Skip to content

SmartStandards/AuthTokenHandling

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
dotnet
dotnet
 
 
js
js
 
 
vers
vers
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
readme.md
readme.md
 
 

Repository files navigation

AuthTokenHandling

Moved/Migrated from KornSW.TokenValidation

AuthTokenHandling.MvcSupport

Server-Side usage within ASP.NET Core WebAPI Projects:

Setup

Configure the Framework during your startup

//(from Nuget Pkg 'SmartStandards.AuthTokenHandling')
AccessTokenValidator.ConfigureTokenIntrospection(
    new LocalJwtIntrospector("myTokeSignKey12345"),
    IdentityStateManager.InitializeCurrentContext, //[opt] populate MAC-scopes ambient 
    introspectionResultCachingMinutes: 2,  //[opt] caching if introsp. is expensive
    auditingHook: this.CreateAuditingEntry //[opt] auditing for introsp. outcome
);

WebAPI-Controller

Just place the "EvaluateBearerToken"-Attribute over the methods for which the access should be restricted and classify it with an API scope name. In this case were requiring accessors to have the "NiceActionExecutorRole".

class MyMvcController {
    ...
    
    [EvaluateBearerToken("NiceActionExecutorRole")] //<<< use this attribute
    [HttpPost("DoANiceAction"), Produces("application/json")]
    public NiceResponseDto DoANiceAction([FromBody] NiceRequestDto args) {
       ...
    }
    
}

Token-Content

Contains the "API"-Clearance for "NiceActionExecutorRole" within the "scopes"-claim)

{
    "iss": "the issuer",
    "sub": "832",
    "iat": 1684927942,
    "exp": 1842607942,
    "scope": "API:NiceActionExecutorRole Tenant:1243 DataProtectionLevel:3"
}

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

17 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages