It's an client-themed REST API Template with OAuth 2.0 implemented in a built-in Identity Server (as a class) with user hierarchy.
OAuth 2.0 is an token-based authentication protocol. It's implementation consists in having an Authentication Server (OAuth Server) and a Resource Server.
As you can see in the image, the process is split in two, the green part would be the authentication part where the OAuth 2.0 protocol takes place and the orange one, where the authorization takes place.
Source: Oracle
This is a functional Template where you have 2 sections (controllers):
- Login: it contains the Login Endpoint, where you need to introduce your user credentials in order to get a session Token.
- Endpoints: it contains the rest of endpoints of the API, it only includes two, one can be executed with a non-admin account but the other one requires administrator permissions.
The main files of the project are:
- Program.cs: has the main configuration of the project and works as the Resource Server.
- Users.cs: provisional class that have declared the different users and it's permissions.
Warning
Users are hardcoded, is recomendable to replace it with an actual database of users.
- Model/Client.cs: is the scheme or model of the object that our endpoint retrieve.
- Controllers/EndpointsController.cs: It's the controller where the endspoints are contained.
- Controllers/LoginController.cs: It's the controller where the Login endpoint is contained and works as the Authentication Server.
Using the image above as guiance, the green part, as I said earlier, is the authentication process, it happens when a client logs in successfully and gets an JWT Bearer-type Token.
Meanwhile the orange part, the authorization process, ocurs when the client, already logged in, tries to access a endpoint, and if the token is valid, it returns the resources given by the endpoint.
This repository is meant to be used as a template for your new securized REST API.
A bunch of the Swashbuckle's Swagger customization options are included in the template.
Such as having more than one Swagger Document, Custom names for Controllers and Endpoints, a searchbox and even custom CSS.
The majority of these options can be changed in OAuth_API/Program.cs on the app.UseSwaggerUI(options => lambda expresion.
In order to add custom files like images or style sheets, you'll need to place them in the special folder wwwroot. An empty .css file is already created.
If you're only interested in the security configurations, use the oauthonly branch.
- Programming Lenguage: C#
- Framework: ASP.NET Core (Project made with .Net 8.0 Framework)
- NuGets:
- Swashbuckle.AspNetCore (6.4.0)
- Swashbuckle.AspNetCore.Annotations (6.6.2)
- Microsoft.AspNetCore.authentication.JwtBearer (8.0.6)
- Other:
- OAuth 2.0 (Protocol)
- JWT Bearer (Token type)
- Recommended IDE: Visual Studio 2022