TodoApi icon indicating copy to clipboard operation
TodoApi copied to clipboard

Published 20 hours ago verified publisher icon davidfowl

Identity endpoints and authorization

Open famda opened this issue 8 months ago • 6 comments

Hey!

I'm trying to get authorization working properly on this scenario using the new endpoints built in dotnet 8.

What I'm trying to achieve is to flow the roles and some custom claims so I can show/hide controls on the razor components.

So far I couldn't get this to work and there is an issue on github for samples with this scenario (mentioned on tbe docs).

Based on your dotnet 8 branch, I was trying to make something that can represent this example.

Could you give some guidance on this, please?

famda avatar Dec 12 '23 16:12 famda

@davidfowl I'm also interested in this. How would TodoApi evolve to switch the new Blazor app template with WASM interactivity (or even better, just SSR) and then use the new Identity endpoints in the backend API?

julioct avatar Dec 14 '23 17:12 julioct

https://github.com/davidfowl/TodoApi/tree/davidfowl/net8 still needs to update to RTM

davidfowl avatar Dec 14 '23 18:12 davidfowl

I've seen that branch, however the roles/claims is the actual part that I'm not confortable with.

I also opened an issue on the aspnetcore repo related to this (to see if someone helps on creating a sample on the docs or something).

What I've seen so far is that we need to create an additional endpoint on the api that takes the claims principal (logged user) and return a json representation of the roles/claims.

And, with this, have on the blazor project a authentication state provider that consumes that endpoint after the cookie creation to get the roles/claims.

This feels like a hack 😆 because the identity endpoints generates the token or cookie with that info inside. This is the PR

In that example is a standalone WASM but this would be added on a "server" state provider to get the current authenticated user roles and then use the PersistentComponentState to share it to the the client (similar to the new template with identity).

Do you think this is the right approach?

famda avatar Dec 14 '23 20:12 famda

@davidfowl Thank you, this is awesome!

Here's a PR to update everything to .NET 8 RTM: https://github.com/davidfowl/TodoApi/pull/90

Verified it in my box, and all tests are passing.

julioct avatar Dec 14 '23 22:12 julioct

You are awesome!

davidfowl avatar Dec 15 '23 00:12 davidfowl

Glad to help, but also TodoApi can become the blueprint for what I'm working on.

@davidfowl Any comments you can provide on this issue would be appreciated: https://github.com/dotnet/aspnetcore/issues/52800

Just trying to make sure TodoApi is not outside of the ASP.NET Core Identity supported scenarios.

julioct avatar Dec 15 '23 00:12 julioct