Skip to content

feat(auth): migrate auth examples to dotnet user secrets#2808

Open
zachwolfe wants to merge 11 commits intomainfrom
feat/dotnet-user-secrets-migration
Open

feat(auth): migrate auth examples to dotnet user secrets#2808
zachwolfe wants to merge 11 commits intomainfrom
feat/dotnet-user-secrets-migration

Conversation

@zachwolfe
Copy link
Copy Markdown
Collaborator

@zachwolfe zachwolfe commented Mar 26, 2026
edited
Loading

Summary

Migrates all auth example projects except Basic Auth to use .NET User Secrets for local development credential management instead of hardcoded or file-based configuration.

  • Added <UserSecretsId> to each auth example .csproj (Auth0, Authelia, Clerk, GitHub, Microsoft Entra, Sliplane, Supabase)
  • Added production configuration support in ClerkExample to load secrets from an external JSON file via IVY_CLERK_SECRETS_PATH environment variable

🤖 This description is AI-drafted and human-reviewed.

@zachwolfe @claude
feat(auth): migrate auth examples to dotnet user secrets
610db58 
Add UserSecretsId to all auth example .csproj files (except BasicAuthExample)
to enable dotnet user-secrets for local development. Update ClerkExample to
load production secrets from CLERK_SECRETS_PATH env var when in production,
falling back to user secrets in dev.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@zachwolfe zachwolfe self-assigned this Mar 26, 2026
zachwolfe and others added 4 commits March 26, 2026 01:03
@zachwolfe @claude
chore(auth): remove appsettings.example.json and per-project .gitigno…
1a50f02 
…re files

Users now configure auth examples via dotnet user-secrets instead of
copying appsettings.example.json to appsettings.json. The per-project
.gitignore files (which only excluded appsettings.json) are no longer
needed.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@zachwolfe
Rename to IVY_CLERK_SECRETS_PATH
139fb98
@zachwolfe
Add README.md to ClerkExample
374f205
@zachwolfe @claude
Register IConfiguration as singleton in DI container
c84e94e 
Add Services.AddSingleton(Configuration) to both UseConfiguration
overloads so IConfiguration can be injected via dependency injection.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@zachwolfe zachwolfe marked this pull request as ready for review March 26, 2026 07:30
@zachwolfe
Copy link
Copy Markdown
Collaborator Author

zachwolfe commented Mar 26, 2026

@claude review

@zachwolfe zachwolfe requested review from Copilot and rorychatt March 26, 2026 07:31
@ivy-interactive-claude-code
Copy link
Copy Markdown
Contributor

ivy-interactive-claude-code bot commented Mar 26, 2026
edited
Loading

Claude finished @zachwolfe's task in 1m 9s —— View job

Code Review

  • Read CLAUDE.md for repository guidelines
  • Review changed files
  • Analyze code changes and provide feedback

Summary

This PR migrates auth examples from file-based configuration (appsettings.json) to .NET User Secrets, which is a good security practice for local development. Overall the approach is solid, but I found a few issues worth addressing.

Issues Found

1. Duplicate IConfiguration Registration (Medium)

src/Ivy/Server.cs:209, 216

The IConfiguration is already registered as a singleton in the constructor (line 116). Adding it again in UseConfiguration() methods creates duplicate registrations:

// Constructor (line 116)
Services.AddSingleton(Configuration);

// UseConfiguration overloads (lines 209, 216)
Services.AddSingleton(Configuration);

While .NET DI won't throw an error (the last registration wins), this is confusing and could lead to subtle bugs if the Configuration property changes between calls.

Suggestion: Remove the registration from the constructor and only register in UseConfiguration(), or add a guard to prevent double registration.

Fix this →

2. Typo in README (Low)

src/auth/examples/ClerkExample/README.md:5

...testing the developement and production modes...

Should be "development".

Fix this →

3. Loss of Configuration Documentation (Suggestion)

The deleted appsettings.example.json files served as documentation showing what configuration keys each auth provider requires. Without them, developers must read source code to discover required settings.

