OpenIddict is an open-source OpenID Connect authorization server that adds support for generating tokens in your API. In this video, Nate explains how to install the OpenIddict packages.
- ASP.NET core identity helps us manage the user and roll entities in the database and can support cookie-based authentication, but it doesn't provide any way for users to get a token from the server. There are a number of token authentication packages that add this functionality to ASP.NET core applications, and the one I'll use here is called OpenIddict. OpenIddict is a lightweight, OpenId Connect authorization server that plugs into ASP.NET Core and Entity Framework Core, although you can use it with other identity systems and databases as well.
It's easy to set up and supports the token flows that we need. The project is open source and is in the release candidate stage at the time of this recording. The release candidate version of OpenIddict is hosted on a different NuGet server, so I had to add a NuGet.config file to my solution to see it. This configuration file is included in the exercise files for this video, but you shouldn't need to do this. By the time this course launches, OpenIddict should be released to the official NuGet channel. To install OpenIddicts, I need to add the packages to my project with the NuGet package manager.
In my case, I need to switch to the ASP.NET contrib channel and check include pre-release. Again, you won't have to do these steps once the packages are officially released. You'll just open up the NuGet package manager and search for the packages, just like normal. The packages I need are OpenIddict, OpenIddict.MVC, OpenIddict.EntityFrameworkCore, and a package called ASPNET.Security.OAuth.Validation.
Now that we've installed these packages, let's open up Startup.CS. In the configure services method, we'll need to change the add db context line a little bit. I'm going to break this out into a block so that we can also say, in here, opt.UseOpenIddict. I'm also going to paste in some additional code that configures OpenIddict. You can find this code in the exercise files folder for this video. We'll need to import this name space.
What this code does is map over the default claims for ASP.NET Core to the OpenID Connect claim names. It also adds the OpenIddict services that we need to the service container. Further down, in the configure method, we also need to add OpenIddict here. Above app.UseResponseCaching and UseMvc, we need to say app.UseOAuthValidation and app.UseOpenIddict. All right, we're halfway there. Now that we have OpenIddict installed and in our application pipeline, we need to add a token route that will accept the user credentials and then use OpenIddict to exchange them for an access token.
- REST vs. RPC
- Using HTTP methods (aka verbs)
- Returning JSON
- Creating a new API project
- Building a root controller
- Routing to controllers with templates
- Requiring HTTPS for security
- Creating resources and data models
- Returning data and resources from a controller
- Representing links (HREFs)
- Representing collections
- Sorting and searching collections
- Creating forms
- Caching and compression
- Authentication and authorization for RESTful APIs
Skill Level Intermediate
Building Web APIs with ASP.NET Core (2016)with Chris Woodruff1h 7m Intermediate
Deploying ASP.NET Core Applicationswith Nate Barbettini57m 57s Intermediate
1. REST API Concepts
2. Building a Basic API
3. Securing the API
4. Representing Resources
5. Representing Links
6. Representing Collections
7. Sorting Collections
8. Searching Collections
9. Forms and Modifying Data
10. Caching and Compression
11. Authentication and Authorization
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.