{"id":15675434,"url":"https://github.com/thangchung/fernet-dotnet","last_synced_at":"2025-05-07T00:23:06.661Z","repository":{"id":138511812,"uuid":"171867036","full_name":"thangchung/fernet-dotnet","owner":"thangchung","description":"Fernet generates and verifies HMAC-based authentication tokens","archived":false,"fork":false,"pushed_at":"2019-02-27T11:15:30.000Z","size":704,"stargazers_count":14,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-24T13:10:04.741Z","etag":null,"topics":["api","dotnet-core","fernet","hmac-sha256","jwt","token-authetication"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thangchung.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-21T12:22:37.000Z","updated_at":"2024-09-02T14:45:11.000Z","dependencies_parsed_at":"2023-03-16T19:15:34.987Z","dependency_job_id":null,"html_url":"https://github.com/thangchung/fernet-dotnet","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thangchung%2Ffernet-dotnet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thangchung%2Ffernet-dotnet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thangchung%2Ffernet-dotnet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thangchung%2Ffernet-dotnet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thangchung","download_url":"https://codeload.github.com/thangchung/fernet-dotnet/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252789198,"owners_count":21804410,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","dotnet-core","fernet","hmac-sha256","jwt","token-authetication"],"created_at":"2024-10-03T16:00:09.270Z","updated_at":"2025-05-07T00:23:06.607Z","avatar_url":"https://github.com/thangchung.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Fernet Token for .NET Core\n\nAuthenticated and encrypted API token using modern crypto.\n\n[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)\n[![Build status](https://ci.appveyor.com/api/projects/status/gltj8y3380xpg17m?svg=true)](https://ci.appveyor.com/project/thangchung/fernet-dotnet)\n[![version](https://img.shields.io/nuget/v/Fernet.svg?label=version)](https://www.nuget.org/packages?q=Fernet)\n\n## What?\n\n[Fernet](https://github.com/fernet/spec) which takes a user-provided message (an arbitrary sequence of bytes), a key (256 bits), and the current time, and produces a token, which contains the message in a form that can't be read or altered without the key.\n\n## Build\n\nBuild the library using .NET SDK.\n\n```bash\n$ cd src\\Fernet\n$ dotnet restore\n```\n\n## Testing\n\nYou can run tests either manually or automatically on every code change.\n\n```bash\n$ cd src\\FernetTests\n$ dotnet test\n```\n\n## Usage\n\n- Plaintext message\n\n```csharp\nvar key = SimpleFernet.GenerateKey().UrlSafe64Decode();\nvar src = \"hello\";\nvar src64 = src.ToBase64String();\n\nvar token = SimpleFernet.Encrypt(key, src64.UrlSafe64Decode());\nvar decoded64 = SimpleFernet.Decrypt(key, token, out var timestamp);\nvar decoded = decoded64.UrlSafe64Encode().FromBase64String();\n```\n\n- Array message\n\n```csharp\nvar key = SimpleFernet.GenerateKey().UrlSafe64Decode();\nvar src = \"[ 'id': '123456' ]\";\nvar src64 = src.ToBase64String();\n\nvar token = SimpleFernet.Encrypt(key, src64.UrlSafe64Decode());\nvar decoded64 = SimpleFernet.Decrypt(key, token, out var timestamp);\nvar decoded = decoded64.UrlSafe64Encode().FromBase64String();\n```\n\n### Integrate with IdentityServer 4 (ID4)\n\nID4 is an OpenID Connect and OAuth 2.0 Framework for ASP.NET Core. At the moment, it's not supporting Fernet token provider, then the solution for it is wrapping the JWT token inside the fernet token (I'm not sure it is a good solution, but it is a temperary solution working now). See the sample project for it in `samples` folder\n\n- [x] Custom `DefaultTokenCreationService` class to do the fernet encryption.\n\n```csharp\npublic class MyTokenCreationService : DefaultTokenCreationService\n{\n    public MyTokenCreationService(ISystemClock clock, IKeyMaterialService keys, ILogger\u003cDefaultTokenCreationService\u003e logger)\n        : base(clock, keys, logger)\n    {\n    }\n\n    protected override async Task\u003cstring\u003e CreateJwtAsync(JwtSecurityToken jwt)\n    {\n        var jwtToken = await base.CreateJwtAsync(jwt);\n        var jwt64Token = jwtToken.ToBase64String();\n\n        // this key should store in the KeyVault service, then we can securely access in anywhere\n        var key = \"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=\".UrlSafe64Decode();\n        var fernetToken = SimpleFernet.Encrypt(key, jwt64Token.UrlSafe64Decode());\n\n        return fernetToken;\n    }\n}\n```\n\nIn `Startup.cs`\n\n```csharp\nservices.AddSingleton\u003cITokenCreationService, MyTokenCreationService\u003e();\n```\n\n- [x] Write a middleware in `SampleApi` to catch the token before ID4 can get it, and decrypt it to normally JWT token.\n\n```csharp\napp.Use(async (context, next) =\u003e\n{\n    var token = context.Request.Headers[\"Authorization\"].ToString();\n\n    if (!string.IsNullOrEmpty(token))\n    {\n        var fernetToken = token.Substring(\"bearer\".Length + 1, token.Length - \"bearer\".Length - 1);\n\n        // this key should store in the KeyVault service, then we can securely access in anywhere\n        var key = \"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=\".UrlSafe64Decode();\n        var jwt64Token = SimpleFernet.Decrypt(key, fernetToken, out var timestamp);\n        var jwtToken = jwt64Token.UrlSafe64Encode().FromBase64String();\n\n        // we set it to authorization header, then the internal stack will work normally\n        context.Request.Headers[\"Authorization\"] = $\"Bearer {jwtToken}\";\n    }\n\n    await next.Invoke();\n});\n```\n\nRun 3 projects: `IdentityServer4`, `SampleApi`, and `ConsoleApp`, you will see as below\n\n![id4_fernet](artwork/id4_fernet.PNG?raw=true 'id4_fernet')\n\nLook into the `ConsoleApp`, you should see that we can access to `SampleApi` data. Happy hacking!\n\n_Notes_: we're still working on it, so please be care of using it on the production mode. That would be great if you can contact with us to discuss a best solution.\n\n## Contributing\n\nPlease see [CONTRIBUTING](CONTRIBUTING.md) for details.\n\n## Security\n\nIf you discover any security related issues, please email thangchung.onthenet@gmail.com instead of using the issue tracker.\n\n## License\n\nThe MIT License (MIT). Please see [License File](LICENSE.md) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthangchung%2Ffernet-dotnet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthangchung%2Ffernet-dotnet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthangchung%2Ffernet-dotnet/lists"}