davidfowl / TodoApi

Todo application with ASP.NET Core Blazor WASM, Minimal APIs and Authentication
MIT License
2.76k stars 417 forks source link

Identity endpoints and authorization #89

Open famda opened 11 months ago

famda commented 11 months ago

Hey!

I'm trying to get authorization working properly on this scenario using the new endpoints built in dotnet 8.

What I'm trying to achieve is to flow the roles and some custom claims so I can show/hide controls on the razor components.

So far I couldn't get this to work and there is an issue on github for samples with this scenario (mentioned on tbe docs).

Based on your dotnet 8 branch, I was trying to make something that can represent this example.

Could you give some guidance on this, please?

julioct commented 11 months ago

@davidfowl I'm also interested in this. How would TodoApi evolve to switch the new Blazor app template with WASM interactivity (or even better, just SSR) and then use the new Identity endpoints in the backend API?

davidfowl commented 11 months ago

https://github.com/davidfowl/TodoApi/tree/davidfowl/net8 still needs to update to RTM

famda commented 11 months ago

I've seen that branch, however the roles/claims is the actual part that I'm not confortable with.

I also opened an issue on the aspnetcore repo related to this (to see if someone helps on creating a sample on the docs or something).

What I've seen so far is that we need to create an additional endpoint on the api that takes the claims principal (logged user) and return a json representation of the roles/claims.

And, with this, have on the blazor project a authentication state provider that consumes that endpoint after the cookie creation to get the roles/claims.

This feels like a hack 😆 because the identity endpoints generates the token or cookie with that info inside. This is the PR

In that example is a standalone WASM but this would be added on a "server" state provider to get the current authenticated user roles and then use the PersistentComponentState to share it to the the client (similar to the new template with identity).

Do you think this is the right approach?

julioct commented 11 months ago

@davidfowl Thank you, this is awesome!

Here's a PR to update everything to .NET 8 RTM: https://github.com/davidfowl/TodoApi/pull/90

Verified it in my box, and all tests are passing.

davidfowl commented 11 months ago

You are awesome!

julioct commented 11 months ago

Glad to help, but also TodoApi can become the blueprint for what I'm working on.

@davidfowl Any comments you can provide on this issue would be appreciated: https://github.com/dotnet/aspnetcore/issues/52800

Just trying to make sure TodoApi is not outside of the ASP.NET Core Identity supported scenarios.