Devplus.Security
1.4.0
There is a newer version of this package available.
See the version list below for details.
See the version list below for details.
dotnet add package Devplus.Security --version 1.4.0
NuGet\Install-Package Devplus.Security -Version 1.4.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Devplus.Security" Version="1.4.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Devplus.Security" Version="1.4.0" />
<PackageReference Include="Devplus.Security" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Devplus.Security --version 1.4.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Devplus.Security, 1.4.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Devplus.Security@1.4.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Devplus.Security&version=1.4.0
#tool nuget:?package=Devplus.Security&version=1.4.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
Devplus.Security 🔐
Devplus.Security é uma biblioteca .NET que fornece funcionalidades de autenticação e autorização OAuth com endpoints pré-configurados e integração JWT, eliminando a necessidade de criar repetitivamente controllers de autenticação em suas aplicações.
✨ Características
- 🔐 OAuth Service integrado com Refit
- 🎛️ Controller de segurança pré-configurado
- 🔑 Autenticação JWT Bearer (Legacy)
- ⚙️ Configuração via appsettings.json
- 🚀 Integração automática com DI
- 📦 HttpClient com Polly para retry automático
- 🔒 Endpoints de login, logout, refresh token e recuperação de senha
📦 Instalação
dotnet add package Devplus.Security
⚙️ Configuração
1. Configurar appsettings.json
{
"OAuthSettings": {
"Url": "https://seu-oauth-server.com",
"ClientId": "your-client-id",
"ClientSecret": "your-client-secret",
"IdentityClientId": "your-identity-client-id-guid",
"IdentityClientSecret": "your-identity-client-secret",
"PasswordRecoveryRedirectUrl": "https://sua-app.com/reset-password"
},
"Jwt": {
"Issuer": "https://sua-app.com",
"Audience": "sua-audience",
"Key": "sua-chave-secreta-jwt-muito-longa-e-segura"
}
}
2. Configurar no Program.cs
using Devplus.Security.AspNetCore.DependencyInjection;
var builder = WebApplication.CreateBuilder(args);
// Adicionar Devplus Security (registra tudo automaticamente)
builder.Services.AddDevplusSecurity(builder.Configuration);
var app = builder.Build();
// Configurar pipeline de autenticação
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
🚀 Endpoints Gerados Automaticamente
A biblioteca gera automaticamente o controller DevplusSecurityController com os seguintes endpoints:
| Método | Endpoint | Descrição |
|---|---|---|
POST |
/api/v1/security/login |
Login com usuário e senha |
POST |
/api/v1/security/refresh-token |
Renovar token de acesso |
POST |
/api/v1/security/password-recovery-request |
Solicitar recuperação de senha |
POST |
/api/v1/security/password-reset |
Redefinir senha com token |
POST |
/api/v1/security/logout |
Logout (requer autenticação) |
Exemplos de Uso dos Endpoints
Login
POST /api/v1/security/login
{
"nomeUsuario": "usuario@exemplo.com",
"senha": "minhasenha123"
}
// Resposta
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"tokenType": "Bearer",
"expiresIn": 3600,
"refreshToken": "def502004b8c4...",
"scope": "read write"
}
Refresh Token
POST /api/v1/security/refresh-token
{
"refreshToken": "def502004b8c4..."
}
Recuperação de Senha
POST /api/v1/security/password-recovery-request
{
"email": "usuario@exemplo.com"
}
Reset de Senha
POST /api/v1/security/password-reset
{
"token": "reset-token-recebido-por-email",
"newPassword": "novaSenha123"
}
🔧 Serviços Injetáveis
IOAuthService
public class MinhaApiService
{
private readonly IOAuthService _oauthService;
public MinhaApiService(IOAuthService oauthService)
{
_oauthService = oauthService;
}
public async Task<Token> FazerLogin()
{
var tokenRequest = new TokenRequestDto
{
// configurar dados do request
};
return await _oauthService.GetTokenAsync(tokenRequest);
}
}
ISecurityService
public class MinhaLogicaService
{
private readonly ISecurityService _securityService;
public MinhaLogicaService(ISecurityService securityService)
{
_securityService = securityService;
}
public async Task<Token> AutenticarUsuario(string email, string senha)
{
var loginDto = new UserLoginDto
{
NomeUsuario = email,
Senha = senha
};
return await _securityService.AuthorizeUser(loginDto);
}
}
� Usando em Controllers Personalizados
[ApiController]
[Route("api/[controller]")]
[Authorize] // Utiliza a autenticação JWT configurada
public class MeuController : ControllerBase
{
[HttpGet]
public IActionResult Get()
{
// Acesso aos dados do usuário autenticado
var userId = User.FindFirst("sub")?.Value;
var userName = User.Identity?.Name;
return Ok(new { Message = "Acesso autorizado!", UserId = userId });
}
}
📋 DTOs e Models
Token
public class Token
{
public string AccessToken { get; set; }
public string TokenType { get; set; }
public int ExpiresIn { get; set; }
public string RefreshToken { get; set; }
public string Scope { get; set; }
}
UserLoginDto
public class UserLoginDto
{
public string? NomeUsuario { get; set; }
public string? Senha { get; set; }
}
⚡ Funcionalidades Técnicas
HttpClient com Retry (Polly)
A biblioteca configura automaticamente retry policies para chamadas HTTP:
- 6 tentativas com backoff exponencial
- Tratamento automático de erros transitórios
- Timeout e circuit breaker
OAuthAccessTokenHandler
Handler automático que adiciona tokens de acesso client_credentials nas requisições para serviços externos.
