HoneyDrunk.Auth 0.6.0

.NET 10.0

dotnet add package HoneyDrunk.Auth --version 0.6.0

NuGet\Install-Package HoneyDrunk.Auth -Version 0.6.0

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="HoneyDrunk.Auth" Version="0.6.0" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="HoneyDrunk.Auth" Version="0.6.0" />
                    

                            Directory.Packages.props

<PackageReference Include="HoneyDrunk.Auth" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add HoneyDrunk.Auth --version 0.6.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: HoneyDrunk.Auth, 0.6.0"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package HoneyDrunk.Auth@0.6.0

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=HoneyDrunk.Auth&version=0.6.0
                    

                            Install as a Cake Addin

#tool nuget:?package=HoneyDrunk.Auth&version=0.6.0
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

HoneyDrunk.Auth

Core authentication and authorization runtime - JWT Bearer token validation, policy-based authorization, and Vault-backed signing key management.

🔐 What Is This?

This package provides the core runtime implementation for HoneyDrunk.Auth. It includes JWT Bearer token validation, policy-based authorization, and integrates with HoneyDrunk.Kernel for telemetry and lifecycle management, and HoneyDrunk.Vault for secure secret retrieval.

📦 Installation

dotnet add package HoneyDrunk.Auth

<PackageReference Include="HoneyDrunk.Auth" Version="0.5.0" />

🔧 Key Components

Authentication

Component	Description
`BearerTokenAuthenticationProvider`	Validates JWT Bearer tokens using signing keys from Vault

Authorization

Component	Description
`DefaultAuthorizationPolicy`	Evaluates role-based, scope-based, and ownership-based authorization

Secrets

Component	Description
`ISigningKeyProvider`	Contract for retrieving signing keys
`VaultSigningKeyProvider`	Retrieves signing keys from HoneyDrunk.Vault
`SigningKeyInfo`	Signing key metadata record

Lifecycle

Component	Description
`AuthStartupHook`	Validates Vault secrets at startup (fail-fast)
`AuthHealthContributor`	Reports signing key availability for health checks
`AuthReadinessContributor`	Reports complete configuration for readiness checks

Telemetry

Component	Description
`AuthTelemetry`	OpenTelemetry activity and tag constants

Audit Emission

Auth emits durable IAuditLog records for bearer-token validation outcomes (auth.token.validate) and authorization decisions (auth.authorize.{action}). Hosts must compose a real Audit backing, such as HoneyDrunk.Audit.Data, to persist those records; otherwise Auth uses a no-op fallback and logs a startup warning. Audit emission is additive to existing traces and does not place token text or claim payloads into OpenTelemetry. See HoneyDrunk.Audit for host wiring guidance.

🚀 Usage

Register Services

// Via IHoneyDrunkBuilder (recommended)
builder.Services
    .AddHoneyDrunkNode(opts => { /* ... */ })
    .AddAuthBootstrap();

// Or directly
builder.Services.AddHoneyDrunkAuth();

Configure Secrets and App Configuration

Ensure the following secrets exist in the Auth Key Vault:

Key	Description
`Jwt--SigningKeys`	JSON array of signing keys
`VaultInvalidationWebhookSecret`	Shared secret for Event Grid cache invalidation

Store non-secret settings in shared App Configuration with the honeydrunk-auth label:

Key	Description
`Auth:Issuer`	JWT token issuer
`Auth:Audience`	JWT token audience
`Auth:ClockSkewSeconds`	(optional) Clock skew tolerance

Authenticate Tokens

var credential = AuthCredential.Bearer(token);
var result = await authProvider.AuthenticateAsync(credential, ct);

if (result.IsAuthenticated)
{
    var identity = result.Identity;
    Console.WriteLine($"Subject: {identity.SubjectId}");
}
else
{
    Console.WriteLine($"Failed: {result.FailureCode}");
}

Evaluate Authorization

var request = new AuthorizationRequest(
    action: "delete",
    resource: "users/123",
    requiredRoles: ["admin"]);

var decision = await policy.EvaluateAsync(identity, request, ct);

if (decision.IsAllowed)
{
    // Proceed with action
}
else
{
    // Check decision.DenyReasons
}

📚 Dependencies

Package	Purpose
`HoneyDrunk.Auth.Abstractions`	Core contracts
`HoneyDrunk.Audit.Abstractions`	Append-only audit emission contract
`HoneyDrunk.Kernel`	Telemetry and lifecycle
`HoneyDrunk.Vault`	Secret management
`Microsoft.IdentityModel.JsonWebTokens`	JWT validation

Package	Description
HoneyDrunk.Auth.Abstractions	Core contracts (no dependencies)
HoneyDrunk.Auth.AspNetCore	ASP.NET Core middleware and extensions

📖 Documentation

Authentication Guide - JWT Bearer token validation
Authorization Guide - Policy-based access control
Secrets Guide - Vault integration
Lifecycle Guide - Health and readiness
FILE_GUIDE.md - Complete architecture reference

⚖️ License

This project is licensed under the MIT License.

Built with ❤️ by HoneyDrunk Studios

</div>

Product	Compatible and additional computed target framework versions.
.NET	net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- HoneyDrunk.Audit.Abstractions (>= 0.1.0)
- HoneyDrunk.Auth.Abstractions (>= 0.6.0)
- HoneyDrunk.Kernel.Abstractions (>= 0.8.0)
- HoneyDrunk.Vault (>= 0.7.0)
- HoneyDrunk.Vault.Providers.AppConfiguration (>= 0.7.0)
- HoneyDrunk.Vault.Providers.AzureKeyVault (>= 0.7.0)
- Microsoft.Extensions.Configuration.Binder (>= 10.0.8)
- Microsoft.IdentityModel.JsonWebTokens (>= 8.18.0)

NuGet packages (1)

Showing the top 1 NuGet packages that depend on HoneyDrunk.Auth:

Package	Downloads
HoneyDrunk.Auth.AspNetCore ASP.NET Core integration for HoneyDrunk.Auth. Provides middleware for JWT Bearer token authentication, HttpContext identity accessors, and seamless integration with ASP.NET Core's authentication pipeline.	1.1K

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
0.6.0	92	5/27/2026
0.5.0	109	5/21/2026
0.4.0	287	5/18/2026
0.3.0	216	4/25/2026
0.2.0	175	2/14/2026
0.1.0	228	12/25/2025

v0.6.0: Sonar gate-cleanup (ADR-0011 D11). Promotes BearerAuthenticationException to a public top-level type; AuthorizationPolicyEvaluator is now a static class; BearerTokenAuthenticationProvider.ValidateTokenAsync split into helpers to drop cognitive complexity below 15; VaultSigningKeyProvider DTO uses positional record. Bumps HoneyDrunk.Vault* 0.5.0 → 0.7.0, HoneyDrunk.Kernel.Abstractions 0.7.0 → 0.8.0, Microsoft.Extensions.Configuration.Binder 10.0.6 → 10.0.8, Microsoft.IdentityModel.JsonWebTokens 8.17.0 → 8.18.0. See CHANGELOG.md for details.