Fhi.ClientCredentialsKeypairs
3.0.0
dotnet add package Fhi.ClientCredentialsKeypairs --version 3.0.0
NuGet\Install-Package Fhi.ClientCredentialsKeypairs -Version 3.0.0
<PackageReference Include="Fhi.ClientCredentialsKeypairs" Version="3.0.0" />
paket add Fhi.ClientCredentialsKeypairs --version 3.0.0
#r "nuget: Fhi.ClientCredentialsKeypairs, 3.0.0"
// Install Fhi.ClientCredentialsKeypairs as a Cake Addin #addin nuget:?package=Fhi.ClientCredentialsKeypairs&version=3.0.0 // Install Fhi.ClientCredentialsKeypairs as a Cake Tool #tool nuget:?package=Fhi.ClientCredentialsKeypairs&version=3.0.0
Whats new in 2.0
Breaking changes
If you use HttpClientFactory, use AddDefaultAuthHandler()
instead of adding a HttpAuthHandler
. Refactor this:
services.AddHttpClient(api.Name, c =>
{
c.BaseAddress = clientCredentialsConfiguration.UriToApiByName(api.Name);
})
.AddHttpMessageHandler<HttpAuthHandler>();
to this:
var apiConfiguration = clientCredentialsConfiguration.GetApi(api.Name);
services.AddHttpClient(api.Name, c =>
{
c.BaseAddress = new Uri(apiConfiguration.Url);
})
.AddDefaultAuthHandler(apiConfiguration);
New features
Scopes and DPoP-configuration can now be set per API:
"ClientCredentialsConfiguration": {
"Apis": [
{
"Name": "IGrunndataClient",
"Url": "https://localhost:5001",
"Scope": "fhi:grunndata.personoppslagapi/sysvak", // <-- new! (you might have had this here before, but it was never used)
"UseDpop": true // <-- new! (this is false by default)
}
],
If no scope is set per API, it will default back to the scopes list set in ClientCredentialsConfiguration
. Make sure your API calls get the correct scopes after upgrading.
Client Credentials Usage
Configuration file section
- Add the following configuration section to your appsettings.json files, and populate it appropriately.
"ClientCredentialsConfiguration": {
"clientName": "",
"authority": "",
"clientId": "",
"grantTypes": [ "client_credentials" ],
"scopes": [ ],
"secretType": "private_key_jwt:RsaPrivateKeyJwtSecret",
"rsaPrivateKey": "",
"rsaKeySizeBits": 4096,
"privateJwk": "",
"Apis": [
{
"Name": "", // Tip: Use nameof(YourService)
"Url": "",
"Scope": ""
}
],
"refreshTokenAfterMinutes": 8 // Set approx 20% less than lifetime of access token
}
PS: Please be aware that the Authority must end with connect/token
.
Client Credentials using Keypairs
Add package 'Fhi.ClientCredentialsKeypairs' to your project
In your
Program.cs
file, or if olderStartup.cs
, add the following code section (for the outgoing interfaces):
var clientCredentialsConfiguration = services.AddClientCredentialsKeypairs(Configuration);
var apiConfiguration = clientCredentialsConfiguration.GetApi(nameof(YourService));
services.AddHttpClient(nameof(YourService), c =>
{
c.Timeout = new TimeSpan(0, 0, 0, 10);
c.BaseAddress = new Uri(apiConfiguration.Url);
})
.AddDefaultAuthHandler(apiConfiguration)
.AddTypedClient(c => RestService.For<IExternalApi>(c, new RefitSettings
{
ContentSerializer = new SystemTextJsonContentSerializer(services.DefaultJsonSerializationOptions())
}));
replacing YourService
with the service you have done for accessing the external api, and replace IExternalApi
with the Refit interface for whatever external api you want to access.
For usages of Refit that uses an interface (in this example IMyService
is the interface that Refit will implement), the code would look something like this:
services
.AddRefitClient<IMyService>()
.ConfigureHttpClient(c =>
{
c.BaseAddress = new Uri(apiConfiguration.Url);
})
.AddDefaultAuthHandler(apiConfiguration);
The Configuration
property is the injected IConfiguration property from the Startup.cs file.
If you don't use Refit, you can just skip the last part, and get the named client from the injected HttpFactory in your service. It will still have the authenticationhandler, so you don't need to do anything more there to get the bearer token. It will be added automatically.
Client Credentials using Client Secrets
If you want to disable the authorization for some reason, you can add another property named Enable
to the ClientCredentialsConfiguration, it is default true.
- Add package
Fhi.ClientCredentialsUsingSecrets
to your project - In your
Program.cs
file, create an instance of theClientCredentialsSetup
class using anIConfiguration
parameter. - Using the created instance call the method
ConfigureServices
.
Calling endpoints that does not required authentication
In some cases we might wish to call an API before we are authenticated (health endpoints, kodeverk, etc..).
To make the HttpAuthHandler not add authentication headers to a single request you can add an Option to the request with the key name "Anonymous":
var request = new HttpRequestMessage();
request.Options.TryAdd("Anonymous", "");
or in Refit:
[Get("/info")]
Task<string> GetInfo([Property("Anonymous")] string anonymous = "");
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net8.0
- Microsoft.Extensions.Http (>= 8.0.1)
- Microsoft.Extensions.Options.ConfigurationExtensions (>= 8.0.0)
- Microsoft.Identity.Client (>= 4.66.2)
- Microsoft.IdentityModel.JsonWebTokens (>= 8.2.1)
- Microsoft.IdentityModel.Protocols (>= 8.2.1)
- Microsoft.IdentityModel.Protocols.OpenIdConnect (>= 8.2.1)
- System.IdentityModel.Tokens.Jwt (>= 8.2.1)
NuGet packages (2)
Showing the top 2 NuGet packages that depend on Fhi.ClientCredentialsKeypairs:
Package | Downloads |
---|---|
Fhi.ClientCredentials.TestSupport
This package contains tests that checks your appsettings.*.json files for correct configuration of the ClientCredentials package. |
|
Fhi.ClientCredentials.Refit
Builder to simplify setup of ClientCredentials when using the Refit library. |
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
3.0.0 | 639 | 11/26/2024 |
3.0.0-beta2 | 85 | 11/26/2024 |
2.0.3 | 2,673 | 10/7/2024 |
2.0.2 | 329 | 10/2/2024 |
2.0.0 | 128 | 10/1/2024 |
1.4.1 | 341 | 9/23/2024 |
1.4.0 | 113 | 9/20/2024 |
1.2.0 | 11,252 | 8/19/2023 |
1.1.0 | 1,563 | 8/9/2023 |
1.0.0 | 5,245 | 2/16/2023 |
1.0.0-beta.5 | 121 | 2/15/2023 |
1.0.0-beta.4 | 99 | 2/15/2023 |
1.0.0-beta.3 | 98 | 2/15/2023 |
1.0.0-beta.2 | 103 | 2/14/2023 |
1.0.0-beta.1 | 345 | 11/15/2022 |
1.0.0-alpha.4 | 189 | 11/4/2022 |