TrivialJwt.Bearer 0.3.0

.NET Core 3.1 
dotnet add package TrivialJwt.Bearer --version 0.3.0
NuGet\Install-Package TrivialJwt.Bearer -Version 0.3.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="TrivialJwt.Bearer" Version="0.3.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add TrivialJwt.Bearer --version 0.3.0
#r "nuget: TrivialJwt.Bearer, 0.3.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install TrivialJwt.Bearer as a Cake Addin
#addin nuget:?package=TrivialJwt.Bearer&version=0.3.0

// Install TrivialJwt.Bearer as a Cake Tool
#tool nuget:?package=TrivialJwt.Bearer&version=0.3.0

TrivialJWT

TrivialJWT is a set of libraries to ease:

  • The creation of JWT tokens
  • The validation of JWT tokens

TrivialJWT exposes an end point to generate JWT token. It relies on Microsoft's libraries for JWT generation.

TrivialJWT.Bearer helps configure the Microsoft.AspNetCore.Authentication.JwtBearer library based on TrivialJWT configuration.

TrivialJWT.AspNetIdentity implements the required interfaces to bridge TrivialJWT with Microsoft.AspNetCore.Identity.

2 samples are provided:

How to use TrivialJWT with AspNetIdentity

Install dependencies

With .NET CLI

dotnet add package TrivialJwt.Bearer
dotnet add package TrivialJwt.AspNetIdentity

or with Package Manager:

Install-Package TrivialJwt.Bearer
Install-Package TrivialJwt.AspNetIdentity

Update Startup.cs

In the example below, a HMAC-SHA265 signature

(...)
using TrivialJwt;
using TrivialJwt.AspNetIdentity;
using TrivialJwt.Bearer;
(...)

public void ConfigureServices(IServiceCollection services)
{
    (...)

    services.AddTrivialJwtAspNetIdentity<AppUser>(options =>
            {
                options.Secret = "<Base64Secret>"
            });

    services.AddTrivialJwtAuthentication();
    
    (...)
}

public void Configure(IApplicationBuilder app, 
                IWebHostEnvironment env)
{
    (...)

    app.UseAuthentication();
    app.UseAuthorization();

    (...)
}

How to use TrivialJWT without AspNetIdentity

Install dependencies

With .NET CLI

dotnet add package TrivialJwt.Bearer

or with Package Manager:

Install-Package TrivialJwt.Bearer

Update Startup.cs

In the example below, a HMAC-SHA265 signature

(...)
using TrivialJwt;
using TrivialJwt.Bearer;
(...)

public void ConfigureServices(IServiceCollection services)
{
    (...)

    services.AddTrivialJwt(options =>
            {
                options.Secret = "<Base64Secret>"
            });

    services.AddTrivialJwtAuthentication();

    services.AddScoped<IPasswordValidator, PasswordValidator>();
    services.AddScoped<IClaimsIdentityProvider, ClaimsIdentityProvider>();

    (...)
}

public void Configure(IApplicationBuilder app, 
                IWebHostEnvironment env)
{
    (...)

    app.UseAuthentication();
    app.UseAuthorization();

    (...)
}

An implementation for IPasswordValidator and IClaimsIdentityProvider must be provided.

Configuration

Configuration can be done by using options as shown above or by binding:

services.AddTrivialJwtAspNetIdentity<IdentityUser>(
    Configuration.GetSection(TrivialJwtOptions.Section));

For instance, the appsettings.json can contain the configuration:

{
    "TrivialJwt": {
        "Secret": "U3VwZXJfU2VjcmV0X1Bhc3N3b3JkIQ=="
    }
}

Endpoints

Token generation endpoint

The endpoint is /auth/login.

The payload is a JSON with username and password.

Example:

{
    "username": "bob",
    "password": "bob"
}

The response would be:

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdW...k_Riw4RSK7g",
    "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdW...k_Riw4RSK7g",
    "expires_in": 3600,
    "token_type": "bearer"
}

Refresh token endpoint

The endpoint is /auth/refresh_token.

The payload is a JSON file with refresh_token.

Example:

{
    "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdW...k_Riw4RSK7g"
}

The response would be:

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdW...k_Riw4RSK7g",
    "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdW...k_Riw4RSK7g",
    "expires_in": 3600,
    "token_type": "bearer"
}

Refresh Token endpoint

The endpoint is /auth/refreshtoken.

The payload is a JSON file with username and password.

Example:

{
    "username": "bob",
    "password": "bob"
}

TODO

  • support .Net 5.0
  • Implement elliptic curves
  • Enhance asymmetric key management
Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp3.1 is compatible. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
0.3.0 474 12/9/2020
0.2.0 421 12/7/2020