Authentication

Implementations of this feature adds an AuthenticationScheme with an IAuthenticationHandler implementation. Features can also configure AuthenticationSchemeOptions.ForwardDefaultSelector which enables multiple authentication handlers for a single endpoint by selecting first matching handler available.

Add this feature using AddAuthentications() extension;

app.Features.AddAuthentications([...]);

Fixed Bearer Token

This feature uses the token provided in Authorization header. Handler tests the token against the value configured in settings and setups Claims for current HttpContext.User. Multiple tokens can be used by providing key names when adding the feature and Authentication:FixedBearerToken:Default value from settings will be used if no token key specified

c => c.FixedBearerToken(tokens =>
{
    tokens.Add("ServiceA", claims: ["ClaimX"]);
    tokens.Add("ServiceB", claims: ["ClaimX", "ClaimY"]);
})

"Authentication": {
  "FixedBearerToken": {
    "ServiceA": "SERVICE_A_TOKEN",
    "ServiceB": "SERVICE_B_TOKEN"
  }
}

The feature also provides a form post authentication mechanism. The handler looks for a form parameter named hash than validates the request using form parameters and token. The expected hash should match the value which is generated by combining form parameters with token value, computing a hash using SHA256 and converting to Base64 string.

Form post authentication will only work if there is no authorization header exists in the request.

Jwt

This feature registers jwt authentication services from .NET along with ITokenBuilder implementation for generating jwt tokens. This feature also enables authorized routing and fetch requests in baked-recipe-admin by adding an auth plugin and custom fetch service.

c => c.Jwt(
  configureOptions: options => { ... },
  configurePlugin: plugin => { ... }
)
Previous

Features

Next

Authorization