Skip to content

Fix up user-jwts interactions #42125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jun 16, 2022
Merged

Fix up user-jwts interactions #42125

merged 7 commits into from
Jun 16, 2022

Conversation

captainsafia
Copy link
Member

@captainsafia captainsafia commented Jun 10, 2022
edited
Loading

Closes #42113
Closes #41973

(aspnetcore) PS C:\Users\safia\user-jwts-cli-work\aspnetcore\src\Security\Authentication\JwtBearer\samples\MinimalJwtBearerSample> dotnet ..\..\..\..\..\..\artifacts\bin\dotnet-user-jwts\Debug\net7.0\dotnet-user-jwts.dll create
New JWT saved with ID 'd85b7664'.
Name: safia
Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6InNhZmlhIiwic3ViIjoic2FmaWEiLCJqdGkiOiJkODViNzY2NCIsImF1ZCI6WyJodHRwczovL2xvY2FsaG9zdDo3MjU5IiwiaHR0cDovL2xvY2FsaG9zdDo1MjU5Il0sIm5iZiI6MTY1NDg0Mzg5OCwiZXhwIjoxNjYyNzkyNjk4LCJpYXQiOjE2NTQ4NDM4OTksImlzcyI6ImRvdG5ldC11c2VyLWp3dHMifQ.sMPjubPIpOpOsa1eynTSsTdd_PSJaMU_SW-cOva38Zc
(aspnetcore) PS C:\Users\safia\user-jwts-cli-work\aspnetcore\src\Security\Authentication\JwtBearer\samples\MinimalJwtBearerSample> dotnet ..\..\..\..\..\..\artifacts\bin\dotnet-user-jwts\Debug\net7.0\dotnet-user-jwts.dll print d85b7664
Found JWT with ID 'd85b7664'.
ID: d85b7664
Name: safia
Scheme: Bearer
Audience(s): https://localhost:7259, http://localhost:5259
Not Before: 2022-06-10T06:51:38.0000000+00:00
Expires On: 2022-09-10T06:51:38.0000000+00:00
Issued On: 2022-06-10T06:51:39.0000000+00:00
Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6InNhZmlhIiwic3ViIjoic2FmaWEiLCJqdGkiOiJkODViNzY2NCIsImF1ZCI6WyJodHRwczovL2xvY2FsaG9zdDo3MjU5IiwiaHR0cDovL2xvY2FsaG9zdDo1MjU5Il0sIm5iZiI6MTY1NDg0Mzg5OCwiZXhwIjoxNjYyNzkyNjk4LCJpYXQiOjE2NTQ4NDM4OTksImlzcyI6ImRvdG5ldC11c2VyLWp3dHMifQ.sMPjubPIpOpOsa1eynTSsTdd_PSJaMU_SW-cOva38Zc
(aspnetcore) PS C:\Users\safia\user-jwts-cli-work\aspnetcore\src\Security\Authentication\JwtBearer\samples\MinimalJwtBearerSample> dotnet ..\..\..\..\..\..\artifacts\bin\dotnet-user-jwts\Debug\net7.0\dotnet-user-jwts.dll create --claim foo=bar --role baz
New JWT saved with ID '19ce6a19'.
Name: safiaRoles: bazCustom Claims: foo=bar
Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6InNhZmlhIiwic3ViIjoic2FmaWEiLCJqdGkiOiIxOWNlNmExOSIsInJvbGUiOiJiYXoiLCJmb28iOiJiYXIiLCJhdWQiOlsiaHR0cHM6Ly9sb2NhbGhvc3Q6NzI1OSIsImh0dHA6Ly9sb2NhbGhvc3Q6NTI1OSJdLCJuYmYiOjE2NTQ4NDM5NzQsImV4cCI6MTY2Mjc5Mjc3NCwiaWF0IjoxNjU0ODQzOTc1LCJpc3MiOiJkb3RuZXQtdXNlci1qd3RzIn0.nb44lODUzA4KHVqIDHJCKg71yGxD-kX1pADtXaUGcHo
(aspnetcore) PS C:\Users\safia\user-jwts-cli-work\aspnetcore\src\Security\Authentication\JwtBearer\samples\MinimalJwtBearerSample> dotnet ..\..\..\..\..\..\artifacts\bin\dotnet-user-jwts\Debug\net7.0\dotnet-user-jwts.dll create --claims foo=bar --roles baz
Specify --help for a list of available options and commands.
Unrecognized option '--claims'


