{"id":16243338,"url":"https://github.com/svrooij/authenticationdemo","last_synced_at":"2025-04-08T10:55:09.303Z","repository":{"id":209822052,"uuid":"709754083","full_name":"svrooij/AuthenticationDemo","owner":"svrooij","description":null,"archived":false,"fork":false,"pushed_at":"2024-01-25T20:17:24.000Z","size":59,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-06T08:09:21.848Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://auth-demo.svrooij.io","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/svrooij.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-25T10:33:00.000Z","updated_at":"2024-01-28T13:17:06.000Z","dependencies_parsed_at":"2023-11-29T10:41:32.056Z","dependency_job_id":"b217f09f-d7ef-4446-89c7-ad630bc2116c","html_url":"https://github.com/svrooij/AuthenticationDemo","commit_stats":null,"previous_names":["svrooij/authenticationdemo"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/svrooij%2FAuthenticationDemo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/svrooij%2FAuthenticationDemo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/svrooij%2FAuthenticationDemo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/svrooij%2FAuthenticationDemo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/svrooij","download_url":"https://codeload.github.com/svrooij/AuthenticationDemo/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247829472,"owners_count":21002994,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-10T14:14:39.632Z","updated_at":"2025-04-08T10:55:09.287Z","avatar_url":"https://github.com/svrooij.png","language":"C#","readme":"# Authentication demo by [@svrooij](https://github.com/svrooij)\n\nThis project is to show how easy it is to enable JWT authentication on your api, with tokens from Entra ID.\n\nThe swagger ui for this demo api if available [here](https://auth-demo.svrooij.io/swagger/index.html).\n\n## Codetour available\n\n[![CodeTour badge][badge_codetour]][link_codetour]\n\nThis project uses [CodeTour][link_codetour] in [Visual Studio Code](https://code.visualstudio.com/) to describe how stuff works. If you want a detailed explanation on how JWT authentication works, I suggest to install this extension and follow the tour.\n\n## Additional information\n\nI blog a lot on security stuff, check it out [svrooij.io](https://svrooij.io)\n\n### Access your api with a managed identity\n\nNow that you have your api protected with a Entra ID, you can easily access it with a managed identity.\n\n1. Grant access to your api using [this post](https://svrooij.io/2023/06/19/assign-additional-permissions-to-service-principal/).\n2. Add code to get the token.\n\n```csharp\nusing Azure.Identity;\n...\n\nvar credentials = new ManagedIdentityCredential();\n// Replace the api://.../.default with `{appIDUri}/.default` (so your Application ID URI, with /.default suffix)\nvar tokenResult = await credentials.GetTokenAsync(new Azure.Core.TokenRequestContext(new[] { \"api://0a2dc1ae-040c-4228-9edf-f9e074127323/.default\" }));\n// the access token is in tokenResult.Token\n```\n\n### Sample scripts\n\nI've created some sample http requests you can use to call the api from VSCode as well.\n\n## Don't use Client Secrets\n\nEven though this demo api would allow you to use a secret for client credentials, I'm strongly advising against that. Please use a managed identity and if that is not an option, please use a certificate securely stored in the KeyVault (and accessed with a managed identity).\n\nIn [protection against certificate extraction](https://svrooij.io/2022/05/27/certificate-extraction-client-credentials/) I'll explain you all about the risks in someone extracting a secret or certificate.\n\n## During development\n\nDuring development, if you followed the tour, you have three options.\n\n1. Automatically get a token using the built-in Token client in the swagger api.\n2. Use my [Azure KeyVault Proxy](https://svrooij.io/2022/03/03/keyvault-proxy/) to get a token with your developer credentials, while the certificate is stored in the Key Vault without a way to extract it.\n3. Build a small console app that just creates a token for you using the msal client library, and set that in a variable to use during testing.\n\n[badge_codetour]: https://img.shields.io/badge/VSCode-CodeTour-orange?style=for-the-badge\u0026logo=visualstudiocode\n[link_codetour]: https://marketplace.visualstudio.com/items?itemName=vsls-contrib.codetour\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsvrooij%2Fauthenticationdemo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsvrooij%2Fauthenticationdemo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsvrooij%2Fauthenticationdemo/lists"}