使用 oauth 对 angular 和 .Net 核心应用程序进行身份验证和授权 [英] Using oauth to authenticate and authorize angular and .Net core application
问题描述
我有一个带有 .Net 核心后端的角度应用程序.我正在尝试使用 OpenIdConnect(Okta 作为 IDP)实现 SSO.
I have a an an angular application with .Net core back end. I am trying to implement SSO using OpenIdConnect (Okta as a an IDP).
这样做的最佳方法是什么?如何使用 angular-oauth2-oidc 从 angular 应用程序进行身份验证?还是我在后端使用 Microsoft.AspNetCore.Authentication.OpenIdConnect 执行此操作?
What is the best approach to do this? do I authenticate from the angular app using angular-oauth2-oidc? or do I do it on the backend using Microsoft.AspNetCore.Authentication.OpenIdConnect?
我的起点应该在哪里?我还想确保经过身份验证或授权的用户能够从浏览器或 Swagger 调用 Api 端点.
Where should be my starting point? I want to also make sure that a an authenticated or an authorized user is able to call the Api endpoint from the browser or Swagger.
要在具有 UI 和后端的应用程序中更加通用,SSO 是如何工作的?后台代码应该处理登录过程吗?
To be more generic in an application that has a UI and a backend how does SSO work? shiould the backend code handles the login process?
谢谢
推荐答案
您应该在 Angular 应用程序中实现身份验证.由于 Oktai 是您的身份验证/SSO 服务,因此一般过程是用户将被重定向到 Okta 的登录页面进行登录,在用户输入凭据并且 Okta 验证凭据后,用户将使用代码重定向回您的 Angular 应用程序(如果使用授权代码)flow +PKCE) ,您的应用程序将向 Okta 服务发送请求,其中包含获取 ID 令牌和访问令牌的代码,访问令牌可用于访问受保护的 Web api.
You should implement authentication in your angular application . Since Oktais your authentication/SSO service , the general process is user will be redirect to Okta's login page to sign in , after user enter credential and the Okta validates the credential , user will redirect back to your angular application with code(if using Authorization code flow +PKCE) , your application will send request to Okta service with code for acquiring ID token and access token , access token could be used to access your protected web apis .
对于 Angular 应用程序,您可以使用 Okta AngularSDK 或 Okta Auth JavaScript SDK(Auth SDK 是较低级别的SDK 比 Okta Angular SDK).您可以参考下面的文章获取教程 &代码示例:
For angular application , you can use Okta Angular SDK or Okta Auth JavaScript SDK(The Auth SDK is a lower level SDK than the Okta Angular SDK) . You can refer to below article for tutorial & code sample :
https://developer.okta.com/quickstart/#/angular/nodejs/generic
这是另一篇文章,它提供了以 asp.net core web api 作为后端的详细步骤:
Here is another article which provide detail steps with asp.net core web api as backend :
https://developer.okta.com/blog/2018/04/26/build-crud-app-aspnetcore-angular
PKCE 流程概述:
https://developer.okta.com/文档/指南/implement-auth-code-pkce/overview/
这篇关于使用 oauth 对 angular 和 .Net 核心应用程序进行身份验证和授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!