chore: Update JWT authentication options in authentication documentation

giovanninocco · giovanninocco · commit 485aeb099983 · 2024-09-10T19:30:25.000+02:00
This commit updates the options for JWT authentication in the authentication documentation. It clarifies the purpose and usage of each option, including `enabled`, `allowAnonymousEndpoints`, `certificate`, `algorithm`, `issuer`, `secretKey`, `expiry`, `validateLifetime`, `validAudience`, and `validateAudience`. The changes ensure that the documentation accurately reflects the functionality of the JWT authentication feature.

Fixes #123
diff --git a/content/en/library/authentication/index.md b/content/en/library/authentication/index.md
@@ -161,26 +161,25 @@ To blacklist and deactivate the access tokens, use `IAccessTokenService` and inv
 
 The default section name for the JWT settings is `jwt`. The following options are available: 
 
-`enabled` - if true then the JWT authentication is enabled.
+`enabled` - If true then the JWT authentication is enabled.
 
-`allowAnonymousEndpoints` - if true then the JWT authentication is disabled for the endpoints with the AllowAnonymous attribute.
+`allowAnonymousEndpoints` - If true then the JWT authentication is disabled for the endpoints with the AllowAnonymous attribute.
 
-`certificate` - certificate used to issue or just validate the tokens (including private key or just the public one).
+`certificate` - Certificate used to issue or just validate the tokens (including private key or just the public one).
 
-`algorithm` - the algorithm used to sign the tokens.
+`algorithm` - The algorithm used to sign the tokens.
 
-`issuer` - a party signing the tokens.
+`issuer` - A party signing the tokens.
 
-`secretKey` - a secret key used to create the access tokens (instead of using the certificate).
+`secretKey` - A secret key used to create the access tokens (instead of using the certificate).
 
+`expiry` - How long the token will remain valid.
 
-`expiry` - how long the token will remain valid.
+`validateLifetime` - If true then the lifetime defined in expiryMinutes will be validated.
 
-`validateLifetime` - if true then the lifetime defined in expiryMinutes will be validated.
+`validAudience` - An audience that can use the access tokens.
 
-`validAudience` - an audience that can use the access tokens.
-
-`validateAudience` - if true then the audience defined in validAudience will be validated.
+`validateAudience` - If true then the audience defined in validAudience will be validated.
 