Usage: dotnet user-jwts [options] [command]

Options:
  -p|--project  The path of the project to operate on. Defaults to the project in the current directory.
  -h|--help     Show help information

Commands:
  clear   Remove all issued JWTs for a project
  create  Issue a new JSON Web Token
  key     Display or reset the signing key used to issue JWTs
  list    Lists the JWTs issued for the project
  print   Print the details of a given JWT
  remove  Remove a given JWT

Use "dotnet user-jwts [command] --help" for more information about a command.
(aspnetcore) PS C:\Users\safia\user-jwts-cli-work\aspnetcore\src\Security\Authentication\JwtBearer\samples\MinimalJwtBearerSample> dotnet ..\..\..\..\..\..\artifacts\bin\dotnet-user-jwts\Debug\net7.0\dotnet-user-jwts.dll create --claim foo=bar --role baz
New JWT saved with ID '35ed49ea'.
Name: safia
Roles: baz
Custom Claims: foo=bar

Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6InNhZmlhIiwic3ViIjoic2FmaWEiLCJqdGkiOiIzNWVkNDllYSIsInJvbGUiOiJiYXoiLCJmb28iOiJiYXIiLCJhdWQiOlsiaHR0cHM6Ly9sb2NhbGhvc3Q6NzI1OSIsImh0dHA6Ly9sb2NhbGhvc3Q6NTI1OSJdLCJuYmYiOjE2NTQ4NDQxMTMsImV4cCI6MTY2Mjc5MjkxMywiaWF0IjoxNjU0ODQ0MTE0LCJpc3MiOiJkb3RuZXQtdXNlci1qd3RzIn0.S9Edhjcw26uc1KKnQdrIHkBsSMLj8m_Z6K3QV3XjaHg
(aspnetcore) PS C:\Users\safia\user-jwts-cli-work\aspnetcore\src\Security\Authentication\JwtBearer\samples\MinimalJwtBearerSample> dotnet ..\..\..\..\..\..\artifacts\bin\dotnet-user-jwts\Debug\net7.0\dotnet-user-jwts.dll print 35ed49ea
Found JWT with ID '35ed49ea'.
ID: 35ed49ea
Name: safia
Scheme: Bearer
Audience(s): https://localhost:7259, http://localhost:5259
Not Before: 2022-06-10T06:55:13.0000000+00:00
Expires On: 2022-09-10T06:55:13.0000000+00:00
Issued On: 2022-06-10T06:55:14.0000000+00:00
Roles: [baz]
Custom Claims: [foo=bar]
Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6InNhZmlhIiwic3ViIjoic2FmaWEiLCJqdGkiOiIzNWVkNDllYSIsInJvbGUiOiJiYXoiLCJmb28iOiJiYXIiLCJhdWQiOlsiaHR0cHM6Ly9sb2NhbGhvc3Q6NzI1OSIsImh0dHA6Ly9sb2NhbGhvc3Q6NTI1OSJdLCJuYmYiOjE2NTQ4NDQxMTMsImV4cCI6MTY2Mjc5MjkxMywiaWF0IjoxNjU0ODQ0MTE0LCJpc3MiOiJkb3RuZXQtdXNlci1qd3RzIn0.S9Edhjcw26uc1KKnQdrIHkBsSMLj8m_Z6K3QV3XjaHg
(aspnetcore) PS C:\Users\safia\user-jwts-cli-work\aspnetcore\src\Security\Authentication\JwtBearer\samples\MinimalJwtBearerSample> dotnet ..\..\..\..\..\..\artifacts\bin\dotnet-user-jwts\Debug\net7.0\dotnet-user-jwts.dll print 35ed49ea --show-all
Found JWT with ID '35ed49ea'.
ID: 35ed49ea
Name: safia
Scheme: Bearer
Audience(s): https://localhost:7259, http://localhost:5259
Not Before: 2022-06-10T06:55:13.0000000+00:00
Expires On: 2022-09-10T06:55:13.0000000+00:00
Issued On: 2022-06-10T06:55:14.0000000+00:00
Scopes: none
Roles: [baz]
Custom Claims: [foo=bar]
Token Header: {"alg":"HS256","typ":"JWT"}
Token Payload: {"unique_name":"safia","sub":"safia","jti":"35ed49ea","role":"baz","foo":"bar","aud":["https://localhost:7259","http://localhost:5259"],"nbf":1654844113,"exp":1662792913,"iat":1654844114,"iss":"dotnet-user-jwts"}
Compact Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6InNhZmlhIiwic3ViIjoic2FmaWEiLCJqdGkiOiIzNWVkNDllYSIsInJvbGUiOiJiYXoiLCJmb28iOiJiYXIiLCJhdWQiOlsiaHR0cHM6Ly9sb2NhbGhvc3Q6NzI1OSIsImh0dHA6Ly9sb2NhbGhvc3Q6NTI1OSJdLCJuYmYiOjE2NTQ4NDQxMTMsImV4cCI6MTY2Mjc5MjkxMywiaWF0IjoxNjU0ODQ0MTE0LCJpc3MiOiJkb3RuZXQtdXNlci1qd3RzIn0.S9Edhjcw26uc1KKnQdrIHkBsSMLj8m_Z6K3QV3XjaHg

@captainsafia captainsafia added area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI old-area-web-frameworks-do-not-use *DEPRECATED* This label is deprecated in favor of the area-mvc and area-minimal labels feature-userjwts The `dotnet user-jwts` CLI tool labels Jun 10, 2022
@captainsafia captainsafia requested a review from a team June 10, 2022 07:04
@captainsafia captainsafia requested a review from Pilchie as a code owner June 10, 2022 07:04
@captainsafia captainsafia force-pushed the user-jwts-fix-print branch from 64d2c70 to 060ba2e Compare June 10, 2022 07:16
@DamianEdwards
Copy link
Member

Is this just a copy/pasta error (all on the same line):

Name: safiaRoles: bazCustom Claims: foo=bar

@DamianEdwards
Copy link
Member

Can we have it so that the values for Roles and Claims are formatted the same when displaying after creating and printing? Right now it seems there's square brackets around the values when printing but not when creating.

@DamianEdwards
Copy link
Member

We can do this in a later change, but it would be nice if we left-padded the values so they all left-aligned when printing the details, e.g.:

Name:   safia
Roles:  bazCustom
Claims: foo=bar

@captainsafia
Copy link
Member Author

Is this just a copy/pasta error (all on the same line):

Ish. Found this bug and fixed it after running through the CLI scenario.

Can we have it so that the values for Roles and Claims are formatted the same when displaying after creating and printing?

Doable!

We can do this in a later change, but it would be nice if we left-padded the values so they all left-aligned when printing the details, e.g.:

Sure.

