tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-04-22 06:22:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

added more docs around authentication

Browse Source
This commit is contained in:
Tom Gardham-Pallister 2017-12-01 08:10:45 +00:00
parent c986f750bb
commit df03e2b51a
1 changed files with 92 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
docs/features/authentication.rst
View File

@ -1,24 +1,22 @@
Authentication Authentication
============== ==============
Users register authentication services in their Startup.cs as usual but they provide a scheme (key) with each registration e.g. In order to authenticate ReRoutes and subsequently use any of Ocelot's claims based features such as authorisation or modifying the request with values from the token. Users must register authentication services in their Startup.cs as usual but they provide a scheme (authentication provider key) with each registration e.g.
.. code-block:: csharp .. code-block:: csharp
public void ConfigureServices(IServiceCollection services) public void ConfigureServices(IServiceCollection services)
{ {
services.AddAuthentication() var authenticationProviderKey = "TestKey";
.AddJwtBearer("TestKey", x =>
{
x.Authority = "test";
x.Audience = "test";
});
services.AddOcelot(Configuration); services.AddAuthentication()
.AddJwtBearer(authenticationProviderKey, x =>
{
});
} }
In this example TestKey is the scheme tha this provider has been registered with. In this example TestKey is the scheme that this provider has been registered with.
We then map this to a ReRoute in the configuration e.g. We then map this to a ReRoute in the configuration e.g.
.. code-block:: json .. code-block:: json
@ -40,3 +38,88 @@ We then map this to a ReRoute in the configuration e.g.
When Ocelot runs it will look at this ReRoutes AuthenticationOptions.AuthenticationProviderKey When Ocelot runs it will look at this ReRoutes AuthenticationOptions.AuthenticationProviderKey
and check that there is an Authentication provider registered with the given key. If there isn't then Ocelot and check that there is an Authentication provider registered with the given key. If there isn't then Ocelot
will not start up, if there is then the ReRoute will use that provider when it executes. will not start up, if there is then the ReRoute will use that provider when it executes.
If a ReRoute is authenticated Ocelot will invoke whatever scheme is associated with it while executing the authentication middleware. If the request fails authentication Ocelot returns a http status code 401.
JWT Tokens
^^^^^^^^^^
If you want to authenticate using JWT tokens maybe from a provider like Auth0 you can register your authentication middleware as normal e.g.
.. code-block:: csharp
public void ConfigureServices(IServiceCollection services)
{
var authenticationProviderKey = "TestKey";
services.AddAuthentication()
.AddJwtBearer(authenticationProviderKey, x =>
{
x.Authority = "test";
x.Audience = "test";
});
services.AddOcelot(Configuration);
}
Then map the authentication provider key to a ReRoute in your configuration e.g.
.. code-block:: json
"ReRoutes": [{
"DownstreamPathTemplate": "/",
"UpstreamPathTemplate": "/",
"UpstreamHttpMethod": ["Post"],
"ReRouteIsCaseSensitive": false,
"DownstreamScheme": "http",
"DownstreamHost": "localhost",
"DownstreamPort": 51876,
"AuthenticationOptions": {
"AuthenticationProviderKey": "TestKey",
"AllowedScopes": []
}
}]
Identity Server Bearer Tokens
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In order to use IdentityServer bearer tokens register your IdentityServer services as usual in ConfigureServices with a scheme (key). If you don't understand how to do this please consul the IdentityServer documentation.
.. code-block:: csharp
public void ConfigureServices(IServiceCollection services)
{
var authenticationProviderKey = "TestKey";
var options = o =>
{
o.Authority = "https://whereyouridentityserverlives.com";
o.ApiName = "api";
o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = "secret";
};
services.AddAuthentication()
.AddIdentityServerAuthentication(authenticationProviderKey, options);
services.AddOcelot(Configuration);
}
Then map the authentication provider key to a ReRoute in your configuration e.g.
.. code-block:: json
"ReRoutes": [{
"DownstreamPathTemplate": "/",
"UpstreamPathTemplate": "/",
"UpstreamHttpMethod": ["Post"],
"ReRouteIsCaseSensitive": false,
"DownstreamScheme": "http",
"DownstreamHost": "localhost",
"DownstreamPort": 51876,
"AuthenticationOptions": {
"AuthenticationProviderKey": "TestKey",
"AllowedScopes": []
}
}]