.NET Core

[matthiasjost]

Are there plans to support .NET Core. I know there are still in the beta phase, but for my project this would be a criteria, because we want to use .NET Core once all our dependencies are compatible with it.

[dvsekhvalnov]

Well, it can be interesting. I haven't thought yet about it actually. Even don't know at the moment what crypto primitives available for the platform.

Do you may be have an idea what it will take to support .net core? Would like to see it as separate standalone project?

Also i have PCL version here: https://github.com/dvsekhvalnov/jose-rt not sure, can it fit your needs today?

[matthiasjost]

As soon as all your dependecies are "Core Compatible" you can add both DNX references to your project.

You might want to checkout the Preview template of the ASP.NET web pages in Visual Studio 2015 (ASP.NET).

I think .NET Core is not yet finished but especially for Web Applications it will become crucial. The whole migration to vNext makes not that much sense, if it is not compatible to Core too.

.NET Core for example has no more dependency to System.Web, which makes the whole pipeline a lot more streamlined and also host agnostic. I guess your library probably only needs to be compiled again? Probably there is not that much do, maybe only the project needs to be setup in VS 2015.

Microsofts JWT Library is already compatible to it. But I found your library a lot more intuitive. I do not know if that helps anyhow but I guess they will need those "crypto primitives" too, so they are probably already available.

I think it should be one project. See the project structure of an ASP.NET project.

I do not know really if this RT version can help or is probably the base for this.

Maybe someone else can give you a more specific answer on this.

But I think it is time to look at it: The release of .NET Core is expected Q1 2016 (see: https://github.com/aspnet/Home/wiki/Roadmap). We already have Beta 7 now.

[dvsekhvalnov]

Yeah, the more i think about it, the more it make sense. So, answering your questions - yes, let's say i plan to support .NET core. Though i can't give any timeline at this point :)

So, i'll try to play around .net core to familiarize myself with latest changes.

Do you know if it is possible to have both .net framework (4.5.2 for instance) along with .net core on same box or it should be separate environment?

[matthiasjost]

It can be in the same "box" or project. With vNext projects you can have both DNX 4.5.1 and DNX Core 5.0 referenced. They are then both defined in project.json (it is really completly deifferent than in previous Visual Studio versions).

[dvsekhvalnov]

Somehow got "hello world" working :)

Well, okay, let me play little bit with simple things to get feeling of new runtime and then i come back with some plan to support it.

[matthiasjost]

Ohter libraries like like MongoDB driver do not yet support it too, but I guess that will change when the release candidate of DNX Core is here until then I need to use DNX 4.5.1 anyway.

[dvsekhvalnov]

Hey @MatthiasJost , decided to post little update. So i played little bit with netcore, nuget packaging, e.t.c. got it working on both win and osx.

And i think i'll start v2.0 branch and try to re-create project to target both dnx451and dnxcore50 and then i should have list of things to update.

[matthiasjost]

Sounds perfect @dvsekhvalnov. We are happy to hear that.

[dvsekhvalnov]

Wow. Finally get everything compiling and converted couple simple tests to xUnit. 100+ tests to go :)

[dvsekhvalnov]

@MatthiasJost pushed initial v2.0-netcore branch. It's compiling and passing all tests on CLR. Still need to adjust quite a lot of coreclr things. But if you want to try CLR - checkout appropriate branch.

[matthiasjost]

@dvsekhvalnov sounds great. At the moment we cannot use CoreCLR anyway, not all libraries are adapting that fast :+1: That will change soon, since RC1 is already out. But we are using your library in our project for a JWT based login mechanism. I like it since it is so easy to use and understand. Would it help the project if we do one or another test with it?

[leastprivilege]

Microsoft's JWT library is currently in a really bad state and it's looking worse the closer they get to their release date. They have issues like backwards comapt, trying to do SAML and JWT (and other things) and probably too many stakeholders etc.

It would be great to have a pure JWT focused library that works on the CLR and CoreCLR - I wouldn't mind if the CoreCLR version would have less features to start with.

I'd love to replace the MS JWT lib in IdentityServer v.next - but we need CoreCLR support (soon).

[dvsekhvalnov]

@MatthiasJost sure go with testing. Appreciate it.

I don't think it make sense to publish package to nuget at this point. But you can checkout sources from v2.0-netcore branch and build. It should build jose-jwt v2.0.0 .nupkg

I'll start working on at least getting tests to compile on CoreCLR and then can start adding commented stuff back.

