I am currently attempting to implement Auth0 for authentication for my IT management Web application. This application mainly displays information through SQL requests, but now I need it to allow for interactive management of Active Directory objects and beyond.
To solve this, I am implementing an internal API which will call PowerShell scripts. Due to project limitations, I can only use PowerShell to complete this task. Luckily for me, I found a general (but severely insecure) proof of concept for this.
However, now I need to implement Auth0 into both the front end web site and the API endpoints. My main problem is that I cannot find a way to reliably generate and verify JWT’s in PowerShell. I have tried a small JWT module but I cannot get it to work properly and it was designed for the client side (no claimset verification). I have also tried importing the nuget package
System.IdentityModel.Tokens.Jwt but it seems like it’s missing a dependency every time I try to load it.
I am wondering if anyone knows of a JWT module for PowerShell or otherwise an implementation that will allow for JWT creation and verification including both the signature and claimset. I would like to avoid using non-standard assemblies (
.dll) if at all possible.
Also, if there’s a way to authenticate without processing JWT’s, that would be great too. I only need to call the API from the website, where a user will already be authenicated. Maybe I can just pass their token somehow?