Skip to content

JWT Support #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
GrantErickson wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

JWT Support #1

GrantErickson wants to merge 4 commits into from

Conversation

@GrantErickson
Copy link
Collaborator

@GrantErickson GrantErickson commented Aug 29, 2024

Don't merge this, just for diffs and comments

meghanmae
meghanmae reviewed Aug 29, 2024
View reviewed changes
IntelliTect.Trivia.Data/Models/AppUser.cs
[Edit(Roles.Admin)]
[Create(SecurityPermissionLevels.DenyAll)]
[Delete(SecurityPermissionLevels.DenyAll)]
public class AppUser: IdentityUser
Copy link
Collaborator

@meghanmae meghanmae Aug 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question for Andrew: Does the information on Identity User get exposed to the client via coalesce? (e.g. the password hash?)

Is this the best way to hide it?

    [InternalUse]
    public override string? PasswordHash { get; set; }

Copy link

@ascott18 ascott18 Aug 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The answer lies in the generated DTOs, and it is "yes".

And yes.

@ascott18
Copy link

ascott18 commented Aug 29, 2024

Is the exact goal here to add JWT bearer tokens as the authentication scheme? This could be substantially simpler if opaque bearer tokens or cookies are suitable. https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization. You could delete the controller, and most of the configuration in Program.cs

In terms of presenting this in the format of the show, I think this is 3 episodes?

  1. Adding swagger. Including adding IntelliTect.Coalesce.Swashbuckle - https://github.com/IntelliTect/Coalesce/blob/dev/playground/Coalesce.Web.Vue3/Program.cs#L63
  2. Adding Identity data models, interacting with them via Coalesce (adding/removing roles from users maybe?)
  3. Adding authentication and authorization (sign in, accessing a role-restricted action)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ascott18 ascott18 ascott18 left review comments

@meghanmae meghanmae meghanmae left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@GrantErickson @ascott18 @meghanmae