 ## Settings
 
@@ -238,14 +237,6 @@ The default section name for the JWT settings is `jwt`. The following options ar
 }
 ```
 
-
-
-
-
-
-
-
-
 ### Default settings
 
 Default settings for some variable has bee overwritten with the following configuration.
diff --git a/content/en/library/azure-key-vault/index.md b/content/en/library/azure-key-vault/index.md
@@ -37,18 +37,39 @@ dotnet add package Genocs.Secrets.AzureKeyVault
 
 Extend Program.cs -> use WebHostBuilder or HostBuilder to setup the Azure Key Vault configuration.
 
+You can use different ways to setup the Azure Key Vault.
+1. By using Managed Identity (User Assigned Managed Identity or System Assigned Managed Identity)
+2. By using RBAC (Role Based Access Control)
+3. By using Certificate
+
+
+#### Managed Identity or RBAC
 ``` cs
 builder.Host
         .UseAzureKeyVault();
 ```
 
+#### Certificate
+``` cs
+builder.Host
+        .UseAzureKeyVaultWithCertificate();
+```
+
+
 ### Options
 
 `enabled` - Enable or disable the Azure Key Vault configuration. Default is false
 
 `name` - Sets the key vault name to be used. If the key vault url is `https://kyvault.vault.azure.net/` then the name is `kyvault`.
 
-`managedIdentityId` - sets the managed identity id to be used. You can find the managed identity id in the Azure portal. The managed identity id is the object id of the managed identity.
+`managedIdentityId` - Sets the managed identity id to be used. You can find the managed identity id in the Azure portal. The managed identity id is the object id of the managed identity.
+
+`azureADCertThumbprint` - The client id. To be used with Certificate authentication.
+
+`azureADApplicationId` - The Active Directory Application id. To be used with Certificate authentication.
+
+`azureADDirectoryId` - The Azure EntraID tenant Id. To be used with Certificate authentication.
+
 
 **NOTE:** In case of RBAC, you don't need to set the managed identity id.
 
@@ -59,6 +80,9 @@ builder.Host
   "azureKeyVault": {
     "enabled": false,
     "name": "kyvault",
-    "managedIdentityId": "your-managed-identity-id"
+    "managedIdentityId": "your-managed-identity-id",
+    "azureADCertThumbprint": "your-certificate-thumbprint",
+    "azureADApplicationId": "your-application-id",
+    "azureADDirectoryId": "your-directory-id"
   }
-```
+```
diff --git a/content/en/library/builder/index.md b/content/en/library/builder/index.md
@@ -68,15 +68,15 @@ StaticLogger.EnsureInitialized();
 var builder = WebApplication.CreateBuilder(args);
 
 builder.Host
-        .UseLogging() // Use Serilog
-        .UseAzureKeyVault(); // Use Azure Key Vault
+        .UseAzureKeyVault() // Use Azure Key Vault
+        .UseLogging(); // Use Serilog
 
 // Get the services
 var services = builder.Services;
 
 // Setup the builder
 services
-    .AddGenocs(builder.Configuration) // Add Genocs
+    .AddGenocs(builder.Configuration) // Setup Genocs builder
     .AddOpenTelemetry() // Add OpenTelemetry
     .AddMongoFast() // Add MongoDb
     .RegisterMongoRepositories(Assembly.GetExecutingAssembly()) // Register MongoDb Repositories
@@ -154,17 +154,17 @@ Log.CloseAndFlush();
 
 ## Options
 
-`name` - the service name.
+`name` - The service name.
 
-`service` - service name used TBW.
+`service` - Service name used TBW.
 
-`instance` - the service instance.
+`instance` - The service instance.
 
-`version` - service version.
+`version` - The service version.
 
-`displayBanner` - if true then the banner is shown into the console.
+`displayBanner` - If true then the banner is shown into the console.
 
-`displayVersion` - if true then the service version is shown into the console. See `version` param.
+`displayVersion` - If true then the service version is shown into the console. See `version` param.
 
 ## Settings
 
diff --git a/content/en/library/distributed-tracing/index.md b/content/en/library/distributed-tracing/index.md
@@ -98,21 +98,21 @@ public class MyClass
 
 ## Options
 
-`enabled` - determines whether reporting is enabled.
+`enabled` - It determines whether reporting is enabled.
 
-`serviceName` - name of the applciation that’s going to be used in Jaeger query engine.
+`serviceName` - The name of the application that’s going to be used in Jaeger query engine.
 
-`udpHost` - host part of the Jaeger endpoint (UDP).
+`udpHost` - The host part of the Jaeger endpoint (UDP).
 
-`udpPort` - port of the Jaeger endpoint (UDP).
+`udpPort` - The port of the Jaeger endpoint (UDP).
 
-`maxPacketSize` - maximum size of the UDP header packet (by default 0). This is not required.
+`maxPacketSize` - Then maximum size of the UDP header packet (by default 0). This is not required.
 
 `sampler` - The allowed values are: const, rate and probabilistic. For more details about sampling check the official Jaeger Docs.
 
-`maxTracesPerSecond` - determines maximum number of reported traces per second. Required only for rate sampler.
+`maxTracesPerSecond` - It determines maximum number of reported traces per second. Required only for rate sampler.
 
-`samplingRate` - determines the percentage of spans to report. Required only for probabilistic sampler.
+`samplingRate` - It determines the percentage of spans to report. Required only for probabilistic sampler.
 
 ## Settings
 
diff --git a/content/en/library/http-client/index.md b/content/en/library/http-client/index.md
@@ -68,11 +68,11 @@ public class SomeService
 
 ### Options
 
-`type` - sets the IHttpClient message handler, if none is specified then the default handler will be used, other possible values: consul, fabio.
+`type` - It sets the IHttpClient message handler, if none is specified then the default handler will be used, other possible values: consul, fabio.
 
-`retries` - number of HTTP request retries using an exponential backoff.
+`retries` - The number of HTTP request retries using an exponential backoff.
 
-`services` - dictionary (map) of service_name:service_url values that can be used to invoke the other web services without a need to hardcode the configuration URLs, especially useful when service discovery mechanism or load balancer is available.
+`services` - The dictionary (map) of service_name:service_url values that can be used to invoke the other web services without a need to hardcode the configuration URLs, especially useful when service discovery mechanism or load balancer is available.
 
 **appsettings.json**
 
@@ -124,19 +124,19 @@ public static IGenocsBuilder RegisterGenocs(this IGenocsBuilder builder)
 
 ### Options
 
-`enabled` - determines whether Consul integration is going to be available.
+`enabled` - It determines whether Consul integration is going to be available.
 
-`url` - URL of the Consul service.
+`url` - The URL of the Consul service.
 
-`service` - name of the service group (multiple instances of the same service will use the same service name).
+`service` - The name of the service group (multiple instances of the same service will use the same service name).
 
-`address` - address of the service.
+`address` - The address of the service.
 
-`port` - port under which the service is available.
+`port` - The port under which the service is available.
 
-`pingEnabled` - register health checks from Consul to validate the service availability (if the service will be offline, it will be removed after the pingInterval and removeAfterInterval timeouts).
+`pingEnabled` - Register health checks from Consul to validate the service availability (if the service will be offline, it will be removed after the pingInterval and removeAfterInterval timeouts).
 
-`pingEndpoint` - an endpoint that should be called when performing the healt check by Consul.
+`pingEndpoint` - The endpoint that is called when performing the health check by Consul.
 
 **appsettings.json**
 
@@ -192,11 +192,11 @@ public static IGenocsBuilder RegisterGenocs(this IGenocsBuilder builder)
 
 ### Options
 
-`enabled` - determines whether Fabio integration is going to be available.
+`enabled` - It determines whether Fabio integration is going to be available.
 
-`url` - URL of the Fabio service.
+`url` - The URL of the Fabio service.
 
-`service` - name of the service group used for the Consul registration.
+`service` - the name of the service group used for the Consul registration.
 
 **appsettings.json**
 
diff --git a/content/en/library/security/index.md b/content/en/library/security/index.md
@@ -40,17 +40,17 @@ public static IWebHostBuilder GetWebHostBuilder(string[] args)
 
 ## Options
 
-`enabled` - determines whether Vault integration is going to be available.
+`enabled` - It determines whether Vault integration is going to be available.
 
-`url` - URL of the Vault service.
+`url` - The URL of the Vault service.
 
-`authType` - authentication type, possible values: token, userpass.
+`authType` - The authentication type, possible values: token, userpass.
 
-`token` - a secret token used to authenticate to Vault, used when authType = token.
+`token` - The secret token used to authenticate to Vault, used when authType = token.
 
-`username` - name of the user used to authenticate to Vault, used when authType = userpass.
+`username` - The name of the user used to authenticate to Vault, used when authType = userpass.
 
-`password` - password of the user used to authenticate to Vault, used when authType = userpass.
+`password` - The password of the user used to authenticate to Vault, used when authType = userpass.
 
 `kv` - KV storage used for loading JSON settings during application startup.
 
