Closed anomepani closed 4 years ago
Thank you for you interest with this template. I appreciate it.
Good point there. However, Authentication and Authorization piece are subjective, and implementing them depends on business requirements. That's why I only provided the basic so that you can change whatever you want from the template and extend it. Some might use Custom JWT, some may use IS4 , some may use other Auth schemes and this template doesn't provide all of them :)
Yeah true template can not provide functionality, As I was exploring api and required feature and found this template which have lots of things . In most case login and auth check functionality reside in same app or api project ,that's why I have suggested and conversation regarding this will be available on this repo even if this feature implemented or not.
Thanks for quick response
Yup. Login and Auth should be on the same project but ideally, you should avoid mixing them in your normal API projects. This template aims to be used by normal API projects. You may want to create an Auth Server that the sole responsibility is to issue a token (JWT) and authenticate users. You can then use this template to build the clients for your Auth Server.
Here's a quick example using IS4: https://vmsdurano.com/apiboilerplate-and-identityserver4-access-control-for-apis/
Of course you can implement your own custom JWT provider without using IS4 by using Microsoft.IdentityModel.Tokens
library or any other related libs.
Can we add support for JWT Auth scheme and related configuration with Authorization Role, Police, permission etc.
ApiBoilerPlate
project template is very good and has lots of things which required for most projects.As most of the project is using username and password and based on that they generate JWT Token. However in provided sample it's using API key and secret which is only used for one client it can be used as daemon service As per my understanding.
For API Project most people are not using IdentityServer due to lots of complexity and configuration instead use custom or dotnetcore identity authentication with JWT scheme for API Project.