A simple RESTful API built with ASP.NET Core that provides JWT-based authentication with access tokens and refresh tokens.
- JWT Authentication: Secure token-based authentication
- Access Tokens: Short-lived tokens (15 minutes) for API access
- Refresh Tokens: Long-lived tokens for token renewal
- User Management: Simple user authentication with dummy data
- Comprehensive Logging: Structured logging with Serilog
- Swagger Documentation: API documentation and testing interface
- Unit Tests: Comprehensive test coverage
- .NET 9.0 SDK
- macOS, Windows, or Linux
- Clone the repository:
git clone <repository-url>
cd AuthAPI- Restore dependencies:
dotnet restore- Run the application:
dotnet runThe API will be available at:
- API: https://localhost:7001
- Swagger UI: https://localhost:7001/swagger
Authenticate a user and receive access and refresh tokens.
Request Body:
{
"email": "admin@example.com",
"password": "admin123"
}Response:
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refreshToken": "base64-encoded-refresh-token",
"expiresAt": "2024-01-15T10:30:00Z",
"tokenType": "Bearer"
}Refresh an access token using a refresh token.
Request Body:
{
"refreshToken": "base64-encoded-refresh-token"
}Get current user information (requires authentication).
Headers:
Authorization: Bearer <access-token>
Response:
{
"id": "1",
"email": "admin@example.com",
"createdAt": "2024-01-01T00:00:00Z"
}The API includes two test users:
| Password | |
|---|---|
| admin@example.com | admin123 |
| user@example.com | user123 |
The application uses appsettings.json for configuration:
{
"Jwt": {
"SecretKey": "your-super-secret-key-with-at-least-32-characters-for-production",
"Issuer": "AuthAPI",
"Audience": "AuthAPI"
}
}Important: Change the SecretKey in production to a secure, randomly generated key.
Run the test suite:
dotnet testRun tests with coverage:
dotnet test --collect:"XPlat Code Coverage"AuthAPI/
├── Controllers/
│ ├── AuthController.cs # Authentication endpoints
│ └── UserController.cs # User information endpoints
├── Models/
│ ├── LoginRequest.cs # Login request model
│ ├── LoginResponse.cs # Login response model
│ └── User.cs # User model
├── Services/
│ ├── ITokenService.cs # Token service interface
│ ├── TokenService.cs # JWT token implementation
│ ├── IUserService.cs # User service interface
│ └── UserService.cs # User management implementation
├── AuthAPI.Tests/
│ ├── AuthControllerTests.cs # Authentication controller tests
│ ├── UserControllerTests.cs # User controller tests
│ └── TokenServiceTests.cs # Token service tests
├── Program.cs # Application entry point
├── appsettings.json # Configuration
└── README.md # This file
- Password Hashing: SHA256 hashing for password storage
- JWT Security: Signed tokens with configurable expiration
- Token Validation: Comprehensive token validation
- Secure Headers: HTTPS redirection and security headers
The application uses Serilog for structured logging:
- Console Output: Real-time logging during development
- File Logging: Daily rolling log files in
logs/directory - Structured Logs: JSON-formatted logs with correlation IDs
dotnet builddotnet run --environment Developmentdotnet run --environment ProductionBuild the Docker image:
docker build -t authapi .Run the container:
docker run -p 7001:7001 authapi- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
This project is licensed under the MIT License.
- This is a demo application with dummy user data
- In production, implement proper user storage (database)
- Add refresh token storage and validation
- Implement proper password hashing (bcrypt, Argon2)
- Add rate limiting and additional security measures
- Configure CORS policies for your frontend applications