Learnixo
All Projects
Backendintermediate View on GitHub

AuthVault

Complete authentication system with ASP.NET Core Identity, JWT, and OAuth2

2–3 hours to set up10 technologies5 guided steps

About This Project

Build a full authentication and authorisation system using ASP.NET Core Identity, JWT with refresh token rotation, Google/GitHub OAuth2, role-based access control (RBAC), and email confirmation. Covers everything in the 'Auth & Security' section of the .NET roadmap — done correctly.

What You'll Learn

Configure ASP.NET Core Identity with custom user properties
Implement JWT access + refresh token rotation correctly
Add Google and GitHub OAuth2 social login
Build RBAC with role checks at the endpoint level
Implement email confirmation, password reset, and 2FA

Key Features

ASP.NET Core Identity for user management (register, login, lockout)
JWT access tokens (15-minute expiry) + rotating refresh tokens
Google and GitHub OAuth2 social login
Role-based access control: Admin, Manager, User roles
Email confirmation and password reset flows
Two-factor authentication (TOTP with authenticator apps)
Token revocation on logout (Redis blocklist)
Account lockout after 5 failed login attempts
Refresh token rotation — old token invalidated on use
Security audit log: all auth events recorded with IP + timestamp

Setup Guide

1

Clone and start dependencies

Clone the repo and start PostgreSQL + Redis via Docker.

bash
git clone https://github.com/asmanasir/AuthVault.git
cd AuthVault
docker-compose up -d
2

Configure OAuth2 and email

Set Google/GitHub client IDs and SendGrid key in user secrets.

bash
dotnet user-secrets set "Auth:Google:ClientId" "your-client-id"
dotnet user-secrets set "Auth:Google:ClientSecret" "your-secret"
dotnet user-secrets set "Auth:GitHub:ClientId" "your-client-id"
dotnet user-secrets set "Auth:GitHub:ClientSecret" "your-secret"
dotnet user-secrets set "Email:SendGridApiKey" "your-key"
3

Apply migrations

Create Identity tables + auth audit log.

bash
dotnet ef database update

Running the Project

1

Run the API

Start AuthVault — Scalar docs at /scalar/v1 with all auth endpoints documented.

bash
dotnet run
2

Run the auth flow

Register, confirm email, login, and test token refresh.

bash
# 1. Register
curl -X POST http://localhost:5000/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com","password":"Test1234!"}'

# 2. Login → get access + refresh token
curl -X POST http://localhost:5000/api/auth/login \
  -d '{"email":"you@example.com","password":"Test1234!"}'

# 3. Refresh
curl -X POST http://localhost:5000/api/auth/refresh \
  -d '{"refreshToken":"..."}'

Project Info

CategoryBackend
Difficultyintermediate
Setup time2–3 hours to set up
Technologies10 tools

Tech Stack

ASP.NET Core (.NET 8)ASP.NET Core IdentityJWTRefresh TokensOAuth2 (Google, GitHub)EF Core 8PostgreSQLRedisSendGridDocker

Prerequisites

  • .NET 8 SDK installed
  • Docker Desktop installed
  • Google/GitHub OAuth2 app credentials (free to create)
  • SendGrid API key (free tier — or emails print to console in dev)
View Source on GitHub
L

Learnixo

Project Author

Most auth tutorials show you how to issue a JWT. This shows you how to do the whole thing correctly — refresh token rotation, revocation, 2FA, OAuth2, and audit logging. The patterns here are what you'd implement in any production .NET API.

Related Courses

AI for Developers Python & FastAPI Docker & Kubernetes