a .NET Core library to make developing offline for OAuth and OIDC much easier.
Developing with OAuth or OIDC - takes about 30 minutes of set up work just to get going; with FakeAuth, it's one line of code.
Supports custom Claims and Profiles that can be swapped in during development of your application.
Examples in the Samples Folder. More details on why this was built on this blog post and additional articles.
You should install FakeAuth with NuGet:
Install-Package FakeAuth
Or via the .NET Core command line interface:
dotnet add package FakeAuth
Either command, from Package Manager Console or .NET Core CLI, will download and install FakeAuth and all required dependencies.
In an ASP.NET Core Application, you can configure FakeAuth in the Startup Class:
services.AddAuthentication().AddFakeAuth();
That will give you a default profile. In fact, the above is exactly the same as doing this:
services.AddAuthentication().AddFakeAuth();
You can create custom profiles by implementing the interface IFakeAuthProfile, or you can inline your custom claims directly:
services.AddAuthentication().AddFakeAuth((options) =>
{
options.Claims.Add(new Claim(ClaimTypes.Name, "Fake User"));
options.Claims.Add(new Claim(ClaimTypes.Role, "Expense_Approver"));
options.Claims.Add(new Claim("Approval_Limit", "25.00"));
options.Claims.Add(new Claim("Approval_Currency", "USD"));
options.Claims.Add(new Claim("Preffered_Location", "Disney Island"));
});See more of these examples in the SampleWeb application.
FakeAuth works great with ASP.Net's testing framework. For some examples, take a look at the FakeAuth.IntegrationTests project.
In particular, you can set the FakeAuth claims for a specific HttpClient using SetFakeAuthClaims(...):
client.SetFakeAuthClaims(
new Claim(ClaimTypes.Name, "Joe Manager"),
new Claim(ClaimTypes.Role, "Manager")
);You can also re-use any profiles that implement IFakeAuthProfile directly on your HttpClient:
client.SetFakeAuthClaims<DefaultProfile>();This lets you write tests that validate your authorization works as intended with and without the required claims.
In .NET 6 you are no longer required to use a StartUp class. You can still use FakeAuth directly in the Program class:
builder.Services.AddAuthentication().AddFakeAuth();- To get started building your application as quickly as possible.
- For POCs that you want to try out without registering your application in an Identity Provider.
- For running and developing locally without internet access.
- For Demo based applications that you want people to download and run - without needing to set up a production identity service first, or without sharing your application id/client secret information.
- Do not use FakeAuth in a production environment
- FakeAuth will only work on http://localhost/ by default - it's intended to be a development tool.
- You will want to transition to an actual OAuth / Claims provider before you go to Production. Starting with Fake Auth can help you establish and document which claims your application will rely on.
Please target any PRs to the Develop branch.
- Removed the obsolete extension methods from
version 1.2.0. Must useAddAuthentication().AddFakeAuth()methods now. - Fixed typo in the
HttpClientExtensionsextension class fromSetFakeAuthClaimnstoSetFakeAuthClaims - New Feature: We added a new
AllowedHostsproperty to theFakeAuthOptionsclass. Previously, only localhost testing was supported, with2.0.0and forward, specific hosts can be configured to support more testing scenarios.
Prior to version 1.2.0 only services.UseFakeAuth() was supported. This is considered obsolete, and will be dropped in version 2.0.0 moving forward.
Starting with version 1.2.0 + please use the services.AddAuthentication().AddFakeAuth() extension methods.
This was done to more syntactically align FakeAuth with other authentication mechanisms and idioms.
This history section will be removed (more likely updated) when we get to 2.0.0 +