Autenticação JWT Legacy
Suporte a configuração JWT simples com chaves diretas no appsettings:
{
"Jwt": {
"Issuer": "https://meuapp.com",
"Audience": "minha-api",
"Key": "minha-chave-super-secreta-de-pelo-menos-256-bits"
}
}
🏗️ Arquitetura
Devplus.Security/
├── src/
│ ├── AspNetCore/
│ │ ├── Controllers/
│ │ │ └── DevplusSecurityController.cs
│ │ ├── DependencyInjection/
│ │ │ ├── ServiceCollectionExtensions.cs
│ │ │ └── LegacyJwtAuthenticationExtensions.cs
│ │ └── Services/
│ │ ├── ISecurityService.cs
│ │ └── SecurityService.cs
│ └── OAuth/
│ ├── Contracts/
│ │ ├── IOAuthService.cs
│ │ ├── Token.cs
│ │ ├── UserLoginDto.cs
│ │ └── ...
│ ├── Refit/
│ │ ├── IDevplusOAuthService.cs
│ │ └── IDevplusOAuthLogoutService.cs
│ ├── DevplusOAuthService.cs
│ ├── OAuthAccessTokenHandler.cs
│ ├── OAuthSettings.cs
│ └── DevplusOAuthServiceCollectionExtensions.cs
🧪 Exemplo de Implementação Completa
// Program.cs
using Devplus.Security.AspNetCore.DependencyInjection;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddControllers();
builder.Services.AddDevplusSecurity(builder.Configuration);
var app = builder.Build();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
// MeuController.cs
[ApiController]
[Route("api/[controller]")]
public class MeuController : ControllerBase
{
private readonly ISecurityService _securityService;
public MeuController(ISecurityService securityService)
{
_securityService = securityService;
}
[HttpPost("custom-login")]
public async Task<IActionResult> CustomLogin([FromBody] UserLoginDto dto)
{
try
{
var token = await _securityService.AuthorizeUser(dto);
return Ok(token);
}
catch (UnauthorizedAccessException)
{
return Unauthorized();
}
}
}
📄 Licença
Este projeto está licenciado sob a MIT License.
📞 Suporte
Para dúvidas, sugestões ou problemas:
📧 Email: clayton@devplus.com.br
🔗 LinkedIn: Clayton Oliveira
🚀 Website: www.devplus.com.br
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net8.0
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 8.0.8)
- Microsoft.AspNetCore.Authorization (>= 8.0.8)
- Microsoft.AspNetCore.Http.Abstractions (>= 2.2.0)
- Microsoft.AspNetCore.Mvc.Versioning (>= 5.1.0)
- Microsoft.AspNetCore.Mvc.Versioning.ApiExplorer (>= 5.1.0)
- Microsoft.Extensions.Configuration (>= 8.0.0)
- Microsoft.Extensions.DependencyInjection (>= 8.0.0)
- Microsoft.Extensions.Http (>= 8.0.0)
- Microsoft.Extensions.Http.Polly (>= 8.0.7)
- Microsoft.IdentityModel.Protocols.OpenIdConnect (>= 8.0.2)
- Microsoft.IdentityModel.Tokens (>= 8.0.2)
- Polly (>= 8.4.1)
- Polly.Extensions.Http (>= 3.0.0)
- Refit (>= 7.1.2)
- Refit.HttpClientFactory (>= 7.1.2)
- System.IdentityModel.Tokens.Jwt (>= 8.0.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.