From 5e0651087629b701bb2dac126e87530364347af9 Mon Sep 17 00:00:00 2001 From: pfvatterott Date: Mon, 30 Jun 2025 17:08:20 -0600 Subject: [PATCH] Update README.md --- README.md | 52 ++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 985d7d2..0d0b9aa 100644 --- a/README.md +++ b/README.md @@ -26,21 +26,50 @@ dotnet add package PropelAuth ## Initialize -`AddPropelAuthAsync` performs a one-time initialization of the library. -It will verify your `apiKey` is correct and fetch the metadata needed to verify access tokens in [GetUser](https://docs.propelauth.com/reference/backend-apis/dot-net#protect-api-routes). +Begin by navigating to the **Backend Integration** page of the PropelAuth Dashboard and copying your **Auth URL** and **Public Verifier Key**. These values will be used to validate [access tokens](https://docs.propelauth.com/recipes/access-tokens) generated by your frontend. Paste these values into your .NET project. +```csharp +var AUTH_URL = "https://auth.example.com"; +var PUBLIC_KEY = @"-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DsxqIjXqM0i5PL6kFVa +280S3gl96n2YlO6l9ss2XD/GOoDM11LxnwlIBWFXeRGhOVi4dp2pefY4Bh2rg4Z8 +/Nq1J.. +-----END PUBLIC KEY----- +"; +``` + +We'll be using the [System.Security.Cryptography Namespace](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography?view=net-9.0) to import the **Public Verifier Key**. ```csharp -using System.Security.Claims; -using PropelAuth; -using PropelAuth.Models; +using System.Security.Cryptography; -var builder = WebApplication.CreateBuilder(args); +var rsa = RSA.Create(); +rsa.ImportFromPem(PUBLIC_KEY); +``` + +Next, let's configure our app to use JWT authentication. This will allow us to validate access tokens and retrieve user information from them. -await builder.Services.AddPropelAuthAsync(new PropelAuthOptions( - apiKey: "YOUR_API_KEY", - authUrl: "YOUR_AUTH_URL" -)); + +```csharp +using Microsoft.AspNetCore.Authentication.JwtBearer; +using Microsoft.IdentityModel.Tokens; + +builder.Services.AddAuthentication(options => +{ + options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; + options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(options => +{ + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateAudience = false, + ValidAlgorithms = new List() {"RS256"}, + ValidIssuer = AUTH_URL, + IssuerSigningKey = new RsaSecurityKey(rsa), + ValidateLifetime = true, + ClockSkew = TimeSpan.Zero + }; +}); ``` --- @@ -53,6 +82,9 @@ The `PropelAuth` .NET library provides a User Class to validate the access token If the access token is not valid, the user's properties will be set to null. If that's the case, you can use .NET's [Results Class](https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.http.results?view=aspnetcore-8.0) to return a `401 Unauthorized` error. ```csharp +using PropelAuth.Models; +using System.Security.Claims; + app.MapGet("/", (ClaimsPrincipal claimsPrincipal) => { var user = claimsPrincipal.GetUser();