Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/thangchung/fernet-dotnet

Fernet generates and verifies HMAC-based authentication tokens
https://github.com/thangchung/fernet-dotnet

api dotnet-core fernet hmac-sha256 jwt token-authetication

Last synced: 3 months ago
JSON representation

Fernet generates and verifies HMAC-based authentication tokens

Host: GitHub
URL: https://github.com/thangchung/fernet-dotnet
Owner: thangchung
License: mit
Created: 2019-02-21T12:22:37.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2019-02-27T11:15:30.000Z (almost 6 years ago)
Last Synced: 2024-04-29T01:03:15.825Z (9 months ago)
Topics: api, dotnet-core, fernet, hmac-sha256, jwt, token-authetication
Language: C#
Homepage:
Size: 688 KB
Stars: 13
Watchers: 3
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Fernet Token for .NET Core

Authenticated and encrypted API token using modern crypto.

[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)

[![Build status](https://ci.appveyor.com/api/projects/status/gltj8y3380xpg17m?svg=true)](https://ci.appveyor.com/project/thangchung/fernet-dotnet)

[![version](https://img.shields.io/nuget/v/Fernet.svg?label=version)](https://www.nuget.org/packages?q=Fernet)

## What?

[Fernet](https://github.com/fernet/spec) which takes a user-provided message (an arbitrary sequence of bytes), a key (256 bits), and the current time, and produces a token, which contains the message in a form that can't be read or altered without the key.

## Build

Build the library using .NET SDK.

```bash

$ cd src\Fernet

$ dotnet restore

```

## Testing

You can run tests either manually or automatically on every code change.

```bash

$ cd src\FernetTests

$ dotnet test

```

## Usage

- Plaintext message

```csharp

var key = SimpleFernet.GenerateKey().UrlSafe64Decode();

var src = "hello";

var src64 = src.ToBase64String();

var token = SimpleFernet.Encrypt(key, src64.UrlSafe64Decode());

var decoded64 = SimpleFernet.Decrypt(key, token, out var timestamp);

var decoded = decoded64.UrlSafe64Encode().FromBase64String();

```

- Array message

```csharp

var key = SimpleFernet.GenerateKey().UrlSafe64Decode();

var src = "[ 'id': '123456' ]";

var src64 = src.ToBase64String();

var token = SimpleFernet.Encrypt(key, src64.UrlSafe64Decode());

var decoded64 = SimpleFernet.Decrypt(key, token, out var timestamp);

var decoded = decoded64.UrlSafe64Encode().FromBase64String();

```

### Integrate with IdentityServer 4 (ID4)

ID4 is an OpenID Connect and OAuth 2.0 Framework for ASP.NET Core. At the moment, it's not supporting Fernet token provider, then the solution for it is wrapping the JWT token inside the fernet token (I'm not sure it is a good solution, but it is a temperary solution working now). See the sample project for it in `samples` folder

- [x] Custom `DefaultTokenCreationService` class to do the fernet encryption.

```csharp

public class MyTokenCreationService : DefaultTokenCreationService

{

    public MyTokenCreationService(ISystemClock clock, IKeyMaterialService keys, ILogger logger)

        : base(clock, keys, logger)

    {

    }

    protected override async Task CreateJwtAsync(JwtSecurityToken jwt)

    {

        var jwtToken = await base.CreateJwtAsync(jwt);

        var jwt64Token = jwtToken.ToBase64String();

        // this key should store in the KeyVault service, then we can securely access in anywhere

        var key = "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=".UrlSafe64Decode();

        var fernetToken = SimpleFernet.Encrypt(key, jwt64Token.UrlSafe64Decode());

        return fernetToken;

    }

}

```

In `Startup.cs`

```csharp

services.AddSingleton();

```

- [x] Write a middleware in `SampleApi` to catch the token before ID4 can get it, and decrypt it to normally JWT token.

```csharp

app.Use(async (context, next) =>

{

    var token = context.Request.Headers["Authorization"].ToString();

    if (!string.IsNullOrEmpty(token))

    {

        var fernetToken = token.Substring("bearer".Length + 1, token.Length - "bearer".Length - 1);

        // this key should store in the KeyVault service, then we can securely access in anywhere

        var key = "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=".UrlSafe64Decode();

        var jwt64Token = SimpleFernet.Decrypt(key, fernetToken, out var timestamp);

        var jwtToken = jwt64Token.UrlSafe64Encode().FromBase64String();

        // we set it to authorization header, then the internal stack will work normally

        context.Request.Headers["Authorization"] = $"Bearer {jwtToken}";

    }

    await next.Invoke();

});

```

Run 3 projects: `IdentityServer4`, `SampleApi`, and `ConsoleApp`, you will see as below

![id4_fernet](artwork/id4_fernet.PNG?raw=true 'id4_fernet')

Look into the `ConsoleApp`, you should see that we can access to `SampleApi` data. Happy hacking!

_Notes_: we're still working on it, so please be care of using it on the production mode. That would be great if you can contact with us to discuss a best solution.

## Contributing

Please see [CONTRIBUTING](CONTRIBUTING.md) for details.

## Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

## License

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.