Smartersoft.Azure.WebJobs.Extensions.Jwt 0.1.5-beta0016

This is a prerelease version of Smartersoft.Azure.WebJobs.Extensions.Jwt.
There is a newer prerelease version of this package available.
See the version list below for details.
dotnet add package Smartersoft.Azure.WebJobs.Extensions.Jwt --version 0.1.5-beta0016                
NuGet\Install-Package Smartersoft.Azure.WebJobs.Extensions.Jwt -Version 0.1.5-beta0016                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Smartersoft.Azure.WebJobs.Extensions.Jwt" Version="0.1.5-beta0016" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Smartersoft.Azure.WebJobs.Extensions.Jwt --version 0.1.5-beta0016                
#r "nuget: Smartersoft.Azure.WebJobs.Extensions.Jwt, 0.1.5-beta0016"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Smartersoft.Azure.WebJobs.Extensions.Jwt as a Cake Addin
#addin nuget:?package=Smartersoft.Azure.WebJobs.Extensions.Jwt&version=0.1.5-beta0016&prerelease

// Install Smartersoft.Azure.WebJobs.Extensions.Jwt as a Cake Tool
#tool nuget:?package=Smartersoft.Azure.WebJobs.Extensions.Jwt&version=0.1.5-beta0016&prerelease                

Smartersoft.Azure.WebJobs.Extensions.Jwt

Nuget package License badge GitHub issues Source

GitHub Sponsors Follow on Twitter

Azure Functions is great for creating an api easily, we felt it was missing support for JWT authentication. So we build this small extension to get jwt support backed by OpenID connect discovery for automatic key rollover.

We build this to support Azure AD, you can however use it with whatever identity provider as long as it supports OpenID connect (which I'm sure all do these days).

This library is created by Smartersoft B.V. and licensed as GPL-3.0-only.

Getting started

Create new Azure Functions or use an existing one. This package supports net8.0 and net6.0, it only works for dotnet isolated functions.

Add packages Smartersoft.Azure.WebJobs.Extensions.Jwt to your project.

Project file changes

Add the following line to your Functions project file.

  <PropertyGroup>
    <TargetFramework>net6.0</TargetFramework>
    <AzureFunctionsVersion>v4</AzureFunctionsVersion>
    
    <_FunctionsSkipCleanOutput>true</_FunctionsSkipCleanOutput>
  </PropertyGroup>

Required configuration

Add this information to your local.settings.json file replace the fields accordingly:

  "JWT__Authority": "https://login.microsoftonline.com/{your-tenant-id}/v2.0",
  "JWT__ValidAudiences__0": "{application-id}",
  "JWT__ValidAudiences__1": "api://{application-id-as-app-uri}",

You can replace {your-tenant-id} with organizations to support all organizations. For single tenant usage be sure to also add:

  "JWT__ValidIssuers__0": "https://login.microsoftonline.com/{your-tenant-id}/v2.0",

These properties are in the JWT configuration section (because of the double underscores), and will be needed in the Startup file.

The openid configuration will be downloaded from {Authority}/.well-known/openid-configuration.

Startup file

This library extends the Azure Functions, go ahead and create a new project. Then open the Program.cs file and add the following changes.

Add the following to your startup file:

using Microsoft.Extensions.Hosting;
using Smartersoft.Azure.WebJobs.Extensions.Jwt;

var host = new HostBuilder()
    // Be sure to change this line to use the overload with the builder
    .ConfigureFunctionsWorkerDefaults(builder =>
    {
        // Add the following line, this registeres the middleware that handles the authentication
        builder.RegisterAuthorizationMiddleware();
    })
    .ConfigureServices((context, services) =>
    {
        // Add the following line, this registers the token validator
        // The token validator is a singleton, so the first time it's used it will download the openid configuration and keep it in memory for some time.
        services.AddOpenIdConnectTokenValidator(context);
    })
    .Build();

host.Run();

Azure AD configuration

  1. Create an app registration for your API guide
  2. Expose a scope for your api guide (for delegated permissions) user_impersonation in this sample.
  3. Add app roles for you API guide (for application permissions) Read.All in this sample
  4. Create a client application to get tokens with.

Tokens in a delegated (user) flow, will only be given out once consent is given.

Token in an application flow, will be given to any application in the tenant, even if they are not granted admin consent. These tokens will however not contain any role, which is why it's really important to verify at least a scope or a role. This library enforces that, we don't want you to become vulnerable to incorrect configuration attacks.

Authorize a http function

Add the [Smartersoft.Azure.WebJobs.Extensions.Jwt.Authorize] attribute to your function. This will make sure the token is validated and the user is authorized.

Because of how tokens work in Azure, you'll need to configure at least the Scopes or Roles property. If you don't confiugure any of these, the token will be rejected even if it's valid.

License

These packages are licensed under GPL-3.0, if you wish to use this software under a different license. Or you feel that this really helped in your commercial application and wish to support us? You can get in touch and we can talk terms. We are available as consultants.

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
0.1.5-beta0017 82 4/14/2024
0.1.5-beta0016 81 1/23/2024
0.1.5-beta0011 197 11/9/2022
0.1.5-beta0010 135 11/9/2022