Introduction
The API is configured via .NET dependency injection. Depending on the Openld client configuration and desired authentication method, the configuration can look different.
Basic options
ApiBaseUri
The URL under which the API can be reached, Example: https://localhost:8000/apiv2
ExplodeFlatChainProperties
Default: true
Defines wether property chains are returned as nested objects or simple objects.
Example: /servicedmcore/CoreIdentity/2/?fields=Id,Nachname,CoreIdentityType.Id
ExplodeFlatChainProperties = true | ExplodeFlatChainProperties = false |
|---|---|
{
"ci_family_name": {
"was_access_denied": false,
"value": "Testikus"
},
"id": 20,
"core_identity_type": {
"id": {
"was_access_denied": false,
"value": 1
}
}
}
| {
"ci_family_name": {
"was_access_denied": false,
"value": "Testikus"
},
"core_identity_type.id": {
"was_access_denied": false,
"value": 1
},
"id": 20
}
|
AccessDeniedReplacementString
Defines wether the AccessDeniedHandler objects should be replaced. If the option is used, only the value of the value property is returned instead of the AcessDeniedHandler objects. If there is a denial access, the ReplacementString is returned instead of the value.
This option is not type-safe, since a string is always returned in the event of an access denial, regardless of the original type of the property.
Example: /servicedmcore/CoreIdentity/2/?fields=Id,Nachname,Language
AccessDeniedReplacementString=">Denied<" | |
|---|---|
{
"ci_family_name": {
"was_access_denied": true,
"value": null
},
"id": 20,
"core_identity_type": {
"id": {
"was_access_denied": false,
"value": 1
}
}
}
| {
"ci_family_name": ">Denied<",
"id": 20,
"core_identity_type": {
"id": 1
}
}
|
.NET Core configuration
Required assemblies
iTsense.Moving.Common.NetStandard
iTsense.Moving.Common.ApiV2
iTsense.Moving.Common.ApiV2.Client
iTsense.Moving.Common.ApiV2.Client.NetCore
Optional assemblies
iTsense.Moving.Common.ApiV2.Client.DataContracts
Standard Datacontracts
Example configuration with authentication via HTTP user context
public void ConfigureServices(IServiceCollection services)
{
services.AddApiV2ClientWithHttpContextAuthentication(o =>
{
o.ApiBaseUri = new Uri("https://localhost:8000/apiv2");
//o.ExplodeFlatChainProperties = false;
//o.AccessDeniedReplacementString = ">>AccessDenied<<";
});
services.AddOpenIdConnectCookieAuthentication<IApiV2Client>(options =>
{
options.Authority = "https://coslogin.local:5000";
options.RequireHttpsMetadata = false; // dev only
options.ClientId = "[OpenID Client Id]";
options.ClientSecret = "[OpenID Client Secret]";
options.ResponseType = "code";
options.ResponseMode = "form_post";
options.Scope.Add("roles");
options.Scope.Add("profile");
options.Scope.Add("offline_access");
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.CallbackPath = "/signin-oidc";
options.UsePkce = true;
});
}
Example configuration with authentication via static API user
public void ConfigureServices(IServiceCollection services)
{
services.AddApiV2ClientWithOpenIdPasswordFlow(o =>
{
o.Authority = new Uri("https://coslogin.local:5000");
o.ApiBaseUri = new Uri("https://localhost:8000/apiv2");
o.ClientId = "[OpenID Client Id]";
o.ClientSecret = "[OpenID Client Secret]";
o.Username = "[OpenID User Name]";
o.Password = "[OpenID User Password]";
//o.ExplodeFlatChainProperties = false;
//o.AccessDeniedReplacementString = ">>AccessDenied<<";
});
}
.NET Full Framework configuration (Castle Windsor)
Required Assemblies
iTsense.Moving.Common.NetStandard
iTsense.Moving.Common.ApiV2
iTsense.Moving.Common.ApiV2.Client
iTsense.Moving.Common.ApiV2.Client.CastleWindsor
Optional assemblies
iTsense.Moving.Common.ApiV2.Client.DataContracts
Standard Datacontracts
Example configuration with authentication via static API user
public void ConfigureContainer(IWindsorContainer container)
{
container.AddApiV2ClientWithOpenIdPasswordFlow(o =>
{
o.Authority = new Uri("https://coslogin.local:5000");
o.ApiBaseUri = new Uri("https://localhost:8000/apiv2");
o.ClientId = "[OpenID Client Id]";
o.ClientSecret = "[OpenID Client Secret]";
o.Username = "[OpenID User Name]";
o.Password = "[OpenID User Password]";
});
}
Multiple clients with different coigurations
Multiple clients with different configuratins can be registered. To do this, one interface must be declared for each configuration. These can then be consumed via dependency injection.
The new interfaces must not contain any additional members!
Example configuration
public interface IApiV2ClientUserContext : IApiV2Client
{
}
public interface IApiV2ClientAdminContext : IApiV2Client
{
}
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddApiV2ClientWithHttpContextAuthentication<IApiV2ClientUserContext>(o =>
{
o.ApiBaseUri = new Uri("https://localhost:8000/apiv2");
//o.ExplodeFlatChainProperties = false;
//o.AccessDeniedReplacementString = ">>AccessDenied<<";
});
services.AddOpenIdConnectCookieAuthentication<IApiV2ClientUserContext>(options =>
{
options.Authority = "https://coslogin.local:5000";
options.RequireHttpsMetadata = false; // dev only
options.ClientId = "[OpenID Client Id]";
options.ClientSecret = "[OpenID Client Secret]";
options.ResponseType = "code";
options.ResponseMode = "form_post";
options.Scope.Add("roles");
options.Scope.Add("profile");
options.Scope.Add("offline_access");
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.CallbackPath = "/signin-oidc";
options.UsePkce = true;
});
services.AddApiV2ClientWithOpenIdPasswordFlow<IApiV2ClientAdminContext>(o =>
{
o.Authority = new Uri("https://coslogin.local:5000");
o.ApiBaseUri = new Uri("https://localhost:8000/apiv2");
o.ClientId = "[OpenID Client Id]";
o.ClientSecret = "[OpenID Client Secret]";
o.Username = "[OpenID User Name]";
o.Password = "[OpenID User Password]";
//o.ExplodeFlatChainProperties = false;
//o.AccessDeniedReplacementString = ">>AccessDenied<<";
});
}
}