Snail.Toolkit.Authentication.JwtBearer 1.0.0

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet add package Snail.Toolkit.Authentication.JwtBearer --version 1.0.0
                    


                    

                
NuGet\Install-Package Snail.Toolkit.Authentication.JwtBearer -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Snail.Toolkit.Authentication.JwtBearer" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Snail.Toolkit.Authentication.JwtBearer" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Snail.Toolkit.Authentication.JwtBearer" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Snail.Toolkit.Authentication.JwtBearer --version 1.0.0
                    


                    

                
#r "nuget: Snail.Toolkit.Authentication.JwtBearer, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Snail.Toolkit.Authentication.JwtBearer@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Snail.Toolkit.Authentication.JwtBearer&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Snail.Toolkit.Authentication.JwtBearer&version=1.0.0
                    


                            Install as a Cake Tool

Toolkit.Authentication.JwtBearer

A secure, production-ready JWT Bearer authentication extension for ASP.NET Core applications.

Installation

dotnet add package Snail.Toolkit.Authentication.JwtBearer

Configuration

Service Registration

// Program.cs
builder.Services.AddAuthJwtBearer(builder.Configuration);

Middleware Setup

// Program.cs
app.UseAuthentication();  // Must come before UseAuthorization
app.UseAuthorization();   // Required for [Authorize] attributes

appsettings.json Configuration

{
  "Jwt": {
    "Issuer": "your_issuer",
    "Audience": "your_audience",
    "SecretKey": "minimum_32_character_secure_key_here",
    "ValidateAudience": true,
    "ValidateIssuer": true,
    "ValidateLifetime": true,
    "ValidateIssuerSigningKey": true,
    "TokenLifetime": 60
  }
}
Configuration Options
Setting Required Default Description
Issuer Yes - Token publisher identifier
Audience Yes - Intended token recipient
SecretKey Yes - Minimum 32-character secure key
ValidateAudience No true Validate token audience
ValidateIssuer No true Validate token issuer
ValidateLifetime No true Validate token expiration
ValidateIssuerSigningKey No true Validate token signature
TokenLifetime No 60 Token validity in minutes

Advanced Usage

Custom JWT Bearer Options

builder.Services.AddAuthJwtBearer(builder.Configuration, options =>
{
    options.Events = new JwtBearerEvents
    {
        OnAuthenticationFailed = context =>
        {
            // Custom authentication failure handling
            return Task.CompletedTask;
        }
    };
});

Using with HashiCorp Vault

// Example using Vault integration
builder.Services.AddAuthJwtBearer(configuration, vaultOptions =>
{
    vaultOptions.RequireHttpsMetadata = false; // For dev environments only
});

Security Considerations

  1. Always use HTTPS in production
  2. Rotate SecretKey periodically
  3. Set appropriate TokenLifetime based on your security requirements
  4. Store SecretKey securely (consider using Azure Key Vault or AWS Secrets Manager)

Troubleshooting

Common Issues

  • Clock skew issues: Consider adjusting ClockSkew in validation parameters

Samples

1. Token Creation Example

// Create a token with user claims
var claims = new List<Claim>
{
    new Claim(ClaimTypes.NameIdentifier, "user123"),
    new Claim(ClaimTypes.Name, "John Doe"),
    new Claim(ClaimTypes.Email, "john@example.com"),
    new Claim(ClaimTypes.Role, "Admin")
};

var token = tokenProvider.Create(claims);

// Output: "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9..."
Console.WriteLine($"Generated token: {token}");

2. Refresh Token Generation Example

// Generate a standard refresh token (32 bytes)
var refreshToken = tokenProvider.Refresh();

// Generate a longer refresh token (64 bytes)
var longRefreshToken = tokenProvider.Refresh(64); 

// Output: "m6sla9PxYW3T4XJkqO7nBw2v..." (Base64 string)
Console.WriteLine($"Refresh token: {refreshToken}");

3. Token Validation Example

// Validate a token (async)
var isValid = await tokenProvider.Validate(token);

if (isValid)
{
    Console.WriteLine("Token is valid");
    var principal = new JwtSecurityTokenHandler().ValidateToken(token, 
        new TokenValidationParameters(), out _);
    Console.WriteLine($"User: {principal.Identity.Name}");
}
else
{
    Console.WriteLine("Invalid token");
}

4. Integration with Controllers

[ApiController]
[Route("auth")]
public class AuthController : ControllerBase
{
    private readonly ITokenProvider _tokenProvider;

    public AuthController(ITokenProvider tokenProvider)
    {
        _tokenProvider = tokenProvider;
    }

    [HttpPost("login")]
    public IActionResult Login([FromBody] LoginRequest request)
    {
        // Authentication logic...
        var claims = new List<Claim>
        {
            new Claim(ClaimTypes.Name, request.Username),
            new Claim("custom_claim", "value")
        };

        return Ok(new
        {
            Token = _tokenProvider.Create(claims),
            RefreshToken = _tokenProvider.Refresh(),
            ExpiresIn = TimeSpan.FromMinutes(60).TotalSeconds
        });
    }

    [HttpPost("refresh")]
    public async Task<IActionResult> Refresh([FromBody] RefreshRequest request)
    {
        if (!await ValidateRefreshToken(request.RefreshToken))
            return Unauthorized();

        var newToken = _tokenProvider.Create(GetUserClaims());
        return Ok(new { Token = newToken });
    }
}

License

Toolkit.Authentication.JwtBearer is a free and open source project, released under the permissible MIT license.

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 688 5/30/2025