Readme

Fluens.Web.Auth

JWT Bearer authentication and security headers middleware for Fluens web applications.

Installation

dotnet add package Fluens.Web.Auth

Usage

fluensBuilder.AddAuth();

app.UseSecurityHeaders();
app.UseAuthentication();
app.UseAuthorization();

Configuration section: Fluens:Auth:

{
  "Fluens": {
    "Auth": {
      "Enabled": true,
      "Issuer": "https://myapp.example.com",
      "Audience": "myapp-api",
      "SecretKey": "your-secret-key-at-least-32-characters-long!"
    }
  }
}

Overriding JwtBearerOptions

AddAuth() accepts an optional configureJwt callback to override JWT Bearer defaults:

fluensBuilder.AddAuth(configureJwt: jwt =>
{
    jwt.TokenValidationParameters.ClockSkew = TimeSpan.FromMinutes(1);
});

SecurityHeadersOptions

UseSecurityHeaders() adds all security headers by default. Accepts an optional Action<SecurityHeadersOptions>? configure callback to override individual headers:

app.UseSecurityHeaders(opts =>
{
    // opts.FrameOptions = false; // disable X-Frame-Options
    // opts.PermissionsPolicyValue = "camera=(), microphone=()"; // custom policy
});

All headers are enabled via SecurityHeadersOptions (all properties use init and default to true):

Property	Type	Default	Header
`ContentTypeOptions`	`bool`	`true`	`X-Content-Type-Options: nosniff`
`FrameOptions`	`bool`	`true`	`X-Frame-Options: DENY`
`ReferrerPolicy`	`bool`	`true`	`Referrer-Policy: strict-origin-when-cross-origin`
`PermissionsPolicy`	`bool`	`true`	Restrictive `Permissions-Policy`
`PermissionsPolicyValue`	`string?`	`null`	Custom override for `Permissions-Policy` value

License

This project is licensed under the MIT License.

Readme

Fluens.Web.Auth

JWT Bearer authentication and security headers middleware for Fluens web applications.

Installation

dotnet add package Fluens.Web.Auth

Usage

fluensBuilder.AddAuth();

app.UseSecurityHeaders();
app.UseAuthentication();
app.UseAuthorization();

Configuration section: Fluens:Auth:

{
  "Fluens": {
    "Auth": {
      "Enabled": true,
      "Issuer": "https://myapp.example.com",
      "Audience": "myapp-api",
      "SecretKey": "your-secret-key-at-least-32-characters-long!"
    }
  }
}

Overriding JwtBearerOptions

AddAuth() accepts an optional configureJwt callback to override JWT Bearer defaults:

fluensBuilder.AddAuth(configureJwt: jwt =>
{
    jwt.TokenValidationParameters.ClockSkew = TimeSpan.FromMinutes(1);
});

SecurityHeadersOptions

UseSecurityHeaders() adds all security headers by default. Accepts an optional Action<SecurityHeadersOptions>? configure callback to override individual headers:

app.UseSecurityHeaders(opts =>
{
    // opts.FrameOptions = false; // disable X-Frame-Options
    // opts.PermissionsPolicyValue = "camera=(), microphone=()"; // custom policy
});

All headers are enabled via SecurityHeadersOptions (all properties use init and default to true):

Property	Type	Default	Header
`ContentTypeOptions`	`bool`	`true`	`X-Content-Type-Options: nosniff`
`FrameOptions`	`bool`	`true`	`X-Frame-Options: DENY`
`ReferrerPolicy`	`bool`	`true`	`Referrer-Policy: strict-origin-when-cross-origin`
`PermissionsPolicy`	`bool`	`true`	Restrictive `Permissions-Policy`
`PermissionsPolicyValue`	`string?`	`null`	Custom override for `Permissions-Policy` value

License

This project is licensed under the MIT License.

P2P2/Fluens.Web.Authv0.6.5

Get Started

Readme

Fluens.Web.Auth

Installation

Usage

Overriding JwtBearerOptions

SecurityHeadersOptions

License

P2P2/Fluens.Web.Authv0.6.5

Get Started

Readme

Fluens.Web.Auth

Installation

Usage

Overriding JwtBearerOptions

SecurityHeadersOptions

License