CallAutomation.AspNetCore.Authentication.JwtBearer
1.0.2
dotnet add package CallAutomation.AspNetCore.Authentication.JwtBearer --version 1.0.2
NuGet\Install-Package CallAutomation.AspNetCore.Authentication.JwtBearer -Version 1.0.2
<PackageReference Include="CallAutomation.AspNetCore.Authentication.JwtBearer" Version="1.0.2" />
paket add CallAutomation.AspNetCore.Authentication.JwtBearer --version 1.0.2
#r "nuget: CallAutomation.AspNetCore.Authentication.JwtBearer, 1.0.2"
// Install CallAutomation.AspNetCore.Authentication.JwtBearer as a Cake Addin #addin nuget:?package=CallAutomation.AspNetCore.Authentication.JwtBearer&version=1.0.2 // Install CallAutomation.AspNetCore.Authentication.JwtBearer as a Cake Tool #tool nuget:?package=CallAutomation.AspNetCore.Authentication.JwtBearer&version=1.0.2
CallAutomation.AspNetCore.Authentication.JwtBearer
This project contains several extension methods used with an ASP.NET web application to protect and validate public web endpoints.
Protecting Webhook Endpoints
The Azure Communication Services Call Automation platform uses HTTPS webhook callbacks to send events for call setup and mid-call action responses. The webhook endpoint must be publicly accessible by the Call Automation servers which leaves some people to be concerned about protecting these endpoints from unauthorized access.
A recent addition to the Call Automation platform allows you to use Json Web Token (JWT) bearer authentication and OAuth2's Open ID Connect extensions to verify the inbound communications to your web server.
The JWT bearer token is present on all callbacks and is in the Authorization
header of the inbound HTTP request.
Application Configuration
You can use the built-in constants from the AcsOpenIdDefaults
class to retrieve configuration information.
As an example, you can configure your secrets.json
file for local development using the AcsJwtBearerOptions
section name which is defined in the AcsJwtBearerOptions
class as a static string value. The ValidAudience
property refers to your Azure Communication Services immutable resource ID which can be found in your ACS resource. The aud
claim of the JWT bearer token will need to match this resource ID value.
{
"AcsJwtBearerOptions": {
"ValidAudience": "abc8b7b5-6666-4e99-a66f-r90c600e6cb9",
"ValidateLifetime": true //<-- optional (defaults to true)
}
}
NOTE: If you want to test your configuration with an expired token, change the token validation lifetime check by setting
ValidateLifetime
tofalse
in your configuration as shown in the previous example.
Example Program.cs Setup
// use the extension method to add the authentication scheme and policy and bind the configuration section name automatically.
builder.Services.AddAcsWebHookAuthentication(x =>
builder.Configuration.Bind(AcsOpenIdDefaults.SectionName, x));
// protect an HTTP endpoint by adding the extension method as follows
app.MapGet("/{name}", (string name) => $"Hello {name}!")
.RequireAcsWebHookAuthorization();
You have the option of using your own policy name on both the AddAcsWebHookAuthentication
and RequireAcsWebHookAuthorization
methods.
Token Validation
This library will perform JWT bearer token validation on endpoints matching the policy you specify or using the default policy in this library. On protected endpoints the authentication middleware in ASP.NET will trigger the retrieval of the JWKS signing keys and issuer value from the OpenIdConfigurationUrl
which has already been set to the correct default value for Call Automation.
The token validation parameters will validate the following:
- The
iss
claim must match the issuer from the JWKS URL - The
aud
claim must match theValidAudience
property of theAcsJwtBearerOptions
class which was bound during startup. - The token's lifetime is validated (i.e. no more than 5 minutes past the expiration time)
- All other default values from the ASP.NET
TokenValidationParameters
class also apply.
More information
Azure Communication Services Call Automation documentation: https://review.learn.microsoft.com/en-us/azure/communication-services/how-tos/call-automation/secure-webhook-endpoint?tabs=csharp
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net7.0
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
1.0.2 | 254 | 6/9/2023 |
First release.