Skip to content

a .NET Core library to make developing offline for OAuth and OIDC much easier.

License

Notifications You must be signed in to change notification settings

calebjenkins/FakeAuth

Repository files navigation

FakeAuth

.github/workflows/dev-ci.yml .github/workflows/main-ci-test-publish.yml NuGet NuGet

FakeAuth Logo

a .NET Core library to make developing offline for OAuth and OIDC much easier.

Developing with OAuth or OIDC - takes about 30 minutes of set up work just to get going; with FakeAuth, it's one line of code.

Supports custom Claims and Profiles that can be swapped in during development of your application.

Examples in the Samples Folder. More details on why this was built on this blog post and additional articles.

Installing FakeAuth

You should install FakeAuth with NuGet:

Install-Package FakeAuth

Or via the .NET Core command line interface:

dotnet add package FakeAuth

Either command, from Package Manager Console or .NET Core CLI, will download and install FakeAuth and all required dependencies.

Using FakeAuth

In an ASP.NET Core Application, you can configure FakeAuth in the Startup Class:

services.AddAuthentication().AddFakeAuth();

That will give you a default profile. In fact, the above is exactly the same as doing this:

services.AddAuthentication().AddFakeAuth();

You can create custom profiles by implementing the interface IFakeAuthProfile, or you can inline your custom claims directly:

  services.AddAuthentication().AddFakeAuth((options) =>
    {
		options.Claims.Add(new Claim(ClaimTypes.Name, "Fake User"));
		options.Claims.Add(new Claim(ClaimTypes.Role, "Expense_Approver"));
		options.Claims.Add(new Claim("Approval_Limit", "25.00"));
		options.Claims.Add(new Claim("Approval_Currency", "USD"));
		options.Claims.Add(new Claim("Preffered_Location", "Disney Island"));
	});

See more of these examples in the SampleWeb application.

Testing with FakeAuth

FakeAuth works great with ASP.Net's testing framework. For some examples, take a look at the FakeAuth.IntegrationTests project.

In particular, you can set the FakeAuth claims for a specific HttpClient using SetFakeAuthClaims(...):

client.SetFakeAuthClaims(
    new Claim(ClaimTypes.Name, "Joe Manager"),
    new Claim(ClaimTypes.Role, "Manager")
);

You can also re-use any profiles that implement IFakeAuthProfile directly on your HttpClient:

 client.SetFakeAuthClaims<DefaultProfile>();

This lets you write tests that validate your authorization works as intended with and without the required claims.

.NET 6

In .NET 6 you are no longer required to use a StartUp class. You can still use FakeAuth directly in the Program class:

    builder.Services.AddAuthentication().AddFakeAuth();

Use Cases - for OAuth/Claims based .NET Core applications

  • To get started building your application as quickly as possible.
  • For POCs that you want to try out without registering your application in an Identity Provider.
  • For running and developing locally without internet access.
  • For Demo based applications that you want people to download and run - without needing to set up a production identity service first, or without sharing your application id/client secret information.

Not for - FakeAuth can not be used in production

  • Do not use FakeAuth in a production environment
  • FakeAuth will only work on http://localhost/ by default - it's intended to be a development tool.
  • You will want to transition to an actual OAuth / Claims provider before you go to Production. Starting with Fake Auth can help you establish and document which claims your application will rely on.

Contributing to FakeAuth

Please target any PRs to the Develop branch.

History

Changes in version 2.0.0

  • Removed the obsolete extension methods from version 1.2.0. Must use AddAuthentication().AddFakeAuth() methods now.
  • Fixed typo in the HttpClientExtensions extension class from SetFakeAuthClaimns to SetFakeAuthClaims
  • New Feature: We added a new AllowedHosts property to the FakeAuthOptions class. Previously, only localhost testing was supported, with 2.0.0 and forward, specific hosts can be configured to support more testing scenarios.

Version 1.2.0

Prior to version 1.2.0 only services.UseFakeAuth() was supported. This is considered obsolete, and will be dropped in version 2.0.0 moving forward.

Starting with version 1.2.0 + please use the services.AddAuthentication().AddFakeAuth() extension methods. This was done to more syntactically align FakeAuth with other authentication mechanisms and idioms.

This history section will be removed (more likely updated) when we get to 2.0.0 +

About

a .NET Core library to make developing offline for OAuth and OIDC much easier.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •