Skip to main content

Testing a token protected API using user-jwts

Testing a token-protected API can be a challenge. You need to have an identity and access management solution in place to get a valid access token that can be passed to your API.

.NET 7 makes this whole process easier by introducing a new command line tool; user-jwts. This allows you to generate JSON Web Tokens that can be used during development.

Let me walk you through the steps to use this new tool.

Getting started with user-jwts

I have an existing ASP.NET Core application configured to use JTW Bearer authentication:

I introduce a new endpoint that requires authorization:

Before .NET 7 to be able to test this endpoint, we need to register this API in your IAM solution and log in by providing valid credentials. Not impossible to do, but still a lot of work...

Let’s invoke the user-jwts tool:

dotnet user-jwts create

Executing this command will result in the following actions:

  • A JWT token is created and stored as a ‘user secret’ on your local machine.
  • The appsettings.development.json is updated with the necessary configuration details:

Now we can call our API by passing the generated JWT token:

curl -i -H "Authorization: Bearer {token}" https://localhost:7214/secret

If you want to create a token for a specific user and scope, you can do that as well:

dotnet user-jwts create –name Bart --scope "openid" –scope "profile"

You can find the complete example app here: https://github.com/wullemsb/UserJwtsDemo

If you want to learn more, check out the documentation: Generate tokens with dotnet user-jwts | Microsoft Learn

Labels:

Popular posts from this blog

Podman– Command execution failed with exit code 125

After updating WSL on one of the developer machines, Podman failed to work. When we took a look through Podman Desktop, we noticed that Podman had stopped running and returned the following error message: Error: Command execution failed with exit code 125 Here are the steps we tried to fix the issue: We started by running podman info to get some extra details on what could be wrong: >podman info OS: windows/amd64 provider: wsl version: 5.3.1 Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM Error: unable to connect to Podman socket: failed to connect: dial tcp 127.0.0.1:2655: connectex: No connection could be made because the target machine actively refused it. That makes sense as the podman VM was not running. Let’s check the VM: >podman machine list NAME         ...
Read more

Azure DevOps/ GitHub emoji

I’m really bad at remembering emoji’s. So here is cheat sheet with all emoji’s that can be used in tools that support the github emoji markdown markup: All credits go to rcaviers who created this list.
Read more

VS Code Planning mode

After the introduction of Plan mode in Visual Studio , it now also found its way into VS Code. Planning mode, or as I like to call it 'Hannibal mode', extends GitHub Copilot's Agent Mode capabilities to handle larger, multi-step coding tasks with a structured approach. Instead of jumping straight into code generation, Planning mode creates a detailed execution plan. If you want more details, have a look at my previous post . Putting plan mode into action VS Code takes a different approach compared to Visual Studio when using plan mode. Instead of a configuration setting that you can activate but have limited control over, planning is available as a separate chat mode/agent: I like this approach better than how Visual Studio does it as you have explicit control when plan mode is activated. Instead of immediately diving into execution, the plan agent creates a plan and asks some follow up questions: You can further edit the plan by clicking on ‘Open in Editor’: ...
Read more