Learn how to build a token route that allows the client to exchange a user's credentials for an access token that can be used to make authenticated requests.
- [Instructor] Now that we've added ASP.NET Core identity and OpenIdict to the project, we have all the pieces we need to build a token route. The token route will let the client exchange the user's credentials for an access token. I've added a controller called token controller to the project using some code from the OpenIdict samples. You can find it in the exercise files for this video. The token controller has one post route called TokenExchange. This method does a few things, so let's go through the steps one by one to understand everything that it's doing.
First, this method checks to make sure that the incoming request is in fact an OpenIdConnect password grant request. If it's not, it'll return an error to the user. Next it looks up the user's user name to make sure the user actually exists in the database, and if not, return an error. Then it checks to make sure that the user is allowed to sign in, and if not, returns an error. It similarly checks to make sure the user is not locked out, and checks to make sure the password is valid. Then it looks up the user's roles, if the user has any, and finally creates an authentication ticket with the user's identity and their roles.
When that authentication ticket is passed back to OpenIdict via the sign-in method, OpenIdict will create a token for this user. I'll start the project and then try to request using postman. Let's go ahead and post to the slash token route. This'll need to be a post, the body will be x-www-form-urlencoded, this time, and we need to construct an OpenIdConnect password grant request, which is gonna look like, grant_type password, and then username will be, let's try our admin, we'll do firstname.lastname@example.org.
And then the password, which is hard coded as supersecret123. At least right now. Awesome, we have an access token. We successfully used OpenIdict and the OpenIdConnect password flow to exchange these user credentials for an access token.
- What is RESTful design?
- Building a new API with ASP.NET Core
- Using HTTP methods
- Returning JSON
- Creating RESTful routing with templates
- Securing RESTful APIs with HTTPS
- Representing resources
- Representing links
- Representing collections
- Sorting and searching collections
- Building forms
- Adding caching to an ASP.NET Core API
- Configuring user authentication and authorization
Skill Level Intermediate
1. REST API Concepts
2. Build a Basic API
3. Versioning and Errors
4. Secure the API
5. Represent Resources
6. Represent Links
7. Represent Collections
Add pagination7m 37s
8. Sorting Collections
9. Searching Collections
10. Forms and Modifying Data
11. Caching and Compression
12. Authentication and Authorization
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.