Checks that every Controller API has a [Authorize] or [AllowAnonymous] attribute. Throws an exception when you try to access them if they do not.
This is useful to help ensure that developers don't forget to add these.
//public void ConfigureServices(IServiceCollection services)
services.AddMvc(config => { config.Filters.Add(new RequireAuthorizeAttributeFilter()); });Provides base functionality for JWT usage.
//public void ConfigureServices(IServiceCollection services)
services.AddJwtServices(issuer, secretKey, Environment);
//public void Configure(IApplicationBuilder app, IHostingEnvironment env)
app.UseAuthentication();
JwtTokenFactory tokenFactory; //Resolve using DI
var token = _tokenFactory.IssueToken(userId, validFor, additionalClaims?);Return the token to the client and have them provide it in the Authorize Header.
Authorize: Bearer tokenHere...
Provides Passwordless authentication.
//public void ConfigureServices(IServiceCollection services)
services.AddPasswordless();
IPasswordlessService passwordless; //resolve using DI
var nonce = passwordless.GenerateNonce("userId or emailAddress or something");
var key = passwordless.GetKeyFromNonce(nonce);The usual flow is
- User enters their email address in a sign in form
- App generates a nonce for their email (or a userid matching the email) (
GenerateNonce) - App emails the nonce to the user (usually with a clickable link to automatically submit it)
- User clicks link to submit nonce (or manually types it in)
- App fetches userId/email using nonce (
GetKeyFromNonce) - User identity is verified, app issues a JWT or cookie