Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cythral/identity-client

Auto-generated client for Brighid Identity using NSwag on .NET. Capable of automatically fetching and refreshing tokens using the client credentials grant type.
https://github.com/cythral/identity-client

csharp dotnet nswag oauth2 oauth2-client openid-connect swagger

Last synced: about 1 month ago
JSON representation

Auto-generated client for Brighid Identity using NSwag on .NET. Capable of automatically fetching and refreshing tokens using the client credentials grant type.

Host: GitHub
URL: https://github.com/cythral/identity-client
Owner: cythral
License: mit
Created: 2021-04-21T22:58:57.000Z (almost 4 years ago)
Default Branch: master
Last Pushed: 2024-03-09T18:36:58.000Z (11 months ago)
Last Synced: 2024-12-14T05:47:21.981Z (about 2 months ago)
Topics: csharp, dotnet, nswag, oauth2, oauth2-client, openid-connect, swagger
Language: C#
Homepage:
Size: 889 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

        [![codecov](https://codecov.io/gh/cythral/identity-client/branch/master/graph/badge.svg?token=jeVQjG3V4y)](https://codecov.io/gh/cythral/identity-client)

## Installation

```

dotnet add package Brighid.Identity.Client

```

## Security Recommendations

### Protecting the Client Secret

### In-Process Approach

1. Encrypt the client secret before passing it in as an environment variable.

2. When configuring Brighid Identity with `services.ConfigureBrighidIdentity(configuration)`, supply a class that extends IdentityConfig.  This will be wrapped in an `IOptions` and injected into the Service Container.

3. Have your Host pull the `IOptions` from the container on startup, decrypt the client secret, and re-assign it to the `TConfig.ClientSecret` property un-encrypted.  This can be done in an `IHostedService`.  If using [Lambdajection](https://github.com/cythral/lambdajection), this can be done automatically.

### Parent-Child Process / Layered Approach

1. Encrypt the client secret before passing it in as an environment variable.

2. Create a parent process that first decrypts that client secret and reassigns the environment variable with the decrypted text.

3. After decrypting the client secret, have the parent process start the child process (dotnet), which will inherit the decrypted environment variable.

With either approach, it is recommended to use your own configuration class that inherits from `IdentityConfig`.  This is because the options wrapper will be injected into the service container - and any third party service will be able to pull it and see the decrypted client secret.  By using your own IdentityConfig class, this makes it harder to figure out which `IOptions` service contains the client secret.