@martincostello martincostello mentioned this pull request Jun 11, 2022
Closed
1 task
@captainsafia @DamianEdwards
Apply suggestions from code review
16d55b6 
Co-authored-by: Damian Edwards <damian@damianedwards.com>
@DamianEdwards DamianEdwards requested a review from a team June 15, 2022 19:29
captainsafia and others added 2 commits June 15, 2022 13:00
@captainsafia @DamianEdwards
Apply suggestions from code review
9108364 
Co-authored-by: Damian Edwards <damian@damianedwards.com>
@captainsafia @DamianEdwards
Update src/Tools/dotnet-user-jwts/src/Commands/CreateCommand.cs
cf90596 
Co-authored-by: Damian Edwards <damian@damianedwards.com>
@Rick-Anderson Rick-Anderson mentioned this pull request Jun 15, 2022
Closed
@captainsafia
Copy link
Member Author

@BrennanConroy Can I get a review on this?

BrennanConroy
BrennanConroy reviewed Jun 16, 2022
View reviewed changes
src/Tools/dotnet-user-jwts/src/Commands/CreateCommand.cs Outdated
@@ -147,10 +156,14 @@ public static void Register(ProjectCommandLineApplication app)
reporter.Error(Resources.FormatCreateCommand_InvalidPeriod_Error("--valid-for"));
}
expiresOn = notBefore.Add(validForValue);
optionsString += $"{Resources.JwtPrint_ExpiresOn}: {expiresOn:O}{Environment.NewLine}";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

expiresOnOption and validForOption conflict, is there a warning/error for this? Should we only print one of them?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call! I think we probably want to throw an error and treat the input arguments as invalid in this case.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, I think that's what I did in the original prototype, you have to specify either/or.

src/Tools/dotnet-user-jwts/src/Helpers/DevJwtCliHelpers.cs
reporter.Output($"{Resources.JwtPrint_TokenPayload}: {fullToken.Payload.SerializeToJson()}");
}

var tokenValueFieldName = showAll ? Resources.JwtPrint_CompactToken : Resources.JwtPrint_Token;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this backward?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's intentional. When the user provides the showAll flag, we'll print the full token with the header and payload, when that happens we're printing "Compact" token to make it clear that the value is the encoded token. Same doesn't need to be done if we never print the full token.

captainsafia and others added 2 commits June 16, 2022 11:25
BrennanConroy
BrennanConroy approved these changes Jun 16, 2022
View reviewed changes
src/Tools/dotnet-user-jwts/src/Commands/ListCommand.cs
@@ -42,11 +42,11 @@ private static int Execute(IReporter reporter, string projectPath, bool showToke
if (jwtStore.Jwts is { Count: > 0 } jwts)
{
var table = new ConsoleTable(reporter);
table.AddColumns("Id", "Scheme Name", "Audience", "Issued", "Expires");
table.AddColumns(Resources.JwtPrint_Id, Resources.JwtPrint_Scheme, Resources.JwtPrint_Audiences, Resources.JwtPrint_IssuedOn, Resources.JwtPrint_ExpiresOn);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Idk if you saw my question, should audience and name both be here? I think the issue mentioned including both.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, so the issue refers to showing the name in the print command. For list, I figured it would make sense to limit it to the properties that impact the JWT's behavior at runtime. Also, I wanted to be a little cautious about having too many columns in the table since our ConsoleTable implementation is pretty rudimentary.

@captainsafia captainsafia merged commit b0a348c into dotnet:main Jun 16, 2022
@ghost ghost added this to the 7.0-preview6 milestone Jun 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DamianEdwards DamianEdwards DamianEdwards left review comments

@BrennanConroy BrennanConroy BrennanConroy approved these changes

@Pilchie Pilchie Awaiting requested review from Pilchie

Assignees
No one assigned
Labels
area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI feature-userjwts The `dotnet user-jwts` CLI tool old-area-web-frameworks-do-not-use *DEPRECATED* This label is deprecated in favor of the area-mvc and area-minimal labels
Projects
None yet
Milestone
7.0-preview6
Development

Successfully merging this pull request may close these issues.

user-jwts issues Support O DateTime(Offset) format in dotnet user-jwts tool
3 participants
@captainsafia @DamianEdwards @BrennanConroy