A dotnet library which authenticates service requests using Logic Identity.
In projects or components where you need to use services authenticated with Logic Identity, add a NuGet package reference to Kmd.Logic.Identity.Authorization.
The LogicTokenProviderFactory
authorizes access through the use of a Logic Identity issued client credential. The authorization token is reused until it expires. You would generally create a single instance of LogicTokenProviderFactory
.
Perhaps the easiest way to configure the LogicTokenProviderFactory is from Application Settings.
{
"TokenProvider": {
"ClientId": "",
"ClientSecret": "",
"AuthorizationScope": ""
}
}
To get started:
- Create a subscription in Logic Console. This will provide you the
SubscriptionId
which will be linked to the client credentials. - Request a client credential. Once issued you can view the
ClientId
,ClientSecret
andAuthorizationScope
in Logic Console.
You can generate a service client from the OpenAPI specification provided by Logic services using Autorest.
These clients accept a ServiceClientCredentials
from Microsoft.Rest.ClientRuntime.
Assuming you have generated a client called LogicServiceClient
, the following will use the LogicTokenProviderFactory
to issue a bearer token for each request.
var options = new LogicTokenProviderOptions
{
ClientId = "<your client id>",
ClientSecret = "<your client secret>",
AuthorizationScope = "<service scope>"
};
// Create the LogicTokenProviderFactory once
var tokenProviderFactory = new LogicTokenProviderFactory(options);
// Create a token provider for each service client
var tokenProvider = this.tokenProviderFactory.GetProvider(this.httpClient);
var serviceClient = new LogicServiceClient(new TokenCredentials(tokenProvider))
{
BaseUri = new Uri("https://gateway.kmdlogic.io/service/v1")
};
A simple console application is included to demonstrate how to authorize an application using Logic Identity. You will need to provide the settings described above in appsettings.json
.
When run you should see the details of the issued Javascript Web Token (JWT) printed to the console.
In version 2.1.0 of this library, the DefaultAuthorizationScope was removed. Please set LogicTokenProviderOptions.AuthorizationScope explicitly.
In version 2.0.0 of this library, the default value for LogicTokenProviderOptions.AuthorizationScope was removed.
For dependent packages which need to maintain backward compatibility, you can set the DefaultAuthorizationScope as below.
#pragma warning disable CS0618 // Type or member is obsolete
if (string.IsNullOrEmpty(this.tokenProviderFactory.DefaultAuthorizationScope))
{
this.tokenProviderFactory.DefaultAuthorizationScope = "https://logicidentityprod.onmicrosoft.com/bb159109-0ccd-4b08-8d0d-80370cedda84/.default";
}
#pragma warning restore CS0618 // Type or member is obsolete