From the course: Building and Securing RESTful APIs in ASP.NET Core
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
More about OpenID Connect - ASP.NET Core Tutorial
From the course: Building and Securing RESTful APIs in ASP.NET Core
More about OpenID Connect
- [Instructor] We used OpenIddict to add the OpenID Connect password flow to the API. There's more that OpenID Connect can offer and a lot of it is outside the scope of this course. I did wanna touch on a few points so that you have a frame of reference for further research and learning. As a refresher, here's how the password flow works. The client posted the user credentials directly to the token endpoint and got back an access token to use for further API calls. I chose to demonstrate the password flow in this API because it's fairly simple to set up. It does have some downsides though. For example, the client has to directly capture and handle the user's credentials before sending them to the server. There are other patterns available in OpenID Connect that deal with this a little bit better. One pattern you'll see a lot in larger systems is splitting the responsibility of authenticating the user and generating tokens away from the rest of the API. In this arrangement, OpenIddict…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
-
-
-
-
-
-
-
(Locked)
How HTTP authentication works3m 39s
-
(Locked)
Authentication for REST APIs3m 21s
-
(Locked)
Add Identity4m 51s
-
(Locked)
Add a test user3m 21s
-
(Locked)
Create a users collection5m 45s
-
(Locked)
Create a registration route6m 9s
-
(Locked)
Add OpenIddict4m 12s
-
(Locked)
Add a token endpoint2m 6s
-
(Locked)
Create a UserInfo route5m 28s
-
(Locked)
More about OpenID Connect2m 59s
-
(Locked)
Authorization using policies5m 19s
-
(Locked)
-