Implementing custom identity provider
Basic JWT example (.NET Core)
- Install
Microsoft.AspNetCore.Authentication.JwtBearerNuGet - Add appsettings variables (issuer, audience, base64-encoded JWK, default expiration, etc.)
- Add configuration (to Program.cs or custom configuration extensions)
// ...
var jwtConfig = builder.Configuration.GetSection("Identity").Get<IdentityConfiguration>();
// ...
builder.Services
.AddAuthentication()
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = jwtConfig.Issuer,
ValidAudiences = jwtConfig.Audience,
IssuerSigningKey = new JsonWebKey(Encoding.ASCII.GetString(Convert.FromBase64String(jwtConfig.Key)))
};
});
- Generate JWK (mkjwk.org)
- Example parameters:
- Key size: 2048
- Key use: Signature
- Algorithm: RS256
- KeyID: SHA256
- After the key is generated, copy and store the keypair
- Example parameters:
- Add encoded JWK to secrets
- Create a token issuer
//...
public string GenerateToken() => new JwtSecurityTokenHandler()
.WriteToken(new JwtSecurityToken(_config.Issuer,
_config.Audience.FirstOrDefault(),
claims: new List<Claim>
{
new Claim(ClaimTypes.Name, "test"),
new Claim(ClaimTypes.Role, ApiRole.App)
},
expires: DateTime.Now.AddHours(12),
signingCredentials: new SigningCredentials(new JsonWebKey(Encoding.ASCII.GetString(Convert.FromBase64String(_config.Key!))), SecurityAlgorithms.RsaSha256)));
//...
- Implement endpoints for obtaining the token, add authorization to the API