JWT and security approach

mtajouri · 2019-01-16 21:11:15 UTC

Hello,

Thank you for this course, it’s very interesting.

I wanted to know how it’s done creating and refreshing the token (jwt) from the front.
Can you tell me the stack of calls from the front?

Will you approach the subject of security in a future episode?

Thank you.

GooRiOn · 2019-01-17 09:53:40 UTC

I’m not sure what u mean by “from the front”. If you mean API for calling from frontend application then you can look at MVC controllers:

github.com

devmentors/DNC-DShop.Services.Identity/blob/master/src/DShop.Services.Identity/Controllers/IdentityController.cs

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Threading.Tasks;
using DShop.Common.Mvc;
using DShop.Services.Identity.Messages.Commands;
using DShop.Services.Identity.Messages.Events;
using DShop.Services.Identity.Services;
using System;
using DShop.Common.Authentication;

namespace DShop.Services.Identity.Controllers
{
    [Route("")]
    [ApiController]
    public class IdentityController : BaseController
    {
        private readonly IIdentityService _identityService;
        private readonly IRefreshTokenService _refreshTokenService;

        public IdentityController(IIdentityService identityService,

This file has been truncated. show original

github.com

devmentors/DNC-DShop.Services.Identity/blob/master/src/DShop.Services.Identity/Controllers/TokensController.cs

using System.Threading.Tasks;
using DShop.Common.Authentication;
using DShop.Common.Mvc;
using DShop.Services.Identity.Messages.Commands;
using DShop.Services.Identity.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace DShop.Services.Identity.Controllers
{
    [Route("")]
    [ApiController]
    [JwtAuth]
    public class TokensController : BaseController
    {
        private readonly IAccessTokenService _accessTokenService;
        private readonly IRefreshTokenService _refreshTokenService;

        public TokensController(IAccessTokenService accessTokenService,
            IRefreshTokenService refreshTokenService)

This file has been truncated. show original

FYI the host part for local development is http://localhost:5002.
First allows you to sign-up, sign-in, chnage password and get basic data about your identity.
Second allows you to refresh or revoke your access token using refresh token. Both tokens are returned after signing in:

jwt

Speaking of security episode we haven’t discussed it yet with Piotr so I’ll let you know as soon as we will do it

mtajouri · 2019-01-29 20:42:40 UTC

Thank you for reply.