使用 oauth 对 angular 和 .Net 核心应用程序进行身份验证和授权 [英] Using oauth to authenticate and authorize angular and .Net core application

问题描述

我有一个带有 .Net 核心后端的角度应用程序.我正在尝试使用 OpenIdConnect(Okta 作为 IDP)实现 SSO.

I have a an an angular application with .Net core back end. I am trying to implement SSO using OpenIdConnect (Okta as a an IDP).

这样做的最佳方法是什么?如何使用 angular-oauth2-oidc 从 angular 应用程序进行身份验证?还是我在后端使用 Microsoft.AspNetCore.Authentication.OpenIdConnect 执行此操作?

What is the best approach to do this? do I authenticate from the angular app using angular-oauth2-oidc? or do I do it on the backend using Microsoft.AspNetCore.Authentication.OpenIdConnect?

我的起点应该在哪里?我还想确保经过身份验证或授权的用户能够从浏览器或 Swagger 调用 Api 端点.

Where should be my starting point? I want to also make sure that a an authenticated or an authorized user is able to call the Api endpoint from the browser or Swagger.

要在具有 UI 和后端的应用程序中更加通用，SSO 是如何工作的?后台代码应该处理登录过程吗?

To be more generic in an application that has a UI and a backend how does SSO work? shiould the backend code handles the login process?

谢谢

推荐答案

您应该在 Angular 应用程序中实现身份验证.由于 Oktai 是您的身份验证/SSO 服务，因此一般过程是用户将被重定向到 Okta 的登录页面进行登录，在用户输入凭据并且 Okta 验证凭据后，用户将使用代码重定向回您的 Angular 应用程序(如果使用授权代码)flow +PKCE) ，您的应用程序将向 Okta 服务发送请求，其中包含获取 ID 令牌和访问令牌的代码，访问令牌可用于访问受保护的 Web api.

You should implement authentication in your angular application . Since Oktais your authentication/SSO service , the general process is user will be redirect to Okta's login page to sign in , after user enter credential and the Okta validates the credential , user will redirect back to your angular application with code(if using Authorization code flow +PKCE) , your application will send request to Okta service with code for acquiring ID token and access token , access token could be used to access your protected web apis .

对于 Angular 应用程序，您可以使用 Okta AngularSDK 或 Okta Auth JavaScript SDK(Auth SDK 是较低级别的SDK 比 Okta Angular SDK).您可以参考下面的文章获取教程 &代码示例:

For angular application , you can use Okta Angular SDK or Okta Auth JavaScript SDK(The Auth SDK is a lower level SDK than the Okta Angular SDK) . You can refer to below article for tutorial & code sample :

https://developer.okta.com/quickstart/#/angular/nodejs/generic

这是另一篇文章，它提供了以 asp.net core web api 作为后端的详细步骤:

Here is another article which provide detail steps with asp.net core web api as backend :

https://developer.okta.com/blog/2018/04/26/build-crud-app-aspnetcore-angular

PKCE 流程概述:

https://developer.okta.com/文档/指南/implement-auth-code-pkce/overview/

这篇关于使用 oauth 对 angular 和 .Net 核心应用程序进行身份验证和授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！