mirror of
https://github.com/AlexMacocian/MTSC.git
synced 2026-07-15 14:59:33 +00:00
0fe9f9957c
* Setup OAuth2 support * Setup tests project * Setup OAuth2 unit tests in CI pipeline * Setup authorizeattribute tests * Test * Setup tests for AuthorizeAttribute * Setup OAuth2 support Unit Tests coverage * Add OAuth2 project to release
1.6 KiB
1.6 KiB
OAuth2 Web Server App Implementation
Setup
- Decorate your
HttpRouteBasewith[Authorize] - Setup server wtih an
IAuthorizationProvider. Alternatively useserver.WithMicrosoftGraphAuthorization()extension to use the in-built Microsoft Graph authorization provider. - [Optionally] implement
IHttpClient<T>resolver to have a scopedHttpClientfor the OAuth flow. If noIHttpClient<T>is present, the flow will use anew HttpClient()instance. - [Optionally] implement
ILogger<T>resolver to have a scopedILoggerfor the OAuth flow. If noILogger<T>is present, the flow will useServer.LogDebug().
Functionality
- On the first request arriving at an endpoint decorated with
[Authorize], the route filter with check for the presence ofAccessTokencookie. If it is not present, the filter will redirect the client to the OAuth server to peform the authorization. - The OAuth server redirects the client, on a successful authorization, to the
RedirectUri. TheRedirectUriendpoint must also be decorated with[Authorize]. - The redirect endpoint picks up the authorization code from the OAuth server and performs a request to the OAuth server to retrieve the
AccessToken. The filter will use theClientSecretas identifier of your Web Server App to the OAuth server. - Once the OAuth server returns the
AccessToken, the filter will set aRouteContext.Resourcesresource with the keyAccessTokenand value of the code provided by the OAuth server. - On response from the Web Server App, the filter will also set a response cookie with the
AccessToken.