[leastprivilege]

How about you focus on the most commonly needed features first - that would be probably signing only - and support for HS256 and RS256. and then go from there.

[matthiasjost]

Maybe there are just a few underlying issues and then everything else is solved then as a consequence. Like dependencies from System.Web or something? But I guess that is the case for ASP.NET applications. I would be surprised if there were a lot of incompatibilities beside of dependencies itself. Or are there other difficulties?

[dvsekhvalnov]

I'll start with signing for sure. The issue right now is that something changed in keys management APIs and under coreclr it's not compiling. Need to address it first.

[ghost]

Signing is working actually. I downloaded the code, compile and test it and signing is working. Encryption isn't working, throw not implemented exceptions, maybe because some cryptographic classes are not present in coreclr yet (like ManagedAes).

[dvsekhvalnov]

Yep, i added bunch of not implemented exceptions to the places where there were no direct replacements in coreclr. I believe there should be slightly different APIs from Microsoft as replacements but had no time end of year to address it.

If somebody wants to contribute - i'll appreciate :)

[dvsekhvalnov]

Hey folks, resurrected RS-256/384/512 and PS-256/384/512 signing algorithms for NET Core. As a key expects RSA instance (usually RSACng for netcore)

@MatthiasJost what do you think if we drop dnx451 support and instead require dnx46/dnxcore50? It looks API is much more aligned between two and will require less conditional code.

Also having different key types for different algorithms starting to be a mess. I have an idea to unify everything by expecting CngKey instances.

[matthiasjost]

@dvsekhvalnov Right now we are still using dnx451. Are there many changes? We use beta 8 library of ASP.NET. I need to upgrade this as well to release candidate. So however. For such a library the broader the compatibility is, the better. I am not sure what this would mean for compatibility to older .NET frameworks (pre VNext area). It will take a long time until everyone is in the "DNX/vNext world". But I consider upgrading in the next weeks to dnx46. As well as upgrading to the latest release candidate of ASP.NET.

[dvsekhvalnov]

Well, there is still 1.9 branch which is .NET Framework only and compatible with 4.0 and beyond. So, v2.0 can support new dnx46 and netcore. Just thoughts.

Ok, let's see how many differences will be in the encryption stuff.

[dvsekhvalnov]

Resurrected ES-256/384/512. i think all signing (JWS) is so far supported for netcore. Will work little bit on updating and restructuring docs for v2.0

[dvsekhvalnov]

Resurrected DIR key management. AES-HMAC and AES-GCM encryption.

[dvsekhvalnov]

Resurrected RSA-OAEP-256, RSA-OAEP, RSA-PKCS1-V1_5 key management with AES-HMAC and AES-GCM encryption.

44 failed tests to go

[senwen]

@dvsekhvalnov, how is the port to dnxcore50 coming? MS JWT support for core is in a really bad state and I don't see them supporting encryption anytime soon. Thanks for your contribution!

[dvsekhvalnov]

Hi @senwen, and @MatthiasJost ,

all JWS (signing) algorithms are supported for dnxcore50 right now. I'm slowly working on encryption, check earlier messages in this thread, i'm posting updates here.

Haven't updated docs and publish to nuget.org yet, but if you want to try it out i've uploaded .nupkg to github, it is here: https://github.com/dvsekhvalnov/jose-jwt/raw/v2.0-netcore/jose-jwt.2.0.0.nupkg

Or you can build project yourself from v2.0-netcore branch.

Would appreciate any feedback so far if you try it.

[frapid]

I was wondering if a nuget package for .net core was already uploaded. Thank you.

[dvsekhvalnov]

Hi @frapid , i haven't published to nuget.org yet. Was hoping somebody can test it before. But looks nobody interested.

I can push to nuget.org if it is easier to try.

[matthiasjost]

We planned to test it. We did not have the time yet. But we want to make a smaller test within the next days.

[frapid]

@dvsekhvalnov, that's a great idea. I will give it a try and submit feedback if the library is available in nuget.

[dvsekhvalnov]

ok, i'll push to nuget.org this week, no worries.

[senwen]

@dvsekhvalnov, We've been using it without issues on RC1. It does not work on RC2 but we expected that since the compiler directives are branching on dnx451 and dnxcore50. We also stayed away from the encryption algos that were not implemented/ported yet. Thanks

[dvsekhvalnov]

Hi @senwen , can you give details on what's broken on RC2?

