Introduction

This is a .NET implementation of the JWT library for the NATS ecosystem.

A JWT implementation that uses nkeys to digitally sign JWT tokens for the NATS ecosystem.

See also https://github.com/nats-io/jwt

Installation

Reference NATS.Jwt NuGet package in your project: You can install the package via NuGet:

dotnet add package NATS.Jwt

Usage


var okp = KeyPair.CreatePair(PrefixByte.Operator);
var opk = okp.GetPublicKey();

var oc = NatsJwt.NewOperatorClaims(opk);
oc.Name = "Example Operator";

var oskp = KeyPair.CreatePair(PrefixByte.Operator);
var ospk = oskp.GetPublicKey();

oc.Operator.SigningKeys = [ospk];

var operatorJwt = NatsJwt.EncodeOperatorClaims(oc, okp);

var akp = KeyPair.CreatePair(PrefixByte.Account);
var apk = akp.GetPublicKey();

var ac = NatsJwt.NewAccountClaims(apk);
ac.Name = "Example Account";

var askp = KeyPair.CreatePair(PrefixByte.Account);
var aspk = askp.GetPublicKey();

ac.Account.SigningKeys = [aspk];
var accountJwt = NatsJwt.EncodeAccountClaims(ac, oskp);

var ukp = KeyPair.CreatePair(PrefixByte.User);
var upk = ukp.GetPublicKey();
var uc = NatsJwt.NewUserClaims(upk);

uc.User.IssuerAccount = apk;
var userJwt = NatsJwt.EncodeUserClaims(uc, askp);

var userSeed = ukp.GetSeed();

var conf = $$"""
             operator: {{operatorJwt}}

             resolver: MEMORY
             resolver_preload: {
                     {{apk}}: {{accountJwt}}
             }
             """;

// generate a creds formatted file that can be used by a NATS client
string credsPath = Path.Combine(Path.GetTempPath(), "example_user.creds");
await File.WriteAllTextAsync(credsPath, NatsJwt.FormatUserConfig(userJwt, userSeed));

// now we are going to put it together into something that can be run
// we create a file to store the server configuration, the creds
// file and a small program that uses the creds file
string confPath = Path.Combine(Path.GetTempPath(), "example_server.conf");
await File.WriteAllTextAsync(confPath, conf);

// run the server:
// > nats-server -c example_server.conf

// Connect as user
var serverUrl = "nats://localhost:4222";
var authOpts = new NatsAuthOpts { CredsFile = credsPath };
var opts = new NatsOpts { Url = serverUrl, AuthOpts = authOpts };
await using var nats = new NatsConnection(opts);
await nats.PingAsync();

What's Next

Documentation is in progress. Help us improve the documentation by contributing today!

Edit this page