Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/samhammerag/samhammer.authentication
Keycloak authentication for .NET Core projects
https://github.com/samhammerag/samhammer.authentication
net-core-project-lib
Last synced: 23 days ago
JSON representation
Keycloak authentication for .NET Core projects
- Host: GitHub
- URL: https://github.com/samhammerag/samhammer.authentication
- Owner: SamhammerAG
- License: mit
- Created: 2020-04-21T14:24:21.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-03-08T08:32:36.000Z (10 months ago)
- Last Synced: 2024-10-13T14:56:36.345Z (2 months ago)
- Topics: net-core-project-lib
- Language: C#
- Homepage:
- Size: 55.7 KB
- Stars: 6
- Watchers: 5
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
## Samhammer.Authentication.Api
This provides a way to secure your api with keycloak jwt bearer authentication.
#### How to add this to your project:
- reference this nuget package: https://www.nuget.org/packages/Samhammer.Authentication.Api/#### How to use:
### Keycloak JWT Authentication
Add it to your api.
```csharp
public void ConfigureServices(IServiceCollection services)
{
services.AddJwtAuthentication()
.AddKeycloak(Configuration);
}public void Configure(IApplicationBuilder app)
{
app.UseAuthentication();
app.UseAuthorization();
}
```Api calls requires auhorization header with an JWT token from keycloak.
```curl
POST https://myapi/action HTTP/1.1
Auhorization: Bearer JwtTokenContent
```If you pass "IConfiguration" instead of "Action\" to "AddKeycloak" add the following to appsettings.json:
```js
"ApiAuthOptions": {
"Issuer": "<>",
"ClientId": "<>",
"NameClaim": "<>"
}
```
NameClaim is optional and default value is "preferred_username"### Guest Authentication
Add it to your api.
```csharp
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(GuestAuthenticationDefaults.AuthenticationScheme)
.AddGuest(Configuration);
}
```Api calls requires header guestid with an "Version 4 UUID".
```curl
POST https://myapi/action HTTP/1.1
guestid: 1c11792b-538f-4908-992d-6570bb268e60
```If you pass "IConfiguration" instead of "Action\" to "AddGuest" you can can override the default settings in appsettings.json:
```js
"GuestAuthOptions": {
"Enabled": true,
"Name": "guest-[GuestID]",
"Role": "SomeGuestRole",
"Validator": "[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}"
}
```### Mixed Authentication
You can also setup both authentication types. In the example below jwt keycloak will be the default.```csharp
public void ConfigureServices(IServiceCollection services)
{
services.AddJwtAuthentication()
.AddKeycloak(Configuration)
.AddGuest(Configuration);
}
```You can setup your supported authentication types on each controller action per attribute.
```csharp
[HttpPost]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme + ", " + GuestAuthenticationDefaults.AuthenticationScheme)]
public async Task ActionForBoth()
{}[HttpPost]
[Authorize(GuestAuthenticationDefaults.AuthenticationScheme)]
public async Task ActionForGuests()
{}
```# Samhammer.Authentication.Client
The library provides extension methods for authentication client. This library is using Duende.AccessTokenManagement under the hood.
See https://github.com/DuendeSoftware/Duende.AccessTokenManagement/wiki/Customizing-Client-Credentials-Token-Management
Currently, we have the ClientCredentialsConfigureExtensions class which provides an extension method for ClientCredentialsClient to add a client with options monitor support. Ensure to call extension method AddClientCredentialsTokenManagement of Duende before!
## How to use in Program.cs
```csharp
builder.Services.AddDistributedMemoryCache();
builder.Services.AddClientCredentialsTokenManagement();builder.Services.AddClientCredentialsOptions("defaultAuth", (client, authOptions) =>
{
client.TokenEndpoint = authOptions.AccessTokenUrl;
client.ClientId = authOptions.ClientId;
client.ClientSecret = authOptions.ClientSecret;
});builder.Services
.AddHttpClient())
.AddClientCredentialsTokenHandler("defaultAuth");
```## Contribute
#### How to publish a nuget package
- Create a tag and let the github action do the publishing for you