Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature request: Provide a tutorial when protecting API resource #16

Open
kjbtech opened this issue Jan 18, 2024 · 6 comments
Open

feature request: Provide a tutorial when protecting API resource #16

kjbtech opened this issue Jan 18, 2024 · 6 comments
Assignees

Comments

@kjbtech
Copy link

kjbtech commented Jan 18, 2024

What problem did you meet?

In my case, I have a kind of SPA that calls a Proxy API that redirect calls on backends APIs.
SPA need to auhenticate itself on the Proxy API. That works fine.
Then, the proxy API forwards HTTP calls to APIs that he protects.
In that matters, Proxy API wants to use the token that authenticate SPA, and forward it to the backends API.

To do so, regarding the fact that the example use Cookies to store the issued token, when forwarding, I have to get the access token for resources.

You have a tutorial part about API protecting (see https://github.com/logto-io/csharp/blob/master/src/Logto.AspNetCore.Authentication/docs/tutorial.md#api-resources).
However, I do not understand how it could work (maybe because I'm not an expert at OIDC).

Describe what you'd like Logto to have

A working example or an explanation on what I had wrong.

@kjbtech
Copy link
Author

kjbtech commented Jan 19, 2024

I succeeded to make it worked thanks to the below code.

On the Proxy API that forward calls:

var accessTokenForResource = await context.GetTokenAsync(LogtoParameters.Tokens.AccessTokenForResource);

// Add JWT token in 'Authorization' header
context.Request.Headers["Authorization"] = $"Bearer {accessTokenForResource}";;

On a backend API:

builder.Services.AddAuthentication()
    .AddJwtBearer(options =>
    {
        options.Authority = "https://xxxx.logto.app/oidc";
        options.Audience = "https://localhost:YYYY";
    });
builder.Services.AddAuthorization();

I can provide a full working example if you want to.

@gitekDev
Copy link

Hey @kjbtech for the Backend API it would be cool to see how it works.

@gao-sun gao-sun self-assigned this Feb 2, 2024
@gao-sun
Copy link
Member

gao-sun commented Feb 2, 2024

hi @kjbtech can you check the new Blazor WASM sample? the readme includes the sample for fetching JWT for API resources.

@kjbtech
Copy link
Author

kjbtech commented Feb 16, 2024

Hi @gao-sun ,
I can for sur, but where is it exactly?

@kjbtech
Copy link
Author

kjbtech commented Apr 10, 2024

Hi @gao-sun,
I checked your example, it is not what I achieved here.

Your samples shows more how to use LogTo in the front-end directly.
Whereas what I suggest here is to not inject LogTo configuration to the frontend application, to force developers to use a backend proxy.

@kjbtech
Copy link
Author

kjbtech commented Apr 29, 2024

Hey @gao-sun,
I added a pull request here https://github.com/logto-io/csharp/pull/28/files.

It covers a working example with the wasm sample that you provided.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants