Identity.Jwt.Token.Manager 9.0.4

.NET 9.0

dotnet add package Identity.Jwt.Token.Manager --version 9.0.4

NuGet\Install-Package Identity.Jwt.Token.Manager -Version 9.0.4

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Identity.Jwt.Token.Manager" Version="9.0.4" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Identity.Jwt.Token.Manager" Version="9.0.4" />
                    

                            Directory.Packages.props

<PackageReference Include="Identity.Jwt.Token.Manager" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Identity.Jwt.Token.Manager --version 9.0.4

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Identity.Jwt.Token.Manager, 9.0.4"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#addin nuget:?package=Identity.Jwt.Token.Manager&version=9.0.4
                    

                            Install Identity.Jwt.Token.Manager as a Cake Addin

#tool nuget:?package=Identity.Jwt.Token.Manager&version=9.0.4
                    

                            Install Identity.Jwt.Token.Manager as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Token Management System

The Token Management System is a robust and flexible .NET library for managing JWT access tokens, ID tokens, and refresh tokens using RSA (RS256) or HMAC (HS256). It simplifies the process of secure token generation, validation, and expiration handling — ideal for building authentication and authorization systems in modern web, mobile, or API-based applications.

✨ Features

✅ Generate JWT Access Tokens with user claims.
🔁 Generate Refresh Tokens with secure hashing for renewal.
🆔 Generate ID Tokens for OpenID Connect-like scenarios.
✅ Validate refresh tokens for expiration and integrity.
🔐 Supports RSA (asymmetric) or HMAC (symmetric) signing.
🔄 Multi-Factor Authentication (MFA) compatible.
⚙️ Fully configurable via strongly typed options classes (JwtTokenOptionModel or RsaTokenOptions).
🧪 Includes detailed exception handling for invalid or expired tokens.

🔧 Example Configuration (appsettings.json)

⚠️ Security Tip: It's highly recommended to use environment variables to store sensitive values like file paths and keys instead of placing them directly in appsettings.json.

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*",
  "RsaTokenOptions": {
    "PrivateKeyPath": "/path/to/private.pem",   // 🔐 Prefer setting via environment variable 
    "PublicKeyPath": "/path/to/public.pem",     // 🔐 Prefer setting via environment variable
    "Issuer": "https://auth.yourdomain.com",
    "Audience": "https://api.yourdomain.com",
    "AccessTokenLifetime": "00:30:00",
    "RefreshTokenLifetime": "7.00:00:00",
    "IdTokenLifetime": "00:15:00"
  }
}

🔐 Generate Access Token

var claims = new List<Claim>
{
    new(JwtRegisteredClaimNames.Sub, "user123"),
    new(JwtRegisteredClaimNames.Email, "user@example.com"),
};

string accessToken = tokenManager.GenerateAccessToken(claims);

🔁 Generate Refresh Token

RefreshTokenModel refreshToken = tokenManager.GenerateRefreshToken();

🆔 Generate ID Token

string idToken = tokenManager.GenerateIdToken(claims);

✅ Validate Refresh Token

bool isValid = tokenManager.ValidateRefreshToken(refreshTokenFromClient);

🔐 Security Notes

Always store the hashed version of refresh tokens in your database.
Configure your API to reject tampered JWTs by validating the RSA signature.
If using HMAC (HS256), make sure the SecretKey is long and random (at least 256 bits).
Avoid long-lived access tokens — use refresh tokens for session persistence.

🧪 Example: Token Response (from API)

{
  "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "af13uZ0-SOME-BASE64-VALUE-0qZn",
  "expiresIn": 1800
}

🧩 Integration with ASP.NET Core

✅ Option 1: RSA (Asymmetric) Integration – RS256

This is the most secure option, using a private key to sign tokens and a public key to validate them. Program.cs Example

var rsaPublic = RSA.Create();
rsaPublic.ImportFromPem(File.ReadAllText(configuration["RsaTokenOptions:PublicKeyPath"]));

builder.Services.Configure<RsaTokenOptions>(configuration.GetSection("RsaTokenOptions"));

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.RequireHttpsMetadata = true;
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateLifetime = true,
            RequireExpirationTime = true,
            RequireSignedTokens = true,
            ValidateIssuerSigningKey = true,
            ClockSkew = TimeSpan.Zero,
            ValidIssuer = configuration["RsaTokenOptions:Issuer"],
            ValidAudience = configuration["RsaTokenOptions:Audience"],
            IssuerSigningKey = new RsaSecurityKey(rsaPublic)
        };
    });

🔐 Option 2: HMAC (Symmetric) Integration – HS256

Use this option if you're not using RSA keys. It's easier to set up but the SecretKey must remain private and secure. Program.cs Example

var secretKey = configuration["JwtTokenOptionModel:SecretKey"];
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));

builder.Services.Configure<TokenOptionModel>(configuration.GetSection("TokenOptionModel"));

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.RequireHttpsMetadata = true;
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateLifetime = true,
            RequireExpirationTime = true,
            RequireSignedTokens = true,
            ValidateIssuerSigningKey = true,
            ClockSkew = TimeSpan.Zero,
            ValidIssuer = configuration["JwtTokenOptionModel:Issuer"],
            ValidAudience = configuration["JwtTokenOptionModel:Audience"],
            IssuerSigningKey = key
        };
    });

Register in `Program.cs`

// RSA (Asymmetric)
builder.Services.Configure<RsaTokenOptions>(
    builder.Configuration.GetSection("RsaTokenOptions"));

builder.Services.AddScoped<RsaTokenManager>();


// HMAC (Symmetric)
builder.Services.Configure<TokenOptionModel>(
    builder.Configuration.GetSection("JwtTokenOptionModel"));

builder.Services.AddScoped<JwtTokenManager>();

📦 Installation

Install the package via NuGet:

dotnet add package Identity.Jwt.Token.Manager

Product	Compatible and additional computed target framework versions.
.NET	net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net9.0
- Microsoft.Extensions.Options (>= 9.0.3)
- System.IdentityModel.Tokens.Jwt (>= 8.7.0)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last updated
9.0.4	143	10 days ago
9.0.3	229	10 days ago
1.0.1	111	2 months ago
1.0.0	181	3 months ago

Notes Initial release of JwtTokenManager. Includes access token, refresh token, and ID token generation, validation, and secure hashing with .NET 9.0 support.