Understand the core concepts of OAuth, OpenID and JWT - Learn how to secure APIs written in ASP.NET Core using JWT tokens and enforce an Authenticated and Authorized access.
When we talk about authentication and authorization, we talk about the most widely used authentication and access management protocols these days; the OAuth and OpenId and the medium for these protocols - JWT.
Let's dig into securing our APIs by means of Authenticating incoming requests based on an access token. Let's also look at how we can write our own token generation provider using the asp.net core library.
In a previous article we have discussed about securing a web api in ASP.NET Core using JWT Bearer tokens. While this approach is elegant, we can have a further fine grained access to our API, by authorizing the users who try to access by means of access tokens.
Learn about how we can authorize an API access based on an user role defined by the system and authorize a user based on a claim based on the JWT token passed within the request.
Let's look at a hypothetical scenario, wherein we would want the authentication middleware to completely be bypassed, but yet the user context for the request be setup for us to use at a later point in the request pipeline.
Consider an example where in we are required to authenticate an incoming JWT token based on a varying set of token validation parameters passed onto the authentication handler via a service.