Skip to content

barzin144/MicroIDP

Folders and files

NameName
Last commit message
Last commit date

Latest commit

c4ca880 · Dec 28, 2024

History

73 Commits
Dec 28, 2024
Dec 27, 2024
Dec 26, 2024
Dec 26, 2024
Dec 26, 2024
Dec 27, 2024
Dec 27, 2024
Dec 25, 2024
Dec 26, 2024
Dec 26, 2024
Sep 14, 2020
Dec 26, 2024
Dec 26, 2024
Dec 26, 2024
Dec 26, 2024
Jan 1, 2024

Repository files navigation

Micro IDP Service

Features:

  • Sign up with Email
  • Sign in with Email
  • Sign in with Google
  • Generate JWT
  • Generate Refresh Token

Usage

  • Generate Private and Public key

    • C# Interactive

      using System.Security.Cryptography;
      using (var rsa = RSA.Create(2048))
      {
      	// Export the private key
      	var privateKey = rsa.ExportRSAPrivateKey();
      	var privateKeyBase64 = Convert.ToBase64String(privateKey);
      	Console.WriteLine("Private Key:");
      	Console.WriteLine(privateKeyBase64);
      
      	// Export the public key
      	var publicKey = rsa.ExportRSAPublicKey();
      	var publicKeyBase64 = Convert.ToBase64String(publicKey);
      	Console.WriteLine("\nPublic Key:");
      	Console.WriteLine(publicKeyBase64);
      }
    • BASH

      openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
      cat private_key.pem | base64
      
      openssl rsa -pubout -in private_key.pem -out public_key.pem
      cat public_key.pem | base64
  • Replace PRIVATE_KEY placeholder in docker-compose.yml with generated private key

    webapi:
      build: .
      ports:
        - 8000:80
        - 8001:443
      environment:
        JWT__PrivateKey: "PRIVATE_KEY"
  • Generate certificate to host application with docker over HTTPS

    • windows

      dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p <CREDENTIAL_PLACEHOLDER>
      dotnet dev-certs https --trust

      In the preceding commands, replace <CREDENTIAL_PLACEHOLDER> with a password.

    • Linux

      openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout aspnetcore.key -out aspnetcore.crt -subj "/CN=localhost"
      openssl pkcs12 -export -out aspnetcore.pfx -inkey aspnetcore.key -in aspnetcore.crt

    Replace ASPNETCORE_Kestrel__Certificates__Default__Password with certificate password in docker-compose.yml

    Replace volume mount source with generated certificate path in docker-compose.yml

    volumes:
    - type: bind
      source: ./aspnetcore.pfx
      target: /https/aspnetcore.pfx
  • Sing in with Google configuration

    • Create OAuth2.0 client in Google Cloud Console.
    • Replace OAuth_GoogleClientId placeholder in docker-compose.yml
    • Replace OAuth_GoogleClientSecret placeholder in docker-compose.yml
    • Replace OAuth_GoogleCallBackURL placeholder in docker-compose.yml with your client app google callback page (this page should call https://IDP_SERVER_URL/api/auth/google-callback to get JWT)
  • Run IDP

    docker compose up --wait

Client App

  • Add Jwt section to you appsettings.json

    "Jwt": {
    	"PublicKey": "PUBLIC_KEY",
    	"Issuer": "https://localhost:8001",
    	"Audience": "http://localhost:5010"
    }

    Replace PUBLIC_KEY placeholder with generated public key

  • Install JwtBearer package

    dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer
  • Add Authentication middleware

    var rsa = RSA.Create();
    rsa.ImportRSAPublicKey(Convert.FromBase64String(configuration["Jwt:PublicKey"] ?? ""), out _);
    
    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
    	options.TokenValidationParameters = new TokenValidationParameters
    	{
    		ValidateIssuer = true,
    		ValidateAudience = true,
    		ValidateLifetime = true,
    		ValidateIssuerSigningKey = true,
    		ValidIssuer = configuration["Jwt:Issuer"],
    		ValidAudience = configuration["Jwt:Audience"],
    		IssuerSigningKey = new RsaSecurityKey(rsa)
    	};
    });