From 71719863ec72cfce7050bb2602545a8b1983782f Mon Sep 17 00:00:00 2001 From: David Fowler Date: Fri, 14 Jul 2023 08:44:30 -0400 Subject: [PATCH] Create README.md --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..7ecc95d --- /dev/null +++ b/README.md @@ -0,0 +1,19 @@ +# Background + +https://devblogs.microsoft.com/dotnet/improvements-auth-identity-aspnetcore-8/ + +In .NET 8 preview 6, we've added new APIs to allow exposing endpoints to register, login and refresh bearer tokens. This is a simple API +that returns tokens (or sets cookies) that is optimized usage with 1st party applications (no delegated authentication). The tokens are self conatined, and generated using the +same technique as cookie authentication. **These are NOT JWTs**, they are opaque tokens. To make issued tokens work across servers, [data protection](https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-7.0) needs to be configured +with shared storage. + +## New APIs + +There are 2 new concepts being introduced: + +1. A new [bearer token authentication handler](https://github.com/dotnet/aspnetcore/blob/bad855959a99257bc6f194dd19ecd6c9aeb03acb/src/Security/Authentication/BearerToken/src/BearerTokenExtensions.cs#L24). This authentication handler supports token validation and issuing and integrates +with the normal ASP.NET Core authentication system. It can be used standalone without identity. + - ASP.NET Core Identity builds on top of this authentication handler and exposes an [AddIdentityBearerToken](https://github.com/dotnet/aspnetcore/blob/579d547d708eb19f8b05b00f5386649d6dac7b6a/src/Identity/Core/src/IdentityAuthenticationBuilderExtensions.cs#L20). +2. [A set of HTTP endpoints](https://github.com/dotnet/aspnetcore/blob/bad855959a99257bc6f194dd19ecd6c9aeb03acb/src/Identity/Core/src/IdentityApiEndpointRouteBuilderExtensions.cs#L32) for registering a new user, exchanging credentials for a token/cookie and refreshing tokens using the identity APIs. + +These new building blocks make it easier to build authenticated 1st party applications (applications that don't delegate authentication).