[frapid]

@dvsekhvalnov, thanks. Excited!!! Can't wait any longer!!!

[dvsekhvalnov]

okay, updated docs one more time.

want to do dry run before pushing on something other than windows (OSX probably).

[adimkov]

Hi, I am going to make a test with Jose JWT in March Insiders Preview of Visual Studio Code (I am in the team with MatthiasJost)

[dvsekhvalnov]

Hi @adimkov, thanks. Do you want to be on nuget.org or you can test local .nupkg?

[dvsekhvalnov]

I'm slightly concerned that current users of 1.9.x versions won't be able to upgrade to 2.0 via nuget. Because library is no longer target .NET Framework projects.

Should we consider creating new nuget package or it's ok? Anybody have thoughts on it?

[matthiasjost]

Easy accessibility (nuget) of all "tastes" or versions of your library will dramatically improve the use of it in the wild. Everything that was here before "DNX" will continue to exist in most companies for years if not a decade.

[adimkov]

Hi @dvsekhvalnov, It would be more convenient to use a package from nuget.org.

[adimkov]

Hi @dvsekhvalnov. I tried to use jose-jwt.2.0.0.nupkg file from Github.com and it fails with this error:

`Errors in C:\Source\git\rc2\cli-samples\HelloMvc\project.json Package jose-jwt 2.0.0 is not compatible with netcoreapp1.0 (.NETCoreApp,Version=v1.0). Package jose-jwt 2.0.0 supports:

• dnx451 (DNX,Version=v4.5.1)
• dnxcore50 (DNXCore,Version=v5.0) One or more packages are incompatible with .NETCoreApp,Version=v1.0.`

[dvsekhvalnov]

@adimkov , what is netcoreapp1.0? It's sounds like Newtonsoft.Json issue (

[dvsekhvalnov]

@MatthiasJost , i tend to agree with that. But it sounds packaging dnx451, dnxcore50 and net40 together getting slightly more complicated.. i wish there are clear docs on this.

[matthiasjost]

@dvsekhvalnov Look at this video exactly at this position, it shows you where and what we downloaded: https://www.youtube.com/watch?v=fkzeOqSNtwQ&feature=youtu.be&list=PL0M0zPgJ3HSftTAAHttA3JQU4vOjXFquF&t=929 (Asp.net Community Standup)

[matthiasjost]

@dvsekhvalnov You could ask this question in ASP.NET Community standup. They do sometimes FAQ (https://live.asp.net/). But docs for RC2 migration are announced by them. RC2 is not out yet official. Once that is done, they will also have the docs. But I think now is the time to get familiar with things, especially if you are a library developer. Because once out, people will try to migrate and then use the libraries available then.

[adimkov]

@dvsekhvalnov, Platform mapping names are changed. So for .NET framework 2 to 4.6, the name would be net20 – net46 and for .NET Core application, it would be netcoreapp. And that’s why you see netcoreapp present in framework section. And within this, you will also see “imports” section which has value like portable-net45+wp80+win8+wpa81+dnxcore50. And the description says that it allows packages supporting these frameworks to be installed in this target, regardless of compatibility rules. Source: http://www.talkingdotnet.com/first-look-asp-net-core-1-rc2-project/

[dvsekhvalnov]

Ok, thanks guys, let me read all links you've posted and see if it helps.

@adimkov can you push your test netcoreapp solution somewhere so i can try it?

[frapid]

@dvsekhvalnov, I am trying to migrate a fairly complex project to .NET Core. Now, there are just 2 compile errors in my project. I am eagerly waiting to reference and test jose-jwt nuget package so that the compile errors would be gone. :)

I would like to try this out and submit feedbacks as I progress.

[dvsekhvalnov]

Ok, managed to get net40 back to project. Let's see what's happening with RC2.

[senwen]

@dvsekhvalnov, Sorry I've been away for a few days. There has been some major renaming by the ASP.NET for RC2 as others have pointed out. It affects the compiler directives in jose-jwt since currently it is looking for dnx451 and dnxcore50 only. You will now need to account for other monikers as well. Our internal project has other nuget packages we are using such as Swashbuckle so we are holding off on RC2 migrations until all packages support RC2.