ASP.NET Core Identity
In order to work with Identity, we have to set a database for the user credentials, etc..
If we are integrating Identity into an existing project we can start by adding the Nuget package called "...CodeGeneration.Design".
Then, we have to add a new scaffolding item, which is going to be identity and setup it propertly.
We also have to create the first migration, this way it creates the user credentials database, etc...
Commands
(Obs: Make sure to specify the context in case having more than one. It can be done by using '-context <context name>'.
Add-Migration <migration name>
JWT
We can create an endpoint to generate java web tokens, so we can use then to pass to our endpoint calls. This way we make sure that whoever is calling the APIs is actually allowed to.
By creating an endpoint to serve the tokens, we have to also use an attribute in the endpoints we want to protect.
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
Then we must make sure to configure the middleware to actually verify the tokens received from the requests.
!important: Both the configured secret used to generated the tokens and the secret used to decrypt the token in the middleware must be the same.
Once the client knows where to get the token from (endpoint in this case), we have to add a header in our request.
"Authorization" with the value "bearer token..."
This is an example of JWT
Everything can be decrypted, apart from the signature that comes at the end.
eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtZXVlbWFpbEBlbWFpbC5jb20iLCJlbWFpbCI6Im1ldWVtYWlsQGVtYWlsLmNvbSIsImp0aSI6IjEwNmI0NGIwLTQyOTQtNDEzNy05YTFkLWFiMjg0ODM2ODA4MSIsIm5iZiI6MTY4NDc5MTAwNywiZXhwIjoxNjg0NzkyMjA3LCJpYXQiOjE2ODQ3OTEwMDd9.OjKo43YSPdUuJSZMl_IyCc4WF18pk8P12jW7e5qCM7RfJmLn-xn9W0a4lx-MXBtAOvWzO1QtDPYl3W2esm7wDQ
OAUTH 2.0
It is the industry-standard protocol for authorization. It focuses on client developer simplicity while providing specific authorization flows for web, desktop and mobile apps.
OpenID connect
It's a simple identity layer on top of the OAuth 2.0 protocol. It allows clients to verify the identity of the End-User based on the authentication performed by an Authorization server, as well as obtain basic profile information about the End-User in an interoperable and REST-like manner.