Using OAuth
Essentials on OAuth integration.
Please refer to the GitHub repository for the code in its entirety. This sample is written in C# .NET core 2 and can be run via Docker.
First off all we need to add the OpenId middleware to the authentication configuration in
startup.cs
:startup.cs
.AddOpenIdConnect(AuthenticationConstants.XenaOidcAuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.ResponseType = AuthenticationConstants.OidcResponseType;
options.SignedOutRedirectUri = "/Home/LogoutRedirect";
options.Authority = authConfiguration.Authority;
options.ClientId = authConfiguration.ClientId;
options.ClientSecret = authConfiguration.ClientSecret;
options.SaveTokens = true;
options.RequireHttpsMetadata = false;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("profile");
options.Scope.Add("testapi");
options.Scope.Add("offline_access");
options.ClaimActions.MapJsonKey(JwtClaimTypes.PreferredUserName, JwtClaimTypes.PreferredUserName);
}
All the configuration is set in
appsettings.Development.json
When the user hit any method/controller with [Authorize] attribute he will be forced to authenticate. In our examples default challenge scheme is Xena. The user will be transferred to the login page and after the correct login will return to your app with tokens.
To communicate with the Xena API you will need to send access_token with each call in headers.
Application
access_token
lifetime is set to 60 minutes but cookie for your app can be different. For better user experience the app can use refresh_token
to get new access_tokens
.In the sample we use automatic silent renew middleware that checks and refreshes the token if needed with each call.
In sample in
XenaService.cs
we show three API calls. The user can get data about his fiscal, Xena membership and apps that he is subscribed to.XenaService.cs
[Authorize]
public async Task<IActionResult> ApiExample()
{
HttpClient client = await SetupClientWithToken();
var result = await client.GetStringAsync($"{_apiEndpoints.Xena}/User/FiscalSetup?forceNoPaging=true");
return result;
}
Last modified 1mo ago