1

I have built an API in C# ASP.NET 5.

This is current the code library I use to generate and validate OAUTH tokens https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample

The logged in user calls my API (passing the Bearer token in the header) to retrieve their saved notes from my NoteController. In my NoteController I retrieve the userNo from the Auth token claims and retrieve the users notes from the database. If the user's Auth token is invalid then I send them back a HTTP 401.

I have added code in my Startup.cs to enable Authorization: 

// Enable the use of an [Authorize("Bearer")] attribute on methods and classes to protect.
services.AddAuthorization(auth =>
             {
                auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
                    .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌​)
                    .RequireAuthenticatedUser().Build());
             });

My problem: as good as the code library (ASPNETSelfCreatedTokenAuthExample) is, it does not provide an OAuth refresh token mechanism.

I have tried to find a decent library to replace the one I am currently using.
I want a library that uses refresh tokens etc.

I have looked at IdentityServer4 but the examples are just for generating tokens in a dedicated server

I don't quite understand what to do :(

Can someone point me in the right direction please?

Thanks

Improve this question

2 Answers 2

Reset to default
2

DONE IT!!! :D
found this amazing blog post
http://capesean.co.za/blog/asp-net-5-jwt-tokens/
It took me a few mins to get his source code to work.
I actually had to use someone's fork of the solution to get it to work https://github.com/VoronFX/openiddict-test

My steps to get it to work:
1. Download https://github.com/VoronFX/openiddict-test

Next steps are copied from (https://github.com/openiddict/openiddict-core)

  1. run these commands:

    set DNX_UNSTABLE_FEED=https://www.myget.org/F/aspnetcidev/ dnvm upgrade -u

  2. Update your project.json to import the OpenIddict package:

    "dependencies": { "OpenIddict": "1.0.0-*" },

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Direction -> If I would have such a task, probably I would get familiar with the official AspNetCore middleware and try to implement my own middleware based on the official OAuth middleware. Have a look here -> https://github.com/aspnet/Security/tree/dev/src/Microsoft.AspNetCore.Authentication.OAuth.

More authentication middlewares: https://github.com/aspnet/Security

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.