question

AmjadKhan-3554 avatar image
0 Votes"
AmjadKhan-3554 asked near-2098 answered

Making APIs available publicly

I have a .NET6 Blazor wasm application https://invoicis.com. The app was built using standard Blazor wasm template with individual accounts authentication and hosted options turned on. The Client application uses http calls to get and send data to the server. The Server project has controllers to perform various functions. Controllers use the [Authorize] attribute to allow only authenticated access. All is well and good.

Now I want to make all the APIs that I have in my Server project available to third party applications. How should that be accomplished?

  1. Should I create a new API project and rewrite all the code that I have in my existing controllers into the new API project?

  2. How will third party access to my APIs be authenticated? Right now invoicis.com uses the built in Identity Server to register and authenticate clients. The controllers use the same authentication. The login page lets users login and then the APIs just work. So my questions is if I make the APIs available to third party, how will they (1) register and (2) login so they have access to my controllers? What is the standard way of doing this?

dotnet-aspnet-core-webapi
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Bruce-SqlWork avatar image
0 Votes"
Bruce-SqlWork answered Bruce-SqlWork edited

your apis are already public. you might want to add a swagger ui to allow docs and creation of client callers.

the blazer template uses oauth with jwt tokens. so callers of your api, would use your oauth server to get a token. the template uses the Duende oauth server.

https://docs.duendesoftware.com/identityserver/v6

check that their license meets your requirements. then a client wanting to call the public api would use:

https://docs.duendesoftware.com/identityserver/v6/tokens/requesting/

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for pointing in the right direction. So the first step is to register my application as a' client' with my IdentityServer (I did not upgrade to Deunde). I guess that should already be happening in my server project startup somewhere?

0 Votes 0 ·
Bruce-SqlWork avatar image
0 Votes"
Bruce-SqlWork answered

in the server project you would replace:

builder.Services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();

with the configuration requirements of the identity server you are using. it should have the documentation to configure. but probably:

https://docs.microsoft.com/en-us/dotnet/api/microsoft.extensions.dependencyinjection.oauthextensions?view=aspnetcore-6.0



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

near-2098 avatar image
0 Votes"
near-2098 answered

Thank you very much for creating this… this is really helpfull !



www.neareshop.com


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.