Learn how to build a token route that allows the client to exchange a user's credentials for an access token that can be used to make authenticated requests.
- [Instructor] Now that we've added Identity and openiddict to this project, we have all the pieces we need to build a token route. The token route will allow the client to exchange the user's credentials for an access token. I've added a controller called Token Controller to the project. You can find it in the exercise files for this video. The token controller has one post route. Token Exchange Async. This method does a couple of things. So let's go through the steps one by one. First, the method does a check to make sure that the incoming request is indeed the OpenIdConnect password grant flow.
If not, it'll return an error to the client. Next we'll use the user manager to look up the user by their username. If the user does exist, we'll check the password to see if the hashes match. If the password is invalid, we'll return that same invalid username or password message. Finally, if all these checks are successful, we'll create an authentication ticket that represents the user, and then use the sign in method on the controller class to sign the user in. Calling sign in will tell openiddict to generate an access token for the user.
As you can see asp.net Core and openiddict are doing most of the heavy lifting here for us. Let's start the project, and send a request with Postman. I've got a request here ready to go. It's a post to the token route. It has the x-www-form-urlencoded content type. Which is the right content type for OpenIdConnect posts. And we're specifying the password grant type with the username and password of the user. When we send this request, it'll hit the token route, and openiddict will generate an access token and send it back to us.
In this response we have the token type, which tells us that this should be used as a bearer token. We have the actual value of the access token. And we also have the expires in property which tells us how long this access token will be valid in seconds. Alright, we've successfully used the OpenIdConnect password flow and openiddict to exchange the user's credentials for an access token.
- REST vs. RPC
- Using HTTP methods (aka verbs)
- Returning JSON
- Creating a new API project
- Building a root controller
- Routing to controllers with templates
- Requiring HTTPS for security
- Creating resources and data models
- Returning data and resources from a controller
- Representing links (HREFs)
- Representing collections
- Sorting and searching collections
- Creating forms
- Caching and compression
- Authentication and authorization for RESTful APIs
Skill Level Intermediate
Deploying ASP.NET Core Applicationswith Nate Barbettini57m 57s Intermediate
1. REST API Concepts
2. Building a Basic API
3. Securing the API
4. Representing Resources
5. Representing Links
6. Representing Collections
7. Sorting Collections
8. Searching Collections
9. Forms and Modifying Data
10. Caching and Compression
11. Authentication and Authorization
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.