Inforit.Security.Authentication package

Description

This repository contains the code for legacy (NET 4 full framework) OIDC support for APIs

• Getting started
  • Using the package
• Build and publish
  • Publish configuration
  • Sonarcloud

Getting started

• For npm, use npm install
• Use dotnet build, npm run build or your IDE to build.
• Use dotnet test, npm run test or use the test explorer from your IDE to test

Using the package

Add Inforit.Security.Authentication package to project.

var authority = "https://sts.pp-transfusion.cloud/realms/inforit";
var audience = "tf2-client-id";
var options = JwtBearerAuthenticationOptionsBuilder.BuildJwtBearerAuthenticationOptions(authority, audience);
// To customize validation
options.TokenValidationParameters.ValidateAudience = false;

app.UseJwtBearerAuthentication(options);

Build and publish

Not setup yet for automated publish

• Run dotnet build to build (or npm run build)
• Run dotnet pack --output output to create the nuget package (or npm run pack)

Publish configuration

Run dotnet nuget push -k $MYGET_ACCESS_TOKEN -s $MYGET_PUBLISH_PACKAGE_SOURCE

Configuration of the package feed is done with environment variables:

• Package feed uri: $MYGET_PUBLISH_PACKAGE_SOURCE
• Package feed api key: $MYGET_ACCESS_TOKEN

Sonarcloud

Not setup yet

For code analysis the created project has to be configured in Sonarcloud and Bitbucket. The build pipeline is pre-configured to support this code analysis. To disable this just comment out the related pipelines (not recommended).

Connecting to Sonarcloud requires the following environment variables to be set:

• Sonarcloud project id: $SONAR_PROJECT
• Sonarcloud project specific token: $SONAR_TOKEN