Suggestion: Consider adding a comment in each example's Program.cs or README listing the expected User Secrets keys, e.g.:

// Required User Secrets:
// Clerk:PublishableKey, Clerk:SecretKey
// Google:ClientId, Google:ClientSecret (optional)

Looks Good

  • UserSecretsId naming convention (ivy-auth-{provider}-example) is consistent and clear
  • Production configuration pattern in ClerkExample using IVY_CLERK_SECRETS_PATH environment variable is well-designed
  • Removing per-project .gitignore files is a good cleanup since User Secrets are stored outside the repo

Regarding Deployment Failure

The Sliplane error "Redeploy triggered for 0 service(s)" suggests a configuration/matching issue on the deployment platform rather than a code issue in this PR. The changes here affect local development configuration, not deployment infrastructure.

|

Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Ivy auth example projects to rely on .NET User Secrets (instead of repo-local appsettings.*.json patterns) for local credential management, and adds a production-only escape hatch for Clerk secrets via an external JSON file path.

Changes:

  • Added <UserSecretsId> to each auth example .csproj (Auth0, Authelia, Clerk, GitHub, Microsoft Entra, Sliplane, Supabase).
  • Removed per-example appsettings.example.json and appsettings.json ignore rules.
  • Added ClerkExample production configuration loading from a JSON file specified by IVY_CLERK_SECRETS_PATH.
  • Updated Server.UseConfiguration(...) to also register IConfiguration in DI.

Reviewed changes

Copilot reviewed 24 out of 24 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
src/auth/examples/Auth0Example/appsettings.example.json Removed sample JSON config for Auth0 example.
src/auth/examples/Auth0Example/Auth0Example.csproj Added UserSecretsId for Auth0 example.
src/auth/examples/Auth0Example/.gitignore Removed appsettings.json ignore entry.
src/auth/examples/AutheliaExample/appsettings.example.json Removed sample JSON config for Authelia example.
src/auth/examples/AutheliaExample/AutheliaExample.csproj Added UserSecretsId for Authelia example.
src/auth/examples/AutheliaExample/.gitignore Removed appsettings.json ignore entry.
src/auth/examples/ClerkExample/appsettings.example.json Removed sample JSON config for Clerk example.
src/auth/examples/ClerkExample/README.md Added README describing production secrets-file behavior.
src/auth/examples/ClerkExample/Program.cs Added production-only AddJsonFile(...) configuration hook for Clerk.
src/auth/examples/ClerkExample/ClerkExample.csproj Added UserSecretsId for Clerk example.
src/auth/examples/ClerkExample/.gitignore Removed appsettings.json ignore entry.
src/auth/examples/GitHubExample/appsettings.example.json Removed sample JSON config for GitHub example.
src/auth/examples/GitHubExample/GitHubExample.csproj Added UserSecretsId for GitHub example.
src/auth/examples/GitHubExample/.gitignore Removed appsettings.json ignore entry.
src/auth/examples/MicrosoftEntraExample/appsettings.example.json Removed sample JSON config for Microsoft Entra example.
src/auth/examples/MicrosoftEntraExample/MicrosoftEntraExample.csproj Added UserSecretsId for Microsoft Entra example.
src/auth/examples/MicrosoftEntraExample/.gitignore Removed appsettings.json ignore entry.
src/auth/examples/SliplaneExample/appsettings.example.json Removed sample JSON config for Sliplane example.
src/auth/examples/SliplaneExample/SliplaneExample.csproj Added UserSecretsId for Sliplane example.
src/auth/examples/SliplaneExample/.gitignore Removed appsettings.json ignore entry.
src/auth/examples/SupabaseExample/appsettings.example.json Removed sample JSON config for Supabase example.
src/auth/examples/SupabaseExample/SupabaseExample.csproj Added UserSecretsId for Supabase example.
src/auth/examples/SupabaseExample/.gitignore Removed appsettings.json ignore entry.
src/Ivy/Server.cs Updated UseConfiguration(...) to also register IConfiguration into DI.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@zachwolfe
Apply suggestions from code review
c8894bc 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
rorychatt
rorychatt previously approved these changes Mar 26, 2026
View reviewed changes
@zachwolfe zachwolfe requested a review from rorychatt March 26, 2026 23:25
@artem-ivy-ai
Copy link
Copy Markdown
Collaborator

artem-ivy-ai commented Mar 27, 2026
edited
Loading

Redeploy failed

Deployment stopped due to an error. I'm attaching the latest Sliplane events below.

Logs

Redeploy triggered for 0 service(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rorychatt rorychatt Awaiting requested review from rorychatt

+1 more reviewer

Copilot code review Copilot Copilot left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@zachwolfe zachwolfe

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@zachwolfe @artem-ivy-ai @rorychatt