Closed
Description
Basic idea is to do for JWT bearer authentication what we did for HTTPS in development, i.e. make it extremely easy to configure apps to use JWT bearer authentication in development, without the need for a discrete token issuing server.
- Enable the management of a cert for signing and verification of dev-time JWTs via
dotnet dev-certs jwt
. Like the HTTPS cert this would be initialized during SDK setup/first-run - Enable the management of JWTs for a given project via a new CLI tool
dotnet dev-jwts
which is similar to the existingdotnet user-secrets
tool but for issuing and managing JWTs - Ensure the default
AuthenticationBuilder.AddJwtBearer()
overloads configure the application to accept dev JWTs as valid when in the development environment - Leverage improvements from Simplify Authentication and Authorization configuration when using WebApplicationBuilder #39855 and Allow direct configuration of authorization policies via endpoint metadata #39840
Example Minimal APIs using dev JWTs
> dotnet new webapi -minimal -o MyApi
> cd MyApi
MyApi> dotnet dev-jwts list
Could not find the global property 'UserSecretsId' in MSBuild project 'MyApi/MyApi.csproj'. Ensure this property
is set in the project or use the 'dotnet user-secrets init' command to initialize this project.
MyApi> dotnet user-secrets init
Set UserSecretsId to '4105052b-5b99-4fff-8fc1-9d6c59887d0a' for MSBuild project 'MyApi/MyApi.csproj'.
MyApi> dotnet dev-jwts list
No tokens configured for this application.
MyApi> dotnet dev-jwts create
Token created for user "damian":
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4iLCJpYXQiOjE1MTYyMzkwMjJ9.
MyApi> dotnet dev-jwts create --name privileged --claim scope="myapi:protected-access"
Token created for user "privileged":
jHy8bGciOiJIUzIR5cCI61NiIsInIkpXVCIxMjM0NTweiuI6IkpvakwIiwiJ9.eyJzdWIiOibmFtZSG4iLCJpYMTYyMzkwMjJ9XQiOjE1.
MyApi> dotnet dev-jwts list
User Issued Expires
------ ------------------- -------------------
damian 2022-01-28 17:37:34 2022-07-28 17:37:34
privileged 2022-01-28 17:37:48 2022-07-28 17:37:48
var builder = WebApplication.CreateBuilder(args);
builder.Authentication.AddJwtBearer();
var app = builder.Build();
app.MapGet("/hello", () => "Hello!");
app.MapGet("/hello-protected", () => "Hello, you are authorized to see this!")
.RequireAuthorization(p => p.RequireClaim("scope", "myapi:protected-access"));
app.Run();