-
Notifications
You must be signed in to change notification settings - Fork 10.4k
Add dotnet user-jwts tool and runtime support #41520
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 1 commit
Commits
Show all changes
18 commits
Select commit
Hold shift + click to select a range
bf23154
Add dotnet dev-jwts tool
captainsafia 6961df5
Add dotnet dev-jwts tool
captainsafia 212cf04
Address feedback from review
captainsafia 3ae682e
Rename project file
captainsafia 5f5c040
Write auth config to app settings
captainsafia 2675c50
Address more feedback
captainsafia c37a2a6
:seal:
captainsafia 212b42f
Apply suggestions from code review
captainsafia ef45270
Address more feedback
captainsafia 751c1d7
Add framework support for authentication changes
captainsafia 6562366
Add tests for user-jwts CLI and react to feedback
captainsafia 672fb64
Move ConsoleTable implementation to avoid conflicts in ProjectTemplates
captainsafia bd19796
Update existing auth tests and fix middleware registration
captainsafia 1f3a990
Update AzureAdB2C tests and auth app builder
captainsafia 23e9b0c
Fix build and move registration check
captainsafia f0aa386
Fix up resolution for Certificate test sources
captainsafia 98b504f
Fix write stream configuration for writing key material
captainsafia 50a3cda
Fix handling missing config section when processing options
captainsafia File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This check shouldn't be there. The user needs to be able to re-run auth if they add this to the pipeline again.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why would you re-run auth? The AuthN middleware is not route aware and only reacts to the default auth scheme setting.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's exactly why you'd want to re-run it later in the pipeline to force setting the User based on the default scheme.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess your point is that there's never a situation where running UseAuthentication can change based on where it is in the pipeline. Is that right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well a custom IAuthenticationSchemeProvider doesn't have to return the same value every time, so it is valid that rerunning the authentication middleware could result in a different User being set on a second call
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The performance of auth already sucks, and this doesn't make it better enough to warrant the breaking change.
We can still mark that the middleware was added to avoid adding the one in the web application builder.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That feels a little strange to me. The
WebApplicationBuilder.Authenticationpattern is an opt-in to the more simplified approach. It feels weird to have an opt-out to that when the more obvious choice of not using the newAuthenticationproperty at all exists.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Our check in the
WebApplicationBuilderprevents this from happening. We'll set a flag inUseAuthenticationthat is read and avoids re-registering automatically in the WAB.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It feels strange to me that there'd be scenarios we're consciously aware of where we'd say the workaround is to not use the new property. Can we simply make it so that the
WebApplicationBuilderdoes not add the middlewares if the app pipeline has already added the authentication middleware? Why is any more than that needed?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It already does that. To clarify, my point was that we didn't need to do anything additional here.