This story is part of an effort to make the following scenario simpler: the .Net client is used on a backend Asp.Net server to make server-to-server calls to a separate repository service.
There is a use case when a user authenticates in their browser, sends a token to the custom backend app (usually an Asp.Net app) and we need to connect to a separate sensenet repository service using that token - in the name of the authenticated user, not as a technical admin.
In the previous API we already solved this: #70
Now we need to extend the new Repository API with a possibility to provide an access token and execute requests in the name of the user represented by the token.
Proposal
Extend the RepositoryCollection API with a new overload of the GetRepositoryAsync method that takes a token (or an AuthenticationInfo) parameter:
public async Task<IRepository> GetRepositoryAsync(string name, AuthenticationInfo authInfo, CancellationToken cancel)
This method would load a repository instance constructed specifically for the provided token or api key. This would mean multiple IRepository instances cached for the same sensenet repository but for different users. The cache key currently is the provided name but we could construct a cache key that also includes the api key or the token. The underlying server API already supports providing an access token, no need to rewrite anything.
There is a use case when a user authenticates in their browser, sends a token to the custom backend app (usually an Asp.Net app) and we need to connect to a separate sensenet repository service using that token - in the name of the authenticated user, not as a technical admin.
In the previous API we already solved this: #70
Now we need to extend the new
RepositoryAPI with a possibility to provide an access token and execute requests in the name of the user represented by the token.Proposal
Extend the
RepositoryCollectionAPI with a new overload of theGetRepositoryAsyncmethod that takes a token (or anAuthenticationInfo) parameter:This method would load a repository instance constructed specifically for the provided token or api key. This would mean multiple
IRepositoryinstances cached for the same sensenet repository but for different users. The cache key currently is the provided name but we could construct a cache key that also includes the api key or the token. The underlying server API already supports providing an access token, no need to rewrite anything.