Skip to content

Update README.md #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
andrew-propelauth merged 1 commit into from
Jun 30, 2025
Merged

Update README.md #11

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 42 additions & 10 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,21 +26,50 @@ dotnet add package PropelAuth

## Initialize

`AddPropelAuthAsync` performs a one-time initialization of the library.
It will verify your `apiKey` is correct and fetch the metadata needed to verify access tokens in [GetUser](https://docs.propelauth.com/reference/backend-apis/dot-net#protect-api-routes).
Begin by navigating to the **Backend Integration** page of the PropelAuth Dashboard and copying your **Auth URL** and **Public Verifier Key**. These values will be used to validate [access tokens](https://docs.propelauth.com/recipes/access-tokens) generated by your frontend. Paste these values into your .NET project.

```csharp
var AUTH_URL = "https://auth.example.com";
var PUBLIC_KEY = @"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DsxqIjXqM0i5PL6kFVa
280S3gl96n2YlO6l9ss2XD/GOoDM11LxnwlIBWFXeRGhOVi4dp2pefY4Bh2rg4Z8
/Nq1J..
-----END PUBLIC KEY-----
";
```

We'll be using the [System.Security.Cryptography Namespace](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography?view=net-9.0) to import the **Public Verifier Key**.

```csharp
using System.Security.Claims;
using PropelAuth;
using PropelAuth.Models;
using System.Security.Cryptography;

var builder = WebApplication.CreateBuilder(args);
var rsa = RSA.Create();
rsa.ImportFromPem(PUBLIC_KEY);
```

Next, let's configure our app to use JWT authentication. This will allow us to validate access tokens and retrieve user information from them.

await builder.Services.AddPropelAuthAsync(new PropelAuthOptions(
apiKey: "YOUR_API_KEY",
authUrl: "YOUR_AUTH_URL"
));

```csharp
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;

builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
ValidAlgorithms = new List<string>() {"RS256"},
ValidIssuer = AUTH_URL,
IssuerSigningKey = new RsaSecurityKey(rsa),
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
});
```

---
Expand All @@ -53,6 +82,9 @@ The `PropelAuth` .NET library provides a User Class to validate the access token
If the access token is not valid, the user's properties will be set to null. If that's the case, you can use .NET's [Results Class](https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.http.results?view=aspnetcore-8.0) to return a `401 Unauthorized` error.

```csharp
using PropelAuth.Models;
using System.Security.Claims;

app.MapGet("/", (ClaimsPrincipal claimsPrincipal) =>
{
var user = claimsPrincipal.GetUser();
Expand Down
Loading