search

jasontaylordev / NorthwindTraders

Northwind Traders is a sample application built using ASP.NET Core and Entity Framework Core.
MIT License
5k stars 1.59k forks source link

[Question] Refresh tokens and other questions #128

Closed nurlybekovnt closed 5 years ago

nurlybekovnt commented 5 years ago

Hello, JasonGT!!! Thank you a lot for this great example of clean architecture

1) Are you planning to use refresh tokens in Authentication/Authorization? 2) Will users have multiple roles? 3) Are you planning to implement resource authorization? 4) Are you planning to use generic result from Application layer like this: public class AppResult

{
  public bool Succeeded { get; protected set; }
  public IEnumerable<AppError> Errors { get; protected set; }
  public T Data { get; protected set; }
}

and remove all exceptions? 5) I am very interested in how you will implement the user structure, if the system has several types of users and each type of user has different fields. For example, class Author { UserName, Password, Age, Publications} class Editor { UserName, Password, SubjectArea} class Student { UserName, Password, Mark, Attendances} etc 6) Will real time notifications be implemented? For example, you must notify the client 30 minutes before a yoga session.

Thanks in advance for any response!

nurlybekovnt commented 5 years ago

I have read https://github.com/mmacneil/AspNetCoreApiStarter. It is refresh token management.

jasontaylordev commented 5 years ago

Hi @d34ctiv4t0r - thanks and you're are welcome.

  1. Are you planning to use refresh tokens in Authentication/Authorization?

Yes, but I don't have a time frame.

  1. Will users have multiple roles?

Yes, I am planning to implement Customer, Manager, Employee.

  1. Are you planning to implement resource authorization?

I'd like to, but it's probably much further down the road. The Northwind database certainly has resources that could be secured this way, such as orders by region / employee region.

  1. Are you planning to use generic result from Application layer like this: public class AppResult
{
  public bool Succeeded { get; protected set; }
  public IEnumerable<AppError> Errors { get; protected set; }
  public T Data { get; protected set; }
}

and remove all exceptions?

Probably not for this repository, but yes for more complicated solutions. Is this your preferred approach? What do you think the advantages are?

5) I am very interested in how you will implement the user structure, if the system has several types of users and each type of user has different fields. For example, class Author { UserName, Password, Age, Publications} class Editor { UserName, Password, SubjectArea} class Student { UserName, Password, Mark, Attendances} etc

There will be a User type that will be part of the Authentication and Authorisation infrastructure. This will not be a domain entity. The domain entities, Author, Editor, and Student will reference the primary key of the User type. The different fields are easily supported since they are different entities.

6) Will real time notifications be implemented? For example, you must notify the client 30 minutes before a yoga session.

I'd like to, but no plans at this stage.

Thanks for your questions. Hope this helps.