-in-.net-7-api-template/lists"}