Maucaro.Auth.IdentityPlatform
1.0.0
dotnet add package Maucaro.Auth.IdentityPlatform --version 1.0.0
NuGet\Install-Package Maucaro.Auth.IdentityPlatform -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Maucaro.Auth.IdentityPlatform" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Maucaro.Auth.IdentityPlatform --version 1.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Maucaro.Auth.IdentityPlatform, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Maucaro.Auth.IdentityPlatform as a Cake Addin #addin nuget:?package=Maucaro.Auth.IdentityPlatform&version=1.0.0 // Install Maucaro.Auth.IdentityPlatform as a Cake Tool #tool nuget:?package=Maucaro.Auth.IdentityPlatform&version=1.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
Maucaro.Auth.IdentityPlatform
This solution is comprised of:
- Auth - Main asset: This library enables using Google Identity Platform and/or Firebase as the IdP in a .Net Core Web or API project. It is published in Nuget.org.
- Auth.UnitTests - Unit tests for the Auth library.
- DbUsers - Sample SQL Server project used to store roles to permissions mappings in support of a Custom Permission Handler in the Auth library
- DbUsers.build - Deployment artifact based on dacpac used to deploy DbUsers
- Deploy - Various artifacts in support of CI/CD. Azure Pipelines are used for the builds and Google Cloud Build is used for deployment to GKE
- WebApp - Sample application that uses the Auth library and the DbUsers database
Auth
- ValidateAuthenticationHandler is a custom authentication handler (derrives from Microsoft.AspNetCore.Authentication.AuthenticationHandler) that validates the JWT and sets ClaimsPrincipal. It can be configured with ValidateAuthenticationSchemeOptions with:
- CertificatesUrl: For IdentityPlatform or Firebase, the value should be "https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com"
- TrustedAudience: This is the GCP Project ID that hosts Cloud Identity or Firebase
- ValidTenants: If specified, validates that the JWT tenant claim matches one of the ones specified. If not specified, no validation is made which can be used for either single-instance use cases or for multi-tenant ones where all tenants are allowed.
- The ClaimsPrincipal set by ValidateAuthenticationHandler will have:
- ClaimTypes.NameIdentifier - corresponds to the 'sub' claim in the JWT
- ClaimTypes.Email - corresponds to the 'email' claim in the JWT
- ClaimTypes.Name - corresponds to the 'name' claim in the JWT, if present.
- Tenant (constant defined in CustomAuthenticationDefaults.TenantClaim) - corresponds to the 'firebase.tenant' claim, if present.
- ClaimTypes.Role - zero, one or more role claims corresponding to the custom 'role' claim in the JWT in array format. If used, this allows the native .Net Core role-based authorization constructs (https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-5.0)
- PermissionsPolicyProvider is a dynamic policy provider. It requires a policy store that implements IPermissionHandlerData. The policy store maps a permission, on a per-tenant basis, to zero, one or multiple roles. This allows for policy-based role checks ([Authorize(Policy = "permissionxyz")] for example)
- PermissionHandlerSql is a sample implementation of IPermissionHandlerData using SQL Server as the store. It can be configured via PermissionHandlerSqlOptions:
- ConnectionString
- PermissionRolesStoredProcedure - stored procedure that returns the mapping
- TenantField - name of the tenant field returned by the stored procedure. "Tenant" is the default if not specified.
- PermissionField - name of the permission field returned by the stored procedure. "Permission" is the default if not specified.
- RoleField - name of the role field returned by the stored procedure. "Role" is the default if not specified.
- IntervalSeconds - Refresh interval in seconds
- The DbUsers project contains a DB that can be used by PermissionHandlerSql
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 is compatible. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net5.0
- Google.Apis.Auth (>= 1.54.0)
- System.Data.SqlClient (>= 4.8.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
1.0.0 | 376 | 10/1/2021 |