TPJ.Auth 10.0.1

TPJ.Auth

TPJ.Auth is a small helper package for issuing JWT access tokens, generating refresh tokens, and wiring JWT bearer authentication into ASP.NET Core API applications.

Install

dotnet add package TPJ.Auth

Configuration

Add the token settings to appsettings.json:

{
 "TPJ": {
 "Auth": {
 "Issuer": "MyApi",
 "Audience": "MyApi.Client",
 "SecretKey": "a-long-random-secret-key-used-to-sign-jwt-tokens",
 "Expiration": {
 "Hours": "0",
 "Minutes": "30",
 "Seconds": "0"
 },
 "RequireHttps": "true",
 "RefreshToken": {
 "Length": "32",
 "ExpiryDays": "7"
 },
 "Cookie": {
 "Path": "/",
 "AccessTokenKey": "access_token",
 "RefreshTokenKey": "refresh_token",
 "SameSite": "Strict",
 "Secure": "true",
 "HttpOnly": "true"
 }
 }
 }
}

Expiration is now configured with Hours, Minutes, and Seconds under TPJ:Auth:Expiration.

Bearer token API example

This example returns the JWT to the client and expects requests to send Authorization: Bearer <token>.

Program.cs

using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
using TPJ.Auth;

var builder = WebApplication.CreateBuilder(args);

var tokenSettings = new TokenSettings(builder.Configuration);

builder.Services.AddSingleton<ITokenSettings>(tokenSettings);
builder.Services.AddTPJBearerAuth(tokenSettings.DefaultJwtBearerOptions());
builder.Services.AddAuthorization();

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();

app.MapPost("/login", (ITokenHelper tokenHelper) =>
{
 var token = tokenHelper.GenerateToken(
 userName: "alice",
 userClaims:
 [
 new Claim(ClaimTypes.Name, "alice"),
 new Claim(ClaimTypes.Email, "alice@example.com")
 ],
 roles: ["User"]);

 return Results.Ok(new
 {
 accessToken = token.Token,
 expiresUtc = token.ExpirationDateTimeUtc,
 refreshToken = token.RefreshToken,
 refreshTokenExpiresUtc = token.RefreshTokenExpirationDateTimeUtc
 });
});

app.MapGet("/secure", [Authorize] (ClaimsPrincipal user) =>
{
 return Results.Ok(new
 {
 message = "Authenticated request",
 name = user.Identity?.Name,
 subject = user.FindFirst("sub")?.Value
 });
});

app.Run();

Cookie-based API example

This example stores the access token and refresh token in cookies. Use this when your API and client are designed to authenticate with cookies instead of sending the bearer token manually.

Program.cs

using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
using TPJ.Auth;

var builder = WebApplication.CreateBuilder(args);

var tokenSettings = new TokenSettings(builder.Configuration);

builder.Services.AddSingleton<ITokenSettings>(tokenSettings);
builder.Services.AddTPJBearerCookieAuth(tokenSettings);
builder.Services.AddAuthorization();

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();

app.MapPost("/login", (HttpContext httpContext, ITokenHelper tokenHelper) =>
{
 var token = tokenHelper.GenerateToken(
 userName: "alice",
 userClaims: [new Claim(ClaimTypes.Name, "alice")],
 roles: ["User"]);

 tokenHelper.CreateAccessTokenCookie(
 httpContext.Request,
 token.Token,
 token.ExpirationDateTimeUtc);

 tokenHelper.CreateRefreshTokenCookie(
 httpContext.Request,
 token.RefreshToken,
 token.RefreshTokenExpirationDateTimeUtc);

 return Results.Ok(new
 {
 message = "Authentication cookies created",
 expiresUtc = token.ExpirationDateTimeUtc
 });
});

app.MapPost("/logout", [Authorize] (HttpContext httpContext, ITokenHelper tokenHelper) =>
{
 tokenHelper.DeleteAccessTokenCookie(httpContext.Request);
 tokenHelper.DeleteRefreshTokenCookie(httpContext.Request);

 return Results.NoContent();
});

app.MapGet("/secure", [Authorize] () => Results.Ok(new { message = "Authenticated with cookie or bearer token" }));

app.Run();

Notes

• Register ITokenSettings before calling the auth extension methods so ITokenHelper uses your configured values.
• AddTPJBearerAuth(...) reads JWTs from the Authorization header.
• AddTPJBearerCookieAuth(...) also reads the JWT from the configured access-token cookie.
• ITokenHelper.GenerateToken(...) returns both the JWT and a refresh token.